CN107844707A - A kind of card data management method and card data management system - Google Patents

A kind of card data management method and card data management system Download PDF

Info

Publication number
CN107844707A
CN107844707A CN201711035662.2A CN201711035662A CN107844707A CN 107844707 A CN107844707 A CN 107844707A CN 201711035662 A CN201711035662 A CN 201711035662A CN 107844707 A CN107844707 A CN 107844707A
Authority
CN
China
Prior art keywords
key
card
encryption
data management
card data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711035662.2A
Other languages
Chinese (zh)
Other versions
CN107844707B (en
Inventor
姜波
冯晓光
冀鹏昀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Snowball Technology Co Ltd
Original Assignee
Shenzhen Snowball Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Snowball Technology Co Ltd filed Critical Shenzhen Snowball Technology Co Ltd
Priority to CN201711035662.2A priority Critical patent/CN107844707B/en
Publication of CN107844707A publication Critical patent/CN107844707A/en
Application granted granted Critical
Publication of CN107844707B publication Critical patent/CN107844707B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of card data management system and method.This method includes:Root key is injected to encryption equipment;Specific algorithm and dispersion factor are chosen, the scattered protection key for calculating acquisition business cipher key or/and business cipher key is carried out based on the root key, the business cipher key of acquisition is stored in the form of ciphertext;The business cipher key is generated fabrication data and encrypted with card data assembling and is stored;When user initiates to open card request in the air, fabrication data after corresponding encryption are associated with according to card number and are input to encryption equipment, encryption equipment is decrypted the fabrication data after the encryption and verified whether consistent with having stored in the fabrication data in encryption equipment, in the case of consistent, exported after fabrication data are encrypted with security domain key and be supplied to user equipment.According to the present invention can the preset card data of batch, be capable of the security of safeguards system, the oncurrent processing ability of system can be also provided.

Description

A kind of card data management method and card data management system
Technical field
The present invention relates to the communication technology, relates more specifically to a kind of card data management method used in NFC mobile payments And card data management system.
Background technology
Open in the air in card business system at present, the not standardization for card data management illustrates.Existing card data Managed Solution is mainly comprising following several situations:
(1)Personal data is preserved by DP file encryptions;
(2)Card key is obtained by encryption equipment interface in real time, assembles personal data.
The key that card personalization packet is applied containing card, belong to extremely sensitive data.Common solution can be from adding Related service key is drawn by corresponding business master key is scattered in close machine, although safety is due in card personalization data Be related to it is more business cipher key, it is so relatively more with the interaction times of encryption equipment in the service interaction of reality, consume necessarily Time, reduce business execution efficiency.So generally system all takes the scheme of preset card data, i.e., appointed by timing Business in advance by the business cipher key of card from encryption equipment export, with other card personalization data assemblings into complete fabrication data simultaneously Safety storage.Such as DP files are exactly one kind of preset scheme, and the solution that traditional hair fastener uses.
But only protected in the full field of terminal of NFC, DP files by transmitting key, lack the control of some systems safety System, so needing to propose brand-new solution.
The content of the invention
In view of described problem, the present invention is intended to provide a kind of card number that can further improve security and operating flexibility According to management method and card data management system.Card data herein are referred to as card personalization data.
The card data management method of an aspect of of the present present invention, it is characterised in that comprise the steps:
Key implantation step, inject root key to encryption equipment;
Cipher key calculation step, specific algorithm and dispersion factor are chosen, scattered calculating acquisition business is carried out based on the root key The protection key of key or/and business cipher key;And
Key storage step, the business cipher key of acquisition is stored in the form of ciphertext.
Alternatively, also it is further equipped with after the key storage step:
Fabrication data generation step, the business cipher key is generated into fabrication data with card data assembling and encryption is stored.
Alternatively, also it is further equipped with after the key storage step:
Aerial opening step, when user initiates to open card request in the air, the fabrication number after corresponding encryption is associated with according to card number According to and be input to encryption equipment, encryption equipment decrypts the fabrication data after the encryption and verifies whether the system with storing safely Card data are consistent, in the case of consistent, exported after fabrication data are encrypted with security domain key and are supplied to user equipment.
Alternatively, in the cipher key calculation step, when generating the business of card as dispersion factor choice cards SEID, the card number of card is chosen as dispersion factor when generating the business cipher key of card and protection key.
Alternatively, in the key implantation step, multiple key components, the multiple key components are injected to encryption equipment Form root key;
The card data management system of an aspect of of the present present invention, it is characterised in that at least possess encryption equipment,
Wherein, the encryption equipment possesses:
Memory module, for storing the root key of encryption equipment;
First encrypting module, for obtaining specific algorithm and dispersion factor, scattered calculating is carried out based on the root key and obtained The protection key of business cipher key or/and business cipher key and export;
Assemble module, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and export; And
Deciphering module, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in described deposit The fabrication data stored up in module are consistent;And
Second encrypting module, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data security domain Exported after key encryption.
Alternatively, the card data management system is further equipped with:It is also equipped with being used to store various keys and fabrication data Database.
Alternatively, first encrypting module generate card key when as dispersion factor choice cards SEID, The card number of card is chosen as dispersion factor when generating the business cipher key of card and protection key.
The computer-readable medium of the present invention, is stored thereon with computer program, it is characterised in that the computer program quilt The step of card data management method is realized during computing device.
The computer equipment of the present invention, including memory, processor and storage are on a memory and can be on a processor The computer program of operation, it is characterised in that realize the card data management described in the computing device during computer program The step of method.
Brief description of the drawings
Fig. 1 is the flow chart for the specific steps for representing the card data management method of the present invention.
Fig. 2 is the schematic diagram for the construction for representing the card data management system of the present invention.
Schematic diagram in the case of Fig. 3 is the progress sensitive data storage for representing the card data management system of the present invention.
Fig. 4 is the schematic diagram for the conventional application method for key for representing the card data management system of the present invention.
Embodiment
What is be described below is some in multiple embodiments of the invention, it is desirable to provide to the basic understanding of the present invention.And It is not intended to the crucial or conclusive key element for confirming the present invention or limits scope of the claimed.
Fig. 1 is the flow chart for the specific steps for representing the card data management method of the present invention.
As shown in figure 1, the card data management method of the present invention comprises the steps:
Key implantation step S100:Root key is injected to encryption equipment, key provider can be direct by way of manually input Specific root key is injected to secret machine;
Cipher key calculation step S200:Specific algorithm and dispersion factor are chosen, carrying out scattered calculate based on the root key obtains The protection key of business cipher key or/and business cipher key;
Key storage step S300:The business cipher key of acquisition is stored in the form of ciphertext, disperseed by root key The protection key of obtained business cipher key or/and business cipher key can be stored in encryption equipment, can also be in database;
Fabrication data generation step S400:By the business cipher key and card data(DGI or extended formatting)Assembling generation fabrication Data, fabrication data are stored in database together with crc value in a manner of ciphertext;
Aerial opening step S500:When user initiates to open card request in the air, the system after corresponding encryption is associated with according to card number Card data are simultaneously input to encryption equipment, and encryption equipment is decrypted the fabrication data after the encryption and verified whether and stored system Card data are consistent(Such as whether encryption equipment check (CRC) is legal, it is ensured that clear data is not distorted), in the case of consistent, Fabrication data are exported, is exported after the card data after decryption are encrypted in a manner of script by security domain key and is supplied to use Family equipment(Such as it is supplied to the NFC device of user).
Wherein, in key implantation step S100, the root key being made up of multiple key components, example are injected to encryption equipment Such as, each key components can be held by different personnel, be inputted one by one according to component order during injection.
Wherein, the S300 in cipher key calculation step, can be selected as dispersion factor when generating the business cipher key of card The SEID of card, the card number of card can be chosen as dispersion factor when generating the protection key of business cipher key of card.
It is illustrated above for the card data management method of the present invention, then, for the card data management of the present invention System illustrates.
Fig. 2 is the schematic diagram for the construction for representing the card data management system of the present invention.
As shown in Fig. 2 the card data management system of the present invention possesses encryption equipment 100 and for various keys and fabrication data Database 200.
Wherein, encryption equipment 100 possesses:
Memory module 110, the root key for encryption equipment;
First encrypting module 120, for calling specific algorithm and dispersion factor(For example, it can be provided with application software scattered The factor), scattered calculate is carried out to the root key obtained from memory module 110 and obtains business cipher key or/and business cipher key Protection key simultaneously exports, wherein, the first encrypting module 120 is when generating the business cipher key of card as dispersion factor choice cards SEID, generate card business cipher key protection key when as dispersion factor choose card card number;
Assemble module 130, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and it is defeated Go out;And
Deciphering module 140, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in institute The fabrication data stated in memory module are consistent;And
Second encrypting module 150, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data safety Exported after domain key encryption.
Sequentially for the present invention card data management system carry out sensitive data storage in the case of and for key Conventional application method illustrate.
Schematic diagram in the case of Fig. 3 is the progress sensitive data storage for representing the card data management system of the present invention.
As shown in figure 3, card data management systems of the system B equivalent to the present invention, systems of the system B by interface from outside A obtains data and carries out sensitive data storage.
Specifically, system A application software obtains external number from system A encryption equipment/other safe units in system A According to.System B obtains external data by interface from system A system A application software, and it is outer that system B application software obtains this Portion's data are simultaneously transferred in encryption equipment 100, and root key is carried out that secret keys are calculated using encryption equipment 100 and exports ciphertext And it is stored in database 200.
Fig. 4 is the schematic diagram for the conventional application method for key for representing the card data management system of the present invention.
As shown in figure 4, database 200 transfers key from application software 300 and is supplied to encryption equipment 100 with ciphertext form, The calling system encryption key of encryption equipment 100(Equivalent to root key)And call algorithm and calculated with being decrypted, is derived from Key plain simultaneously exports ciphertext data, and the ciphertext data are available for application software 300 to use.Or application software 300 can also carry For be-encrypted data to encryption equipment 100.
As described above, according to the card data management method and card data management system of the present invention, realized in NFC mobile phone public In the scene for handing over card business, mass transit card can be applied and application data is dynamically loaded into the safety chip of NFC mobile phone, its In, core needs private data to be protected during application data.Utilize the card data management method and card data management of the present invention System, being capable of protection card data(Such as public transport application data)Safety during generation, transmission, storage and use.Moreover, Using the card data management method and card data management system of the present invention, can the preset card data of batch, then in full terminal When card business is opened in initiation, individualized script is obtained in real time, the security of system has been ensured, has also improved at the high concurrent of system Reason ability.
Furthermore the present invention provides a kind of computer-readable medium, is stored thereon with computer program, the computer program quilt The step of card data management method of the invention described above is realized during computing device.
Furthermore the present invention provides a kind of computer equipment, including memory, processor and storage are on a memory and can The computer program run on a processor, the card number of the invention described above is realized described in the computing device during computer program The step of according to management method.
As computer-readable medium, magnetic recording, CD, Magnetooptic recording medium, semiconductor memory etc. be present. For magnetic recording, HDD, FD, tape etc. be present.For CD, DVD be present(Digital Versatile Disc, number Word general optic disc)、DVD-RAM、CD-ROM、CD-R(Recordable, it can record)/RW(ReWritable, it is rewritable)Deng.It is right In optical/magnetic recording device, MO be present(Magneto Optical disk, magneto-optic disk)Deng.
Example above primarily illustrates the card data management method and card data management system of the present invention.Although only to it In some embodiments of the invention be described, but those of ordinary skill in the art are it is to be appreciated that the present invention can By without departing from its spirit with scope in the form of many other implement.Therefore, the example that is shown and embodiment by regarding To be illustrative and not restrictive, the situation of the spirit and scope of the present invention as defined in appended claims is not being departed from Under, the present invention may cover various modification and replacement.

Claims (10)

  1. A kind of 1. card data management method, it is characterised in that comprise the steps:
    Key implantation step, inject root key to encryption equipment;
    Cipher key calculation step, specific algorithm and dispersion factor are chosen, scattered calculating acquisition business is carried out based on the root key The protection key of key or/and business cipher key;And
    Key storage step, the business cipher key of acquisition is stored in the form of ciphertext.
  2. 2. card data management method as claimed in claim 1, it is characterised in that also enter one after the key storage step Step possesses:
    Fabrication data generation step, the business cipher key is generated into fabrication data with card data assembling and encryption is stored.
  3. 3. card data management method as claimed in claim 2, it is characterised in that also enter one after the key storage step Step possesses:
    Aerial opening step, when user initiates to open card request in the air, the fabrication number after corresponding encryption is associated with according to card number According to and be input to encryption equipment, encryption equipment decrypts the fabrication data after the encryption and verifies whether the system with storing safely Card data are consistent, in the case of consistent, exported after fabrication data are encrypted with security domain key and are supplied to user equipment.
  4. 4. card data management method as claimed in claim 1, it is characterised in that
    In the cipher key calculation step, the SEID when generating the key of card as dispersion factor choice cards, block in generation The card number of card is chosen when the business cipher key and protection key of piece as dispersion factor.
  5. 5. card data management method as claimed in claim 1, it is characterised in that
    In the key implantation step, multiple key components are injected to encryption equipment, the multiple key components form root key.
  6. A kind of 6. card data management system, it is characterised in that the card data management system includes encryption equipment,
    Wherein, the encryption equipment possesses:
    Memory module, for storing the root key of encryption equipment;
    First encrypting module, for obtaining specific algorithm and dispersion factor, scattered calculating is carried out based on the root key and obtained The protection key of business cipher key or/and business cipher key and export;
    Assemble module, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and export; And
    Deciphering module, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in described deposit The fabrication data stored up in module are consistent;And
    Second encrypting module, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data security domain Exported after key encryption.
  7. 7. card data management system as claimed in claim 6, it is characterised in that the card data management system further has It is standby:
    For storing the database of various keys and fabrication data.
  8. 8. card data management system as claimed in claim 6, it is characterised in that
    SEID when generating the key of card as dispersion factor choice cards of first encrypting module, in generation card The card number of card is chosen when business cipher key and protection key as dispersion factor.
  9. 9. a kind of computer-readable medium, is stored thereon with computer program, it is characterised in that the computer program is by processor The step of any one methods described in claim 1 ~ 5 is realized during execution.
  10. 10. a kind of computer equipment, including memory, processor and storage can be run on a memory and on a processor Computer program, it is characterised in that realize any one in claim 1 ~ 5 described in the computing device during computer program The step of methods described.
CN201711035662.2A 2017-10-30 2017-10-30 Card data management method and card data management system Active CN107844707B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711035662.2A CN107844707B (en) 2017-10-30 2017-10-30 Card data management method and card data management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711035662.2A CN107844707B (en) 2017-10-30 2017-10-30 Card data management method and card data management system

Publications (2)

Publication Number Publication Date
CN107844707A true CN107844707A (en) 2018-03-27
CN107844707B CN107844707B (en) 2020-12-29

Family

ID=61681858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711035662.2A Active CN107844707B (en) 2017-10-30 2017-10-30 Card data management method and card data management system

Country Status (1)

Country Link
CN (1) CN107844707B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110569678A (en) * 2019-08-02 2019-12-13 中国工商银行股份有限公司 security chip personalization method, terminal and server
CN110635900A (en) * 2019-09-10 2019-12-31 北京中电华大电子设计有限责任公司 Key management method and system suitable for Internet of things system
CN112532388A (en) * 2020-12-04 2021-03-19 广州羊城通有限公司 Encryption method and device for air-issued data of air-issued card

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
US20100088523A1 (en) * 2008-10-07 2010-04-08 Microsoft Corporation Trusted platform module security
CN104602224A (en) * 2014-12-31 2015-05-06 浙江融创信息产业有限公司 Over-the-air card activating method based on SWP-SIM card of NFC mobile phone
CN105991276A (en) * 2015-01-27 2016-10-05 北京数码视讯科技股份有限公司 Key transmission system, method and apparatus for integrated circuit card
CN106161402A (en) * 2015-04-22 2016-11-23 阿里巴巴集团控股有限公司 Encryption equipment key injected system based on cloud environment, method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100088523A1 (en) * 2008-10-07 2010-04-08 Microsoft Corporation Trusted platform module security
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
CN104602224A (en) * 2014-12-31 2015-05-06 浙江融创信息产业有限公司 Over-the-air card activating method based on SWP-SIM card of NFC mobile phone
CN105991276A (en) * 2015-01-27 2016-10-05 北京数码视讯科技股份有限公司 Key transmission system, method and apparatus for integrated circuit card
CN106161402A (en) * 2015-04-22 2016-11-23 阿里巴巴集团控股有限公司 Encryption equipment key injected system based on cloud environment, method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110569678A (en) * 2019-08-02 2019-12-13 中国工商银行股份有限公司 security chip personalization method, terminal and server
CN110569678B (en) * 2019-08-02 2022-02-25 中国工商银行股份有限公司 Security chip personalization method, terminal and server
CN110635900A (en) * 2019-09-10 2019-12-31 北京中电华大电子设计有限责任公司 Key management method and system suitable for Internet of things system
CN110635900B (en) * 2019-09-10 2022-05-20 北京中电华大电子设计有限责任公司 Key management method and system suitable for Internet of things system
CN112532388A (en) * 2020-12-04 2021-03-19 广州羊城通有限公司 Encryption method and device for air-issued data of air-issued card
CN112532388B (en) * 2020-12-04 2023-10-13 广州羊城通有限公司 Encryption method and device for air issuing data of air issuing card

Also Published As

Publication number Publication date
CN107844707B (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN103348623B (en) Termination, checking device, key distribution device, content reproducing method and cryptographic key distribution method
EP2267628B1 (en) Token passing technique for media playback devices
CN102484638B (en) Layered protection and validation of identity data delivered online via multiple intermediate clients
CN100459780C (en) Robust and flexible digital rights management involving a tamper-resistant identity module
US8386799B2 (en) Methods and apparatuses for providing DRM interoperability
CN107743133A (en) Mobile terminal and its access control method and system based on trustable security environment
CN104123506B (en) Data access method, device, data encryption, storage and access method, device
CN110120869A (en) Key management system and cipher key service node
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
CN107959567A (en) Date storage method, data capture method, apparatus and system
CN101771699A (en) Method and system for improving SaaS application security
US20070276756A1 (en) Recording/Reproducing Device, Recording Medium Processing Device, Reproducing Device, Recording Medium, Contents Recording/Reproducing System, And Contents Recording/Reproducing Method
US9215070B2 (en) Method for the cryptographic protection of an application
JP2008527874A (en) ENCRYPTION SYSTEM, METHOD, AND COMPUTER PROGRAM (System and method for securely and conveniently processing combined state information of encryption)
CN103618705A (en) Personal code managing tool and method under open cloud platform
CN106878245A (en) The offer of graphic code information, acquisition methods, device and terminal
CN100386811C (en) Information processing apparatus, information recording medium, information processing method and computer program
CN109450620A (en) The method and mobile terminal of security application are shared in a kind of mobile terminal
CN107844707A (en) A kind of card data management method and card data management system
CN102799815B (en) A kind of method and apparatus of safe loading procedure storehouse
US8745375B2 (en) Handling of the usage of software in a disconnected computing environment
CN108494724A (en) Cloud storage encryption system based on more authorized organization's encryption attribute algorithms and method
CN110545325B (en) Data encryption sharing method based on intelligent contract
CN108446909A (en) A kind of electronic signature method based on biological characteristic electronic business card
CN112804195A (en) Data security storage method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant