CN105516181A - Security apparatus management system and method - Google Patents
Security apparatus management system and method Download PDFInfo
- Publication number
- CN105516181A CN105516181A CN201511020872.5A CN201511020872A CN105516181A CN 105516181 A CN105516181 A CN 105516181A CN 201511020872 A CN201511020872 A CN 201511020872A CN 105516181 A CN105516181 A CN 105516181A
- Authority
- CN
- China
- Prior art keywords
- safety
- security
- safety applications
- key group
- safety means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a security apparatus management system and method. The management system comprises a security apparatus, a security server, a security application system, and a terminal. The management method comprises steps that the security apparatus presets a security control secret key group and an apparatus identification number; the security apparatus is connected with the terminal and is separately connected with the security server and the security application system via a SSL protocol; the security server computes the security control secret key group in order to perform bidirectional authentication with the security apparatus for confirming the validities of the security apparatus and the security server; the security server establishes a process secret key group with the security apparatus and sends the process secret key group to the security application system; the security application system receives the security application system and communicates with the security apparatus so as to further create a security application in the security apparatus and generate security application information. The management system and method achieve coordinate management of multiple applications of the security apparatus, improve the security that the security apparatus loads multiple applications, enlarge the application range of the security apparatus, and improve user experience.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of management system and method for safety means.
Background technology
Along with electronic utility is more and more flourishing, the mode that people are undertaken communicating by electronic equipment also gets more and more, external security device uses more and more ordinary as main electronic equipment, while safety means fail safe improves, the many application performances of people to safety means it is also proposed higher requirement.
Safety means great majority of today only support a kind of or minority application, such as, integrated circuit card (IntegratedCircuitCard, IC-card), U shield, electronic access card etc., although some safety means can carry more safety applications, but the loading of many application effectively can not be supported owing to issuing the main body of safety means, user can not load more safety applications easily, more can not ensure the fail safe of the safety means of many application.
Summary of the invention
The object of the invention is the defect for prior art, a kind of management system and method for safety means are provided, to realize many application managements of safety means.
For achieving the above object, first aspect, the invention provides a kind of safety means management system, this management system comprises: safety means, security server, several safety applications system and terminal;
Described safety means, for preset security control key group and equipment identification number;
Described security server, for calculating described security control key group, so that described security server and described safety means carry out two-way authentication;
Described security server, also for described safety means process of establishing key group, and described process key group is sent to described safety applications system;
Described safety applications system, for receiving described process key group, and with described secure device communication, and then found safety applications at described safety means, and generate safety applications information; Wherein, described several safety applications system successively foundes several safety applications;
Described terminal, for connecting described safety means, so that described safety means are connected by SSL with described security server and described safety applications system respectively.
Further, described control key group comprises several difference control object safe key.
Further, described process key group, for the communication of encrypting and described in certification between safety applications system and described safety means.
Further, described safety applications information comprises safety applications identifier, safety applications recognition sequence number and safety applications descriptive information.
Preferably, described security server also for, receive described safety applications information, so that manage described safety applications.
Preferably, described safety applications system also for, security control key is write described safety means, so that delete described safety applications.
Second aspect, the invention provides a kind of safety means management method, it is characterized in that, described management method comprises:
Safety means preset security control key group and equipment identification number;
Described safety means are connected with terminal, and are connected with security server and safety applications system respectively by ssl protocol;
Described security server calculates described security control key group, so that described security server and described safety means carry out two-way authentication, thus confirms the legitimacy of both sides;
Described security server and described safety means process of establishing key group, and described process key group is sent to described safety applications system;
Process key group described in described safety applications system acceptance, and with described secure device communication, and then found safety applications at described safety means, generate safety applications information; Wherein, several described safety applications system successively creates several described safety applications.
Further, process key group described in described safety applications system acceptance, and with described secure device communication, be specially: by receiving described process key group, communication between safety applications system and described safety means described in encryption and certification.
Preferably, after described generation safety applications information, described management method also comprises: described security server receives described safety applications information, so that manage described safety applications.
Preferably, after described generation safety applications information, described management method also comprises: security control key is write described safety means by described safety applications system, so that delete described safety applications.
Advantage of the present invention is by security server and safety means process of establishing key group, and send it to safety applications system, thus make safety applications system found safety applications in safety means, achieve the coordinated management of many application of safety means, improve the fail safe that safety means load many application, add the scope of application of safety means, improve Consumer's Experience.
Accompanying drawing explanation
The structural representation of the management system of the safety means that Fig. 1 provides for the embodiment of the present invention one;
The flow chart of the management method of the safety means that Fig. 2 provides for the embodiment of the present invention two.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Safety means management system of the present invention and method, solve the problem of management that safety means successively load safety applications, achieves many application managements of safety means.
Embodiment one
The structural representation of the management system of the safety means that Fig. 1 provides for the embodiment of the present invention one, as shown in the figure, this system comprises: safety means 101, security server 102, several safety applications system 103 and terminal 104.
Safety means 101, for preset security control key group and equipment identification number.Before safety means 101 are issued, first preset security control key group and equipment identification number, so that security server 102 manages.Wherein, safety means 101 are specially the hardware device supporting safety applications, can comprise intelligent finance card, bracelet and U shield etc.Security control key group comprises several difference and controls object safe key.
Security server 102, for calculating security control key group; The management software be carried on security server 102 has the security control key array of safety means 101, security server 102 calculates the security control key group of safety means 101 by security control key array, so that security server 102 and safety means 101 carry out two-way authentication, thus confirm the legitimacy of both sides.
Security server 102, also for safety means 101 process of establishing key group, and process key group is sent to safety applications system 103; Wherein, the communication of process key group for encrypting and between authentication security application system 103 and safety means 101; Process key group is created in application fourding history, is an effective key in application constructive process.In the process that application system loads, only have safety means 101, security server 102 and safety applications system 103 can procurement process key group, be at each node of terminal 104 and communication network thereof the ciphertext processed.
Safety applications system 103, for receiving the process key group that security server 102 sends, and communicating with safety means 101, so that found safety applications in safety means 101, and generating safety applications information.Wherein, safety applications system 103 can be the online issuance management system of U shield of bank, the online issuance management system of all-purpose card and the online issuance management system of token card etc.Safety applications information comprises safety applications identifier, safety applications recognition sequence number and safety applications descriptive information.Several safety applications system 103 can successively found several safety applications.
Terminal 104, for connecting safety means 101, so that safety means 101 are connected by SSL (SecureSocketsLayer, SSL) agreement with security server 102 and safety applications system 103 respectively.Wherein, terminal 104 can be the application software on PC, the application program (Application, APP) etc. on smart mobile phone or flat board.
Preferably, after safety applications has been founded, security server 102 has received the safety applications information that safety applications system 103 sends, so that tracing management safety applications; Such as, when user upgrades safety means 101, security server can many application of disposable migration safety means 101 easily according to safety applications information.Therefore, security server 102 not only manages safety means, also manages the user of safety means 101, so that the maintenance of relation between user and safety means.
Preferably, safety applications system 103 also for, by security control key write safety means 101 so that delete safety applications.Wherein, security control key only has safety applications system 103 and safety means 101 to have, and safety means 101 can carry out with safety applications system 103 independently alternately.
Preferably, safety means 101 can be supported the foundation that offline secure is applied to arrange password by safety means 101, obtain the control authority of safety means 101, thus load the safety applications of off-line.Such as, safety means 101 can use as the electron key of electronic lock, and distribution key, opens electronic lock.
Safety means 101 are connected by ssl protocol with security server 102 and safety applications system 103 respectively by terminal 104, successively load in the process of different safety applications in safety means management system, by security control key group, safety means 101 and security server 102 carry out two-way authentication, thus confirm that whether the other side is legal; If certification is legal, then security server 102 and safety means 101 process of establishing key group, and process key group is sent to safety applications system 103; Safety applications system 103 accepts the process key group that security server 102 sends, and communicates with safety means 101, thus foundes safety applications in safety means 101, and generates safety applications information.
Safety means management system of the present invention, by security server and safety means process of establishing key group, and sends to safety applications system by process key group; Safety applications system reception process key group, and communicate with safety means, thus safety applications is founded in safety means, solve the problem of management that safety means successively load safety applications, achieve many application managements of safety means, add the scope of application of safety means, improve Consumer's Experience.
Embodiment two
The flow chart of the management method of the safety means that Fig. 2 provides for the embodiment of the present invention two, as shown in the figure, the method comprises the following steps:
Step 201, safety means preset security control key group and equipment identification number.
Particularly, before safety means distribution, prefabricated security control key group and equipment identification number, so that security server manages.Wherein, safety means are specially the hardware device supporting safety applications, can comprise intelligent finance card, bracelet and U shield etc.Security control key group comprises several difference and controls object safe key.
Step 202, safety means are connected with terminal, and are connected with security server and safety applications system respectively by ssl protocol.
Particularly, when the many application carrying out safety means load, safety means are connected with terminal, and are connected with security server and safety applications system respectively by ssl protocol.Wherein, terminal can be the application software on PC, the APP etc. on smart mobile phone or flat board.
Step 203, security server calculates security control key group, so that security server and safety means carry out two-way authentication.
Particularly, the management software loaded on the secure server has the security control key array of safety means, security server calculates the security control key group of safety means by security control key array, so that security server and safety means carry out two-way authentication, thus confirm the legitimacy of both sides.
Step 204, security server and safety means process of establishing key group, and process key group is sent to safety applications system.
Particularly, security server and safety means are communicated to connect by ssl protocol, process of establishing key group, and the process key group of foundation is sent to safety applications system.Wherein, the communication of process key group for encrypting and between authentication security application system and safety means; Process key group is created in application fourding history, is an effective key in application constructive process.In the process that application system loads, only have safety means, security server and safety applications system can procurement process key group, each node of terminal and communication network thereof be the ciphertext processed.
Step 205, safety applications system acceptance process key group, and then found safety applications at safety means, generate safety applications information.
Particularly, the process key group that safety applications system acceptance security server sends, encryption and the communication between authentication security application system and safety means, and then found safety applications at safety means, generate safety applications information.Wherein, safety applications system can be the online issuance management system of U shield of bank, the online issuance management system of all-purpose card and the online issuance management system of token card etc.Safety applications information comprises safety applications identifier, safety applications recognition sequence number and safety applications descriptive information.Several safety applications system can successively create several safety applications.
Preferably, after generation safety applications information, the management method of safety means also comprises: security server receives safety applications information, so that tracing management safety applications.Such as, when user upgrades safety means, security server can many application of disposable migration safety means easily according to safety applications information.Therefore, security server not only manages safety means, also manages the user of safety means, so that the maintenance of relation between user and safety means.
Preferably, after generation safety applications information, the management method of safety means also comprises: safety applications system is by security control key write safety means, so that deletion safety applications.Wherein, security control key only has safety applications system and safety means to have, and safety means can carry out with safety applications system independently alternately.
The management method of safety means of the present invention, security server and safety means carry out two-way authentication, and process of establishing key group, process key group is sent to safety applications system by security server; Safety applications system reception process key group, and communicate with safety means, and safety applications is founded in safety means, thus solve the problem of management that safety means successively load different full application, achieve the coordinated management of many application of safety means, add the scope of application of safety means, improve Consumer's Experience.
Professional should recognize further, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two, in order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
The software module that the method described in conjunction with embodiment disclosed herein or the step of algorithm can use hardware, processor to perform, or the combination of the two is implemented.Software module can be placed in the storage medium of other form any known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only the specific embodiment of the present invention; the protection range be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a safety means management system, is characterized in that, described management system comprises: safety means, security server, several safety applications system and terminal;
Described safety means, for preset security control key group and equipment identification number;
Described security server, for calculating described security control key group, so that described security server and described safety means carry out two-way authentication;
Described security server, also for described safety means process of establishing key group, and described process key group is sent to described safety applications system;
Described safety applications system, for accepting described process key group, and with described secure device communication, and then found safety applications on described safety means, and generate safety applications information; Wherein, described several safety applications system successively foundes several safety applications;
Described terminal, for connecting described safety means, so that described safety means are connected by SSL with described security server and described safety applications system respectively.
2. management system according to claim 1, is characterized in that, described control key group comprises several difference and controls object safe key.
3. management system according to claim 1, is characterized in that, described process key group, for the communication of encrypting and described in certification between safety applications system and described safety means.
4. management system according to claim 1, is characterized in that, described safety applications information comprises safety applications identifier, safety applications recognition sequence number and safety applications descriptive information.
5. management system according to claim 1, is characterized in that, described security server also for, receive described safety applications information, so that manage described safety applications.
6. management system according to claim 1, is characterized in that, described safety applications system also for, security control key is write described safety means, so that delete described safety applications.
7. a safety means management method, is characterized in that, described management method comprises:
Safety means preset security control key group and equipment identification number;
Described safety means are connected with terminal, and are connected with security server and safety applications system respectively by ssl protocol;
Described security server calculates described security control key group, so that described security server and described safety means carry out two-way authentication, thus confirms the legitimacy of both sides;
Described security server and described safety means process of establishing key group, and described process key group is sent to described safety applications system;
Described safety applications system accepts described process key group, and with described secure device communication, and then found safety applications at described safety means, generate safety applications information; Wherein, several described safety applications system successively creates several described safety applications.
8. management method according to claim 7, it is characterized in that, described safety applications system accepts described process key group, and with described secure device communication, be specially: by accepting described process key group, communication between safety applications system and described safety means described in encryption and certification.
9. management method according to claim 7, is characterized in that, after described generation safety applications information, described management method also comprises: described security server receives described safety applications information, so that manage described safety applications.
10. management method according to claim 7, it is characterized in that, after described generation safety applications information, described management method also comprises: security control key is write described safety means by described safety applications system, so that delete described safety applications.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020872.5A CN105516181A (en) | 2015-12-29 | 2015-12-29 | Security apparatus management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020872.5A CN105516181A (en) | 2015-12-29 | 2015-12-29 | Security apparatus management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105516181A true CN105516181A (en) | 2016-04-20 |
Family
ID=55723817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511020872.5A Pending CN105516181A (en) | 2015-12-29 | 2015-12-29 | Security apparatus management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516181A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6390374B1 (en) * | 1999-01-15 | 2002-05-21 | Todd Carper | System and method for installing/de-installing an application on a smart card |
| CN1523513A (en) * | 2003-09-11 | 2004-08-25 | 上海格尔软件股份有限公司 | IC card on-line applications adding method |
| KR20080025869A (en) * | 2006-09-19 | 2008-03-24 | 주식회사 케이티 | System for installing ic card application and method thereof |
| CN101500224A (en) * | 2008-01-31 | 2009-08-05 | 中国移动通信集团公司 | Multi-application management server for telecommunication smart card, multi-application management method and system |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
| CN102103651A (en) * | 2009-12-21 | 2011-06-22 | 中国移动通信集团公司 | Method and system for realizing all-purpose card system and smart card |
| KR20110084864A (en) * | 2011-06-27 | 2011-07-26 | 주식회사 비즈모델라인 | Method for loading data(or application) for ic card by using network |
| CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
| CN103778448A (en) * | 2012-10-25 | 2014-05-07 | 中国银联股份有限公司 | Multi-application smart card management system and method |
| CN104348951A (en) * | 2013-07-24 | 2015-02-11 | 北京握奇数据系统有限公司 | Card application management system |
| CN105160776A (en) * | 2015-09-09 | 2015-12-16 | 建亿通(北京)数据处理信息有限公司 | City card, business platform, card business system and realization method |
-
2015
- 2015-12-29 CN CN201511020872.5A patent/CN105516181A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6390374B1 (en) * | 1999-01-15 | 2002-05-21 | Todd Carper | System and method for installing/de-installing an application on a smart card |
| CN1523513A (en) * | 2003-09-11 | 2004-08-25 | 上海格尔软件股份有限公司 | IC card on-line applications adding method |
| KR20080025869A (en) * | 2006-09-19 | 2008-03-24 | 주식회사 케이티 | System for installing ic card application and method thereof |
| CN101500224A (en) * | 2008-01-31 | 2009-08-05 | 中国移动通信集团公司 | Multi-application management server for telecommunication smart card, multi-application management method and system |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
| CN102103651A (en) * | 2009-12-21 | 2011-06-22 | 中国移动通信集团公司 | Method and system for realizing all-purpose card system and smart card |
| KR20110084864A (en) * | 2011-06-27 | 2011-07-26 | 주식회사 비즈모델라인 | Method for loading data(or application) for ic card by using network |
| CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
| CN103778448A (en) * | 2012-10-25 | 2014-05-07 | 中国银联股份有限公司 | Multi-application smart card management system and method |
| CN104348951A (en) * | 2013-07-24 | 2015-02-11 | 北京握奇数据系统有限公司 | Card application management system |
| CN105160776A (en) * | 2015-09-09 | 2015-12-16 | 建亿通(北京)数据处理信息有限公司 | City card, business platform, card business system and realization method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101527633B (en) | Method for intelligent key devices to obtain digital certificates | |
| CN100469000C (en) | System and method for creating a secure network using identity credentials of batches of devices | |
| CN107396360A (en) | Block verification method and device | |
| CN106785146A (en) | The charging method and system of the electric automobile charging pile with bluetooth | |
| CN101803331A (en) | Method and system for accessing devices in a secure manner | |
| CN112217793B (en) | Cross-system trust management system suitable for power Internet of things | |
| CN103400269A (en) | Smart community home gateway-based safety payment method | |
| CN103152732B (en) | Cloud password system and operation method thereof | |
| CN105915338A (en) | Key generation method and key generation system | |
| CN109063450B (en) | Control method of safe storage medium, safe storage medium and system | |
| CN103179176B (en) | The call method that web applies under cloud/cluster environment, device and system | |
| CN102202306A (en) | Mobile security authentication terminal and method | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN105704092A (en) | User identity authentication method, device and system | |
| CN106696749A (en) | Charging method and system for electric automobile charging pile with Zigbee | |
| CN105337967A (en) | Method and system for achieving target server logging by user and central server | |
| CN106127888A (en) | Smart lock operational approach and smart lock operating system | |
| CN107819766B (en) | Security authentication method, system and computer readable storage medium | |
| CN104579659A (en) | Device for safety information interaction | |
| CN105119933A (en) | Processing method of online transaction with multiple mobile terminals | |
| CN104850996A (en) | External security equipment-based transaction method, system and server | |
| CN105516181A (en) | Security apparatus management system and method | |
| CN103581202B (en) | The trade company of identity-based authentication platform makes board cross-certification method | |
| CN105101178A (en) | Business process method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160420 |