Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of method that realizes the off line recording operation, can operate at the record value that writes down on to pen recorder on the terminal of off line, greatly reduced the cost of operation.
The present invention also provides employed pen recorder in the off line recording operation, uses this pen recorder to operate the record value that self writes down on the terminal of off line, thereby can greatly cut operating costs.
In addition, the present invention also provides a kind of system that realizes the off line recording operation.
According to an aspect of the present invention, the method for realization off line recording operation of the present invention comprises:
A, be provided for storing the operation sheet of off-line operation record, described off-line operation record comprises operation sequence number, action type and record value;
B, after receiving recording operation instruction, for this recording operation generates unique operation sequence number, and according to the recording operation instruction that is received, in described operation sheet, increase an off-line operation record, write down operation sequence number that is generated and action type and the record value that obtains according to institute's receiving record operational order therein.
Wherein, the described recording operation instruction of step B is instructed for carrying the recording operation that adds that adds record value; Described off-line operation is recorded as and adds record, and wherein, the action type of record is for adding recording operation, and record value is the described record value that adds.
Describedly add recording operation instruction and further carry the time that this adds recording operation; Step B further comprises: write down the described time that adds recording operation in described adding in the record.
Describedly add recording operation instruction and further carry and carry out this terminal that adds recording operation and use the sign that adds record authentication security module and this to add the operation sequence number that writes down the authentication security module; Step B further comprises: add in the record the described sign that adds record authentication security module of record and this adds the operation sequence number of record authentication security module described.
Wherein, the instruction of the described recording operation of step B is write-off record operational order, wherein carry subtract the record value sum, disappear operate sequence number separately, the branch tail that disappears operation sequence number and the branch tail that disappears operation remain record value; Described off-line operation is recorded as write-off record, and wherein, the action type of record is write-off record operation, record value comprise describedly subtract the record value sum, disappear operate sequence number separately, the branch tail that disappears operation sequence number and the branch tail that disappears operation residue record value.
Described method further comprises after step B: according to the record of the write-off that increases newly, invalid with all being labeled as to the operation note before the described branch tail operation operation note that sequence number identified that disappears from the described operation note operating sequence number separately and identified of disappearing in the described operation sheet.
Further comprising before the step B: carry out the operation sheet on the terminal fetch recorder of write-off record operation, and according to the operation note of storing in the described operation sheet and this write-off record operation subtract that the record value sum calculates that disappearing of this write-off record operation operated sequence number separately, the branch tail that disappears operation sequence number and the branch tail that disappears operation residue record value.
Described calculating comprises: find a write-off record in described operation sheet, the branch tail operation sequence number that disappears of this record is operated sequence number separately as disappearing of this write-off record; If there is no go up a write-off record, the operation sequence number that then first is added record is operated sequence number separately as disappearing of this write-off record operation; The branch tail operation note that disappears that the record value sum finds this write-off record operation that subtracts according to this write-off record operation, obtain the branch tail operation sequence number that disappears of current write-off record, and calculate the branch tail operation residue record value that disappears of current write-off record, making disappears operate sequence number separately until the record value that each bar effectively adds record in the branch tail operation sequence number that disappears add up to described subtract the branch tail operation residue record value that disappears in record value total value and the branch tail record that disappears and.
Described method further comprises after step B receives write-off record operational order:
C1, check whether exist described disappearing to operate sequence number separately and the pairing operation note of branch tail operation sequence number that disappears in self operation sheet,, then to continue execution in step C2 if exist, otherwise, return the error message of not finding record to terminal, finish then;
C2, check to disappear described in self operation sheet to operate sequence number separately and disappear and whether effectively add record value sum in the record more than or equal to the described record value sum and the branch tail operation sequence number residue record value sum that disappears of subtracting between the branch tail operation sequence number, if, then continue execution in step B, otherwise, return the error message of amount deficiency to terminal, finish then.
Above-mentionedly judge described adding write down whether effective method is:
A, judge according to the described running time and the described term of validity that adds record that adds record whether before the deadline this add record, if before the deadline, execution in step b then, otherwise described adding, be recorded as the invalid record that adds;
B, judge that described invalid the adding that adds whether the sign that adds record value authentication security module that record puts down in writing be that self preserves adds record value authentication security module in the record value authentication security module blacklist, if, execution in step c then, otherwise, described add to be recorded as effectively add record;
C, judge and describedly add the operation sequence number that adds record value authentication security module that record puts down in writing and whether add the last effectively operation of record value authentication security module sequence number greater than this that writes down in the described blacklist, if greater than, then described adding, be recorded as the invalid record that adds; Otherwise, described add to be recorded as effectively add record.
Described method further comprises: D, after receiving read operation record sheet instruction, extract the operation note that described operation sheet is preserved, and the operation sheet that extracts returned the terminal that sends the instruction of reading and recording table.
Described method further comprises: E, after the protocol failure instruction that receives the operation sequence number that carries the operation note that will be disabled, in the operation sheet of self, search with the instruction of described invalid record value in the record of entrained operation sequence number coupling, and be invalid with record mark.
Step C further comprises: the process key corresponding with this operation that generates according to self generates an authentication of message sign indicating number and/or operation signature, and returns described terminal with described result.If being used to preserve the pen recorder of described operation sheet is extracted from the terminal of carrying out recording operation suddenly, described method is inserted again at described pen recorder, and after being same pen recorder, pen recorder that the terminal checking is inserted and the pen recorder of extracting before further comprise: receive extract operation authentication instruction from described terminal, and the authentication of message sign indicating number of up-to-date generation and/or operation signature returned to described terminal, finish this recording operation.
According to a further aspect in the invention, the invention provides a kind of pen recorder of realizing the off line recording operation, comprising:
Command analysis module is used to receive the instruction of self terminal, and the instruction that is received is resolved, and obtains corresponding recording operation instruction and parameter, sends to described recording operation module; Also be used for generating response message, and feed back to described terminal according to recording operation result from the recording operation module;
The recording operation module is used for according to the recording operation instruction that comes self terminal respective handling being carried out in the operation note of the operation sheet that self is provided with, and result is returned described terminal.
Pen recorder of the present invention further comprises: be connected safety and state management module between described recording operation module and the command analysis module, be used to receive recording operation instruction and parameter from command analysis module, judge whether the instruction that is received satisfies predefined safety and status condition, if satisfy, then recording operation instruction and the parameter that is received sent to the recording operation module; Otherwise, return error message and give command analysis module, finish this recording operation.
Above-mentioned pen recorder is realized by integrated circuit card.
According to another aspect of the invention, the present invention also provides a kind of system that realizes the off line recording operation, comprising:
Terminal is used to generate the recording operation instruction and sends to pen recorder; And
Pen recorder is used to receive the recording operation instruction of self terminal, and according to the recording operation instruction that is received respective handling is carried out in the operation note in the operation sheet that self is provided with.
System of the present invention further comprises: be connected to the server of described terminal, be used to monitor the duty of described terminal, safeguard a blacklist that is used for the protocol failure terminal, and regularly described blacklist is handed down to effective terminal.
This shows, by the operation sheet of the each recording operation detail of record is set on described pen recorder, method, pen recorder and the system of realization off line recording operation provided by the present invention can realize the operation to record value according to the operation note of the history that is write down in the pen recorder, thereby solve fully existing can't be by the off line terminal to carrying out the problem that record value is operated, and greatly reduced operation cost.
In addition, record the invalid mode that adds the blacklist of record authentication security module and realize management by regularly issuing inactive terminals to terminal, can avoid owing to use invalid terminal that pen recorder is carried out illegally adding arbitrarily recording operation to economic loss that the card issuer caused, thereby guaranteed the security of recording operation, and fully ensured card issuer's interests.
Embodiment
For the purpose, technical scheme and the advantage that make invention is clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further detail.
Core concept of the present invention is, record adds the card issuer to being provided with on user's the pen recorder in granting, the operation sheet of write-off record operation detail, and add at user's service recorder device, write-off record etc., is when operating, pen recorder will write down the operation detail of this operation in described operation sheet, for example, after adding the recording operation success, pen recorder will generate one and add record in the operation sheet of self, be used to write down this and add record value that recording operation increases or the like information; And after write-off record operate successfully, in the operation sheet of self, generate a write-off record, be used to write down this write-off and record the record value that is reduced operated or the like information.Like this, when carrying out write-off record operation, the terminal of carrying out the write-off record just can calculate the summary journal value of this user's reality according to the historical operation record of depositing on the pen recorder at every turn, and carries out corresponding write-off record operation.
Pen recorder of the present invention just can be expressed as the accumulating card that is used to write down integration in the integration application, and record value just can be expressed as the integrated value that can carry out integration consumption.
In above-mentioned this method, because self each in history operation detail of operating that pen recorder is self-contained, thereby the terminal that record value is operated be need not to be connected to the data in server storehouse, just can obtain the actual summary journal value of this pen recorder, thereby can realize easily adding, write-off record operation, thereby greatly cut operating costs.
Based on above-mentioned core concept, the invention provides a kind of pen recorder, the inner structure of this pen recorder mainly comprises as shown in Figure 1: command analysis module 101, safety and state management module 102 and recording operation module 103.
Wherein, command analysis module 101 is used for the instruction that comes self terminal is resolved on the one hand, obtains the dependent instruction and the relevant parameters of various operations, for example adds recording instruction or write-off record instruction and adds record value accordingly or write-off record value parameter or the like; On the other hand, be used for according to from the recording operation result of recording operation module 103 or generate institute from the error message of safety and state management module 102 and receive the response message of instructing and feed back to described terminal;
Safety and state management module 102 are used for judging resolve the recording operation instruction and the relevant parameter that obtain through command analysis module 101, judge whether the instruction that is received satisfies predefined corresponding safety and status condition, thereby judge the legitimacy of terminal, if satisfy corresponding condition, then corresponding recording operation instruction and correlation parameter are sent to recording operation module 103; Otherwise, return correspondingly error message and give command analysis module 101;
Recording operation module 103 is used for according to instruction of the recording operation that received and relevant parameter the operation sheet of self being handled, and returns correspondingly result and give described command analysis module 101.
Here, described operation sheet to self is handled the receiving record operational order corresponding to institute, for example, if the recording operation that receives instruction is to add record or write-off record instruction, then described being treated to according to the relevant parameter that is received generates an operation note, and is kept in the operation sheet of self; If the recording operation that receives instruction is the read operation recording instruction, the then described operation sheet link order parsing module 101 that self is preserved that is treated to; If the instruction of the recording operation that received is the protocol failure instruction, then described to be treated to according to relevant parameters be invalid with a certain record mark in the operation sheet.
Form in the module for three at above-mentioned pen recorder, safety and state management module 102 are optional, command analysis module 101 is after parsing obtains recording operation instruction and relevant parameters, can directly described recording operation instruction and relevant parameter be sent to recording operation module 103, and the legitimacy of terminal is not checked, also can realize the purpose of off line recording operation.
As previously mentioned, add, in the write-off record operation, pen recorder all will comprise adding record and write-off record, and be kept in the operation sheet of self according to the detailed generating run record of this operation.
Wherein, the described record that adds should comprise at least: data item such as action type, record value and operation sequence number, and wherein, it is to add recording operation that action type is used to identify this operation; Record value is used for being recorded in this numerical value that adds the record value that recording operation increases; The operation sequence number is used to write down the sequence number that this adds recording operation.Corresponding to a pen recorder, add record or write-off record operation at every turn and all have unique operation sequence number.
Under normal conditions, in order to promote the use of record value, the card issuer also can be provided with one and use the term of validity for the record value that each operation obtains, and the user only can use described record value in the term of validity of record value.At this moment, in method of the present invention, this adds the running time of recording operation also need to add in the record record at each.Like this, when the user carries out record value consumption, terminal just can add the running time of record according to each bar, thereby judge whether still before the deadline each bar adds record value that record writes down, and will be the invalid record that adds above the record mark that adds of the term of validity, thereby avoid the user to use record value out of date, ensured card issuer's interests fully.
In addition, because the method for the invention can realize the operation to record value on the terminal of off line, therefore, for fear of illegal user use invalid (for example, steal) terminal carries out the random recording operation that adds to pen recorder, and method of the present invention also needs and can invalid terminal be managed.
For invalid terminal is managed, the card issuer need set up a server all terminals are managed, when being used to add the adding record authentication security module and lost efficacy of record security management in certain terminal of discovering server, when for example stolen, server will write down this sign (ID) that adds record authentication security module in a blacklist of self-management and this adds the operation sequence number that record authentication security module effectively adds recording operation for the last time, and server also can regularly be issued to each terminal with described blacklist.So, each terminal all will be preserved the blacklist that a protocol failure adds record authentication security module, and this blacklist is writing down each invalid ID that adds record authentication security module and effectively adding the operation sequence number of recording operation for the last time.In addition, whether be by invalid terminal undertaken in order to judge one if adding record, also need add the ID that adds record authentication security module in the record every of described operation sheet and this adds two data item of operation sequence number of record authentication security module.The data item that adds in the record to be comprised that so obtains and the concrete implication of each data item are with as shown in table 1:
Data item | The data item explanation |
Action type | Add the recording operation type identification |
Record value | This adds the record value that recording operation increases |
The operation sequence number | The operation sequence number that adds recording operation |
Add ID number that writes down the authentication security module | When adding record, carry out the ID that adds record authentication security module of secure data authentication |
The operation sequence number that adds record authentication security module | Operation sequence number when adding record and the time carry out adding record authentication security module and carrying out this operation of secure data authentication |
Running time | Be used to judge the record value term of validity |
Table 1
By using the above-mentioned record that adds, when the user operated record value, the terminal that is used for subtracting record value was in that fetch recorder writes down after all add record, and whether just can judging each, to add record be the invalid record that adds.Concrete determination methods comprises:
At first, judge that according to the described running time that adds record whether the described record value that adds in the record has surpassed the term of validity, if surpassed the term of validity, then this adds and is recorded as the invalid record that adds; Otherwise, further judge that this adds adding in the record and writes down authentication security module I D and whether preserve in the blacklist at self, if, judge again whether this operation sequence number that adds record authentication security module that adds in the record adds the operation sequence number that record authentication security module effectively adds recording operation for the last time greater than this that is write down in the blacklist, if greater than, then this adds and is recorded as the invalid record that adds; In other cases, this adds record and is and effectively adds record.Like this, in method of the present invention, terminal is when carrying out write-off record operation, just can not calculate the invalid record value that adds record, only calculate the record value effectively add record and write down, thereby avoid using the invalid record authentication security module that adds that the situation that pen recorder illegally adds recording operation is occurred.
In technique scheme, terminal need not to network in real time with described server, only needs regularly to be connected on the server to upgrade described blacklist, and this regular Data Update ratio is easier to realize, and can bring bigger raising to operation cost.
The record of described write-off should comprise at least: action type, record value, disappear operate sequence number separately, data item such as the branch tail that disappears operation sequence number and the branch tail that disappears operation residue record value.Wherein, to be used to identify current operation of writing down be write-off record operation to action type; Record value is used for being recorded in the numerical value that the record value of deduction is operated in this write-off record; The parted hair that disappears is operated sequence number and is used to represent which this write-off record operation add start-of-record deduction record value from; The branch tail that disappears operation sequence number is used to represent which this write-off record operation deducts and add record; After the branch tail that disappears operation residue record value then is used to be illustrated in the record value of this consumption of deduction, add the remaining record value of record by the branch tail operation sequence number sign that disappears.The data item that is comprised in the described write-off record and the concrete implication of each data item are as shown in table 2:
Data item | The data item explanation |
Action type | Write-off record action type sign |
Record value | The record value that this operation is reduced |
Disappear and operate sequence number separately | Reduce the operation sequence number of record-header record |
The branch tail that disappears operation sequence number | Reduce the operation sequence number of record tail record |
The branch tail that disappears operation residue record value | Reduce the effective record value of residue in the record tail record |
Table 2
In the operating process of write-off record, at first terminal is from the effective the earliest start-of-record of pen recorder, record value in each bar record is gathered, calculate the total value of this pen recorder physical record value, and judge the record value whether total value calculated will consume greater than the user, if less than, then point out user record value deficiency, can't continue this write-off record operation; Otherwise, find a write-off record, the branch tail operation sequence number that disappears that wherein writes down is operated sequence number separately as disappearing of this write-off record operation note; If there is no go up a write-off record, the operation sequence number that then first is effectively added record is operated sequence number separately as disappearing of this write-off record operation; Find the branch tail operation note that disappears of this write-off record operation then according to the record value of this consumption, obtain the branch tail operation sequence number that disappears of current write-off record, and calculate the branch tail operation residue record value that disappears of current write-off record; After this, need that also the described parted hair that disappears is operated sequence number and be labeled as invalid record until each bar before the branch tail operation sequence number that disappears adds record.Wherein, disappear separately operate sequence number until the branch tail operation residue record value that disappears in the record value that the record value that each bar adds record in the branch tail operation sequence number that disappears adds up to this consumption and the branch tail record that disappears and.Remaining record value can remain valid when reduce next time according to circumstances.In order to effectively utilize the storage space of pen recorder more, in this write-off record operating process, be identified as the invalid record that adds, can be used for storing the operation note of follow-up generation again.
In order to realize the recording operation of off line, the present invention also provides and has used the system that above-mentioned pen recorder carries out the off line recording operation, mainly comprises: terminal and pen recorder.Wherein, described terminal is mainly used in and generates the recording operation instruction and send to described pen recorder; Described pen recorder is mainly used in the recording operation instruction that receives self terminal, and according to the recording operation instruction that is received respective handling is carried out in the operation note in the operation sheet that self is provided with.
As mentioned above, use invalid terminal that pen recorder is carried out the random recording operation that adds for fear of illegal user, system of the present invention also should comprise the server that invalid terminal is managed.Described server is used for the state that adds record authentication security module that each terminal of quantitative check is used to add the record security management, safeguard that is used for the blacklist that protocol failure adds record authentication security module, server also can regularly be issued to each terminal with described blacklist.Writing down the invalid sign (ID) that adds record authentication security module in the described blacklist and this adds the operation sequence number that record authentication security module effectively adds recording operation for the last time.
In system of the present invention, described server need not to be connected in real time all terminals, only in the moment of making an appointment the blacklist of self maintained is issued to each terminal and gets final product.This non real-time networking is easy to realize, nor can causes very big influence to the operation cost of system.
Is that example describe method that the operation sheet that utilize in IC-card carry out various recording operations with integrated circuit (IC) card as described pen recorder below by the preferred embodiments of the present invention.
Embodiment 1, adds recording operation.
Adding recording operation allows the holder to increase record value in IC-card.The described recording operation that adds must use and is positioned at the record authentication security module that adds that adds the record value terminal inner IC-card that adds record value is tested, and after checking is passed through, just can add recording operation.Detailed process may further comprise the steps as shown in Figure 2:
Step 201: terminal adds record initialization (INITIALIZE FORROYALTY CREDIT) instruction startup to the IC-card transmission and adds recording operation.
Described INITIALIZE FOR ROYALTY CREDIT instruction is used for initialization and adds recording operation, and its instruction each territory that message comprised sees Table 3.The data field of described INITIALIZE FORROYALTY CREDIT instruction message sees Table 4.The response message data field that this INITIALIZE FORROYALTY CREDIT instruction runs succeeded sees Table 5.The status code of the response message that this INITIALIZE FOR ROYALTY CREDIT instruction runs succeeded is " 9000 ".If carry out unsuccessful, then only need be in its response message loopback SW1 and SW2.Table 6 has been described the error condition of IC-card possibility loopback.
Code | Value |
CLA | E0 |
INS | 52 |
P1 | 00 |
P2 | 01 |
L
c | 0D |
Data | See Table 4 |
L
e | 09 |
Table 3
Wherein, CLA represents the instruction set that present instruction is affiliated; INS represents the order code of present instruction; P1 and P2 be the reference value of presentation directives's sign indicating number end respectively; L
cThe length of the follow-up field of expression present instruction; L
eThe length of expression response message.The definition of these fields and value meet the regulation of IC-card international norm ISO 7816.
Explanation | Length (byte) |
Add record value | 4 |
Cipher key index | 1 |
Add record authentication module ID | 8 |
Table 4
Explanation | Length (byte) |
Add the recording operation sequence number | 2 |
The key version | 1 |
The algorithm sign | 1 |
Pseudo random number (ICC) | 1 |
The first authentication of message sign indicating number | 4 |
Table 5
SW1 | SW2 | Explanation |
69 | 01 | Instruction is not accepted |
65 | 81 | EMS memory error |
69 | 85 | Service condition does not satisfy |
94 | 03 | Cipher key index is not supported |
94 | 02 | Operational counter arrives maximal value |
Table 6
Step 202: described IC-card is after receiving INITIALIZE FOR ROYALTY CREDIT instruction, handle this instruction, obtain the first authentication of message sign indicating number MAC1, and the described first authentication of message sign indicating number MAC1 is sent to described terminal by the response message that INITIALIZE FOR ROYALTY CREDIT instructs.
The described processing of this step specifically comprises:
Step 2021: check in the operation sheet of described IC-card whether can write new record, if can not, the status code of not accepting to described terminal link order " 6901 " then, and do not return other data, finish then; Otherwise, execution in step 2022.
Step 2022: check self whether to support the cipher key index that comprises in the described INITIALIZE FOR ROYALTYCREDIT instruction,, then return the status code " 9403 " of not supporting cipher key index, and do not return other data, finish then if do not support; Otherwise, execution in step 2023.
Step 2023: described IC-card produces pseudo random number ICC, a process key SESDK and the described first authentication of message sign indicating number MAC1, for the legitimacy that record authentication security module is verified this IC-card that adds in the described terminal.
Wherein, described process key SESCK will be used to the recording operation that adds of encrypting IC card, it is according to formula SESCK=3DES (3DES (DCK, DATA1), DATA2) produce, wherein, DCK be leave IC-card inside in add the record key, the DATA1 data comprise: pseudo random number ICC, add recording operation sequence number and 8000, the DATA2 data comprise: the ID that adds record authentication security module; 3DES is meant the DES computing of 3 double-lengths.
In this step, described IC-card acts on following data computation successively with process key SESCK and obtains the described first authentication of message sign indicating number MAC1:
---add the recording operation sequence number;
---add the recording operation type identification.
Step 203: behind the response message of receiving INITIALIZE FOR ROYALTY CREDIT instruction, described terminal adds record license request message to adding the record authentication module with transmission, and described add to write down in the license request message carry the first authentication of message sign indicating number MAC1.
In this step, if the status code of carrying in the response message of the INITIALIZE FOR ROYALTYCREDIT that IC-card returns instruction is not " 9000 ", illustrate that then IC-card has returned error condition, at this moment, terminal is with terminating operation.
Step 204: described add record authentication security module receive described add record license request message after, whether the first authentication of message sign indicating number MAC1 that checking is wherein carried effective.
In this step, the described record authentication security module that adds will generate identical process key SESCK by the method identical with IC-card, and the process key SESCK that is produced acted on successively add the recording operation sequence number and add the recording operation type identification, generate an authentication of message sign indicating number, and whether the authentication of message sign indicating number that relatively self generates is consistent with the described first authentication of message sign indicating number MAC1, if consistent, the first authentication of message sign indicating number MAC1 that is then received is effective, then, continue execution in step 205; Otherwise, return error message to terminal, in this case, terminal will take appropriate measures and handle.
In this step, if make add recording operation can not received condition, then add record authentication security module and can notify terminal, terminal also can take appropriate measures and handle.
Step 205: described add that record authentication security resume module received add the record license request, calculate one second authentication of message sign indicating number MAC2, and send and to add record and accept message to terminal, wherein, carry ID, operation sequence number and the described second authentication of message sign indicating number MAC2 that adds record authentication security module.
The described processing of this step is specially: after confirming to add recording operation, add record authentication security module and produce the described second authentication of message sign indicating number MAC2, check adding record authentication security module legitimacy for IC-card.
In this step, the described record authentication security module that adds acts on following data computation successively with process key SESCK and obtains the described second authentication of message sign indicating number MAC2:
---add the numerical value of record value;
---add the recording operation type identification;
---add the operation sequence number of record authentication security module;
---date of operation (terminal);
---the running time (terminal).
Step 206: described terminal receive described add recording operation and accept message after, send and add record (ROYALTY CREDIT FOR LOAD) instruction to described IC-card, make it add recording operation.
Described ROYALTY CREDIT FOR LOAD instruction is used to add record, and its instruction message sees Table 7.The data field of described ROYALTY CREDIT FOR LOAD instruction message sees Table 8.The response message data field that ROYALTY CREDIT FOR LOAD instruction runs succeeded sees Table 9.The status code that this instruction runs succeeded is ' 9000 '.If instruction is carried out unsuccessful, then only loopback SW1 and SW2 in response message.Table 10 has been described the error condition of IC-card possibility loopback.
Code | Value |
CLA | E0 |
INS | 50 |
P1 | 00 |
P2 | 00 |
L
c | 0F |
Data | See Table 8 |
L
e | 08 |
Table 7
Explanation | Length (byte) |
Add record authentication module operation sequence number | 4 |
Date of operation (terminal) | 4 |
Running time (terminal) | 3 |
MAC2 | 4 |
Table 8
Explanation | Length (byte) |
TAC | 4 |
Table 9
SW1 | SW2 | Explanation |
69 | 01 | (disarmed state) do not accepted in instruction |
65 | 81 | EMS memory error |
69 | 85 | Service condition does not satisfy |
93 | 02 | The authentication of message sign indicating number is invalid |
Table 10
Step 207: after receiving described ROYALTY CREDIT FOR LOAD instruction, described IC-card at first will be verified the validity of the described second authentication of message sign indicating number MAC2, if the described second authentication of message sign indicating number MAC2 is effectively, then continues execution in step 208; Otherwise, to the invalid error condition of described terminal returned packet identifying code, for example " 9302 ".
The method of the described checking second authentication of message sign indicating number MAC2 validity of this step is: described IC-card will act on the numerical value that adds record value successively from the process key SESCK that produces in step 202, add the recording operation type identification, add operation sequence number, date of operation, the running time of record authentication security module, produce an authentication of message sign indicating number, and whether the authentication of message sign indicating number that relatively self produces is consistent with the second authentication of message sign indicating number MAC2 that is received, if consistent, the second authentication of message sign indicating number MAC2 that is then received is effective; Otherwise the second authentication of message sign indicating number MAC2 that is received is invalid.
Step 208: described IC-card adds one and adds record in described operation sheet, and it is as shown in table 1 that this adds the data item that record comprises.
In this step, the mode that described IC-card can also be by covering the oldest invalid record is to save the shared space of described operation sheet.
In addition, described IC-card can also generate an operation signature TAC by application operating authenticate key DTK.This operation signature TAC will send to described terminal by the response message that adds recording instruction, and write the operation detail of terminal, carry out operation demonstration so that pass to server subsequently.Be to be used for each key element of generating run signature TAC below:
---add the numerical value of record value;
---add recording operation sequence number (before increasing);
---add the recording operation type identification;
---add record authentication security module I D;
---add record authentication security module operation sequence number;
---date of operation (terminal);
---the running time (terminal).
Embodiment 2, write-off record operation.
Described write-off record operation allows the holder to use the record value on the IC-card to carry out the record value exchange.This operation can off line be carried out.Write-off record operation requires to submit personal identification number (PIN) to thereby user's legitimacy is checked, detailed process after the PIN that described terminal check user submits to is accurate, will be carried out following steps as shown in Figure 3:
Step 301: terminal reads the operation sheet of storing in the IC-card, and according to write-off record operation subtract that the record value sum calculates that disappearing of this write-off record operation operated sequence number separately, the branch tail that disappears operation sequence number and the branch tail that disappears operation residue record value, making disappears operate sequence number separately until the branch tail operation residue record value that disappears in the record value that the record value that each bar adds record in the branch tail operation sequence number that disappears adds up to this consumption and the branch tail record that disappears and.
Step 302: terminal sends write-off record initialization (INITIALIZE FORROYALTY DEBIT) instruction to IC-card and starts write-off record operation.
Described INITIALIZE FOR ROYALTY DEBIT instruction is used for initialization write-off record operation.This instruction must could be carried out in the PIN verification succeeds.INITIALIZE FOR ROYALTYDEBIT instruction message sees Table 11.The data field of this instruction message sees Table 12.The response message data field that this instruction runs succeeded sees Table 13, and the status code that runs succeeded is " 9000 ".If instruction is carried out unsuccessful, then only need loopback SW1 and SW2 in response message.Table 14 has been described the error condition of IC-card possibility loopback.
Code | Value |
CLA | E0 |
INS | 50 |
P1 | 00 |
P2 | 01 |
L
c | 13 |
Data | See Table 12 |
L
e | 08 |
Table 11
Explanation | Length (byte) |
Cipher key index | 1 |
Subtract the record value sum | 4 |
Disappear and operate sequence number separately | 2 |
The branch tail that disappears operation sequence number | 2 |
The branch tail that disappears operation residue record value | 4 |
The terminating machine numbering | 6 |
Table 12
Explanation | Length (byte) |
Write-off record operation sequence number | 2 |
The key version | 1 |
The algorithm sign | 1 |
Pseudo random number (ICC) | 4 |
Table 13
SW1 | SW2 | Explanation |
69 | 01 | Instruction is not accepted |
65 | 81 | EMS memory error |
69 | 85 | Service condition does not satisfy |
94 | 03 | Cipher key index is not supported |
94 | 02 | Operational counter arrives maximal value |
94 | 01 | The amount deficiency |
6A | 83 | Do not find record |
Table 14
Step 303: after described IC-card is received INITIALIZE FOR ROYALTY DEBIT instruction, handle the INITIALIZE FOR ROYALTY DEBIT instruction that is received, and result is sent to described terminal by the response message of INITIALIZE FOR ROYALTY DEBIT instruction.
The described processing of this step specifically may further comprise the steps:
Step 3031: the parted hair that disappears in the checked operation record sheet is operated sequence number and whether the pairing record of branch tail operation sequence number that disappears exists, and if there is no, returns the status code " 6A83 " that does not find record, and does not return other data, finishes then; Otherwise, execution in step 3032.
Step 3032: disappear in the checked operation record sheet separately operate sequence number and the effective record between the branch tail operation sequence number of disappearing in the record value sum whether more than or equal to subtracting the record value sum and the branch tail operation residue record value sum that disappears, if not, then return the status code " 9401 " of amount deficiency, and do not return other data, finish then; Otherwise, execution in step 3033.
Step 3033: check the cipher key index that comprises in self whether supporting to instruct,, then return the status code " 9403 " of not supporting cipher key index, and do not return other data, finish then if do not support; Otherwise, produce a pseudo random number ICC and a process key SESDK.
Wherein, described process key SESDK will be used to write-off record operation, by following formula SESDK=3EDS (DDK, DATA) produce, wherein, DDK is the write-off record key that leaves in the IC-card, and the DATA data comprise: the rightest two bytes of pseudo random number ICC, write-off record operation sequence number, terminal operation sequence number ERC, 3DES is meant the DES computing of 3 double-lengths.
Step 304: described terminal is behind the response message that receives described INITIALIZE FOR ROYALTYDEBIT instruction, send write-off record (DEBIT FOR ROYALTY) and instruct described IC-card, and in described DEBIT FOR ROYALTY instruction, carry self and calculate the first authentication of message sign indicating number MAC1 that produces.
In this step, described terminal at first adopts the method generative process key identical with described IC-card, and the process key that is generated is acted on following data computation successively obtains the first authentication of message sign indicating number MAC1:
---subtract the sum of record value;
---write-off record startup operation sequence number;
---write-off record end operation sequence number;
---end operation sequence number record residue record value;
---write-off record action type sign;
---the terminating machine numbering;
---date of operation (terminal);
---the running time (terminal).
Described DEBIT FOR ROYALTY instruction is used to subtract record value, and its instruction message sees Table 15; The data field of instruction message sees Table 16; The response message data field that this instruction runs succeeded sees Table 17, and the status code that runs succeeded is " 9000 ".If instruction is carried out unsuccessful, then only loopback SW1 and SW2 in response message.Table 18 has been described the error condition of IC-card possibility loopback.
Code | Value |
CLA | E0 |
INS | 54 |
P1 | 00 |
P2 | 01 |
L
c | 0F |
Data | See Table 12 |
L
e | 08 |
Table 15
Explanation | Length (byte) |
The terminal operation sequence number | 4 |
Date of operation (terminal) | 4 |
Running time (terminal) | 3 |
MAC1 | 4 |
Table 16
Explanation | Length (byte) |
TAC | 4 |
MAC2 | 4 |
Table 17
SW1 | SW2 | Explanation |
69 | 01 | (disarmed state) do not accepted in instruction |
65 | 81 | EMS memory error |
69 | 85 | Service condition does not satisfy |
67 | 00 | Size error |
93 | 02 | MAC is invalid |
Table 18
Step 305: described IC-card is at first verified the validity of the described first authentication of message sign indicating number MAC1, and carries out write-off record operational processes after being proved to be successful.
Particularly, after described IC-card is being verified the described first authentication of message sign indicating number MAC1, described IC-card at first acts on the sum that subtracts record value successively with the process key SESDK that self produces, write-off record startup operation sequence number, write-off record end operation sequence number, end operation sequence number record residue record value, write-off record action type sign, the terminating machine numbering, date of operation, running time, generate an authentication of message sign indicating number, and judge whether the authentication of message sign indicating number that self produces is consistent with the first authentication of message sign indicating number MAC1 that is received, if it is consistent, the first authentication of message sign indicating number MAC1 that is then received is effective, carries out write-off record operational processes then; Otherwise, to the invalid status code " 9302 " of described terminal returned packet identifying code.
Described write-off record operational processes specifically comprises: described IC-card will subtract the record mark that record value startup operation sequence number plays before the write-off record end operation sequence number in described operation sheet be invalid, and increasing a new write-off record, the data item that described write-off record is comprised is as shown in table 2.Need to prove, described IC-card must successfully finish above the institute in steps or one do not finish yet.
Simultaneously, one second authentication of message sign indicating number MAC2 of described IC-card generation carries out validity checking for the point of sales terminal secure access module (PSAM, Purchase Secure Access Module) in the terminal to IC-card.MAC2 is included in from IC-card and is sent to the DEBITFOR ROYALTY commanded response message of PSAM by terminal.As the input of calculating MAC2, write-off record key DDK acts on these data and carries out MAC2 calculating:
---subtract the sum of record value;
---write-off record startup operation sequence number;
---write-off record end operation sequence number;
---end operation sequence number record residue record value.
In addition, the application operating authenticate key DTK of IC-card also will produce an operation signature TAC.Described operation signature TAC will send to described terminal by the response message of DEBIT FOR ROYALTY instruction, and will be written into the operation detail of terminal, carry out operation demonstration so that pass to main frame afterwards.Be with the key element that generates described operation signature TAC below:
---the sum of write-off record;
---write-off record startup operation sequence number;
---write-off record end operation sequence number;
---end operation sequence number record residue record value;
---the action type sign;
---the terminating machine numbering;
---the terminal operation sequence number;
---date of operation;
---the running time.
Step 306: described terminal is submitted the validity of the second wherein entrained authentication of message sign indicating number MAC2 of PSAM checking to after the response message that receives DEBIT FOR ROYALTY instruction, if effectively, the IC-card that IC is legal then is described, otherwise IC is illegal IC-card.
Determine to take after described IC-card is illegal IC-card measures necessary that illegal IC-card is handled in terminal.
Embodiment 3, the protocol failure operation.
It is that invalid record marks with being determined in the IC-card operation sheet that described protocol failure operation allows terminal.This operation must be carried out having on the terminal that adds record authentication security module blacklist, and wherein, the described record authentication security module records that adds the invalid ID that adds record authentication security module and the operation sequence number of last valid function thereof.The holder must submit to PIN to finish the protocol failure operation.As shown in Figure 4, described protocol failure operate in PIN that the terminal check user imported accurate after, carry out following steps:
Step 401: terminal sends protocol failure (ROYALTY DATA INVALID) instruction to IC-card and starts the protocol failure operation.
Described ROYALTY DATA INVALID instruction is used for the record mark of operation sheet is become invalid, and the record that is marked as after invalid can not revert to effective record, and the record value in the record no longer enters the record value sum and calculates.This instruction must could be carried out in the PIN verification succeeds.Described ROYALTY DATA INVALID instruction message sees Table 19.The data field of this instruction message sees Table 20.The response message data field that this instruction runs succeeded does not exist, and the status code that runs succeeded is " 9000 ".If instruction is carried out unsuccessful, then only loopback SW 1 and SW2 in response message.Table 21 has been described the error condition of IC-card possibility loopback.
Code | Value |
CLA | E0 |
INS | 54 |
P1 | 00 |
P2 | 01 |
L
c | 02 |
Data | See Table 20 |
L
e | Do not exist |
Table 19
Explanation | Length (byte) |
The operation sequence number | 2 |
Table 20
SW1 | SW2 | Explanation |
69 | 01 | (disarmed state) do not accepted in instruction |
65 | 81 | EMS memory error |
69 | 85 | Service condition does not satisfy |
67 | 00 | Size error |
93 | 02 | MAC is invalid |
Table 21
Step 402: after described IC-card is received ROYALTY DATA INVA LID instruction, handle ROYALTY DATA INVALID instruction, comprise search with described ROYALTYDATA INVALID instruction in the record of entrained operation sequence number coupling, with record mark is invalid, then result is returned to terminal.
Except can realizing above-mentioned application, IC-card is being added, subtracting in the process of record value, also should allow the user to read operation sheet in the IC-card.Generally, the operation sheet that reads in the IC-card can use the mode that reads of cycle index file to carry out, and must submit to PIN just can carry out.
In addition, in the above-described embodiments, described IC-card must can be in operational processes in any case, or even under the situation of power down in upgrading electricallyerasable ROM (EEROM) (EEPROM) process, keep the integrality of data.This just need more back up data before the new data at every turn, and automatically triggers Restoration Mechanism after powering up again.
In a preferred embodiment of the invention, issue instruction of IC-card when realizing adding record or write-off record operation in terminal, IC-card always loopback authentication of message sign indicating number MAC upgrades with proof and to take place or/and operation signature TAC.
IC-card must more calculate authentication of message sign indicating number MAC or/and operation signature TAC before the new record, in case record upgrades successfully, must guarantee that described terminal can authenticate (GETTRANSCTION PROVE) instruction by extract operation and obtains this authentication of message sign indicating number MAC or/and operate signature TAC.
If finish in the instruction executed, and terminal is not received also before the response that IC-card is extracted suddenly, terminal will be in the indeterminate state of not knowing whether IC-card upgrades.In this case, terminal should be responsible for recovering with GET TRANSACTION PROVE instruction.
If extracted suddenly when IC-card is being handled, terminal should remind the holder to insert IC-card again.Terminal will check that card issuer sign and application sequence number are with the IC-card of confirming insertion and the IC-card extracted previously the same card whether afterwards.If the same card, terminal is sent GETTRANSACTION PROVE instruction.If authentication of message sign indicating number MAC is or/and operation signature TAC returns, terminal is that complete operation is handled; If MAC illustrates that then the record in the IC-card is not modified or/and TAC can't loopback.Operation can restart with suitable initialization directive.
Need to prove that in addition in carrying out the aforesaid operations process, IC-card always is in one of certain state, under a kind of state, has only some instruction to carry out.The state that IC-card has has: idle condition, add recording status, write-off record state.
After operation is selected to finish, IC-card will at first enter idle condition.When IC-card was received an instruction from terminal after, it must check whether current state allows.After instruction completed successfully, IC-card was according to entering another state shown in the table 22 or still remaining on same state.If instruction does not have successful execution, IC-card enters idle condition.
Table 22 has illustrated the state variation after the instruction successful execution.First line description current state of instruction IC-card when sending, first row have been described the instruction of sending, and whole table provided the state after instruction runs succeeded.
It is invalid that dash area is pointed out to instruct when IC-card is in corresponding state, and in this case, IC-card does not execute instruction, and responds terminal and instruct not receive status sign indicating number " 6901 ".Because instruction can not successful execution, result phase is idle.
Table 22
Need to prove in addition, though all being example with the IC-card, above preferred embodiment describes, pen recorder of the present invention is not limited to IC-card, it can also be other smart card with memory function, in addition, recording operation method of the present invention also can be applied to except that IC-card other and has in the various intelligent cards of memory function.