CN105893830B - Student's IC card business management method - Google Patents

Student's IC card business management method Download PDF

Info

Publication number
CN105893830B
CN105893830B CN201610196614.0A CN201610196614A CN105893830B CN 105893830 B CN105893830 B CN 105893830B CN 201610196614 A CN201610196614 A CN 201610196614A CN 105893830 B CN105893830 B CN 105893830B
Authority
CN
China
Prior art keywords
card
key
file
root
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610196614.0A
Other languages
Chinese (zh)
Other versions
CN105893830A (en
Inventor
刘林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Yinshida Information Technology Co Ltd
Original Assignee
Chengdu Yinshida Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Yinshida Information Technology Co Ltd filed Critical Chengdu Yinshida Information Technology Co Ltd
Priority to CN201610196614.0A priority Critical patent/CN105893830B/en
Publication of CN105893830A publication Critical patent/CN105893830A/en
Application granted granted Critical
Publication of CN105893830B publication Critical patent/CN105893830B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Toxicology (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of student's IC card business management method, this method includes:Two key seeds are connected to form system root key, are saved in the card key file of root key basis;The bases IC card is derived by root key basis card, key is provided by the bases IC card, student's IC card is initialized and writing operation.The present invention proposes a kind of student's IC card business management method, there is very big promotion on card functionality and safety, ensure that student's convenience in the activity of school, improves the working efficiency and the level of IT application of education department.

Description

Student's IC card business management method
Technical field
The present invention relates to IC card, more particularly to a kind of student's IC card business management method.
Background technology
In Internet of Things evolution, IC card technology is the technology of identification terminal object, is the technology being most widely used. Encrypting IC card have portable, good compatibility, vast capacity, it is highly stable the features such as.Present e-commerce, E-Government gradually at For Internet era application field the most popular when, safety problem becomes the most prominent.Manufacture, logistics, finance, Many fields such as traffic, tourism all employ encrypting IC card technology, greatly improve the working efficiency of people, have been more convenient people Life.In educational system, all workers and student come in and go out with student's IC card in school, activity, consumption, registration, also Transferring accounts for student's IC card can be snapped by the terminal of school to carry out bank, greatly facilitate teaching and administrative staff and student life and Study, while also improving the working efficiency and the level of IT application of each department of school.Student's IC card system is that school control determines The function of plan replenishment system is the important means of campus informatization acquisition.However the function of encrypting IC card cannot be satisfied and increasingly increase The system on chip of long needs, especially encrypting IC card is urgently promoted from functional and safety.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of student's IC card business management method, Including:
Two key seeds are connected to form system root key, are saved in the card key file of root key basis;By described Root key basis card derives the bases IC card, provides key by the bases IC card, is initialized to student's IC card and writing operation.
Preferably, the initialization further comprises that following procedure, IC card default setting have root and card master control close Key provides key by the bases IC card:
1) certification IC card initiating master key;
2) it wipes root and rebuilds, establish key file;
3) IC basis cards and certification card password are verified, certification card is used in combination to be authenticated basis card;
4) IC card sequence number is imported into basis card, is blocked by basis and divides the export sub- control key of the IC card in plain text, ciphertext is drawn Point mode exports IC card protection key;
5) the sub- control key of IC card is written under IC card root with clear-text way in key file;
6) key is protected to do key file under encipherment protection write-in IC card root with the sub- control key of card IC card In;
7) it establishes and is written each data file under root and apply catalogue;
Also, the writing of the IC card snaps past journey and further comprises:
1) data file under root is updated under the protection that card protects key;
2) card sequence number is transmitted to encryption equipment, the IC card slice, thin piece control key is generated inside encryption equipment;
3) key file is created under the application catalogue, and son control will be applied under the protection of the sub- control key of card Key file is written in key;
4) IC card application son protection key is generated inside encryption equipment, is used in combination using the encryption outflow of sub- control key;
5) it will apply son protection key that key file is written in IC card;
6) outflow is encrypted to master key using sub- control key with the IC card inside encryption equipment;
7) key file is written into master key in IC card;
8) it establishes and is written using each data file under catalogue.
Preferably, the division of the plaintext and ciphertext further comprises:
The division data that the master key MK of double length of one 16 byte is handled to 8 byte lengths, therefrom derive one The sub-key DK of the double length of 16 bytes;AES encryption operation is carried out using the division data of MK pairs of 16 bit lengths of master key;To 16 The division data of length are negated to obtain input data, then carry out AES encryption operation to input data with master key DK.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of student's IC card business management method, has on card functionality and safety and carries greatly very much It rises, ensure that student's convenience in the activity of school, improve the working efficiency and the level of IT application of education department.
Description of the drawings
Fig. 1 is the flow chart of student's IC card business management method according to the ... of the embodiment of the present invention.
Specific implementation mode
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of student's IC card business management method.Fig. 1 is according to the ... of the embodiment of the present invention Student's IC card business management method flow chart.
The present invention is the cipher key system and security system framework for the system on chip that student's IC card is encrypted to contactless CPU It realizes, proposes the security management mechanism and certification and discrimination process of file.
The internal structure of encrypting IC card has CPU, control memory and interface.CPU is responsible for executing order and operation, control are deposited Reservoir includes random access memory ram, read only memory ROM and electric erasable program storage EEPROM, and EEPROM is used for storing Card issuer and the side of holding for information about and apply data, interface is then the port of card and PERCOM peripheral communication.
The software architecture of encrypting IC card is made of following four functional unit.Communications management unit manages card Data between card reader communicate, it is ensured that the integrality of data transmission;Security managing unit is carried out to the data to be transmitted Encryption and decryption, the discriminating of encrypting IC card control the access control power of file;Instruction Interpretation unit is the finger to being received from outside Order judges integrality and other units is called to be further processed, and processing structure is finally returned to communications management unit, text Establishment and read-write of the part administrative unit management to various files.
Software and hardware resource is dispatched and distributed to the system on chip of student's IC card, is carried out to the system on chip of encrypting IC card The processing of initialization and instruction.Since powering on card, the reception of the pending datas such as card interface is opened, is received subsequently into cycle The process of data constantly asks whether to receive the selection instruction that card reader is sent, if having received effectively selection instruction, Then system on chip initializes performing environment, and initialization files system selects root master file, and then host process is to communications Unit sends response selection signal, and card reader receives the initialized returning response of system on chip, and card will be selected.It is logical Believe that transmission unit opens data input output ports, block number evidence, which is combined to form complete data, according to communications protocol is put into Buffering area is received and dispatched, and data block is carried out to judge its integrality.After communications unit has received data, it is transmitted to instruction Interpretation unit, at this moment the system on chip of encrypting IC card will start command process flow.Etc. instruction process units be disposed, lead to The result of processing will be returned to card reader by letter transmission unit.Flow can recycle the reception to wait for the arrival of news, then be referred to again The processing of order, the after the power-up a plurality of instruction of single treatment.
Encrypting IC card and card reader are communicated in the form of instruction, and card reader sends out instruction, encrypting IC card reception refers to It enables, it is this by the way of repeat-back, return to response result after having handled the instruction of reception.In the system architecture of student's IC card In, instruction process unit is made of instruction processing unit and instruction interpreter two parts, and instruction interpreter is received from transmission unit After director data, by call instruction processor and the responsible judgement to instructing processing environment, if instruction processing unit is in normal shape Under state, instruction processing unit will start and according to command mappings entrance, then execute and operate and return the result accordingly.
Command process is divided into command interpretation and command process, and command interpretation part is for checking card mode, update number According to state, application state and update random number.Subsequently into command process part it is called according to instruction execution entrance is found He is operated unit accordingly.
In terms of data I/O, carry out transmission data using block chain mode, the data of transmitting-receiving are stored in the RAM of long 256 byte longs In, data block is divided into three parts, including starts domain, information field and terminate domain.Start domain by card identifier, protocol integrated test system word, section Dot address NAD is constituted.What information field included is order data.What end domain included is error detecting code, is to start domain and information The check results in domain.
The I/O flows of system application data further comprise:System receives and data is transmitted to layer order after data, orders Layer just handles according to command process flow and generates reply data, these data will be placed in transmitting-receiving buffering area, then be led Process calls transmission unit, starts data transmission flow, and communications unit opens data sending terminal mouth, checks data and judges Sending method just assembles data block and protocol integrated test system word is added and card identifier is sent if sent without block chain;Such as Fruit is sent in a manner of block chain, then first calculation block chain number, is sent with the assembling of maximum length data block, then cycle assembling and It sends until data are all sent.
The file system of system on chip carries out multi-zone supervision using tree, independent between each catalogue.File system is divided into Root, object directory and application catalogue file this three-level catalogue.The file storage of card is exactly that the file of logical construction is reflected It is mapped in EEPROM.Storage organization includes in card:The storage of the storage and file chain of single file.
The storage of single file refers to data structure of the single file object in card, is used for the storage to single file And management.The storage of single file is divided into two parts.File description block is used for recording the information such as the attribute of file, contains pair The description of application file is managed by system on chip and is safeguarded.File body is the data information portion of file.For object directory File, file body contain all subfile object informations;For applying catalogue file, file body to contain actual application number According to.File body is the specific object of file system management.
File chain is also logically tree.File chain only realizes unidirectional function of search.Realize that file chain includes:
The Initial Entry of file automatically selects root after card electrification reset, subsequently into file system;Same level text The relationship of part, for safeguarding the relationship of same level file;The relationship of object directory file and subfile.For safeguarding front and back level Direct relationship.
The initial address of root file preassigns in system on chip, such as first or the n-th data of EEPROM Block regards the initial address of root file description block, when root is selected then to enter from specified address automatically.Under same layer File be all according to file creation time successively in storage space Coutinuous store, the file chain of same level file and father The file chain of sublayer has explicit connection and implicit two kinds of connection.
Explicit connection refers to that the address of next file under same level is recorded in file description block, when traversing file With regard to being accessed using this pointer.In object directory file, file description block records the starting point of first file in sublayer Location can thus link up the file chain of different layers.
The file of different relationships is defined by the system on chip of encrypting IC card and is explained the mode of positioning in hiding link, leads to Often be exactly memory space carrys out continuous dispensing by block, and the then not no file data blocks of free time between each file, the initial address of block is just As the initial address of file, the space of subfile is distributed since the initial address of father file, as long as passing through file description block The file size of record can calculate the initial address of next file, then traverse file.
The space structure of file is divided into the space structure of file description block and the space structure of file body.So root and Object directory can be designed as identical file space structure.Master file root is the root of file system, in file system Have in system and only there are one, root file is created first in initialization, and all effective in entire card life span.
Transparent binary file is most basic file inside student's IC card file system, the file description of space structure Control word is 0xFF in block, and file body then stores continuous byte stream.
The system on chip security system for student's IC card that the present invention designs includes:State machine unit, security attribute unit, peace Full mechanism unit, four part of cryptographic algorithm unit composition.
State machine unit is also referred to as safe condition unit, it refers to the security level that card is presently in.Encrypting IC card System on chip stores current safe condition, the safe shape of low four expressions current application of register with a register State, the safe condition of high four expressions root.Security attribute be exactly certain file operation is carried out to need condition to be achieved, and this Permission when kind condition is exactly file access, what permission was just set when file is established.The visit of the system on chip of encrypting IC card Permission is asked with a section to describe.If the permission of the reading of file is LR, the safe condition of current application will meet Condition be:L > M > R;If setting file forbids accessed permission, defines current security attribute LR and meet L>R.
System on chip changes safe condition by external authentication and verification password two ways, under application file catalogue It can only be changed with verification password mode.Any type safe condition can jump to another safe condition.If catalogue is more Change, then safe condition is set to 0, under new catalogue, creates key file and is not limited by directory creating permission, in key text In part, first key is loaded equally not by the mechanism of restriction.
System on chip is using one of following two symmetric key encryption algorithms.
1) first, ciphertext is divided into 64 plaintexts of multistage, carries out piecewise encryption, then does unrelated with key Then initial transformation processing carries out the structure of transformation 16 times in total iteration, carries out phase with 56 different keys every time Same iteration, after each iteration is complete, 28, a left side for key and 28, the right side all cyclic shifts form key next time, when 16 times After iteration is complete, result finally, then is carried out a restoring transformation and just obtained by 32, a left side result and right 32 transpositions 64 ciphertexts, restoring transformation are exactly the inverse transformation of initial transformation.
2) the different keys in aes algorithm are represented using K, X is represented in plain text, and Y represents ciphertext, therefore is formulated For:
Ciphering process:Y=AES (KL) [AES-1(KR)[AES(KL[X])]]
Decrypting process:X=AES-1 (KL) [AES (KR) [AES-1(KL[Y])]]
Wherein AES () indicates the ciphering process of aes algorithm;AES-1() indicates the decrypting process of aes algorithm;
The security attribute of file is shown in the control mode of the operation and access to file.Just to the mode of operation of file It is that definition allows which operation, such as the establishment of file, deletion, read and write operation carried out to file when document creation, And for key file, read operation cannot be defined.The control mode of access is exactly must when accessing to file Access rights as defined in must meeting.
In order to ensure that the safety of encrypting IC card and external information transmission, the system on chip of encrypting IC card also provide safety report Text transmission, secure packet forwarding can be to the integrality of data, reliability and the certification of sender.Ensured using message authentication code The integrality of data and certification to sender, then ensure that the encryption of information field the reliability of data.
Message authentication code is function disclosed in key and message content, and exports the data block for fixed length.Assuming that I is to disappear Content is ceased, K is key, and M is the algorithm for generating message authentication code, then message authentication code MAC=M (I, K).Only in the complete phases of I With in the case of, identical message authentication code value can be just produced, so message authentication code can differentiate the integrality of message.Safety The transmission of message has following two modes:
(1) sender first carries out message authentication code operation to data and obtains the message authentication code value of 4 bytes, is attached to Behind data and send recipient to, recipient also carries out message authentication code operation to data after receiving and obtains message authentication code Value, and be compared with the subsequent message authentication code value of data is attached to, if the same receive data.
(2) AES encryption first is carried out to data before transmission data and forms ciphertext, message authentication code operation then is carried out to ciphertext Obtain message authentication code value, data after the receipt first to ciphertext carry out message authentication code operation obtain message authentication code value and with hair The message authentication code value for the side of sending is compared, and is if the same received and is carried out AES and decrypts to obtain in plain text.
In order to verify the legitimacy of card user, the present invention verifies the identity letter of user by the way of personal password Breath, be corresponding with verification instruction in encrypting IC card, the use for verifying instruction be by verify password integrality input by user come Determine the legitimacy of card user.After personal password completes to input, if password is correct, change the value of safe condition register As the safe condition of password key, and resetting password error counter;If password bad, just password is allowed wrong Number accidentally subtracts 1, but if input error password number is more than the number allowed, personal identification number will be locked, and be locked Fixed password can only be restored by unlock instruction.
The process for verifying personal password is as follows:Card user inputs personal password by keyboard first, then card reader pair It carries out coding and issues card, just carries out message authentication code verifying to the data in data field after receiving instruction and decrypts, if Obtained personal identification number and the personal identification number stored in file are compared, safe condition is then set as personal if as a result consistent The safe condition of password simultaneously resets error counter, returns to the successful code of password authentification.
When card reader is to encrypting IC card certification, card reader and encrypting IC card are recognized by internal authorization instruction to carry out inside Card, card reader inside, which generates random number and the key of storage, can carry out data authentication.The process of certification is:Encrypting IC card first In key pair need certification data carry out AES encryption obtain authentication data, then returned authentication data as reply data AES decryption is carried out back to card reader and verification is compared with authentication data.
When verifying card reader by card, the process of certification is:Card reader first generates random number, then passes through external authentication Key is encrypted, and issues encrypting IC card according still further to external command coded format, encrypting IC card corresponding secret key is to data deciphering And compared with the random number of storage, identical, certification passes through, if it is different, then authentification failure, returns to error code.
Key management is divided into two parts:A part is by being responsible for the generation and management of key, another portion in terms of bank Dividing is generated and is managed by the cipher key system of school side.
There are private key, management key, three kinds of shared key in key management system.Encrypting IC card generate private key and Shared key is stored in the card of the bases encryption IC, and for carrying out campus consumption, encrypting IC card can also be generated for other transaction Protect key.Management key can be divided into protection key and authentication key, the former is used for the encipherment protection of encrypting IC card, and the latter is used for To card reader certification.
Key is divided into different zones before transmission, in the case where key is intercepted, can still pass through the algorithm To give key for change.Key partitioning algorithm is to be used for handling drawing for 8 byte lengths by the master key MK of double length of 16 bytes Divided data therefrom derives the sub-key DK of the double length of 16 bytes.
The left-hand component of sub-key DK is derived as:AES is carried out using the division data of MK pairs of 16 bit lengths of master key to add Close operation;Deriving the process of sub-key DK right half parts is:First the division data of 16 bit lengths are negated to obtain input number According to then carrying out AES encryption operation to input data with master key DK.
During root key generates, first, 16 seed A and seed B is inputted by school, seed A and B are carried out respectively It compresses and carries out series connection and form system root key, and be saved in IC card key file in the form of plaintext divides export key, this Card is key basis card, and thus basis card derives from other all card keys.To prevent basis card damage, seed A and B Should backup preservation, to regenerate basic card.
The present invention uses two-stage basis card key system, root key basis card, then derives IC bases by root key basis card Plinth card.
Khaki certification card is write while writing basis card, basis card and basic card certification card when in use must input ports It enables, after password passes through, basis, which is stuck in after certification card certification, can support export cipher key function.
IC card default setting has root and a card master control key, i.e., card master control key, initialization procedure can only It is completed in safety zone.Initialization provides key by the bases IC card, and flow is as follows:
1) certification IC card initiating master key;
2) it wipes root and rebuilds, establish key file, length wants that 2 16 byte keys can be preserved;
3) IC basis cards and certification card password are verified, certification card is used in combination to be authenticated basis card;
4) IC card sequence number is imported into basis card, is blocked by basis and divides the export sub- control key of the IC card in plain text, ciphertext is drawn Point mode exports IC card protection key;
5) the sub- control key of IC card is written under IC card root with clear-text way in key file;
6) key is protected to do key file under encipherment protection write-in IC card root with the sub- control key of card IC card In;
7) it establishes and is written each data file under root and apply catalogue.
IC card writes card, connects encryption equipment, and key plain can only occur in encryption equipment, and flow is as follows:
1) data file under root is updated under the protection that card protects key;
2) card sequence number is transmitted to encryption equipment, the IC card slice, thin piece control key is generated inside encryption equipment;
3) key file is created under the application catalogue, and son control will be applied under the protection of the sub- control key of card Key file is written in key;
4) IC card application son protection key is generated inside encryption equipment, is used in combination using the encryption outflow of sub- control key;
5) it will apply son protection key that key file is written in IC card;
6) outflow is encrypted to master key using sub- control key with the IC card inside encryption equipment;
7) key file is written into master key in IC card;
8) it establishes and is written using each data file under catalogue.
In conclusion the present invention proposes a kind of student's IC card business management method, on card functionality and safety There is very big promotion, ensure that student's convenience in the activity of school, improve the working efficiency and the level of IT application of education department.
Obviously, it should be appreciated by those skilled in the art each units or each step of, the above-mentioned present invention can be with general Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, optionally, they can be realized with the program code that computing system can perform, it is thus possible to they are stored It is executed within the storage system by computing system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing Change example.

Claims (2)

1. a kind of student's IC card business management method, which is characterized in that including:
Two key seeds are connected to form system root key, are saved in the card key file of root key basis;It is close by described Key basis card derives the bases IC card, provides key by the bases IC card, is initialized to student's IC card and writing operation;
The initialization further comprises that following procedure, IC card default setting have root and card master control key, by the bases IC Card provides key:
1) the initial card master control key of certification IC card;
2) it wipes root and rebuilds, establish key file;
3) IC basis cards and certification card password are verified, certification card is used in combination to be authenticated basis card;
4) IC card sequence number is imported into basis card, the sub- control key of card for dividing export IC card in plain text is blocked by basis, ciphertext is drawn Point mode exports IC card protection key;
5) the sub- control key of card is written under IC card root with clear-text way in key file;
6) key is protected to be done under encipherment protection write-in IC card root in key file with the sub- control key of card IC card;
7) it establishes and is written each data file under root and apply catalogue;
Also, the writing of the IC card snaps past journey and further comprises:
1) data file under root is updated under the protection that card protects key;
2) card sequence number is transmitted to encryption equipment, the sub- control key of the card is generated inside encryption equipment;
3) key file is created under the application catalogue, and sub- control key will be applied under the protection of the sub- control key of card Key file is written;
4) IC card application son protection key is generated inside encryption equipment, is used in combination using the encryption outflow of sub- control key;
5) it will apply son protection key that key file is written in IC card;
6) outflow is encrypted to master key using sub- control key with the IC card inside encryption equipment;
7) key file is written into master key in IC card;
8) it establishes and is written using each data file under catalogue.
2. according to the method described in claim 1, it is characterized in that, the division of the plaintext and ciphertext further comprises:
The division data that the master key MK of double length of one 16 byte is handled to 8 byte lengths, therefrom derive 16 words The sub-key DK of the double length of section;AES encryption operation is carried out using the division data of MK pairs of 16 bit lengths of master key;To 16 bit lengths Division data negated to obtain input data, AES encryption operation then is carried out to input data with master key DK.
CN201610196614.0A 2016-03-31 2016-03-31 Student's IC card business management method Active CN105893830B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610196614.0A CN105893830B (en) 2016-03-31 2016-03-31 Student's IC card business management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610196614.0A CN105893830B (en) 2016-03-31 2016-03-31 Student's IC card business management method

Publications (2)

Publication Number Publication Date
CN105893830A CN105893830A (en) 2016-08-24
CN105893830B true CN105893830B (en) 2018-08-21

Family

ID=57011755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610196614.0A Active CN105893830B (en) 2016-03-31 2016-03-31 Student's IC card business management method

Country Status (1)

Country Link
CN (1) CN105893830B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150504A (en) * 2017-06-14 2019-01-04 深圳市中兴微电子技术有限公司 A kind of method that realizing data transmission and processing and Advanced Encryption Standard system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501322A (en) * 2002-11-15 2004-06-02 上海市社会保障和市民服务信息中心上 A personalized method for making identification card adaptive for the need of issuing card in batch
CN1527532A (en) * 2003-03-07 2004-09-08 江门市亿业科技有限公司 Cipher key creating and distributing method and the computer network system therewith
CN101339678A (en) * 2008-08-12 2009-01-07 深圳市思达仪表有限公司 Pre-payment meter key management system
CN101739758A (en) * 2008-11-18 2010-06-16 中兴通讯股份有限公司 Method for encrypting and decrypting smart card, system and reader-writer
CN103580872A (en) * 2013-11-11 2014-02-12 北京华大智宝电子系统有限公司 System and method for generating and managing secret key
CN105321261A (en) * 2014-07-18 2016-02-10 北京市燃气集团有限责任公司 Automobile gas filling secret key management system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501322A (en) * 2002-11-15 2004-06-02 上海市社会保障和市民服务信息中心上 A personalized method for making identification card adaptive for the need of issuing card in batch
CN1527532A (en) * 2003-03-07 2004-09-08 江门市亿业科技有限公司 Cipher key creating and distributing method and the computer network system therewith
CN101339678A (en) * 2008-08-12 2009-01-07 深圳市思达仪表有限公司 Pre-payment meter key management system
CN101739758A (en) * 2008-11-18 2010-06-16 中兴通讯股份有限公司 Method for encrypting and decrypting smart card, system and reader-writer
CN103580872A (en) * 2013-11-11 2014-02-12 北京华大智宝电子系统有限公司 System and method for generating and managing secret key
CN105321261A (en) * 2014-07-18 2016-02-10 北京市燃气集团有限责任公司 Automobile gas filling secret key management system

Also Published As

Publication number Publication date
CN105893830A (en) 2016-08-24

Similar Documents

Publication Publication Date Title
US20180309735A1 (en) Systems and methods for decryption as a service via a hardware security module
US7257708B2 (en) Steganographic authentication
CN101018127B (en) Remote access system, gateway, client device, program, and storage medium
US8572372B2 (en) Method for selectively enabling access to file systems of mobile terminals
CN1889426B (en) Method and system for realizing network safety storing and accessing
US20080089517A1 (en) Method and System for Access Control and Data Protection in Digital Memories, Related Digital Memory and Computer Program Product Therefor
US9256210B2 (en) Safe method for card issuing, card issuing device and system
US20070165860A1 (en) Method for issuing ic card storing encryption key information
CN104380652A (en) Multi-issuer secure element partition architecture for NFC enabled devices
CN105612715A (en) Security processing unit with configurable access control
CN1954345B (en) Smart card data transaction system and method for providing storage and transmission security
CN104484628B (en) It is a kind of that there is the multi-application smart card of encrypting and decrypting
KR20120112598A (en) Implementing method, system of universal card system and smart card
CN106682521B (en) File transparent encryption and decryption system and method based on driver layer
CN101120356A (en) Control structure for versatile content control and method using structure
CN108737079B (en) Distributed quantum key management system and method
KR20240026922A (en) Cryptographic authentication to control access to storage devices
TW201426395A (en) Data security system and method
CN105893830B (en) Student's IC card business management method
JPH10200522A (en) Ic card use enciphering method, system therefor and ic card
CN100550735C (en) The method of multifunction intelligent key equipment and security control thereof
CN109741050A (en) Extend method of financial IC card service life and associated method and device
US11153299B2 (en) Secure data transport using trusted identities
CN111815821A (en) IC card security algorithm applied to intelligent door lock
CN105245333A (en) Multi-application smart card key management method and multi-application smart card key management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant