CN100409245C - Method for implementing PKI application of bank card on computer - Google Patents
Method for implementing PKI application of bank card on computer Download PDFInfo
- Publication number
- CN100409245C CN100409245C CNB2006100791253A CN200610079125A CN100409245C CN 100409245 C CN100409245 C CN 100409245C CN B2006100791253 A CNB2006100791253 A CN B2006100791253A CN 200610079125 A CN200610079125 A CN 200610079125A CN 100409245 C CN100409245 C CN 100409245C
- Authority
- CN
- China
- Prior art keywords
- card
- bank card
- certificate
- authentication
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 17
- 230000007246 mechanism Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention discloses a realizing method of PKI application by a bank card on a computer. With the characteristics of high security that a built-in microprocessor in a bank card can carry out cipher operation and universality of use of the built-in microprocessor, a bank card is applied to a computer information security field to authenticate the authenticity of the identity of a computer user. Data is prevented from being juggled illegally or transmitted falsely in the process of transmission, important transaction information is prevented from being disavowed, authenticity and validity of the data is ensured, and information security of the computer is enhanced.
Description
Technical field
The present invention relates to the implementation method that a kind of bank card multi-usage is used, relate in particular to a kind of bank card and make the implementation method that PKI uses on computers.
Background technology
Along with bank card extensively development fast in the world, in order to reduce growing puppet card risk of fraud, many transnational financial institutions such as EUROPAY, VISA and MASTERCARD etc. have formulated the magnetic stripe card of existing debit card, credit card have been used the plan of changing to smart card.Bank card after the conversion has very high security, its inside is embedded with microprocessor, has arithmetic capability, can carry out various encrypting and decrypting computings, employing prevents the safe processor of physical attacks and logical attack, and it is very difficult therefore cracking and duplicate this kind bank card.And, this kind bank card is taked three layers of authentication mechanism, be to have the card digital certificate that the credit card issuer digital certificate signed and issued at the CA center and credit card issuer are signed and issued in the card, need have very big security advantages than magnetic stripe card by three layers of authentication mechanism of CA center checking credit card issuer, credit card issuer checking card, card public key verifications information during checking.Simultaneously, this kind card has been taked corresponding security strategy respectively at the different characteristics of on-line transaction and offline transaction, i.e. symmetric key algorithm and asymmetric key algorithm are guaranteed the high security and the non-repudiation of each bargain link.
Along with the develop rapidly of ecommerce, Web bank and online secorities trading, the safety issue of internet attracts people's attention.Want really to realize the safety of interconnected online transaction and information transmission, just must satisfy four big requirements of confidentiality, authenticity, integrality, non repudiation.Utilization PKI technology implementation makes up complete encryption, signature system, can solve above-mentioned four problems effectively, under the prerequisite of realization resource sharing that makes full use of internet, truly guarantees the safety that online transaction and information are transmitted.
PKI is the abbreviation of " Public Key Infrastructure ", means " Public Key Infrastructure ", is the infrastructure that the information security service is provided of utilizing the PKI theory and technology to set up.The PKI technology adopts the certificate management PKI,, other identification informations of user's PKI and user is bundled checking user's identity on Internet by the third-party trusted CA of authentication center of mechanism (Certificate Authority).CA is the core topworks of PKI, and certificate is the core element of PKI.Public key system is present most widely used a kind of encryption system, and in this system, encryption key and decruption key have nothing in common with each other.The digital signature of public key system had both guaranteed the confidentiality of information, guaranteed that again information has non repudiation, its principle is: at first will be expressly with the side's of being verified private key signature, obtain digital signature, then digital signature is sent to authentication, authentication verifies that with the PKI of the side of being verified last and original text compares, and verifies.
The signature of the bank card after the conversion has its distinctive mechanism.At first generate signature by the side of being verified: authentication is filled the every data that indicate according to set form, re-uses the private key of card and corresponding algorithm and will fill the result and generate digital signature.Authentication uses card PKI and corresponding algorithm to recover signature, every data of certifying signature, if every data all are proved to be successful, and authentication success so.
Along with the widespread use of smart card, smart card and terminal ways of connecting be also in continuous expansion, and existing connected mode comprises mainly that contact connects, contactless connection and the USB module that has by card are connected with terminal etc.
Summary of the invention
The present invention is directed to the safety problem in computerized information field, make full use of bank card and can carry out the high security of crypto-operation and the ubiquity characteristics of use, provide a kind of bank card is applied to field of computer information security, utilize its PKI calculation mechanism to improve the implementation method of computer information safe.
A kind of bank card is made the implementation method that PKI uses on computers, and described bank card is connected with computing machine, and its technical scheme is as follows:
1) is verified the private key signature check information that square tube is crossed bank card;
2) side of being verified issues authentication with signature;
3) authentication again by credit card issuer public key verifications card certificate, uses the public key verifications signature of the side of being verified by authentication center of trusted mechanism public key verifications credit card issuer certificate afterwards.
Wherein, described bank card has public key calculation and private key calculation function, and the card digital certificate signed and issued of the credit card issuer digital certificate signed and issued of CA center and credit card issuer.
Described computing machine comprises PC, server, embedded system, personal digital assistant or smart mobile phone.Described bank card is connected with computing machine, and connected mode comprises that contact connects, contactless connection or be connected with computing machine by the USB communication module that bank card has.Described signature is ordered by described bank card execution INTERNAL AUTHENTICATE and is finished.The described side of being verified comprises terminal, and authentication comprises terminal or server.
Being verified can be to obtain credit card issuer certificate and card certificate by following several modes:
1) side of being verified sends to authentication with its credit card issuer certificate and card certificate;
2) authentication obtains the credit card issuer certificate and the card certificate of the side of being verified by third party trusty.
3) authentication can obtain the credit card issuer certificate of the side of being verified from identical bank card with the bank card credit card issuer of the side of being verified, and the card certificate is by any one method acquisition in above-mentioned two kinds of methods.
Authentication again by credit card issuer public key verifications card certificate, uses the public key verifications signature of the side of being verified by CA center public key verifications credit card issuer certificate at last.
Compared with prior art, the invention has the beneficial effects as follows: the present invention has made full use of bank card and has had the high security that embedded micro-processor can carry out crypto-operation, with and the characteristics of the ubiquity used, the PKI security mechanism of bank card is applied to field of computer information security, improved the security of sensitive information, a kind of new way to the bank card functionality expansion also is provided simultaneously.
Description of drawings
Fig. 1 is the schematic diagram of data interaction both sides authentication.
Fig. 2 is the schematic diagram of terminal request server authentication.
Fig. 3 is the schematic diagram that data integrity and non-repudiation are used.
Embodiment
Now reaching embodiment in conjunction with the accompanying drawings is described in further detail the present invention.
With reference to Fig. 1, the computing machine first links to each other with bank card a by card reader, and computing machine second links to each other with bank card b by card reader, and is connected with the CA center by the internet simultaneously.At first application of bank card operation SELECT FILE command selection moves READRECORD then and orders credit card issuer certificate, the card certificate that reads in the bank card, and next mutual both sides send random number or other forms of check information to the other side respectively.For example, first sends check information M to second, after second is received information M, information M is sent to bank card b, bank card b operation INTERNAL AUTHENTICATE order use self private key is signed to information M, again signing messages is returned to computing machine, computing machine second sends to first with signing messages and credit card issuer, card certificate.PKI on the CA center certificate that first reading system inside has, utilize this public key verifications bank card b credit card issuer certificate, utilize the digital certificate of the bank card b that credit card issuer public key verifications credit card issuer signs and issues again, utilize the public key verifications signature of bank card b, if above-mentioned three layers of checking all by otherwise authentication failure is passed through in authentication.Second makes to use the same method verifies the identity of first, if after both sides pass through the other side's authentication mutually, the transmission information that can trust mutually.
With reference to Fig. 2, personal computer terminal links to each other with bank card by card reader, is connected with server with the CA center by the internet simultaneously.When personal computer is wanted access server, application of bank card operation SELECT FILE command selection, move the READRECORD order then and read digital certificate, next a server random number of transmission or other forms of check information M are to terminal, terminal imports information M in the bank card into, bank card operation INTERNAL AUTHENTICATE order use self private key is signed information M, and pass signature back computing machine, computing machine returns to server with digital certificate and signature again, the digital certificate of the public key verifications bank card credit card issuer in the CA center certificate that server has with internal system, utilize the digital certificate of the public key verifications card of credit card issuer again, utilize the public key verifications signature of bank card card at last, if above-mentioned three layers of checking by authentication pass through, then terminal can be visited and the Download Server resource.
With reference to Fig. 3, the take over party is in order to prove the integrality of receiving data and to prove the data of oneself having received that transmit leg sends, after the take over party receives data, adopt the one-way function hash algorithm to carry out ciphered compressed formation digital digest earlier to receiving data, import summary into bank card, bank card operation INTERNAL AUTHENTICATE order is signed to the data summary, and give transmit leg with itself and signature transmission by network, because private key has uniqueness, this signing messages of susceptible of proof is sent by the take over party really.In this process, anyone does not have take over party's private key, therefore can't forge the take over party signature or it is done any type of distorting, transmit leg is with digital digest that receives and the digital digest comparison of adopting identical one-way function hash algorithm to obtain, unanimity then verifies and passes through, thereby reaches the requirement of data validity, integrality and non repudiation.
The above embodiment only is one embodiment of the present of invention; the invention is not restricted to the foregoing description; for persons skilled in the art; the any conspicuous change of under the prerequisite that does not deviate from the principle of the invention it being done all belongs to the protection domain of design of the present invention and claims.
Claims (8)
1. a bank card is made the implementation method that PKI uses on computers, and described bank card is connected with computing machine, it is characterized in that:
1) is verified the private key signature check information that square tube is crossed its bank card;
2) side of being verified issues authentication with signature;
3) authentication again by credit card issuer public key verifications card certificate, uses the public key verifications signature of the side of being verified by authentication center of trusted mechanism public key verifications credit card issuer certificate afterwards;
Wherein, described bank card has public key calculation and private key calculation function, and the card digital certificate signed and issued of the credit card issuer digital certificate signed and issued of authentication center of trusted mechanism and credit card issuer.
2. implementation method as claimed in claim 1 is characterized in that: described computing machine comprises PC, server, embedded system, personal digital assistant or smart mobile phone.
3. implementation method as claimed in claim 1 is characterized in that: described bank card is connected with computing machine, and connected mode comprises that contact connects, contactless connection or be connected with computing machine by the USB communication module that bank card has.
4. implementation method as claimed in claim 1 is characterized in that: described signature is carried out the internal verification order by described bank card and is finished.
5. implementation method as claimed in claim 1 is characterized in that: the described side of being verified comprises terminal, and authentication comprises terminal or server.
6. implementation method as claimed in claim 1 is characterized in that: being verified can be to send to authentication with its credit card issuer certificate and card certificate.
7. implementation method as claimed in claim 1 is characterized in that: authentication can obtain the credit card issuer certificate and the card certificate of the side of being verified by third party trusty.
8. implementation method as claimed in claim 1 is characterized in that: authentication also can be from obtaining the credit card issuer certificate of the side of being verified with the bank card of the identical credit card issuer of bank card of the side of being verified.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100791253A CN100409245C (en) | 2006-04-29 | 2006-04-29 | Method for implementing PKI application of bank card on computer |
| JP2007113826A JP2007298985A (en) | 2006-04-29 | 2007-04-24 | Method for implementing pki application of bank card on computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100791253A CN100409245C (en) | 2006-04-29 | 2006-04-29 | Method for implementing PKI application of bank card on computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1838143A CN1838143A (en) | 2006-09-27 |
| CN100409245C true CN100409245C (en) | 2008-08-06 |
Family
ID=37015535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100791253A Expired - Fee Related CN100409245C (en) | 2006-04-29 | 2006-04-29 | Method for implementing PKI application of bank card on computer |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2007298985A (en) |
| CN (1) | CN100409245C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102007013287B4 (en) * | 2007-03-16 | 2008-11-13 | Giesecke & Devrient Gmbh | Method for generating confirmed transaction data and device therefor |
| CN102013001B (en) * | 2010-12-06 | 2013-05-01 | 苏州国芯科技有限公司 | Card reader with authentication function and authentication method thereof |
| CN102096967A (en) * | 2010-12-21 | 2011-06-15 | 捷德(中国)信息科技有限公司 | Off-line payment method and consumption terminal for electronic purse |
| CN104463001A (en) * | 2014-12-19 | 2015-03-25 | 比特卡国际有限公司 | Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1376974A (en) * | 2002-04-26 | 2002-10-30 | 上海腾欣科技有限公司 | Method for authenticating identity by CD card |
| EP1322087A2 (en) * | 2001-12-19 | 2003-06-25 | Trw Inc. | Public key infrastructure token issuance and binding |
| CN1447956A (en) * | 2000-07-03 | 2003-10-08 | 英布罗斯股份有限公司 | Monetary system having public key infrastructure |
| CN1751471A (en) * | 2003-02-14 | 2006-03-22 | 索尼株式会社 | Authentication processing device and security processing |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH10327147A (en) * | 1997-05-21 | 1998-12-08 | Hitachi Ltd | Electronic authenticating and notarizing method and its system |
| JP2000311196A (en) * | 1999-04-28 | 2000-11-07 | Toshiba Corp | System for processing application procedure and ic card used therefor |
| JP2002344438A (en) * | 2001-05-14 | 2002-11-29 | Nippon Telegr & Teleph Corp <Ntt> | Key sharing system, key sharing device and program thereof |
| JP4602606B2 (en) * | 2001-08-15 | 2010-12-22 | ソニー株式会社 | Authentication processing system, authentication processing method, authentication device, and computer program |
| JP2004259174A (en) * | 2003-02-27 | 2004-09-16 | Nippon Telegr & Teleph Corp <Ntt> | Ic card interoperation method and system |
| JP4610225B2 (en) * | 2004-04-27 | 2011-01-12 | ルネサスエレクトロニクス株式会社 | COMMUNICATION SYSTEM AND DEVICE AND COMMUNICATION METHOD |
-
2006
- 2006-04-29 CN CNB2006100791253A patent/CN100409245C/en not_active Expired - Fee Related
-
2007
- 2007-04-24 JP JP2007113826A patent/JP2007298985A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1447956A (en) * | 2000-07-03 | 2003-10-08 | 英布罗斯股份有限公司 | Monetary system having public key infrastructure |
| EP1322087A2 (en) * | 2001-12-19 | 2003-06-25 | Trw Inc. | Public key infrastructure token issuance and binding |
| CN1376974A (en) * | 2002-04-26 | 2002-10-30 | 上海腾欣科技有限公司 | Method for authenticating identity by CD card |
| CN1751471A (en) * | 2003-02-14 | 2006-03-22 | 索尼株式会社 | Authentication processing device and security processing |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2007298985A (en) | 2007-11-15 |
| CN1838143A (en) | 2006-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111046352B (en) | Identity information security authorization system and method based on block chain | |
| CN109983466A (en) | A kind of account management system and management method, storage medium based on block chain | |
| CN102768744B (en) | A kind of remote safe payment method and system | |
| CN106096947B (en) | The half off-line anonymous method of payment based on NFC | |
| CN104217327A (en) | Financial IC (integrated circuit) card Internet terminal and trading method thereof | |
| CN103259667A (en) | Method and system for eID authentication on mobile terminal | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN100555339C (en) | The application process of IC-card in gate control system based on finance norms | |
| WO2013072437A1 (en) | Key protected nfc tag method and system, and a method for diversify coupon on a viral distribution chain by nfc | |
| Saranya et al. | Efficient mobile security for E health care application in cloud for secure payment using key distribution | |
| CN101504732A (en) | Electronic passport expansion access control system and authentication method based on identification cipher technology | |
| US10657523B2 (en) | Reconciling electronic transactions | |
| TW201417010A (en) | System and method for performing financial certificate transaction through mobile device | |
| CN101521576B (en) | Method and system for identity authentication of internet user | |
| CN100409245C (en) | Method for implementing PKI application of bank card on computer | |
| Xue et al. | Design of a Blockchain‐Based Traceability System with a Privacy‐Preserving Scheme of Zero‐Knowledge Proof | |
| Boontaetae et al. | RDI: Real digital identity based on decentralized PKI | |
| CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof | |
| CN1838187B (en) | Implementation method for applying bank car to identity authentication | |
| KR100349888B1 (en) | PKI system for and method of using micro explorer on mobile terminals | |
| Quercia et al. | Motet: Mobile transactions using electronic tickets | |
| CN100470570C (en) | Network software system copyright protecting method | |
| CN204066182U (en) | A kind of financial IC card internet terminal | |
| Li et al. | Secure remote mobile payment architecture and application | |
| CN111400748A (en) | Block chain-based storage method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080806 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |