CN107844707A - A kind of card data management method and card data management system - Google Patents
A kind of card data management method and card data management system Download PDFInfo
- Publication number
- CN107844707A CN107844707A CN201711035662.2A CN201711035662A CN107844707A CN 107844707 A CN107844707 A CN 107844707A CN 201711035662 A CN201711035662 A CN 201711035662A CN 107844707 A CN107844707 A CN 107844707A
- Authority
- CN
- China
- Prior art keywords
- key
- card
- encryption
- data management
- card data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of card data management system and method.This method includes:Root key is injected to encryption equipment;Specific algorithm and dispersion factor are chosen, the scattered protection key for calculating acquisition business cipher key or/and business cipher key is carried out based on the root key, the business cipher key of acquisition is stored in the form of ciphertext;The business cipher key is generated fabrication data and encrypted with card data assembling and is stored;When user initiates to open card request in the air, fabrication data after corresponding encryption are associated with according to card number and are input to encryption equipment, encryption equipment is decrypted the fabrication data after the encryption and verified whether consistent with having stored in the fabrication data in encryption equipment, in the case of consistent, exported after fabrication data are encrypted with security domain key and be supplied to user equipment.According to the present invention can the preset card data of batch, be capable of the security of safeguards system, the oncurrent processing ability of system can be also provided.
Description
Technical field
The present invention relates to the communication technology, relates more specifically to a kind of card data management method used in NFC mobile payments
And card data management system.
Background technology
Open in the air in card business system at present, the not standardization for card data management illustrates.Existing card data
Managed Solution is mainly comprising following several situations:
(1)Personal data is preserved by DP file encryptions;
(2)Card key is obtained by encryption equipment interface in real time, assembles personal data.
The key that card personalization packet is applied containing card, belong to extremely sensitive data.Common solution can be from adding
Related service key is drawn by corresponding business master key is scattered in close machine, although safety is due in card personalization data
Be related to it is more business cipher key, it is so relatively more with the interaction times of encryption equipment in the service interaction of reality, consume necessarily
Time, reduce business execution efficiency.So generally system all takes the scheme of preset card data, i.e., appointed by timing
Business in advance by the business cipher key of card from encryption equipment export, with other card personalization data assemblings into complete fabrication data simultaneously
Safety storage.Such as DP files are exactly one kind of preset scheme, and the solution that traditional hair fastener uses.
But only protected in the full field of terminal of NFC, DP files by transmitting key, lack the control of some systems safety
System, so needing to propose brand-new solution.
The content of the invention
In view of described problem, the present invention is intended to provide a kind of card number that can further improve security and operating flexibility
According to management method and card data management system.Card data herein are referred to as card personalization data.
The card data management method of an aspect of of the present present invention, it is characterised in that comprise the steps:
Key implantation step, inject root key to encryption equipment;
Cipher key calculation step, specific algorithm and dispersion factor are chosen, scattered calculating acquisition business is carried out based on the root key
The protection key of key or/and business cipher key;And
Key storage step, the business cipher key of acquisition is stored in the form of ciphertext.
Alternatively, also it is further equipped with after the key storage step:
Fabrication data generation step, the business cipher key is generated into fabrication data with card data assembling and encryption is stored.
Alternatively, also it is further equipped with after the key storage step:
Aerial opening step, when user initiates to open card request in the air, the fabrication number after corresponding encryption is associated with according to card number
According to and be input to encryption equipment, encryption equipment decrypts the fabrication data after the encryption and verifies whether the system with storing safely
Card data are consistent, in the case of consistent, exported after fabrication data are encrypted with security domain key and are supplied to user equipment.
Alternatively, in the cipher key calculation step, when generating the business of card as dispersion factor choice cards
SEID, the card number of card is chosen as dispersion factor when generating the business cipher key of card and protection key.
Alternatively, in the key implantation step, multiple key components, the multiple key components are injected to encryption equipment
Form root key;
The card data management system of an aspect of of the present present invention, it is characterised in that at least possess encryption equipment,
Wherein, the encryption equipment possesses:
Memory module, for storing the root key of encryption equipment;
First encrypting module, for obtaining specific algorithm and dispersion factor, scattered calculating is carried out based on the root key and obtained
The protection key of business cipher key or/and business cipher key and export;
Assemble module, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and export;
And
Deciphering module, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in described deposit
The fabrication data stored up in module are consistent;And
Second encrypting module, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data security domain
Exported after key encryption.
Alternatively, the card data management system is further equipped with:It is also equipped with being used to store various keys and fabrication data
Database.
Alternatively, first encrypting module generate card key when as dispersion factor choice cards SEID,
The card number of card is chosen as dispersion factor when generating the business cipher key of card and protection key.
The computer-readable medium of the present invention, is stored thereon with computer program, it is characterised in that the computer program quilt
The step of card data management method is realized during computing device.
The computer equipment of the present invention, including memory, processor and storage are on a memory and can be on a processor
The computer program of operation, it is characterised in that realize the card data management described in the computing device during computer program
The step of method.
Brief description of the drawings
Fig. 1 is the flow chart for the specific steps for representing the card data management method of the present invention.
Fig. 2 is the schematic diagram for the construction for representing the card data management system of the present invention.
Schematic diagram in the case of Fig. 3 is the progress sensitive data storage for representing the card data management system of the present invention.
Fig. 4 is the schematic diagram for the conventional application method for key for representing the card data management system of the present invention.
Embodiment
What is be described below is some in multiple embodiments of the invention, it is desirable to provide to the basic understanding of the present invention.And
It is not intended to the crucial or conclusive key element for confirming the present invention or limits scope of the claimed.
Fig. 1 is the flow chart for the specific steps for representing the card data management method of the present invention.
As shown in figure 1, the card data management method of the present invention comprises the steps:
Key implantation step S100:Root key is injected to encryption equipment, key provider can be direct by way of manually input
Specific root key is injected to secret machine;
Cipher key calculation step S200:Specific algorithm and dispersion factor are chosen, carrying out scattered calculate based on the root key obtains
The protection key of business cipher key or/and business cipher key;
Key storage step S300:The business cipher key of acquisition is stored in the form of ciphertext, disperseed by root key
The protection key of obtained business cipher key or/and business cipher key can be stored in encryption equipment, can also be in database;
Fabrication data generation step S400:By the business cipher key and card data(DGI or extended formatting)Assembling generation fabrication
Data, fabrication data are stored in database together with crc value in a manner of ciphertext;
Aerial opening step S500:When user initiates to open card request in the air, the system after corresponding encryption is associated with according to card number
Card data are simultaneously input to encryption equipment, and encryption equipment is decrypted the fabrication data after the encryption and verified whether and stored system
Card data are consistent(Such as whether encryption equipment check (CRC) is legal, it is ensured that clear data is not distorted), in the case of consistent,
Fabrication data are exported, is exported after the card data after decryption are encrypted in a manner of script by security domain key and is supplied to use
Family equipment(Such as it is supplied to the NFC device of user).
Wherein, in key implantation step S100, the root key being made up of multiple key components, example are injected to encryption equipment
Such as, each key components can be held by different personnel, be inputted one by one according to component order during injection.
Wherein, the S300 in cipher key calculation step, can be selected as dispersion factor when generating the business cipher key of card
The SEID of card, the card number of card can be chosen as dispersion factor when generating the protection key of business cipher key of card.
It is illustrated above for the card data management method of the present invention, then, for the card data management of the present invention
System illustrates.
Fig. 2 is the schematic diagram for the construction for representing the card data management system of the present invention.
As shown in Fig. 2 the card data management system of the present invention possesses encryption equipment 100 and for various keys and fabrication data
Database 200.
Wherein, encryption equipment 100 possesses:
Memory module 110, the root key for encryption equipment;
First encrypting module 120, for calling specific algorithm and dispersion factor(For example, it can be provided with application software scattered
The factor), scattered calculate is carried out to the root key obtained from memory module 110 and obtains business cipher key or/and business cipher key
Protection key simultaneously exports, wherein, the first encrypting module 120 is when generating the business cipher key of card as dispersion factor choice cards
SEID, generate card business cipher key protection key when as dispersion factor choose card card number;
Assemble module 130, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and it is defeated
Go out;And
Deciphering module 140, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in institute
The fabrication data stated in memory module are consistent;And
Second encrypting module 150, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data safety
Exported after domain key encryption.
Sequentially for the present invention card data management system carry out sensitive data storage in the case of and for key
Conventional application method illustrate.
Schematic diagram in the case of Fig. 3 is the progress sensitive data storage for representing the card data management system of the present invention.
As shown in figure 3, card data management systems of the system B equivalent to the present invention, systems of the system B by interface from outside
A obtains data and carries out sensitive data storage.
Specifically, system A application software obtains external number from system A encryption equipment/other safe units in system A
According to.System B obtains external data by interface from system A system A application software, and it is outer that system B application software obtains this
Portion's data are simultaneously transferred in encryption equipment 100, and root key is carried out that secret keys are calculated using encryption equipment 100 and exports ciphertext
And it is stored in database 200.
Fig. 4 is the schematic diagram for the conventional application method for key for representing the card data management system of the present invention.
As shown in figure 4, database 200 transfers key from application software 300 and is supplied to encryption equipment 100 with ciphertext form,
The calling system encryption key of encryption equipment 100(Equivalent to root key)And call algorithm and calculated with being decrypted, is derived from
Key plain simultaneously exports ciphertext data, and the ciphertext data are available for application software 300 to use.Or application software 300 can also carry
For be-encrypted data to encryption equipment 100.
As described above, according to the card data management method and card data management system of the present invention, realized in NFC mobile phone public
In the scene for handing over card business, mass transit card can be applied and application data is dynamically loaded into the safety chip of NFC mobile phone, its
In, core needs private data to be protected during application data.Utilize the card data management method and card data management of the present invention
System, being capable of protection card data(Such as public transport application data)Safety during generation, transmission, storage and use.Moreover,
Using the card data management method and card data management system of the present invention, can the preset card data of batch, then in full terminal
When card business is opened in initiation, individualized script is obtained in real time, the security of system has been ensured, has also improved at the high concurrent of system
Reason ability.
Furthermore the present invention provides a kind of computer-readable medium, is stored thereon with computer program, the computer program quilt
The step of card data management method of the invention described above is realized during computing device.
Furthermore the present invention provides a kind of computer equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, the card number of the invention described above is realized described in the computing device during computer program
The step of according to management method.
As computer-readable medium, magnetic recording, CD, Magnetooptic recording medium, semiconductor memory etc. be present.
For magnetic recording, HDD, FD, tape etc. be present.For CD, DVD be present(Digital Versatile Disc, number
Word general optic disc)、DVD-RAM、CD-ROM、CD-R(Recordable, it can record)/RW(ReWritable, it is rewritable)Deng.It is right
In optical/magnetic recording device, MO be present(Magneto Optical disk, magneto-optic disk)Deng.
Example above primarily illustrates the card data management method and card data management system of the present invention.Although only to it
In some embodiments of the invention be described, but those of ordinary skill in the art are it is to be appreciated that the present invention can
By without departing from its spirit with scope in the form of many other implement.Therefore, the example that is shown and embodiment by regarding
To be illustrative and not restrictive, the situation of the spirit and scope of the present invention as defined in appended claims is not being departed from
Under, the present invention may cover various modification and replacement.
Claims (10)
- A kind of 1. card data management method, it is characterised in that comprise the steps:Key implantation step, inject root key to encryption equipment;Cipher key calculation step, specific algorithm and dispersion factor are chosen, scattered calculating acquisition business is carried out based on the root key The protection key of key or/and business cipher key;AndKey storage step, the business cipher key of acquisition is stored in the form of ciphertext.
- 2. card data management method as claimed in claim 1, it is characterised in that also enter one after the key storage step Step possesses:Fabrication data generation step, the business cipher key is generated into fabrication data with card data assembling and encryption is stored.
- 3. card data management method as claimed in claim 2, it is characterised in that also enter one after the key storage step Step possesses:Aerial opening step, when user initiates to open card request in the air, the fabrication number after corresponding encryption is associated with according to card number According to and be input to encryption equipment, encryption equipment decrypts the fabrication data after the encryption and verifies whether the system with storing safely Card data are consistent, in the case of consistent, exported after fabrication data are encrypted with security domain key and are supplied to user equipment.
- 4. card data management method as claimed in claim 1, it is characterised in thatIn the cipher key calculation step, the SEID when generating the key of card as dispersion factor choice cards, block in generation The card number of card is chosen when the business cipher key and protection key of piece as dispersion factor.
- 5. card data management method as claimed in claim 1, it is characterised in thatIn the key implantation step, multiple key components are injected to encryption equipment, the multiple key components form root key.
- A kind of 6. card data management system, it is characterised in that the card data management system includes encryption equipment,Wherein, the encryption equipment possesses:Memory module, for storing the root key of encryption equipment;First encrypting module, for obtaining specific algorithm and dispersion factor, scattered calculating is carried out based on the root key and obtained The protection key of business cipher key or/and business cipher key and export;Assemble module, for by the business cipher key and the card data assembling that is transfused into fabrication data encryption after and export; AndDeciphering module, for decrypting the fabrication data from the encryption of outside input and verifying whether and have stored in described deposit The fabrication data stored up in module are consistent;AndSecond encrypting module, in the case where the deciphering module judges that fabrication data are consistent, by fabrication data security domain Exported after key encryption.
- 7. card data management system as claimed in claim 6, it is characterised in that the card data management system further has It is standby:For storing the database of various keys and fabrication data.
- 8. card data management system as claimed in claim 6, it is characterised in thatSEID when generating the key of card as dispersion factor choice cards of first encrypting module, in generation card The card number of card is chosen when business cipher key and protection key as dispersion factor.
- 9. a kind of computer-readable medium, is stored thereon with computer program, it is characterised in that the computer program is by processor The step of any one methods described in claim 1 ~ 5 is realized during execution.
- 10. a kind of computer equipment, including memory, processor and storage can be run on a memory and on a processor Computer program, it is characterised in that realize any one in claim 1 ~ 5 described in the computing device during computer program The step of methods described.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711035662.2A CN107844707B (en) | 2017-10-30 | 2017-10-30 | Card data management method and card data management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711035662.2A CN107844707B (en) | 2017-10-30 | 2017-10-30 | Card data management method and card data management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107844707A true CN107844707A (en) | 2018-03-27 |
CN107844707B CN107844707B (en) | 2020-12-29 |
Family
ID=61681858
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711035662.2A Active CN107844707B (en) | 2017-10-30 | 2017-10-30 | Card data management method and card data management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107844707B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110569678A (en) * | 2019-08-02 | 2019-12-13 | 中国工商银行股份有限公司 | security chip personalization method, terminal and server |
CN110635900A (en) * | 2019-09-10 | 2019-12-31 | 北京中电华大电子设计有限责任公司 | Key management method and system suitable for Internet of things system |
CN112532388A (en) * | 2020-12-04 | 2021-03-19 | 广州羊城通有限公司 | Encryption method and device for air-issued data of air-issued card |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
US20100088523A1 (en) * | 2008-10-07 | 2010-04-08 | Microsoft Corporation | Trusted platform module security |
CN104602224A (en) * | 2014-12-31 | 2015-05-06 | 浙江融创信息产业有限公司 | Over-the-air card activating method based on SWP-SIM card of NFC mobile phone |
CN105991276A (en) * | 2015-01-27 | 2016-10-05 | 北京数码视讯科技股份有限公司 | Key transmission system, method and apparatus for integrated circuit card |
CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
-
2017
- 2017-10-30 CN CN201711035662.2A patent/CN107844707B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100088523A1 (en) * | 2008-10-07 | 2010-04-08 | Microsoft Corporation | Trusted platform module security |
CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
CN104602224A (en) * | 2014-12-31 | 2015-05-06 | 浙江融创信息产业有限公司 | Over-the-air card activating method based on SWP-SIM card of NFC mobile phone |
CN105991276A (en) * | 2015-01-27 | 2016-10-05 | 北京数码视讯科技股份有限公司 | Key transmission system, method and apparatus for integrated circuit card |
CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110569678A (en) * | 2019-08-02 | 2019-12-13 | 中国工商银行股份有限公司 | security chip personalization method, terminal and server |
CN110569678B (en) * | 2019-08-02 | 2022-02-25 | 中国工商银行股份有限公司 | Security chip personalization method, terminal and server |
CN110635900A (en) * | 2019-09-10 | 2019-12-31 | 北京中电华大电子设计有限责任公司 | Key management method and system suitable for Internet of things system |
CN110635900B (en) * | 2019-09-10 | 2022-05-20 | 北京中电华大电子设计有限责任公司 | Key management method and system suitable for Internet of things system |
CN112532388A (en) * | 2020-12-04 | 2021-03-19 | 广州羊城通有限公司 | Encryption method and device for air-issued data of air-issued card |
CN112532388B (en) * | 2020-12-04 | 2023-10-13 | 广州羊城通有限公司 | Encryption method and device for air issuing data of air issuing card |
Also Published As
Publication number | Publication date |
---|---|
CN107844707B (en) | 2020-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103348623B (en) | Termination, checking device, key distribution device, content reproducing method and cryptographic key distribution method | |
EP2267628B1 (en) | Token passing technique for media playback devices | |
CN102484638B (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
CN100459780C (en) | Robust and flexible digital rights management involving a tamper-resistant identity module | |
US8386799B2 (en) | Methods and apparatuses for providing DRM interoperability | |
CN107743133A (en) | Mobile terminal and its access control method and system based on trustable security environment | |
CN104123506B (en) | Data access method, device, data encryption, storage and access method, device | |
CN110120869A (en) | Key management system and cipher key service node | |
EP2095288B1 (en) | Method for the secure storing of program state data in an electronic device | |
CN107959567A (en) | Date storage method, data capture method, apparatus and system | |
CN101771699A (en) | Method and system for improving SaaS application security | |
US20070276756A1 (en) | Recording/Reproducing Device, Recording Medium Processing Device, Reproducing Device, Recording Medium, Contents Recording/Reproducing System, And Contents Recording/Reproducing Method | |
US9215070B2 (en) | Method for the cryptographic protection of an application | |
JP2008527874A (en) | ENCRYPTION SYSTEM, METHOD, AND COMPUTER PROGRAM (System and method for securely and conveniently processing combined state information of encryption) | |
CN103618705A (en) | Personal code managing tool and method under open cloud platform | |
CN106878245A (en) | The offer of graphic code information, acquisition methods, device and terminal | |
CN100386811C (en) | Information processing apparatus, information recording medium, information processing method and computer program | |
CN109450620A (en) | The method and mobile terminal of security application are shared in a kind of mobile terminal | |
CN107844707A (en) | A kind of card data management method and card data management system | |
CN102799815B (en) | A kind of method and apparatus of safe loading procedure storehouse | |
US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
CN108494724A (en) | Cloud storage encryption system based on more authorized organization's encryption attribute algorithms and method | |
CN110545325B (en) | Data encryption sharing method based on intelligent contract | |
CN108446909A (en) | A kind of electronic signature method based on biological characteristic electronic business card | |
CN112804195A (en) | Data security storage method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |