CN107682147A - Method for managing security and system for intelligent card chip operating system file - Google Patents
Method for managing security and system for intelligent card chip operating system file Download PDFInfo
- Publication number
- CN107682147A CN107682147A CN201710934966.6A CN201710934966A CN107682147A CN 107682147 A CN107682147 A CN 107682147A CN 201710934966 A CN201710934966 A CN 201710934966A CN 107682147 A CN107682147 A CN 107682147A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- card
- operating system
- smart card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Abstract
The invention provides the method for managing security and system for intelligent card chip operating system file, wherein the key file for including one or more encrypted system keys is generated and exported using first kind smart card;One of system key of key file is decrypted using Second Type smart card, and is encrypted using the system key obtained after decryption for chip operating system file and exports the chip operating system file of ciphertext form.Generation, use and the encryption of COS files to the key of COS file encryptions are all carried out in special smart card in this scenario, ensure the invisible of the encryption key of COS files, the randomness that the not reproducible and key uses, improve the security that COS files are transmitted and downloaded under external environment condition.
Description
Technical field
The present invention relates to the security of smart card, more particularly on smart card chip operating system file safety management.
Background technology
Smart card is a kind of safety information product, be characterized in small volume be easy to carry, security it is good, the information of storage is difficult
Illegally to read.The information that smart card memory is put, only pass through chip operating system (Chip Card Operation, COS)
Security control, it can read, and the information having even allows to read at no time.The security of smart card with
COS securities are closely related.COS creates a kind of security system, and the control of this system is transferred in a secured manner
Client, does not stay any back door, and client will utilize this security system protection user data.Once security control power, COS are transferred
Developer also with as other people, the data on smart card can only be operated by lawful authority, not without other methods.
The COS codes that COS developer can be developed are supplied to chip manufacturer to come COS files by mask process
Directly burn into the ROM of chip, but this causes COS developer to have to rely on chip manufacturer, and test and debug
It is very inconvenient.Therefore, COS developer is generally more likely to use erasable chip (such as can be described as Flash cards), and chip is going out
COS loading procedures are prefixed during factory, COS files can be loaded into such as chip by the COS loading procedures on chip
In programmable read only memory, fusing is carried out after loading successfully so that the memory cell of storage COS files becomes read-only.So
COS developer neatly can be developed and be tested, as long as being supplied to factory to carry out criticizing for card the COS files tested
Amount production.But in such circumstances, COS files can run into from exploitation, test into varying environments such as production links
Various different personnel, many potentially divulge a secret and potential safety hazard be present.Therefore, except ensureing that there is rational safety inside COS
Outside control algolithm, it is necessary to ensure COS files from the security developed, transmit, downloaded to during chip, test etc..
The content of the invention
Therefore, it is an object of the invention to provide a kind of new to be used for intelligent card chip operating system file progress safety
The method and system of management.
The purpose of the present invention is achieved through the following technical solutions:
On the one hand, the invention provides a kind of method for managing security for intelligent card chip operating system file, including:
One or more system keys for encryption chip operating system file are generated by first kind smart card, and
In response to the importing of public key corresponding with management business, the system key is entered using the public key in first kind smart card
Row is encrypted and exports key file, and the key file includes one or more encrypted system keys;
Importing by Second Type smart card in response to chip operating system file and the key file, in the second class
One of system key of key file is decrypted built-in private key corresponding with the public key in type smart card, with profit
It is encrypted with the system key obtained after decryption for chip operating system file and exports the chip operation system of ciphertext form
System file.
The chip operating system file in response to ciphertext form by the 3rd type of smart card is may also include in the above method
With the importing of the key file, it is accordingly during the built-in private key is utilized in the 3rd type of smart card to key file
System key is decrypted, obtained by being decrypted simultaneously for chip operating system file using the system key obtained after decryption
Chip operating system file be loaded onto the programmable read only memory of the smart card.
The importing in response to the key file by the 4th type of smart card is may also include in the above method, in the 4th class
Corresponding system key in key file is decrypted using the built-in private key in type smart card, and recognizing built in utilization
Card key exports the system key of ciphertext form with for use by the survey of certification after the system key obtained after decryption is encrypted
Examination card uses.
It may also include in the above method and system of the built-in certification key for the ciphertext form of importing utilized by test card
Key is decrypted, and is entered using chip operating system file of the system key obtained after decryption for the ciphertext form of download
Row decryption, to use the chip operating system file in the test card.
It can also include in the above method:
Authentication data is generated at random in response to the request that is authenticated to test card by the 4th type of smart card is supplied to survey
Examination card;
Utilize built-in certification key that the authentication data received is encrypted by the test card, and by after encryption with
Machine number ciphertext data are provided to the 4th type of smart card;
Utilize built-in certification key that the random number ciphertext data received are decrypted by the 4th type of smart card, and will
Data after decryption are compared with the authentication data, if the two is consistent, the test card are identified as and passes through certification.
Test card request authentication data is may be responsive in the above method, by the meter built in the 4th type of smart card
Number device subtracts 1, wherein when Counter Value is 0, the 4th type of smart card is no longer rung to the request that test card is authenticated
Should.
Another aspect, the invention provides a kind of safety management system for intelligent card chip operating system file, bag
Include:
First kind smart card, it is configurable to generate one or more systems for encryption chip operating system file
Key, and in response to the importing of public key corresponding with management business, the system key is encrypted and led using the public key
Go out key file, the key file includes one or more encrypted system keys;
Second Type smart card, it is configured to respond to the importing of chip operating system file and the key file,
One of system key of key file is decrypted using built-in private key corresponding with the public key, to utilize decryption
The system key obtained afterwards is encrypted for chip operating system file and exports the chip operating system file of ciphertext form.
The 3rd type of smart card is may also include in said system, it is configured to respond to the chip operation system of ciphertext form
The importing of system file and the key file, is solved using the built-in private key to corresponding system key in key file
It is close, so that simultaneously resulting chip operation system to be decrypted for chip operating system file using the system key obtained after decryption
System file is loaded onto the programmable read only memory of the smart card.
The 4th type of smart card is may also include in said system, it is configured to respond to the importing of the key file,
Corresponding system key in key file is decrypted using the built-in private key, and utilizes built-in certification key to solution
The system key obtained after close exports the system key of ciphertext form with for use by the use of the test card of certification after being encrypted.
Test card is may also include in said system, it is configured to, with ciphertext lattice of the built-in certification key for importing
The system key of formula is decrypted, and the chip operation system using the system key obtained after decryption for the ciphertext form of importing
System file is decrypted, to use the chip operating system file in the test card.
Compared with prior art, the advantage of the invention is that:
The encryption of generation, use and COS files to the key of COS file encryptions is all carried out in special smart card,
Ensure the invisible of the encryption key of COS files, the randomness that the not reproducible and key uses, improve COS files outside
The security for transmitting and downloading under portion's environment.Meanwhile limited for the COS file download numbers in test process, so as to
The production quantity of test card is supervised.
Brief description of the drawings
Embodiments of the present invention is further illustrated referring to the drawings, wherein:
Fig. 1 is to be illustrated according to the flow of the method for managing security of the intelligent card chip operating system file of the embodiment of the present invention
Figure;
Fig. 2 is to be illustrated according to the generation of the encryption key of the chip operating system file of the embodiment of the present invention and distribution flow
Figure;
Fig. 3 is according to the loading chip operating system file of the embodiment of the present invention and its schematic flow sheet of encryption key;
Fig. 4 is for the key card of test environment and the interaction flow schematic diagram of test card according to the embodiment of the present invention.
Embodiment
In order that the purpose of the present invention, technical scheme and advantage are more clearly understood, pass through below in conjunction with accompanying drawing specific real
Applying example, the present invention is described in more detail.It should be appreciated that specific embodiment described herein is only to explain the present invention, and
It is not used in the restriction present invention.
For convenience of description, carried out below so that AES represents symmetric key algorithm and RSA represents rivest, shamir, adelman as an example
Illustrate but limited not to this.It should be understood that such as DES, 3DES etc other symmetric encryption methods and such as can also be used
Elgamal, Rabin etc asymmet-ric encryption method.
Smart card COS files relate generally to 3 links in exploitation, test and production process:1) in development environment,
COS developer can be used such as advanced encryption algorithm AES etc symmetric encipherment algorithm that COS files are encrypted, and utilize
AES key is by COS file encryptions into cryptograph files.Here AES key is in plain text, wind of divulging a secret be present for developer
Danger.2) in test environment, tester takes the card of COS cryptograph files and built-in AES key, and COS cryptograph files are downloaded
Tested in card.When COS files and its encryption key change, it is close that new built-in corresponding AES is taken every time
The card of key obtains new AES key and could start to download test, and many constant, and AES is not only caused to tester
The transmit process of key and COS files is also easily divulged a secret.3) in plant produced environment, factory obtains AES key and COS
Cryptograph files, download it in card.In above-mentioned link, the AES key for encrypting COS files is stored with computers
Plaintext exposure, and by human contact different under a variety of environment and can take.It is this to COS file encryption key
Way to manage can undoubtedly bring many potential safety hazards to smart card.
In one embodiment of the invention, there is provided a kind of new encryption key managing method for COS files, and
Using the safety management scheme of 3 links after this method.This method by distribute to different role different rights it is close
Key card is managed to the encryption key of COS files, mainly provides following three classes keying material:
1) key card (KCAM, KeyCard for Administrator) of key management librarian use is supplied
One or more AES keys and corresponding ID (key identifier) are stored with the KCAM cards, these AES keys are used
It is encrypted in COS files, is referred to as system key.The KCAM cards are configured as supporting the public key of key management personnel
Import and imported for the public key of plant produced environment, and be configured as supporting the AES key export of encryption.Wherein, use
The public key size of such as RSA etc rivest, shamir, adelman can select according to the actual requirements, such as 1024bit,
2048bit etc..The RSA public keys of the key management personnel imported by KCAM cards are to the AES key information progress in card memory storage
Encryption, so derived from be ciphertext data and AES key of the AES key data after the public key encryption of key management personnel
ID etc..
Preferably, AES key can automatically generate in KCAM cards, such as be existed using the application program in KCAM cards
Multigroup AES key is automatically generated in KCAM cards.KCAM cards can export the ciphertext data for including an AES key, can also lead
Go out to include the ciphertext data of multiple AES keys, the ciphertext data for exporting AES key may be embodied in using the close of setting form
In key file.For example, the key file may include the identifier of AES key and its ciphertext and check number of corresponding AES key
According to.
2) key card (KCDE, KeyCard for Developer) used for development environment
The private key of key management personnel is built-in with the KCDE cards.The KCDE cards are configured as supporting the ciphertext of AES key
The export imported with the importing of COS files and the cryptograph files of COS files of data.The built-in key management in KCDE Calis
The ciphertext data of AES key of the RSA private keys of personnel to being imported are decrypted, then literary to COS using AES key in card
Part is encrypted.If there is multigroup AES key, any AES key can be therefrom randomly choosed to encrypt COS files.Should
KCDE cards are configured as only supporting the ID of the COS files after encrypting and the AES key for encrypting COS files export.
The user (such as developer) of KCDE cards can not export the AES key after decryption, can not also touch the bright of AES key
Text.
3) key card (KCTS, KeyCard for Tester/ used for test/or technical support environment
Supporter)
The private key of KCTS card built-in key administrative staff, it is configured as supporting the importing of the ciphertext data of AES key, can root
Verified and decrypted to importing the AES key file in card according to key management personnel RSA private keys.
KCTS cards are also built-in with an authorization identifying key, and the authorization identifying key carrys out authentication test card.KCTS will be with
Authentication data caused by machine is supplied to test card, and test card is built-in with same authorization identifying key, close using the authorization identifying
After key is to receiving authentication data encryption, KCTS is sent it to, KCTS is using authorization identifying key for recognizing from test card
Data deciphering is demonstrate,proved, and is compared with original authentication data, if identical, the test card passes through certification.If certification by,
AES key needed for decryption COS files is supplied to test card by KCTS cards after authorization identifying key encryption.Test card utilizes
Authorization identifying password is decrypted to obtain AES key, and the decryption work to the COS ciphertexts of download is completed in test card using the key
Make.In addition, the also built-in counters of the KCTS, certification start-stop counter number subtract one, the initial value of the counter is by key management people
Member is set, and when KCTS card numbers are kept to zero, the mandate for test card terminates, if also to continue test, it is necessary to again
Authorized to key management personnel requisition, the value of counter is reset by Password Management personnel.
Fig. 1 gives the method for managing security of intelligent card chip operating system file according to an embodiment of the invention
Flow is illustrated.This method mainly includes following several stages:
A), generate for the key to COS file encryptions
One or more more AES keys are randomly automatically generated using Symmetric key generation method in KCAM cards, for
Encrypt COS files to use, the corresponding ID of each AES key, can randomly be selected from multiple AES keys when encrypting in the later stage
An AES key is selected to encrypt COS files, so as to add the randomness of key selection.The KCAM cards can in response to pipe
The importing of public key corresponding to reason business, the AES key generated is encrypted using the public key and exports key file, this is close
Key file includes one or more encrypted system keys and its identifier.Wherein, different management business can use
Different public keys, such as the public key of COS development environments, COS test environments and plant produced environment can be same public key
Or different public key.So public key can be imported in KCAM cards by special key management personnel.As shown in Fig. 2 exploitation and
Test environment is used in conjunction with administrative staff's RSA public key, and plant produced environment uses special factory's RSA public keys.Should
KCAM cards can be added in response to the importing of administrative staff's RSA public keys using the public key to the multigroup AES key generated
Close, key file derived from institute such as can be supplied to KCDE cards and KCDS cards for being used in exploitation and test environment.The KCAM
Card can be encrypted, exported in response to the importing of factory's RSA public keys using the public key to the multigroup AES key generated
Key file for being used in plant produced environment.
B), COS file encryption key using and manages
Exploitation, test and generation ring can be distributed to by network or other modes in key file derived from KCAM cards
All kinds of related personnel in border.In exploitation link, COS developer completes the encryption to COS files using KCDE cards.Example
Such as, it COS files and will be imported in KCDE cards, be utilized in KCDE cards built-in with management using key file derived from KCAM cards
The key file imported is decrypted private key corresponding to personnel's RSA public keys, therefrom randomly chooses any AES key to encrypt
COS files, the COS files after then export is encrypted.In one embodiment, can also export simultaneously for encrypting COS texts
The identifier of the AES key of part, or can the COS files of the identifier also ciphertext form be packaged with being exported.
In another embodiment, the encryption to different COS files can be realized using KCDE cards, KCDE cards can also ask in response to key
Ask to export the AES key identifier of certain COS file of encryption.The encryption to COS files is realized by using such KCDE cards
Invisible, the non-reproduction of key, and the randomness that uses of the key also further improves the security of encryption key.
In plant produced environment, the COS files and key file of ciphertext form are imported by card loading procedure, is utilized
Factory's RSA private keys built in card are decrypted to corresponding AES key in key file, are continued using the AES key after decryption to COS
File decryption, and the COS files after decryption are loaded into the programmable read only memory in such as chip, load successfully laggard
Row fusing causes the memory cell of storage COS files to become read-only, and makes loading procedure invalid, so that COS files obtain card
The ownership of piece.In the production process of above-mentioned smart card, the key that either COS files still encrypt COS files is all close
What the mode of text transmitted, generation, use and the encryption of COS files of key are all completed in smart card, it is ensured that encryption key
And the safety of COS files.
Link is being tested, as shown in figure 3, tester takes the test card of COS cryptograph files and COS files to be loaded
When, first with KCTS cards come authentication test card;Such as KCTS sends a random number to test card, test card and utilizes the mandate built in it
Authentication password encrypts the random number, and encryption data is transmitted into KCTS cards, the built-in authorization identifying key solution in KCTS Calis
Close data, if it is identical with the random number sent to obtain data, then it is assumed that the test card has passed through certification.Preferably, often
Once, the built-in counting of KCTS cards subtracts one for certification, if KCTS card inside counting devices when being counted as 0, it is necessary to again application survey
Qualification is tried, the initial value of the counter of KCTS cards is reset by key management personnel.It so can effectively prevent test wrapper
Produce the possibility of the smart card finished product of loading COS files in batches around the license of COS developer in border.And in response to test
Card request authentication data, no matter certification success or not, all subtracts 1 by the built-in counter of KCTS cards, to prevent attack certification close
Key.If the certification of test card for example can be according to the ID included in COS cryptograph files come from the key of importing by, KCTS cards
The AES key needed for the COS files is decrypted in extraction in file, close to the AES extracted according to built-in administrative staff RSA private keys
Key is decrypted, and the AES key then is supplied into test card after built-in authorization identifying key encryption.So, testing
The ciphertext data of AES key can be decrypted using authorization identifying key in card, and with the AES key to COS files
Ciphertext is decrypted, so as to use chip operating system file in the test card.
Fig. 4 gives according to an embodiment of the invention to be awarded in test environment using certification of the KCTS cards to test card
The schematic flow sheet of power, wherein by completing interacting between KCTS cards and test card by two card reader of terminal control.Such as
Shown in Fig. 4, when terminal, which detects, inserts test card in a card reader, the certification for the KCTS cards inquired about in another card reader
Counter, KCTS cards return to remaining certification number.If the remaining certification number is more than 0, terminal asks to use to KCTS cards
In the authentication data being authenticated to test card.The authentication data generated at random is supplied to test card by KCTS cards through terminal, and
Certification number counter in card is subtracted one.Certificate Authority key built in test card use the authentication data is encrypted after through end
End returns to KCTS cards.KCTS Calis use built-in Certificate Authority key to after the authentication data decryption that receives with it is originally transmitted
Authentication data is compared, if unanimously, certification success.After certification success, terminal reads in the COS files to be loaded and included
Key identifier (ID), inquired about to test card in the whether existing test card of system key corresponding to the ID, otherwise terminal to
KCTS cards ask the system key of the ID.KCTS cards are added using the certification key in card to the system key decrypted
It is close, return to ciphertext data.Terminal writes ciphertext data in test card, and with certification secret key decryption, the data obtain system to test card
Key.Terminal reads COS cryptograph files and downloaded in test card, test card using system key to COS file decryptions, so as to
To use chip operating system file in the test card.
Can be seen that the present invention by the invention described above specific embodiment is realized using above-mentioned different types of smart card
To the invisible of the encryption keys of COS files, randomness that non-reproduction and the key use.The generation of key, using and
The encryption of COS files is all in smart card, it is ensured that encryption key safety, improves the safety that COS is downloaded under external environment condition, increases
The strong flexibility of COS exploitations.All kinds of cards being related in the above-described embodiments be able to can be run for example based on java smart cards
USB KEY of COS systems, the safety means for supporting SE (security module) or any other hardware that above-mentioned concrete function can be supported
Form or its combination are realized.
Although the present invention be described by means of preferred embodiments, but the present invention be not limited to it is described here
Embodiment, also include made various changes and change without departing from the present invention.
Claims (10)
1. a kind of method for managing security for intelligent card chip operating system file, including
One or more system keys for encryption chip operating system file are generated by first kind smart card, and responded
In the importing of public key corresponding with management business, the system key is added using the public key in first kind smart card
Close and export key file, the key file includes one or more encrypted system keys;
Importing by Second Type smart card in response to chip operating system file and the key file, in Second Type intelligence
One of system key of key file is decrypted built-in private key corresponding with the public key in blocking, to utilize solution
The system key obtained after close is encrypted for chip operating system file and exports the chip operating system text of ciphertext form
Part.
2. according to the method for claim 1, in addition to by chip of the 3rd type of smart card in response to ciphertext form grasp
Make the importing of system file and the key file, using the built-in private key to key file in the 3rd type of smart card
In corresponding system key be decrypted, to be solved using the system key obtained after decryption for chip operating system file
Close and resulting chip operating system file is loaded onto the programmable read only memory of the smart card.
3. according to the method for claim 1, in addition to pass through the 4th type of smart card leading in response to the key file
Enter, in the 4th type of smart card using the built-in private key to key file in corresponding system key be decrypted, and
After the system key obtained after decryption is encrypted using built-in certification key export ciphertext form system key for
Used by the test card of certification.
4. according to the method for claim 3, in addition to by test card utilize ciphertext of the built-in certification key for importing
The system key of form is decrypted, and the chip operation using the system key obtained after decryption for the ciphertext form of download
System file is decrypted, to use the chip operating system file in the test card.
5. the method according to claim 11, in addition to:
Authentication data is generated at random in response to the request that is authenticated to test card by the 4th type of smart card is supplied to test card;
Utilize built-in certification key that the authentication data received is encrypted by the test card, and by the random number after encryption
Ciphertext data are provided to the 4th type of smart card;
Utilize built-in certification key that the random number ciphertext data received are decrypted by the 4th type of smart card, and will decryption
Data afterwards are compared with the authentication data, if the two is consistent, the test card are identified as and passes through certification.
6. authentication data according to the method for claim 5, in addition in response to test card is asked, by the 4th type of smart card
Built-in counter subtracts 1, wherein when Counter Value is 0, what the 4th type of smart card was no longer authenticated to test card please
Ask and responded.
7. a kind of safety management system for intelligent card chip operating system file, including
First kind smart card, it is configurable to generate close for one or more systems of encryption chip operating system file
Key, and in response to the importing of public key corresponding with management business, the system key is encrypted and exported using the public key
Key file, the key file include one or more encrypted system keys;
Second Type smart card, it is configured to respond to the importing of chip operating system file and the key file, utilizes
One of system key of key file is decrypted built-in private key corresponding with the public key, after being decrypted with utilization
To system key be encrypted for chip operating system file and export the chip operating system file of ciphertext form.
8. system according to claim 7, in addition to the 3rd type of smart card, it is configured to respond to ciphertext form
The importing of chip operating system file and the key file, using the built-in private key to corresponding system in key file
Key is decrypted, with using the system key obtained after decryption for chip operating system file be decrypted and obtained by
Chip operating system file is loaded onto the programmable read only memory of the smart card.
9. system according to claim 7, in addition to the 4th type of smart card, it is configured to respond to the key text
The importing of part, corresponding system key in key file is decrypted using the built-in private key, and recognizing built in utilization
Card key exports the system key of ciphertext form with for use by the survey of certification after the system key obtained after decryption is encrypted
Examination card uses.
10. system according to claim 9, in addition to test card, its be configured to, with built-in certification key for
The system key of the ciphertext form of importing is decrypted, and the ciphertext form using the system key obtained after decryption for importing
Chip operating system file be decrypted, to use the chip operating system file in the test card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710934966.6A CN107682147B (en) | 2017-10-10 | 2017-10-10 | Security management method and system for smart card chip operating system file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710934966.6A CN107682147B (en) | 2017-10-10 | 2017-10-10 | Security management method and system for smart card chip operating system file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107682147A true CN107682147A (en) | 2018-02-09 |
CN107682147B CN107682147B (en) | 2020-08-11 |
Family
ID=61139455
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710934966.6A Active CN107682147B (en) | 2017-10-10 | 2017-10-10 | Security management method and system for smart card chip operating system file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107682147B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112883364A (en) * | 2021-03-10 | 2021-06-01 | 上海升途智能系统有限公司 | Security carrier control method, device, equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571326A (en) * | 2010-12-09 | 2012-07-11 | 上海华虹集成电路有限责任公司 | Testing method of security of level-to-level management mode key management system |
CN102811124A (en) * | 2012-08-01 | 2012-12-05 | 连云港杰瑞深软科技有限公司 | System validation method based on two-card three-password technique |
WO2014139343A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Key downloading method, management method, downloading management method, apparatus and system |
CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
CN106056017A (en) * | 2016-04-29 | 2016-10-26 | 珠海保税区星汉智能卡股份有限公司 | Intelligent card COS encrypting and downloading system |
CN106549761A (en) * | 2015-09-18 | 2017-03-29 | 上海方立数码科技有限公司 | Fingerprint USB Key |
CN106685645A (en) * | 2016-11-14 | 2017-05-17 | 郑州信大捷安信息技术股份有限公司 | Key backup and recovery method and system for secure chip service key |
-
2017
- 2017-10-10 CN CN201710934966.6A patent/CN107682147B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571326A (en) * | 2010-12-09 | 2012-07-11 | 上海华虹集成电路有限责任公司 | Testing method of security of level-to-level management mode key management system |
CN102811124A (en) * | 2012-08-01 | 2012-12-05 | 连云港杰瑞深软科技有限公司 | System validation method based on two-card three-password technique |
WO2014139343A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Key downloading method, management method, downloading management method, apparatus and system |
CN106549761A (en) * | 2015-09-18 | 2017-03-29 | 上海方立数码科技有限公司 | Fingerprint USB Key |
CN106056017A (en) * | 2016-04-29 | 2016-10-26 | 珠海保税区星汉智能卡股份有限公司 | Intelligent card COS encrypting and downloading system |
CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
CN106685645A (en) * | 2016-11-14 | 2017-05-17 | 郑州信大捷安信息技术股份有限公司 | Key backup and recovery method and system for secure chip service key |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112883364A (en) * | 2021-03-10 | 2021-06-01 | 上海升途智能系统有限公司 | Security carrier control method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107682147B (en) | 2020-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103716321B (en) | A kind of terminal master key TMK safety downloading method and systems | |
CN103679062B (en) | Intelligent electric meter main control chip and security encryption method | |
CN103716168B (en) | Secret key management method and system | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
CN1960363B (en) | Method and equipment for implementing remote updating information security devices through network | |
CN108781210A (en) | Mobile device with credible performing environment | |
CN103051451A (en) | Encryption authentication of security service execution environment | |
CN103220270A (en) | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key | |
CN103220271A (en) | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key | |
CN104579680B (en) | A kind of method of secure distribution seed | |
CN101114326A (en) | Systems and methods for computer device authentication | |
CN106063182A (en) | Electronic signing methods, systems and apparatus | |
CN103237004A (en) | Key download method, key management method, method, device and system for download management | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
BR102018014023A2 (en) | SAFE COMMUNICATION SYSTEM AND METHOD | |
CN105847000A (en) | Token generation method and communication system based on same | |
CN105978686A (en) | Key management method and system | |
CN107682147A (en) | Method for managing security and system for intelligent card chip operating system file | |
Akram et al. | Recovering from a lost digital wallet | |
CN105022651A (en) | Anti-piratic method in equipment production process and firmware burning device | |
CN100462992C (en) | Method and system for producing information safety device | |
CN100546242C (en) | A kind of generation of super code and authentication method | |
CN111327415A (en) | Alliance link data protection method and device | |
CN106357624A (en) | Method and system for securely setting terminal system time | |
KR101834515B1 (en) | Apparatus for encrypting and decrypting including input unit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 330096 torch Street 399, Qingshan Lake District, Jiangxi, Nanchang Applicant after: Jiede (China) Technology Co.,Ltd. Address before: 330096 torch Street 399, Qingshan Lake District, Jiangxi, Nanchang Applicant before: Jiede (China) Information Technology Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |