CN104574652B - The increase of IC-card blowdown data, the method reduced and IC-card - Google Patents
The increase of IC-card blowdown data, the method reduced and IC-card Download PDFInfo
- Publication number
- CN104574652B CN104574652B CN201310479322.4A CN201310479322A CN104574652B CN 104574652 B CN104574652 B CN 104574652B CN 201310479322 A CN201310479322 A CN 201310479322A CN 104574652 B CN104574652 B CN 104574652B
- Authority
- CN
- China
- Prior art keywords
- random number
- blowdown
- card
- money
- flow rate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 239000013589 supplement Substances 0.000 claims abstract description 27
- 102100038591 Endothelial cell-selective adhesion molecule Human genes 0.000 claims description 38
- 101000882622 Homo sapiens Endothelial cell-selective adhesion molecule Proteins 0.000 claims description 38
- 230000001502 supplementing effect Effects 0.000 claims description 35
- 238000012795 verification Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000000052 comparative effect Effects 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 2
- 230000007812 deficiency Effects 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 abstract description 24
- 239000003344 environmental pollutant Substances 0.000 description 13
- 231100000719 pollutant Toxicity 0.000 description 13
- 238000007599 discharging Methods 0.000 description 8
- 230000007613 environmental effect Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 5
- 230000007547 defect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241000894007 species Species 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 241000030538 Thecla Species 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
The invention discloses a kind of increase of IC-card blowdown data, the method reduced and IC-card, wherein, the increased method of IC-card blowdown data includes:Receive and supplement the increase blowdown flow rate instruction that equipment issues with money, increase blowdown flow rate instruction includes:First random number;Judge whether the first random number random, if the first random number is random, increase blowdown flow rate instruction is legal, receive supplement equipment with money supplement operation with money.The IC-card blowdown data increase of the present invention, the method reduced and IC-card, the concept of random number is introduced in blowdown flow rate instruction, disabled user is effectively prevent and intercepts load value data, repeatedly supplemented with money;The measure of special authentication code is introduced, special authentication code is written to the secure data area in chip, it is therefore prevented that clones the generation of chip;Introduce the measure of check code, it is therefore prevented that the rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure, so as to ensure that security and confidentiality of the blowdown data in transmitting procedure.
Description
Technical field
The present invention relates to data transfer in the communications field and security technology area, in particular it relates to which IC-card blowdown data increase
The method and IC-card add, reduced.
Background technology
Pollutant Discharge Permit System be to improve environmental quality as target, based on pollutant pollution permission system, it is specified that
The information such as species that pollutant discharging unit discharges pollutants, data, it is an administration system with intendment of law, is to emphasis
The means of quantified management are carried out in region, the discharge of major pollutant of emphasis pollutant discharging unit.In the past during pollution sources regulation, only
Concentration of emission is controlled, it is impossible to solve pollution problem on the whole, prediction emission only is carried out to major polluting sources,
Pollutant discharging license is provided, whole region environmental quality could be improved.Specific to the different environmental quality requirement in different regions, really
Fixed different pollution sources, cut down different pollutant discharge amounts.Pollution control is closely combined with environmental quality target, favorably
In saving improvement fund, environmental quality target is realized.
IC card system used in current pollutant discharging license system, mainly using mifare card techniques, or
《China's finance integrated circuit(IC)Calliper model》(JR/T 0025-2005)(Abbreviation PB0C2.0 in the industry)In stored value card/deposit
Roll over application technology.The quantity of wallet is because spatial relationship is relatively limited, and algorithm security is relatively low.Wherein mifare card techniques
In crypto algorithms and Electronic Finance wallet bankbook in DES relative safeties it is relatively low, and operating process is more complicated.
In process of the present invention is realized, inventor has found that at least there are the following problems in the prior art:
The system that traditional IC-card blowdown data increase, reduced, mainly using mifare card techniques, or《China
Financial integrated circuit(IC)Calliper model》(JR/T 0025-2005)In stored value card/bankbook application technology.Algorithmically use
Be crypto algorithms or DES algorithms;The simple purse application used, or Electronic Finance purse application.At present
Mifare technologies have been cracked, and the stored value card of finance amount deposited in deposit is plaintext transmission, easily produces transaction
Unsafe problem.
The content of the invention
The defects of present invention is to overcome IC-card blowdown Information Security difference in the prior art, according to one of the present invention
Aspect, propose a kind of increased method of IC-card blowdown data.
The increased method of IC-card blowdown data according to embodiments of the present invention, including:
Receive and supplement the increase blowdown flow rate instruction that equipment issues with money, increase blowdown flow rate instruction includes:First random number;
Judge whether the first random number is random, if the first random number is random, increase blowdown flow rate instruction is legal, and reception is filled
Value equipment supplements operation with money.
The defects of present invention is in order to overcome IC-card blowdown Information Security difference in the prior art, according to another of the present invention
Aspect, propose that one kind realizes the increased IC-card of blowdown data.
It is according to embodiments of the present invention to realize the increased IC-card of blowdown data, including:
Command reception module, for receiving the increase blowdown flow rate instruction supplemented equipment with money and issued, increase blowdown flow rate instruction includes:
First random number;
Authentication module is instructed, for judging whether the first random number is random, if the first random number is random, increases blowdown
Amount instruction is legal, receive supplement equipment with money supplement operation with money.
The increased method of IC-card blowdown data and IC-card of the embodiment of the present invention, algorithmically employ the close SM1 algorithms of state
Crypto algorithms or DES algorithms are instead of, and plaintext transmission of the prior art is changed to ciphertext transmission, ensure that blowdown number
According to the security and confidentiality in transmitting procedure.
The increased method of IC-card blowdown data and IC-card of the embodiment of the present invention, random number is introduced in blowdown flow rate instruction
Concept, effectively prevent disabled user intercept load value data, repeatedly supplemented with money;The measure of special authentication code is introduced, it is special
Different authentication code is written to the secure data area in chip, it is therefore prevented that clones the generation of chip;The measure of check code is introduced, is prevented
Stopped blowdown data error of transmission or transmitting procedure in rogue attacks behavior.
The defects of present invention is to overcome IC-card blowdown Information Security difference in the prior art, according to one of the present invention
Aspect, propose a kind of method that IC-card blowdown data are reduced.
The method that IC-card blowdown data according to embodiments of the present invention are reduced, including:
Receive the blowdown flow rate of reducing that blowdown control terminal issues to instruct, reducing blowdown flow rate instruction includes:It is 3rd random number, attached
Raise the price, the 3rd random number and extra-code are used to produce the second check code when supplementing blowdown control terminal ESAM with money;
Judge whether remaining sum sufficient in IC-card, if sufficient, generate the 4th random number, if insufficient, do not generate with
Machine number;
The blowdown data, the 4th random number and the second special authentication code reduced are encrypted to obtain encrypted cipher text,
MAC is carried out to the extra-code and the encrypted cipher text according to the 3rd random number the second check code is calculated, it is described attached
Raise the price, the encrypted cipher text and second check code form and the blowdown control terminal ESAM increase blowdown flow rates supplemented with money instructed.
The defects of present invention is to overcome IC-card blowdown Information Security difference in the prior art, according to one of the present invention
A kind of aspect, it is proposed that IC-card realized blowdown data and reduced.
The IC-card realized blowdown data and reduced according to embodiments of the present invention, including:
Command reception module, receive the blowdown flow rate of reducing that blowdown control terminal issues and instruct, reducing blowdown flow rate instruction includes:
3rd random number, extra-code, the 3rd random number and extra-code are used to produce second when supplementing blowdown control terminal ESAM with money
Check code;
Random number generation module, for judging whether remaining sum is sufficient in IC-card, if sufficient, the 4th random number is generated,
If insufficient, random number is not generated;
Check code generation module, for adding to the blowdown data, the 4th random number and the second special authentication code reduced
It is close to obtain encrypted cipher text, MAC is carried out to extra-code and encrypted cipher text according to the 3rd random number the second check code is calculated, it is described
Extra-code, the encrypted cipher text and second check code are formed to be referred to the blowdown control terminal ESAM increase blowdown flow rates supplemented with money
Order.
The method and IC-card that the IC-card blowdown data of the embodiment of the present invention are reduced, algorithmically employ the close SM1 algorithms of state
Crypto algorithms or DES algorithms are instead of, and plaintext transmission of the prior art is changed to ciphertext transmission, ensure that blowdown number
According to the security and confidentiality in transmitting procedure.
The method and IC-card that the IC-card blowdown data of the embodiment of the present invention are reduced, random number is introduced in blowdown flow rate instruction
Concept, effectively prevent disabled user intercept load value data, repeatedly supplemented with money;The measure of special authentication code is introduced, it is special
Different authentication code is written to the secure data area in chip, it is therefore prevented that clones the generation of chip;The measure of check code is introduced, is prevented
Stopped blowdown data error of transmission or transmitting procedure in rogue attacks behavior.
The method and IC-card that the IC-card blowdown data of the embodiment of the present invention are reduced, during supplementing with money, blowdown data are
Ciphertext transmission means, it ensure that the security of transmission;During IC-card is withholdd, output and blowdown control terminal ESAM is carried out
The message supplemented with money, blowdown control terminal are intended only as a transmission medium, can not interfere supplementing message with money, ensure that the peace of data
Quan Xing.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write
Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention
Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is IC-card recharge procedure schematic diagram of the present invention;
Fig. 2 is withholdd for IC-card of the present invention and ESAM recharge procedure schematic diagrames;
Fig. 3 realizes the increased IC-card structural representation of blowdown data for one embodiment of the invention;
Fig. 4 is the IC-card structural representation realized blowdown data and reduced of another embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawings, the embodiment of the present invention is described in detail, it is to be understood that the guarantor of the present invention
Shield scope is not limited by embodiment.
The present invention be directed to use the DES algorithms in mifare technologies and Electronic Finance wallet, finance in the prior art
Data are transmitted with clear-text way when stored value card is deposited, and can not ensure data storage and the security of transmission, and transaction flow mistake
In the complexity the problem of, and a kind of new IC-card blowdown data increase proposed, the method reduced.
The present invention proposes a kind of new increased method of IC-card blowdown data, realizes that the software systems of this method are used for
Download to unique card as an enterprise in subscriber card, while the ESAM that can also be downloaded in blowdown terminal control device
(Embedded Secure Access Module, embedded safe control module)As " the safety of blowdown terminal control device
The memory module of information " and " blowdown data remaining sum ".This method supports the increase blowdown data command of blowdown data control, button
Emission reduction dirt data command and the remaining sum instruction of reading blowdown data.
To achieve the above object of the invention, the invention provides a kind of increased method of IC-card blowdown data, specific implementation step
It is rapid as follows:
Blowdown enterprise needs to handle unique pollutant discharging license of the IC-card as enterprise, and the key in this IC-card is looked forward to for this
The unique key of industry, and have corresponding relation with the ESAM in the blowdown terminal control device of the enterprise(Blowdown terminal control device
In ESAM got by key in pollutant discharging license IC-card is scattered, and can not backstepping).
IC-card is supplemented with money:
As Fig. 1 shows, the embodiment of the invention discloses a kind of increased method of IC-card blowdown data, the present embodiment focuses on
Level environmental administration supplements with money to IC-card, including:
Step 101:Blowdown data manipulation personnel are to supplementing the blowdown data class and supplement with money that input to be supplemented with money in equipment with money
The amount of money;
Step 102:The equipment of supplementing with money of higher environmental protection departments carries out authentication to pollutant discharging license IC-card;
Step 103:Supplement equipment with money and the second random number of acquisition is sent to IC-card(Such as:Random number 1)Instruction, IC-card generation are random
Number 1 simultaneously sends back and supplements equipment with money;
Step 104:Supplement equipment with money and produce first random number(Such as:Random number 2), device interior is supplemented with money according to blowdown kind
The short file identifier of wallet corresponding to class acquisition(SFI), numbered according to enterprise, obtain enterprise's password, and according to instruction format, structure
Make " instruction of increase blowdown flow rate " message;
Step 105:Supplement equipment with money and " instruction of increase blowdown flow rate " is sent to IC-card, the wherein instruction includes:The blowdown of purchase
The short file identifier of wallet corresponding to species(SFI), by key corresponding to this blowdown wallet of the enterprise, it is close based on state
SM1 algorithms " the first special authentication codes of purchase volume+random number 2+ " is encrypted after ciphertext, " command header+ciphertext ", close by MAC
The first check code that key and random number 1 are calculated;
Step 106:IC-card verifies, verification passes through, then after " instruction of increase blowdown flow rate " is received to the first check code
Illustrate that communications do not receive attack or interference;Verification is not by returning to faulty operation then;
Step 107:IC-card finds the wallet storage inside according to the blowdown wallet being directed in " instruction of increase blowdown flow rate "
Counterpart keys, the ciphertext generated based on the key to the above-mentioned steps 105 received are decrypted;
Step 108:The first special authentication code that judgment step 107 obtains and special authentication code built-in in IC-card whether one
Cause, if unanimously, it is legitimate enterprise to illustrate pollutant discharging unit;If it is inconsistent, return to faulty operation;
Step 109:Judge whether random number 2 random, if random number 2 is fixed coding, or with before(Such as:Ten
It is secondary)Supplementing the random number of operation with money has matching, then the random number is not random, and mistake may be returned to by malicious attack by supplementing order with money
Operation;If random number 2 is random, this supplements the instruction that order is not malicious attack with money;
Step 110:After it is determined that random number 2 is random, supplements equipment with money and corresponding blowdown wallet in IC-card is carried out supplementing behaviour with money
Make.
Increase blowdown flow rate instruction format described above is as shown in table 1:
Table 1
The short file identification SFI of P1--- blowdown wallet files;
Incrementss(The byte of ciphertext 16)--- be by 4 byte incrementss in plain text, supplement 4 bytes fix the byte of authentication code+8 with
Got after machine number by SM1 encryptions.
Check code --- it is the MAC value obtained by " CLA+INS+P1+P2+Lc+ incrementss " by MAC cipher key calculations.
IC-card is withholdd and supplemented with money to ESAM:
As shown in Fig. 2 another embodiment of the present invention discloses a kind of method that IC-card blowdown data are reduced, the present invention is implemented
Example, which focuses on, withholds to IC-card and blowdown control terminal ESAM is supplemented with money, including:
Step 201:Blowdown data manipulation people inputs recharge amount in blowdown control terminal;
Step 202:Blowdown controls terminal ESAM to carry out authentication to IC-card, and certification is not by returning to faulty operation then;
Step 203:IC-card controls terminal ESAM to carry out authentication blowdown, and certification is not by returning to faulty operation then;
Step 204:IC-card controls blowdown terminal authentication by rear, controls terminal ESAM to send blowdown and obtains random number
Instruction, blowdown control terminal produce the 3rd random number(Such as:Random number 3), and random number 3 is sent to IC-card;
Step 205:Blowdown controls terminal " to be reduced according to blowdown acquisition of information wallet SFI, random number 3, extra-code, construction
Blowdown flow rate instructs " message;
Step 206:Blowdown control terminal-pair IC-card sends " reducing blowdown flow rate instruction " message;
Step 207:IC-card checks whether remaining sum is sufficient, if Sorry, your ticket has not enough value in card, returns to faulty operation;
Step 208:If remaining sum is sufficient in IC-card, i.e., the 4th random number is produced inside IC-card(Such as:Random number
4);
Step 209:By " data are reduced in blowdown ", " random number 4 " " the second special authentication code " uses key dispersion factor to IC-card
Carry out the key after key disperses to be encrypted, generate " supplementing ciphertext with money ";
Step 210:IC-card uses MAC keys and random number 3, and MAC calculating is carried out to " extra-code " and " supplementing ciphertext with money ",
Obtain the second check code;
Step 211:" instruction of increase blowdown flow rate " loopback discharge that IC-card will have been constructed by " supplementing ciphertext with money " and " check code "
Dirt control terminal;
Step 212:Blowdown controls terminal that " instruction of the increase blowdown flow rate " message for receiving IC-card return is incidentally upper " additional
Code " is transferred to blowdown control terminal ESAM using plaintext version;
Step 213:Blowdown controls terminal ESAM to carry out school to the second check code after " instruction of increase blowdown flow rate " is received
Test, verification passes through, and illustrates that communications do not receive attack or interference;Verification is not by returning to faulty operation then;
Step 214:Blowdown controls counterpart keys of the terminal ESAM according to " instruction of increase blowdown flow rate ", based on the key to receiving
To above-mentioned steps 209 generate ciphertext be decrypted, the special authentication code of second after being decrypted;
Step 215:The second special authentication code that judgment step 214 obtains and special authentication code built-in in IC-card whether one
Cause, if unanimously, illustrating that IC-card is legal;If it is inconsistent, return to faulty operation;
Step 216:Judge whether random number 4 random, if random number 4 is fixed coding, or with before(Such as:Ten
It is secondary)Supplementing the random number of operation with money has matching, then the random number is not random, and mistake may be returned to by malicious attack by supplementing order with money
Operation;If random number 4 is random, this supplements the instruction that order is not malicious attack with money;
Step 217:After it is determined that random number 4 is random, IC-card carries out supplementing operation with money to blowdown control terminal ESAM.
" reducing blowdown flow rate instruction " form that IC-card described above is withholdd is as shown in table 2:
Table 2
P1--- blowdown wallet files;
Extra-code --- increase blowdown flow rate instruction head " E43Axx0014 ";
N--- spans are 0~3;
Verification and --- for " the CLA+INS+P1+P2+Lc+ amounts of reducing " each byte XOR value.
The IC-card blowdown data increase of the embodiment of the present invention, the method reduced, in blowdown data transmission procedure, to blowdown
Data employ the close SM1 algorithm for encryption of state, and the algorithm is realized for hardware, and algorithm is underground, ensure that the safety of blowdown data
Property and confidentiality;
The IC-card blowdown data increase of the embodiment of the present invention, the method reduced, add the introducing of random number, effectively prevent
After disabled user intercepts and captures load value data, the situation repeatedly supplemented with money;Add the introducing of special authentication code, special authentication code
It is to be written to secure data area in the chips, enterprise customer can not obtain, and fundamentally prevent the possibility of clone's chip;Increase
Add the use of check code, by the certification to check code, can effectively prevent blowdown data transmission fault and illegal data
Attack;The measure that the embodiments of the present invention are introduced into ensure that blowdown data store and transmitting procedure in security and
Confidentiality.
The embodiment of the invention discloses one kind to realize the increased IC-card of blowdown data, as shown in figure 3, including with lower module:
Command reception module 301, for receiving the blowdown flow rate instruction supplemented equipment with money and issued;
Authentication module 302 is instructed, for judging whether the first random number is random, if the first random number is random, is increased
Blowdown flow rate instruction is legal, receive supplement equipment with money supplement operation with money.
Wherein, authentication module 302 is instructed to include with lower module:
Random number comparison sub-module 3021, for by the first random number compared with supplementing the random number of operation with money before;
Random number determination sub-module 3022, for confirming whether the first random number is random according to comparative result, if first
Random number and nonces match or the first random number of supplementing operation with money before are fixed coding, then the first random number not with
Machine, increase blowdown flow rate instruction are illegal.
Wherein, the increased IC-card of blowdown data is realized, in addition to lower module:
Authentication code obtains module 303, special after being decrypted for encrypted cipher text to be decrypted according to decruption key
Authentication code;
Authentication code comparison module 304, for by special authentication code compared with the special authentication code stored in IC-card, such as
Both fruits are inconsistent, then certification does not pass through;
If special authentication code is consistent with the special authentication code stored in IC-card, special certification code authentication passes through.
Wherein, the increased IC-card of blowdown data is realized, in addition to lower module:
Sending module 305 is received, for receiving the acquisition random number instruction supplemented equipment with money and issued, generates the second random number,
Second random number is sent back and supplements equipment with money, for generating check code subsidiary in increase blowdown flow rate instruction.
Wherein, the increased IC-card of blowdown data is realized, in addition to lower module:
Verify comparison module 306, for by check code compared with the check code that IC-card internal calculation obtains, if two
Person is equal, then verification passes through;
If both are unequal, verify and do not pass through.
The embodiment of the present invention realizes the increased IC-card of blowdown data, algorithmically employs the close SM1 algorithms of state and instead of
Crypto algorithms or DES algorithms, and plaintext transmission of the prior art is changed to ciphertext transmission, it ensure that blowdown data are passing
Security and confidentiality during defeated.
The embodiment of the present invention realizes the increased IC-card of blowdown data, and the general of random number is introduced in blowdown flow rate instruction
Read, effectively prevent disabled user and intercept load value data, repeatedly supplemented with money;The measure of special authentication code is introduced, it is special to recognize
Card code is written to the secure data area in chip, it is therefore prevented that clones the generation of chip;Introduce the measure of check code, it is therefore prevented that
Rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The embodiment of the present invention realizes the increased IC-card of blowdown data, and during supplementing with money, blowdown data are that ciphertext passes
Defeated mode, it ensure that the security of transmission;During IC-card is withholdd, output what blowdown control terminal ESAM was supplemented with money
Message, blowdown control terminal are intended only as a transmission medium, can not interfere supplementing message with money, ensure that the security of data.
The embodiment of the invention also discloses a kind of IC-card realized blowdown data and reduced, as shown in figure 4, including following mould
Block:
Command reception module 401, instructed for receiving the blowdown flow rate of reducing that blowdown control terminal issues, reduce blowdown flow rate and refer to
Order includes:3rd random number, extra-code, the 3rd random number and extra-code are used to produce when supplementing blowdown control terminal ESAM with money
Raw second check code.
Random number generation module module 402, for judging whether remaining sum is sufficient in IC-card, if sufficient, generation the 4th
Random number, if insufficient, do not generate random number;
Check code generation module 403, carried out for the blowdown data to reducing, the 4th random number and the second special authentication code
Encryption obtains encrypted cipher text, and carrying out MAC to extra-code and encrypted cipher text according to the 3rd random number is calculated the second check code, institute
State extra-code, the encrypted cipher text and second check code and form and the blowdown control terminal ESAM increase blowdown flow rates supplemented with money are referred to
Order.
Above-mentioned IC-card, in addition to:
Authentication module 404 is instructed, for judging whether the 4th random number is random, if the 4th random number is random, is increased
Blowdown flow rate instruction is legal, and blowdown control terminal ESAM is carried out supplementing operation with money.
Wherein, authentication module 404 is instructed to include with lower module:
Random number comparison sub-module 4041, for by the 4th random number compared with supplementing the random number of operation with money before;
Random number determination sub-module 4042, for confirming whether the 4th random number is random according to comparative result, if the 4th
Random number and nonces match or the 4th random number of supplementing operation with money before are fixed coding, then the first random number not with
Machine, increase blowdown flow rate instruction are illegal.
Above-mentioned IC-card, in addition to:
Authentication code obtains module 405, for encrypted cipher text to be decrypted, the second special authentication code after being decrypted;
Authentication code comparison module 406, for the second special authentication code is special with being stored in blowdown control terminal ESAM
Authentication code is compared, if both are inconsistent, certification does not pass through;
If the second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, special certification
Code authentication passes through.
Above-mentioned IC-card, in addition to:
Check code comparison module 407, for that will increase in the second check code and terminal ESAM subsidiary in blowdown flow rate instruction
The check code that portion is calculated is compared, if both are equal, verification passes through;
If both are unequal, verify and do not pass through.
The IC-card realized blowdown data and reduced of the embodiment of the present invention, algorithmically employ the close SM1 algorithms of state and instead of
Crypto algorithms or DES algorithms, and plaintext transmission of the prior art is changed to ciphertext transmission, it ensure that blowdown data are passing
Security and confidentiality during defeated.
The IC-card realized blowdown data and reduced of the embodiment of the present invention, the general of random number is introduced in blowdown flow rate instruction
Read, effectively prevent disabled user and intercept load value data, repeatedly supplemented with money;The measure of special authentication code is introduced, it is special to recognize
Card code is written to the secure data area in chip, it is therefore prevented that clones the generation of chip;Introduce the measure of check code, it is therefore prevented that
Rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The IC-card realized blowdown data and reduced of the embodiment of the present invention, during supplementing with money, blowdown data are that ciphertext passes
Defeated mode, it ensure that the security of transmission;During IC-card is withholdd, output what blowdown control terminal ESAM was supplemented with money
Message, blowdown control terminal are intended only as a transmission medium, can not interfere supplementing message with money, ensure that the security of data.
The present invention can have a variety of various forms of embodiments, above by taking Fig. 1-Fig. 4 as an example with reference to accompanying drawing to this hair
Bright technical scheme explanation for example, this is not meant to that the instantiation that the present invention is applied can only be confined to specific flow
Or in example structure, one of ordinary skill in the art is it is to be appreciated that specific embodiment presented above is a variety of
Some examples in its preferred usage, any embodiment for embodying the claims in the present invention all should be wanted in technical solution of the present invention
Within the scope of asking protection.
Finally it should be noted that:The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention,
Although the present invention is described in detail with reference to the foregoing embodiments, for those skilled in the art, it still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic.
Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., it should be included in the present invention's
Within protection domain.
Claims (18)
- A kind of 1. increased method of IC-card blowdown data, it is characterised in that including:Receive and supplement the increase blowdown flow rate instruction that equipment issues with money, the increase blowdown flow rate instruction includes:First random number;Judge whether first random number is random, if first random number is random, the increase blowdown flow rate instruction is closed Method, that supplements equipment described in reception with money supplements operation with money;Also include:The increase blowdown flow rate instruction also includes:Solved corresponding to the encrypted cipher text of first special authentication code and blowdown flow rate instruction Key;The encrypted cipher text is decrypted according to the decruption key, the special authentication code of first after being decrypted;By the described first special authentication code compared with the special authentication code stored in IC-card, if both are inconsistent, recognize Card does not pass through;If the first special authentication code is consistent with the special authentication code stored in IC-card, the special certification code authentication leads to Cross.
- 2. according to the method for claim 1, it is characterised in that it is described to judge whether the first random number is random, including:By first random number compared with supplementing the random number of operation with money before, if both matching or described first with Machine number is fixed coding, then first random number is not random, and the increase blowdown flow rate instruction is illegal.
- 3. according to the method for claim 1, it is characterised in that also include:Supplement the acquisition random number instruction that equipment issues described in reception with money, generate the second random number, second random number is sent Equipment is supplemented with money described in returning, for generating the first check code subsidiary in the increase blowdown flow rate instruction.
- 4. according to the method for claim 3, it is characterised in that also include:After supplementing the increase blowdown flow rate instruction that equipment issues described in reception with money, described the first of equipment generation is supplemented with money by described Check code is compared with the check code that IC-card internal calculation obtains, if both are equal, verification passes through;If both are unequal, verify and do not pass through.
- 5. one kind realizes the increased IC-card of blowdown data, it is characterised in that including:Command reception module, for receiving the increase blowdown flow rate instruction supplemented equipment with money and issued, the increase blowdown flow rate instruction includes: First random number;Authentication module is instructed, it is described if first random number is random for judging whether first random number is random Increase blowdown flow rate instruction is legal, and that supplements equipment described in reception with money supplements operation with money;The increase blowdown flow rate instruction also includes:Decryption corresponding to the encrypted cipher text of special authentication code and blowdown flow rate instruction is close Key, IC-card also include:Authentication code obtains module, for the encrypted cipher text to be decrypted according to the decruption key, the after being decrypted One special authentication code;Authentication code comparison module, for the special authentication code stored in the described first special authentication code and IC-card to be carried out to frequently Compared with if both are inconsistent, certification does not pass through;If the first special authentication code is consistent with the special authentication code stored in IC-card, the special certification code authentication leads to Cross.
- 6. IC-card according to claim 5, it is characterised in that the instruction authentication module includes:Random number comparison sub-module, for by first random number compared with supplementing the random number of operation with money before;Random number determination sub-module, for confirming whether first random number is random according to comparative result:If described first Random number and the coding for supplementing the nonces match of operation with money before or first random number is fixation, then described first is random Number is not random, and the increase blowdown flow rate instruction is illegal.
- 7. IC-card according to claim 5, it is characterised in that also include:Sending module is received, for receiving the acquisition random number instruction supplemented equipment with money and issued, the second random number is generated, by institute State the second random number send back it is described supplement equipment with money, for generating the first check code subsidiary in the increase blowdown flow rate instruction.
- 8. IC-card according to claim 7, it is characterised in that also include:Comparison module is verified, after receiving the increase blowdown flow rate instruction supplemented equipment with money and issued, by described first Check code is compared with the check code that IC-card internal calculation obtains, if both are equal, verification passes through;If both are unequal, verify and do not pass through.
- 9. a kind of method that IC-card blowdown data are reduced, it is characterised in that including:Receive blowdown control terminal issue reduce blowdown flow rate instruction, it is described reduce blowdown flow rate instruction include:It is 3rd random number, attached Raise the price, the 3rd random number and the extra-code are used to produce the second verification when supplementing blowdown control terminal ESAM with money Code;Judge whether remaining sum is sufficient in IC-card, if sufficient, generate the 4th random number, if insufficient, do not generate random number;The blowdown data, the 4th random number and the second special authentication code reduced are encrypted to obtain encrypted cipher text, according to 3rd random number carries out MAC to the extra-code and the encrypted cipher text and is calculated the second check code, the extra-code, The encrypted cipher text and second check code are formed to be instructed to the blowdown control terminal ESAM increase blowdown flow rates supplemented with money.
- 10. according to the method for claim 9, it is characterised in that also include:Judge whether the 4th random number is random, if the 4th random number is random, the increase blowdown flow rate instruction is closed Method, blowdown control terminal ESAM is carried out supplementing operation with money.
- 11. according to the method for claim 10, it is characterised in that it is described to judge whether the 4th random number is random, including:By the 4th random number compared with supplementing the random number of operation with money before, if both matching or the described 4th with Machine number is fixed coding, then the 4th random number is not random, and the increase blowdown flow rate instruction is illegal.
- 12. according to the method for claim 9, it is characterised in that also include:The encrypted cipher text is decrypted, the special authentication code of second after being decrypted;By the described second special authentication code compared with the special authentication code stored in blowdown control terminal ESAM, if both Inconsistent, then certification does not pass through;If the second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, described special Certification code authentication passes through.
- 13. according to the method for claim 9, it is characterised in that also include:The school that subsidiary second check code obtains with blowdown control terminal ESAM internal calculations during the blowdown flow rate is instructed Test code to be compared, if both are equal, verification passes through;If both are unequal, verify and do not pass through.
- A kind of 14. IC-card realized blowdown data and reduced, it is characterised in that including:Command reception module, instructed for receiving the blowdown flow rate of reducing that blowdown control terminal issues, it is described to reduce blowdown flow rate instruction Including:3rd random number, extra-code, the 3rd random number and the extra-code are used to fill blowdown control terminal ESAM The second check code is produced during value;Random number generation module, for judging whether remaining sum is sufficient in IC-card, if sufficient, the 4th random number is generated, if Deficiency, then do not generate random number;Check code generation module, add for the blowdown data to reducing, the 4th random number and the second special authentication code It is close to obtain encrypted cipher text, MAC is carried out to the extra-code and the encrypted cipher text according to the 3rd random number and is calculated the Two check codes, the extra-code, the encrypted cipher text and second check code form what blowdown control terminal ESAM was supplemented with money Increase blowdown flow rate instruction.
- 15. IC-card according to claim 14, it is characterised in that also include:Authentication module is instructed, it is described if the 4th random number is random for judging whether the 4th random number is random It is legal to increase blowdown flow rate instruction, blowdown control terminal ESAM is carried out supplementing operation with money.
- 16. IC-card according to claim 14, it is characterised in that also include:Random number comparison sub-module, for by the 4th random number compared with supplementing the random number of operation with money before;Random number determination sub-module, for according to comparative result confirm the 4th random number it is whether random, if the 4th random number with Nonces match or the 4th random number for supplementing operation with money before are fixed coding, then the first random number is not random, increase row Dirt amount instruction is illegal.
- 17. IC-card according to claim 14, it is characterised in that also include:Authentication code obtains module, for the encrypted cipher text to be decrypted, the special authentication code of second after being decrypted;Authentication code comparison module, for the described second special authentication code and blowdown to be controlled into the special certification stored in terminal ESAM Code is compared, if both are inconsistent, certification does not pass through;If the second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, described special Certification code authentication passes through.
- 18. IC-card according to claim 14, it is characterised in that also include:Check code comparison module, for second check code subsidiary in the increase blowdown flow rate instruction to be controlled eventually with blowdown The check code that end ESAM internal calculations obtain is compared, if both are equal, verification passes through;If both are unequal, verify and do not pass through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310479322.4A CN104574652B (en) | 2013-10-14 | 2013-10-14 | The increase of IC-card blowdown data, the method reduced and IC-card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310479322.4A CN104574652B (en) | 2013-10-14 | 2013-10-14 | The increase of IC-card blowdown data, the method reduced and IC-card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104574652A CN104574652A (en) | 2015-04-29 |
| CN104574652B true CN104574652B (en) | 2017-12-15 |
Family
ID=53090605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310479322.4A Active CN104574652B (en) | 2013-10-14 | 2013-10-14 | The increase of IC-card blowdown data, the method reduced and IC-card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104574652B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017166059A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Recharging method |
| WO2017166068A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Recharging system |
| WO2017166069A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Recharging system |
| WO2017166060A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Refill method |
| WO2017166061A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Recharging system |
| WO2017166056A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Recharging method |
| WO2017166051A1 (en) * | 2016-03-29 | 2017-10-05 | 李昕光 | Refill method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5396558A (en) * | 1992-09-18 | 1995-03-07 | Nippon Telegraph And Telephone Corporation | Method and apparatus for settlement of accounts by IC cards |
| CN101247188B (en) * | 2008-03-07 | 2011-04-20 | 李慧镝 | Method for remotely managing electronic purse state |
| CN101499196B (en) * | 2008-12-30 | 2011-02-16 | 北京握奇数据系统有限公司 | Ammeter payment method, apparatus and system |
| CN102377566B (en) * | 2010-08-11 | 2014-04-09 | 北京融通高科科技发展有限公司 | Security processing device and system for electric meter data |
-
2013
- 2013-10-14 CN CN201310479322.4A patent/CN104574652B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104574652A (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021203184B2 (en) | Transaction messaging | |
| CN104574652B (en) | The increase of IC-card blowdown data, the method reduced and IC-card | |
| CN107925572B (en) | Secure binding of software applications to communication devices | |
| CN105453483B (en) | For method and apparatus derived from the key based on image | |
| EP3910580A1 (en) | Payment system | |
| EP3608860A1 (en) | Payment system for authorising a transaction between a user device and a terminal | |
| CN104951937A (en) | Authentication method and authentication system among mobile devices | |
| CN105900375A (en) | Efficient methods for protecting identity in authenticated transmissions | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN103888410B (en) | Application identity verification method and system | |
| CN101162535B (en) | Method and system for realizing magnetic stripe card trading by IC card | |
| CN103905196B (en) | A kind of PIN turns encryption method | |
| CN103971241A (en) | Two-channel payment method and system | |
| EP3702991A1 (en) | Mobile payments using multiple cryptographic protocols | |
| US20160132871A1 (en) | Secure redemption code generation for gift cards and promotions | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN101593325A (en) | Secure processing method for financial transaction data, payment platform, portable terminal and system | |
| CN107835172A (en) | Billing information verification method and system, server and computer-readable recording medium | |
| CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof | |
| JP2007298985A (en) | Method for implementing pki application of bank card on computer | |
| CN106961446A (en) | A kind of online transaction system and method | |
| CN116342121A (en) | Vehicle-mounted digital wallet system, control method, computer equipment, medium and terminal | |
| CN114078005A (en) | Payment method, terminal, payment system, and computer-readable storage medium | |
| KR20060019223A (en) | Key delivery method and the system for ic card issuing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |