TWI410873B - Secure access module (SAM card) authentication method - Google Patents

Secure access module (SAM card) authentication method Download PDF

Info

Publication number
TWI410873B
TWI410873B TW98141287A TW98141287A TWI410873B TW I410873 B TWI410873 B TW I410873B TW 98141287 A TW98141287 A TW 98141287A TW 98141287 A TW98141287 A TW 98141287A TW I410873 B TWI410873 B TW I410873B
Authority
TW
Taiwan
Prior art keywords
card
user
sam
pin
determine whether
Prior art date
Application number
TW98141287A
Other languages
Chinese (zh)
Other versions
TW201120759A (en
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW98141287A priority Critical patent/TWI410873B/en
Publication of TW201120759A publication Critical patent/TW201120759A/en
Application granted granted Critical
Publication of TWI410873B publication Critical patent/TWI410873B/en

Links

Abstract

An authentication method for security access module card enables a card manager to calculate an unblock PIN code, based on an user card number of a user, using an algorithm in SAM card under offline condition, and further obtain an authority for changing password, unblocking under offline condition and the like. The present invention utilizes a card control of SAM card so that a user PIN and the unblock PIN of a user card can be unlocked with security when the user card is offline from a card management center. The present invention not only keeps the security but also further provides convenience.

Description

安全存取模組(SAM卡)認證方法Secure access module (SAM card) authentication method

本發明係關於一種安全存取模組(SAM卡)認證方法,特別係指於SAM卡產製過程中將可供SAM卡管理人員控管卡片操作的權限認證資訊,以及可用來計算出此用戶卡的Unblock PIN的SAM APPLET(係指一種小應用程序)寫入SAM卡中之技術。The invention relates to a security access module (SAM card) authentication method, in particular to the authority authentication information that can be used by the SAM card management personnel to control the card operation in the SAM card production process, and can be used to calculate the user. The SAM APPLET (referred to as a small application) of the card's Unblock PIN is written into the SAM card.

目前習用之SAM卡,在關於用戶私人認證碼(User PIN)遺忘或被鎖住時,若想要開啟解鎖,必須電話或網路連線至遠端的卡管中心,才能以人工的方式,對用戶的SAM卡進行確認其來源與使用狀態;這種開啟解鎖的方式,不僅對卡管中心的操作人員與電腦管制不易,對於用戶而言,則必須確保連線狀態才能進行相關解碼作業。Currently used SAM card, when the user's private authentication code (User PIN) is forgotten or locked, if you want to unlock, you must connect to the remote card management center by phone or network, in order to manually The user's SAM card is confirmed by its source and usage status; this way of opening and unlocking is not only difficult for the operator of the card management center and the computer to control, but for the user, the connection state must be ensured to perform related decoding operations.

然而,本方法係利用SAM卡本身寫入之應用程式,來解鎖用戶卡之鎖卡解碼(Unblock PIN),對用戶卡直接作User PIN的變更,以直接更換新的User PIN的方式,而達到鎖卡之解碼。However, the method uses the application written by the SAM card itself to unlock the unlock card of the user card (Unblock PIN), and directly changes the User PIN of the user card to directly replace the new User PIN. The decoding of the lock card.

由此可見,上述習用方式仍有諸多不足,實非一良善之設計,而亟待加以改良。It can be seen that there are still many shortcomings in the above-mentioned methods of use. It is not a good design and needs to be improved.

本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本件一種安全存取模組(SAM卡)認證方法。In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, he finally successfully developed a secure access module (SAM card) authentication method.

本發明的主要目的係在於提供一種卡片解鎖時,不須連線至遠端卡管中心的方法,讓有權限的人員可在離線環境下使用安全存取模組(SAM卡)取得卡片讀寫權限之目的。The main object of the present invention is to provide a method for unlocking a card without connecting to a remote card tube center, so that a authorized person can use the secure access module (SAM card) to obtain card reading and writing in an offline environment. The purpose of the permission.

本發明的次一目的係在於提供一種以SAM卡作為安全控管方法,提升了維運管理之便利性之目的。The second object of the present invention is to provide a SAM card as a security control method, which improves the convenience of maintenance management.

本發明的又一目的係在於提供一種利用SAM卡本身寫入之應用程式,來解鎖用戶卡之Unblock PIN,對用戶卡直接作User PIN的變更,以直接更換新的User PIN的方式,而達到鎖卡之解碼。Another object of the present invention is to provide an application that is written by the SAM card itself to unlock the Unblock PIN of the user card, and directly change the User PIN of the user card to directly replace the new User PIN. The decoding of the lock card.

可達成上述發明目的之一種安全存取模組(SAM卡)認證方法,係於SAM卡產生製造的過程中,將可供SAM卡管理人員,將控管卡片操作的權限認證資訊,以及可用來計算出此用戶卡的Unblock PIN的SAM APPLET(係指一種小應用程序)寫入SAM卡中;本方法亦包含利用SAM卡解鎖用戶卡之解鎖流程,對用戶卡之卡片做User PIN的變更,而達到鎖卡解除或其他卡片管理功能。A security access module (SAM card) authentication method capable of achieving the above object of the invention, in the process of manufacturing the SAM card, the SAM card management personnel, the authority authentication information for controlling the card operation, and the information available for The SAM APPLET (referred to as a small application) for calculating the Unblock PIN of the user card is written into the SAM card; the method also includes the process of unlocking the user card by using the SAM card, and changing the User PIN of the card of the user card. And achieve lock card release or other card management functions.

請參閱圖一所示,為本發明一種安全存取模組(SAM卡)認證方法之產製流程圖,包含:步驟一:產生一組唯一之卡片序號101,其係透過一系統連結至卡片資料庫,取得最新之卡片流水號並編出唯一之卡號;步驟二:判斷是否卡號產生成功102;若成功則將卡號寫入卡片103;若失敗則返回系統錯誤訊息104並結束流程;步驟三:判斷是否卡號寫入卡片成功105;若成功則接續步驟四;若失敗則返回卡片錯誤訊息106並結束流程;步驟四:接著利用此卡片序號根據SAM卡之演算法計算出此用戶卡的User PIN與Unblock PIN 107;步驟五:判斷是否成功取得資訊108;若成功則接續步驟六;若失敗則若失敗則返回系統錯誤訊息104並結束流程;步驟六:將卡片序號、User PIN,以及Unlock PIN等資訊寫入卡片中109;步驟七:判斷是否成功寫入資訊110;若成功寫入,空白用戶憑證卡已經順利產製完成,此時更可以連接至卡片資料庫111;若失敗則返回卡片錯誤訊息106並結束流程;步驟八:判斷是否成功更新狀態112;若成功則更新卡片狀態為製卡成功,並結束流程;若失敗則返回卡片錯誤訊息106並結束流程。Please refer to FIG. 1 , which is a flowchart of a security access module (SAM card) authentication method according to the present invention. The method includes the following steps: Step 1: generate a unique card serial number 101, which is connected to the card through a system. The database, obtain the latest card serial number and compile the unique card number; Step 2: judge whether the card number is successful 102; if successful, write the card number to the card 103; if it fails, return the system error message 104 and end the process; : Determine whether the card number is successfully written to the card 105; if successful, proceed to step 4; if it fails, return the card error message 106 and end the process; Step 4: Then use the card serial number to calculate the user of the user card according to the algorithm of the SAM card PIN and Unblock PIN 107; Step 5: Determine whether the information 108 is successfully obtained; if successful, continue with step 6; if it fails, return system error message 104 and end the process; Step 6: Card number, User PIN, and Unlock The PIN and other information is written into the card 109; Step 7: Determine whether the information 110 is successfully written; if successfully written, the blank user credential card has been successfully After the production is completed, the card database 111 can be connected to the card database 111; if it fails, the card error message 106 is returned and the process ends; step 8: whether the status 112 is successfully updated; if successful, the card status is successful for card production, and ends. Flow; if it fails, it returns a card error message 106 and ends the process.

請參閱圖二所示,為本發明一種安全存取模組(SAM卡)認證方法之卡片產製示意圖:係由一空白SAM卡(白卡10)在初始化,經過授權後,會寫入可供SAM卡管理人員控管卡片操作的權限認證資訊,並寫入SAM Applet至卡片中,即完成SAM卡11的發卡作業。Please refer to FIG. 2, which is a schematic diagram of a card production method for a secure access module (SAM card) authentication method according to the present invention: it is initialized by a blank SAM card (white card 10), and is written after being authorized. The SAM card management personnel controls the authority authentication information of the card operation, and writes the SAM Applet to the card, that is, completes the card issuing operation of the SAM card 11.

其中該SAM卡係採用符合Global Platform v2.1.1、Java CardTM 2.2或其他規格之晶片卡。Wherein the SAM card system used in line with Global Platform v2.1.1, Java Card TM 2.2 specifications or other chip card.

請參閱圖三所示,為本發明一種安全存取模組(SAM卡)認證方法之解鎖流程圖,係當用戶卡的User PIN遺忘、被鎖住或其他資訊要更新或查詢時,可藉SAM卡認證方法取得適當權限,包含:步驟一:可藉由讀卡機讀取用戶卡卡號或是提供一卡號輸入介面,將用戶卡卡號傳送至SAM卡301;步驟二:判斷是否成功取得卡號302;若成功則接續步驟三;若失敗則返回卡片錯誤訊息304並結束流程;步驟三:SAM卡即可利用此用戶卡卡號與內建的SAM Applet計算出此用戶卡的Unblock PIN 303,再通過認證取得權限,對用戶卡卡片作User PIN的變更,而達到解鎖卡功能;其中,該步驟三更包含:通過User PIN認證,更可以對用戶卡卡片做金鑰產製、憑證寫入等作業,以及可顯示卡內金鑰對、憑證內容、數量及其他可辨識資料,以確認卡片來源與狀態;步驟四:判斷是否成功取得資訊305,是則更新卡片狀態306;否則返回系統錯誤訊息307並結束流程;步驟五:判斷是否成功更新狀態308,是則結束流程;否則返回卡片錯誤訊息304並結束流程。Please refer to FIG. 3 , which is an unlocking flowchart of a security access module (SAM card) authentication method according to the present invention. When the user PIN of the user card is forgotten, locked, or other information is to be updated or inquired, The SAM card authentication method obtains appropriate rights, including: Step 1: The user card number can be read by the card reader or a card number input interface is provided, and the user card number is transmitted to the SAM card 301; Step 2: Determine whether the card number is successfully obtained. 302; if successful, continue with step 3; if it fails, return card error message 304 and end the process; step 3: SAM card can use this user card number and built-in SAM Applet to calculate the Unblock PIN 303 of the user card, and then By obtaining the authority of the authentication, the user card is changed by the User PIN, and the unlocking card function is achieved; wherein the third step includes: through the User PIN authentication, the key card production, the certificate writing, etc. can be performed on the user card card. Homework, and can display the key pair, voucher content, quantity and other identifiable data to confirm the card source and status; Step 4: Determine whether the information is successfully obtained 305, yes Updating a card state 306; otherwise the system returns 307 an error message and terminates the process; Step Five: Success is determined whether the update state 308, a flow is ended; otherwise, an error message card 304 and ends the process.

本發明所提供之一種安全存取模組(SAM卡)認證方法,與其他習用技術相互比較時,更具備下列優點:The security access module (SAM card) authentication method provided by the present invention has the following advantages when compared with other conventional technologies:

1.本發明可提供用戶鎖卡時,洽任一經授權的卡務管理中心以SAM卡解鎖用戶卡。1. The present invention can provide a user lock card, and contact any authorized card management center to unlock the user card with the SAM card.

2.本發明為確保用戶之權益,卡務管理中心以SAM卡作為解鎖工具比利用軟體方式解鎖更為安全。2. In order to ensure the user's rights and interests, the card management center uses the SAM card as an unlocking tool to be safer than using the software to unlock.

3.舉凡有關於密碼驗證、身分證驗證、需驗卡或解鎖功能者,皆可使用本發明。3. The invention can be used in any case of password verification, identity verification, card verification or unlocking.

上列詳細說明係針對本發明之一可行實施例之具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

綜上所述,本案不但在技術思想上確屬創新,並能較習用物品增進上述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also able to enhance the above-mentioned multiple functions compared with conventional articles. It should fully comply with the statutory invention patent requirements of novelty and progressiveness, and apply in accordance with the law. I urge you to approve this article. Invention patent application, in order to invent invention, to the sense of virtue.

10...白卡10. . . White card

11...SAM卡11. . . SAM card

圖一為本發明一種安全存取模組(SAM卡)認證方法之產製流程圖;1 is a flow chart of a production method of a secure access module (SAM card) authentication method according to the present invention;

圖二為本發明一種安全存取模組(SAM卡)認證方法之卡片產製示意圖;2 is a schematic diagram of card production of a secure access module (SAM card) authentication method according to the present invention;

圖三為本發明一種安全存取模組(SAM卡)認證方法之解鎖流程圖。FIG. 3 is a flowchart of unlocking a secure access module (SAM card) authentication method according to the present invention.

10...白卡10. . . White card

11...SAM卡11. . . SAM card

Claims (3)

一種安全存取模組(SAM卡)認證方法,其主要包含有一產製流程以及一解鎖流程,係在離線狀態下,根據用戶卡卡號,利用SAM卡中的演算法計算出用戶卡之鎖卡解碼(Unblock PIN),進而在離線狀況取得更改密碼、鎖卡解碼等權限;其中該產製流程包含:步驟一:產生一組唯一之卡片序號,其係透過一系統連結至卡片資料庫,取得最新之卡片流水號並編出唯一之卡號;步驟二:判斷是否卡號產生成功;若成功則將卡號寫入卡片;若失敗則返回系統錯誤訊息,並結束流程;步驟三:判斷是否卡號寫入卡片成功;若成功則接續步驟四;若失敗則返回卡片錯誤訊息,並結束流程;步驟四:接著利用此卡片序號根據SAM卡之演算法計算出此用戶卡的User PIN與Unblock PIN;步驟五:判斷是否成功取得資訊;若成功則接續步驟六;若失敗則若失敗則返回系統錯誤訊息並結束流程;步驟六:將卡片序號、User PIN,以及Unlock PIN等資訊寫入卡片中;步驟七:判斷是否成功寫入資訊;若成功寫入,空白用戶憑證卡已經順利產製完成,此時更可以連接至卡片資料庫;若失敗則返回卡片錯誤訊息,並結束流程;步驟八:判斷是否成功更新狀態;若成功則更新卡片狀態為製卡成功,並結束流程:若失敗則返回卡片錯誤訊息,並結束流程;其中該解鎖流程,包含: 步驟一:可藉由讀卡機讀取用戶卡卡號或是提供一卡號輸入介面,將用戶卡卡號傳送至SAM卡;步驟二:判斷是否成功取得卡號;若成功則接續步驟三;若失敗則返回卡片錯誤訊息,並結束流程;步驟三:SAM卡即可利用此用戶卡卡號與內建的SAMApplet計算出此用戶卡的Unblock PIN,再通過認證取得權限,對用戶卡卡片作User PIN的變更,而達到解鎖卡功能;步驟四:判斷是否成功取得資訊,是則更新卡片狀態;否則返回系統錯誤訊息,並結束流程;步驟五:判斷是否成功更新狀態,是則結束流程;否則返回卡片錯誤訊息,並結束流程。 A security access module (SAM card) authentication method, which mainly comprises a production process and an unlocking process, and is offline, according to the user card number, using the algorithm in the SAM card to calculate the lock card of the user card Deblocking (Unblock PIN), and then obtaining the permission to change the password and the card decoding in the offline state; wherein the production process includes: Step 1: generating a unique card serial number, which is obtained by linking to the card database through a system. The latest card serial number and the unique card number; Step 2: Determine whether the card number is successful; if successful, write the card number to the card; if it fails, return the system error message and end the process; Step 3: Determine whether the card number is written The card succeeds; if successful, it continues with step 4; if it fails, it returns a card error message and ends the process; step 4: then uses the card serial number to calculate the User PIN and Unblock PIN of the user card according to the algorithm of the SAM card; : Determine whether the information is successfully obtained; if successful, continue with step 6; if it fails, return a system error message and end the flow. Step 6: Write the card serial number, User PIN, and Unlock PIN information into the card; Step 7: Determine whether the information is successfully written; if successfully written, the blank user credential card has been successfully produced, at this time Can connect to the card database; if it fails, return the card error message and end the process; Step 8: Determine whether the status is successfully updated; if successful, update the card status to successful card-making, and end the process: If it fails, return a card error message And ending the process; where the unlocking process includes: Step 1: The user card number can be read by the card reader or a card number input interface can be provided, and the card number of the user card can be transmitted to the SAM card; Step 2: determine whether the card number is successfully obtained; if successful, continue with step 3; Return the card error message and end the process; Step 3: The SAM card can use the user card number and the built-in SAMApplet to calculate the Unblock PIN of the user card, and then obtain the permission through the authentication, and change the User PIN of the user card. And reach the unlock card function; Step 4: Determine whether the information is successfully obtained, then update the card status; otherwise, return the system error message and end the process; Step 5: Determine whether the status is successfully updated, then the process ends; otherwise, the card error is returned. Message and end the process. 如申請專利範圍第1項所述之一種安全存取模組(SAM卡)認證方法,其中該演算法為SAM APPLET,其係於卡片產製時寫入之小應用程式。 A security access module (SAM card) authentication method according to claim 1, wherein the algorithm is SAM APPLET, which is a small application written during card production. 如申請專利範圍第4項所述之一種安全存取模組(SAM卡)認證方法,其中步驟三更包含:通過User PIN認證,更可以對用戶卡卡片做金鑰產製、憑證寫入等作業,以及可顯示卡內金鑰對、憑證內容、數量,以及其他可辨識資料,以確認卡片來源與狀態。For example, the method for authenticating a security access module (SAM card) according to claim 4, wherein the third step further comprises: through the User PIN authentication, the key card production, the voucher writing, etc. Jobs, as well as the ability to display in-card key pairs, voucher content, quantity, and other identifiable data to confirm card source and status.
TW98141287A 2009-12-03 2009-12-03 Secure access module (SAM card) authentication method TWI410873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98141287A TWI410873B (en) 2009-12-03 2009-12-03 Secure access module (SAM card) authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98141287A TWI410873B (en) 2009-12-03 2009-12-03 Secure access module (SAM card) authentication method

Publications (2)

Publication Number Publication Date
TW201120759A TW201120759A (en) 2011-06-16
TWI410873B true TWI410873B (en) 2013-10-01

Family

ID=45045293

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98141287A TWI410873B (en) 2009-12-03 2009-12-03 Secure access module (SAM card) authentication method

Country Status (1)

Country Link
TW (1) TWI410873B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI632508B (en) * 2017-07-31 2018-08-11 中華電信股份有限公司 Multi-card integrated chip card application sharing authentication method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200727655A (en) * 2006-01-10 2007-07-16 Far East College An verification method of smart card
TW200813872A (en) * 2006-03-17 2008-03-16 Mastercard International Inc Techniques for transaction adjustment
TW200842753A (en) * 2007-04-23 2008-11-01 Rfcyber Corp Method and apparatus for providing e-commerce and m-commerce

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200727655A (en) * 2006-01-10 2007-07-16 Far East College An verification method of smart card
TW200813872A (en) * 2006-03-17 2008-03-16 Mastercard International Inc Techniques for transaction adjustment
TW200842753A (en) * 2007-04-23 2008-11-01 Rfcyber Corp Method and apparatus for providing e-commerce and m-commerce

Also Published As

Publication number Publication date
TW201120759A (en) 2011-06-16

Similar Documents

Publication Publication Date Title
US11664996B2 (en) Authentication in ubiquitous environment
CN101375259B (en) Data security system
CN111711520A (en) Authentication in ubiquitous environments
CN104104672A (en) Method for establishing dynamic authorization code based on identity authentication
JP2004013744A (en) Issuing system for digital content and issuing method
US20080120726A1 (en) External storage device
JPWO2005117336A1 (en) Parent-child card authentication system
US20060049243A1 (en) Ic card, terminal device, and data communications method
CN101950342B (en) Device and method for managing access control permission of integrated circuit card
JP2010518499A (en) Method for authenticating access to at least one automated component of an industrial facility
CN103154965B (en) Manage the method, apparatus and system that the user to file system accesses safely
CN110096459A (en) Data storage device, data processing system, with system and data processing method
CN104104671B (en) Establish the unified dynamic authorization code system of business entity's account
CN101765821B (en) Fingerprint reader resetting system and method
TWI410873B (en) Secure access module (SAM card) authentication method
KR20100011861A (en) Method for finance transaction using an imagination account and system thereof
CN103198241B (en) A kind of safety management method for software license
CN102289613A (en) Liquid crystal universal serial bus (USB) Key equipment capable of identifying fingerprint
CN207458057U (en) A kind of PKI system ID authentication devices based on fingerprint identification technology
CN108595962B (en) POS machine terminal decoding base authorization code checking method
EP3563327A1 (en) Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone
CN107947934A (en) The fingerprint recognition Verification System and method of mobile terminal based on banking system
JP4885168B2 (en) External media control method, system and apparatus
CN111815821B (en) IC card security algorithm applied to intelligent door lock
JP2010160765A (en) System lsi and debugging method thereof

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees