CN104217327A - Financial IC (integrated circuit) card Internet terminal and trading method thereof - Google Patents
Financial IC (integrated circuit) card Internet terminal and trading method thereof Download PDFInfo
- Publication number
- CN104217327A CN104217327A CN201410498028.2A CN201410498028A CN104217327A CN 104217327 A CN104217327 A CN 104217327A CN 201410498028 A CN201410498028 A CN 201410498028A CN 104217327 A CN104217327 A CN 104217327A
- Authority
- CN
- China
- Prior art keywords
- data
- card
- terminal
- control chip
- main control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
- G06Q20/3415—Cards acting autonomously as pay-media
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0003—Automatic card files incorporating selecting, conveying and possibly reading and/or writing operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a financial IC card Internet terminal. The financial IC card Internet terminal comprises a card reading module, a liquid crystal display screen, a keyboard, a USB (universal serial bus) communication module and a master control chip. The card reading module comprises a card holder and a card reading chip, wherein the card holder is used for placing an IC card, and the card reading chip is used for reading and writing data of the IC card and performing data communication with the master control chip through the reading and writing driver of a hardware driving layer of the master control chip; the liquid crystal display screen, the keyboard and the USB communication module perform data communication with the master control chip through the liquid crystal layer driver, the key driver and the USB communication driver of the hardware driving layer of the master control chip. The invention also discloses a trading processing method of the financial IC card Internet terminal. The method is based on the bidirectional-authentication terminal security channel technology and authentication and encryption of domestic cryptographic algorithms.
Description
Technical field
The present invention relates to e-commerce security field, particularly relate to a kind of financial IC card internet terminal and method of commerce thereof.
Background technology
Along with the change of technical progress and people's habits and customs, online electronic transaction becomes a kind of important means of exchange, considerably increases convenience, reduces each side's transaction cost, meets country to the policy requirements of building efficient economizing society.
The first quarter in 2013, the whole nation turnovers of e-commerce reached 2.4 trillion according to statistics, and sequential growth rate 8%, increases by 45% on a year-on-year basis.In order to adapt to the fast development of ecommerce, ensure online transaction safety, each large electric business and bank are all proposed relevant business and safety product.
Current, safety certificate equipment USBKEY(intelligent code key based on PKI system) be widely used in network trading, " namely finding signed " from " the blind label " of generation USBKEY to two generation USBKEY, the completeness of network trading is significantly improved, and the property safety of people obtains strong guarantee.
The application of USBKEY has eaten something capable of setting one's mind at ease to the network life of the people, but the use of USBKEY depends on each bank system alone, same USBKEY cannot be shared between different bank, this just causes the USBKEY that an individual demand carries different bank and just can satisfy the demands, and carrying of multiple USBKEY is extremely inconvenient.How can use an equipment, carry out the network trading of different bank, different application? become the problem of bank and security firm's thinking.
Under present mode, POS can complete the transactional operation of swiping the card of the bank card of different bank, also can complete various transaction.If POS volume-diminished, can be easy to carry, just can solve the problem, also bank card can be incorporated in network trading simultaneously.POS is combined the problem that really can solve and carry inconvenience with bank card, but current magnetic stripe bank card does not possess arithmetic capability, cannot complete the needs of USBKEY signature, therefore can only be that POS is combined the safety technique advantage that just can form current USBKEY with " chip (IC) " bank card.
Summary of the invention
In order to overcome the deficiencies in the prior art, the invention provides a kind of financial IC card internet terminal and transaction processing method thereof, for the application demand of financial IC card, realize in a network environment carrying out safety identification authentication to equipment, user, user can be allowed not need just can carry out bank card operation to lobby.
For achieving the above object, the present invention takes following technical scheme:
A kind of financial IC card internet terminal, comprise card reading module, LCDs, keyboard, usb communication module and main control chip, described card reading module comprises deck and Card Reader chip, described deck is for placing IC-card, described Card Reader chip is used for reading and writing IC card data, and carry out data communication by the read-write driving of main control chip hardware driving layer and main control chip, described LCDs, keyboard, usb communication module drive respectively by the liquid crystal display of main control chip hardware driving layer, button drives, usb communication drives and carries out data communication with main control chip.
Further, described usb communication module is USB HID protocol interface, described usb communication drives as USB HID communication drivers, and described USB HID protocol interface calls USB HID communication drivers, makes main control chip, usb communication module and user PC hold the data path set up and meet HID standard.
Further, described main control chip is provided with command analysis device, file system and security manager;
Described command analysis device, as the bridge of usb communication module and module for reading and writing, is resolved terminal APDU command message, is formed should the IC-card APDU command message of business, and converts final IC-card APDU response message to terminal APDU response message;
Described file system is realized by main control chip external data storer, makes main control chip carry out store and management data by document form;
Described security manager provides the safety management needed for terminal, comprises security state of terminal and controls; File permission controls; Apply with user side the logical security carried out to communicate; And authentication, static data certification SDA, Dynamic Data Authentication DDA, complex data certification CDA.
Further, described main control chip adopts 32 domestic main control chips; The read-write of described main control chip hardware driving layer drives as ISO7816 interface driver, described Card Reader chip realizes ISO7816 protocol interface, and Card Reader chip comprises contact Card Reader chip and contactless Card Reader chip, respectively contact read-write and contactless read-write are carried out to IC-card; Described main control chip hardware driving layer realizes liquid crystal display by SSX0912 GPIO interface emulates I2C serial communication and drives.
The present invention also provides a kind of transaction processing method of financial IC card internet terminal, comprises the steps:
(1), after terminal inserts user side, user side is powered up terminal by USB interface, and main control chip automatically resets, then terminal carries out power-on self-test and corresponding configuration, completion system initialization, terminal is now in the state of taking orders, and waits for the outside application system request of giving an order;
(2) user side is when needs terminal processes data, first will order and specify to pack by agreement with data, then command packet is sent to terminal, after terminal receives these group data by delivery manager, just data are passed to command analysis device, command analysis device can judge that these group data are the need of deciphering and verification thereof, if needed, then start terminal encryption arithmetical unit, School Affairs deciphering is carried out to data; If verification is not passed through, then abandon this command request, and return error code; If verification is passed through, then data decryption;
(3) data of command analysis device to encryption processor process are resolved, and judge whether this order legal, if order legal, then command analysis device can select corresponding operation according to order request, if illegal, then stop this command request, and return error code;
(4) associative operation that calls of file manager processing command resolver, judges the relevant treatment that whether this corresponding data of asking exists, whether authority meets, whether key state meets the requirements, and returns result;
In above processing procedure, error result is all returned terminal and delivers to LCDs by arbitrary step generation mistake, and after returning results, terminal is in the state of taking orders again.
Further, described terminal, before concluding the business, needs to set up security logic passage by two-way handshake agreement between terminal and processing enter, uses SM2/SM3 cryptographic algorithms' implementation digital signature and checking in described two-way handshake agreement; When concluding the business, adopting PIN encrypted certificate to be encrypted transmission to PIN data, employing SM2/SM3 algorithm equally and be encrypted.
Further, interactive application data between described terminal and processing enter transmits after being encapsulated as data message by Record protocol in internet, and Record protocol adopts SM1/SM4 cryptographic algorithm to be encrypted computing to interactive application data, ensure confidentiality when transaction data transmits on the internet.
Further, described processing enter or IC-card and terminal carry out data message when communicating, the certification that data message realizes the reliability of the safety transmission of data message and application data by route protection, integrality, the other side send; Wherein the integrality of application data and the certification of the other side's transmission are realized by data authentication code MAC; The reliability of application data is realized requiring the data transmitted to be encrypted by the block cipher BCEA of national Password Management department approval.
The encrypting and decrypting of described data message and data authentication code MAC production process, completed by domestic symmetric cryptographic algorithm SM1/SM4;
The data message that the route protection pattern of described terminal is corresponding is divided into three kinds of modes: expressly+MAC mode, encrypted test mode, ciphertext+MAC mode;
Described plaintext+MAC mode: the data of command message data field are that clear data+use BCEA algorithm calculates nybble MAC;
Described encrypted test mode: the data of command message data field are the ciphertext using BCEA algorithm for encryption to cross;
Described ciphertext+MAC mode: the data of command message data field are the 4 byte MAC that the ciphertext+use BCEA algorithm using BCEA algorithm for encryption to cross calculates.
Further, described domestic cryptographic algorithm comprises: symmetric cryptographic algorithm, SM1, SM4; Asymmetric cryptographic algorithm, SM2; Hash algorithm, SM3.
Further, described terminal also provides three kinds of authentication modes: external authentication, internal authentication and password authentication, and described external authentication is used for the certification of IC-card to terminal and processing enter; Described internal authentication is used for terminal and processing enter to the certification of IC-card; Described password authentication is used for user PIN and verifies.
Beneficial effect: (1) the present invention is based on domestic cryptographic algorithm and carries out certification and encryption, adopt PKI technology, comprehensive support is based on digital signature, the crypto-operation such as key change and data encryption of domestic algorithm, security protection degree is high, meet People's Bank of China's specification to specify, can bank use in enormous quantities at home.
(2) this terminal has all functions of USB KEY class and IC-card internet terminal class, the transactional operation of swiping the card of the bank card of different bank can be completed, realize in a network environment carrying out safety identification authentication to equipment, user, user can be allowed not need just can carry out bank card operation to lobby.
(3) the present invention adopts the terminal security passage technology based on two-way authentication and the certification based on domestic cryptographic algorithm and encryption, can ensure that individual indicates safety input and the encryption of the sensitive informations such as code (PIN), need to support to set up escape way with processing enter, can the data mutual with outside be encrypted, decrypt operation and legitimacy, integrity verification.Terminal needs storage key that can be safe, needs forbid the outside direct access to key and have effective security mechanism to prevent key from illegally being injected, and replaces and uses.
(4) PBOC2.0 is followed in support of the present invention, financial IC card towards 3.0 standards is applied, meet the requirement of PBOC 2.0 specification, support offline data authentication function, and detect that at least one in static data certification (SDA), Dynamic Data Authentication (DDA) or compound Dynamic Data Authentication (CDA) supported by card, then namely terminal carries out offline data certification.
(5) terminal self-cipher keyboard of the present invention, effectively prevents password from kidnapping.
(6) the present invention is furnished with LCDs real-time core to Transaction Information, prevents Transaction Information from distorting, and ensures process of exchange safety.
(7) PKI safety technique of the present invention is applied with PBOC3.0 and is combined, present Web bank many uses USBKEY realizes the safety certification function of Web bank, IC-card internet terminal adopts domestic SM2 asymmetric cryptographic algorithm, meet the requirement of the safety certification of Web bank completely, simultaneously, terminal can also read and write the financial IC card of PBOC2.0, can meet the functional requirement of IC-card read write line.
(8) the present invention realizes " one card for multiple uses ", promotes bank card and carries out secure connection by network, the business such as the circle that can realize financial IC card is deposited, consumption at the expansion capability IC-card internet terminal of Public Service Field and banking system.Terminal also can be connected with the operational line system such as public transport, water power, petrochemical industry, security, the business such as realize the account transfer of related service, supplement with money, makes that user is home-confined just can handle related service, very convenient, has very strong practicality.
Accompanying drawing explanation
Fig. 1 is financial IC card internet terminal hardware configuration schematic diagram provided by the invention.
Fig. 2 provided by the inventionly melts IC-card internet terminal system Organization Chart.
Fig. 3 is the system environments figure of HID equipment of the present invention.
Fig. 4 is the process flow diagram that financial IC card read-write drives.
Fig. 5 is module for reading and writing read-write communication scheme.
Fig. 6 is usb communication module communication schematic diagram.
Fig. 7 provided by the inventionly melts IC-card internet terminal system self-inspection process flow diagram.
Fig. 8 is Handshake Protocol process flow diagram of the present invention.
Fig. 9 is the MAC calculation flow chart in data message of the present invention.
Figure 10 is the data encryption process flow diagram in data message of the present invention.
Figure 11 is the data deciphering process flow diagram in data message of the present invention.
Figure 12 is financial IC card internet terminal workflow diagram provided by the invention.
Figure 13 is main control chip pin figure provided by the invention.
Figure 14 is contact Card Reader chip pin figure provided by the invention.
Figure 15 is contactless Card Reader chip pin figure provided by the invention.
Figure 16 is IC-card pin figure provided by the invention.
Figure 17 is data-carrier store pin figure provided by the invention.
Figure 18 is usb communication module pin figure provided by the invention.
Figure 19 is LCDs pin figure provided by the invention.
Figure 20 is button provided by the invention, hummer and LED pipe pin figure.
Embodiment
Below in conjunction with accompanying drawing, the present invention is further described.
One, terminal introductory section
As shown in Figure 1, a kind of financial IC card internet terminal provided by the invention comprises card reading module, LCDs, keyboard, usb communication module and main control chip, card reading module, LCDs, keyboard, usb communication module are all connected with main control chip, controlled to carry out data communication by main control chip, wherein:
(1) card reading module
Card reading module comprises deck and Card Reader chip, and deck is for placing IC-card, and Card Reader chip is that intermediate equipment is for the data communication between main control chip and IC-card.The All Activity instruction that this equipment receives, after the detection of main control chip, is transmitted to IC-card by card reading module, and the transaction results of IC-card returns to main control chip by this module.This terminal is only responsible for the security controls such as the authenticity of the inspection correctness of trading instruction, integrality and background server, and actual transaction is still completed by IC-card.
Card reading module drives by calling IC-card read-write, achieve corresponding communication protocol, this module is issued to IC-card from the APDU command message of main control chip IC-card according to corresponding agreement, and obtains the APDU response message that IC-card returns and be sent to main control chip, as shown in Figure 5.
Card Reader chip realizes ISO 7816 standard protocol interface, achieves the contact to financial IC card and contactless read-write capability, supports ISO7816 T=0 asynchronous half-duplex character protocols and T=1 asynchronous half-duplex block agreement.In the present embodiment, contact Card Reader chip adopts AU9541 reader chip, contactless Card Reader chip adopts AS3911 reader chip, it is connected as shown in Figure 13,14,15 with the pin of main control chip CCM3310S safety chip, financial IC card is connected as shown in figure 16 with the pin of Card Reader chip, and the process flow diagram that financial IC card read-write drives as shown in Figure 4.
(2) usb communication module
The information interaction that usb communication module is held for main control chip and user PC as communication interface, this terminal itself, without function of surfing the Net, must carry out data interchange by the network of the equipment such as user PC end and server.In the present embodiment, usb communication module supports USB HID agreement, therefore directly can use under the systems such as Windows, linux, without the need to installing corresponding hardware driving.The present embodiment using USB HID protocol interface as preferably, therefore following with it for benchmark, but according to practical situations, still can adopt other protocol interfaces such as USB2.0, USB3.0.In the present embodiment, USB chip is connected as shown in Figure 13,18 with the pin of main control chip.
Usb communication module, by calling USB HID communication drivers, achieves USB HID agreement, comprises the foundation of HID passage, the encapsulation of HID packet and transmitting-receiving.This module holds application to receive HID packet from user PC, is reduced into terminal APDU command message, and terminal APDU response message is packaged into HID packet and replies to user PC and hold application, as shown in Figure 6.
(3) LCDs
Main control chip is resolved the data received and instruction, if the critical data of bank transaction such as: account, the amount of money, type of transaction etc., then relevant information is presented to dealer by LCDs, dealer can confirm according to screen message: this transaction transaction whether required by oneself, whether various Transaction Information is correct and complete.Once information and dealer's wish are not inconsistent or offhand decision is not concluded the business, dealer then can cancel this transaction by keyboard.Transaction progress can be shown by terminal screen, the information such as the result of process of exchange, to facilitate the process really of dealer's monitoring trading, and point out dealer how to conclude the business.In the present embodiment, liquid crystal display adopts LCD19264 chip, and it is connected as shown in Figure 13,19 with main control chip pin.Liquid crystal display drives sets up data path for main control chip and LCDs, realizes liquid crystal display drive in the present embodiment by SSX0912 GPIO interface emulates I2C serial communication;
(4) keyboard
This terminal provides keyboard to input the information such as dealing money, account, PIN (Personal Identification Number) for user, and keyboard has been combined this process of transaction with screen simultaneously.In IC-card internet terminal provided by the invention, the existence of keyboard eliminates second-generation U-key now and cannot ensure the defect of user PIN safety.In the present embodiment, keyboard comprises 10 numerical keys and 6 function keys, and function key comprises: clear, confirmation, up and down Macintosh etc.Keyboard output password, to display screen, can not show expressly, can only show nonsense word symbol.Button drives sets up data path for main control chip and keyboard, adopts 4*4 keyboard in the present embodiment, by finding user key-press to the scan round of ranks, utilizes timer processing key jitter and other undesired signal simultaneously.
In the present embodiment, main control chip is also connected with hummer and LED, and to carry out audible alarm, and carry out the display of terminal using state by LED, keyboard, hummer are connected as shown in Figure 13,20 with the pin of main control chip with LED.
(3) main control chip
Main control chip adopts 32 domestic main control chips, it is the embedded OS with complete safety system of independent intellectual property right, achieve terminal hardware drive and meet the function such as various types of communication agreement, data safety management, secure communication of PBOC 3.0 specification, its system architecture as shown in Figure 2.CCM3310S safety chip is selected in the present embodiment, it adopts the domestic 32 bit CPU security kernel CS322D with independent intellectual property right to design, there is the features such as low-power consumption, high-performance, multi-functional and high security, can be widely used in the products such as USB Key, smart card, card reader, encryption board, and the field such as Web bank, mobile payment, data security, secret communication, copyright control and intelligent grid, as shown in figure 13.
The hardware driving layer of main control chip, for realizing the control to this terminal hardware resource, provides hardware access interface to upper level applications.Hardware driving layer is provided with USB HID communication drivers, liquid crystal display drives, button drives and read-write drives.
Wherein, USB HID communication drivers achieves the interface driver based on USB HID agreement, makes main control chip, usb communication module and user PC hold the data path set up and meet HID standard.It is a kind of chip/IC-card interfacing equipment that HID standard defines HID equipment, this terminal is connected with subscriber's main station or other embedded host by USB interface, carry out the data communication meeting HID standard, equipment carries out read-write communication by the interface driver meeting ISO 7816 standard agreement by Card Reader chip and IC-card simultaneously, and the system environments of HID equipment as shown in Figure 3.
In addition, this terminal main control chip software view is provided with command analysis device, file system and security manager:
Command analysis device, as the bridge of usb communication module and module for reading and writing, is resolved terminal APDU command message, is formed should the IC-card APDU command message of business, and converts final IC-card APDU response message to terminal APDU response message.In command message resolving, command analysis device can carry out process to the grammer of command message and parameters thereof and judge, prevent the intervention of illegal command or bad command, if command code mistake, this module can return corresponding error code to point out user, so that the operation that user corrects command code to want in time.Command analysis device prevents the input of order terminal being carried out to malicious attack, facilitates the proper operation of user to command code.
File system is realized by main control chip external data storer, makes main control chip carry out store and management data by file.Data-carrier store of the present invention adopts FLASH memory, and adopts the directory management mode being similar to DOS, and file system access entrance stores the metadata of system architecture, and file access pointer.Adopt W25Q16 serial FLASH memory in the present embodiment, be connected as shown in Figure 13,17 with main control chip pin.Data-carrier store file structure is deposited with TLV form, and its content mainly contains: the attributes such as file identifier, file content itself and corresponding access rights.According to the demand of terminal COS, the file that presents system mainly stores has: end message file, comprises institutional affiliation coding, manufacturer's coding, date of manufacture, end product numbering; Terminal is public, private key certificate, is applied for by manufacturer Xiang Gen CA center, and the certificate of X.509 form that You Gen CA center is signed and issued, public affairs, the private key certificate signed and issued for which manufacturer marking terminal belongs to, it is public, private key produces by terminal, and private key is preserved in a secured manner by manufacturer, can not derive; Unionpay's terminal root public key certificate, the X.509 form certificate signed and issued by CA center, for verifying the root public key certificate of trading server certificate in process of exchange; PBOC root CA PKI, is issued by credit card issuer root CA, and the card for credit card issuer carries out validation verification; PIN encrypted certificate, meets the PKI of PBOC form, encrypts for holder PIN.
Security manager provides the safety management needed for terminal, comprises security state of terminal and controls; File permission controls; Apply with user PC the logical security carried out to communicate; And authentication, static data certification (SDA), Dynamic Data Authentication (DDA), complex data certification (CDA).For on-line transaction, safety certification is mainly at background server, but terminal needs the message for above sending to generate MAC, for input PIN generates PinBlock.According to PBOC 3.0 specification, this module provides following domestic cryptographic algorithm: A. symmetric cryptographic algorithm: SM1, SM4; B. asymmetric cryptographic algorithm: SM2; C. hash algorithm: SM3.
This terminal security method of commerce is as follows:
(1), after terminal inserts user PC end, user PC end is powered up terminal by USB interface, and main control chip automatically resets, and then terminal carries out power-on self-test and corresponding configuration, completion system initialization.Terminal is now in the state of taking orders, and waits for the outside application system request of giving an order.
(2) user PC holds when needs terminal processes data, first will order and specify to pack by agreement with data, and then command packet be sent to terminal.After terminal receives these group data by delivery manager, just data are passed to command analysis device, command analysis device can judge that these group data are the need of deciphering and verification thereof, if needed, then start the cryptographic calculation device in main control chip, School Affairs deciphering is carried out to data.If verification is not passed through, then abandon this command request, and return error code.If verification is passed through, then data decryption.
(3) data of command analysis device to encryption processor process are resolved, and judge whether this order legal, if order legal, then command analysis device can select corresponding operation according to order request, if illegal, then stop this command request, and return error code.
(4) associative operation that calls of file manager processing command resolver, judges the relevant treatment such as whether this corresponding data of asking exists, whether authority meets, whether key state meets the requirements, and returns result.
In above processing procedure, error result is all returned terminal by which portion produces errors, and after returning results, terminal starts again the arrival waiting for Next Command.This terminal has all functions of USB KEY class and IC-card internet terminal class, and terminal distinguishes the operation needing to perform according to the order code that processing enter issues, as shown in figure 12.
This terminal comprises power-on self-test and periodicity self-inspection two kinds of self test modes altogether.After terminal powers on, first carry out self-inspection, continuous working enters self-check program in 24 hours automatically.Self-inspection content comprises: check working environment whether safety, and whether various data are complete and true.Self-inspection is by just carrying out other operations afterwards, if fail self-test, terminal is then reported to the police (hummer is warned, liquid crystal display display warning).Terminal also has periodically self-inspection simultaneously, and terminal continuous working then enters self-check program in 24 hours.System self-test flow process is as follows, as shown in Figure 7.
Two, safety certification part
This terminal adopts PKI technology, comprehensive support is based on digital signature, the crypto-operation such as key change and data encryption of domestic algorithm, and based on the terminal security passage technology of two-way authentication, the agreement of setting up of escape way is made up of Handshake Protocol and Record protocol two parts.Wherein Handshake Protocol is for the exchange process of the bidirectional identity authentication and session key that complete terminal and server; Record protocol is for completing the encrypted transmission of application data.After shaking hands successfully, both sides can be reportedly defeated in the enterprising line number of escape way set up.The session key that transmission uses, then the shared key obtained by handshake phase, is calculated by the hmac algorithm of specifying and obtains.
The integrality usage data authentication code MAC of the application data that both sides are mutual carries out route protection.After terminal or received server-side to data, first verify the correctness of MAC, if correct, process; Otherwise, send error message.Continuous 3 check errors then need to terminate current link, restart Handshake Protocol.
Concrete, take safe transmission and the certification of following three kinds of tactful guarantee informations:
Before concluding the business, need to set up security logic passage by two-way handshake agreement between terminal and processing enter, in two-way handshake agreement, use SM2/SM3 cryptographic algorithms' implementation digital signature and checking; When concluding the business, adopting PIN encrypted certificate to be encrypted transmission to PIN data, employing SM2/SM3 algorithm equally and be encrypted.
Interactive application data between terminal and processing enter is transmitted in internet by Record protocol, and Record protocol adopts SM4 cryptographic algorithm to be encrypted computing formation data message to interactive application data, ensures confidentiality when transaction data transmits on the internet.
When external entity (referring to processing enter or IC-card) communicates with terminal, data message needs by route protection, and wherein the encrypting and decrypting of data message and message authentication code production process, complete by domestic cryptographic algorithm.
(1) Handshake Protocol method for secure transactions
1) terminal acquisition algorithm mark A1(A1=1,2,3,4 represent SM1 respectively, SM2, SM3, SM4), and produce random number r1, and obtain R1(R1=r1|A1 after r1 with A1 is connected), the symmetry algorithm and asymmetric arithmetic that need to use is arranged in following steps according to the algorithm support of terminal;
2) random number and algorithm information are sent to processing enter by terminal, start Handshake Protocol;
3) processing enter selection algorithm mark A2(A2=1,2,3,4 represent SM1 respectively, SM2, SM3, SM4), produce after random number r2, r2 and A2 are connected and obtain R2(R2=r2|A2).According to the algorithm information sent from terminal, whether check processing center is supported, if processing enter supports this algorithm, then and the enciphering and deciphering algorithm that set handling center is corresponding; Do not support, return error message, disconnect;
4) processing enter sends the channel certificate of random number and processing enter;
5) terminal uses the channel certificate of the processing enter that prefabricated CA root certification authentication receives in terminal, if checking is not passed through, then sends error messages, terminates link; Otherwise terminal produces 48 byte random numbers as shared master key M1, and the asymmetric arithmetic arranged before using the employing of the PKI in the channel certificate of processing enter obtains E1 to M1 encryption;
6) R1 with R2 obtains R3 after being connected, and terminal is first carried out digest algorithm (SM3) to R3 and obtained H1, then uses terminal secret key to carry out signature computing to H1 and obtains S1;
7) S1, E1 and terminal certificate are sent to processing enter by terminal;
8) processing enter uses CA root certification authentication terminal certificate legitimacy, if terminal certificate checking is not passed through, then sends error message, terminates link; If terminal certificate is verified, then use terminal certificate checking S1.If S1 checking is not passed through, then send error message, terminate link.Otherwise deciphering obtains shared master key M1 from E1;
9) processing enter is carried out summary computing to channel certificate and is obtained H2, carries out summary computing obtain H3 to terminal certificate.T1(T1=R1||R2||H2||H3||S1||E1 is obtained) after R1, R2, H2, H3, S1, E1 being connected; Then summary computing is carried out to T1 and obtain H4; D1 is obtained after being connected with H4 by ASCII code " SERVER "; Use front 16 bytes of M1 to carry out HMAC computing to D1 and obtain F1 (hmac algorithm is existing algorithm);
10) processing enter sends handshake authentication and completes message F1 to terminal;
11) F1 that the processing enter that terminal authentication receives is sent, if verify unsuccessful, then sends error message, terminates link; Otherwise message F2 is to processing enter in transmitting terminal handshake authentication;
12) F2 computing is the same with F1 operational method, only needs to change the ASCII character " SERVER " during F1 computing into ASCII character " CLIENT ";
13) terminal sends handshake authentication and completes message F2 to processing enter;
14) processing enter uses same computing method to verify the F2 message received.Authentication failed, then send error message, terminates link;
15) after above-mentioned handshake procedure success, both sides make session key with the following method: X=HMAC (M1, key_label||r1||r2) (M1 gets its front 16 bytes) wherein key_label be 3 byte ASCII character " KEY ", hmac algorithm is shown in Appendix B .2.Make X1X2 ... X20 is respectively the 1st of X to the 20th byte, then encryption key SKey is: SKey=X1X2 ... X16, MAC key MKey is: MKey=X5X6 ... X20;
16) handshake procedure terminates.
(2) route protection and data encrypting and deciphering flow process
The data field of data message required for command header and follow-up route protection of route protection forms.
The object of route protection is the certification in order to the reliability of the safety transmission and data realizing data message, integrality, the other side send.Wherein the integrality of application data and the certification of the other side's transmission are realized by data authentication code MAC.The reliability of data is realized requiring the data transmitted to be encrypted by the block cipher BCEA of national Password Management department approval, and BCEA algorithm is for symmetric cryptographic algorithm SM1/SM4.
The data message of the route protection pattern of IC-card internet terminal is divided into three kinds of modes (order code that three kinds of way choice issue according to processing enter is selected): expressly+MAC, ciphertext, ciphertext+MAC.
Expressly+MAC: the data of command message data field are that clear data+use BCEA calculates nybble MAC.
Ciphertext: the data of command message data field are the ciphertext using BCEA encrypted.
Ciphertext+MAC: the data of command message data field are the 4 byte MAC using the encrypted ciphertext+use BCEA of BCEA to calculate.
The specific algorithm of the BCEA used when calculating MAC and data encryption is identified by the algorithm of the route protection key of IC-card internet terminal factory setting and determines.The route protection key of terminal key is master control key, and the circular of the route protection pattern of terminal key is identified by the algorithm of master control key and determines.
(1) computing method of data authentication code MAC
MAC in command message is that all elements (comprising the data in command header and order data territory) of utility command produces.To ensure that order can correctly intactly transmit together with data, and certification is carried out to transmit leg.MAC is produced according to doing BCEA (e) computing shown in Fig. 9:
The first step: get 4 byte random numbers and mend 12 bytes
" 000000000000000000000000 " reaches 16 bytes as initial value.
Second step: the plaintext in 5 byte command heads (CLA, INS, P1, P2, Lc) and order data territory or encrypt data are joined together to form data block.Note, Lc here should be that data length adds the physical length will obtained after the length of the MAC calculated (4 byte), and the value of Lc is not less than 4.
3rd step: this data block is divided into the data block that 16 bytes are unit, is expressed as BLOCK1, BLOCK2 ... BLOCKn etc.Last data block is likely 1 ~ 16 byte.
4th step: if the length of last data block is 16 bytes, then add complete 16 byte data blocks ' 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ' again, forward the 5th step to after this data block.
If curtailment 16 byte of last data block, then add 16 system numbers ' 80 ' thereafter, if reach 16 byte lengths, then forward the 5th step to; Otherwise then adding 16 system numbers ' 00 ' until length reaches 16 bytes thereafter.
5th step: 16 byte operation results are got front 4 bytes as MAC.
(2) method for secure transactions of data encrypting and deciphering
The method for secure transactions of data encryption:
The first step: by LD(1 byte) represent the length of clear data, before clear data, add that LD produces new data block, the value of LD is not less than 1.
Second step: this data block is divided into the data block that 16 bytes are unit, is expressed as PLAIN1, PLAIN2 ... PLAINn.Last data block is likely 1 ~ 16 byte.
3rd step: if the length of the data block of last (or unique) is 16 bytes, forward the 4th step to; If less than 16 bytes, then add 16 system numbers ' 80 ' thereafter, if reach 16 byte lengths, then forward the 4th step to; Otherwise adding 16 system numbers ' 00 ' until length reaches 16 bytes thereafter.
4th step: each data block is encrypted according to Figure 10 BCEA algorithm.
5th step: calculate after terminating, the data block after all encryptions is linked in sequence together according to former.
After command message sends into terminal, the status code that this operation performs can be returned.If route protection pattern successful operation; the data that then can read are sent to terminal inner data-carrier store RAM; now usage data extraction order data can be extracted outside (standard A PDU interface directly can return the data of needs, without the need to user's manual extraction data) from terminal inner.
When using the certification mode of route protection pattern (data message with MAC certification), if command message runs succeeded, 4 byte MAC value also can be attached, for user's checking data when exporting data equally.
Data deciphering and data encryption adopt contrary process, as Figure 11.
Except above-mentioned three kinds of Preservation tactics, this terminal also provides three kinds of authentication modes: external authentication, internal authentication and password authentication, and external authentication is IC-card to the certification of terminal and processing enter, the response safe condition of the Influence on test result IC-card of external authentication.Internal authentication be terminal and processing enter to the certification of IC-card, internal authentication result does not affect the safe condition of card.Password authentication is used for PIN checking.
(1) external authentication
External authentication is used for the certification of IC-card to terminal and processing enter, and whether sense terminals is legal external unit.First, processing enter sends to IC-card and gets random number instruction, and IC-card produces random number; Then, by processing enter with IC-card key (key of IC-card Default Value) to random number encryption, in the form of a command ciphertext is sent to IC-card (specifically having been come by external authentication order); Finally, when IC-card performs this order, by decrypt ciphertext (key identical with terminal encryption key), and the plaintext after deciphering is compared with former random number.If both are consistent, then prove that terminal and processing enter are legal, otherwise terminal is illegal.
(2) internal authentication
The process of IC-card being carried out to true or false certification is internal authentication, and utilize IC-card key unique in IC-card to verify, the card of forgery cannot have identical key.First processing enter produces random number; Random number is sent to IC-card (specifically having been come by internal authentication order) by processing enter in the form of a command; Then IC-card double secret key random number encryption, and the ciphertext after encryption is issued terminal and processing enter; Finally, processing enter receives ciphertext, by decrypt ciphertext (key identical with the key of terminal encryption), and is compared with former random number by the plaintext after deciphering.According to the principle of symmetric cryptography, the key of terminal is certainly also equal with IC-card key, and the IC-card of forgery cannot obtain correct key, proves the authenticity of IC-card thus.
(3) password authentication
User inputs PIN to terminal, and PIN is sent in IC-card by terminal, and IC-card compares the PIN that PIN and Ka Nei of input stores.If identical, be then verified, card changes internal security state.If different, then authentication failed, card is by safe condition counter decrement.If safe condition counter subtracts, to cause be 0, then card is locked, cannot reuse.
The above is only the preferred embodiment of the present invention; be noted that for those skilled in the art; under the premise without departing from the principles of the invention, can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a financial IC card internet terminal, it is characterized in that: comprise card reading module, LCDs, keyboard, usb communication module and main control chip, described card reading module comprises deck and Card Reader chip, described deck is for placing IC-card, described Card Reader chip is used for reading and writing IC card data, and carry out data communication by the read-write driving of main control chip hardware driving layer and main control chip, described LCDs, keyboard, usb communication module drives respectively by the liquid crystal display of main control chip hardware driving layer, button drives, usb communication drives and carries out data communication with main control chip.
2. a kind of financial IC card internet terminal according to claim 1, it is characterized in that: described usb communication module is USB HID protocol interface, described usb communication drives as USB HID communication drivers, described USB HID protocol interface calls USB HID communication drivers, makes main control chip, usb communication module and user PC hold the data path set up and meet HID standard.
3. a kind of financial IC card internet terminal according to claim 1, is characterized in that: described main control chip is provided with command analysis device, file system and security manager;
Described command analysis device, as the bridge of usb communication module and module for reading and writing, is resolved terminal APDU command message, is formed should the IC-card APDU command message of business, and converts final IC-card APDU response message to terminal APDU response message;
Described file system is realized by main control chip external data storer, makes main control chip carry out store and management data by document form;
Described security manager provides the safety management needed for terminal, comprises security state of terminal and controls; File permission controls; Apply with user side the logical security carried out to communicate; And authentication, static data certification SDA, Dynamic Data Authentication DDA, complex data certification CDA.
4. a kind of financial IC card internet terminal according to claim 1, is characterized in that: described main control chip adopts 32 domestic main control chips; The read-write of described main control chip hardware driving layer drives as ISO7816 interface driver, described Card Reader chip realizes ISO7816 protocol interface, and Card Reader chip comprises contact Card Reader chip and contactless Card Reader chip, respectively contact read-write and contactless read-write are carried out to IC-card; Described main control chip hardware driving layer realizes liquid crystal display by SSX0912 GPIO interface emulates I2C serial communication and drives.
5. a transaction processing method for financial IC card internet terminal described in claim 1, is characterized in that comprising the steps:
(1), after terminal inserts user side, user side is powered up terminal by USB interface, and main control chip automatically resets, then terminal carries out power-on self-test and corresponding configuration, completion system initialization, terminal is now in the state of taking orders, and waits for the outside application system request of giving an order;
(2) user side is when needs terminal processes data, first will order and specify to pack by agreement with data, then command packet is sent to terminal, after terminal receives these group data by delivery manager, just data are passed to command analysis device, command analysis device can judge that these group data are the need of deciphering and verification thereof, if needed, then start terminal encryption arithmetical unit, School Affairs deciphering is carried out to data; If verification is not passed through, then abandon this command request, and return error code; If verification is passed through, then data decryption;
(3) data of command analysis device to encryption processor process are resolved, and judge whether this order legal, if order legal, then command analysis device can select corresponding operation according to order request, if illegal, then stop this command request, and return error code;
(4) associative operation that calls of file manager processing command resolver, judges the relevant treatment that whether this corresponding data of asking exists, whether authority meets, whether key state meets the requirements, and returns result;
In above processing procedure, error result is all returned terminal and delivers to LCDs by arbitrary step generation mistake, and after returning results, terminal is in the state of taking orders again.
6. the transaction processing method of a kind of financial IC card internet terminal according to claim 5, characterized by further comprising: described terminal is before concluding the business, need to set up security logic passage by two-way handshake agreement between terminal and processing enter, in described two-way handshake agreement, use SM2/SM3 cryptographic algorithms' implementation digital signature and checking; When concluding the business, adopting PIN encrypted certificate to be encrypted transmission to PIN data, employing SM2/SM3 algorithm equally and be encrypted.
7. the transaction processing method of a kind of financial IC card internet terminal according to claim 5, characterized by further comprising: the interactive application data between described terminal and processing enter transmits after being encapsulated as data message by Record protocol in internet, and Record protocol adopts SM1/SM4 cryptographic algorithm to be encrypted computing to interactive application data, ensure confidentiality when transaction data transmits on the internet.
8. the transaction processing method of a kind of financial IC card internet terminal according to claim 5, characterized by further comprising: described processing enter or IC-card and terminal carry out data message when communicating, data message realize the reliability of the safety transmission of data message and application data by route protection, certification that integrality, the other side send; Wherein the integrality of application data and the certification of the other side's transmission are realized by data authentication code MAC; The reliability of application data is realized requiring the data transmitted to be encrypted by the block cipher BCEA of national Password Management department approval.
9. the transaction processing method of a kind of financial IC card internet terminal according to claim 8, characterized by further comprising: the encrypting and decrypting of described data message and data authentication code MAC production process, completed by domestic symmetric cryptographic algorithm SM1/SM4;
The data message that the route protection pattern of described terminal is corresponding is divided into three kinds of modes: expressly+MAC mode, encrypted test mode, ciphertext+MAC mode;
Described plaintext+MAC mode: the data of command message data field are that clear data+use BCEA algorithm calculates nybble MAC;
Described encrypted test mode: the data of command message data field are the ciphertext using BCEA algorithm for encryption to cross;
Described ciphertext+MAC mode: the data of command message data field are the 4 byte MAC that the ciphertext+use BCEA algorithm using BCEA algorithm for encryption to cross calculates.
10. the transaction processing method of a kind of financial IC card internet terminal according to claim 5, characterized by further comprising: described terminal also provides three kinds of authentication modes: external authentication, internal authentication and password authentication, described external authentication is used for the certification of IC-card to terminal and processing enter; Described internal authentication is used for terminal and processing enter to the certification of IC-card; Described password authentication is used for user PIN and verifies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410498028.2A CN104217327B (en) | 2014-09-25 | 2014-09-25 | A kind of financial IC card internet terminal and its method of commerce |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410498028.2A CN104217327B (en) | 2014-09-25 | 2014-09-25 | A kind of financial IC card internet terminal and its method of commerce |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104217327A true CN104217327A (en) | 2014-12-17 |
| CN104217327B CN104217327B (en) | 2017-12-26 |
Family
ID=52098786
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410498028.2A Active CN104217327B (en) | 2014-09-25 | 2014-09-25 | A kind of financial IC card internet terminal and its method of commerce |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104217327B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
| CN104809823A (en) * | 2015-03-13 | 2015-07-29 | 东方通信股份有限公司 | ATM (Automatic Teller Machine) encryption authorization hub and method |
| CN104851206A (en) * | 2015-05-25 | 2015-08-19 | 华北电力大学 | USBKEY (universal serial bus key)-based online electric charge payment system |
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN105989489A (en) * | 2015-02-03 | 2016-10-05 | 深圳融合高科信息技术有限公司 | IC card network authentication method and payment terminal |
| CN106326790A (en) * | 2015-06-30 | 2017-01-11 | 国民技术股份有限公司 | Account verification device and method |
| CN106339621A (en) * | 2015-07-17 | 2017-01-18 | 北京握奇智能科技有限公司 | Data processing method for USB equipment and USB equipment |
| CN106651361A (en) * | 2016-12-20 | 2017-05-10 | 张涉应 | Internet terminal for financial IC (Integrated Circuit) card and transaction method thereof |
| CN107205080A (en) * | 2016-03-19 | 2017-09-26 | 汪风珍 | A kind of smart mobile phone with independent finance transaction system |
| WO2018032373A1 (en) * | 2016-08-13 | 2018-02-22 | 深圳市樊溪电子有限公司 | Security network attachment device and method for block chain |
| CN107833402A (en) * | 2017-12-09 | 2018-03-23 | 恒宝股份有限公司 | A kind of ATM, financial IC card and its fault handling method |
| CN108010191A (en) * | 2017-12-28 | 2018-05-08 | 联合华通(天津)科技有限公司 | Intellective IC card terminating machine with Encryption Keyboard |
| CN108075887A (en) * | 2016-11-15 | 2018-05-25 | 北京维森科技有限公司 | For method, cloud platform, user equipment and the system of CPU card encryption certification |
| CN108090763A (en) * | 2017-12-05 | 2018-05-29 | 河南省视博电子股份有限公司 | It is a kind of can on-line payment and the intelligent electronic-scale and method of commerce traced to the source |
| CN108846469A (en) * | 2018-06-28 | 2018-11-20 | 中国建设银行股份有限公司 | Financial IC card exchange method, device and readable storage medium storing program for executing |
| CN109347635A (en) * | 2018-11-14 | 2019-02-15 | 中云信安(深圳)科技有限公司 | A kind of Internet of Things security certification system and authentication method based on national secret algorithm |
| CN109362077A (en) * | 2018-12-24 | 2019-02-19 | 成都三零瑞通移动通信有限公司 | A kind of mobile intelligent terminal packet data encrypted transmission method and device |
| CN110457083A (en) * | 2019-07-04 | 2019-11-15 | 深圳市中易通安全芯科技有限公司 | A kind of starting method and device of chip file system |
| WO2021248999A1 (en) * | 2020-06-12 | 2021-12-16 | 华为技术有限公司 | Method for checking application information, message processing method and device |
| CN114220234A (en) * | 2021-12-13 | 2022-03-22 | 深圳合纵富科技有限公司 | High integrated finance all-in-one equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101042736A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for accessing objects in smart card |
| CN101242426A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Method, system and device for establishing secure connection at transmission layer |
| CN201600745U (en) * | 2009-12-09 | 2010-10-06 | 高文龙 | Electronic payment terminal and service equipment provided with same |
| WO2010139122A1 (en) * | 2009-06-03 | 2010-12-09 | 普天信息技术研究院有限公司 | Device, system and transaction method for integrating payment function and receipt function |
| CN202049561U (en) * | 2011-05-18 | 2011-11-23 | 东华大学 | Financial IC (integrated circuit) card terminal |
| CN102737311A (en) * | 2012-05-11 | 2012-10-17 | 福建联迪商用设备有限公司 | Internet bank security authentication method and system |
| CN103246978A (en) * | 2013-05-06 | 2013-08-14 | 武汉瑞达信息安全系统有限公司 | Mobile payment system and mobile payment implementation method |
| CN204066182U (en) * | 2014-09-25 | 2014-12-31 | 山东中孚信息产业股份有限公司 | A kind of financial IC card internet terminal |
-
2014
- 2014-09-25 CN CN201410498028.2A patent/CN104217327B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101042736A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for accessing objects in smart card |
| CN101242426A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Method, system and device for establishing secure connection at transmission layer |
| WO2010139122A1 (en) * | 2009-06-03 | 2010-12-09 | 普天信息技术研究院有限公司 | Device, system and transaction method for integrating payment function and receipt function |
| CN201600745U (en) * | 2009-12-09 | 2010-10-06 | 高文龙 | Electronic payment terminal and service equipment provided with same |
| CN202049561U (en) * | 2011-05-18 | 2011-11-23 | 东华大学 | Financial IC (integrated circuit) card terminal |
| CN102737311A (en) * | 2012-05-11 | 2012-10-17 | 福建联迪商用设备有限公司 | Internet bank security authentication method and system |
| CN103246978A (en) * | 2013-05-06 | 2013-08-14 | 武汉瑞达信息安全系统有限公司 | Mobile payment system and mobile payment implementation method |
| CN204066182U (en) * | 2014-09-25 | 2014-12-31 | 山东中孚信息产业股份有限公司 | A kind of financial IC card internet terminal |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
| CN105989489A (en) * | 2015-02-03 | 2016-10-05 | 深圳融合高科信息技术有限公司 | IC card network authentication method and payment terminal |
| CN104809823A (en) * | 2015-03-13 | 2015-07-29 | 东方通信股份有限公司 | ATM (Automatic Teller Machine) encryption authorization hub and method |
| CN104851206A (en) * | 2015-05-25 | 2015-08-19 | 华北电力大学 | USBKEY (universal serial bus key)-based online electric charge payment system |
| CN106326790B (en) * | 2015-06-30 | 2024-03-01 | 国民技术股份有限公司 | Account verification device and method |
| CN106326790A (en) * | 2015-06-30 | 2017-01-11 | 国民技术股份有限公司 | Account verification device and method |
| CN106339621A (en) * | 2015-07-17 | 2017-01-18 | 北京握奇智能科技有限公司 | Data processing method for USB equipment and USB equipment |
| CN106339621B (en) * | 2015-07-17 | 2024-03-29 | 北京握奇智能科技有限公司 | Data processing method of USB device and USB device |
| CN105138891A (en) * | 2015-07-30 | 2015-12-09 | 山东超越数控电子有限公司 | USBKey based drive-free encryption and decryption certification communication circuit and method |
| CN105138891B (en) * | 2015-07-30 | 2018-02-23 | 山东超越数控电子股份有限公司 | It is a kind of based on USBKey without driving encryption and decryption certification telecommunication circuit and method |
| CN107205080A (en) * | 2016-03-19 | 2017-09-26 | 汪风珍 | A kind of smart mobile phone with independent finance transaction system |
| CN107205080B (en) * | 2016-03-19 | 2020-06-16 | 汪风珍 | Smart phone with independent financial transaction system |
| CN107205080B8 (en) * | 2016-03-19 | 2020-09-29 | 张家界航空工业职业技术学院 | Smart phone with independent financial transaction system |
| WO2018032373A1 (en) * | 2016-08-13 | 2018-02-22 | 深圳市樊溪电子有限公司 | Security network attachment device and method for block chain |
| CN108075887A (en) * | 2016-11-15 | 2018-05-25 | 北京维森科技有限公司 | For method, cloud platform, user equipment and the system of CPU card encryption certification |
| CN106651361A (en) * | 2016-12-20 | 2017-05-10 | 张涉应 | Internet terminal for financial IC (Integrated Circuit) card and transaction method thereof |
| CN108090763A (en) * | 2017-12-05 | 2018-05-29 | 河南省视博电子股份有限公司 | It is a kind of can on-line payment and the intelligent electronic-scale and method of commerce traced to the source |
| CN107833402A (en) * | 2017-12-09 | 2018-03-23 | 恒宝股份有限公司 | A kind of ATM, financial IC card and its fault handling method |
| CN108010191A (en) * | 2017-12-28 | 2018-05-08 | 联合华通(天津)科技有限公司 | Intellective IC card terminating machine with Encryption Keyboard |
| CN108846469A (en) * | 2018-06-28 | 2018-11-20 | 中国建设银行股份有限公司 | Financial IC card exchange method, device and readable storage medium storing program for executing |
| CN109347635A (en) * | 2018-11-14 | 2019-02-15 | 中云信安(深圳)科技有限公司 | A kind of Internet of Things security certification system and authentication method based on national secret algorithm |
| CN109362077A (en) * | 2018-12-24 | 2019-02-19 | 成都三零瑞通移动通信有限公司 | A kind of mobile intelligent terminal packet data encrypted transmission method and device |
| CN109362077B (en) * | 2018-12-24 | 2021-08-17 | 成都三零瑞通移动通信有限公司 | Mobile intelligent terminal packet data encryption transmission method and device |
| CN110457083A (en) * | 2019-07-04 | 2019-11-15 | 深圳市中易通安全芯科技有限公司 | A kind of starting method and device of chip file system |
| CN110457083B (en) * | 2019-07-04 | 2023-07-18 | 深圳市中易通安全芯科技有限公司 | Method and device for starting chip file system |
| WO2021248999A1 (en) * | 2020-06-12 | 2021-12-16 | 华为技术有限公司 | Method for checking application information, message processing method and device |
| CN114220234A (en) * | 2021-12-13 | 2022-03-22 | 深圳合纵富科技有限公司 | High integrated finance all-in-one equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104217327B (en) | 2017-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN113243024A (en) | System and method for password authentication of contactless cards | |
| JP2022508010A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
| US10965465B2 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN103501191A (en) | Mobile payment device and method thereof based on NFC technology | |
| BR112021004169A2 (en) | card activation system, contactless card activation method, and contactless card | |
| BR112021005174A2 (en) | counter resynchronization system, method of resynchronizing a counter on a contactless card, and contactless card | |
| CN104008351A (en) | System, method and device for Windows application program integrity checking | |
| CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
| US20220284417A1 (en) | Server-side contactless card activation | |
| US11658997B2 (en) | Systems and methods for signaling an attack on contactless cards | |
| WO2020072626A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| BR112021004710A2 (en) | system and method for transmitting data | |
| CN204066182U (en) | A kind of financial IC card internet terminal | |
| US20210279703A1 (en) | Point of sale device with secure connection between security meshes | |
| US11902442B2 (en) | Secure management of accounts on display devices using a contactless card | |
| US20230188340A1 (en) | Key recovery based on contactless card authentication | |
| US20240054493A1 (en) | Methods and arrangements for proof of purchase | |
| CN105989489A (en) | IC card network authentication method and payment terminal | |
| CN114357496A (en) | Goods transaction method, device, equipment and storage medium based on electronic contract | |
| CN115714973A (en) | Trusted computing based data security reinforcement method and device for 5G mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Xinluo Avenue high tech Zone of Ji'nan City, Shandong province 250101 orsus No. 1166 building 15-16 Applicant after: Shandong Zhongfu Information Industry Co., Ltd. Address before: 250101 Shandong city of Ji'nan province high tech Zone Shun Road No. 2000 Shun Tai Plaza No. 9 Building 8 layer Applicant before: Shandong Zhongfu Information Industry Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant |