CN106372557A - Method, device and system for acquiring certificate card information - Google Patents

Method, device and system for acquiring certificate card information Download PDF

Info

Publication number
CN106372557A
CN106372557A CN201610787018.XA CN201610787018A CN106372557A CN 106372557 A CN106372557 A CN 106372557A CN 201610787018 A CN201610787018 A CN 201610787018A CN 106372557 A CN106372557 A CN 106372557A
Authority
CN
China
Prior art keywords
card
certificate card
certificate
control device
safety control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610787018.XA
Other languages
Chinese (zh)
Other versions
CN106372557B (en
Inventor
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
李明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李明 filed Critical 李明
Priority to CN201610787018.XA priority Critical patent/CN106372557B/en
Publication of CN106372557A publication Critical patent/CN106372557A/en
Application granted granted Critical
Publication of CN106372557B publication Critical patent/CN106372557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Computer Hardware Design (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Electromagnetism (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method, a device and a system for acquiring the certificate card information. The method comprises steps that an operation request is sent by a terminal to a certificate card reading device; the operation request is received by the certificate card reading device, and a card reading request is sent to a server; the card reading request is sent by the server to first certificate card safety control equipment; the card reading request is received by the first certificate card safety control equipment so as to start a process of reading the certificate card information, information interaction between the server and the certificate card reading device and a certificate card is carried out, and the certificate card information stored in the certificate card is read; the read certificate card information is sent by the first certificate card safety control equipment to the certificate card reading device through the server; the certificate card information is received by the certificate card reading device and is sent to the terminal.

Description

Certificate card information getting method, apparatus and system
Technical field
The present invention relates to electronic technology field, more particularly, to a kind of certificate card information getting method, apparatus and system.
Background technology
Existing front end certificate card reader has at least two modules, controls including read through model and certificate card checking safety Molding block.Because each front end certificate card reader is respectively provided with certificate card checking safety control module, therefore, existing front end card The manufacturing cost of part card reader is high;And, the certificate card letter that certificate card safety control module can only read to a read through model Breath carries out authentication, and therefore, existing front end certificate card reader utilization rate is relatively low.
Content of the invention
Present invention seek to address that one of the problems referred to above.
Present invention is primarily targeted at providing a kind of certificate card information getting method;
Another object of the present invention is to providing a kind of certificate card information acquisition device;
A further object of the present invention is to provide a kind of certificate card Information Acquisition System.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
Scheme 1, a kind of certificate card information getting method, comprising:
Step 1, terminal sends operation requests to certificate card reading device;
Step 2, described certificate card reading device receives described operation requests;
Step 3, described certificate card reading device periodically broadcasts card seeking instruction;
Step 4, described certificate card reading device receives the response message of certificate card return, judges that described response message is Card seeking for the instruction of described card seeking confirms data;
Step 5, described certificate card reading device is gone off the air the instruction of described card seeking, sends card seeking request to server;
Step 6, described server receives described card seeking request, sends described card seeking to the first certificate card safety control device Request;
Step 7, described first certificate card safety control device receives the request of described card seeking, by described server to described Certificate card reading device sends card seeking response, wherein, carries card seeking response data in described card seeking response;
Step 8, described certificate card reading device receives the described card seeking that described first certificate card safety control device sends Response, obtains described card seeking response data;
Step 9, described certificate card reading device determines the response that described card seeking response data is response described card seeking request Data, described card seeking confirmation data is sent to described first certificate card safety control device by described server;
Step 10, described certificate card reading device sends card selection instruction to described certificate card;
Step 11, described certificate card reading device receives the card selection confirmation data that described certificate card sends, wherein, described choosing Card confirms that data at least includes the unique identification information of described certificate card;
Step 12, described certificate card reading device is sent out to described first certificate card safety control device by described server Card of sending to be elected is asked;
Step 13, described first certificate card safety control device receives described card selection request;
Step 14, described first certificate card safety control device is sent out to described certificate card reading device by described server Card of sending to be elected request response;
Step 15, described certificate card reading device receives the card selection request that described first certificate card safety control device sends Response;
Step 16, described certificate card reading device determines that described card selection request response is the response for the request of described card selection Data, described card selection confirmation data is sent to described first certificate card safety control device by described server;
Step 17, described certificate card reading device sends Card Reader instruction to described certificate card;
Step 18, described certificate card reading device receives the Card Reader confirmation data that described certificate card returns;
Step 19, described certificate card reading device sends Card Reader request to described server;
Step 20, described server sends the request of described Card Reader to the first certificate card safety control device;
Step 21, described first certificate card safety control device receives described Card Reader request, starts and reads certificate card information Flow process, by carrying out information exchange between described server and described certificate card reading device and described certificate card, read The certificate card information of storage in described certificate card;
Step 22, the described certificate card information reading is sent out by described first certificate card safety control device by server Give described certificate card reading device;
Step 23, described certificate card reading device receives and described certificate card information is sent to described terminal.
Scheme 2, the method according to scheme 1,
The first identification authentication data is at least carried in described card seeking request;
Described first certificate card safety control device is returning institute by described server to described certificate card reading device Before stating card seeking response, methods described also includes: described first certificate card safety control device is taken in being asked according to described card seeking Described first identification authentication data of band is authenticated to the identity of described certificate card reading device, situation about passing through in certification Under, the step that execution returns described card seeking response by described server to described certificate card reading device.
Scheme 3, the method according to scheme 1 or 2,
The second identification authentication data is at least carried in described card seeking response;
Receive described first certificate card safety control device in described certificate card reading device to send by described server Card seeking response after, by described card seeking confirmation data described first certificate card security control is being sent to by described server Before equipment, methods described also includes: described certificate card reading device is according to described second identification authentication data to described first The identity of certificate card safety control device is authenticated, and in the case that certification is passed through, described card seeking confirmation data is led to by execution Cross the step that described server is sent to described first certificate card safety control device.
Scheme 4, the method according to any one of scheme 1 to 3,
Tiers e'tat authentication data is carried in described card selection request;
After described first certificate card safety control device receives the request of described card selection, by described server to described Before certificate card reading device sends card selection request response, methods described also includes: described first certificate card safety control device Tiers e'tat authentication data according to carrying in the request of described card selection is authenticated to the identity of described certificate card reading device, In the case that certification is passed through, execution sends the step of card selection request response by described server to described certificate card reading device Suddenly.
Scheme 5, the method according to any one of scheme 1 to 4,
The 4th identification authentication data is at least carried in described card selection request response;
Receive the card selection request response that described first certificate card safety control device sends in described certificate card reading device Afterwards, before described card selection confirmation data being sent to described first certificate card safety control device by described server, institute Method of stating also includes: described certificate card reading device parses the information carrying in described card selection request response, obtains described card selection The 4th identification authentication data carrying in request response, and according to described 4th identification authentication data to described first certificate card peace The identity of full control device is authenticated, and in the case that certification is passed through, described card selection is confirmed that data passes through described clothes by execution The step that business device is sent to described first certificate card safety control device.
Scheme 6, the method according to any one of scheme 1 to 5,
The 5th identification authentication data is at least carried in described Card Reader request;
After described first certificate card safety control device receives described Card Reader request, start and read certificate card information Before flow process, methods described also includes: the institute that described first certificate card safety control device carries in being asked according to described Card Reader State the 5th authentication data the identity of described certificate card reading device is authenticated, in the case that certification is passed through, execute startup The step reading the flow process of certificate card information.
Scheme 7, the method according to any one of scheme 1 to 6,
Before described first certificate card safety control device starts the flow process of reading certificate card information, methods described is also wrapped Include: described certificate card reading device is held consultation by described server with described first certificate card safety control device, both sides Obtain session key;
After described certificate card reading device obtains session key with described first certificate card safety control device, in institute During stating certificate card reading device and the subsequent communications of described first certificate card safety control device, described certificate card reads dress Put and respectively the data sending and receiving is encrypted using described session key with described first certificate card safety control device And deciphering.
Scheme 8, the method according to any one of scheme 1 to 7, described server is to the first certificate card safety control device Send described card seeking request to include:
Described server selects described first certificate card safety control device from multiple certificate card safety control devices;
Described server sends the request of described card seeking to the described first certificate card safety control device selected.
Scheme 9, the method according to scheme 8, described server is selected from multiple certificate card safety control devices Described first certificate card safety control device includes:
Described server is corresponding with certificate card safety control device according to the described certificate card reading device prestoring Relation, selects described first certificate card safety control device from multiple certificate card safety control devices;Or
It is idle certificate that described server selects current operating state from the plurality of certificate card safety control device Card safety control device is as described first certificate card safety control device.
Scheme 10, the method according to any one of scheme 1 to 9, after described terminal receives described certificate card information, institute Method of stating also includes:
Described certificate card presentation of information and/or send is stored by described terminal to storage device.
Scheme 11, a kind of certificate card information acquisition device, comprising:
First transceiver module, sends operation requests for receiving terminal;
Second transceiver module, for periodic broadcast card seeking instruction, and receives the response message of certificate card return;
Processing module, for judging that described response message is the card seeking confirmation data for the instruction of described card seeking;If it is, Then indicate that described second transceiver module is gone off the air the instruction of described card seeking, and indicate that the 3rd transceiver module passes through server to first Certificate card safety control device sends card seeking request;
Described 3rd transceiver module, for sending described card seeking request by described server, and receives described first card The described card seeking response that part card safety control device is returned by described server;
Described processing module, is additionally operable to obtain described card seeking response data from described card seeking responds, determines described card seeking Response data is the response data of response described card seeking request, indicates that described card seeking confirmation data is led to by described 3rd transceiver module Cross described server and be sent to described first certificate card safety control device;
Described second transceiver module, is additionally operable to send card selection instruction to described certificate card, and receives described certificate card transmission Card selection confirm data, wherein, described card selection confirms that data at least includes the unique identification information of described certificate card;
Described 3rd transceiver module, is additionally operable to send to described first certificate card safety control device by described server Card selection is asked, and receives the card selection request response that described first certificate card safety control device is sent by described server;
Described processing module, is additionally operable to determine that described card selection request response is the response data for the request of described card selection, Indicate that described card selection confirmation data is sent to described first certificate card safety by described server by described 3rd transceiver module Control device;
Described second transceiver module, is additionally operable to send Card Reader instruction to described certificate card, and receives described certificate card and return The Card Reader returning confirms data;
Described 3rd transceiver module, is additionally operable to send to described first certificate card safety control device by described server Card Reader is asked, and the described first certificate card safety control device of instruction starts the flow process reading certificate card information;And in described reading Receive described first certificate card safety control device in the flow process of evidence obtaining part card information to hand over by described server sends first Mutual information, and the second interactive information that described certificate card is sent is sent to described first certificate card safety by described server Control device;And receive described first certificate card safety control device by described server send from described certificate card The certificate card information reading;
Described second transceiver module, described first interactive information being additionally operable to receive described 3rd transceiver module sends To certificate card, and receive the second interactive information that described certificate card sends;
Described first transceiver module, the certificate card information being additionally operable to receive described 3rd transceiver module is sent to described Terminal.
Scheme 12, the device according to scheme 11, described processing module is additionally operable to send in described 3rd transceiver module Before described card seeking request, obtain the first identification authentication data, and described first identification authentication data is carried in described card seeking In request.
Scheme 13, the device according to scheme 11 or 12,
The second identification authentication data is at least carried in described card seeking response;
Described processing module, is additionally operable to lead in the described first certificate card safety control device of described 3rd transceiver module reception After crossing the card seeking response that described server sends, described card seeking confirmation data is sent to described first by described server Before certificate card safety control device, according to described second identification authentication data to described first certificate card safety control device Identity is authenticated, and in the case that certification is passed through, triggers described 3rd transceiver module and described card seeking being confirmed, data passes through institute State server and be sent to described first certificate card safety control device.
Scheme 14, the device according to any one of scheme 11 to 13, described processing module, it is additionally operable in described 3rd receipts Before sending out module transmission described card selection request, obtain tiers e'tat authentication data, described tiers e'tat authentication data is carried In described card selection request.
Scheme 15, the device according to any one of scheme 11 to 14,
The 4th identification authentication data is at least carried in described card selection request response;
Described processing module, is additionally operable to send out in the described 3rd transceiver module described first certificate card safety control device of reception After the card selection request response sent, described card selection confirmation data is sent to described first certificate card safety by described server Before control device, the information that carries in parsing described card selection request response, obtain the carrying in described card selection request response Four identification authentication data, and according to described 4th identification authentication data, the identity of described first certificate card safety control device is entered Row certification, in the case that certification is passed through, triggers described 3rd transceiver module and confirms data by described service described card selection Device is sent to described first certificate card safety control device.
Scheme 16, the device according to any one of scheme 11 to 15, described processing module, it is additionally operable in described 3rd receipts Before sending out module transmission described Card Reader request, obtain the 5th identification authentication data, described 5th identification authentication data is carried In described Card Reader request.
Scheme 17, the device according to any one of scheme 11 to 16,
Described processing module, is additionally operable to start, in described first certificate card safety control device, the stream reading certificate card information Before journey, held consultation with described first certificate card safety control device by described server, obtain session key;And During the subsequent communications of described first certificate card safety control device, received to the described 3rd respectively using described session key The data sending out module transmission is encrypted transmission and the data of described 3rd transceiver module reception is decrypted.
Scheme 18, a kind of certificate card Information Acquisition System, comprising: terminal, certificate card reading device, server and the first card Part card safety control device;Wherein,
Described terminal, for sending operation requests to certificate card reading device;
Described certificate card reading device, including device any one of scheme 11 to 17;
Described server, for receiving the card seeking request that described certificate card reading device sends, to described first certificate card Safety control device sends described card seeking request;And forward described certificate card reading device to control safely with described first certificate card The information of interaction between control equipment;
Described first certificate card safety control device, is used for:
Receive described card seeking request, card seeking response is sent to described certificate card reading device by described server, wherein, Card seeking response data is carried in described card seeking response;
Receive described certificate card reading device and data is confirmed by the card seeking that described server sends;
Receive the card selection that described certificate card reading device sent by described server to ask, and by described server to Described certificate card reading device sends card selection request response;
Receive described certificate card reading device to ask by the Card Reader that described server sends, start and read certificate card information Flow process, by carrying out information exchange between described server and described certificate card reading device and described certificate card, read The certificate card information of storage in described certificate card;
The described certificate card information reading is sent to described certificate card reading device by server.
Scheme 19, the system according to scheme 18,
The first identification authentication data is at least carried in described card seeking request;
Described first certificate card safety control device, be additionally operable to by described server to described certificate card reading device Before returning described card seeking response, according to described first identification authentication data carrying in the request of described card seeking to described certificate card The identity of reading device is authenticated, and in the case that certification is passed through, execution is read to described certificate card by described server Device returns the operation of described card seeking response.
Scheme 20, the system according to scheme 18 or 19, described first certificate card safety control device, it is additionally operable to sending out Before sending described card seeking response, obtain the second identification authentication data, described second identification authentication data is carried in described card seeking In response.
Scheme 21, the system according to any one of scheme 18 to 20,
Tiers e'tat authentication data is carried in described card selection request;
Described first certificate card safety control device, is additionally operable to after receiving described card selection request, by described service Before device sends card selection request response to described certificate card reading device, the tiers e'tat according to carrying in the request of described card selection is recognized Card data is authenticated to the identity of described certificate card reading device, and in the case that certification is passed through, execution is by described service Device sends the operation of card selection request response to described certificate card reading device.
Scheme 22, the system according to any one of scheme 18 to 21, described first certificate card safety control device, also use In before sending described card selection request response, obtain the 4th identification authentication data, described 4th identification authentication data is carried In the request response of described card selection.
Scheme 23, the system according to any one of scheme 18 to 22,
The 5th identification authentication data is at least carried in described Card Reader request;
Described first certificate card safety control device, after being additionally operable to receive described Card Reader request, starts and reads certificate card Before the flow process of information, according to described 5th authentication data carrying in the request of described Card Reader to described certificate card reading device Identity is authenticated, and in the case that certification is passed through, execution starts the operation of the flow process reading certificate card information.
Scheme 24, the system according to any one of scheme 18 to 23,
Described certificate card reading device and described first certificate card safety control device, are additionally operable in described first certificate card Before safety control device starts the flow process reading certificate card information, held consultation by described server, both sides obtain session Key;And after described certificate card reading device obtains session key with described first certificate card safety control device, During the subsequent communications of described certificate card reading device and described first certificate card safety control device, close using described session Key encrypts and decrypts to the data sending and receiving respectively.
Scheme 25, the system according to any one of scheme 18 to 24, described server is sought described in the following manner Card request is sent to described first certificate card safety control device:
Described first certificate card safety control device is selected from multiple certificate card safety control devices;
The request of described card seeking is sent to the described first certificate card safety control device selected.
Scheme 26, the system according to scheme 25, described server is controlled safely from multiple certificate cards in the following manner Described first certificate card safety control device is selected in control equipment:
According to the corresponding relation of the described certificate card reading device prestoring and certificate card safety control device, from multiple Described first certificate card safety control device is selected in certificate card safety control device;Or
Current operating state is selected to be idle certificate card security control from the plurality of certificate card safety control device Equipment is as described first certificate card safety control device.
Scheme 27, the system according to any one of scheme 18 to 26, described terminal, it is additionally operable to receive described certificate card letter After breath, described certificate card presentation of information and/or send is stored to storage device.
As seen from the above technical solution provided by the invention, certificate card reading device (is equivalent to prior art Read through model in certificate card reading device, it only has information exchange function, does not have the certificate of existing certificate card reader The other functions such as card security control certification) (certificate card being equivalent to prior art is read with the first certificate card safety control device Certificate card safety control module in device, for carrying out certificate card security control certification to certificate card) it is provided separately, certificate card Communicated by server between reading device and the first certificate card safety control device, the reading of execution certificate card information, Share a certificate card safety control device such that it is able to multiple certificate card reading devices, thus improve certificate card security control The utilization rate of equipment, has saved cost.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to required use in embodiment description Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
A kind of configuration diagram of certificate card Information Acquisition System that Fig. 1 provides for the embodiment of the present invention 1;
A kind of structural representation of certificate card information acquisition device that Fig. 2 provides for the embodiment of the present invention 2;
A kind of signaling process figure of certificate card information getting method that Fig. 3 provides for the embodiment of the present invention 3;
A kind of part signaling process figure of certificate card information getting method that Fig. 4 provides for the embodiment of the present invention 3;
A kind of part signaling process figure of certificate card information getting method that Fig. 5 provides for the embodiment of the present invention 3.
Specific embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on this Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under the premise of not making creative work Example, broadly falls into protection scope of the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Present embodiments provide a kind of certificate card Information Acquisition System, storage in certificate card can be got by this system Certificate card information.
The configuration diagram of the certificate card Information Acquisition System that Fig. 1 provides for the present embodiment, as shown in figure 1, this system master Including: terminal 10, certificate card reading device 20, server 30 and the first certificate card safety control device 40.
In the present embodiment, terminal 10, for sending operation requests to certificate card reading device 20.Certificate card reading device 20, it is used for: receive operation requests, periodically broadcast card seeking instruction, receive the response message that certificate card returns, and judge to respond Message is that the card seeking for card seeking instruction confirms data, then card seeking of going off the air instructs, and sends card seeking request to server 30.Clothes Business device 30, for receiving card seeking request, sends card seeking request to the first certificate card safety control device 40.First certificate card safety Control device 40, is used for: receives card seeking request, card seeking response sent to certificate card reading device 20 by server 30, wherein, Card seeking response data is carried in card seeking response.Certificate card reading device 20, is additionally operable to: receives the first certificate card security control and sets The card seeking response of standby 40 transmissions, obtains card seeking response data;Determine the response data that card seeking response data is response card seeking request, Card seeking confirmation data is sent to the first certificate card safety control device 40 by server 30;And send card selection to certificate card Instruction;Receive the card selection confirmation data that certificate card sends, wherein, card selection confirms that data at least includes the unique mark letter of certificate card Breath;Then send card selection request to the first certificate card safety control device 40.First certificate card safety control device 40 is additionally operable to Receive card selection request;And card selection request response is sent to certificate card reading device 20 by server 30.Certificate card reading device 20 receive the card selection request response that the first certificate card safety control device 40 sends.Certificate card reading device 20 is additionally operable to: determines Card selection request response is the response data for card selection request, and card selection confirmation data is sent to the first certificate by server 30 Card safety control device 40;And send Card Reader instruction to certificate card, receive the Card Reader confirmation data that certificate card returns;And to clothes Business device 30 sends Card Reader request.Server 30 is additionally operable to send Card Reader request to the first certificate card safety control device 40.The One certificate card safety control device 40 is additionally operable to: receives Card Reader request, starts the flow process reading certificate card information, by server Carry out information exchange between 30 and certificate card reading device 20 and certificate card, read the certificate card information of storage in certificate card; And the certificate reading card information is sent to certificate card reading device 20 by server 30.Certificate card reading device 20 is also used It is sent to terminal 10 in receiving and by certificate card information.
In the present embodiment, during the certificate card information that user stores in needing reading certificate card, by terminal 10 to card Part card reading device 20 sends operation requests, and instruction certificate card reading device 20 needs to read the certificate card letter of storage in certificate card Breath.For example, user can be entered the operating instructions to terminal 10 by certain button in terminal 10, and terminal 10 responds user input Operational order, to certificate card reading device 20 send operation requests.In specific implementation process, terminal 10 is read with certificate card Can be by wired connection (such as usb interface, serial ports, earphone interface etc.) it is also possible to connect (example by wireless between device 20 As wifi, bluetooth, infrared, nfc etc.).
In addition, in certificate card, the certificate card information of storage is encrypted transmission, due to the particularity of certificate card, only certificate Card safety control device could be decrypted to the certificate card information of storage in certificate card.In specific implementation process, Ke Yi In Card Reader request, the content needing the first certificate card safety control device 40 to be decrypted is configured, for example, it is possible to setting First certificate card safety control device 40 read-only essential information (for example, name, sex, the date of birth taking storage in certificate card Deng) it is also possible to setting the first certificate card safety control device 40 reads the essential information+photo of storage in certificate card, acceptable First certificate card safety control device 40 is set and reads essential information+photo+finger print information of storage etc. in certificate card, specifically may be used To be configured as needed.In specific implementation process, can be configured in terminal 10 by user, after being provided with, It is sent to certificate card reading device 20 by operation requests, certificate card reading device 20, according to the setting of user, is sending Card Reader During request, configuration information is sent to the first certificate card safety control device 40.
The said system being provided by the present embodiment, certificate card reading device 20 (is equivalent to the certificate card of prior art Read through model in reading device, it only has information exchange function, does not have the certificate card safety of existing certificate card reader Control the other functions such as certification) (be equivalent to the certificate card reading device of prior art with the first certificate card safety control device 40 In certificate card safety control module, for certificate card is carried out with certificate card security control certification) be provided separately, by server 30 are communicated, and can share a certificate card safety control device with multiple certificate card reading devices, thus improve certificate card The utilization rate of safety control device, has saved cost.
The said system that the present embodiment provides, can apply in banking system, wherein, terminal 10 can be bank counter Front end, in each agency, one server can be set it is also possible to regional agency shares a server, and Certificate card safety control device can also each agency setting one or more it is also possible to multiple agencies share one or Multiple certificate card safety control devices.
In the present embodiment, server 30 can be distributed or centralized, can also be Virtual Service Device, concrete the present embodiment is simultaneously not construed as limiting.
In order that the first certificate card safety control device 40 can determine that card seeking asks to be sent out by certificate card reading device 20 Send, it is to avoid the attack to the first certificate card safety control device 40 for the certificate card reading device 20 of illegal simulation, in the present invention In one optional embodiment of embodiment, at least carry the first identity in the card seeking request that certificate card reading device sends and recognize Card data;First certificate card safety control device 40 is additionally operable to returning card seeking by server 30 to certificate card reading device 20 Before response, the first identification authentication data according to carrying in card seeking request is recognized to the identity of certificate card reading device 20 Card, in the case that certification is passed through, execution returns the operation of card seeking response by server 30 to certificate card reading device 20.? In this optional embodiment, alternatively, the first identification authentication data can be that certificate card reading device 20 uses the private key of itself Treat signing messages and carry out the signature value obtaining of signing, wherein, information to be signed can be that certificate card reading device 20 generates Random number, certificate card reading device 20 can carry the signature value of this random number and this random number in card seeking request together Send;Or, information to be signed can also not limit for the card seeking request data carrying in card seeking request, concrete the present embodiment Fixed.First certificate card safety control device 40, can be by the first identification authentication data verification after receiving card seeking request The identity of part card reading device 20 is authenticated, and certification is passed through afterwards, just returns card seeking response to certificate card reading device 20.When So, the first identification authentication data, except being to treat signing messages to carry out signing in addition to the signature value obtaining, can also be it Its data, for example, is examined to treating authentication data using the algorithm arranged with the first certificate card safety control device 40 in advance Test test value of calculating etc., concrete the present embodiment is not construed as limiting.First certificate card safety control device 40 adopts corresponding mode First identification authentication data is authenticated.
In order that certificate card reading device 20 can determine that card seeking responds being sent out by the first certificate card safety control device 40 Send, it is to avoid the first certificate card safety control device 40 of illegal simulation illegally obtains the information of storage in certificate card, at this In one optional embodiment of bright embodiment, the first certificate card safety control device 40 is additionally operable to respond it in transmission card seeking Before, obtain the second identification authentication data, the second identification authentication data is carried in card seeking response.Certificate card reading device 20 is also For, after receiving the card seeking response that the first certificate card safety control device 40 is sent by server 30, card seeking being confirmed Before data is sent to the first certificate card safety control device 40 by server 30, according to the second identification authentication data to first The identity of certificate card safety control device 40 is authenticated, and in the case that certification is passed through, card seeking confirmation data is passed through by execution Server 30 is sent to the operation of the first certificate card safety control device 40.I.e. in this optional embodiment, certificate card is read Device 20 only in the case of the identity determining the first certificate card safety control device 40, the confirmation that just certificate card returned Data is activation gives the first certificate card safety control device 40, it is to avoid in certificate card, the information of storage is illegally accessed.
In above-mentioned optional embodiment, alternatively, the second identification authentication data can be the first certificate card security control Equipment 40 carries out, using the private key pair information to be signed of itself, the signature value obtaining of signing, and wherein, this information to be signed can be First certificate card safety control device 40 generate random number, the first certificate card safety control device 40 can by this random number with And the signature value of this random number carries together and is sent to the first certificate card safety control device 40 in card seeking response;Or, treat Signing messages can also be not construed as limiting for the card seeking response data carrying in card seeking response, concrete the present embodiment.Certificate card is read Device 20, can be by the second identification authentication data to the first certificate card safety control device after receiving the response of this card seeking 40 identity is authenticated, and certification is passed through afterwards, just sends card seeking to the first certificate card safety control device 40 and confirms data.When So, the second identification authentication data, except being to treat signing messages to carry out signing in addition to the signature value obtaining, can also be it Its data, for example, to being tested calculating using treating authentication data with the algorithm of certificate card reading device 20 agreement in advance Test value etc., concrete the present embodiment is not construed as limiting.Certificate card reading device 20 adopts corresponding mode to the second authentication number According to being authenticated.
Similarly, in order that the first certificate card safety control device 40 can determine that card selection is asked as certificate card reading device 20 are sent, it is to avoid the attack to the first certificate card safety control device 40 for the certificate card reading device 20 of illegal simulation, In one optional embodiment of the embodiment of the present invention, can also carry in the card selection request that certificate card reading device 20 sends Tiers e'tat authentication data;First certificate card safety control device 40 is additionally operable to after receiving card selection request, by server Before 30 send card selection request response to certificate card reading device 20, according to the tiers e'tat authentication data carrying in card selection request The identity of certificate card reading device 20 is authenticated, in the case that certification is passed through, execution is by server 30 to certificate card Reading device 20 sends the operation of card selection request response.Similar to above-mentioned first identification authentication data, tiers e'tat authentication data Signing messages can also be treated for certificate card reading device 20 using own private key and carry out the signature value obtaining of signing, or, Can be to treat authentication data using the predetermined algorithm arranged with the first certificate card safety control device 40 and test to calculate The inspection location arrived, specifically repeats no more.
In addition, in order that certificate card reading device 20 can determine that card selection request response sets for the first certificate card security control Standby 40 are sent, it is to avoid the first certificate card safety control device 40 of illegal simulation illegally obtains the letter storing in certificate card Breath, in an optional embodiment of the embodiment of the present invention, the first certificate card safety control device 40 is additionally operable to sending choosing Before card request response, obtain the 4th identification authentication data, the 4th identification authentication data is carried in card selection request response;Card Part card reading device 20 is additionally operable to, after receiving the card selection request response that the first certificate card safety control device 40 sends, will select Before card confirms that data is sent to the first certificate card safety control device 40 by server 30, take in parsing card selection request response The information of band, obtains the 4th identification authentication data that carries in card selection request response, and according to the 4th identification authentication data to the The identity of one certificate card safety control device 40 is authenticated, and in the case that certification is passed through, card selection confirmation data is led to by execution Cross the operation that server 30 is sent to the first certificate card safety control device 40.Equally, similar with the second identification authentication data, the Four identification authentication data can be that the first certificate card safety control device 40 is signed using the private key pair information to be signed of itself The signature value that name obtains, or or authentication data is treated using the predetermined algorithm with certificate card reading device 20 agreement Test calculated inspection location, specifically repeat no more.
Equally, in order that the first certificate card safety control device 40 can determine that Card Reader is asked as certificate card reading device 20 Sent, it is to avoid the attack to the first certificate card safety control device 40 for the certificate card reading device 20 of illegal simulation, at this In one optional embodiment of inventive embodiments, in the Card Reader request that certificate card reading device 20 sends, at least carry the 5th body Part authentication data;First certificate card safety control device 40 is additionally operable to, after receiving Card Reader request, start and read certificate card letter Before the flow process of breath, the 5th authentication data according to carrying in Card Reader request is recognized to the identity of certificate card reading device 20 Card, in the case that certification is passed through, execution starts the operation of the flow process reading certificate card information.
In an optional embodiment of the embodiment of the present invention, the first certificate card safety control device 40 starts to read to be demonstrate,proved After the flow process of part card information, among the flow process reading certificate card information, the first certificate card safety control device 40 and certificate Can be mutually authenticated by certificate card reading device 20 server 30 between card, certificate card is only to the first certificate card Safety control device 40 certification is passed through afterwards, just allows the information being stored to read, and the first certificate card safety control device 40 are only passing through afterwards to certificate card certification, just receive the information that certificate card sends, and then the information that certificate card is sent is entered Row is processed, to obtain readable certificate card information.Concrete certification between first certificate card safety control device 40 and certificate card Flow process may refer to the description in embodiment 3, will not be described here.
In order to ensure the data transmission security between certificate card reading device 20 and the first certificate card safety control device 40, In an optional embodiment of the embodiment of the present invention, certificate card reading device 20 and the first certificate card safety control device 40 It is additionally operable to, before the first certificate card safety control device 40 starts the flow process of reading certificate card information, carry out by server 30 Consult, both sides obtain session key;And must attend the meeting with the first certificate card safety control device 40 in certificate card reading device 20 After words key, during the subsequent communications of certificate card reading device 20 and the first certificate card safety control device 40, card makes Respectively the data sending and receiving is encrypted and decrypted with session key.In a particular application, certificate card reading device 20 The key that conversate before card seeking is asked can be sent with the first certificate card safety control device 40 in certificate card reading device 20 Negotiation or send card seeking request when start execute session key negotiation, can also be certificate card read dress Put 20 and card seeking request is sent the negotiation starting session key to after the first certificate card safety control device 40, specifically this reality Apply example to be not construed as limiting.Session key agreement process between certificate card reading device 20 and the first certificate card safety control device 40 May refer to the description of embodiment 3, will not be described here.
In an optional embodiment of the embodiment of the present invention, a server 30 can connect multiple certificate card safety Control device, therefore, in this optional embodiment, server 30 is additionally operable to the first certificate card safety control device 40 Before sending card seeking request, select the first certificate card safety control device 40 from multiple certificate card safety control devices.
In an optional embodiment of the embodiment of the present invention, server 30 selects the side of certificate card safety control device Formula includes but is not limited to one below:
(1) certificate card security control corresponding with certificate card reading device 20 is selected to set from the corresponding relation prestoring Standby, wherein, have recorded each certificate card safety control device in multiple certificate card safety control devices in this corresponding relation and correspond to One or more certificate card reading devices;
For example, server 30 connects multiple certificate card safety control devices it is possible to store multiple certificate card security controls Each certificate card safety control device in equipment and the corresponding relation of multiple certificate card reading devices.Wherein, this corresponding relation Can also be set according to certain rule, for example, it is possible to be divided according to geographic area, multiple certificates in same region Card reading device corresponds to same certificate card safety control device, or it is also possible to distributes one to each certificate card reading device Individual id, is divided according to No. id, and certificate card reading device in same scope for the id corresponds to same certificate card security control Equipment, or it is also possible to address (such as ip address) in a network is divided according to each certificate card reading device.Pass through This optional embodiment, can pass through server 30, multiple certificate card reading devices are corresponded to a certificate card security control Equipment, improves utilization rate and the system manageability of certificate card safety control device, and, by reading multiple certificate cards Device corresponds to a certificate card safety control device, if there is fault it is also possible to promptly position to fault.
For example, in banking system, multiple certificate card safety control devices can be set in an agency, in server One corresponding relation can be set, the certificate card reading device of front end is numbered, then record corresponds in corresponding relation The certificate card safety control device of each certificate card reading device.Multiple certificate card security controls are shared for multiple agencies set Standby situation, can arrange a corresponding relation in server, record corresponds to from the certificate card reading device of each agency Certificate card safety control device, or it is also possible to carry out certificate card safety according to the ip address of the certificate card reading device of front end The distribution of control device.
(2) current operating state in the plurality of certificate card safety control device is selected to be idle certificate card security control Equipment is as described first certificate card safety control device.
For example, server 30 can be with each certificate card security control in certificate card safety control devices multiple in record system The working condition of equipment, when receiving from the card seeking request of certificate card reading device 20, server 30 can be according to each The working condition of certificate card safety control device, select current operating state be idle certificate card safety control device as with Certificate card reading device corresponding certificate card safety control device, and the working condition by the certificate card safety control device selecting It is labeled as busy.By this optional embodiment, a certificate card safety control device can be avoided to be simultaneously received multiple The information of terminal, and lead to the situation for the treatment of effeciency decline.
In an optional embodiment of the embodiment of the present invention, for quick release untapped certificate card security control Equipment, after server 30 can be with certificate card reading device and the certificate card safety control device sign off selecting, will select The working condition of certificate card safety control device be labeled as the free time.Certainly, in specific implementation process, if all indentations card Safety control device all processes busy state, can also select card according to the load condition of each certificate card safety control device Part card safety control device, to reach load balancing.
For example, in banking system, can be in an agency or multiple agency or the whole network setting multiple certificate card peace Full control device, arranges idle certificate card safety control device pond in the server, and server is receiving the card from front end During the request that part card reading device sends, take out a certificate card security control from idle certificate card safety control device pond and set Standby, this certificate card safety control device is distributed to current certificate card reading device, by this certificate card safety control device The association requests of certificate card reading device that should be front, and by this certificate card safety control device from idle certificate card security control Remove in equipment pond, using after complete, then this certificate card safety control device is put into idle certificate card safety control device Pond.
By above-mentioned optional embodiment, server can select properly according to having particular application as certificate card reading device 20 Certificate card safety control device, such that it is able to improve certificate card safety control device utilization rate while, improve data The efficiency processing.
In an optional embodiment of the embodiment of the present invention, as shown in figure 1, this system can also include: storage dress Put 50.Then in this optional embodiment, certificate card reading device 20, after receiving certificate card information, is additionally operable to certificate card Information is sent to storage device 50;Storage device 50 is additionally operable to store the certificate card information receiving.By this optional embodiment party Formula, subsequently need to produce one's papers card information when, can directly from storage device 50 obtain, thus avoid user carrying with Certificate card and the problem made troubles to user.
In specific implementation process, storage device 50 can arrange in terminal 10, as certificate card reading device 20 One part is it is also possible to be arranged on outside certificate card reading device 20.Can be single storage device or and other work( The equipment of setting can be unified, for example, it is possible to be electronic signature equipment (such as industrial and commercial bank u shield, agricultural bank's k treasured etc.).In addition, certificate card letter Breath can be stored in clear in storage device 50 or encryption storage is in storage device 50, and concrete the present embodiment is not It is construed as limiting.
In an optional embodiment of the embodiment of the present invention, as shown in figure 1, this system can be with display device 60. In this optional embodiment, certificate card reading device 20 is additionally operable to send certificate card information to display device 60;Display dress Put 60, for showing certificate card information.By this optional embodiment, the certificate card information reading can be shown, thus can So that user knows the certificate card information of storage in certificate card.
In specific implementation process, display device 60 can be arranged in terminal 10, as a part for terminal 10, also may be used To arrange independent of outside terminal 10, concrete the present embodiment is not construed as limiting.
In another optional embodiment of the embodiment of the present invention, terminal 10 can also be by the certificate receiving card information It is sent to external memory storage, therefore, in this optional embodiment, terminal 10, after receiving certificate card information, is gone back For certificate card information is sent to storage device 50;Storage device 50 is additionally operable to store the certificate card information receiving.Pass through This optional embodiment, subsequently need to produce one's papers card information when, can directly from storage device 50 obtain, thus avoiding The problem that user carries with certificate card and makes troubles to user.In this optional embodiment, storage device 50 can be Single storage device or the equipment with other functions unification setting, for example, it is possible to be electronic signature equipment (such as work Row u shield, agricultural bank's k treasured etc.).In addition, certificate card information can be stored in clear in storage device 50 or encryption stores To in storage device 50, concrete the present embodiment is not construed as limiting.
In another optional embodiment of the embodiment of the present invention, terminal 10 after receiving certificate card information, if Terminal 10 has display module, then can show the certificate card information receiving by display module, if terminal 10 does not have Display module, then terminal 10 can by certificate card information be sent to exterior display device storage.Therefore, in this optional embodiment In, terminal 10 is additionally operable to send certificate card information to display device 60;Display device 60, for showing certificate card information.Logical Cross this optional embodiment, the certificate card information reading can be shown, such that it is able to make user know storage in certificate card Certificate card information.
Embodiment 2
Present embodiments provide a kind of certificate card information acquisition device, this device can be arranged on the card of above-described embodiment 1 In part card reading device 20, for obtaining the certificate card information of storage in certificate card.
The structural representation of the certificate card information acquisition device that Fig. 2 provides for the present embodiment, as shown in Fig. 2 this device master Including: the first transceiver module 200, the second transceiver module 202, the 3rd transceiver module 204 and processing module 206.Wherein, first Transceiver module 200, sends operation requests for receiving terminal;Second transceiver module 202, refers to for periodic broadcast card seeking Order, and receive the response message of certificate card return;Processing module 206, for judging that response message is seeking for card seeking instruction Card confirms data;The card seeking instruction if it is, instruction the second transceiver module 202 is gone off the air, and indicate the 3rd transceiver module 204 Card seeking request is sent to the first certificate card safety control device by server;3rd transceiver module 204, for by server Send card seeking request, and receive the first certificate card safety control device and responded by the card seeking that server returns;Processing module 206, it is additionally operable to obtain card seeking response data from card seeking responds, determine the number of responses that card seeking response data is response card seeking request According to card seeking confirmation data is sent to the first certificate card safety control device by server by instruction the 3rd transceiver module 204;The Two transceiver modules 202, are additionally operable to send card selection instruction to certificate card, and receive the card selection confirmation data that certificate card sends, wherein, Card selection confirms that data at least includes the unique identification information of certificate card;3rd transceiver module 204, is additionally operable to by server to One certificate card safety control device sends card selection request, and reception the first certificate card safety control device is sent by server Card selection request response;Processing module 206, is additionally operable to determine that card selection request response is the response data for card selection request, refers to Show that card selection confirmation data is sent to the first certificate card safety control device by server by the 3rd transceiver module 204;Second receipts Send out module 202, be additionally operable to send Card Reader instruction to certificate card, and the Card Reader that reception certificate card returns confirms data;3rd receipts Send out module 204, be additionally operable to send Card Reader request by server to the first certificate card safety control device, indicate the first certificate card Safety control device starts the flow process reading certificate card information;And receive the first certificate in the flow process reading certificate card information The first interactive information that card safety control device is sent by server, and the second interactive information that certificate card is sent passes through clothes Business device is sent to the first certificate card safety control device;And reception the first certificate card safety control device is sent by server From certificate card read certificate card information;Second transceiver module 202, is additionally operable to receive the 3rd transceiver module 204 First interactive information is sent to certificate card, and receives the second interactive information that certificate card sends;First transceiver module 200, also Certificate card information for receiving the 3rd transceiver module 204 is sent to terminal.
In order that the first certificate card safety control device 40 can determine that card seeking is asked as certificate card information acquisition device institute Send, it is to avoid the attack to the first certificate card safety control device 40 for the certificate card information acquisition device of illegal simulation, at this In one optional embodiment of inventive embodiments, processing module 206 is additionally operable to send card seeking request in the 3rd transceiver module 204 Before, obtain the first identification authentication data, and the first identification authentication data is carried in card seeking request.In this optional embodiment party In formula, alternatively, the first identification authentication data can be that certificate card information acquisition device uses the private key pair letter to be signed of itself Breath carries out the signature value obtaining of signing, and wherein, information to be signed can be the random number that certificate card information acquisition device generates, card The signature value of this random number and this random number can be carried and send in card seeking request by part card information acquisition device together;Or Person, information to be signed can also be not construed as limiting for the card seeking request data carrying in card seeking request, concrete the present embodiment.First card Part card safety control device 40, after receiving card seeking request, can be obtained to certificate card information by the first identification authentication data The identity taking device is authenticated, and certification is passed through afterwards, just returns card seeking response to certificate card information acquisition device.Certainly, One identification authentication data, except being to treat signing messages to carry out signing in addition to the signature value obtaining, can also be other numbers According to for example, to being tested meter using treating authentication data with the algorithm of the first certificate card safety control device 40 agreement in advance Test value calculated etc., concrete the present embodiment is not construed as limiting.
In order that certificate card information acquisition device can determine that card seeking responds as the first certificate card safety control device 40 institute Send, it is to avoid the first certificate card safety control device 40 of illegal simulation illegally obtains the information of storage in certificate card, at this In one optional embodiment of inventive embodiments, in card seeking response, at least carry the second identification authentication data;Processing module 206, it is additionally operable to receive, in the 3rd transceiver module 204, the card seeking response that the first certificate card safety control device is sent by server Afterwards, before card seeking confirmation data being sent to the first certificate card safety control device by server, recognized according to the second identity Card data is authenticated to the identity of the first certificate card safety control device, in the case that certification is passed through, triggering the 3rd transmitting-receiving Card seeking confirmation data is sent to the first certificate card safety control device by server by module 204.I.e. in this optional embodiment party In formula, processing module 206, only in the case of the identity determining the first certificate card safety control device 40, just triggers the 3rd The confirmation data is activation that certificate card is returned by transceiver module 204 gives the first certificate card safety control device 40, it is to avoid certificate card The information of middle storage is illegally accessed.
In above-mentioned optional embodiment, alternatively, the second identification authentication data can be the first certificate card security control Equipment 40 carries out, using the private key pair information to be signed of itself, the signature value obtaining of signing, and wherein, this information to be signed can be First certificate card safety control device 40 generate random number, the first certificate card safety control device 40 can by this random number with And the signature value of this random number carries together and is sent to the first certificate card safety control device 40 in card seeking response;Or, treat Signing messages can also be not construed as limiting for the card seeking response data carrying in card seeking response, concrete the present embodiment.Certificate card information Acquisition device 20, can be by the second identification authentication data to the first certificate card security control after receiving the response of this card seeking The identity of equipment 40 is authenticated, and certification is passed through afterwards, just sends card seeking to the first certificate card safety control device 40 and confirms number According to.Certainly, the second identification authentication data is except being to treat signing messages to carry out signing in addition to the signature value obtaining, acceptable For other data, for example, test to authentication data is treated using the algorithm arranged with certificate card information acquisition device in advance Test value calculating etc., concrete the present embodiment is not construed as limiting.
Similarly, in order that the first certificate card safety control device 40 can determine that card selection asks to obtain for certificate card information Device is sent, it is to avoid certificate card information acquisition device the attacking to the first certificate card safety control device 40 of illegal simulation Hit, in an optional embodiment of the embodiment of the present invention, processing module 206, it is additionally operable to send in the 3rd transceiver module 204 Before card selection request, obtain tiers e'tat authentication data, tiers e'tat authentication data is carried in card selection request.With above-mentioned One identification authentication data is similar, and tiers e'tat authentication data can also be treated using own private key for certificate card information acquisition device Signing messages carries out the signature value obtaining of signing, or or using predetermined and the first certificate card safety control device 40 The algorithm of agreement is treated authentication data and is tested calculated test value, specifically repeats no more.
In addition, in order that certificate card information acquisition device can determine that card selection request response is the first certificate card security control Equipment 40 is sent, it is to avoid the first certificate card safety control device 40 of illegal simulation illegally obtains the letter of storage in certificate card Breath, in an optional embodiment of the embodiment of the present invention, at least carries the 4th authentication number in card selection request response According to;Processing module 206, the card selection being additionally operable to receive the first certificate card safety control device transmission in the 3rd transceiver module 204 is asked After asking response, before card selection confirmation data is sent to the first certificate card safety control device by server, parse card selection The information carrying in request response, obtains the 4th identification authentication data carrying in card selection request response, and according to the 4th identity Authentication data is authenticated to the identity of the first certificate card safety control device, in the case that certification is passed through, triggering the 3rd receipts Send out module 204 and card selection confirmation data is sent to the first certificate card safety control device by server.Equally, with the second identity Authentication data is similar to, and the 4th identification authentication data can be that the first certificate card safety control device 40 is treated using the private key of itself Signing messages carries out the signature value obtaining of signing, or or using predetermined and certificate card information acquisition device agreement Algorithm is treated authentication data and is tested calculated inspection location, specifically repeats no more.
Equally, in order that the first certificate card safety control device 40 can determine that Card Reader asks to obtain dress for certificate card information Put and sent, it is to avoid the attack to the first certificate card safety control device 40 for the certificate card information acquisition device of illegal simulation, In an optional embodiment of the embodiment of the present invention, processing module 206, it is additionally operable to send in the 3rd transceiver module 204 and read Before card request, obtain the 5th identification authentication data, the 5th identification authentication data is carried in Card Reader request.
In order to ensure the data transmission security and the first certificate card safety control device 40 between, in the embodiment of the present invention In one optional embodiment, processing module 206, it is additionally operable to start in the first certificate card safety control device and read certificate card letter Before the flow process of breath, held consultation with the first certificate card safety control device by server, obtain session key;And with During the subsequent communications of the first certificate card safety control device, respectively the 3rd transceiver module 204 is sent using session key Data be encrypted send and to the 3rd transceiver module 204 receive data be decrypted.In a particular application, with the first card The session key agreement of part card safety control device 40 can conversate before the 3rd transceiver module 204 sends card seeking request The negotiation of key or the negotiation starting execution session key when sending card seeking request, can also be and asking card seeking Ask transmission to after the first certificate card safety control device 40, start the negotiation of session key, concrete the present embodiment is not construed as limiting. Session key agreement process and the first certificate card safety control device 40 between may refer to the description of embodiment 3, and here is not Repeat again.
Embodiment 3
Present embodiments provide a kind of certificate card information getting method, the method can be carried by above-described embodiment 1 to 2 For system or device implement.
Fig. 3 is the schematic flow sheet of the certificate card information getting method according to the present embodiment, as shown in figure 3, the method master S301 to be comprised the following steps is to step s320.
Step s301, terminal sends operation requests to certificate card reading device.
In specific implementation process, (for example, usb connects can to pass through wired connection between terminal and certificate card reading device Mouth, serial ports, audio interface etc.) it is also possible to connect (such as wifi, bluetooth, infrared, nfc etc.) by wireless.
In the present embodiment, during the certificate card information that user stores in needing reading certificate card, by terminal to certificate Card reading device sends operation requests, and instruction certificate card reading device needs to read the certificate card information of storage in certificate card.Example As, user can be entered the operating instructions to terminal by certain button in terminal, the operational order of terminal response user input, Send operation requests to certificate card reading device.
In addition, in certificate card, the certificate card information of storage is encryption storage, due to the particularity of certificate card, only certificate Card safety control device could be decrypted to the certificate card information of storage in certificate card.In specific implementation process, Ke Yi In Card Reader request, the content needing the first certificate card safety control device to be decrypted is configured, for example, it is possible to setting the The read-only essential information (for example, name, sex, date of birth etc.) taking storage in certificate card of one certificate card safety control device, Essential information+photo that first certificate card safety control device reads storage in certificate card can also be set, the can also be arranged One certificate card safety control device reads essential information+photo+finger print information of storage etc. in certificate card, specifically can be according to need It is configured.In specific implementation process, can be configured in terminal by user, after being provided with, by operation requests It is sent to certificate card reading device, certificate card reading device, according to the setting of user, during Card Reader, configuration information is sent To the first certificate card safety control device.
Step s302, certificate card reading device receives operation requests, the periodically instruction of broadcast card seeking.
In specific implementation process, certificate card reading device can pass through its radio frequency (rf) antenna, and periodically broadcast is sought Card instruction, if there is certificate card in the readable range of certificate card reading device, this certificate card can receive this card seeking Instruction, and the instruction of this card seeking is responded.
Step s303, certificate card reading device receive certificate card return response message, judge response message be for The card seeking of above-mentioned card seeking instruction confirms data.
In the present embodiment, certificate card reading device is sent out card seeking by its rf radio-frequency module at interval of a period of time Instruction, after certificate card receives the instruction of this card seeking, returns to certificate card reading device and carries the response message that card seeking confirms data, After certificate card reading device determines that the card seeking receiving certificate card transmission confirms data, execution step s304.
Step s304, certificate card reading device go off the air card seeking instruction, to server send card seeking request.
In the present embodiment, card seeking request data can be carried in card seeking request, so that certificate card safety control device energy Enough know the type of the card seeking request receiving.
In the present embodiment, server can be distributed or centralized, can also be Virtual Service Device, concrete the present embodiment is simultaneously not construed as limiting.In addition, can pass through wired between server and the first certificate card safety control device Connect it is also possible to be connected by wireless, concrete the present embodiment is not construed as limiting.
Step s305, server receives card seeking request, sends card seeking request to the first certificate card safety control device.
In a particular application, the certificate card safety control device being connected with server can be (i.e. first certificate card Safety control device) or multiple, in the case of multiple, server, before sending card seeking request, will be certificate Card reading device selects a certificate card safety control device (i.e. the first certificate card safety control device).
In an optional embodiment of the embodiment of the present invention, server selects the mode of certificate card safety control device Including but not limited to one below:
(1) certificate card security control corresponding with certificate card reading device is selected to set from the corresponding relation prestoring Standby, wherein, have recorded each certificate card safety control device in multiple certificate card safety control devices in this corresponding relation and correspond to One or more certificate card reading devices;
For example, server connects multiple certificate card safety control devices and sets it is possible to store multiple certificate card security controls Each certificate card safety control device in standby and the corresponding relation of multiple certificate card reading devices.Wherein, this corresponding relation Can be set according to certain rule, for example, it is possible to be divided according to geographic area, multiple certificate cards in same region Reading device corresponds to same certificate card safety control device, or it is also possible to distributes one to each certificate card reading device Id, is divided according to No. id, and the corresponding same certificate card security control of certificate card reading device in same scope for the id sets Standby, or it is also possible to address (such as ip address) in a network is divided according to each certificate card reading device.By this Optional embodiment, can pass through server, multiple certificate card reading devices are corresponded to a certificate card safety control device, Improve utilization rate and the system manageability of certificate card safety control device, and, pass through multiple certificate card reading devices Correspond to a certificate card safety control device, if there is fault it is also possible to promptly position to fault.
For example, in banking system, multiple certificate card safety control devices can be set in an agency, in server One corresponding relation can be set, the certificate card reading device of front end is numbered, then record corresponds in corresponding relation The certificate card safety control device of each certificate card reading device.Multiple certificate card security controls are shared for multiple agencies set Standby situation, can arrange a corresponding relation in server, record corresponds to from the certificate card reading device of each agency Certificate card safety control device, or it is also possible to carry out certificate card safety according to the ip address of the certificate card reading device of front end The distribution of control device.
(2) current operating state in the plurality of certificate card safety control device is selected to be idle certificate card security control Equipment is as described first certificate card safety control device.
For example, server can be set with each certificate card security control in certificate card safety control devices multiple in record system Standby working condition, when receiving from the card seeking request of certificate card reading device, server can be according to each certificate card The working condition of safety control device, select current operating state be idle certificate card safety control device as with certificate card Reading device corresponding certificate card safety control device (i.e. the first certificate card safety control device), and the certificate card selecting is pacified The working condition of full control device is labeled as busy.By this optional embodiment, a certificate card can be avoided to control safely Control equipment is simultaneously received the information of multiple terminals, and leads to the situation for the treatment of effeciency decline.
In an optional embodiment of the embodiment of the present invention, for quick release untapped certificate card security control Equipment, after server can be with certificate card reading device and the certificate card safety control device sign off selecting, by select The working condition of certificate card safety control device is labeled as the free time.Certainly, in specific implementation process, if all indentations card peace Full control device all processes busy state, can also select certificate according to the load condition of each certificate card safety control device Card safety control device, to reach load balancing.
For example, in banking system, can be in an agency or multiple agency or the whole network setting multiple certificate card peace Full control device, arranges idle certificate card safety control device pond in the server, and server is receiving the card from front end During the card seeking request that part card reading device sends, take out a certificate card security control from idle certificate card safety control device pond Equipment, this certificate card safety control device is distributed to current certificate card reading device, by this certificate card safety control device Process the association requests of current certificate card reading device, and this certificate card safety control device is controlled safely from idle certificate card Remove in control equipment pond, using after complete, then this certificate card safety control device is put into idle certificate card security control set Standby pond.
By above-mentioned optional embodiment, server can select suitably according to having particular application as certificate card reading device Certificate card safety control device, such that it is able to, while improving the utilization rate of certificate card safety control device, improve at data The efficiency of reason.
Step s306, the first certificate card safety control device receives card seeking request, reads dress by server to certificate card Put transmission card seeking response, wherein, in card seeking response, carry card seeking response data.
In order that the first certificate card safety control device can determine what card seeking asked to be sent by certificate card reading device, Avoid the attack to the first certificate card safety control device for the certificate card information acquisition device illegally simulated, in the embodiment of the present invention An optional embodiment in, certificate card reading device send card seeking request at least carry the first authentication number According to;First certificate card safety control device by server to certificate card reading device return card seeking response before, the method Can also include: the first certificate card safety control device is according to the first identification authentication data carrying in card seeking request to certificate card The identity of reading device is authenticated, and in the case that certification is passed through, execution is returned to certificate card reading device by server The step of card seeking response.
In this optional embodiment, alternatively, the first identification authentication data can be certificate card reading device using certainly The private key pair information to be signed of body carries out the signature value obtaining of signing, and wherein, information to be signed can be certificate card reading device The random number generating, the signature value of this random number and this random number can be carried by certificate card reading device together please in card seeking Ask middle transmission;Or, information to be signed can also not made for the card seeking request data carrying in card seeking request, concrete the present embodiment Limit.First certificate card safety control device, can be by the first identification authentication data verification after receiving card seeking request The identity of part card reading device is authenticated, and certification is passed through afterwards, just returns card seeking response to certificate card reading device.Certainly, First identification authentication data, except being to treat signing messages to carry out signing in addition to the signature value obtaining, can also be other numbers According to for example, to being tested calculating using treating authentication data with the algorithm of the first certificate card safety control device agreement in advance Test value etc., concrete the present embodiment is not construed as limiting.First certificate card safety control device adopts corresponding mode to the first body Part authentication data is authenticated.
Step s307, certificate card reading device receives the card seeking response that the first certificate card safety control device sends, and obtains Card seeking response data.
Step s308, certificate card reading device determines the response data that card seeking response data is response card seeking request, will seek Card confirms that data is sent to the first certificate card safety control device by server.
In order that certificate card reading device can determine that card seeking responds being sent by the first certificate card safety control device, The the first certificate card safety control device illegally simulated is avoided illegally to obtain the information of storage in certificate card, in the embodiment of the present invention An optional embodiment in, the first certificate card safety control device send card seeking response before, obtain the second identity recognize Card data, the second identification authentication data is carried in card seeking response.Certificate card reading device is receiving the first certificate card safety After the card seeking response that control device is sent by server, card seeking confirmation data is being sent to the first certificate by server Before card safety control device, according to the second identification authentication data, the identity of the first certificate card safety control device is recognized Card, in the case that certification is passed through, card seeking confirmation data is sent to the first certificate card security control by server and sets by execution Standby operation.I.e. in this optional embodiment, certificate card reading device only sets determining the first certificate card security control In the case of standby identity, the confirmation data is activation just returning certificate card is to the first certificate card safety control device, it is to avoid In certificate card, the information of storage is illegally accessed.
In above-mentioned optional embodiment, alternatively, the second identification authentication data can be the first certificate card security control Equipment carries out, using the private key pair information to be signed of itself, the signature value obtaining of signing, and wherein, this information to be signed can be The random number that one certificate card safety control device generates, the first certificate card safety control device can be by this random number and should be with The signature value of machine number carries together and is sent to the first certificate card safety control device in card seeking response;Or, information to be signed Can also be not construed as limiting for the card seeking response data carrying in card seeking response, concrete the present embodiment.Certificate card reading device is connecing After receiving the response of this card seeking, by the second identification authentication data, the identity of the first certificate card safety control device can be carried out Certification, certification is passed through afterwards, just sends card seeking to the first certificate card safety control device and confirms data.Certainly, the second identity is recognized Card data, except being to treat signing messages to carry out signing in addition to the signature value obtaining, can also be other data, for example, right Tested the test value etc. of calculating using treating authentication data in advance with the algorithm of certificate card reading device agreement, specifically this reality Apply example to be not construed as limiting.Certificate card reading device is authenticated to the second identification authentication data using corresponding mode.
Step s309, certificate card reading device sends card selection instruction to certificate card.
Step s310, certificate card reading device receives the card selection confirmation data that certificate card sends, and wherein, card selection confirms data At least include the unique identification information of certificate card;
Step s311, certificate card reading device passes through server please to the first certificate card safety control device transmission card selection Ask;
Step s312, the first certificate card safety control device receives card selection request, reads dress by server to certificate card Put transmission card selection request response;
In order that the first certificate card safety control device can determine what card selection asked to be sent by certificate card reading device, Avoid the attack to the first certificate card safety control device for the certificate card reading device illegally simulated, the one of the embodiment of the present invention In individual optional embodiment, in the card selection request that certificate card reading device sends, tiers e'tat authentication data can also be carried; First certificate card safety control device is additionally operable to, after receiving card selection request, send to certificate card reading device by server Before card selection request response, the tiers e'tat authentication data according to carrying in card selection request is entered to the identity of certificate card reading device Row certification, in the case that certification is passed through, execution sends the behaviour of card selection request response by server to certificate card reading device Make.Similar to above-mentioned first identification authentication data, tiers e'tat authentication data can also utilize itself for certificate card reading device Private key pair information to be signed carries out the signature value obtaining of signing, or or is controlled safely with the first certificate card using predetermined The algorithm of control equipment agreement is treated authentication data and is tested calculated inspection location, specifically repeats no more.
Step s313, certificate card reading device receives the card selection request response that the first certificate card safety control device sends, Determine that card selection request response is the response data for card selection request, card selection confirmation data is sent to the first card by server Part card safety control device;
In order that certificate card reading device can determine that card selection request response is sent out by the first certificate card safety control device Send, it is to avoid the first certificate card safety control device of illegal simulation illegally obtains the information of storage in certificate card, in the present invention In one optional embodiment of embodiment, the first certificate card safety control device also, before sending card selection request response, obtains Take the 4th identification authentication data, the 4th identification authentication data is carried in card selection request response;Certificate card reading device is connecing After receiving the card selection request response that the first certificate card safety control device sends, card selection confirmation data is sent to by server Before first certificate card safety control device, the information that parsing card selection request carries in responding, obtain in card selection request response and take 4th identification authentication data of band, and according to the 4th identification authentication data, the identity of the first certificate card safety control device is carried out Certification, in the case that certification is passed through, card selection confirmation data is sent to the first certificate card security control by server by execution The operation of equipment.Equally, similar with the second identification authentication data, the 4th identification authentication data can be that the first certificate card is controlled safely Control equipment carries out, using the private key pair information to be signed of itself, the signature value obtaining of signing, or or using predetermined with The algorithm of certificate card reading device agreement is treated authentication data and is tested calculated inspection location, specifically repeats no more.
Step s314, certificate card reading device sends Card Reader instruction to certificate card;
Step s315, certificate card reading device receives the Card Reader confirmation data that certificate card returns;
Step s316, certificate card reading device receives operation requests, sends Card Reader request to server;
Step s317, server sends Card Reader request to the first certificate card safety control device;
Step s318, the first certificate card safety control device receives Card Reader request, starts the flow process reading certificate card information, By carrying out information exchange between server and certificate card reading device and certificate card, read the certificate card of storage in certificate card Information;
In order that the first certificate card safety control device can determine what Card Reader asked to be sent by certificate card reading device, Avoid the attack to the first certificate card safety control device for the certificate card reading device illegally simulated, the one of the embodiment of the present invention In individual optional embodiment, in the Card Reader request that certificate card reading device sends, at least carry the 5th identification authentication data;First Certificate card safety control device, after receiving Card Reader request, before starting the flow process reading certificate card information, is asked according to Card Reader The 5th authentication data carrying in asking is authenticated to the identity of certificate card reading device, in the case that certification is passed through, execution Start the operation of the flow process reading certificate card information.
In the above-mentioned flow process of the present embodiment, start in the first certificate card safety control device 40 and read certificate card information Step before flow process, can be referred to as Card Reader and prepare flow process.
In an optional embodiment of the embodiment of the present invention, the first certificate card safety control device starts reading certificate After the flow process of card information, among the flow process reading certificate card information, the first certificate card safety control device and certificate card it Between can be mutually authenticated by certificate card reading device server, certificate card is only to the first certificate card security control Device authentication passes through afterwards, just allows the information being stored to read, and the first certificate card safety control device is only in verification Part card certification is passed through afterwards, just receives the information that certificate card sends, and then the information that certificate card is sent is processed, to obtain Readable certificate card information.
In an optional embodiment of the embodiment of the present invention, if having to specify in Card Reader request needing the interior of reading Hold, then the first certificate card safety control device, according to this instruction, reads essential information (for example, name, the property of storage in certificate card Not, date of birth etc.), or the essential information+photo reading storage in certificate card.If not specifying in Card Reader request needs The content reading, then the certificate card information of the first certificate card safety control device reading acquiescence, for example, the base of storage in certificate card This information.
Step s319, the certificate reading card information is sent to card by server by the first certificate card safety control device Part card reading device;
In a particular application, the first certificate card safety control device passes through Card Reader flow process, gets storage in certificate card The plaintext of certificate card information, in an optional embodiment of the present embodiment, the first certificate card safety control device can be by The plaintext of the certificate card information reading is transmitted directly to certificate card reading device, or, the first certificate card safety control device Can use and be encrypted with certificate card reading device consulting session key, the certificate card information of encryption is sent to certificate card and reads Read apparatus, are decrypted the plaintext obtaining certificate card information by certificate card reading device.
Step s320, certificate card reading device receives and certificate card information is sent to terminal.
The said method being provided by the present embodiment, certificate card reading device is only carried out information exchange with certificate card, by The functions such as the certificate card safety control device execution certificate card security control certification of far-end, can with multiple certificate card reading devices altogether With a certificate card safety control device, thus improve the utilization rate of certificate card safety control device, save cost.
Alternatively, certificate card information, after receiving certificate card information, can be sent to display device and show by terminal, from And user can be facilitated to read certificate card information.
Alternatively, certificate card information can also be sent to storage device (for example, electronic signature equipment) and carry out by terminal Storage.Use so that follow-up, user can without carrying certificate card, thus avoid user carry with certificate card and The problem made troubles to user.
In order to ensure the data transmission security between certificate card reading device and the first certificate card safety control device, at this In one optional embodiment of inventive embodiments, start in the first certificate card safety control device 40 and read certificate card information Before flow process, certificate card reading device is held consultation by server with the first certificate card safety control device, and both sides must attend the meeting Words key;After certificate card reading device and the first certificate card safety control device obtain session key, read in certificate card During the subsequent communications of device and the first certificate card safety control device, both sides are using session key respectively to sending and receiving Data encrypt and decrypt.In a particular application, certificate card reading device is permissible with the first certificate card safety control device Send the negotiation of the key that conversates before card seeking is asked in certificate card reading device or open when sending card seeking request Begin to execute the negotiation of session key, can also be to send card seeking request in certificate card reading device and control safely to the first certificate card After control equipment, start the negotiation of session key, concrete the present embodiment is not construed as limiting.
Fig. 4 is the embodiment schematic diagram of a kind of optional Card Reader preparation flow process of the present embodiment, as shown in figure 4, can at this Select in embodiment, Card Reader prepares flow process and mainly includes the following steps that (a1-a9):
Step a1: certificate card reading device sends card seeking instruction to certificate card;
Step a2: certificate card receives card seeking instruction, and send card seeking confirmation data to certificate card reading device;
Step a3: certificate card reading device is encrypted to card seeking request data using authenticated encryption key, obtains card seeking Request data ciphertext d1, the first private key pair card seeking request data ciphertext using certificate card reading device is signed, and is sought Block value sd1 that asks for an autograph;
Step a4: certificate card reading device passes through server and sends card seeking request to the first certificate card safety control device, Card seeking request includes card seeking request data ciphertext d1, card seeking asks for an autograph value sd1, the First Certificate of certificate card reading device and card Second certificate of part card reading device;
In the present embodiment, certificate card reading device is sent out card seeking by its rf radio-frequency module at interval of a period of time Instruction, after certificate card receives the instruction of this card seeking, sends card seeking to certificate card reading device and confirms data, certificate card reading device After receiving the card seeking confirmation data of certificate card transmission, certificate card reading device sends to the first certificate card safety control device and seeks Card request.
In the present embodiment, card seeking request includes card seeking request data ciphertext, card seeking ask for an autograph value, certificate card reading The First Certificate of device and the second certificate of certificate card reading device.Wherein, card seeking request data ciphertext is that certificate card reads dress Put after the card seeking receiving certificate card transmission confirms data, using authenticated encryption key, generation is encrypted to card seeking request data 's.Can ensure that to the first certificate card safety control device and seek to transmitting after the encryption of card seeking request data using authenticated encryption key Safety in network transmission for the card request data.
In the present embodiment, at least include certificate card reading device in the First Certificate of certificate card reading device first is public Key, also at least includes the second public key of certificate card reading device in the second certificate of certificate card reading device.Certificate card reads dress The first public key in the First Certificate put and the second public key in the second certificate can identical it is also possible to different, the present embodiment is not Limit.Second public key of certificate card reading device and certificate card reading device used in step a8 used in this step Second private key is a pair of unsymmetrical key pair, is respectively used to step a6, carries out encryption and decryption computing to session key in step a8.
As a kind of optional embodiment of the present embodiment, the card seeking request data in step a3 also include timestamp and/ Or single authentication data, also include the mark of certificate card reading device in card seeking request.Wherein, single authentication mark includes certificate Count value and/or random factor that enumerator in card reading device produces.When single authentication is designated the meter of enumerator generation During numerical value, certificate card reading device often executes a certificate card information read operation, and enumerator can produce a count value, is used for The first packet sending out is counted, for example, when certificate card reading device reads certificate card a, enumerator produces and counts Value 1, when next time reads certificate card b, enumerator produces count value 2, and by that analogy, certainly specific count value form is not limited to This;When single authentication is designated random factor, random factor can be one or a string random number, or can for one or A string random character, or the combination in any of a string random number and random character;The mark of certificate card reading device can be as evidence The serial number of part card reading device, certainly, as long as the mark of certificate card reading device can uniquely represent that certificate card reads dress The mark put can be it is not limited to the serial number of certificate card reading device.
As a kind of optional embodiment of the present embodiment, when card seeking request is sent to server, server may determine that Whether the mark of the certificate card reading device in card seeking request, in blacklist, if in blacklist, terminates certificate card and reads Take flow process;Otherwise, server, according to the disposal ability of each certificate card safety control device, selects for card seeking request which to be sent to Individual certificate card safety control device is processed, and card seeking request is sent to the first certificate card that this chooses and controls safely by server again Control equipment.Shunting process is carried out to the first packet by server, Single Point of Faliure can be prevented.
As a kind of optional embodiment of the present embodiment, server receives card seeking and asks and judge that certificate card reads dress The mark put, not after blacklist, is read to the First Certificate of the certificate card reading device receiving and certificate card using root certificate Second certificate of device is verified, and after being verified, server can utilize the First Certificate of certificate card reading device Value that card seeking is asked for an autograph carries out signature verification, and carries out after signature verification passes through in value that card seeking is asked for an autograph, please by card seeking Second certificate of the card seeking request data ciphertext in asking and certificate card reading device sends to the first certificate card safety control device.
Step a5: the first certificate card safety control device receives card seeking request, and first using certificate card reading device Certificate card seeking is asked for an autograph value sd1 carries out signature verification, and carries out after signature verification passes through in value that card seeking is asked for an autograph, profit With certification decruption key, card seeking request data ciphertext d1 is decrypted, obtains card seeking request data d1, according to card seeking number of request According to d1, generate card seeking request response data rd1;
As a kind of optional embodiment of the present embodiment, the first certificate card safety control device receives card seeking request Afterwards, using root certificate, the First Certificate of the certificate card reading device receiving and the second certificate of certificate card reading device are carried out Checking, to prevent illegal molecule from distorting the first public key and certificate card reading device second in certificate card reading device First Certificate The second public key in certificate, realizes the safety certification to certificate card reading device, improves the safety of both sides' interaction.
In the present embodiment, certification decruption key and the authenticated encryption key in step a3 are identical key, that is, symmetrically Key, is built in the first certificate card safety control device and certificate card reading device in advance, and certificate card reading device utilizes should The data that symmetric key is sent to the first certificate card safety control device first to certificate card reading device is encrypted, the first card Part card safety control device receives certificate card first using this symmetric key and reads dress to the first certificate card safety control device The data of putting transmission is decrypted it is ensured that certificate card reading device and the first certificate card safety control device transmission data first Safety.Optionally, authenticated encryption key and certification decruption key are saved in key database, the first certificate card security control Equipment can read this certification decruption key from key database, and it is local to be saved in the first certificate card safety control device. Certificate card reading device can also read this authenticated encryption key from key database, and is saved in certificate card reading device originally Ground.
Step a6: the first certificate card safety control device generates session key r3, and using session key, card seeking is asked Response data rd1 is encrypted, and obtains card seeking request response data ciphertext rd1, and the second card using certificate card reading device Book is encrypted to session key, obtains session key ciphertext r3, and the private key pair using the first certificate card safety control device Card seeking request response data ciphertext and session key ciphertext are signed, and obtain card seeking request response signature value srd1;
Step a7: the first certificate card safety control device sends card seeking request response to certificate card reading device, and card seeking please Response is asked to include: card seeking request response data ciphertext rd1, session key ciphertext r3, card seeking request response signature value srd1 and the The certificate of one certificate card safety control device;
In the present embodiment, after the first certificate card safety control device deciphering obtains card seeking request data, generating card seeking please Seek response data, and generate session key, wherein session key can be one or a string random number, or can for one or A string random character, or the combination in any of a string random number and random character.Using session key, number of responses is asked to card seeking According to being encrypted the safety in network transmission it is ensured that card seeking request response data.In addition, session key is as random The key producing, is difficult to be stolen by illegal molecule.In the present embodiment, except certificate card reading device and the first certificate card security control Outside the data that equipment transmits first is encrypted using authenticated encryption key, follow-up certificate card reading device and the first certificate card The data that safety control device is transmitted can be encrypted by session key, to avoid authenticated encryption key to be cracked Data transmission security is led to reduce.Because session key is in the form of random number, it is random that each data transmitted adopts Number is all different, can improve the peace of data transfer between certificate card reading device and the first certificate card safety control device further Quan Xing.
In the present embodiment, the first certificate card safety control device utilizes the public affairs in the second certificate of certificate card reading device Key is encrypted to session key, obtains session key ciphertext it is ensured that safety in network transmission for the session key.
In the present embodiment, the first certificate card safety control device utilizes the private key pair card seeking request response of itself storage close Literary composition and session key are signed, and can prevent illegal molecule from distorting card seeking request response cyphertext and session key.
In the present embodiment, the card seeking request response that the first certificate card safety control device sends to certificate card reading device Including: card seeking request response data ciphertext, session key ciphertext, card seeking request response signature value and the first certificate card security control The certificate of equipment.Wherein, the certificate of the first certificate card safety control device includes the public affairs of the first certificate card safety control device Key, the public key of the private key of the first certificate card safety control device and the first certificate card safety control device is a pair of unsymmetrical key Right, for from the first certificate card safety control device to certificate card reading device in transmission data signed and sign test.
As a kind of optional embodiment of the present embodiment, card seeking can directly be asked by the first certificate card safety control device Response is asked to send to certificate card reading device;Also card seeking request response can be sent to dispatching device, dispatching device will be sought again Card request response sends to certificate card reading device.
Step a8: certificate card reading device receives card seeking request response, and using the first certificate card safety control device Certificate asks response signature value srd1 to carry out sign test to card seeking, and asking response signature value to carry out to card seeking after sign test passes through, The second private key pair session key ciphertext r3 using certificate card reading device is decrypted, and obtains session key r3, and utilizes meeting Words key is decrypted to card seeking request response data ciphertext, obtains card seeking request response data rd1.
Step a9: after certificate card reading device obtains card seeking request response data, to the first certificate card safety control device Send card seeking request data, card seeking flow process terminates.
As a kind of optional embodiment of the present embodiment, after certificate card reading device receives card seeking request response, profit With root certificate, the certificate of the first certificate card safety control device receiving is verified, to prevent illegal molecule from distorting first Public key in the certificate of certificate card safety control device, realizes the safety certification to the first certificate card safety control device, improves The safety of both sides' interaction.
As a kind of optional embodiment of the present embodiment, when the first certificate card safety control device is to be read using certificate card Second certificate of read apparatus is encrypted to session key and single authentication mark, and when generating session key ciphertext, certificate card is read Second private key pair session ciphertext of read apparatus is decrypted, and obtains session key and single authentication mark, can be according to single authentication Mark judges it is the response to the request of which time card seeking.
As a kind of optional embodiment of the present embodiment, before card seeking flow process, certificate card reading device and first is demonstrate,proved Part card safety control device can be with consulting session key to be further ensured that the safety of card seeking request data transmission, concrete consultation meeting The process of words key is: certificate card reading device is encrypted to session key request data using authenticated encryption key, obtains Session key request data ciphertext, the first private key pair session key request data ciphertext using certificate card reading device is signed Name, obtains session key and asks for an autograph value, and sends session key to the first certificate card safety control device and ask, session key Request includes session key request data ciphertext, session key asks for an autograph value, the First Certificate of certificate card reading device and card Second certificate of part card reading device;First certificate card safety control device receives session key request, and is read using certificate card The First Certificate of read apparatus session key is asked for an autograph value carries out signature verification, and carries out in value that session key is asked for an autograph After signature verification is passed through, using certification decruption key, session key request data ciphertext is decrypted, obtaining session key please Seek data;First certificate card safety control device generates session key, and utilizes the second certificate of certificate card reading device to meeting Words key is encrypted, and obtains session key ciphertext, and the private key pair session key using the first certificate card safety control device Ciphertext is signed, and obtains session key ciphertext signature value, and sends session key request response, meeting to certificate card reading device Words key request response includes: session key ciphertext, session key ciphertext signature value and the first certificate card safety control device Certificate;Certificate card reading device receives session key request response, and the certificate pair using the first certificate card safety control device Session key ciphertext signature value carries out sign test, and session key ciphertext signature value is being carried out after sign test passes through, using certificate card Second private key pair session key ciphertext of reading device is decrypted, and obtains session key.
As a kind of optional embodiment of the present embodiment, when having consulted session key before card seeking flow process, on State certificate card reading device and the first certificate card safety control device in Card Reader preparation flow process and can directly utilize session key pair Card seeking request data and card seeking request response data carry out encryption and decryption, and the card seeking flow process that above-mentioned Card Reader prepares in flow process can be replaced For:
Step a1: certificate card reading device sends card seeking instruction to certificate card;
Step a2: certificate card receives card seeking instruction, and send card seeking confirmation data to certificate card reading device;
Step a3: certificate card reading device is encrypted to card seeking request data using session key, obtains card seeking request Data ciphertext, the first private key pair card seeking request data ciphertext using certificate card reading device is signed, and obtains card seeking request Signature value;
Step a4: certificate card reading device sends card seeking request, card seeking request bag to the first certificate card safety control device Include card seeking request data ciphertext and card seeking asks for an autograph value;
Step a5: the first certificate card safety control device receives card seeking request, and first using certificate card reading device Certificate card seeking is asked for an autograph value carries out signature verification, and carries out after signature verification passes through, utilizing in value that card seeking is asked for an autograph Session key is decrypted to card seeking request data ciphertext, obtains card seeking request data d1, according to card seeking request data d1, generates Card seeking request response data rd1;
Step a6: the first certificate card safety control device is encrypted to card seeking request response data using session key, Obtain card seeking request response data ciphertext, and the private key pair card seeking request response data using the first certificate card safety control device Ciphertext is signed, and obtains card seeking request response signature value;
Step a7: the first certificate card safety control device sends card seeking request response to certificate card reading device, and card seeking please Response is asked to include: card seeking request response data ciphertext and card seeking request response signature value;
Step a8: certificate card reading device utilizes the certificate of the first certificate card safety control device to the card seeking request receiving Response signature value carries out sign test, and after card seeking being asked response signature value sign test pass through, using session key to receiving Card seeking request response data ciphertext is decrypted, and obtains card seeking request response data.
Step a9: certificate card reading device sends card seeking to the first certificate card safety control device and confirms data.
Step a1-a9 completes card seeking flow process, and card seeking flow process also includes card selection flow process after terminating, by card selection flow process first Certificate card safety control device can confirm that the read operation being which certificate card is carried out.One kind as the present embodiment can Select embodiment, after step a9 step, also include following card selection flow process realizes step (a10-a18):
Step a10: after certificate card reading device obtains card seeking request response data, send card selection instruction to certificate card;
Step a11: certificate card receives card selection instruction, and send card selection confirmation data to certificate card reading device, wherein select Card confirms that data at least includes the serial number of certificate card.
Step a12: certificate card reading device receives card selection and confirms data, and using session key to card selection request data d2 It is encrypted, obtains card selection request data ciphertext d2, the first private key pair card selection request data using certificate card reading device is close Literary composition is signed, and obtains card selection and asks for an autograph value sd2;
Step a13: certificate card reading device sends card selection request, card selection request bag to the first certificate card safety control device Include card selection request data ciphertext and card selection asks for an autograph value;
Step a14: the first certificate card safety control device receives card selection request, and first using certificate card reading device Certificate card selection is asked for an autograph value carries out signature verification, and carries out after signature verification passes through, utilizing in value that card selection is asked for an autograph Session key is decrypted to card selection request data ciphertext, obtains card selection request data d2, according to card seeking request data d2, generates Card seeking request response data rd2;
Step a15: the first certificate card safety control device is encrypted to card selection request response data using session key, Obtain card selection request response data ciphertext rd2, and the private key pair card selection request response using the first certificate card safety control device Data ciphertext is signed, and obtains card selection request response signature value srd2;
Step a16: the first certificate card safety control device sends card selection request response to certificate card reading device, and card selection please Response is asked to include: card selection request response data ciphertext and card selection request response signature value;
Step a17: certificate card reading device utilizes the certificate of the first certificate card safety control device that the card selection receiving is asked Response signature value is asked to carry out sign test, and after card selection being asked response signature value sign test pass through, using session key to receiving Card selection request response data ciphertext be decrypted, obtain card selection request response data rd2;
Step a18: certificate card reading device, after obtaining card selection request response data, is confirmed to card selection using session key Data is encrypted and obtains card selection confirmation data ciphertext, and confirms data using the first private key pair card selection of certificate card reading device Ciphertext is signed, and obtains card selection and confirms data signature value, and sends card selection confirmation number to the first certificate card safety control device Confirm data signature value according to ciphertext and card selection;First certificate card safety control device receives card selection and confirms data ciphertext and card selection After confirming data signature value, the First Certificate using certificate card reading device carries out signature verification to card selection data signature value, and Carrying out to card selection data signature value after signature verification passes through, confirming that data ciphertext is decrypted using session key to card selection, Obtain card selection and confirm data.
In the present embodiment, a certificate card has a safe key, different certificate card, corresponding safe key Differ, the safe key of multiple certificate cards that are stored with the first certificate card safety control device, by step a18, the first card Part card safety control device obtains card selection and confirms data, and wherein card selection confirms that data includes the serial number of certificate card, the first card After part card safety control device obtains the serial number of certificate card, the corresponding peace of this certificate card can be searched according to the serial number of certificate card Full key, subsequently to realize certificate card and the two-way authentication of the first certificate card safety control device using this safe key.
After card selection flow process terminates, start the preparation before Card Reader flow process, mainly include the following steps that (step a19-a23):
Step a19: certificate card reading device sends Card Reader instruction to certificate card;
Step a20: certificate card receives Card Reader instruction, and send Card Reader confirmation data to certificate card reading device;
Step a21: certificate card reading device is encrypted to Card Reader request data d3 using session key, obtaining Card Reader please Seek data ciphertext d3, and signed using the first private key pair Card Reader request data ciphertext of certificate card reading device, read Block value sd3 that asks for an autograph;
Step a22: certificate card reading device sends Card Reader request, Card Reader request bag to the first certificate card safety control device Include Card Reader request data ciphertext and Card Reader asks for an autograph value;
Step a23: the first certificate card safety control device receives Card Reader request, and first using certificate card reading device Certificate Card Reader is asked for an autograph value carries out signature verification, and carries out after signature verification passes through, utilizing in value that Card Reader is asked for an autograph Session key is decrypted to Card Reader request data ciphertext, obtains Card Reader request data d3.
It should be noted that in above-mentioned flow process, between certificate card reading device and the first certificate card safety control device The information of transmission is forwarded by server.
So far, Card Reader preparation flow process terminates, and the first certificate safety control device starts Card Reader flow process, gets in certificate card The certificate card information of storage.Fig. 5 is the Card Reader schematic flow sheet in an optional embodiment of the embodiment of the present invention, such as Fig. 5 Shown, in this optional embodiment, Card Reader flow process may include that
Step b1: the first certificate card safety control device generates first certification factor r1;Recognized to first using session key The card factor is encrypted, and obtains the first certification factor ciphertext r1, and the private key pair the using the first certificate card safety control device One certification factor ciphertext is signed, and obtains the first certification factor signature value sr1;This step can and then step a23.
Step b2: the first certificate card safety control device sends Card Reader request response to certificate card reading device, and Card Reader please Response is asked to include: the first certification factor ciphertext and the first certification factor signature value;
Step b3: certificate card reading device receives Card Reader request response, and using the first certificate card safety control device Certificate carries out signature verification to the first certification factor signature value sr1, and is carrying out signature verification to the first certification factor signature value By rear, using session key, the first certification factor ciphertext r1 be decrypted, obtain first certification factor r1.
Step b4: certificate card reading device sends first certification factor r1 to certificate card;
In the present embodiment, the first certification factor can be one or a string random number, or can be one or a string Random character, or the combination in any of a string random number and random character.
In the present embodiment, certificate card reading device passes through non-contact interface to the certificate card transmission first certification factor, its Middle non-contact interface can be rf radio-frequency module.
Step b5: certificate card receives first certification factor r1, and the first certification factor is encrypted, and obtains the first certification Data c1, and generate second certification factor r2;
Step b6: certificate card sends the first authentication data c1 and second certification factor r2 to certificate card reading device;
In the present embodiment, certificate card can be encrypted to the first certification factor using safe key, this safe key It is to be built in advance in legal certificate card, only legal certificate card just has this safe key.
In the present embodiment, certificate card by non-contact interface receive certificate card reading device send the first certification because Son, wherein, non-contact interface can be rf radio-frequency module.Number between certificate card reading device in the present embodiment and certificate card According to being all to carry out communications by non-contact interface, the data being referred to below between certificate card reading device and certificate card is sent out Send and will not be described in great detail specific embodiment.
Step b7: certificate card reading device receives the first authentication data and the second certification factor, and utilize session key pair First authentication data and the second certification factor are encrypted, and obtain the first ciphertext e1, and the using certificate card reading device One private key pair the first ciphertext is signed, and obtains the first signature value s1;
In the present embodiment, the second certification factor can be one or a string random number, or can be one or a string Random character, or the combination in any of a string random number and random character.It is right that certificate card can be realized using the second certification factor The certification of the first certificate card safety control device.
In the present embodiment, session key can also be one or a string random number, or can for one or a string with Machine character, or the combination in any of a string random number and random character.Certificate card reading device and the first certificate card security control Equipment utilization session key carries out adding to the data of transmission between certificate card reading device and the first certificate card safety control device Deciphering.
In the present embodiment, certificate card reading device is carried out using first private key pair the first ciphertext of certificate card reading device Signature, a kind of optional embodiment obtaining the first signature value is: it is close that certificate card reading device utilizes hash algorithm to calculate first Literary composition obtains the summary of the first ciphertext, and is encrypted using the summary of first private key pair the first ciphertext of certificate card reading device, Obtain the first signature value.Can prevent illegal molecule from distorting the first ciphertext by the first ciphertext is carried out with signature.Need explanation It is that the signature process in the present embodiment all can be found in this embodiment, the process that signature is referred to below will no longer specifically repeat.
Step b8: certificate card reading device sends the first packet, the first data to the first certificate card safety control device Bag includes: the first ciphertext e1 and the first signature value s1;
In the present embodiment, certificate card reading device has network savvy, can directly pass through cable network or wireless network Send the first packet to the first certificate card safety control device.
As a kind of optional embodiment, certificate card reading device can using session key to the first authentication data and After the second certification factor is encrypted together, transmit to the first certificate card safety control device, it is of course also possible to respectively to first After authentication data and the second certification factor are encrypted, and it is transmitted separately to the first certificate card safety control device.
In the present embodiment, certificate card reading device is not directly to send the first packet to the first certificate card safety Control device, but first send the first packet to server, then by server by the first allocation of packets to the first certificate Card safety control device.By server, the data that will send to the first certificate card safety control device is scheduling, permissible Prevent Single Point of Faliure.
Step b9: the first certificate card safety control device receives the first packet;And the using certificate card reading device One certificate carries out signature verification to the first signature value s1, and the first signature value is being carried out after signature verification passes through, using session Key is decrypted to the first ciphertext e1, obtains the first authentication data c1 and second certification factor r2;And to the first authentication data C1 is verified, after the first authentication data is verified, second certification factor r2 is encrypted, obtains second and recognize Card data c2;And using session key, the second authentication data is encrypted, obtain the second ciphertext e2, and utilize the first certificate Private key pair second ciphertext of card safety control device is signed, and obtains the second signature value s2
In the present embodiment, the First Certificate of certificate card reading device at least includes the first public affairs of certificate card reading device Key, the first private key of the certificate card reading device in the first public key of certificate card reading device and step b7 be a pair asymmetric close Key.
In the present embodiment, the first certificate card safety control device utilizes the First Certificate of certificate card reading device to first A kind of optional embodiment that signature value carries out signature verification is: the first certificate card safety control device utilizes certificate card to read dress The public key of the First Certificate put is decrypted to receiving the first signature value, obtains the summary of the first ciphertext, and is calculated using hash Method carries out being calculated the summary of the first ciphertext to the first ciphertext receiving, and compares the summary of the first ciphertext that deciphering obtains Whether identical with the summary of calculated first ciphertext, if identical, signature verification carried out to the first signature value and passes through.? In the present embodiment, the first certificate card safety control device carries out checking and includes two kinds of embodiments to the first authentication data: side Formula one: the first certificate card safety control device can be using the built-in safe key of the first certificate card safety control device to reception To the first authentication data be decrypted, obtain the certification factor, and compare that the certification factor that deciphering obtains generated with itself the Whether the one certification factor is identical, if identical, the first authentication data is verified.Mode two: the first certificate card is pacified Full control device can be given birth to itself using the corresponding safe key of this certificate card of the first certificate card safety control device storage The first certification factor becoming is encrypted and obtains authentication data, and compares the encryption authentication data obtaining and first receiving and recognize Whether card data is identical, if identical, the first authentication data is verified.Due to legal certificate card manufacturing process Middle meeting built-in security key, also can store identical safe key in the first certificate card safety control device, so that subsequently real The now two-way authentication between this certificate card and the first certificate card safety control device.If the first certificate card safety control device pair First authentication data is verified, and illustrates that the safe key of certificate card use and the first certificate card safety control device use Safe key identical, and certificate card be to first certificate card safety control device generate the first certification factor be encrypted The first authentication data arriving, then this certificate card is legal certificate card, and the first certificate card safety control device is by recognizing to first Card data carries out verifying the legitimacy confirming certificate card.
In the present embodiment, after the first authentication data being verified, the first certificate card safety control device utilizes Safe key is encrypted to the second certification factor, obtains the second authentication data.Equally, the first certificate card safety control device profit Safe key is also to be built in advance in the first certificate card safety control device, only legal the first certificate card safety Control device just has this safe key.As a kind of optional embodiment, the first authentication data is carried out with checking illogical Cross, then terminate certificate card and read flow process.
Step bi0: the first certificate card safety control device sends the second packet, the second data to certificate card reading device Bag includes: the second ciphertext e2 and the second signature value s2;
In the present embodiment, the first certificate card safety control device can be by cable network or wireless network to server Send the second packet, server transmits the second packet to certificate card reading device again.
Step b11: certificate card reading device receives the second packet, using the certificate of the first certificate card safety control device Signature verification is carried out to the second signature value s2, and the second signature value is being carried out after signature verification passes through, using session key pair Second ciphertext e2 is decrypted, and obtains the second authentication data c2;
In the present embodiment, the certificate of the first certificate card safety control device at least includes the first certificate card security control and sets Standby public key.
Step b12: certificate card reading device sends the second authentication data c2 to certificate card;
Step b13: certificate card carries out to the second authentication data verifying c2;
Step b14: certificate card, after the second authentication data is verified, sends certificate to certificate card reading device Card data ciphertext cd1;
In the present embodiment, the specific embodiment that certificate card is verified to the second authentication data is: mode one: certificate Card can be decrypted to the second authentication data receiving using the corresponding decruption key of the built-in safe key of certificate card, obtains Whether to the certification factor, and it is identical with the second certification factor that itself generates to compare the certification factor that deciphering obtains, if identical, Then the second authentication data is verified.Mode two: certificate card can utilize the safe key of certificate card that itself is generated The second certification factor be encrypted and obtain authentication data, and compare the encryption authentication data obtaining and the second certification receiving Whether data is identical, if identical, the second authentication data is verified.Certificate card is tested to the second authentication data Card passes through, and illustrates that the safe key safe key built-in with certificate card that the first certificate card safety control device uses is identical, says Bright first certificate card safety control device is the first legal certificate card safety control device, and certificate card is by the second certification number According to carrying out verifying the legitimacy confirming the first certificate card safety control device.
In step b9, the first certificate card safety control device confirms the legitimacy of certificate card by the first certification factor, In step b14, certificate card confirms the legitimacy of the first certificate card safety control device by the second certification factor.Two-way recognize After card passes through, certificate card ability sends certificate card data ciphertext to certificate card reading device, and wherein, certificate card data ciphertext is usually The ciphertext of the data such as certificate card number, name, photo, age, address, card service life and/or fingerprint.
Step b15: certificate card reading device receives certificate card data ciphertext cd1, and using session key to certificate card number It is encrypted according to ciphertext, obtain the 3rd ciphertext e3, and signed using the first private key pair the 3rd ciphertext of certificate card reading device Name, obtains the 3rd signature value s3;
In the present embodiment, certificate card reading device using session key, certificate card data ciphertext is encrypted it is ensured that Safety in network transmission process for the certificate card data ciphertext.In addition, the first private key pair the 3rd using certificate card reading device Ciphertext is signed, and can prevent illegal molecule from distorting the 3rd ciphertext.
Step b16: certificate card reading device sends the 3rd packet, the 3rd data to the first certificate card safety control device Bag includes: the 3rd ciphertext e3 and the 3rd signature value s3;
Step b17: the first certificate card safety control device receives the 3rd packet, and the using certificate card reading device One certificate carries out signature verification to the 3rd signature value s3, and the 3rd signature value is being carried out after signature verification passes through, using session Key is decrypted to the 3rd ciphertext e3, obtains certificate card data ciphertext cd1;And certificate card data ciphertext is decrypted, obtain To certificate card data clear text cd2;And using session key, certificate card data clear text cd2 is encrypted, obtain the 4th ciphertext e4, And signed using private key pair the 4th ciphertext of the first certificate card safety control device, obtain the 4th signature value s4;
Optionally, the information included by certificate card data ciphertext can once be sent to the first certificate by a packet Card safety control device, certainly, the information included by certificate card data ciphertext can also be sent several times by multiple packets To the first certificate card safety control device.
In the present embodiment, the first certificate card safety control device obtains certificate card data ciphertext to the 3rd ciphertext deciphering Afterwards, using the ciphertext data reading from certificate card being decrypted of setting in the first certificate card safety control device Module is decrypted to certificate card data ciphertext, obtains certificate card data clear text.Using session key to certificate card data clear text It is encrypted it is ensured that safety in network transmission process for the certificate card data clear text;Set using the first certificate card security control Standby private key pair the 4th ciphertext is signed, and can prevent illegal molecule from distorting the 4th ciphertext.
Step b18: the first certificate card safety control device sends the 4th packet, the 4th data to certificate card reading device Bag includes: the 4th ciphertext e4 and the 4th signature value s4;
Step b19: certificate card reading device receives the 4th packet, and the card using the first certificate card safety control device Book carries out signature verification to the 4th signature value s4, and the 4th signature value is being carried out after signature verification passes through, using session key 4th ciphertext e4 is decrypted, obtains certificate card data clear text cd2;Then certificate card reading device can be by certificate card data It is sent to terminal in plain text.
In the present embodiment, certificate card data clear text usually certificate card number, name, photo, age, address, card makes Plaintext with data such as the time limit and/or fingerprints.As a kind of optional embodiment of the present embodiment, certificate card reading device is deciphered After obtaining certificate card data clear text, certificate card data clear text is sent to terminal, is shown or stored by terminal certificate card data bright Literary composition.
By above-mentioned flow process, certificate card and the first certificate card safety control device pass through the first certification factor and the second certification The interaction of the factor completes two-way authentication, and the first certificate card safety control device is decrypted to certificate card data ciphertext to obtain Certificate card data clear text, and it is sent to certificate card reading device, to complete the reading of certificate card.
As seen from the above technical solution provided by the invention, in scheme provided in an embodiment of the present invention, by certificate Card safety control module removes from certificate card reading device, and certificate card reading device may only be communicated with certificate card, and Certificate card information needs to complete to read by the certificate card safety control device being arranged on backstage, such that it is able to reduce certificate card radio frequency The cost of device, and, multiple terminal can be verified by same certificate card safety control device, thus improve certificate The utilization rate of card safety control device.
In flow chart or here any process described otherwise above or method description are construed as, represent and include The module of the code of executable instruction of one or more steps for realizing specific logical function or process, fragment or portion Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable Sequence, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should be by the present invention Embodiment person of ordinary skill in the field understood.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned In embodiment, the software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage Or firmware is realizing.For example, if realized with hardware, and the same in another embodiment, can use well known in the art under Any one of row technology or their combination are realizing: have the logic gates for data signal is realized with logic function Discrete logic, there is the special IC of suitable combinational logic gate circuit, programmable gate array (pga), scene Programmable gate array (fpga) etc..
Although embodiments of the invention have been shown and described above it is to be understood that above-described embodiment is example Property it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is in the principle without departing from the present invention and objective In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention By claims and its equivalent limit.

Claims (14)

1. a kind of certificate card information getting method is it is characterised in that include:
Step 1, terminal sends operation requests to certificate card reading device;
Step 2, described certificate card reading device receives described operation requests;
Step 3, described certificate card reading device periodically broadcasts card seeking instruction;
Step 4, described certificate card reading device receive certificate card return response message, judge described response message be for The card seeking of described card seeking instruction confirms data;
Step 5, described certificate card reading device is gone off the air the instruction of described card seeking, sends card seeking request to server;
Step 6, described server receives described card seeking request, and sending described card seeking to the first certificate card safety control device please Ask;
Step 7, described first certificate card safety control device receives described card seeking request, by described server to described certificate Card reading device sends card seeking response, wherein, carries card seeking response data in described card seeking response;
Step 8, described certificate card reading device receives the described card seeking response that described first certificate card safety control device sends, Obtain described card seeking response data;
Step 9, described certificate card reading device determines the response data that described card seeking response data is response described card seeking request, Described card seeking confirmation data is sent to described first certificate card safety control device by described server;
Step 10, described certificate card reading device sends card selection instruction to described certificate card;
Step 11, described certificate card reading device receives the card selection confirmation data that described certificate card sends, and wherein, described card selection is true Recognize the unique identification information that data at least includes described certificate card;
Step 12, described certificate card reading device passes through described server and sends choosing to described first certificate card safety control device Card request;
Step 13, described first certificate card safety control device receives described card selection request;
Step 14, described first certificate card safety control device passes through described server and sends choosing to described certificate card reading device Card request response;
Step 15, described certificate card reading device receives the card selection request sound that described first certificate card safety control device sends Should;
Step 16, described certificate card reading device determines that described card selection request response is the number of responses for the request of described card selection According to, by described card selection confirmation data described first certificate card safety control device is sent to by described server;
Step 17, described certificate card reading device sends Card Reader instruction to described certificate card;
Step 18, described certificate card reading device receives the Card Reader confirmation data that described certificate card returns;
Step 19, described certificate card reading device sends Card Reader request to described server;
Step 20, described server sends the request of described Card Reader to the first certificate card safety control device;
Step 21, described first certificate card safety control device receives described Card Reader request, starts the stream reading certificate card information Journey, by carrying out information exchange between described server and described certificate card reading device and described certificate card, reads described The certificate card information of storage in certificate card;
Step 22, the described certificate card information reading is sent to by described first certificate card safety control device by server Described certificate card reading device;
Step 23, described certificate card reading device receives and described certificate card information is sent to described terminal.
2. method according to claim 1 it is characterised in that
The first identification authentication data is at least carried in described card seeking request;Described first certificate card safety control device is passing through Before described server returns described card seeking response to described certificate card reading device, methods described also includes: described first card Described first identification authentication data that part card safety control device carries in being asked according to described card seeking is read to described certificate card The identity of device is authenticated, and in the case that certification is passed through, execution is by described server to described certificate card reading device The step returning described card seeking response;And/or
The second identification authentication data is at least carried in described card seeking response;Receive described first in described certificate card reading device After the card seeking response that certificate card safety control device is sent by described server, described card seeking is being confirmed that data passes through institute State before server is sent to described first certificate card safety control device, methods described also includes: described certificate card reads dress Put and according to described second identification authentication data, the identity of described first certificate card safety control device is authenticated, lead in certification In the case of crossing, described card seeking confirmation data is sent to described first certificate card security control by described server and sets by execution Standby step;And/or
Tiers e'tat authentication data is carried in described card selection request;Receive described in described first certificate card safety control device After card selection request, before card selection request response is sent to described certificate card reading device by described server, methods described Also include: the tiers e'tat authentication data that described first certificate card safety control device carries in being asked according to described card selection is to institute The identity stating certificate card reading device is authenticated, and in the case that certification is passed through, execution is by described server to described card The step that part card reading device sends card selection request response;And/or
The 4th identification authentication data is at least carried in described card selection request response;Receive described in described certificate card reading device After the card selection request response that first certificate card safety control device sends, described card selection is confirmed that data passes through described server Before being sent to described first certificate card safety control device, methods described also includes: described certificate card reading device parses institute State the information carrying in card selection request response, obtain the 4th identification authentication data carrying in described card selection request response, and root According to described 4th identification authentication data, the identity of described first certificate card safety control device is authenticated, passes through in certification In the case of, described card selection confirmation data is sent to described first certificate card safety control device by described server by execution Step;And/or
The 5th identification authentication data is at least carried in described Card Reader request;Receive institute in described first certificate card safety control device After stating Card Reader request, before starting the flow process reading certificate card information, methods described also includes: described first certificate card safety Described 5th authentication data that control device carries in being asked according to described Card Reader is entered to the identity of described certificate card reading device Row certification, in the case that certification is passed through, the step that execution starts the flow process reading certificate card information.
3. method according to claim 1 and 2 it is characterised in that
Before described first certificate card safety control device starts the flow process of reading certificate card information, methods described also includes: Described certificate card reading device is held consultation by described server with described first certificate card safety control device, and both sides obtain Session key;
After described certificate card reading device obtains session key with described first certificate card safety control device, in described card During the subsequent communications of part card reading device and described first certificate card safety control device, described certificate card reading device and Described first certificate card safety control device is encrypted reconciliation to the data sending and receiving respectively using described session key Close.
4. the method according to any one of claims 1 to 3 is it is characterised in that described server is to the first certificate card safety Control device sends described card seeking request and includes:
Described server selects described first certificate card safety control device from multiple certificate card safety control devices;
Described server sends the request of described card seeking to the described first certificate card safety control device selected.
5. the method according to any one of Claims 1-4 is it is characterised in that described terminal receives described certificate card information Afterwards, methods described also includes:
Described certificate card presentation of information and/or send is stored by described terminal to storage device.
6. a kind of certificate card information acquisition device is it is characterised in that include:
First transceiver module, sends operation requests for receiving terminal;
Second transceiver module, for periodic broadcast card seeking instruction, and receives the response message of certificate card return;
Processing module, for judging that described response message is the card seeking confirmation data for the instruction of described card seeking;If it is, referring to Show that described second transceiver module is gone off the air the instruction of described card seeking, and indicate that the 3rd transceiver module passes through server to the first certificate Card safety control device sends card seeking request;
Described 3rd transceiver module, for sending described card seeking request by described server, and receives described first certificate card The described card seeking response that safety control device is returned by described server;
Described processing module, is additionally operable to obtain described card seeking response data from described card seeking responds, and determines described card seeking response Data is the response data of response described card seeking request, indicates that described card seeking is confirmed that data passes through institute by described 3rd transceiver module State server and be sent to described first certificate card safety control device;
Described second transceiver module, is additionally operable to send card selection instruction to described certificate card, and receives the choosing that described certificate card sends Card confirms data, and wherein, described card selection confirms that data at least includes the unique identification information of described certificate card;
Described 3rd transceiver module, is additionally operable to send card selection by described server to described first certificate card safety control device Request, and receive the card selection request response that described first certificate card safety control device is sent by described server;
Described processing module, is additionally operable to determine that described card selection request response is the response data for the request of described card selection, instruction Described card selection confirmation data is sent to described first certificate card security control by described server by described 3rd transceiver module Equipment;
Described second transceiver module, is additionally operable to send Card Reader instruction to described certificate card, and receives what described certificate card returned Card Reader confirms data;
Described 3rd transceiver module, is additionally operable to send Card Reader by described server to described first certificate card safety control device Request, the described first certificate card safety control device of instruction starts the flow process reading certificate card information;And read card described The first interaction letter that described first certificate card safety control device is sent is received by described server in the flow process of part card information Breath, and the second interactive information that described certificate card is sent is sent to described first certificate card security control by described server Equipment;And receive the reading from described certificate card that described first certificate card safety control device is sent by described server Certificate card information;
Described second transceiver module, described first interactive information being additionally operable to receive described 3rd transceiver module is sent to card Part card, and receive the second interactive information that described certificate card sends;
Described first transceiver module, the certificate card information being additionally operable to receive described 3rd transceiver module is sent to described end End.
7. device according to claim 6 is it is characterised in that described processing module is additionally operable in described 3rd transceiver module Before sending described card seeking request, obtain the first identification authentication data, and described first identification authentication data is carried described In card seeking request;And/or
The second identification authentication data is at least carried in described card seeking response;Described processing module, is additionally operable in described 3rd receipts After sending out the card seeking response that the module described first certificate card safety control device of reception is sent by described server, seek described Before card confirms that data is sent to described first certificate card safety control device by described server, according to described second identity Authentication data is authenticated to the identity of described first certificate card safety control device, in the case that certification is passed through, triggers institute State the 3rd transceiver module and described card seeking is confirmed that data is sent to described first certificate card security control by described server and sets Standby;And/or
Described processing module, is additionally operable to, before described 3rd transceiver module sends described card selection request, obtain tiers e'tat and recognize Card data, described tiers e'tat authentication data is carried in the request of described card selection;And/or
The 4th identification authentication data is at least carried in described card selection request response;Described processing module, is additionally operable to described After three transceiver modules receive the card selection request response that described first certificate card safety control device sends, described card selection is confirmed Before data is sent to described first certificate card safety control device by described server, in parsing described card selection request response The information carrying, obtains the 4th identification authentication data carrying in described card selection request response, and is recognized according to described 4th identity Card data is authenticated to the identity of described first certificate card safety control device, and in the case that certification is passed through, triggering is described Described card selection confirmation data is sent to described first certificate card safety control device by described server by the 3rd transceiver module; And/or
Described processing module, is additionally operable to, before described 3rd transceiver module sends described Card Reader request, obtain the 5th identity and recognize Card data, described 5th identification authentication data is carried in the request of described Card Reader.
8. device according to claim 7 it is characterised in that
Described processing module, be additionally operable to described first certificate card safety control device start read certificate card information flow process it Before, held consultation with described first certificate card safety control device by described server, obtain session key;And with institute During stating the subsequent communications of the first certificate card safety control device, using described session key respectively to the described 3rd transmitting-receiving mould The data that block sends is encrypted the data sending and described 3rd transceiver module being received and is decrypted.
9. a kind of certificate card Information Acquisition System is it is characterised in that include: terminal, certificate card reading device, server and first Certificate card safety control device;Wherein,
Described terminal, for sending operation requests to certificate card reading device;
Described certificate card reading device, including the device described in claim 7 or 8;
Described server, for receiving the card seeking request that described certificate card reading device sends, to described first certificate card safety Control device sends described card seeking request;And forward described certificate card reading device to set with described first certificate card security control The information of interaction between standby;
Described first certificate card safety control device, is used for:
Receive described card seeking request, card seeking response is sent to described certificate card reading device by described server, wherein,
Card seeking response data is carried in described card seeking response;
Receive described certificate card reading device and data is confirmed by the card seeking that described server sends;
Receive the card selection that described certificate card reading device sent by described server to ask, and by described server to described Certificate card reading device sends card selection request response;
Receive described certificate card reading device to ask by the Card Reader that described server sends, start the stream reading certificate card information Journey, by carrying out information exchange between described server and described certificate card reading device and described certificate card, reads described The certificate card information of storage in certificate card;
The described certificate card information reading is sent to described certificate card reading device by server.
10. system according to claim 9 it is characterised in that
The first identification authentication data is at least carried in described card seeking request;Described first certificate card safety control device, also uses In before described card seeking response is returned by described server to described certificate card reading device, according in the request of described card seeking Described first identification authentication data carrying is authenticated to the identity of described certificate card reading device, situation about passing through in certification Under, execution returns the operation of described card seeking response by described server to described certificate card reading device;And/or
Described first certificate card safety control device, is additionally operable to, before sending described card seeking response, obtain the second authentication Data, described second identification authentication data is carried in the response of described card seeking;And/or
Tiers e'tat authentication data is carried in described card selection request;Described first certificate card safety control device, is additionally operable to After receiving described card selection request, before card selection request response is sent to described certificate card reading device by described server, Tiers e'tat authentication data according to carrying in the request of described card selection is authenticated to the identity of described certificate card reading device, In the case that certification is passed through, execution sends the behaviour of card selection request response by described server to described certificate card reading device Make;And/or
Described first certificate card safety control device, is additionally operable to, before sending described card selection request response, obtain the 4th identity Authentication data, described 4th identification authentication data is carried in the request response of described card selection;And/or
The 5th identification authentication data is at least carried in described Card Reader request;Described first certificate card safety control device, is additionally operable to After receiving described Card Reader request, before starting the flow process reading certificate card information, according to the institute carrying in the request of described Card Reader State the 5th authentication data the identity of described certificate card reading device is authenticated, in the case that certification is passed through, execute startup Read the operation of the flow process of certificate card information.
11. systems according to any one of claim 9 to 10 it is characterised in that
Described certificate card reading device and described first certificate card safety control device, are additionally operable in described first certificate card safety Before control device starts the flow process reading certificate card information, held consultation by described server, both sides obtain session key; And after described certificate card reading device obtains session key with described first certificate card safety control device, in described card During the subsequent communications of part card reading device and described first certificate card safety control device, using described session key respectively The data sending and receiving is encrypted and decrypted.
12. systems according to any one of claim 9 to 11 will be it is characterised in that described server in the following manner will The request of described card seeking is sent to described first certificate card safety control device:
Described first certificate card safety control device is selected from multiple certificate card safety control devices;
The request of described card seeking is sent to the described first certificate card safety control device selected.
13. systems according to claim 12 are it is characterised in that described server is in the following manner from multiple certificate cards Described first certificate card safety control device is selected in safety control device:
According to the corresponding relation of the described certificate card reading device prestoring and certificate card safety control device, from multiple certificates Described first certificate card safety control device is selected in card safety control device;Or
Current operating state is selected to be idle certificate card safety control device from the plurality of certificate card safety control device As described first certificate card safety control device.
14. systems according to any one of claim 9 to 13, it is characterised in that described terminal, are additionally operable to receive described card After part card information, described certificate card presentation of information and/or send is stored to storage device.
CN201610787018.XA 2016-08-30 2016-08-30 Certificate card information acquisition method, device and system Active CN106372557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610787018.XA CN106372557B (en) 2016-08-30 2016-08-30 Certificate card information acquisition method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610787018.XA CN106372557B (en) 2016-08-30 2016-08-30 Certificate card information acquisition method, device and system

Publications (2)

Publication Number Publication Date
CN106372557A true CN106372557A (en) 2017-02-01
CN106372557B CN106372557B (en) 2021-07-20

Family

ID=57899410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610787018.XA Active CN106372557B (en) 2016-08-30 2016-08-30 Certificate card information acquisition method, device and system

Country Status (1)

Country Link
CN (1) CN106372557B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109285249A (en) * 2018-09-05 2019-01-29 北京旷视科技有限公司 A kind of testimony of a witness verifying system and method
CN110830486A (en) * 2019-11-13 2020-02-21 深圳市亲邻科技有限公司 Card reading and writing method and device based on multi-terminal communication and multi-terminal communication system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003288323A (en) * 2002-03-28 2003-10-10 Minolta Co Ltd Authentication system, authentication device, and server device
CN1741028A (en) * 2004-08-25 2006-03-01 国际商业机器公司 Article position detecting equipment and method
CN1875371A (en) * 2003-11-07 2006-12-06 阿利安科技有限公司 Methods and apparatuses to identify devices
US20090144203A1 (en) * 2007-11-29 2009-06-04 Visa Usa, Inc. Serial number and payment data based payment card processing
CN101727683A (en) * 2008-10-21 2010-06-09 南开大学 Public transport IC card identity identifying and authenticating system
CN102004894A (en) * 2010-11-16 2011-04-06 上海复旦微电子股份有限公司 Method for identifying collisions of non-contact communication tags
US20120066303A1 (en) * 2010-03-03 2012-03-15 Waldeck Technology, Llc Synchronized group location updates
CN104636777A (en) * 2015-01-15 2015-05-20 李明 Identity card information obtaining system
CN104639538A (en) * 2015-01-15 2015-05-20 李明 Identity card information obtaining method and system
CN104933379A (en) * 2015-05-20 2015-09-23 李明 Identity card information acquisition method, device and system
CN106372548A (en) * 2016-08-30 2017-02-01 李明 Method, device and system for acquiring certificate card information

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003288323A (en) * 2002-03-28 2003-10-10 Minolta Co Ltd Authentication system, authentication device, and server device
CN1875371A (en) * 2003-11-07 2006-12-06 阿利安科技有限公司 Methods and apparatuses to identify devices
CN1741028A (en) * 2004-08-25 2006-03-01 国际商业机器公司 Article position detecting equipment and method
US20090144203A1 (en) * 2007-11-29 2009-06-04 Visa Usa, Inc. Serial number and payment data based payment card processing
CN101727683A (en) * 2008-10-21 2010-06-09 南开大学 Public transport IC card identity identifying and authenticating system
US20120066303A1 (en) * 2010-03-03 2012-03-15 Waldeck Technology, Llc Synchronized group location updates
CN102004894A (en) * 2010-11-16 2011-04-06 上海复旦微电子股份有限公司 Method for identifying collisions of non-contact communication tags
CN104636777A (en) * 2015-01-15 2015-05-20 李明 Identity card information obtaining system
CN104639538A (en) * 2015-01-15 2015-05-20 李明 Identity card information obtaining method and system
CN104933379A (en) * 2015-05-20 2015-09-23 李明 Identity card information acquisition method, device and system
CN106372548A (en) * 2016-08-30 2017-02-01 李明 Method, device and system for acquiring certificate card information

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109285249A (en) * 2018-09-05 2019-01-29 北京旷视科技有限公司 A kind of testimony of a witness verifying system and method
CN110830486A (en) * 2019-11-13 2020-02-21 深圳市亲邻科技有限公司 Card reading and writing method and device based on multi-terminal communication and multi-terminal communication system
CN110830486B (en) * 2019-11-13 2022-11-25 深圳市亲邻科技有限公司 Card reading and writing method and device based on multi-terminal communication and multi-terminal communication system

Also Published As

Publication number Publication date
CN106372557B (en) 2021-07-20

Similar Documents

Publication Publication Date Title
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
CN101873588B (en) Method and system for realizing service application safety
CN106330856A (en) Hearing device and method of hearing device communication
CN104636777B (en) ID card information obtains system
CN104010297B (en) Wireless terminal configuration method and device and wireless terminal
CN103716167A (en) Method and device for safely collecting and distributing transmission keys
CN105684483A (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
CN110035058B (en) Resource request method, device and storage medium
CN104202170B (en) A kind of identity authorization system and method based on mark
CN105897784B (en) Internet-of-things terminal equipment encryption communication method and device
CN105450650A (en) Safety mobile electronic health record access control system
CN104184719B (en) Information setting method and wireless communication system
CN113595744B (en) Network access method, device, electronic equipment and storage medium
CN108418845A (en) Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit
CN102752306B (en) Digital media management method and system based on mark
CN106330529A (en) Hearing device with communication logging and related method
CN106372557A (en) Method, device and system for acquiring certificate card information
CN109756451B (en) Information interaction method and device
CN103916851A (en) Safety certification method, device and system
CN106304052A (en) A kind of method of secure communication, device, terminal and client identification module card
CN112367664A (en) Method and device for safely accessing external equipment to intelligent electric meter
CN107950003A (en) Dual user certification
CN106372548A (en) Method, device and system for acquiring certificate card information
CN104899621B (en) ID card information acquisition methods, apparatus and system
CN106022140B (en) Identity card read method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220414

Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094

Patentee after: TENDYRON Corp.

Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing

Patentee before: Li Ming