CN110458551A - Data interaction system - Google Patents
Data interaction system Download PDFInfo
- Publication number
- CN110458551A CN110458551A CN201910477280.8A CN201910477280A CN110458551A CN 110458551 A CN110458551 A CN 110458551A CN 201910477280 A CN201910477280 A CN 201910477280A CN 110458551 A CN110458551 A CN 110458551A
- Authority
- CN
- China
- Prior art keywords
- cutting ferrule
- connection
- truth cards
- random factor
- factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 89
- 238000004088 simulation Methods 0.000 claims abstract description 394
- 230000005540 biological transmission Effects 0.000 claims abstract description 249
- 238000009739 binding Methods 0.000 claims description 412
- 230000027455 binding Effects 0.000 claims description 412
- 238000012545 processing Methods 0.000 claims description 115
- 230000004044 response Effects 0.000 claims description 50
- 230000008901 benefit Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 description 66
- 230000008569 process Effects 0.000 description 44
- 230000006870 function Effects 0.000 description 28
- 238000012790 confirmation Methods 0.000 description 25
- 238000012795 verification Methods 0.000 description 20
- 230000002452 interceptive effect Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The present invention provides a kind of data interaction systems, comprising: simulation card, cutting ferrule and Truth cards manager;Cutting ferrule, for obtaining cutting ferrule end Truth cards information list;Prompt cutting ferrule end Truth cards information list;Truth cards selection instruction is received, determines the Truth cards chosen;Card is simulated, for receiving the first data of transaction terminal transmission, and Truth cards manager is sent to by cutting ferrule;Truth cards manager, the first data sent for receiving simulation card, and it is sent to the Truth cards chosen;The second data that the Truth cards chosen are sent are received, and simulation card is sent to by cutting ferrule;Card is simulated, is also used to receive the second data of Truth cards manager transmission, and sends the easy terminal of best friend.Simulation card, the data interaction between cutting ferrule and Truth cards manager may be implemented in data interaction system through the invention, with provide it is a kind of it is novel both user is facilitated to carry, and the higher trading solution of safety.
Description
Technical field
The present invention relates to electronic information security technical field more particularly to a kind of data interaction systems.
Background technique
In existing transaction flow, such as: it withdraws the money or shopping is swiped the card, usual user needs to carry to handle from bank
Bank card, user carries bank card, and there is a certain security risk, once losing, then is easy to cause to damage to the assets of user
It loses.In addition, a user may possess the bank card of multiple different banks simultaneously since bank card type is varied, if you need to
The bank card of multiple different banks is carried, it is also not portable enough, if only carried in multiple bank cards to be convenient for carrying
Certain bank cards when, withdrawn the money or done shopping using these bank cards swipe the card when, it is understood that there may be inter-bank transaction, cause to hand over
Unnecessary expense occurs in easily.
Therefore, be badly in need of providing in the prior art it is a kind of both user was facilitated to carry, and the higher trading solution of safety.
Summary of the invention
Present invention seek to address that the above problem.
The main purpose of the present invention is to provide a kind of data interaction systems.
In order to achieve the above objectives, technical solution of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of data interaction system, comprising: simulation card, cutting ferrule and Truth cards management
Device;Cutting ferrule, for obtaining cutting ferrule end Truth cards information list;Prompt cutting ferrule end Truth cards information list;Receive true card
Piece selection instruction determines the Truth cards chosen;Wherein, Truth cards information list in cutting ferrule end is cutting ferrule from Truth cards management
The Truth cards manager end Truth cards information list obtained in device, Truth cards manager end Truth cards information list packet
Include the Truth cards information for the Truth cards connecting with Truth cards manager;Card is simulated, is sent for receiving transaction terminal
The first data, and Truth cards manager is sent to by cutting ferrule;Truth cards manager is sent for receiving simulation card
The first data, and be sent to the Truth cards chosen;The second data that the Truth cards chosen are sent are received, and pass through cutting ferrule
It is sent to simulation card;Card is simulated, is also used to receive the second data of Truth cards manager transmission, and it is easily whole to send best friend
End.
In addition, cutting ferrule, is also used to establish secure connection with simulation card, obtains and carry out data between cutting ferrule and simulation card
Cutting ferrule end the first safe transmission key of safe transmission;Simulate card, be also used to establish secure connection with cutting ferrule, obtain cutting ferrule with
Simulate the simulation Card-terminal safe transmission key that data security transmission is carried out between card.
In addition, cutting ferrule, it is used to indicate the first secure connection for establishing secure connection specifically for being sent to simulation card and refers to
It enables, wherein the instruction of the first secure connection includes: that cutting ferrule utilizes the simulation card public key in simulation card certificate to cutting ferrule end first
Binding factor and the first connection random factor of generation carry out the first connection ciphertext of encryption acquisition, and cutting ferrule utilizes cutting ferrule private key
The first connection signature of signature acquisition is carried out to the first binding factor of cutting ferrule end and the first connection random factor;Card is simulated,
Specifically for receiving the instruction of the first secure connection, the first connection ciphertext is decrypted using simulation card private key, obtains cutting ferrule
The first binding decryption factor of end and the first connection decryption random factor;Utilize the cutting ferrule public key in cutting ferrule certificate, cutting ferrule end
One binding decryption factor and the first connection connection signature of decryption random factor pair first are verified;Verifying the first connection signature
After correct, decryption factor is bound at verifying cutting ferrule end first and whether simulation Card-terminal binding factor is identical;Verify cutting ferrule end first
After binding decryption factor is identical as simulation Card-terminal binding factor, the second connection random factor is generated;Using in cutting ferrule certificate
Cutting ferrule public key carries out encryption to the first connection decryption random factor and the second connection random factor and obtains the second connection ciphertext, benefit
Signature is carried out to the first connection decryption random factor and the second connection random factor with simulation card private key and obtains the second connection
Signature;The response of the first secure connection is sent to cutting ferrule, wherein the response of the first secure connection includes: the second connection ciphertext and the
Two connection signatures;Cutting ferrule is specifically also used to receive the response of the first secure connection, is carried out using cutting ferrule private key to the second connection ciphertext
Decryption, the first connection decryption random factor and the second connection decryption random factor after being decrypted;Utilize simulation card certificate
In simulation card public key, the first connection decryption random factor after decryption and the second connection decryption random factor pair second connect
Signature is verified;After verifying the second connection signature is correct, the first connection decryption random factor after verifying decryption connects with first
Whether identical connect random factor;Verifying decryption after first connection the decryption random factor with first connect random factor it is identical after,
Cutting ferrule is generated at least with the second connection decryption random factor and simulates cutting ferrule end the first safe transmission key between card;Simulation
Card, the simulation Card-terminal that is specifically also used to generate cutting ferrule at least with the second connection random factor and simulate between card pass safely
Defeated key.
In addition, cutting ferrule, specifically for receive the third connection random factor that the simulation card that simulation card is sent generates with
And simulation card unique identification;It is sent to simulation card and is used to indicate the second secure connection for establishing secure connection instruction, wherein
Second secure connection instruction include: cutting ferrule unique identification, cutting ferrule using simulation card certificate in simulation card public key to third
Connection random factor and the 4th connection random factor of generation carry out the third connection ciphertext of encryption acquisition, cutting ferrule utilizes cutting ferrule
Private key connects random factor to third and the 4th connection random factor carries out the third connection signature of signature acquisition;Analog card
Whether piece is specifically used for receiving the instruction of the second secure connection, judge cutting ferrule unique identification in simulation Card-terminal list of bindings;Such as
Fruit cutting ferrule unique identification is decrypted third connection ciphertext in simulation Card-terminal list of bindings, using simulation card private key,
Obtain the third connection decryption random factor and the 4th connection decryption random factor;Using in cutting ferrule certificate cutting ferrule public key,
The three connection decryption random factors and the 4th connection decryption random factor pair third connection signature are verified;Verify third connection
After signature is correct, whether the verifying third connection decryption random factor connect random factor with third identical;If third connection with
Machine decryption factor and third connection random factor are identical, connect the decryption random factor and the to third using simulation card private key
The four connection decryption random factors carry out signature and obtain the 4th connection signature;The response of the second secure connection is sent to cutting ferrule, wherein the
The response of two secure connections includes: the 4th connection signature;Cutting ferrule is specifically also used to receive the response of the second secure connection, utilizes simulation
Simulation card public key, third connection random factor and the 4th connection random factor in card certificate carry out the 4th connection signature
Verifying;It is raw at least with the 4th connection random factor and the first binding factor of cutting ferrule end after verifying the 4th connection signature correctly
At cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;Card is simulated, is specifically also used to connect at least with the 4th
It connects the decryption random factor and simulates Card-terminal binding factor and generate cutting ferrule and simulate the simulation Card-terminal safe transmission between card
Key;Cutting ferrule is specifically also used to utilize the first safe transmission of cutting ferrule end key pair third connection random factor and the 4th connection
Random factor is sent to simulation card after carrying out the first processing;Card is simulated, is specifically also used to pass safely using simulation Card-terminal
The defeated key pair third connection decryption random factor and the 4th connection decryption random factor are sent to cutting ferrule after carrying out the first processing;
Cutting ferrule is specifically also used to receive the data that simulation card is sent, and received using cutting ferrule end the first safe transmission key pair
Data carry out second processing, and the data after comparing second processing connect random factor with third and the 4th connection random factor is
It is no identical;Card is simulated, is specifically also used to receive the data of cutting ferrule transmission, and dock using simulation Card-terminal safe transmission key
The data received carry out second processing, and the data after comparing second processing connect the decryption random factor and the 4th connection with third
Whether the decryption random factor is identical.
In addition, cutting ferrule, is also used to establish secure connection with Truth cards manager, cutting ferrule and Truth cards manager are obtained
Between carry out data security transmission cutting ferrule end the second safe transmission key;Truth cards manager is also used to establish with cutting ferrule
Secure connection obtains the Truth cards manager end safety biography that data security transmission is carried out between cutting ferrule and Truth cards manager
Defeated key.
In addition, cutting ferrule, is used to indicate the third for establishing secure connection safety specifically for sending to Truth cards manager
Link order, wherein the instruction of third secure connection includes: that cutting ferrule utilizes the Truth cards management in Truth cards manager certificate
The 5th connection that device public key carries out encryption acquisition to the 5th connection random factor of the second binding factor of cutting ferrule end and generation is close
Text, cutting ferrule carry out the 5th of signature acquisition to the second binding factor of cutting ferrule end and the 5th connection random factor using cutting ferrule private key
Connection signature;Truth cards manager is specifically used for receiving the instruction of third secure connection, utilizes Truth cards manager private key pair
5th connection ciphertext is decrypted, and obtains cutting ferrule end second and binds decryption factor and the 5th connection decryption random factor;It utilizes
Cutting ferrule public key, cutting ferrule end second in cutting ferrule certificate bind decryption factor and the 5th connection decryption random factor pair the 5th connects
Signature is verified;After verifying the 5th connection signature correctly, decryption factor and Truth cards management are bound in verifying cutting ferrule end second
Whether device end binding factor is identical;It is identical as Truth cards manager end binding factor to verify the binding decryption factor of cutting ferrule end second
Afterwards, the 6th connection random factor is generated;Using the cutting ferrule public key in cutting ferrule certificate to the 5th connection decryption random factor and the
Six connection random factors carry out encryption and obtain the 6th connection ciphertext, using Truth cards manager private key to the 5th connection RANDOM SOLUTION
The close factor and the 6th connection random factor carry out signature and obtain the 6th connection signature;Third secure connection is sent to cutting ferrule to ring
It answers, wherein the response of third secure connection includes: the 6th connection ciphertext and the 6th connection signature;Cutting ferrule is specifically also used to receive
The response of third secure connection is decrypted the 6th connection ciphertext using cutting ferrule private key, and the 5th connection after being decrypted is random
Decryption factor and the 6th connection decryption random factor;Using in Truth cards manager certificate Truth cards manager public key,
The 5th connection decryption random factor and the 6th connection connection signature of decryption random factor pair the 6th after decryption are verified;Verifying
After 6th connection signature is correct, the 5th connection decryption random factor after verifying decryption with the 5th connect random factor whether phase
Together;Verifying decryption after the 5th connection the decryption random factor with the 5th connection random factor it is identical after, at least with the 6th connect
The decryption random factor generates cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;Truth cards management
Device is specifically also used to generate the Truth cards management between cutting ferrule and Truth cards manager at least with the 6th connection random factor
Device end safe transmission key.
In addition, cutting ferrule, the 7th generated specifically for receiving the Truth cards manager that Truth cards manager is sent connects
Connect random factor and Truth cards manager unique identification;It is used to indicate to the transmission of Truth cards manager and establishes secure connection
4th secure connection instruction, wherein the instruction of the 4th secure connection includes: cutting ferrule unique identification, cutting ferrule using Truth cards management
Truth cards manager public key in device certificate carries out the 7th connection random factor and the 8th connection random factor of generation
7th connection ciphertext of encryption acquisition, cutting ferrule utilize cutting ferrule private key to the 7th connection random factor and the 8th connection random factor
Carry out the 7th connection signature of signature acquisition;Truth cards manager is specifically used for receiving the instruction of the 4th secure connection, judges card
Unique identification is covered whether in the list of bindings of Truth cards manager end;If cutting ferrule unique identification is at Truth cards manager end
In list of bindings, the 7th connection ciphertext is decrypted using Truth cards manager private key, obtains the 7th connection decryption random
The factor and the 8th connection decryption random factor;Using in cutting ferrule certificate cutting ferrule public key, the 7th connection the decryption random factor with
And the 8th connection decryption random factor pair the 7th connection signature verified;After verifying the 7th connection signature correctly, verifying the 7th
Whether connecting the decryption random factor, with the 7th to connect random factor identical;If the 7th connection decryption random factor is connect with the 7th
Random factor is identical, using Truth cards manager private key to the 7th connection decryption random factor and the 8th connection decryption random
The factor carries out signature and obtains the 8th connection signature;The response of the 4th secure connection is sent to cutting ferrule, wherein the response of the 4th secure connection
It include: the 8th connection signature;Cutting ferrule is specifically also used to receive the response of the 4th secure connection, utilizes Truth cards manager certificate
In Truth cards manager public key, the 7th connection random factor and the 8th connection random factor to the 8th connection signature test
Card;After verifying the 8th connection signature correctly, generated at least with the 8th connection random factor and the second binding factor of cutting ferrule end
Cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;Truth cards manager is specifically also used at least
Cutting ferrule and Truth cards manager are generated using the 8th connection decryption random factor and Truth cards manager end binding factor
Between Truth cards manager end safe transmission key;Cutting ferrule is specifically also used to utilize the second safe transmission of cutting ferrule end key pair
7th connection random factor and the 8th connection random factor are sent to Truth cards manager after carrying out the first processing;True card
Piece manager, be specifically also used to using Truth cards manager end safe transmission key pair the 7th connect the decryption random factor and
The 8th connection decryption random factor is sent to cutting ferrule after carrying out the first processing;Cutting ferrule is specifically also used to receive Truth cards management
The data that device is sent, and second processing is carried out using the data that cutting ferrule end the second safe transmission key pair receives, compare second
Data that treated connect random factor with the 7th and whether the 8th connection random factor is identical;Truth cards manager, tool
Body is also used to receive the data of cutting ferrule transmission, and the data received using Truth cards manager end safe transmission key pair into
Row second processing, the data after comparing second processing connect the decryption random factor and the 8th connection decryption random factor with the 7th
It is whether identical.
In addition, cutting ferrule, is also used to before cutting ferrule and simulation card establish secure connection, binding behaviour is executed with simulation card
Make.
In addition, cutting ferrule, specifically for receiving the trigger command for being used to indicate and being bound with simulation card;To simulation card
Send first binding instruction, wherein first binding instruction include: cutting ferrule generate first binding random factor, cutting ferrule certificate with
And cutting ferrule unique identification;Card is simulated, is specifically used for receiving the first binding instruction, cutting ferrule certificate is tested using root certificate
Card;After verifying cutting ferrule certificate is legal, the second binding random factor is generated;It is bound using the cutting ferrule public key in cutting ferrule certificate to first
Random factor and the second binding random factor carry out encryption and obtain the first binding ciphertext, are tied up using simulation card private key to first
Determine random factor and the second binding random factor carries out signature and obtains the first binding signature;The first binding is sent to cutting ferrule to ring
It answers, wherein the first binding response includes: the first binding ciphertext, the first binding signature, simulation card certificate and simulates card only
One mark;Cutting ferrule is specifically also used to receive the first binding response, is verified using root certificate to simulation card certificate;Verifying
Simulate card certificate it is legal after, using cutting ferrule private key to first binding ciphertext be decrypted, obtain first binding decryption random because
Son and the second binding decryption random factor;Using simulation card certificate in simulation card public key, first binding decryption random because
Son and the second binding binding signature of decryption random factor pair first are verified;After verifying the first binding signature is correct, verifying
Whether the first binding decryption random factor and the first binding random factor are identical;The first binding decryption random factor of verifying and first
After binding random factor is identical, simulation card unique identification is prompted;It receives for confirming that simulation card unique identification is correctly touched
It says the word, is signed using cutting ferrule private key to the first binding random factor and the second binding decryption random factor, obtain the
Two binding signatures, and storage simulate card unique identification, simulation card certificate and the first binding factor of cutting ferrule end to cutting ferrule
Hold the first list of bindings, wherein the first binding factor of cutting ferrule end is the second binding decryption random factor;The is sent to simulation card
Two binding signatures;Simulate card, be specifically also used to receive the second binding signature, using in cutting ferrule certificate cutting ferrule public key, first
Binding random factor and the second binding random factor verify the second binding signature;Verifying the second binding signature is correct
Afterwards, cutting ferrule unique identification, cutting ferrule certificate and simulation Card-terminal binding factor are stored to simulation Card-terminal list of bindings, wherein
Simulating Card-terminal binding factor is the second binding random factor.
In addition, cutting ferrule, is also used to before cutting ferrule and Truth cards manager establish secure connection, with Truth cards management
Device executes bindings.
As seen from the above technical solution provided by the invention, mould may be implemented in data interaction system through the invention
Quasi- data interaction between card, cutting ferrule and Truth cards manager, with provide it is a kind of it is novel both user is facilitated to carry, and pacify
The higher trading solution of full property.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the structural schematic diagram of data interaction system provided in an embodiment of the present invention;
Fig. 2 is that data interaction system provided in an embodiment of the present invention realizes that cutting ferrule and simulation card establish safe connection mode
One flow chart;
Fig. 3 is that data interaction system provided in an embodiment of the present invention realizes that cutting ferrule and simulation card establish safe connection mode
Two flow chart;
Fig. 4 is that data interaction system provided in an embodiment of the present invention realizes that cutting ferrule is established safety with Truth cards manager and connected
Connect the flow chart of mode one;
Fig. 5 is that data interaction system provided in an embodiment of the present invention realizes that cutting ferrule is established safety with Truth cards manager and connected
Connect the flow chart of mode two;
Fig. 6 is that data interaction system provided in an embodiment of the present invention realizes cutting ferrule and simulates the stream that card executes bindings
Cheng Tu;
Fig. 7 is that data interaction system provided in an embodiment of the present invention realizes that cutting ferrule and Truth cards manager execute binding behaviour
The flow chart of work.
Specific embodiment
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this
The embodiment of invention, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, belongs to protection scope of the present invention.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair
Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite
Importance or quantity or position.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
The present invention provides a kind of frameworks of data interaction, both user are facilitated to carry to provide, and the higher friendship of safety
Easy solution.The data interaction framework includes: simulation card, cutting ferrule and Truth cards manager.
Wherein:
Card is simulated, may include one or more, and the simulation card can may be for separately fabricated card
It is reserved with the Truth cards of simulation card function.The simulation card is identical as existing bank's card dimensions, in notebook data interaction frame
In structure, substitution Truth cards complete transaction.Simulating card has contact and/or non-contact interface, existing to cooperate
Transaction terminal (such as ATM machine, POS machine, bus card top-up machines etc.) completes transaction.Simulation card also has wireless interface, simulates
Card can carry out data interaction by the wireless interface and cutting ferrule.Wherein, contact interface can be contact etc., contactless
Interface can for NFC interface etc., the wireless interface can for blue tooth interface, infrared interface, 2.4GHz interface, WIFI interface,
RFID interface etc..
Cutting ferrule may include one or more cutting ferrules, and the cutting ferrule can manage one or more simulation card, every mould
Quasi- card can only belong to a cutting ferrule and be managed by it.The cutting ferrule can for it is separately fabricated be card envelope shape equipment,
Can be the mobile device with the cutting ferrule function of being provided in notebook data framework, comprising: smart phone, tablet computer (PAD),
PDA (such as palm PC, learning machine), laptop, E-book reading device, wearable device (such as intelligent wristwatch, intelligence
Energy glasses etc.) etc..Cutting ferrule can have contact and/or non-contact interface, so as to cooperate simulation card contact and/or
Non-contact interface carries out data interaction, and cutting ferrule also can have wireless interface, will pass through the wireless interface and simulation card
Corresponding interface carries out data interaction, wherein contact interface can be contact etc., and non-contact interface can be NFC interface
It can be blue tooth interface, infrared interface, 2.4GHz interface, WIFI interface, RFID interface etc. Deng, the wireless interface;Cutting ferrule also has
There is network interface, carry out data interaction will pass through network interface network interface corresponding with Truth cards manager, wherein
The network interface can be WIFI interface, mobile interchange network interface (such as 3G, 4G network) etc..In addition, cutting ferrule can also be shifting
The combination of dynamic equipment and electronic signature equipment, wherein the network interface of cutting ferrule is realized by means of the network interface of mobile device,
He can be respectively positioned in electronic signature equipment interface (such as wireless interface, contact and/or non-contact interface etc.), or should
Other interfaces can also be respectively positioned in mobile device or other interfaces in part of interface be located in electronic signature equipment, portion
Tap mouth is located in mobile device;The processing operation that cutting ferrule executes executes in electronic signature equipment;Cutting ferrule can moreover be only
Electronic signature equipment.Wherein, electronic signature equipment can be key equipment, such as industrial and commercial bank's U-shield, agricultural bank's K treasured etc..
Truth cards manager, can manage multiple cutting ferrules, and the Truth cards manager have multiple contacts (such as
Card slot etc.) interface and/or contactless (such as NFC etc.) interface, to facilitate Truth cards manager that can pass through different modes
Connect different types of Truth cards, wherein Truth cards manager is connected at least one Truth cards, and is stored with true
Real card management device end Truth cards information list, Truth cards manager end Truth cards information list include and Truth cards
The Truth cards information of the Truth cards of manager connection, which may include: card number, card authentication information etc.
Information, the card authentication information be authenticate Truth cards whether be regular channel (such as bank, public transport company etc.) distribution card
Piece information;The Truth cards can be function card (such as bus card, mess card, purchase card, member card, accumulating card etc.) or bank
The bank card issued;Optionally, Truth cards manager can be set to save whole in Truth cards connected to it or
The Truth cards information of part Truth cards, so that user makes different settings, example according to the security requirement to Truth cards
The Truth cards information for allowing to obtain certain Truth cards can be such as set not on Truth cards manager, to guarantee these
The safety of Truth cards.Truth cards manager also has network interface, corresponding with cutting ferrule will pass through the network interface
Network interface carries out data interaction, wherein the network interface can be WIFI interface, mobile interchange network interface (such as 3G, 4G net
Network) etc..
In notebook data interworking architecture, simulates card and Truth cards are smart chip card.
Hereinafter, being illustrated to the term in the present invention:
First processing includes: encryption, and second processing includes: decryption processing;Specifically, simple encryption guarantees that data pass
Defeated safety can be handled when data to be transmitted security level required is higher using such mode.Or
First processing includes: verification calculation processing, and second processing includes: verification verifying calculation processing;Specifically, simple school
Test guarantee data transfer integrity, prevent from distorting, treat integrity of data transmission it is more demanding when, such mode can be used
It is handled.Or
First processing includes: encryption and verification calculation processing, and second processing includes: decryption and verification verifying calculation processing.
Specifically, it using encryption and verification hybrid mode guarantee data transmission security and completely, is wanted to data security levels to be transmitted
When seeking highest, it can be handled using such mode.
Based on above-mentioned data interaction framework, the embodiment of the present invention provides a kind of data interaction system, passes through the data interaction
The data interaction between simulation card, cutting ferrule and Truth cards manager may be implemented in system, to provide a kind of novel both sides
Just user carries, and the higher trading solution of safety.
Fig. 1 shows the structural schematic diagram of data interaction system provided in an embodiment of the present invention, of the invention referring to Fig. 1
Data interaction system, comprising: simulation card, cutting ferrule and Truth cards manager;
Cutting ferrule, for obtaining cutting ferrule end Truth cards information list;Prompt cutting ferrule end Truth cards information list;It receives true
Real card selection instruction determines the Truth cards chosen;Wherein, Truth cards information list in cutting ferrule end is cutting ferrule from Truth cards
The Truth cards manager end Truth cards information list obtained in manager, Truth cards manager end Truth cards information column
Table includes the Truth cards information for the Truth cards connecting with Truth cards manager;
Card is simulated, for receiving the first data of transaction terminal transmission, and Truth cards management is sent to by cutting ferrule
Device;
Truth cards manager, the first data sent for receiving simulation card, and it is sent to the Truth cards chosen;
The second data that the Truth cards chosen are sent are received, and simulation card is sent to by cutting ferrule;
Card is simulated, is also used to receive the second data of Truth cards manager transmission, and sends the easy terminal of best friend.
Hereinafter, being directed to above-mentioned data interaction system, it is described in detail, specifically, which may include
The following aspects:
One, the Truth cards chosen are determined:
Cutting ferrule obtains cutting ferrule end Truth cards information list, wherein cutting ferrule end Truth cards information list is from true card
The Truth cards manager end Truth cards information list obtained in piece manager;Specifically, optionally, before this step,
The operation of cutting ferrule booting, cutting ferrule login Truth cards manager can also be performed, details are not described herein, specifically may refer to above-mentioned
Related cutting ferrule booting and cutting ferrule log in the associated description of Truth cards manager.In this step, it is true to obtain cutting ferrule end for cutting ferrule
Card image list can also include the steps that cutting ferrule updates cutting ferrule end Truth cards information list, also repeat no more herein, have
Body may refer to the associated description that above-mentioned cutting ferrule updates cutting ferrule end Truth cards information list.Cutting ferrule is from Truth cards manager
After the Truth cards manager end Truth cards information list of acquisition, store it in the storage region of cutting ferrule, as cutting ferrule
Truth cards information list is held, needs to prompt (such as display or voice broadcasting etc.) cutting ferrule end Truth cards information column in cutting ferrule
When table, the cutting ferrule end Truth cards information list can be directly acquired from local, improve the processing speed of cutting ferrule.
Cutting ferrule prompts cutting ferrule end Truth cards information list;Specifically, cutting ferrule using itself display device or by
Exterior display device show cutting ferrule end Truth cards information list or cutting ferrule using the voice playing device of itself or by
External voice playing device voice, which plays (such as loudspeaker play or by headset earpiece broadcasting etc.) cutting ferrule end Truth cards, to be believed
List is ceased, so that user needs Truth cards to be used according to cutting ferrule end Truth cards information list when selecting to trade,
Facilitate user to select, enhances user experience.
Cutting ferrule receives Truth cards selection instruction, determines the Truth cards chosen;Specifically, the received Truth cards of cutting ferrule
Selection instruction can be that the selection physical button being provided separately on cutting ferrule generates, or can be the choosing on the touch screen of cutting ferrule
Virtual key generation is selected, or can be to choose the menu item for indicating selection function raw in the menu shown on cutting ferrule screen
At.Cutting ferrule receives Truth cards selection instruction, determines the Truth cards chosen, cutting ferrule via Truth cards manager with choose
Truth cards realize data transmission.Furthermore it is possible to realize the Truth cards for determining and choosing in the following way: cutting ferrule receives true
Mark is chosen in real card selection instruction, acquisition, wherein mark is chosen to be used to indicate the Truth cards chosen;Cutting ferrule will choose mark
Knowledge is sent to Truth cards manager;Truth cards manager according to choose mark it is true from being connect with Truth cards manager
In card, the Truth cards chosen corresponding with mark is chosen are determined;Wherein, choose mark can be in Truth cards information
Part or all of information, such as: card number and/or Truth cards manager reading-writing port mark;Truth cards manager receives
After choosing mark, it can be found in the Truth cards information list of Truth cards manager end corresponding with mark is chosen true
Card management device reading-writing port mark, so that Truth cards manager determines its reading-writing port, thus by the reading-writing port with
The Truth cards chosen carry out data interaction.
Two, data interaction:
It simulates card and receives the first data that transaction terminal is sent, and Truth cards manager is sent to by cutting ferrule;Tool
Body, in data exchange process, will simulation card and transaction terminal (such as ATM machine, POS machine, bus card top-up machines etc.) into
Row connection (contact interface or non-contact interface), simulation card receive the first data that transaction terminal is sent, this first
Data can be data (such as withdrawal amount, deducted amount, Truth cards information acquisition request etc.) to be processed.In addition, In
After cutting ferrule receives the first data that simulation card is sent, first data can also be prompted, and receives and is used to indicate first number
After correct confirmation instruction, the first data are sent to Truth cards manager;Based on this, cutting ferrule can also show the first number
According to, can also be played with voice (such as loudspeaker play or by headset earpiece play etc.) first data, for user confirm this
Whether the first data are correct, only after correct, after the first data of instruction of reception user's input correctly confirm instruction, just will
First data are sent to Truth cards manager;If user confirms that first data are incorrect, it can directly cancel this
Secondary data interaction improves the safety of data interaction with this.Received first data that are used to indicate of cutting ferrule correctly confirm instruction
It can be that the confirmation physical button being provided separately on cutting ferrule generates, or can virtually press for the confirmation on the touch screen of cutting ferrule
Key generate, in the menu perhaps shown on cutting ferrule screen select confirmation function generate or can be cutting ferrule voice
The confirmation of voice that acquisition device (such as Mike) receives is indicated and is generated when being verified rear, or can be the finger of cutting ferrule
Line acquisition device receives fingerprint identification and indicates and generate after being verified, or can connect for the iris collection device of cutting ferrule
Iris confirmation is received to indicate and generate after being verified, it is, of course, also possible to generated for other any modes, in the present invention
And with no restriction.
Truth cards manager receives the first data that simulation card is sent, and is sent to the Truth cards chosen;Specifically
First data are sent to the Truth cards chosen by ground, Truth cards manager, so that the Truth cards chosen are to the first data
It is handled.
Truth cards manager receives the second data that the Truth cards chosen are sent, and is sent to analog card by cutting ferrule
Piece;Specifically, the Truth cards chosen receive the first data that Truth cards manager end is sent, and will handle after being handled
The second data obtained afterwards are sent to Truth cards manager, wherein the Truth cards chosen handle the first data, should
Processing is the scheme of the processing of existing smart card, and details are not described herein.Truth cards manager receives the Truth cards hair chosen
The second data sent, and it is sent to cutting ferrule, which is sent to simulation card by cutting ferrule.
It simulates card and receives the second data that Truth cards manager is sent, and send the easy terminal of best friend.Specifically, it simulates
Card is sent to transaction terminal after receiving the second data that cutting ferrule is sent, and transaction terminal receives that treated the by Truth cards
After two data, it can be handled according to the demand of specific implementation scene, such as withdrawal note output, transfer accounts, swipe the card and withhold, supplement behaviour with money
Make etc..
Based on above-mentioned data interaction process, a variety of different types of true cards can be may be implemented by a simulation card
The function of piece when user carries out data interaction, need to only carry simulation card and cutting ferrule, can be complete without carrying Truth cards
At raising convenience and safety.
Cutting ferrule can prompt the information for needing to confirm in data exchange process, and user can hand over data as a result,
The information that needs during mutually confirm executes interaction after being confirmed again, to guarantee the authenticity of data interaction, improves peace
Quan Xing.
Further, since can choose use and the matched Truth cards of transaction terminal, user in the prior art can solve
It does not carry with the matched Truth cards of transaction terminal and unnecessary expense expenditure (such as bank's inter-bank withdrawal service charge for generating
Deng).
Certainly, above-mentioned specific implementation is only disclosed from transaction terminal to Truth cards, the list of Truth cards to transaction terminal
Secondary data interaction, in practical applications, it is understood that there may be multiple data interaction, interaction flow is similar to above-mentioned single data interaction,
In multiple data interaction, whether can be needed to confirm according to interactive data the number for whether prompting interaction at cutting ferrule is arranged in
According to come the authenticity that guarantees interaction data.
Three, secure connection is established:
Before cutting ferrule obtains cutting ferrule end Truth cards information list, the present invention can also include that cutting ferrule and simulation card are established
Secure connection obtains cutting ferrule and simulates cutting ferrule end the first safe transmission key and the simulation for carrying out data security transmission between card
The process of Card-terminal safe transmission key.
It is of course also possible to establish secure connection including cutting ferrule and Truth cards manager, cutting ferrule and Truth cards pipe are obtained
It manages cutting ferrule end the second safe transmission key for carrying out data security transmission between device and Truth cards manager end safe transmission is close
The process of key.
Certainly, above-mentioned two process may be performed simultaneously, execution when can also be different, and can only execute a process,
Can two processes be performed both by.
1, cutting ferrule and simulation card establish secure connection, obtain cutting ferrule and simulate progress data security transmission between card
Cutting ferrule end the first safe transmission key and simulation Card-terminal safe transmission key:
In the present invention, cutting ferrule and simulation card can establish in the following way secure connection:
Mode one, cutting ferrule and simulation card mutual authentication other side identity (such as mutual authentication other side signed data), and
During mutual authentication other side's identity, whether the binding factor for comparing both sides' storage is identical, in the binding of relatively both sides storage
After the factor is identical and mutual authentication other side's identity passes through, generates cutting ferrule and simulate the safety for carrying out data security transmission between card
Transmission key (cutting ferrule end the first safe transmission key and simulation Card-terminal safe transmission key).
It is worth noting that if performing above-mentioned cutting ferrule and mould before cutting ferrule and simulation card establish secure connection
Quasi- card mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through, it is respectively stored in verification process raw
At binding factor bindings, then in the method one, cutting ferrule and simulation card mutual authentication other side's identity be cutting ferrule
With simulation card mutual authentication other side identity again.
Hereinafter, a kind of specific implementation of presentation mode one of the present invention:
Fig. 2 shows data interaction systems provided in an embodiment of the present invention to realize that cutting ferrule and simulation card establish secure connection
The flow chart of mode one, referring to fig. 2, cutting ferrule establish secure connection with simulation card and include:
Cutting ferrule sends to simulation card and is used to indicate the first secure connection for establishing secure connection instruction, wherein the first peace
Full link order includes: that cutting ferrule utilizes the simulation card public key in simulation card certificate to the first binding factor of cutting ferrule end and life
At the first connection random factor carry out the first connection ciphertext of encryption acquisition, cutting ferrule ties up cutting ferrule end first using cutting ferrule private key
Determine the factor and the first connection random factor carries out the first connection signature of signature acquisition;Specifically, cutting ferrule and simulation are being used
Before card carries out data interaction, optionally, secure connection is established between cutting ferrule and simulation card, to improve follow-up data friendship
Mutual safety.Wherein, cutting ferrule it is received be used to indicate establish the first secure connection instruction of secure connection can be individually to set
Set what the connection physical button on cutting ferrule generated, or can be generated for the connection virtual key on the touch screen of cutting ferrule, or
Person can correctly generate afterwards for start-up password verification, perhaps can will simulate generated after card is extracted from cutting ferrule or
It can be selection linkage function generation in the menu shown on cutting ferrule screen, or can be true to obtain cutting ferrule end in cutting ferrule
Real card image list, what user therefrom selected to generate after Truth cards.It is, of course, also possible to generated for other any modes,
In the present invention and with no restriction.Wherein, first the random number, random character or its that random factor can be cutting ferrule generation are connected
Combination after generation first connects random factor, can also verify the randomness of the first connection random factor certainly,
To improve the randomness of the first connection random factor, prevent from being cracked;Specifically, cutting ferrule is using simulation card public key to cutting ferrule end
First binding factor and the first connection random factor carry out being encrypted to ensure that the first binding factor of cutting ferrule end and the first connection
The safety of random factor transmission, cutting ferrule is using cutting ferrule private key to the first binding factor of cutting ferrule end and the first connection random factor
It signs, to guarantee that subsequent simulation card can authenticate the legitimacy of cutting ferrule identity.By cutting ferrule end first binding because
Son is sent to simulation card, the binding factor phase whether stored with it so as to subsequent simulation card to the first binding factor of cutting ferrule end
It is same to be judged, to judge whether the cutting ferrule is bound with the simulation card.Optionally, before this step, cutting ferrule inspection
After measuring simulation card, cutting ferrule, which may determine that, simulates card whether in the first list of bindings of cutting ferrule end, such as: it can be by such as
Under type is judged: being fastened in after detecting simulation card, is received the simulation card image that simulation card is sent and (such as simulate
Card unique identification and/or simulation card certificate etc.), according to the simulation card image received, whether judge the simulation card
In the first list of bindings of cutting ferrule end;And/or cutting ferrule can also be judged whether in simulation Card-terminal list of bindings by simulation card
In, such as: it can be judged in the following way: be fastened in after detecting simulation card, (such as cutting ferrule is unique by cutting ferrule information
Mark and/or cutting ferrule certificate etc.) it is sent to simulation card, card is simulated according to the cutting ferrule information received, judges that the cutting ferrule is
It is no simulation Card-terminal list of bindings in;Only after judging other side in the list of bindings of itself, follow-up process is just executed, it is excellent
Change process, improves efficiency.
It simulates card and receives the instruction of the first secure connection, the first connection ciphertext is decrypted using simulation card private key,
It obtains cutting ferrule end first and binds decryption factor and the first connection decryption random factor;Specifically, simulation card private key pair is utilized
First connection ciphertext is decrypted, if data transmission fault has occurred in the data transmission, or occurs in the data transmission
Distort, then will lead to can not successful decryption, or the cutting ferrule end first that decrypts bind decryption factor and the first connection with
Machine decryption factor is different from the first binding factor of cutting ferrule end and the first connection random factor.And it is carried out by simulation card public key
Encryption, only simulation card private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.
Simulate card using the cutting ferrule public key in cutting ferrule certificate, cutting ferrule end first bind decryption factor and the first connection with
Machine decryption factor verifies the first connection signature;Specifically, the signature that simulation card utilizes cutting ferrule public key to send cutting ferrule
It is verified, to ensure the legitimate origin of data.
After simulating the first connection of card verifying signature correctly, decryption factor and simulation Card-terminal are bound in verifying cutting ferrule end first
Whether binding factor is identical;Specifically, simulation card also verify the cutting ferrule end first that decrypts bind decryption factor whether with mould
Whether the simulation Card-terminal binding factor of quasi- card itself storage is identical, if identical, illustrates that this is fastened in and simulation card
Establish before secure connection, have been completed the operation of binding, be based on this, simulation card may determine that cutting ferrule whether with analog card
Piece is bound.
After simulation card verifying cutting ferrule end first binding decryption factor is identical as simulation Card-terminal binding factor, second is generated
Connect random factor;Specifically, random number, random character or its group that the second connection random factor can generate for analog card piece
It closes, certainly, after generation second connects random factor, the randomness of the second connection random factor can also be verified, with
The randomness for improving the second connection random factor, prevents from being cracked.
Simulate card using the cutting ferrule public key in cutting ferrule certificate to the first connection decryption random factor and the second connection with
The machine factor carries out encryption and obtains the second connection ciphertext, using simulation card private key to the first connection decryption random factor and second
Connection random factor carries out signature and obtains the second connection signature;Specifically, simulation card using cutting ferrule public key to first connection with
Machine decryption factor and the second connection random factor carry out being encrypted to ensure that the first connection decryption random factor and the second connection
The safety of random factor transmission, simulation card connect the first connection decryption random factor and second using simulation card private key
It connects random factor to sign, to guarantee that subsequent cutting ferrule can authenticate the legitimacy of simulation card identity.
It simulates card and sends the response of the first secure connection to cutting ferrule, wherein the response of the first secure connection includes: the second connection
Ciphertext and the second connection signature;Specifically, the second connection ciphertext and the second connection signature are sent to cutting ferrule by simulation card, with
Just cutting ferrule is decrypted and verifies to the data received.
Cutting ferrule receives the response of the first secure connection, is decrypted, is decrypted to the second connection ciphertext using cutting ferrule private key
The first connection decryption random factor and the second connection decryption random factor afterwards;Specifically, it is connected using cutting ferrule private key to second
Ciphertext is decrypted, if data transmission fault has occurred in the data transmission, or is distorted in the data transmission, then
Will lead to can not the first connection decryption random factor and the second connection decryption random factor and the after successful decryption, or decryption
One connection random factor and the second connection random factor are different.And encrypted by cutting ferrule public key, only cutting ferrule private key can be with
Successful decryption, thus it is also ensured that the safety of data deciphering.
Cutting ferrule utilizes the simulation card public key in simulation card certificate, the first connection decryption random factor after decryption and the
The two connection connection signatures of decryption random factor pair second are verified;Specifically, cutting ferrule is using simulation card public key to analog card
The signature that piece is sent is verified, to ensure the legitimate origin of data.
After cutting ferrule verifying the second connection signature is correct, the first connection decryption random factor after verifying decryption is connect with first
Whether random factor is identical;Specifically, the first connection random factor that cutting ferrule verifies itself generation is connect with first after decryption
The decryption random factor is identical, it is ensured that data are simultaneously not tampered with, and the data source encrypted is that cutting ferrule sends the first company really
Connect the object of random factor.
Cutting ferrule verifying decryption after first connection the decryption random factor with first connect random factor it is identical after, at least with
The second connection decryption random factor generates cutting ferrule and simulates cutting ferrule end the first safe transmission key between card;Simulate card at least
Cutting ferrule is generated using the second connection random factor and simulates the simulation Card-terminal safe transmission key between card.Specifically, cutting ferrule
It can use the second connection decryption random factor to generate cutting ferrule and simulate cutting ferrule end the first safe transmission key between card, it can also
Pacified with generating cutting ferrule using the first connection random factor, the second connection decryption random factor and simulating the cutting ferrule end first between card
Full transmission key can also be bound using the first connection random factor, the second connection decryption random factor and cutting ferrule end first
The factor generates cutting ferrule and simulates cutting ferrule end the first safe transmission key between card;Likewise, simulation card also can use the
Two connection random factors generate cutting ferrule and simulate the simulation Card-terminal safe transmission key between card, also can use the first connection
The decryption random factor, the second connection random factor generate cutting ferrule and simulate the simulation Card-terminal safe transmission key between card, also
Can use the first connection decryption random factor, second connection random factor and simulation Card-terminal binding factor generate cutting ferrule with
Simulate the simulation Card-terminal safe transmission key between card;As long as cutting ferrule and simulation card use the identical algorithm of identical parameter
Generate safe transmission key.It can be seen that in the present invention, safe transmission cryptographic key factor can connect at cutting ferrule end for second
Connect the decryption random factor or the second connection decryption random factor and the first connection random factor;Safe transmission cryptographic key factor
Simulation Card-terminal can for second connection random factor or second connection random factor and first connection decryption random because
Son.In addition, safe transmission key may include encryption and decryption key and/or check key, number can be participated in using encryption and decryption key
The safety that can guarantee data transmission according to transmission, the complete of data transmission can be guaranteed by participating in data transmission using check key
Property, in the present invention it is possible to safe transmission key is selectively used according to the safety grades of transmission data.
Certainly, in the present invention, simulation card generates between cutting ferrule and simulation card at least with the second connection random factor
The step of simulating Card-terminal safe transmission key is not limited to step in the method one, can also generate the in simulation card
Simulation Card-terminal safe transmission key is generated after two connection random factors, it can also be in the first connection after cutting ferrule verifies decryption
After the decryption random factor is identical as the first connection random factor, simulation Card-terminal peace is generated after receiving the successful information that cutting ferrule is sent
Full transmission key.
It can be seen that the safety of data transmission can be improved based on the secure connection that above-mentioned cutting ferrule and simulation card are established
Property, whether bound at the same time it can also verify both sides, further improves safety.
If cutting ferrule and simulation card are established before secure connection, perform above-mentioned manual binding and store binding factor etc.
Operation, then in the method one, cutting ferrule and simulation card are other than mutual authentication other side's identity, it is also necessary to mutual authentication other side
Certificate.
In addition, the invention is not limited to above-mentioned cutting ferrules to initiate the foundation of secure connection, it can also be triggered and be simulated by cutting ferrule
Card initiate secure connection foundation, at this point, by simulation card send the first secure connection instruct to cutting ferrule, other processes with it is upper
State flow implementation main body can be realized on the contrary, and this is no longer going to repeat them.
Mode two, cutting ferrule and simulation card mutual authentication other side identity (such as mutual authentication other side signed data), and
Safe transmission cryptographic key factor is generated during mutual authentication other side identity, after mutual authentication other side's identity passes through, at least with
The binding factor and safe transmission cryptographic key factor of storage generate cutting ferrule and simulate the safety for carrying out data security transmission between card
Transmission key (cutting ferrule end the first safe transmission key and simulation Card-terminal safe transmission key), and verify the safety of both sides' generation
Whether transmission key is identical.
It is worth noting that if performing above-mentioned cutting ferrule and mould before cutting ferrule and simulation card establish secure connection
Quasi- card mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through, it is respectively stored in verification process raw
At binding factor bindings, then in the method two, cutting ferrule and simulation card mutual authentication other side's identity be cutting ferrule
With simulation card mutual authentication other side identity again.
Hereinafter, a kind of specific implementation of presentation mode two of the present invention:
Fig. 3 shows data interaction system provided in an embodiment of the present invention and realizes that cutting ferrule and simulation card establish secure connection
The flow chart of mode two, referring to Fig. 3, cutting ferrule establishes secure connection with simulation card and includes:
Cutting ferrule receives the third connection random factor that the simulation card that simulation card is sent generates and simulation card is unique
Mark;Specifically, third connection random factor can be random number that analog card piece generates, random character or combinations thereof, certainly,
After generating third connection random factor, the randomness that can also connect random factor to third is verified, to improve third
The randomness for connecting random factor, prevents from being cracked.Before this step, simulation card generates third and connects random factor, In
After cutting ferrule detects the simulation card, the third is connected random factor with simulation card and simulation card unique identification is sent to
Cutting ferrule.
Cutting ferrule sends to simulation card and is used to indicate the second secure connection for establishing secure connection instruction, wherein the second peace
Full link order include: cutting ferrule unique identification, cutting ferrule using the simulation card public key in simulation card certificate to third connection with
The machine factor and the 4th connection random factor of generation carry out the third connection ciphertext of encryption acquisition, cutting ferrule utilizes cutting ferrule private key pair
Third connection random factor and the 4th connection random factor carry out the third connection signature of signature acquisition;Specifically, it is using
Before cutting ferrule and simulation card carry out data interaction, optionally, secure connection is established between cutting ferrule and simulation card, to improve
The safety of follow-up data interaction.Wherein, cutting ferrule it is received be used to indicate establish secure connection the second secure connection instruction can
Think what the connection physical button being provided separately on cutting ferrule generated, or can be the connection virtual key on the touch screen of cutting ferrule
Generation perhaps can be that start-up password verification correctly generates afterwards or can be raw after cutting ferrule extraction for that will simulate card
At, it is can perhaps being generated for selection linkage function in the menu that is shown on cutting ferrule screen or can be to be obtained in cutting ferrule
Cutting ferrule end Truth cards information list, what user therefrom selected to generate after Truth cards.It is, of course, also possible to be other any sides
What formula generated, in the present invention and with no restriction.Specifically, cutting ferrule using simulation card public key to third connect random factor with
And the 4th connection random factor generated carries out being encrypted to ensure that the 4th connection of third connection random factor and generation is random
The safety of factor transmission, cutting ferrule connect the 4th connection random factor of random factor and generation using cutting ferrule private key to third
It signs, to guarantee that subsequent simulation card can authenticate the legitimacy of cutting ferrule identity.In addition, the 4th connection it is random because
Son can be that random number, random character of cutting ferrule generation or combinations thereof after generating the 4th connection random factor, may be used also certainly
It is verified with the randomness to the 4th connection random factor, to improve the randomness of the 4th connection random factor, prevents from being broken
Solution;Optionally, before this step, after cutting ferrule receives simulation card unique identification, cutting ferrule can be according to simulation card only
One mark judges to simulate card whether in the first list of bindings of cutting ferrule end, only ties up in judgement simulation card at cutting ferrule end first
After determining in list, follow-up process is just executed, process is optimized, improves efficiency.
It simulates card and receives the instruction of the second secure connection, judge cutting ferrule unique identification whether in simulation Card-terminal list of bindings
In;Specifically, whether simulation card judges the cutting ferrule in simulation Card-terminal list of bindings according to the cutting ferrule unique identification received
In;Only after judgement is fastened in simulation Card-terminal list of bindings, follow-up process is just executed, process is optimized, improves effect
Rate.
If cutting ferrule unique identification, in simulation Card-terminal list of bindings, simulation card is using simulation card private key to third
Connection ciphertext is decrypted, and obtains the third connection decryption random factor and the 4th connection decryption random factor;Specifically, it utilizes
Third connection ciphertext is decrypted in simulation card private key, if data transmission fault has occurred in the data transmission, Huo Zhe
Data transmission in distorted, then will lead to can not successful decryption, or obtain third connection the decryption random factor and
The 4th connection decryption random factor connects random factor from third and the 4th connection random factor is different.And pass through simulation card
Public key is encrypted, and only simulation card private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.
It simulates card and connects the decryption random factor and the 4th connection at random using the cutting ferrule public key in cutting ferrule certificate, third
Decryption factor verifies third connection signature;Specifically, the signature that simulation card sends cutting ferrule using cutting ferrule public key into
Row verifying, to ensure the legitimate origin of data.
After simulating card verifying third connection signature correctly, the verifying third connection decryption random factor is connect at random with third
Whether the factor is identical;Specifically, the third connection random factor that simulation card verifies itself generation connect decryption random with third
The factor is identical, it is ensured that data are simultaneously not tampered with, and encrypt data source really be simulation card send third connection with
The object of the machine factor.
If it is identical as third connection random factor that third connects the decryption random factor, simulation card is private using simulation card
Key connects the decryption random factor to third and the 4th connection decryption random factor carries out the 4th connection of signature acquisition and signs;Specifically
Ground, simulation card connects the decryption random factor to third using simulation card private key and the 4th connection decryption random factor carries out
Signature, to guarantee that subsequent cutting ferrule can authenticate the legitimacy of simulation card identity.
It simulates card and sends the response of the second secure connection to cutting ferrule, wherein the response of the second secure connection includes: the 4th connection
Signature;Specifically, the 4th connection signature is sent to cutting ferrule by simulation card, so that cutting ferrule verifies the data received.
Cutting ferrule receive the second secure connection response, using simulation card certificate in simulation card public key, third connection with
The machine factor and the 4th connection random factor verify the 4th connection signature;Specifically, cutting ferrule utilizes simulation card public key pair
The signature that simulation card is sent is verified, to ensure the legitimate origin of data.
After the 4th connection signature of cutting ferrule verifying is correct, bound at least with the 4th connection random factor and cutting ferrule end first
The factor generates cutting ferrule and simulates cutting ferrule end the first safe transmission key between card;It is random at least with the 4th connection to simulate card
Decryption factor and simulation Card-terminal binding factor generate cutting ferrule and simulate the simulation Card-terminal safe transmission key between card;Tool
Body, cutting ferrule can use the 4th connection random factor and the first binding factor of cutting ferrule end generates between cutting ferrule and simulation card
Cutting ferrule end the first safe transmission key also can use third connection random factor, the 4th connection random factor and cutting ferrule end
First binding factor generates cutting ferrule and simulates cutting ferrule end the first safe transmission key between card;Likewise, simulation card can also
To generate cutting ferrule using the 4th connection decryption random factor and simulation Card-terminal binding factor and simulate the analog card between card
Bit end safe transmission key also can use third connection random factor, the 4th connection decryption random factor and simulation card
It holds binding factor to generate cutting ferrule and simulates the simulation Card-terminal safe transmission key between card;As long as cutting ferrule and simulation card use
The identical algorithm of identical parameter generates safe transmission key.It can be seen that in the present invention, safe transmission cryptographic key factor
At cutting ferrule end random factor and the 4th connection random factor can be connected for the 4th connection random factor or third;Safety
The transmission key factor can connect random factor and the in simulation Card-terminal for the 4th connection decryption random factor or third
The four connection decryption random factors.In addition, safe transmission key may include encryption and decryption key and/or check key, solved using adding
Key, which can participate in data transmission, can guarantee the safety of data transmission, and participating in data transmission using check key can protect
Demonstrate,prove the integrality of data transmission, in the present invention it is possible to selectively use safe biography according to the safety grades of transmission data
Defeated key.
Cutting ferrule utilizes the first safe transmission of cutting ferrule end key pair third connection random factor and the 4th connection random factor
Simulation card is sent to after carrying out the first processing;Card is simulated to connect at random using simulation Card-terminal safe transmission key pair third
Decryption factor and the 4th connection decryption random factor are sent to cutting ferrule after carrying out the first processing;Specifically, both sides are using respectively
The safe transmission data key of generation is sent to other side after carrying out the first processing, passes so that other side verifies the safety that both sides generate
Whether defeated key is identical.
Cutting ferrule receives the data that simulation card is sent, and the data received using cutting ferrule end the first safe transmission key pair
Carry out second processing, the data after comparing second processing connect with third random factor and the 4th connect random factor whether phase
Together;It simulates card and receives the data that cutting ferrule is sent, and carried out using the data that simulation Card-terminal safe transmission key pair receives
Second processing, the data after comparing second processing connect the decryption random factor with third and the 4th connection decryption random factor is
It is no identical.Specifically, after both sides carry out second processing using the data that the safe transmission key pair of each self-generating receives, respectively
Whether the data after comparing second processing are identical as the data respectively sent, if identical, the safety for illustrating that both sides generate is passed
Defeated key is identical, to guarantee that the subsequent safe transmission key that can use each self-generating of both sides carries out data security transmission.Separately
Outside, the safe transmission key generated in verifying both sides is identical it is also possible to verify the binding factor that respectively stores identical, into
It is true bound object that one step, which demonstrate,proves other side, further increases the safety of subsequent data transmission.
Certainly, in the present invention, simulation card generates the step of simulating Card-terminal safe transmission key and is not limited to we
It is close can also to generate simulation Card-terminal safe transmission after decryption obtains the 4th connection decryption random factor for step in formula two
Key, can also be after the 4th connection signature that cutting ferrule verifies simulation card transmission be errorless, after receiving the successful information that cutting ferrule is sent
Generate simulation Card-terminal safe transmission key;The step of cutting ferrule generation the first safe transmission of cutting ferrule end key, is also not limited to we
Step in formula two can also generate the first safe transmission of cutting ferrule end key after cutting ferrule generates the 4th connection random factor.
It can be seen that the safety of data transmission can be improved based on the secure connection that above-mentioned cutting ferrule and simulation card are established
Property, whether bound at the same time it can also verify both sides, further improves safety.
If cutting ferrule and simulation card are established before secure connection, perform above-mentioned manual binding and store binding factor etc.
Operation, then in the method two, cutting ferrule and simulation card are other than mutual authentication other side's identity, it is also necessary to mutual authentication other side
Certificate.
In addition, the invention is not limited to above-mentioned cutting ferrules to initiate the foundation of secure connection, it can also be triggered and be simulated by cutting ferrule
Card initiate secure connection foundation, at this point, by simulation card send the second secure connection instruct to cutting ferrule, other processes with it is upper
State flow implementation main body can be realized on the contrary, and this is no longer going to repeat them.
Certainly, cutting ferrule is being generated in aforesaid way one and mode two and is simulating the peace of progress data security transmission between card
During full transmission key, the binding factor used is cutting ferrule and the binding simulating card and generate and save in binding procedure
The factor, the binding factor can be for by above-mentioned cutting ferrules and simulation card mutual authentication other side certificate and other side's identity, and double
After just certification passes through, it is respectively stored in the binding factor generated in verification process, or can be to pass through the side bound manually
The binding factor that formula is inputted and stored.
In addition, being adopted in aforesaid way one and mode two if being not carried out bindings between cutting ferrule and simulation card
Binding factor can be the random value being manually entered during establishing secure connection;Or establishing secure connection process
In, safe transmission key is only generated by random factor, not binding factor verify or does not use binding factor raw
At safe transmission key.
2, cutting ferrule and Truth cards manager establish secure connection, obtain and are counted between cutting ferrule and Truth cards manager
According to cutting ferrule end the second safe transmission key and Truth cards manager end safe transmission key of safe transmission:
In the present invention, cutting ferrule and Truth cards manager can establish in the following way secure connection:
Mode one, cutting ferrule and Truth cards manager mutual authentication other side's identity, and in the mistake of mutual authentication other side's identity
Cheng Zhong, whether the binding factor for comparing both sides' storage is identical, and mutual authentication pair identical in the binding factor of relatively both sides storage
After square identity passes through, the safe transmission key (cutting ferrule that data security transmission is carried out between cutting ferrule and Truth cards manager is generated
Hold the second safe transmission key and Truth cards manager end safe transmission key).
It is worth noting that if performing above-mentioned card before cutting ferrule and Truth cards manager establish secure connection
Set and Truth cards manager mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through, respectively it is stored in
The bindings of the binding factor generated in verification process, then in the method one, cutting ferrule is recognized mutually with Truth cards manager
Card other side's identity is cutting ferrule and Truth cards manager mutual authentication other side identity again.
Cutting ferrule and Truth cards manager employing mode one establish the scheme of secure connection and cutting ferrule is used with simulation card
The scheme difference that mode one establishes secure connection is only that:
First is that executing subject is different: establishing the scheme of secure connection in cutting ferrule and Truth cards manager employing mode one
In, executing subject is cutting ferrule and Truth cards manager;The side of secure connection is established in cutting ferrule and simulation card employing mode one
In case, executing subject is cutting ferrule and simulation card.Wherein, it is fastened in execute in the two schemes and operates identical, Truth cards pipe
It reason device and simulates card to execute operation in the two schemes identical.
Second is that the generating mode of secure connection instruction is different: establishing and pacify in cutting ferrule and Truth cards manager employing mode one
In the scheme connected entirely, the instruction of third secure connection can be that the connection physical button being provided separately on cutting ferrule generates, or
What person can generate for the connection virtual key on the touch screen of cutting ferrule, or can correctly be generated afterwards for start-up password verification,
Perhaps being generated when can be cutting ferrule send logging request to Truth cards manager or can be to be shown on cutting ferrule screen
Menu in selection linkage function generate.
Hereinafter, the scheme for only establishing secure connection with Truth cards manager employing mode one to cutting ferrule is briefly described
As follows, this will not be detailed here.
Fig. 4 shows data interaction system provided in an embodiment of the present invention and realizes that cutting ferrule and Truth cards manager establish peace
The flow chart of full connection type one, referring to fig. 4, cutting ferrule establishes secure connection with Truth cards manager and includes:
Cutting ferrule is sent to Truth cards manager is used to indicate the third secure connection for establishing secure connection instruction, wherein
The instruction of third secure connection includes: that cutting ferrule utilizes the Truth cards manager public key in Truth cards manager certificate to cutting ferrule end
Second binding factor and the 5th connection random factor of generation carry out the 5th connection ciphertext of encryption acquisition, and cutting ferrule utilizes cutting ferrule
The 5th connection that private key carries out signature acquisition to the second binding factor of cutting ferrule end and the 5th connection random factor is signed;
Truth cards manager receives the instruction of third secure connection, close to the 5th connection using Truth cards manager private key
Text is decrypted, and obtains cutting ferrule end second and binds decryption factor and the 5th connection decryption random factor;
Truth cards manager binds decryption factor and the 5th using the cutting ferrule public key in cutting ferrule certificate, cutting ferrule end second
The connection connection signature of decryption random factor pair the 5th is verified;
After the 5th connection signature of Truth cards manager verifying is correct, decryption factor and true is bound at verifying cutting ferrule end second
Whether card management device end binding factor is identical;
Truth cards manager verifies cutting ferrule end second and binds decryption factor and Truth cards manager end binding factor phase
With after, the 6th connection random factor is generated;
Truth cards manager is using the cutting ferrule public key in cutting ferrule certificate to the 5th connection decryption random factor and the 6th
Connection random factor carries out encryption and obtains the 6th connection ciphertext, using Truth cards manager private key to the 5th connection decryption random
The factor and the 6th connection random factor carry out signature and obtain the 6th connection signature;
Truth cards manager sends the response of third secure connection to cutting ferrule, wherein the response of third secure connection includes: the
Six connection ciphertexts and the 6th connection signature;
Cutting ferrule receives the response of third secure connection, is decrypted, is decrypted to the 6th connection ciphertext using cutting ferrule private key
The 5th connection decryption random factor and the 6th connection decryption random factor afterwards;
Cutting ferrule is random using the Truth cards manager public key in Truth cards manager certificate, the 5th connection after decryption
Decryption factor and the 6th connection connection signature of decryption random factor pair the 6th are verified;
After the 6th connection signature of cutting ferrule verifying is correct, the 5th connection decryption random factor after verifying decryption is connect with the 5th
Whether random factor is identical;
Cutting ferrule verifying decryption after the 5th connection the decryption random factor with the 5th connect random factor it is identical after, at least with
The 6th connection decryption random factor generates cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;True card
Piece manager generates the Truth cards manager end between cutting ferrule and Truth cards manager at least with the 6th connection random factor
Safe transmission key.
Certainly, in the present invention, Truth cards manager generates cutting ferrule and true card at least with the 6th connection random factor
The step of Truth cards manager end safe transmission key between piece manager, is not limited to the step in the method one, may be used also
To generate Truth cards manager end safe transmission key after Truth cards manager generates the 6th connection random factor,
Cutting ferrule hair can be received after the 5th connection decryption random factor after cutting ferrule verifies decryption is identical as the 5th connection random factor
Truth cards manager end safe transmission key is generated after the successful information sent.
It can be seen that data transmission can be improved based on the secure connection that above-mentioned cutting ferrule and Truth cards manager are established
Safety further improve safety at the same time it can also verify whether both sides are bound.
If cutting ferrule and Truth cards manager are established before secure connection, performs above-mentioned manual binding and store binding
The operation such as factor, then in the method one, cutting ferrule and Truth cards manager are other than mutual authentication other side's identity, it is also necessary to
Mutual authentication other side's certificate.
In addition, the invention is not limited to above-mentioned cutting ferrules to initiate the foundation of secure connection, can also be triggered by cutting ferrule true
Card management device initiates the foundation of secure connection, instructs at this point, sending third secure connection by Truth cards manager to cutting ferrule,
Other processes are opposite with above-mentioned flow implementation main body to be can be realized, and this is no longer going to repeat them.
Mode two, cutting ferrule and Truth cards manager mutual authentication other side's identity, and in mutual authentication other side's identity process
Middle generation safe transmission cryptographic key factor, after mutual authentication other side's identity passes through, at least with the binding factor and safety of storage
The transmission key factor generates safe transmission key (the cutting ferrule end that data security transmission is carried out between cutting ferrule and Truth cards manager
Second safe transmission key and Truth cards manager end safe transmission key), and verify the safe transmission key of both sides' generation
It is whether identical.
It is worth noting that if performing above-mentioned card before cutting ferrule and Truth cards manager establish secure connection
Set and Truth cards manager mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through, respectively it is stored in
The bindings of the binding factor generated in verification process, then in the method two, cutting ferrule is recognized mutually with Truth cards manager
Card other side's identity is cutting ferrule and Truth cards manager mutual authentication other side identity again.
Cutting ferrule and Truth cards manager employing mode two establish the scheme of secure connection and cutting ferrule is used with simulation card
The scheme difference that mode two establishes secure connection is only that:
First is that executing subject is different: establishing the scheme of secure connection in cutting ferrule and Truth cards manager employing mode two
In, executing subject is cutting ferrule and Truth cards manager;The side of secure connection is established in cutting ferrule and simulation card employing mode two
In case, executing subject is cutting ferrule and simulation card.Wherein, it is fastened in execute in the two schemes and operates identical, Truth cards pipe
It reason device and simulates card to execute operation in the two schemes identical.
Second is that the generating mode of secure connection instruction is different: establishing and pacify in cutting ferrule and Truth cards manager employing mode two
In the scheme connected entirely, the instruction of the 4th secure connection can be that the connection physical button being provided separately on cutting ferrule generates, or
What person can generate for the connection virtual key on the touch screen of cutting ferrule, or can correctly be generated afterwards for start-up password verification,
Perhaps being generated when can be cutting ferrule send logging request to Truth cards manager or can be to be shown on cutting ferrule screen
Menu in selection linkage function generate.
Hereinafter, the scheme for only establishing secure connection with Truth cards manager employing mode two to cutting ferrule is briefly described
As follows, this will not be detailed here.
Fig. 5 shows data interaction system provided in an embodiment of the present invention and realizes that cutting ferrule and Truth cards manager establish peace
The flow chart of full connection type two, referring to Fig. 5, cutting ferrule establishes secure connection with Truth cards manager and includes:
Cutting ferrule receives the 7th connection random factor that the Truth cards manager that Truth cards manager is sent generates and true
Real card management device unique identification;
Cutting ferrule is sent to Truth cards manager is used to indicate the 4th secure connection for establishing secure connection instruction, wherein
The instruction of 4th secure connection includes: that cutting ferrule unique identification, cutting ferrule utilize the Truth cards management in Truth cards manager certificate
Device public key to the 7th connection random factor and generation the 8th connection random factor carry out encryption acquisition the 7th connection ciphertext,
Cutting ferrule carries out the 7th connection of signature acquisition using cutting ferrule private key to the 7th connection random factor and the 8th connection random factor
Signature;
Whether Truth cards manager receives the instruction of the 4th secure connection, judge cutting ferrule unique identification in Truth cards management
In the list of bindings of device end;
If cutting ferrule unique identification, in the list of bindings of Truth cards manager end, Truth cards manager utilizes true card
The 7th connection ciphertext is decrypted in piece manager private key, obtains the 7th connection decryption random factor and the 8th connection RANDOM SOLUTION
The close factor;
Truth cards manager utilizes cutting ferrule public key, the 7th connection decryption random factor and the 8th company in cutting ferrule certificate
The connection signature of decryption random factor pair the 7th is connect to be verified;
After the 7th connection signature of Truth cards manager verifying is correct, the 7th connection decryption random factor of verifying connects with the 7th
Whether identical connect random factor;
If the 7th connection decryption random factor is identical as the 7th connection random factor, Truth cards manager is using really
Card management device private key carries out signature and obtains the 8th to the 7th connection decryption random factor and the 8th connection decryption random factor
Connection signature;
Truth cards manager sends the response of the 4th secure connection to cutting ferrule, wherein the response of the 4th secure connection includes: the
Eight connection signatures;
Cutting ferrule receives the response of the 4th secure connection, public using the Truth cards manager in Truth cards manager certificate
Key, the 7th connection random factor and the 8th connection random factor verify the 8th connection signature;
After the 8th connection signature of cutting ferrule verifying is correct, bound at least with the 8th connection random factor and cutting ferrule end second
The factor generates cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;Truth cards manager at least with
The 8th connection decryption random factor and Truth cards manager end binding factor generate between cutting ferrule and Truth cards manager
Truth cards manager end safe transmission key;
Cutting ferrule connects random factor and the 8th connection random factor using the second safe transmission of cutting ferrule end key pair the 7th
Truth cards manager is sent to after carrying out the first processing;Truth cards manager utilizes Truth cards manager end safe transmission
Key pair the 7th is sent to cutting ferrule after connecting the decryption random factor and the 8th connection decryption random factor the first processing of progress;
Cutting ferrule receives the data that Truth cards manager is sent, and is received using cutting ferrule end the second safe transmission key pair
Data carry out second processing, data after comparing second processing connect random factor with the 7th and the 8th connect random factor
It is whether identical;Truth cards manager receives the data that cutting ferrule is sent, and utilizes Truth cards manager end safe transmission key
Second processing is carried out to the data received, the data after comparing second processing connect the decryption random factor and the 8th with the 7th
Whether identical connect the decryption random factor.
It can be seen that data transmission can be improved based on the secure connection that above-mentioned cutting ferrule and Truth cards manager are established
Safety further improve safety at the same time it can also verify whether both sides are bound.
Certainly, the present invention in, Truth cards manager generate Truth cards manager end safe transmission key the step of simultaneously
The step being not limited in the method two can also generate Truth cards pipe after decryption obtains the 8th connection decryption random factor
Device end safe transmission key is managed, can also be connect after the 8th connection signature that cutting ferrule verifies the transmission of Truth cards manager is errorless
Truth cards manager end safe transmission key is generated after receiving the successful information that cutting ferrule is sent;Cutting ferrule generates the second safety of cutting ferrule end
The step of transmission key, is also not limited to the step in the method two, can also be raw after cutting ferrule generates the 8th connection random factor
At cutting ferrule end the second safe transmission key.
If cutting ferrule and Truth cards manager are established before secure connection, performs above-mentioned manual binding and store binding
The operation such as factor, then in the method two, cutting ferrule and Truth cards manager are other than mutual authentication other side's identity, it is also necessary to
Mutual authentication other side's certificate.
In addition, the invention is not limited to above-mentioned cutting ferrules to initiate the foundation of secure connection, can also be triggered by cutting ferrule true
Card management device initiates the foundation of secure connection, instructs at this point, sending the 4th secure connection by Truth cards manager to cutting ferrule,
Other processes are opposite with above-mentioned flow implementation main body to be can be realized, and this is no longer going to repeat them.
Certainly, progress data safety biography between cutting ferrule and Truth cards manager is being generated in aforesaid way one and mode two
During defeated safe transmission key, the binding factor used generates in binding procedure for cutting ferrule and Truth cards manager
And the binding factor saved, the binding factor can be to pass through above-mentioned cutting ferrule and Truth cards manager mutual authentication other side's certificate
And other side's identity, and after both sides authenticate and pass through, it is respectively stored in the binding factor generated in verification process, or can be
The binding factor for inputting and storing by way of binding manually.
In addition, if being not carried out bindings between cutting ferrule and Truth cards manager, aforesaid way one and mode
The binding factor used in two can be the random value that is manually entered during establishing secure connection;Or connect establishing safety
In termination process, safe transmission key is only generated by random factor, not binding factor is carried out to verify or do not use binding
The factor generates safe transmission key.
In addition, establishing secure connection in cutting ferrule of the present invention and Truth cards manager, cutting ferrule and Truth cards management are obtained
Cutting ferrule end the second safe transmission key and Truth cards manager end safe transmission key of data security transmission are carried out between device
Before, cutting ferrule sends logging request to Truth cards manager;Specifically, logging request can be to be provided separately on cutting ferrule
Log in physical button generate, perhaps can be on the touch screen of cutting ferrule logins virtual key generation or can be switched on
What password authentification correctly generated afterwards, or can be that selection login function generates in the menu shown on cutting ferrule screen;It steps on
Record request may include cutting ferrule unique identification, so that Truth cards manager knows which cutting ferrule request is logged in.
Logging request is sent to Truth cards manager in cutting ferrule, cutting ferrule and Truth cards manager establish secure connection,
Obtain cutting ferrule end the second safe transmission key that data security transmission is carried out between cutting ferrule and Truth cards manager and true card
After the safe transmission key of piece manager end:
The login password that cutting ferrule is received by cutting ferrule end the second safe transmission key pair is sent to after carrying out the first processing
Truth cards manager;Specifically, cutting ferrule can also prompt user to input login password, after user has input login password,
Truth cards manager, Ke Yiti are sent to after carrying out the first processing using cutting ferrule end the second safe transmission key pair login password
The safety of high login password transmission.
Truth cards manager receives the data that cutting ferrule is sent, and is docked using Truth cards manager end safe transmission key
The correctness of the data after second processing is verified after the data progress second processing received;Specifically, Truth cards manager benefit
After carrying out second processing with the data that Truth cards manager end safe transmission key pair cutting ferrule is sent, stepping on for user's input is obtained
Password is recorded, is compared with the legal login password that it is stored, it is legal only to store in the login password of user's input with it
When login password is identical, just cutting ferrule is allowed to log in Truth cards manager, improves login security, guarantee subsequent data transmission
Safety.If Truth cards manager has warning function in the present invention, can be set in Truth cards manager in advance
Legal login password and legal alarm cipher are set, at this point, Truth cards manager utilizes Truth cards manager end safe transmission
After the data that key pair receives carry out second processing, password to be verified is obtained;Truth cards manager judges password to be verified
It whether is alarm cipher;If password to be verified is alarm cipher, Truth cards manager determines that password authentification to be verified is logical
It crosses, and executes alarm operation;If password to be verified is not alarm cipher and is login password, Truth cards manager is determined
Password authentification to be verified passes through.It is true to block when the login password of user's input is alarm cipher due to being provided with alarm cipher
Piece manager can identify it is current log in that there are security risks, and execute alarm operation (such as Truth cards manager sent
Alarm message is dialed the police emergency number to law enforcement agency etc.).
For Truth cards manager after verifying the data after second processing and passing through, cutting ferrule logs in Truth cards manager.
It can be seen that cutting ferrule initiates to log in advance before the secure connection established between cutting ferrule and Truth cards manager
It requests, and triggers the foundation of secure connection while cutting ferrule sends logging request, and after secure connection foundation, it is close to logging in
Code is verified, and process can be saved, and improves processing speed.
Four, it binds:
In order to further increase the safety of data interaction, before cutting ferrule and simulation card establish secure connection, may be used also
To include: the process of cutting ferrule and simulation card execution bindings;
It can also include: cutting ferrule and Truth cards management before cutting ferrule and Truth cards manager establish secure connection
The process of device execution bindings.
Certainly, above-mentioned two process may be performed simultaneously, execution when can also be different, and can only execute one of stream
Journey, can also two processes be performed both by.
1, cutting ferrule and simulation card execute bindings:
In the present invention, cutting ferrule can be bound in the following way with simulation card:
Cutting ferrule and simulation card mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through, respectively deposit
Store up the binding factor generated in verification process.
Hereinafter, providing the specific implementation of a kind of cutting ferrule and simulation card execution bindings:
Fig. 6 shows data interaction system provided in an embodiment of the present invention and realizes that cutting ferrule and simulation card execute bindings
Flow chart, referring to Fig. 6, cutting ferrule with simulation card execute bindings include:
Cutting ferrule receives the trigger command for being used to indicate and being bound with simulation card;It specifically, can before cutting ferrule use
To execute power-on operation to cutting ferrule in advance, at this point, optionally, cutting ferrule prompts user to input startup password, and user's input is received
Startup password, verify user input startup password correctness, verifying user input startup password it is correct after, execute
Power-on operation, cutting ferrule enter operating mode.Before carrying out data interaction using cutting ferrule and simulation card, optionally, by cutting ferrule
It is bound with simulation card, to improve the safety of follow-up data interaction.Wherein, cutting ferrule is received is used to indicate cutting ferrule and mould
The trigger command that quasi- card is bound can be that the binding physical key being provided separately on cutting ferrule generates, or can be
What the binding virtual key on the touch screen of cutting ferrule generated, it is perhaps can correctly being generated afterwards for start-up password verification or can be with
It will simulate after card is inserted into cutting ferrule and generate, or can be to select binding function in the menu shown on cutting ferrule screen
It generates, it is, of course, also possible to generated for other any modes, in the present invention and with no restriction.
Cutting ferrule is instructed to the first binding of transmission of simulation card, wherein first, which binds instruction includes: cutting ferrule generation first, ties up
Determine random factor, cutting ferrule certificate and cutting ferrule unique identification;Specifically, cutting ferrule can be connected by contact (passes through contact
Interface) to simulation card send the first binding instruction, cutting ferrule can also by contactless connection (by non-contact interface or
Person's wireless interface) to transmission the first binding instruction of simulation card, binding safety can be improved in the former, and binding can be improved in the latter
Convenience.The first binding random factor is carried in first binding instruction can prevent Replay Attack, carry in the first binding instruction
Cutting ferrule certificate authenticates to simulate card to cutting ferrule, carries cutting ferrule unique identification in the first binding instruction to simulate card
Know which cutting ferrule is bound with it;Wherein, first the random number, random character or its that random factor can be cutting ferrule generation are bound
Combination after random factor is bound in generation first, can also verify the randomness of the first binding random factor certainly,
To improve the randomness of the first binding random factor, prevent from being cracked;Cutting ferrule unique identification can be known for cutting ferrule sequence number, equipment
Other code, MAC Address etc. are any or combinations thereof with the mark of unique identification cutting ferrule.
It simulates card and receives the first binding instruction, cutting ferrule certificate is verified using root certificate;Specifically, card is simulated
Root certificate is stored in advance, the verifying to cutting ferrule certificate is completed using the root certificate, to guarantee the subsequent safety using cutting ferrule certificate
Property.
After simulation card verifying cutting ferrule certificate is legal, the second binding random factor is generated;Specifically, second binding it is random because
Son can be random number, random character of the generation of analog card piece or combinations thereof;Certainly, after random factor is bound in generation second,
The randomness of second binding random factor can also be verified, to improve the randomness of the second binding random factor, be prevented
It is cracked.
Simulate card using the cutting ferrule public key in cutting ferrule certificate it is random to the first binding random factor and the second binding because
Son carries out encryption and obtains the first binding ciphertext, random to the first binding random factor and the second binding using simulation card private key
The factor carries out signature and obtains the first binding signature;Specifically, simulation card using cutting ferrule public key to first binding random factor with
And second binding random factor be encrypted to ensure that the peace of the first binding random factor and the second binding random factor transmission
Quan Xing, simulation card sign to the first binding random factor and the second binding random factor using simulation card private key,
To guarantee that subsequent cutting ferrule can authenticate the legitimacy of simulation card identity.
It simulates card and sends the first binding response to cutting ferrule, wherein the first binding response includes: the first binding ciphertext, the
One binding signature, simulation card certificate and simulation card unique identification;Specifically, the first binding response that simulation card is sent
Middle carrying simulation card certificate authenticates simulation card so as to cutting ferrule, and simulation card is carried in the first binding response and is uniquely marked
Know so that cutting ferrule knows which simulation card is bound with it;Wherein, simulation card unique identification can for analog card piece sequence number,
Any or combinations thereof mark with unique identification simulation card such as EIC equipment identification code, MAC Address.
Cutting ferrule receives the first binding response, is verified using root certificate to simulation card certificate;Specifically, cutting ferrule is preparatory
Root certificate is stored, completes the verifying to simulation card certificate using the root certificate, to guarantee that subsequent use simulates card certificate
Safety.
After cutting ferrule verifying simulation card certificate is legal, the first binding ciphertext is decrypted using cutting ferrule private key, obtains the
The one binding decryption random factor and the second binding decryption random factor;Specifically, using cutting ferrule private key to first binding ciphertext into
Row decryption, if data transmission fault has occurred in the data transmission, or is distorted in the data transmission, then will lead to
Can not successful decryption, or decrypt first binding the decryption random factor and second binding the decryption random factor tied up with first
Determine random factor and the second binding random factor is different.And encrypted by cutting ferrule public key, only cutting ferrule private key can be at
Function decryption, thus it is also ensured that the safety of data deciphering.
Cutting ferrule utilizes simulation card public key, the first binding decryption random factor and the second binding in simulation card certificate
The binding signature of decryption random factor pair first is verified;Specifically, cutting ferrule utilizes the simulation card public key pair after being verified
The signature that simulation card is sent is verified, to ensure the legitimate origin of data.
After cutting ferrule verifying the first binding signature is correct, the first binding decryption random factor of verifying and the first binding random factor
It is whether identical;Specifically, cutting ferrule verifies the first binding random factor itself generated and the first binding decryption random factor is identical,
The data source that can guarantee data and be not tampered with, and encrypt is the object that cutting ferrule sends the first binding random factor really.
After the first binding decryption random factor of cutting ferrule verifying is identical as the first binding random factor, prompt simulation card unique
Mark;Specifically, cutting ferrule can show simulation card unique identification, can also be played with voice (such as loudspeaker play or pass through
Headset earpiece broadcasting etc.) simulation card unique identification, so that authenticity of the user to simulation card confirms that raising binding is pacified
Quan Xing.
Cutting ferrule is received for confirming the simulation correct trigger command of card unique identification, is bound using cutting ferrule private key to first
Random factor and the second binding decryption random factor are signed, and obtain the second binding signature, and storage simulation card is only
One mark simulates card certificate and the first binding factor of cutting ferrule end to the first list of bindings of cutting ferrule end, wherein cutting ferrule end first
Binding factor is the second binding decryption random factor;Specifically, cutting ferrule is received for confirming that simulation card unique identification is correct
Trigger command can be that the confirmation physical button being provided separately on cutting ferrule generates, or can be on the touch screen of cutting ferrule
Confirm virtual key generate, in the menu perhaps shown on cutting ferrule screen select confirmation function generation or can be
Voice that the voice acquisition device (such as Mike) of cutting ferrule receives confirmation indicates and generates when being verified rear, or can be with
It receives fingerprint identification for the fingerprint acquisition device of cutting ferrule and indicates and generate after being verified, or can be the iris of cutting ferrule
Acquisition device receives iris confirmation and indicates and generate after being verified, it is, of course, also possible to generated for other any modes,
In the present invention and with no restriction;Using cutting ferrule private key to first binding random factor and second binding the decryption random factor into
Row signature authenticates the identity of cutting ferrule so as to subsequent simulation card;Certainly, cutting ferrule can also store the binding of cutting ferrule end first
List, first list of bindings of cutting ferrule end are used to record the relevant information with the simulation card of cutting ferrule binding, such as: simulation card
Unique identification, simulation card certificate etc., in addition, the first list of bindings of cutting ferrule end is also used to store the first binding factor of cutting ferrule end,
First binding factor of cutting ferrule end is the second binding random factor of ciphertext transmission, is that ciphertext passes based on the second binding random factor
Defeated, therefore, which is safety and is not tampered with.
Cutting ferrule sends the second binding signature to simulation card;Specifically, cutting ferrule sends the second binding signature to simulation card,
It is authenticated to simulate card to cutting ferrule identity.
Simulate card receive second binding signature, using in cutting ferrule certificate cutting ferrule public key, first binding random factor with
And second binding random factor to second binding signature verify;Specifically, simulation card utilizes the cutting ferrule after being verified
The signature that public key sends cutting ferrule is verified, to ensure the legitimate origin of data.
After simulating the second binding of card verifying signature correctly, storage cutting ferrule unique identification, cutting ferrule certificate and simulation card
Hold binding factor to simulation Card-terminal list of bindings, wherein simulation Card-terminal binding factor is the second binding random factor.Specifically
Ground, simulation card can also store simulation Card-terminal list of bindings, and the simulation Card-terminal list of bindings is for record and analog card
The relevant information of the cutting ferrule of piece binding, such as: cutting ferrule unique identification, cutting ferrule certificate etc., in addition, simulation Card-terminal list of bindings is also
For store simulate Card-terminal binding factor, the simulation Card-terminal binding factor be simulate card generate second bind it is random because
Son.
It can be seen that based on above-mentioned cutting ferrule and simulation card bound, it is ensured that subsequent cutting ferrule and simulation card it
Between data interaction safety.
In addition, the step of above-mentioned cutting ferrule and simulation card execute the operation of binding not necessarily, according to different application scene
Demand, can choose do not execute above-mentioned cutting ferrule and simulate card execute binding operation.
Certainly, above-mentioned cutting ferrule and simulation card execute the operation of binding, it is not limited to the implementation of above-mentioned offer, example
The mark of simulation card to be bound using binding manually, i.e., under trusted context, can also be such as inputted on cutting ferrule as card
The first binding factor of end is covered, the mark of simulation card default simulation card is as simulation Card-terminal binding factor;Or by cutting ferrule
Contact connection is carried out with simulation card, any random value is inputted on cutting ferrule as the first binding factor of cutting ferrule end, cutting ferrule is logical
It crosses contact connection and the random value of input is sent to simulation card as simulation Card-terminal binding factor etc., as long as can make
Cutting ferrule obtains identical binding factor and is within the scope of protection of the invention with card is simulated.
2, cutting ferrule and Truth cards manager execute bindings:
In the present invention, cutting ferrule can be bound in the following way with Truth cards manager:
Cutting ferrule and Truth cards manager mutual authentication other side certificate and other side's identity, and after both sides authenticate and pass through,
Respectively it is stored in the binding factor generated in verification process.
Hereinafter, providing the specific implementation of a kind of cutting ferrule and Truth cards manager execution bindings:
Fig. 7 shows data interaction system provided in an embodiment of the present invention and realizes that cutting ferrule is tied up with the execution of Truth cards manager
Surely the flow chart operated, referring to Fig. 7, cutting ferrule executes bindings with Truth cards manager and includes:
Cutting ferrule reception is used to indicate the trigger command bound with Truth cards manager;Specifically, it is used in cutting ferrule
Before, power-on operation can be executed to cutting ferrule in advance, at this point, optionally, cutting ferrule prompts user to input startup password, and receives use
The startup password of family input verifies the correctness of the startup password of user's input, correct in the startup password of verifying user's input
Afterwards, power-on operation is executed, cutting ferrule enters operating mode.Before carrying out data interaction using cutting ferrule and Truth cards manager,
Optionally, cutting ferrule and Truth cards manager are bound, to improve the safety of follow-up data interaction.Wherein, cutting ferrule connects
The trigger command that cutting ferrule is bound with Truth cards manager that is used to indicate received can be to be provided separately within tying up on cutting ferrule
Determine physical button generation, perhaps can be on the touch screen of cutting ferrule binding virtual key generation or can be switched on it is close
It is generated after code verifying is correct, or can be generated for selection binding function in the menu that is shown on cutting ferrule screen, certainly,
It can also be generated for other any modes, in the present invention and with no restriction.
Cutting ferrule sends the second binding instruction to Truth cards manager, wherein the second binding instruction includes: what cutting ferrule generated
Third binds random factor, cutting ferrule certificate and cutting ferrule unique identification;Specifically, cutting ferrule (such as can move wirelessly
Dynamic network, WIFI etc.) it is instructed to the second binding of Truth cards manager transmission.It is random that third binding is carried in second binding instruction
The factor can prevent Replay Attack, carry cutting ferrule certificate so that Truth cards manager recognizes cutting ferrule in the second binding instruction
It demonstrate,proves, carries cutting ferrule unique identification so that Truth cards manager knows which cutting ferrule is bound with it in the second binding instruction;Wherein,
It can be random number that cutting ferrule generates, random character or combinations thereof that third, which binds random factor, certainly, generate third binding with
After the machine factor, can also to third bind random factor randomness verify, with improve third binding random factor with
Machine prevents from being cracked;Cutting ferrule unique identification can be any or combinations thereof for cutting ferrule sequence number, EIC equipment identification code, MAC Address etc.
With the mark of unique identification cutting ferrule.
Truth cards manager receives the second binding instruction, is verified using root certificate to cutting ferrule certificate;Specifically, very
Root certificate is stored in advance in real card management device, completes the verifying to cutting ferrule certificate using the root certificate, subsequent using card to guarantee
Cover the safety of certificate.
After Truth cards manager verifying cutting ferrule certificate is legal, the 4th binding random factor is generated;Specifically, the 4th binding
Random factor can be random number, random character of the generation of Truth cards manager or combinations thereof;Certainly, the 4th binding is being generated
After random factor, the randomness of the 4th binding random factor can also be verified, to improve the 4th binding random factor
Randomness prevents from being cracked.
Truth cards manager binds random factor and the 4th binding to third using the cutting ferrule public key in cutting ferrule certificate
Random factor carry out encryption obtain second binding ciphertext, using Truth cards manager private key to third bind random factor and
4th binding random factor carries out signature and obtains third binding signature;Specifically, Truth cards manager utilizes cutting ferrule public key pair
Third binding random factor and the 4th binding random factor be encrypted to ensure that third binding random factor and the 4th tie up
Determine the safety of random factor transmission, Truth cards manager binds random factor to third using Truth cards manager private key
And the 4th binding random factor sign, with guarantee subsequent cutting ferrule can legitimacy to Truth cards manager identity into
Row certification.
Truth cards manager sends the second binding response to cutting ferrule, wherein the second binding response includes: that the second binding is close
Text, third binding signature, Truth cards manager certificate and Truth cards manager unique identification;Specifically, Truth cards
Truth cards manager certificate is carried in the second binding response that manager is sent so that cutting ferrule carries out Truth cards manager
Certification, carry in the second binding response Truth cards manager unique identification so as to cutting ferrule know which Truth cards manager with
It is bound;Wherein, Truth cards manager unique identification can be Truth cards manager sequence number, EIC equipment identification code, MAC
Location etc. is any or combinations thereof with the mark of unique identification Truth cards manager.
Cutting ferrule receives the second binding response, is verified using root certificate to Truth cards manager certificate;Specifically, block
Root certificate is stored in advance in set, completes the verifying to Truth cards manager certificate using the root certificate, subsequent using true to guarantee
The safety of real card management device certificate.
After cutting ferrule verifying Truth cards manager certificate is legal, the second binding ciphertext is decrypted using cutting ferrule private key,
Obtain the third binding decryption random factor and the 4th binding decryption random factor;Specifically, it is bound using cutting ferrule private key to second
Ciphertext is decrypted, if data transmission fault has occurred in the data transmission, or is distorted in the data transmission, then
Will lead to can not successful decryption, or decrypt third binding the decryption random factor and the 4th binding the decryption random factor with
Third binds random factor and the 4th binding random factor is different.And it is encrypted by cutting ferrule public key, only cutting ferrule private key
It can be with successful decryption, thus it is also ensured that the safety of data deciphering.
Cutting ferrule binds the decryption random factor using the Truth cards manager public key in Truth cards manager certificate, third
And the 4th binding decryption random factor pair third binding signature verified;Specifically, cutting ferrule utilizes true after being verified
The signature that real card management device public key sends Truth cards manager is verified, to ensure the legitimate origin of data.
After cutting ferrule verifies third binding signature correctly, the verifying third binding decryption random factor and third bind random factor
It is whether identical;Specifically, the third that cutting ferrule verifies itself generation binds random factor and the third binding decryption random factor is identical,
The data source that can guarantee data and be not tampered with, and encrypt is the object that cutting ferrule sends third binding random factor really.
After the cutting ferrule verifying third binding decryption random factor is identical as third binding random factor, Truth cards management is prompted
Device unique identification;Specifically, cutting ferrule can show Truth cards manager unique identification, can also be played with voice (such as loudspeaker
Play or played by headset earpiece etc.) Truth cards manager unique identification, so that user is to Truth cards manager
Authenticity is confirmed, binding safety is improved.
Cutting ferrule is received for confirming the correct trigger command of Truth cards manager unique identification, using cutting ferrule private key to the
Three binding random factors and the 4th binding decryption random factor are signed, and are obtained the 4th binding and are signed, and storage is true
Card management device unique identification, Truth cards manager certificate and the second binding factor of cutting ferrule end are bound to cutting ferrule end second and are arranged
Table, wherein the second binding factor of cutting ferrule end is the 4th binding decryption random factor;Specifically, cutting ferrule is received true for confirming
The real correct trigger command of card management device unique identification can be that the confirmation physical button being provided separately on cutting ferrule generates,
Perhaps selection is true in menu can generating for the confirmation virtual key on the touch screen of cutting ferrule or showing on cutting ferrule screen
Recognize function generation, or the voice confirmation that can be received for the voice acquisition device (such as Mike) of cutting ferrule is indicated and verified
By it is rear when generate, or fingerprint identification can be received for the fingerprint acquisition device of cutting ferrule and indicate and generated after being verified
, or iris confirmation can be received for the iris collection device of cutting ferrule and indicate and generate after being verified, certainly, may be used also
Think what other any modes generated, in the present invention and with no restriction;Using cutting ferrule private key to third bind random factor with
And the 4th binding the decryption random factor sign so that subsequent Truth cards manager authenticates the identity of cutting ferrule;When
So, cutting ferrule can also store the second list of bindings of cutting ferrule end, which is used to record and cutting ferrule binding
The relevant information of Truth cards manager, such as: Truth cards manager unique identification, Truth cards manager certificate etc., separately
Outside, the second list of bindings of cutting ferrule end is also used to store the second binding factor of cutting ferrule end, which is ciphertext
4th binding random factor of transmission, is ciphertext transmission based on the 4th binding random factor, therefore, the cutting ferrule end second binding
The factor is safety and is not tampered with.
Cutting ferrule sends the 4th binding signature to Truth cards manager;Specifically, cutting ferrule is sent to Truth cards manager
4th binding signature, so that Truth cards manager authenticates cutting ferrule identity.
Truth cards manager receives the 4th binding signature, is bound using the cutting ferrule public key in cutting ferrule certificate, third random
The factor and the 4th binding random factor verify the 4th binding signature;Specifically, Truth cards manager utilizes verifying
The signature that cutting ferrule public key after sends cutting ferrule is verified, to ensure the legitimate origin of data.
After the 4th binding signature of Truth cards manager verifying is correct, storage cutting ferrule unique identification, cutting ferrule certificate and true
Real card management device end binding factor is to Truth cards manager end list of bindings, wherein the binding of Truth cards manager end because
Son is the 4th binding random factor.Specifically, Truth cards manager can also store Truth cards manager end list of bindings,
The Truth cards manager end list of bindings is used to record the relevant information with the cutting ferrule of Truth cards manager binding, such as:
Cutting ferrule unique identification, cutting ferrule certificate etc., in addition, Truth cards manager end list of bindings is also used to store Truth cards manager
Binding factor is held, which is the 4th binding random factor that Truth cards manager generates.
It can be seen that being bound based on above-mentioned cutting ferrule and Truth cards manager, it is ensured that subsequent cutting ferrule and true
The safety of data interaction between card management device.
In addition, the step of above-mentioned cutting ferrule and Truth cards manager execute the operation of binding not necessarily, answers according to difference
With the demand of scene, the operation for not executing above-mentioned cutting ferrule and the execution binding of Truth cards manager can choose.
Certainly, above-mentioned cutting ferrule and Truth cards manager execute the operation of binding, it is not limited to the realization of above-mentioned offer
Mode, such as Truth cards manager to be bound that is, under trusted context, can also be inputted on cutting ferrule using binding manually
Mark as the first binding factor of cutting ferrule end, Truth cards manager defaults the mark of Truth cards manager as true card
Piece manager end binding factor;Or the mark of cutting ferrule to be bound is inputted on Truth cards manager as Truth cards pipe
Device end binding factor is managed, cutting ferrule defaults the mark of cutting ferrule as the second binding factor of cutting ferrule end;Or it is inputted on cutting ferrule any
Random value inputs identical random value as Truth cards pipe as the second binding factor of cutting ferrule end on Truth cards manager
Device end binding factor etc. is managed, as long as cutting ferrule can be made, which to obtain identical binding factor with Truth cards manager, to be belonged to
In protection scope of the present invention.
Certainly, above-mentioned cutting ferrule and simulation card execute the operation bound and above-mentioned cutting ferrule and execute binding with Truth cards
Operation and it is non-required be performed simultaneously, according to the demand of different application scene, can choose and only execute cutting ferrule and simulate card
Bindings, the bindings or above-mentioned bindings for perhaps only executing cutting ferrule and Truth cards manager not execute.
Five, data interaction:
After cutting ferrule and simulation card establish secure connection, the first data that simulation card is sent to cutting ferrule utilize simulation
Card-terminal safe transmission key is sent after carrying out the first processing, and cutting ferrule receives first treated the first data, utilizes cutting ferrule
Safe transmission key is held to carry out second processing;Cutting ferrule utilizes cutting ferrule end safe transmission key to the second data that simulation card is sent
It is sent after carrying out the first processing, simulation card receives first treated the second data, utilizes simulation Card-terminal safe transmission
Key carries out second processing.
After cutting ferrule and Truth cards manager establish secure connection, cutting ferrule sent to Truth cards manager first
Data are sent after carrying out the first processing using cutting ferrule end safe transmission key, and Truth cards manager receives first, and treated
First data carry out second processing using Truth cards manager end safe transmission key;Truth cards manager is sent out to cutting ferrule
The second data sent are sent after carrying out the first processing using Truth cards manager end safe transmission key, and cutting ferrule receives first
The second data that treated carry out second processing using cutting ferrule end safe transmission key.
Thereby guarantee that the safety of data interaction.
One kind presented below establishes secure connection in cutting ferrule and simulation card, and cutting ferrule and Truth cards manager establish peace
After full connection, data interactive method of the invention, but the present invention is not limited thereto:
It simulates card and receives the data that transaction terminal is sent, and received using simulation Card-terminal safe transmission key pair
Data are sent to cutting ferrule after carrying out the first processing;Specifically, in data exchange process, by simulation card and transaction terminal (example
Such as ATM machine, POS machine, bus card top-up machines) it is attached (contact interface or non-contact interface), simulation card connects
Receive the data that transaction terminal is sent, which can be data to be processed (such as withdrawal amount, deducted amount, Truth cards
Information acquisition request etc.).
Cutting ferrule receives the data that simulation card is sent, and the data received using cutting ferrule end the first safe transmission key pair
After carrying out second processing, sent after carrying out the first processing using the data after the second safe transmission key pair second processing of cutting ferrule end
To Truth cards manager;Specifically, cutting ferrule receives the data that simulation card is sent, and close using the first safe transmission of cutting ferrule end
After key carries out second processing to the data that receive, data after second processing can also be prompted, and receive and be used to indicate second
After data that treated correctly confirm instruction, carried out using the data after the second safe transmission key pair second processing of cutting ferrule end
Truth cards manager is sent to after first processing;Based on this, cutting ferrule can also show data to be processed, can also be broadcast with voice
(such as loudspeaker play or by headset earpiece broadcasting etc.) data to be processed are put, so that user confirms the data to be processed
It is whether correct, only after correct, after the instruction of reception user's input data to be processed correctly confirm instruction, just this is waited for
The data of processing are sent to Truth cards manager;If user confirms that the data to be processed are incorrect, can directly take
The secondary data interaction that disappears with this improves the safety of data interaction.Cutting ferrule is received to be used to indicate the data after second processing just
True confirmation instruction can be that the confirmation physical button being provided separately on cutting ferrule generates, or can be on the touch screen of cutting ferrule
Confirmation virtual key generate, selected in the menu perhaps shown on cutting ferrule screen confirmation function generation or can be with
The voice confirmation that receives for the voice acquisition device (such as Mike) of cutting ferrule indicates and generates when being verified rear, Huo Zheke
Think that the fingerprint acquisition device of cutting ferrule receives fingerprint identification and indicates and generate after being verified, or can be the rainbow of cutting ferrule
Film acquisition device receives iris confirmation and indicates and generate after being verified, it is, of course, also possible to generate for other any modes
, in the present invention and with no restriction.
Truth cards manager receives the data that cutting ferrule is sent, and utilizes Truth cards manager end safe transmission key pair
The data received are sent to the Truth cards chosen after carrying out second processing;Specifically, Truth cards manager will be to be processed
Data be sent to the Truth cards chosen, so that the Truth cards chosen handle data to be processed.
The Truth cards chosen receive the data that Truth cards manager end is sent, and will obtain after processing after being handled
Data be sent to Truth cards manager;Specifically, the Truth cards chosen handle data to be processed, the processing
For the scheme of the processing of existing smart card, details are not described herein.
Truth cards manager receives the data that the Truth cards chosen are sent, and utilizes Truth cards manager end safety
Transmission key is sent to cutting ferrule after carrying out the first processing to the data received;
Cutting ferrule receives the data that Truth cards manager is sent, and is received using cutting ferrule end the second safe transmission key pair
Data carry out second processing after, recycle the first safe transmission of cutting ferrule end key pair second processing after data carry out first at
Simulation card is sent to after reason;
It simulates card and receives the data that cutting ferrule is sent, and the data received using simulation Card-terminal safe transmission key pair
Transaction terminal is sent to after carrying out second processing.Specifically, transaction terminal receives after Truth cards treated data, can
It is handled with the demand according to specific implementation scene, such as withdrawal note output is transferred accounts, and is swiped the card and is withholdd, supplements operation with money etc..
Based on above-mentioned data interaction process, a variety of different types of true cards can be may be implemented by a simulation card
The function of piece when user carries out data interaction, need to only carry simulation card and cutting ferrule, can be complete without carrying Truth cards
At raising convenience and safety.
Cutting ferrule can prompt the information for needing to confirm in data exchange process, and user can hand over data as a result,
The information that needs during mutually confirm executes interaction after being confirmed again, to guarantee the authenticity of data interaction, improves peace
Quan Xing.
In data transmission procedure, data interaction is carried out between simulation card, cutting ferrule and Truth cards manager and is passed through
Safe transmission key carries out encryption and decryption and/or verification operation, to guarantee the safety and integrality of data transmission.
Further, since can choose use and the matched Truth cards of transaction terminal, user in the prior art can solve
It does not carry with the matched Truth cards of transaction terminal and unnecessary expense expenditure (such as bank's inter-bank withdrawal service charge for generating
Deng).
Certainly, above-mentioned specific implementation is only disclosed from transaction terminal to Truth cards, the list of Truth cards to transaction terminal
Secondary data interaction, in practical applications, it is understood that there may be multiple data interaction, interaction flow is similar to above-mentioned single data interaction,
In multiple data interaction, whether can be needed to confirm according to interactive data the number for whether prompting interaction at cutting ferrule is arranged in
According to come the authenticity that guarantees interaction data.
Six, it trades:
Using data interaction framework of the invention, can also realizing transaction, (such as ATM machine withdrawal is transferred accounts, POS machine is swiped the card
Deng) etc. operation, a variety of variety classes can be thus achieved and really block to facilitate user only to carry cutting ferrule of the invention and simulation card
The transaction of piece, facilitates user to carry, and avoids loss of assets caused by Truth cards are lost.
The following provide a kind of particular transactions processes, but the present invention is not limited thereto:
Cutting ferrule obtains cutting ferrule end Truth cards information list, wherein cutting ferrule end Truth cards information list is from true card
The Truth cards manager end Truth cards information list obtained in piece manager;Specifically, optionally, before this step,
The operation of cutting ferrule booting, cutting ferrule login Truth cards manager can also be performed, details are not described herein, specifically may refer to above-mentioned
Related cutting ferrule booting and cutting ferrule log in the associated description of Truth cards manager.In this step, it is true to obtain cutting ferrule end for cutting ferrule
Card image list can also include the steps that cutting ferrule updates cutting ferrule end Truth cards information list, also repeat no more herein, have
Body may refer to the associated description that above-mentioned cutting ferrule updates cutting ferrule end Truth cards information list.Cutting ferrule is from Truth cards manager
After the Truth cards manager end Truth cards information list of acquisition, store it in the storage region of cutting ferrule, as cutting ferrule
Truth cards information list is held, needs to prompt (such as display or voice broadcasting etc.) cutting ferrule end Truth cards information column in cutting ferrule
When table, the cutting ferrule end Truth cards information list can be directly acquired from local, improve the processing speed of cutting ferrule.
Cutting ferrule prompts cutting ferrule end Truth cards information list;Specifically, cutting ferrule using itself display device or by
Exterior display device show cutting ferrule end Truth cards information list or cutting ferrule using the voice playing device of itself or by
External voice playing device voice, which plays (such as loudspeaker play or by headset earpiece broadcasting etc.) cutting ferrule end Truth cards, to be believed
List is ceased, so that user needs Truth cards to be used according to cutting ferrule end Truth cards information list when selecting to trade,
Facilitate user to select, enhances user experience.
Cutting ferrule receives Truth cards selection instruction, determines the Truth cards chosen;And simulation card receives transaction terminal
The data of transmission, and card is sent to after carrying out the first processing using the data that simulation Card-terminal safe transmission key pair receives
Set;Specifically, the received Truth cards selection instruction of cutting ferrule can be that the selection physical button being provided separately on cutting ferrule generates
, it perhaps can be that selection virtual key on the touch screen of cutting ferrule generates or can be the dish that is shown on cutting ferrule screen
The menu item for indicating selection function is chosen to generate in list.Cutting ferrule receives Truth cards selection instruction, determines the true card chosen
Piece, cutting ferrule realize that data are transmitted with the Truth cards chosen via Truth cards manager.In addition, in process of exchange, by mould
Quasi- card and transaction terminal (such as ATM machine, POS machine etc.) are attached (contact interface or non-contact interface), are simulated
Card receives the data that transaction terminal is sent, which can be transaction data to be processed (such as withdrawal amount, deducted amount
Deng), so that subsequent user confirms whether the transaction data to be processed is correct.In addition, receiving transaction terminal hair in simulation card
Before the transaction data to be processed sent, simulation card can also receive the Truth cards that the acquisition that transaction terminal is sent is chosen
Truth cards information request, cutting ferrule receives the data that simulation card is sent, and is docked using cutting ferrule end the first safe transmission key
After the data that receive carry out second processing, the data after recycling the second safe transmission of cutting ferrule end key pair second processing carry out the
Truth cards manager is sent to after one processing, Truth cards manager receives the data that cutting ferrule is sent, and utilizes Truth cards
The data that manager end safe transmission key pair receives are sent to the Truth cards chosen after carrying out second processing, and that chooses is true
Real card receives the data that Truth cards manager end is sent, and the Truth cards information that will acquire is sent to Truth cards management
Device, Truth cards manager receives the data that the Truth cards chosen are sent, and utilizes Truth cards manager end safe transmission
The data that key pair receives are sent to cutting ferrule after carrying out the first processing, and cutting ferrule receives the data that Truth cards manager is sent,
And after the data received using cutting ferrule end the second safe transmission key pair carry out second processing, the first safety of cutting ferrule end is recycled
Transmission key is sent to simulation card after carrying out the first processing to the data after second processing, and simulation card receives what cutting ferrule was sent
Data, and it is sent to transaction terminal after carrying out second processing using the data that simulation Card-terminal safe transmission key pair receives,
Transaction terminal gets the Truth cards information for the Truth cards chosen as a result, is handed over so as to subsequent for the Truth cards
Easily.
Cutting ferrule receives the data that simulation card is sent, and the data received using cutting ferrule end the first safe transmission key pair
After carrying out second processing, data after prompting second processing, and receive and be used to indicate the data after second processing and correctly confirm
After instruction, true card is sent to after carrying out the first processing using the data after the second safe transmission key pair second processing of cutting ferrule end
Piece manager;Specifically, cutting ferrule can show transaction data to be processed, can also be played with voice (such as loudspeaker play or
Pass through headset earpiece to play etc.) transaction data to be processed, so that user confirms whether the transaction data to be processed is correct, only
Have after correct, it is just that this is to be processed after the instruction of reception user's input transaction data to be processed correctly confirms instruction
Transaction data is sent to Truth cards manager;If user confirms that the transaction data to be processed is incorrect, can be direct
Cancel the transaction, with this, improves the safety of transaction.Cutting ferrule is received to be used to indicate the data after second processing correctly really
Recognizing instruction can be that the confirmation physical button being provided separately on cutting ferrule generates, or can be the confirmation on the touch screen of cutting ferrule
Virtual key generate, in the menu perhaps shown on cutting ferrule screen select confirmation function generation or can be cutting ferrule
Voice acquisition device (such as Mike) the voice confirmation that receives indicate and while being verified rear generates, or can be card
The fingerprint acquisition device of set receives fingerprint identification and indicates and generate after being verified, or can be the iris capturing of cutting ferrule
Device receives iris confirmation and indicates and generate after being verified, it is, of course, also possible to generated for other any modes, at this
In invention and with no restriction.
Truth cards manager receives the data that cutting ferrule is sent, and utilizes Truth cards manager end safe transmission key pair
The data received are sent to the Truth cards chosen after carrying out second processing;Specifically, Truth cards manager will be to be processed
Transaction data be sent to the Truth cards chosen, so that the Truth cards chosen handle transaction data to be processed.
The Truth cards chosen receive the data that Truth cards manager end is sent, and carrying out will be at transaction after trading processing
The data obtained after reason are sent to Truth cards manager;Specifically, the Truth cards chosen to transaction data to be processed into
Row trading processing, the trading processing are the scheme of the trading processing of existing smart card, and details are not described herein.
Truth cards manager receives the data that the Truth cards chosen are sent, and utilizes Truth cards manager end safety
Transmission key is sent to cutting ferrule after carrying out the first processing to the data received;
Cutting ferrule receives the data that Truth cards manager is sent, and is received using cutting ferrule end the second safe transmission key pair
Data carry out second processing after, recycle the first safe transmission of cutting ferrule end key pair second processing after data carry out first at
Simulation card is sent to after reason;
It simulates card and receives the data that cutting ferrule is sent, and the data received using simulation Card-terminal safe transmission key pair
Transaction terminal is sent to after carrying out second processing.Specifically, transaction terminal receives the data after Truth cards trading processing
Afterwards, this transaction, such as withdrawal note output can be completed according to existing transaction flow, are transferred accounts, are swiped the card and withhold.
Based on above-mentioned transaction flow, a variety of different types of Truth cards can be may be implemented by a simulation card
Function when user trades, need to only carry simulation card and cutting ferrule, can complete to trade without carrying Truth cards, mention
Height transaction convenience and safety.
Cutting ferrule can prompt the information for needing to confirm in process of exchange, and user can be in process of exchange as a result,
The information that confirms of needs confirmed after execute transaction again, to guarantee the authenticity of transaction, improve safety.
In data transmission procedure, data interaction is carried out between simulation card, cutting ferrule and Truth cards manager and is passed through
Safe transmission key carries out encryption and decryption and/or verification operation, to guarantee the safety and integrality of data transmission.
Further, since can choose use and the matched Truth cards of transaction terminal, user in the prior art can solve
It does not carry with the matched Truth cards of transaction terminal and unnecessary expense expenditure (such as bank's inter-bank withdrawal service charge for generating
Deng).
Certainly, above-mentioned specific implementation is only disclosed from transaction terminal to Truth cards, the list of Truth cards to transaction terminal
Secondary data interaction, in practical applications, it is understood that there may be multiple data interaction, interaction flow is similar to above-mentioned single data interaction,
In multiple data interaction, whether can be needed to confirm according to interactive data the number for whether prompting interaction at cutting ferrule is arranged in
According to come the authenticity that guarantees interaction data.
In all embodiments of the invention, normal data interactive process all between cutting ferrule and simulation card, simulation
Card is respectively positioned within the scope of the efficient communication of cutting ferrule, if cutting ferrule detects that simulation card has exceeded the efficient communication model of cutting ferrule
It encloses, then cutting ferrule can be prompted or cutting ferrule will be prompted to information and be sent to the user terminal (such as smart phone, tablet computer
Deng) at prompted, so that the position for prompting user to simulate card occurs abnormal, thus improve simulation card safety in utilization.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiment or examples in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective
In the case where can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention
By appended claims and its equivalent limit.
Claims (10)
1. a kind of data interaction system characterized by comprising simulation card, cutting ferrule and Truth cards manager;
The cutting ferrule, for obtaining cutting ferrule end Truth cards information list;Prompt the cutting ferrule end Truth cards information list;It connects
Truth cards selection instruction is received, determines the Truth cards chosen;Wherein, the cutting ferrule end Truth cards information list is the card
Cover the Truth cards manager end Truth cards information list obtained from the Truth cards manager, the Truth cards pipe
Reason device end Truth cards information list includes the Truth cards information for the Truth cards connecting with the Truth cards manager;
The simulation card, for receive transaction terminal transmission the first data, and by the cutting ferrule be sent to it is described really
Card management device;
The Truth cards manager, first data sent for receiving the simulation card, and it is sent to the choosing
In Truth cards;The second data that the Truth cards chosen described in reception are sent, and the mould is sent to by the cutting ferrule
Quasi- card;
The simulation card is also used to receive second data that the Truth cards manager is sent, and is sent to described
Transaction terminal.
2. system according to claim 1, which is characterized in that
The cutting ferrule is also used to establish secure connection with the simulation card, obtain between the cutting ferrule and the simulation card
Carry out cutting ferrule end the first safe transmission key of data security transmission;
The simulation card is also used to establish secure connection with the cutting ferrule, obtains between the cutting ferrule and the simulation card
Carry out the simulation Card-terminal safe transmission key of data security transmission.
3. system according to claim 2, which is characterized in that
The cutting ferrule is established the first secure connection of secure connection and is referred to specifically for sending to be used to indicate to the simulation card
It enables, wherein the first secure connection instruction includes: that the cutting ferrule utilizes the simulation card public key in simulation card certificate to card
Set the first binding factor of end and the first connection random factor of generation carry out the first connection ciphertext of encryption acquisition, the cutting ferrule
The of signature acquisition is carried out to first binding factor of cutting ferrule end and the first connection random factor using cutting ferrule private key
One connection signature;
The simulation card is specifically used for receiving the first secure connection instruction, using simulation card private key to described first
Connection ciphertext is decrypted, and obtains cutting ferrule end first and binds decryption factor and the first connection decryption random factor;Utilize cutting ferrule
Described in cutting ferrule public key, the cutting ferrule end first binding decryption factor and the first connection decryption random factor pair in certificate
First connection signature is verified;Verify the first connection signature it is correct after, verify the binding of cutting ferrule end first decryption because
Whether son and simulation Card-terminal binding factor are identical;It verifies the cutting ferrule end first and binds decryption factor and the simulation Card-terminal
After binding factor is identical, the second connection random factor is generated;Using the cutting ferrule public key in the cutting ferrule certificate to described
The one connection decryption random factor and the second connection random factor carry out encryption and obtain the second connection ciphertext, utilize analog card
Piece private key carries out signature to the first connection decryption random factor and the second connection random factor and obtains the second connection
Signature;The response of the first secure connection is sent to the cutting ferrule, wherein the first secure connection response includes: second company
Connect ciphertext and the second connection signature;
The cutting ferrule, is specifically also used to receive the first secure connection response, is connected using the cutting ferrule private key to described second
It connects ciphertext to be decrypted, the first connection decryption random factor and the second connection decryption random factor after being decrypted;Using institute
State the simulation card public key in simulation card certificate, the first connection decryption random factor and described second after the decryption
Second connection signature described in connection decryption random factor pair is verified;After verifying the second connection signature correctly, institute is verified
Whether the first connection decryption random factor after stating decryption with described first connect random factor identical;After verifying the decryption
After the first connection decryption random factor is identical as the first connection random factor, at least with the second connection decryption random
The factor generates the first safe transmission of cutting ferrule end key between the cutting ferrule and the simulation card;
The simulation card is specifically also used to generate the cutting ferrule and the simulation at least with the second connection random factor
The simulation Card-terminal safe transmission key between card.
4. system according to claim 2, which is characterized in that
The cutting ferrule connects random factor specifically for receiving the third that the simulation card that the simulation card is sent generates
And simulation card unique identification;It sends to be used to indicate to the simulation card and establishes the second secure connection of secure connection and refer to
It enables, wherein second secure connection instruction includes: that cutting ferrule unique identification, the cutting ferrule utilize the mould in simulation card certificate
Quasi- card public key carries out the third of encryption acquisition to the 4th connection random factor of third connection random factor and generation
Connect ciphertext, the cutting ferrule using cutting ferrule private key to the third connect random factor and it is described 4th connection random factor into
The third that row signature obtains connects signature;
The simulation card is specifically used for receiving second secure connection instruction, judge the cutting ferrule unique identification whether
It simulates in Card-terminal list of bindings;If the cutting ferrule unique identification utilizes simulation in the simulation Card-terminal list of bindings
Third connection ciphertext is decrypted in card private key, obtains the third connection decryption random factor and the 4th connection RANDOM SOLUTION
The close factor;At random using cutting ferrule public key, the third connection decryption random factor and the 4th connection in cutting ferrule certificate
Decryption factor verifies third connection signature;After verifying the third connection signature correctly, verifies the third and connect
Whether connecing the decryption random factor, with the third to connect random factor identical;If the third connection decryption random factor and institute
It is identical to state third connection random factor, using the simulation card private key to the third connection decryption random factor and described
The 4th connection decryption random factor carries out signature and obtains the 4th connection signature;The response of the second secure connection is sent to the cutting ferrule,
Wherein, the second secure connection response includes: the 4th connection signature;
The cutting ferrule is specifically also used to receive the second secure connection response, described in the simulation card certificate
Simulation card public key, third connection random factor and the 4th connection random factor test the 4th connection signature
Card;After verifying the 4th connection signature correctly, bound at least with the 4th connection random factor and cutting ferrule end first
The factor generates the first safe transmission of cutting ferrule end key between the cutting ferrule and the simulation card;
The simulation card is specifically also used at least with the 4th connection decryption random factor and simulation Card-terminal binding
The factor generates the simulation Card-terminal safe transmission key between the cutting ferrule and the simulation card;
The cutting ferrule, be specifically also used to using the connection random factor of third described in the first safe transmission of cutting ferrule end key pair with
And the simulation card is sent to after the first processing of the 4th connection random factor progress;
The simulation card is specifically also used to utilize the connection RANDOM SOLUTION of third described in the simulation Card-terminal safe transmission key pair
The close factor and the 4th connection decryption random factor are sent to the cutting ferrule after carrying out the first processing;
The cutting ferrule is specifically also used to receive the data that the simulation card is sent, and is passed using first safety of cutting ferrule end
Data that defeated key pair receives carry out second processing, the data after comparing second processing connect with the third random factor with
And it is described 4th connection random factor it is whether identical;
The simulation card is specifically also used to receive the data that the cutting ferrule is sent, and is passed safely using the simulation Card-terminal
Data that defeated key pair receives carry out second processing, the data after comparing second processing connect with the third decryption random because
Whether the sub and described 4th connection decryption random factor is identical.
5. system according to claim 1, which is characterized in that
The cutting ferrule is also used to establish secure connection with the Truth cards manager, obtains the cutting ferrule and the true card
Cutting ferrule end the second safe transmission key of data security transmission is carried out between piece manager;
The Truth cards manager is also used to establish secure connection with the cutting ferrule, obtains the cutting ferrule and the true card
The Truth cards manager end safe transmission key of data security transmission is carried out between piece manager.
6. system according to claim 5, which is characterized in that
The cutting ferrule is established the third of secure connection and is connected safely specifically for sending to be used to indicate to the Truth cards manager
Connect instruction, wherein the third secure connection instruction includes: that the cutting ferrule utilizes the true card in Truth cards manager certificate
Piece manager public key carries out the 5th of encryption acquisition to the second binding factor of cutting ferrule end and the 5th connection random factor of generation
Ciphertext is connected, the cutting ferrule is using cutting ferrule private key to second binding factor of cutting ferrule end and the 5th connection random factor
Carry out the 5th connection signature of signature acquisition;
The Truth cards manager is specifically used for receiving the third secure connection instruction, private using Truth cards manager
Key to it is described 5th connection ciphertext be decrypted, obtain cutting ferrule end second bind decryption factor and the 5th connection decryption random because
Son;Utilize cutting ferrule public key, the cutting ferrule end second binding decryption factor and the 5th connection RANDOM SOLUTION in cutting ferrule certificate
5th connection signature described in close factor pair is verified;Verify the 5th connection signature it is correct after, verify the cutting ferrule end the
Whether two binding decryption factors and Truth cards manager end binding factor are identical;Verify the cutting ferrule end second binding decryption because
It is sub it is identical as Truth cards manager end binding factor after, generate the 6th connection random factor;Utilize the cutting ferrule certificate
In the cutting ferrule public key to it is described 5th connection the decryption random factor and it is described 6th connection random factor carry out encryption obtain
The 6th connection ciphertext, using the Truth cards manager private key to the 5th connection decryption random factor and described the
Six connection random factors carry out signature and obtain the 6th connection signature;The response of third secure connection is sent to the cutting ferrule, wherein institute
Stating the response of third secure connection includes: the 6th connection ciphertext and the 6th connection signature;
The cutting ferrule, is specifically also used to receive the third secure connection response, is connected using the cutting ferrule private key to the described 6th
It connects ciphertext to be decrypted, the 5th connection decryption random factor and the 6th connection decryption random factor after being decrypted;Using institute
State the Truth cards manager public key in Truth cards manager certificate, the 5th connection decryption random after the decryption because
6th connection signature described in the sub and described 6th connection decryption random factor pair is verified;Verify the 6th connection signature just
After really, whether the 5th connection decryption random factor after verifying the decryption with the described 5th connect random factor identical;Verifying
After the decryption the 5th connection the decryption random factor with it is described 5th connect random factor it is identical after, at least with the described 6th
It is close that the connection decryption random factor generates second safe transmission of cutting ferrule end between the cutting ferrule and the Truth cards manager
Key;
The Truth cards manager is specifically also used to generate the cutting ferrule and institute at least with the 6th connection random factor
State the Truth cards manager end safe transmission key between Truth cards manager.
7. system according to claim 5, which is characterized in that
The cutting ferrule, the 7th generated specifically for receiving the Truth cards manager that the Truth cards manager is sent
Connect random factor and Truth cards manager unique identification;Foundation safety is used to indicate to Truth cards manager transmission
The 4th secure connection instruction of connection, wherein the 4th secure connection instruction includes: cutting ferrule unique identification, cutting ferrule benefit
With the Truth cards manager public key in Truth cards manager certificate to the of the 7th connection random factor and generation
Eight connection random factors carry out encryption acquisition the 7th connection ciphertext, the cutting ferrule using cutting ferrule private key to it is described 7th connection with
The machine factor and the 8th connection random factor carry out the 7th connection signature of signature acquisition;
The Truth cards manager is specifically used for receiving the 4th secure connection instruction, judges the cutting ferrule unique identification
Whether in the list of bindings of Truth cards manager end;If the cutting ferrule unique identification is tied up at Truth cards manager end
Determine in list, the 7th connection ciphertext is decrypted using Truth cards manager private key, obtains the 7th connection RANDOM SOLUTION
The close factor and the 8th connection decryption random factor;Utilize cutting ferrule public key, the 7th connection decryption random in cutting ferrule certificate
7th connection signature described in the factor and the 8th connection decryption random factor pair is verified;Verify the 7th connection label
After name is correct, whether verifying the 7th connection decryption random factor, with the described 7th to connect random factor identical;If described
The 7th connection decryption random factor is identical as the 7th connection random factor, using the Truth cards manager private key to institute
It states the 7th connection decryption random factor and the 8th connection decryption random factor carries out signature and obtains the 8th connection signature;To
The cutting ferrule sends the response of the 4th secure connection, wherein the 4th secure connection response includes: the 8th connection signature;
The cutting ferrule is specifically also used to receive the 4th secure connection response, using in the Truth cards manager certificate
The Truth cards manager public key, the 7th connection random factor and it is described 8th connection random factor to it is described 8th connection
Signature is verified;After verifying the 8th connection signature correctly, at least with the 8th connection random factor and cutting ferrule
The second binding factor is held to generate the second safe transmission of cutting ferrule end key between the cutting ferrule and the Truth cards manager;
The Truth cards manager is specifically also used at least with the 8th connection decryption random factor and Truth cards
Manager end binding factor generates the safety of the Truth cards manager end between the cutting ferrule and the Truth cards manager
Transmission key;
The cutting ferrule, be specifically also used to using the 7th connection random factor described in the second safe transmission of cutting ferrule end key pair with
And the Truth cards manager is sent to after the first processing of the 8th connection random factor progress;
The Truth cards manager is specifically also used to utilize described in the safe transmission key pair of Truth cards manager end the
The seven connection decryption random factors and the 8th connection decryption random factor are sent to the cutting ferrule after carrying out the first processing;
The cutting ferrule is specifically also used to receive the data that the Truth cards manager is sent, and utilizes the cutting ferrule end second
The data that safe transmission key pair receives carry out second processing, and the data after comparing second processing connect random with the described 7th
Whether the factor and the 8th connection random factor are identical;
The Truth cards manager is specifically also used to receive the data that the cutting ferrule is sent, and utilizes the Truth cards pipe
The data that reason device end safe transmission key pair receives carry out second processing, and the data and the described 7th after comparing second processing connect
It connects the decryption random factor and whether the 8th connection decryption random factor is identical.
8. according to the described in any item systems of claim 2 to 4, which is characterized in that
The cutting ferrule is also used to before the cutting ferrule and the simulation card establish secure connection, holds with the simulation card
Row bindings.
9. system according to claim 8, which is characterized in that
The cutting ferrule, specifically for receiving the trigger command for being used to indicate and being bound with the simulation card;To the simulation
Card sends the first binding instruction, wherein the first binding instruction include: the first binding for generating of the cutting ferrule it is random because
Son, cutting ferrule certificate and cutting ferrule unique identification;
The simulation card is specifically used for receiving the first binding instruction, be tested using root certificate the cutting ferrule certificate
Card;Verify the cutting ferrule certificate it is legal after, generate second binding random factor;Utilize the cutting ferrule public key pair in the cutting ferrule certificate
The first binding random factor and the second binding random factor carry out encryption and obtain the first binding ciphertext, utilize simulation
Card private key carries out the first binding of signature acquisition to the first binding random factor and the second binding random factor and signs
Name;The first binding response is sent to the cutting ferrule, wherein first binding response includes: the first binding ciphertext, described
First binding signature, simulation card certificate and simulation card unique identification;
The cutting ferrule is specifically also used to receive first binding response, is carried out using root certificate to the simulation card certificate
Verifying;Verify the simulation card certificate it is legal after, using the cutting ferrule private key to it is described first binding ciphertext be decrypted, obtain
Obtain the first binding decryption random factor and the second binding decryption random factor;Utilize the simulation card in the simulation card certificate
Public key, it is described first binding the decryption random factor and it is described second binding decryption random factor pair described in first binding sign into
Row verifying;After verifying the first binding signature correctly, the first binding decryption random factor and first binding are verified
Whether random factor is identical;Verify it is described first binding the decryption random factor with it is described first bind random factor it is identical after, mention
Show the simulation card unique identification;It receives for confirming the correct trigger command of the simulation card unique identification, utilizes institute
It states cutting ferrule private key to sign to the first binding random factor and the second binding decryption random factor, obtains second
Binding signature, and the storage simulation card unique identification, the first binding factor of the simulation card certificate and cutting ferrule end
To the first list of bindings of cutting ferrule end, wherein first binding factor of cutting ferrule end is the second binding decryption random factor;To
The simulation card sends the second binding signature;
The simulation card is specifically also used to receive the second binding signature, utilizes the cutting ferrule in the cutting ferrule certificate
Public key, the first binding random factor and the second binding random factor verify the second binding signature;Verifying
After the second binding signature is correct, store the cutting ferrule unique identification, the cutting ferrule certificate and the binding of simulation Card-terminal because
Son extremely simulation Card-terminal list of bindings, wherein the simulation Card-terminal binding factor is the second binding random factor.
10. according to the described in any item systems of claim 5 to 7, which is characterized in that
The cutting ferrule is also used to before the cutting ferrule and the Truth cards manager establish secure connection, and described true
Card management device executes bindings.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2014106438768 | 2014-11-07 | ||
| CN201410643876 | 2014-11-07 | ||
| CN201510055586.6A CN105991536A (en) | 2014-11-07 | 2015-02-03 | Data interaction system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510055586.6A Division CN105991536A (en) | 2014-11-07 | 2015-02-03 | Data interaction system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110458551A true CN110458551A (en) | 2019-11-15 |
Family
ID=57037069
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510055586.6A Pending CN105991536A (en) | 2014-11-07 | 2015-02-03 | Data interaction system |
| CN201910477280.8A Pending CN110458551A (en) | 2014-11-07 | 2015-02-03 | Data interaction system |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510055586.6A Pending CN105991536A (en) | 2014-11-07 | 2015-02-03 | Data interaction system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN105991536A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101490687A (en) * | 2006-07-07 | 2009-07-22 | 桑迪士克股份有限公司 | Control system and method using identity objects |
| CN101667240A (en) * | 2009-08-20 | 2010-03-10 | 北京握奇数据系统有限公司 | Intelligent card and card writing method, equipment and system thereof |
| CN103886455A (en) * | 2012-12-19 | 2014-06-25 | Nxp股份有限公司 | Digital wallet device for virtual wallet |
| CN103944715A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data processing method based on agreement key |
| WO2014139406A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Method and system for safely downloading terminal master key (tmr) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102890794A (en) * | 2011-07-21 | 2013-01-23 | 梁露露 | Method and system for realizing integration of multiple cards for mobile terminal |
| CN102346861A (en) * | 2011-09-16 | 2012-02-08 | 中兴通讯股份有限公司 | Method and terminal for managing RFID (Radio Frequency Identification Device) card |
| CN102610043B (en) * | 2012-02-09 | 2015-06-24 | 于梦媛 | Mobile terminal with virtual card-swiping function |
-
2015
- 2015-02-03 CN CN201510055586.6A patent/CN105991536A/en active Pending
- 2015-02-03 CN CN201910477280.8A patent/CN110458551A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101490687A (en) * | 2006-07-07 | 2009-07-22 | 桑迪士克股份有限公司 | Control system and method using identity objects |
| CN101667240A (en) * | 2009-08-20 | 2010-03-10 | 北京握奇数据系统有限公司 | Intelligent card and card writing method, equipment and system thereof |
| CN103886455A (en) * | 2012-12-19 | 2014-06-25 | Nxp股份有限公司 | Digital wallet device for virtual wallet |
| WO2014139406A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Method and system for safely downloading terminal master key (tmr) |
| CN103944715A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data processing method based on agreement key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991536A (en) | 2016-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104243451B (en) | A kind of information interacting method, system and intelligent cipher key equipment | |
| CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
| CN103516525B (en) | Dynamic password generation method and system | |
| CN104243162B (en) | A kind of information interacting method, system and intelligent cipher key equipment | |
| CN103116847B (en) | Smart card, intelligent card transaction system and method with electronic signature functionality | |
| CN105827656B (en) | Identity identifying method and device based on NFC payment | |
| CN105320891B (en) | A kind of method and device of computer security loading system mirror image | |
| CN104618114B (en) | ID card information acquisition methods, apparatus and system | |
| CN105635164B (en) | The method and apparatus of safety certification | |
| CN105989481B (en) | Data interaction method and system | |
| CN106027256B (en) | A kind of identity card card reading response system | |
| CN105991539B (en) | Data interactive method and system | |
| CN105989477A (en) | Data interaction method | |
| CN110458551A (en) | Data interaction system | |
| CN105991543B (en) | Data interactive method | |
| CN107292611B (en) | Transaction method and system | |
| CN105991530A (en) | Data interaction system | |
| CN105991527A (en) | Data interaction system | |
| CN110445748A (en) | Data interactive method and system | |
| WO2016124032A1 (en) | Data exchange method | |
| CN110417727A (en) | Data interaction system | |
| EP3217620A1 (en) | Data interaction method and system | |
| CN105989475A (en) | Data interaction method | |
| CN105991540A (en) | Data interaction method and system | |
| CN105991547A (en) | Data interaction system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191115 |
|
| RJ01 | Rejection of invention patent application after publication |