CN100433051C - Integrate circuit card system - Google Patents

Integrate circuit card system Download PDF

Info

Publication number
CN100433051C
CN100433051C CNB031433936A CN03143393A CN100433051C CN 100433051 C CN100433051 C CN 100433051C CN B031433936 A CNB031433936 A CN B031433936A CN 03143393 A CN03143393 A CN 03143393A CN 100433051 C CN100433051 C CN 100433051C
Authority
CN
China
Prior art keywords
integrated circuit
data
read write
write line
circuit card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB031433936A
Other languages
Chinese (zh)
Other versions
CN1604127A (en
Inventor
邓国顺
成晓华
向锋
祝绪阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netac Technology Co Ltd
Original Assignee
LANGKE SCIENCE AND TECHNOLOGY Co Ltd SHENZHEN CITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LANGKE SCIENCE AND TECHNOLOGY Co Ltd SHENZHEN CITY filed Critical LANGKE SCIENCE AND TECHNOLOGY Co Ltd SHENZHEN CITY
Priority to CNB031433936A priority Critical patent/CN100433051C/en
Publication of CN1604127A publication Critical patent/CN1604127A/en
Application granted granted Critical
Publication of CN100433051C publication Critical patent/CN100433051C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides an integrated circuit board system which comprises an integrated circuit board, a reader-writer and a data processing host machine, wherein the integrated circuit board is used for storing user information; the reader-writer is used for reading and writing the integrated circuit board; the data processing host machine is used for controlling the operation of the integrated circuit board and the reader-writer. The reader-writer and/or the integrated circuit board have large-capacity storage units used for storing data and interchanging data among the integrated circuit board, the reader-writer and the data processing host machine. The system of the present invention strictly encrypts and protects transmitted data, effectively prevents important data from being monitored, intercepted and falsified, guarantees availability and completeness of data, stores large quantities of data, uses various data interchange modes among a plurality of devices in the system, and has various application functions of user network digital signing, identity authentication, network access authority control, file encryption management, data encryption/ decryption and software property right protection.

Description

IC card system
Technical field
The present invention relates to integrated circuit card and read write line thereof, relate to the IC card system of realizing the high capacity storage particularly, this system also has the high capacity memory function of data except realizing safety certification and encrypting and decrypting function, and the several data exchanged form of feasible system inside.
Background technology
Along with the fast development of computer network communication technology, ecommerce and information encryption, press for the significant data information that usage safety performance height, processing ease, cheap safety product are protected the client.
In present existing intelligent and safe product, more representational is the smart card system that is made of smart card (abbreviation IC-card) and supporting card reader thereof and data processing main frame.Comprise control, storage and interface logic in the smart card, wherein be preset with authentication mechanism for encrypting; Card reader comprises control and intelligent card interface, data processing host interface logic, default authentication mechanism for encrypting.Can discern mutually and check between card reader and the smart card, guaranteed the security of system's operation when (particularly breaking away from the operation of data processing main frame).This smart card system can be encrypted and be protected the transmission data, can effectively protect significant data not monitored, intercept and distort, and can guarantee the validity and the integrality of data.
In addition; like product also has portable equipment---the smart electronics key that smart card and intelligent card read/write device are become one; this product is connected with the data processing main frame by general-purpose interface, can finish functions such as user network digital signature, authentication, network access authority control, file encryption management, data encrypting and deciphering, software property right protection.This product has characteristics such as safe, small and exquisite, flexible, easy-to-use and portable, by the encrypt/decrypt calculation function that this product provides, can be widely used in the field of requirement personal identification, identification, data encryption.
Yet, be that the existing intelligent and safe product ubiquity of representative following weak point with the said goods: since these products have do not dispose memory device, only have the simple calculations ability or very simple flag information be provided; The only configuration volatile memory device that has can only be kept in information, can't satisfy the several data processing requirements; Have only disposed small-capacity memory spare (generally by tens to tens K positions, be several M position to the maximum), only can preserve foolproof information:, only can be used for single numeric type and use for example amount of money record keeping, counting etc. for the product that has only the following memory space of 1K byte; 1K generally also only can store brief literal, form, numerical value, key information, for example personally identifiable information, billing information etc. to the product of 8K byte capacity.
This shows that the storage capacity of existing intelligent and safe product is low, correspondingly its information processing capability is also relatively poor, and data transmission, exchange way are single.Make existing intelligent and safe product only can realize the simple function of being scheduled to thus, carry out exchanging of simple data according to predetermined flow process with specific card reader, data processing main frame, even can only carry out the one-way data transmission, can not can't be competent at the application in multiple occasion, multiple systems according to the data message under user's the needs handle complex situations.These have all greatly limited the range of application and the expanded function of this series products.
Summary of the invention
At above-mentioned the deficiencies in the prior art, the object of the invention is to propose a kind of IC card system that possesses the high capacity storage capacity, make it can realize the several data exchanged form of high capacity storage and internal system, can also realize application functions such as safety certification, encrypting and decrypting.
For achieving the above object, the present invention proposes a kind of IC card system, comprising:
Integrated circuit card; Read write line is used for integrated circuit card is operated and carried out data exchange processing with the data processing main frame; The data processing main frame is used to control the operation to read write line, and by the operation of read write line control to integrated circuit card; Wherein said read write line and described integrated circuit card one at least have the high capacity storage unit.
According to a kind of embodiment of the present invention, integrated circuit card in the said system comprises: storage unit, integrate or divide with described high capacity storage unit and be arranged, interface unit, be used for communicating with the interface of external unit, control module is used to control the operation of described interface unit and storage unit and described high capacity storage unit and carry out data processing; Described read write line comprises: connect integrated circuit card interface unit, be used for connecting with described integrated circuit card and carrying out exchanges data, connect data processing host interface unit, be used for connecting and exchanges data with described data processing main frame, control module is used for controlling the operation of each unit of described read write line; Described data processing main frame comprises the data processing host interface unit, is used for connecting with described read write line and carrying out exchanges data.
Integrated circuit card in the described system further comprises the encrypting and authenticating unit, is used for user profile is authenticated and data is carried out encryption and decryption; Described encrypting and authenticating unit can carry out the encrypting and authenticating operation separately, or finishes the encrypting and authenticating operation jointly with the encrypting and authenticating unit of read write line.
On the other hand, the present invention proposes another kind of IC card system, comprising: integrated circuit card is used for storing subscriber information; Read write line is used for described integrated circuit card is carried out read-write operation, has user input unit in the described read write line, is used for for user's input operation instruction and data; And output unit, being used for to user's output function instruction execution result or system status information, wherein said read write line and integrated circuit card one at least have the high capacity storage unit.Described user input unit can adopt button, keyboard, writing pencil or phonetic entry device; Described output unit can adopt pilot lamp, display screen or voice output device.
In above-mentioned various systems, the read write line in the described IC card system comprises a plurality of integrated circuit card interfaces, respectively or simultaneously to the line data exchange of going forward side by side of a plurality of integrated circuit card connection.Can realize in the following way that read write line is respectively or simultaneously to a plurality of integrated circuit card connection and exchanges data: the sequence number of corresponding each integrated circuit card is opened up a virtual memory space in read write line, is used for storing the data of the integrated circuit card of this sequence number; Perhaps in the high capacity storage unit of read write line, corresponding with each connection of integrated circuit card open up a virtual memory space, store relevant integrated circuit card at every turn from connecting the data between disconnection.
In above-mentioned various systems, described integrated circuit card can comprise storage unit, and this storage unit is selected easy mistake or non-volatile memory medium for use, can unite two into one with described high capacity storage unit or setting respectively.
When integrated circuit card only comprises the high capacity storage unit, can use this high capacity storage unit that system data and user file are stored; When integrated circuit card comprises the high capacity storage unit that adopts non-volatile memory medium and adopts the storage unit of easily losing storage medium, described non-volatile high capacity storage unit can be used for the long preservation of data, and volatile memory cell is used in temporal data in the operating process; Both comprised non-volatile high capacity storage unit in described integrated circuit card, when comprising the storage unit that adopts non-volatile memory medium again, described non-volatile high capacity storage unit can be used for the preservation and the exchange of subscriber data file; And non-volatile memory cells can be used for preserving encrypting and authenticating information, key data, system information and system program etc.; Above-mentioned two storage unit also can adopt same non-volatile memory medium, can merge into a storage unit, carry out the stores processor of data according to customer requirements and system's setting.
The present invention also proposes a kind of IC card system, comprise read write line and data processing main frame, described read write line comprises: the interface unit that connects the data processing host, be used for connecting and exchanges data with described data processing main frame, control module is used to control the operation of each unit described in the described read write line; Described data processing main frame comprises the data processing host interface unit, is used for connecting with described read write line and carrying out exchanges data, and wherein read write line also comprises the high capacity storage unit.
In said integrated circuit card system, described read write line can further comprise the encrypting and authenticating unit, is used for user profile is authenticated and data is carried out encryption and decryption.Encrypting and authenticating unit in the said integrated circuit card system can be realized by hardware, perhaps uses software to call realization by control module; Described encrypting and authenticating unit can be realized separately, also can unite two into one with described control module.
In the above-mentioned various IC card system, described integrated circuit card is selected from contact-type, non-contact type, serial transmission type, parallel transmission type, encrypts storage-type, non-encrypted storage-type, intelligent, supper-intelligent type, microwave-type or electromagnetic induction type integrated circuit card.Described data processing host interface unit 301 has a plurality of interfaces, is used for being connected with a plurality of read write lines and carrying out exchanges data.
High capacity storage unit described in the said integrated circuit card system be meant memory capacity greater than existing storage unit in existing integrated circuits card or the read write line, can satisfy the memory storage of user's Large Volume Datas such as storage such as graphic file, audio files, text chart file.This high capacity storage unit can adopt magnetic medium, light medium or other semiconductor storage medium, wherein said semiconductor storage medium is selected from flash medium, MRAM, DRAM, EEPROM, SRAM, SDRAM, FRAM, MRAM or Millipede, and described magnetic medium comprises hard disk, portable hard drive, MicroDrive.
Because the IC card system that the present invention proposes improves existing integrated circuits card and read write line thereof, be provided with the high capacity storage unit, the data-handling capacity of IC card system is strengthened, memory data output increases, also make IC card system have the application function that many existing integrated circuits card techniques do not possess, details are as follows:
First aspect, integrated circuit card with high capacity storage unit provided by the invention can not only be stored fixed mode bulk information according to predetermined mechanism, can also be according to system's setting, and recording operation daily record and system information, can also be according to user's requirement, storage user data designated.And the read write line with high capacity storage unit not only has integrated circuit card is carried out function of reading, mass data in the integrated circuit card can also be stored in the read write line, can be used for collecting the data in a plurality of integrated circuit cards, also can be used for the storage and the transfer of user data, realized the mobile storage of Large Volume Data;
Second aspect, to having the IC card system of high capacity storage unit, the present invention has improved security authentication mechanism, makes that the methods of safety certification are more versatile and flexible, safety and reliability.Security authentication mechanism is set in integrated circuit card, makes integrated circuit card have the function of safety certification to read write line, to the data processing host.For example, the user must insert specific integrated circuit card in the read write line, through the authentication of security authentication mechanism, can carry out operation in the authority to the particular data in read write line or the integrated circuit card; In like manner, can require the user integrated circuit card must be connected with the data processing main frame through read write line,, can carry out operation in the authority data processing host or integrated circuit card through the authentication of security authentication mechanism;
By security authentication mechanism is set in read write line, make read write line to carry out safety certification control to integrated circuit card and data processing main frame, will be to the performance constraint of integrated circuit card and data processing main frame must be that validated user carries out in lawful authority;
Security authentication mechanism cooperation in integrated circuit card and the read write line can realize more high performance safety certification function.
The third aspect has on the IC card system basis of high capacity storage unit, and the present invention has realized the more data encryption mechanism of flexibility and reliability.Described data encryption mechanism is collectively referred to as authentication mechanism for encrypting with aforesaid security authentication mechanism.
Data encryption mechanism is set in integrated circuit card, can utilizes integrated circuit card that the data of read write line, data processing main frame and integrated circuit card self are carried out the encrypting and decrypting operation; Data encryption mechanism is set in read write line, can utilizes read write line that integrated circuit card, data processing main frame and read write line self are carried out the encrypting and decrypting operation; Encrypting and decrypting mechanism in integrated circuit card and the read write line combines the encrypting and decrypting operation of realization to data in integrated circuit card, read write line and the data processing main frame.For example, can produce key by integrated circuit card, read write line utilizes this key that the data in the data processing host are carried out the encrypting and decrypting operation.
Fourth aspect, the IC card system that the present invention proposes is compared with existing integrated circuits card and read write line technology, improves aspect data transmission channel.Mostly existing integrated circuits card and read write line product thereof are according to predetermined systems operational mechanism and business, data are carried out the transmission of fixed-direction, stationary conduit, for example the flag information in the integrated circuit card (for example card number or personal code work) is passed to the data processing main frame through read write line, by the data processing main frame business datum (for example amount of money, the electricity consumption number of degrees, date etc.) is passed to integrated circuit card through read write line again, finish data transmission service.Adopt data processing host computer system of the present invention, can be under user's control, between a plurality of integrated circuit cards, a plurality of read write line, three kinds of equipment of data processing main frame neatly the transmission, unload database, be not subjected to the restriction of reservation system operating mechanism and service logic.
In sum; adopt the IC card system that possesses the high capacity storage capacity provided by the invention; the high capacity storage of data and the several data exchanged form of a plurality of equipment rooms of internal system have not only been realized; also realized the transmission data are strictly encrypted and protected; effectively the protection significant data is not monitored, is intercepted and distort; guarantee the validity and the integrality of data, can realize the multiple application function of user network digital signature, authentication, network access authority control, file encryption management, data encrypting and deciphering, software property right protection function.
The product of IC card system of the present invention has characteristics such as safe, small and exquisite, flexible, easy-to-use and portable, can be widely used in multiple fields such as finance, industrial and mineral, national defence, household register, agricultural, commerce, campus, traffic, medical treatment, business administration, computing machine and network application, personal data processing, estate management, daily life.
Description of drawings
Fig. 1 is the structured flowchart of the IC card system of first embodiment of the invention;
Fig. 2 is the operational flowchart of the IC card system of first embodiment of the invention;
Fig. 3 is to the detail flowchart of read write line operation in the operational flowchart shown in Figure 2;
Fig. 4 is to the detail flowchart of integrated circuit card operation in the operational flowchart shown in Figure 2;
Fig. 5 adopts integrated circuit card and read write line thereof to realize use synoptic diagram of the present invention;
Fig. 6 is the structured flowchart of second embodiment of the present invention;
Fig. 7 is the operational flowchart of second embodiment of the invention.
Embodiment
Describe specific embodiments of the present invention in detail below in conjunction with each accompanying drawing.
Fig. 1 shows the structured flowchart of the IC card system of first embodiment of the present invention.As shown in the figure, the IC card system in this embodiment comprises integrated circuit card 100, read write line 200 and data processing main frame 300.
Integrated circuit card 100 comprises control module 101, storage unit 102, integrated circuit card interface unit 103 and high capacity storage unit 104, and the two-way transmission of data is all supported in the connection between above-mentioned each unit.
Control module 101 can be made up of one or more pieces integrated circuit (IC) chip, wherein be preset with chip operating system COS (Chip Operating System), authentication mechanism for encrypting and security authentication mechanism (not indicating among Fig. 1) in the card, be used for the work of control integrated circuit card 100 other unit, the line data of going forward side by side is handled.
Storage unit 102 is accepted the control of control module 101, storing data information.Storage unit 102 can adopt storage medium easy mistake or non-volatile to realize, this class storage medium includes but not limited to storage medium, read-only storage medium, program recorded medium able to programme or electric erasable storage medium, flash medium and/or ferromagnetic storage medium at random.In embodiments of the invention, storage unit 102 has adopted low capacity non-volatile memory medium, for example ROM, EPROM etc.104 of high capacity storage unit adopt the high capacity non-volatile memory medium, can select flash medium, electrically-erasable storage medium, program recorded medium able to programme, ferromagnetic storage medium etc. for use.
High capacity storage unit 104 in the integrated circuit card 100 is accepted the control of integrated circuit card control units 101, and can with its swap data.Physically, storage unit 102 can be integrated in the above-mentioned control module 101, also can exist individually.In addition, storage unit 102 also can integrate with high capacity storage unit 104, perhaps is provided with respectively.Storage unit 102 can select to adopt identical technology or different technology realizations with high capacity storage unit 104.
In the embodiment depicted in fig. 1, high capacity storage unit 104 logically is separated from each other with integrated circuit card storage unit 102, adopts different circuit to realize.They are connected with control module 101 respectively, carry out data interaction with control module 101 respectively, realize different data storage functions.For example, storage unit 102 is exclusively used in storage key, the authentication information relevant with authentication mechanism for encrypting; High capacity storage unit 104 then is used to store form, temporary file, the system file of file, data or system's generation of user's appointment.
In addition, also high capacity storage unit 104 and integrated circuit card storage unit 102 can be integrated, adopt a cover integrated circuit to realize physically, above-mentioned data qualification be left in the different subregions of storage space.
Integrated circuit card interface unit 103 is used for communicating and exchanges data with external interface device (read write line 200 be connected integrated circuit card interface unit 202).According to the difference of integrated circuit Card Type, adopt corresponding IC-card interface standard.The interface standard of integrated circuit card interface unit 103 is suitable with the corresponding interface standard of the connection integrated circuit card interface unit 202 of corresponding read write line 200.Integrated circuit card 100 carries out data communication by integrated circuit card interface unit 103 and read write line 200, can in the mass storage 104 of integrated circuit card 100, preserve mass data thus, and with read write line 200 and/or data processing main frame 300 exchange storage data, realize the portable storage of Large Volume Data in integrated circuit card 100.
Integrated circuit card 100 can pass through powered battery, or the integrated circuit card interface unit 103 by linking to each other with read write line 200, by read write line 200 power supplies.
Read write line 200 comprises encrypting and authenticating unit 201, the interface unit 202 that connects integrated circuit card, control module 203, connects interface unit 204, high capacity storage unit 205 and the power supply unit (not indicating among Fig. 1) of data processing host.Control module 203 is controlled the operation of other unit of read write line 200 inside respectively and is coordinated, and the line data of going forward side by side is handled.The two-way transmission of the interconnection supports data traffic between each unit of read write line 200 inside.Preset operating system, application software or file system in control module 203 and high capacity storage unit 205.
The control of control module 203 is accepted in encrypting and authenticating unit 201, user profile is authenticated and authentication result is fed back to control module 203, and data message is carried out encrypt/decrypt.Encrypting and authenticating unit 201 can adopt existing special chip to realize.In addition, encrypting and authenticating unit 201 also can use software, calls realization by the control module 203 of read write line 200.Encrypting and authenticating unit 201 can independently also can be to integrate with control module 203 physically.The two common formation CPU (central processing unit) (not marking among the figure)
The interface unit 202 that connects integrated circuit card is used for being connected with the integrated circuit card interface unit 103 of integrated circuit card 100, carries out the transmission of data and order.Interface unit 202 can adopt the IC-card interface standard.Interface standard is suitable with the interface standard of the interface unit 103 of the integrated circuit card 100 that will be connected.
The interface unit 202 that connects integrated circuit card can comprise one or more integrated circuit card interfaces, so that be connected and swap data with one or more integrated circuit cards 100.According to user's request, the data file of read write line 200 storages can be outputed to each integrated circuit card 100; Perhaps, will be input in the read write line 200 from the data of each integrated circuit card 100 and handle or store, and perhaps output to again in other equipment and go as the interface of data input.
When integrated circuit card 100 is connected with read write line 200, connect the interface standard of the integrated circuit card interface unit 103 that 202 identifications of integrated circuit card interface unit are connected, being connected between initialization and the integrated circuit card interface unit 103; According to the method for normalizing of interface standard agreement set up with integrated circuit card 100 between logic be connected; Explain, change, control and transmit various control informations and data message between each integrated circuit card 100 and the read write line 200, realize being connected and exchanges data between read write line 200 and the integrated circuit card 100.
The connection data processing host interface unit 204 of read write line 200 can comprise one or more connection data processing host interfaces, is used for being connected and swap data with one or more data processing main frames 300.The data file of described read write line 200 being stored according to user's request outputs to each data processing main frame 300, perhaps as the interface of data inputs, to be input in the read write line 200 from the data of each data processing main frame 300 and handle or store, and perhaps output to again in other equipment and go.
Interface between read write line 200 and each the data processing main frame 300 should adopt the interface corresponding interface standard with each data processing main frame 300.This connection data processing host interface unit 204 is replied according to the inquiry instruction that the method for normalizing of interface standard agreement sends the data processing host, explain, various control informations and data message between conversion, control and transmission data processing main frame 300 and the read write line 200, being connected and exchanges data between realization read write line 200 and each data processing main frame 300.In the present embodiment, the interface unit 204 that connects the data processing host adopts usb bus to realize.
The high capacity storage unit 205 of read write line 200 is accepted the control of read write line control module 203, with read write line control module 203 swap datas.This high capacity storage unit 205 can be preserved mass data and be stored data with integrated circuit card 100 and/or 300 exchanges of data processing main frame, realizes the portable storage of Large Volume Data in read write line 200.
This high capacity storage unit 205 can adopt magnetic medium, light medium or other semiconductor storage medium, comprise flash medium, MRAM, DRAM, EEPROM, SRAM, SDRAM, FRAM, MRAM or Millipede (ultrahigh density storage chip) etc. as semiconductor storage medium, magnetic medium comprises hard disk, portable hard drive, MicroDrive etc.In the present embodiment, high capacity storage unit 205 adopts the flash media implementation.
Read write line 200 can be by external direct current power supply, powered battery, or is connected 204 power supplies of data processing host interface unit by what link to each other with data processing main frame 300.In the present embodiment, when read write line 200 only is connected with integrated circuit card 100, the power supply unit of read write line 200 adopts battery or external direct current power supply, when read write line 200 is connected with data processing main frame 300, by the USB interface power supply of data processing host interface unit 301 in the data processing main frame 300.
In the present invention, data processing main frame 300 is used for that to be connected the line data of going forward side by side mutual with equipment such as integrated circuit card 100 and read write lines 200 thereof, and the operation of control integrated circuit card 100 and read write line 200 thereof is also carried out corresponding data processing.Data processing main frame 300 can be PC, data terminal, hand-held data equipment etc.This data processing main frame 300 has data processing host interface unit 301, and data processing main frame 300 is connected and exchanges data with read write line 200 by this data processing host interface unit 301.Data processing host interface unit 301 can have one or more interfaces, so that be connected with one or more read write lines 200 in the native system and carry out data double-way and transmit.
Data processing host interface unit 301 can adopt general standard interface, for example can adopt GSM, GPRS, CDMA, 2.75G, the 3G interface, the CF interface, the SM interface, the MMC interface, the SD interface, the MS interface, pcmcia interface, the MD interface, the x-D interface, the IDE/SCSI interface, the RS232 interface, the RS485 interface, USB OTG (USB On-The-Go) interface, UWB (Ultra Wide Band (ultra broadband)) interface, the GPIO interface, the UART interface, Ethernet interface, parallel interface, USB interface, the IEEE1394 interface, blue tooth interface, the IrDA infrared interface, the HomeRF interface, in IEEE802.11x interface and/or the IEEE802.16x interface one or more.In the present embodiment, the data processing host interface unit 301 of data processing host side adopts the USB standard interface.
Data processing host interface unit 301 is connected with read write line 200 and output data, the data file of described data processing main frame 300 storages can be outputed to read write line 200 according to user's request, perhaps as the interface of data inputs, to be input to from the data of read write line 200 in the data processing main frame 300 and handle or store, and perhaps output to again in other equipment and go.
When read write line 200 is connected with data processing main frame 300, being connected between parallel, the serial of the connection data processing host interface unit 204 of the read write line 200 that data processing host interface unit 301 identification is connected and/or the air interface standard, initialization and each read write line 200 the corresponding interface; According to the method for normalizing of interface standard agreement set up with each read write line 200 between logic be connected, explain, control information and data message between conversion, control and transmission data processing main frame 300 and the read write line 200, thereby realize being connected and exchanges data between each read write line 200 and the data processing main frame 300.
Read write line 200 in this IC card system can be respectively with described integrated circuit card 100 or data processing main frame 300 is connected and swap data respectively, also can be connected with data processing main frame 300 with integrated circuit card 100 simultaneously, set up the information channel between integrated circuit card 100 and the data processing main frame 300, realize that tripartite data exchange.
Like this, the IC card system that is made of jointly integrated circuit card 100, read write line 200 and data processing main frame 300 three partss can carry out processing such as tripartite exchanges data, authentication, encryption, storage, also can carry out between read write line 200 and the data processing main frame 300, processing such as the exchanges data between read write line 200 and the integrated circuit card 100, authentication, encryption, storage.
Describe the operating process of the IC card system of embodiment of the present invention shown in Fig. 1 in detail below in conjunction with Fig. 2.
When read write line 200 inserted data processing main frame 300, read write line 200 carried out initial work.Detect in the read write line 200 and whether inserted integrated circuit card 100.If inserted integrated circuit card 100, then this integrated circuit card 100 is resetted, the integrated circuit card 100 that reinitializes is provided with existence sign that should integrated circuit card, indicates that this integrated circuit card 100 is connected with read write line 200.This moment, integrated circuit card 100 was discerned by read write line 200.If do not have integrated circuit card 100 to insert, then discern read write line 200 by data processing main frame 300.Data processing main frame 300 sends inquiry information, according to replying of read write line 200 read write line 200 is configured.
If after read write line 200 inserts data processing main frame 300, just integrated circuit card 100 is inserted read write line 200, the action of then inserting integrated circuit card 100 will make read write line 200 produce an interruption, read write line 200 carries out integrated circuit card 100 initial work again according to this integrated circuit card 100 that interrupts resetting and insert.Finish in initial work, after integrated circuit card 100 had connected with read write line 200, read write line 200 was provided with corresponding integrated circuit card and has sign, is connected with read write line 200 to indicate this integrated circuit card 100.So far, the recognition of devices configuration finishes.
Next, read write line 200 receives the instruction that data processing main frame 300 is sent, according to the type and the operand of the form decision instruction of instructing.If instruction is operated read write line 200, then read write line 200 is carried out this operational order, and to data processing main frame 300 return results.Wait for that then data processing main frame 300 assigns next operational order, or remove read write line 200 that the whole operation flow process finishes.
If instruction is operated integrated circuit card 100, then read write line 200 exists the value of sign to judge whether to have connected this integrated circuit card 100 according to the corresponding integrated circuit card of this instruction earlier.If this integrated circuit card 100 does not connect with read write line 200, then return error message, wait data processing main frame 300 is assigned next operational order; Otherwise read write line 200 is just explained this instruction, and according to this instruction integrated circuit card 100 is carried out corresponding operating, again to data processing main frame 300 return results.After an instruction is finished, waits for and assign next operational order until data processing main frame 300.
In said process, be different to the concrete operations of read write line 200 with concrete operations to integrated circuit card 100, below will describe respectively.
Fig. 3 shows the concrete treatment scheme that 300 pairs of read write lines 200 of data processing main frame are operated in said process.Learning instruction when judgement is when read write line 200 is operated, and the control module 203 in the read write line 200 is explained these operational orders.Particular content according to instruction can be divided into authentication, read data, write data, format and remove operation such as read write line.
For the authentication operational order, data processing main frame 300 will require user's input authentication information and send this order to read write line 200; Read write line 200 compares the authentication information that prestores in this authentication information and its storage unit 205, if authentication information conforms to prestored information, determines that then this user is to the operating right of read write line 200 and to data processing main frame 300 return authentication successful information; If authentication information and prestored information are not inconsistent, then to data processing main frame 300 return authentication failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns next operational order.
For example, according to the setting of authentication mechanism for encrypting, the user must carry out authentication by the encrypting and authenticating unit 201 of read write line 200 could carry out data manipulation to data processing host 300.Before the user need carry out data manipulation to data processing host 300, data processing main frame 300 ejected dialog box and requires the user to input authentication informations such as user name, password.This authentication information sends to according to USB interface standard packing by data processing host interface unit 301 and connects data processing host interface unit 204, connects data processing host interface unit 204 and receives the control module 203 that sends read write line 200 after the data to.Control module 203 calls encrypting and authenticating unit 201, and this authentication information and the authentication information that preestablishes or store are in advance checked.If check correct, then this user operating right concrete to data processing host 300 (for example read-only, read-write, format authority etc.) determined according to authentication mechanism for encrypting in control module 202 or encrypting and authenticating unit 201, the row labels of going forward side by side, return authentication passes through information.If check incorrect, return authentication failure information then.The authentication failure message that returns to data processing main frame 300 will send to and connect data processing host interface unit 204, send data processing host interface unit 301 to through USB interface again, feed back to the user by data processing main frame 300.Wait for and receive the next operational order of user.
If according to authentication mechanism for encrypting, the user operates read write line 200 must be by authentication, and then authentication processing flow process and above-mentioned flow process are similar.
For the read data operational order, for example the user need read out the specific data in the high capacity storage unit 205, read write line 200 is this user's of check operating right earlier, determines whether this user has the read operation authority to read write line high capacity storage unit 205.If the user does not possess the read data authority, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns operational order.If the user has the read data authority, then reading command data designated from high capacity storage unit 205 according to the setting of authentication mechanism for encrypting, judges whether these data decipher through encrypting and needing.Deciphering if desired, then read write line 200 calls and returns to data processing main frame 300 after 201 pairs of these data in encrypting and authenticating unit are decrypted; If these data need not deciphered, then directly return to data processing main frame 300.
Instruct for data writing operation, for example the user need write specific data in the high capacity storage unit 205 of read write line 200, the processing of instruction is similar to the read data operational order: read write line 200 is this user's of check operating right earlier, determines that this user has the write operation authority to read write line high capacity storage unit 205; If the user does not possess the write data authority, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns operational order.If the user has the write data authority, whether needs are encrypted then to judge these data according to the setting of authentication mechanism for encrypting.Encrypt if desired, then read write line 200 calls and writes high capacity storage unit 205 after 201 pairs of these data in encrypting and authenticating unit are encrypted, and returns the write data successful information to data processing main frame 300 again.If these data need not encrypted, the high capacity storage unit 205 of then writing direct, and return the write data successful information to data processing main frame 300.
For the format manipulation instruction, read write line 200 is this user's of check operating right earlier, determines whether this user has the format manipulation authority to read write line high capacity storage unit 205.If the user does not possess this operating right, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns operational order.If the user has this operating right, then high capacity storage unit 205 is carried out format manipulation, and return the format manipulation successful information to data processing main frame 300.
For removing the read write line operational order, read write line 200 is preserved and user-dependent information.After the user extracted read write line 200, the operating process of total system finished.
Fig. 4 has shown that instruction that data processing main frame 300 is assigned is the processing procedure when integrated circuit card 100 is operated.
The instruction of assigning when read write line 200 specified data processing host 300 is when integrated circuit card 100 is operated, and read write line 200 is explained these operational orders.Particular content according to instruction can be divided into authentication, read data, write data, format, extracts five kinds of operations of integrated circuit card.
For the authentication operational order, data processing main frame 300 will require the user to import the authentication information of appointment and send this information to read write line 200.Read write line 200 compares this authentication information and the authentication information that prestores.If authentication information conforms to prestored information, determine that then this user is to the operating right of integrated circuit card 100 and to data processing main frame 300 return authentication successful information; If authentication information and prestored information are not inconsistent, then to data processing main frame 300 return authentication failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns operational order.
If according to authentication mechanism for encrypting, the user operates integrated circuit card 100 or read write line 200 must be by authentication, and then the authentication processing will adopt above-mentioned flow process to carry out.
For the read data operational order, for example customer requirements reads specific data from integrated circuit card storage unit 102 and/or high capacity storage unit 104, then integrated circuit card 100 will be checked this user's operating right earlier, determines that this user has the read operation authority to integrated circuit card storage unit 102 and/or high capacity storage unit 104.If the user does not possess the read operation authority, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 continues wait data processing main frame 300 and assigns operational order.If the user has the read operation authority, then read write line indication integrated circuit card 100 reads specific data from integrated circuit card storage unit 102 and/or high capacity storage unit 104, according to the setting of authentication mechanism for encrypting, judge whether these data decipher through encrypting and needing.Deciphering returns to data processing main frame 300 after then 200 pairs of these data of integrated circuit card 100 and/or read write line are decrypted if desired; If these data need not deciphered, then return to data processing main frame 300 through read write line 200.
Instruct for data writing operation, for example write specific data to storage unit 102 and/or high capacity storage unit 104, its processing is similar to the read data operational order: integrated circuit card 100 is this user's of check operating right earlier, determines that this user has the write operation authority to integrated circuit card storage unit 102 and/or high capacity storage unit 104; If the user does not possess the write operation authority, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 and integrated circuit card 100 continue wait data processing main frame 300 and assign operational order.If the user has the write operation authority, whether needs are encrypted then to judge these data according to the setting of authentication mechanism for encrypting.Encrypt if desired, write integrated circuit card storage unit 102 and/or high capacity storage unit 104 after then 100 pairs of these data of read write line 200 and/or integrated circuit card are encrypted, return the write data successful information to data processing main frame 300 again; If these data need not encrypted, the integrated circuit card storage unit 102 of then writing direct and/or high capacity storage unit 104 are returned the write data successful information to data processing main frame 300.
For the format manipulation instruction, read write line 200 is this user's of check operating right earlier, determines whether this user has the format manipulation authority to specifying integrated circuit card high capacity storage unit 104 or the storage unit 102 that will carry out format manipulation.If the user does not possess this operating right, then to data processing main frame 300 return failure informations.Operating process is got back to 1. locating of Fig. 2, and read write line 200 and integrated circuit card 100 continue wait data processing main frame 300 and assign operational order.If the user has this operating right, then high capacity storage unit 205 or storage unit 102 are carried out format manipulation, return the format manipulation successful information to data processing main frame 300.
Withdraw from operational order for the user, after read write line 200 is received the instruction that customer requirements withdraws from, wait for that program run of all relevant these users finish, preserve user profile; Reresent the next bit user and carry out authentication, if the verification passes, then call this user information, determine its rights of using, receive and also to carry out user instruction.
For extracting the integrated circuit card operational order, read write line 200 receives that the instruction back discharges integrated circuit card 100 according to sequential.After the user extracts integrated circuit card 100, exist sign to empty the integrated circuit card of correspondence, indicate and do not have this integrated circuit card connection.Operating process is got back to 2. locating of Fig. 2, and read write line 200 will be in waiting status, until there being integrated circuit card 100 to insert read write line 200 again, produce to interrupt once more, and the integrated circuit card 100 of new insertion is carried out above-mentioned resetting and operation such as initialization.
Utilize IC card system of the present invention and method of operating, can be with the electron key of integrated circuit card 100 as read write line 200, before read write line 200 is operated, must insert integrated circuit card 100, by the data manipulation that could carry out in the authority read write line 200 after the authentication.On the other hand, also can be with read write line 200 read-write machine dedicated as integrated circuit card 100, after integrated circuit card 100 inserts read write lines 200, need the data manipulation that could carry out in the authority integrated circuit card 100 through authentication.Have, integrated circuit card 100 also can be used as the electron key or the encrypting and decrypting instrument of read write line 200 or data processing main frame 300 again.In like manner also can be with read write line 200 as the electron key of data processing main frame 300 or encrypting and decrypting, authentication means.Thus can be strict the legal use of safety of equipment such as integrated circuit card 100, read write line 200, data processing main frame 300 in the control integrated circuit card system, and can protect the safety of data in each equipment effectively.
In one embodiment of the invention, can only constitute IC card system by a plurality of integrated circuit cards 100 and read write line 200 thereof.At this moment, the power supply unit of read write line 200 can adopt battery or external direct current power supply power supply.Read write line 200 successively or simultaneously and a plurality of integrated circuit card connection, to its read, write operation.This system can carry out encrypting and authenticating work according to the requirement of authentication mechanism for encrypting and cipher key system, carries out exchanges data work according to chip operating system in the default card.In this case, user input unit is set for user's input operation instruction and data in the read write line 200.In addition, output unit also is set to user report operational order execution result or system status information.This input block can be button, keyboard, writing pencil or phonetic entry device etc.Output device can be pilot lamp, display screen or voice output device etc.
This moment, integrated circuit card 100 promptly can be used as the safety certification or the encrypting and decrypting instrument of read write line 200, for example as the electron key of read write line 200, hold integrated circuit card 100 by the user, when the user will operate read write line 200, read write line 200 carries out authentication, determines operating right by 100 couples of users of integrated circuit card that the user inserts, just the data manipulation that can carry out in the authority read write line 200.Similarly, read write line 200 also can be used as the encrypting and decrypting instrument or the safety certification instrument of integrated circuit card 100.Carry out the authentication operation and data are carried out the encrypting and decrypting processing.Integrated circuit card 100 and read write line 200 can exchange the data of preservation.
This moment, the operating process of IC card system was, when one or more integrated circuit cards 100 are connected with read write line 200, the integrated circuit card interface unit 202 of read write line 200 has recognized integrated circuit card 100 and has inserted, being connected between the interface standard of each integrated circuit card interface unit 103 of being connected of identification, initialization and each integrated circuit card interface unit 103 the corresponding interface; According to the method for normalizing of interface standard agreement set up with each integrated circuit card 100 between logic be connected; Explain, change, control and transmit various control informations and data message between each integrated circuit card 100 and the read write line 200.After integrated circuit card 100 and read write line 200 successful connections, read write line 200 begins to receive user's operational order by input media, explains this operational order.Particular content according to instruction carries out authentication, read data, write data, formats, extracts operation such as integrated circuit card.The concrete operations flow process that each instruction is carried out is similar to operating process shown in Figure 4.
Contrast flow process shown in Figure 4, the operating process of IC card system changes read write line 200 into and receives user's operational order by the user input unit (not shown in figure 1) at this moment, rather than receives the operational order that data processing main frame 300 transmits.Instruction is carried out the system information or the data that produce and is also no longer returned to data processing main frame 300, but directly feeds back to the user by the output unit (not shown in figure 1).
In another embodiment of the present invention, can only be connected with data processing main frame 300 and constitute an IC card system with read write line 200, read write line 200 can be one or more.At this moment, the power supply unit of read write line 200 can adopt battery, external direct current power supply, also can adopt the USB interface power supply.Read write line 200 carries out data exchange processing with the IC card system that data processing main frame 300 constitutes according to the operating system of operating system, solidification software and the data processing main frame 300 of read write line 200, carries out encrypting and authenticating work according to encrypting and authenticating unit 201 and default authentication mechanism for encrypting.
This moment, read write line 200 can be used as the electron key of data processing main frame 300, and the user must be by authentication, determine operating right, just the data manipulation that can carry out in the authority data processing host 300.In addition, read write line 200 also can be used as the encrypting and decrypting instrument of data, utilizes the encrypting and authenticating unit of described read write line 200 that data are carried out encryption/decryption process.Read write line 200 can also utilize its high capacity storage unit 205 storage mass data and carry out data interaction with data processing main frame 300 as mobile memory.
In this embodiment, the operating process of IC card system is, when one or more read write lines 200 are connected with data processing main frame 300, the data processing host interface unit 301 of data processing main frame 300 has recognized read write line 200 and has inserted, the interface standard that respectively connects data processing host interface unit 204 that identification is connected, initialization is connected the connection between data processing host interface unit 204 the corresponding interface with each; According to the method for normalizing of interface standard agreement set up with each read write line 200 between logic be connected; Control information and data message between explanation, conversion, control and transmission read write line 200 and the data processing main frame 300.After read write line 200 and 300 successful connections of data processing main frame, data processing main frame 300 begins to receive user's operational order by the entering apparatus of self such as keyboard, writing pencil, touch-screen, mouse, phonetic entry device etc., and explains this operational order.In user instruction, to the operational order of read write line 200 according to particular content can be divided into authentication, read data, write data, format, remove read write line, operation such as user's switching.Concrete operations flow process that each instruction is carried out and operating process shown in Figure 3 are similar, repeat no more.
In these embodiments, need between integrated circuit card storage unit 102 and/or high capacity storage unit 104, read write line high capacity storage unit 205 and/or data processing main frame 300, exchange a large amount of storage data.In order to make a read write line 200 can handle a plurality of integrated circuit cards 100, require read write line 200 can rationally preserve many information of a plurality of integrated circuit cards.For this reason, in an embodiment of the present invention, the sequence number of corresponding each integrated circuit card is opened up a virtual memory space in the high capacity storage unit 205 of read write line, is used for storing the data of the integrated circuit card of this sequence number.Like this, for inserting a plurality of integrated circuit card situations in the read write line 200 simultaneously, read write line 200 is set up a virtual memory space for the integrated circuit card of each sequence number, data or information when the needs storage of the integrated circuit card of certain sequence number being operated generation, read write line 200 is stored in it in high capacity storage unit 205, in should the virtual memory space of integrated circuit card, can realize that so 200 pairs of a plurality of integrated circuit cards of read write line connect and data manipulation simultaneously.
In addition, also can in the high capacity storage unit 205 of read write line 200, open up a virtual memory space, be used to store relevant integrated circuit card at every turn from connecting the data between disconnecting.Like this, for inserting a plurality of integrated circuit cards simultaneously in the read write line 200, read write line 200 is set up a virtual memory space for the integrated circuit card of each access, when certain integrated circuit card being operated data that generation need store or information, read write line 200 is stored in it that this inserts in the pairing virtual memory space with this integrated circuit card in high capacity storage unit 205, can realize that so 200 pairs of a plurality of integrated circuit cards of read write line connect and data manipulation simultaneously.For read write line 200 can be used by a plurality of users, in the above embodiment of the present invention, also set up multi-user's mechanism, for every user sets in advance or store corresponding authentication information, and distribute a virtual memory space.Read write line 200 also should support the user during read write line 200 in working order to switch, and when customer requirements withdraws from, waits for that program run of all relevant these users finish, and preserves user profile; Reresent the next bit user and carry out authentication, if the verification passes, then call this user information, determine its rights of using, receive and also to carry out user instruction.IC card system in the present embodiment uses synoptic diagram as shown in Figure 5, and wherein 100 is integrated circuit card, and 200 is read write line, and 300 is the data processing main frame.Integrated circuit card 100 inserts read write line 200 by the IC-card interface, and read write line 200 inserts data processing main frame 300 by general-purpose interface.Be connected by the integrated circuit card plug between integrated circuit card 100 and the read write line 200; Be connected by USB interface between read write line 200 and the data processing main frame 300.For clarity sake, the user input unit of read write line 200 and output unit are also not shown in Fig. 5.
Fig. 6 shows the logic diagram of second embodiment of the present invention.The IC card system of this embodiment comprises integrated equipment 400 and data processing main frame 300, and wherein integrated equipment 400 becomes one integrated circuit card and read write line thereof.
As shown in Figure 6, integrated equipment 400 comprises encrypting and authenticating unit 401, control module 402, connects data processing host interface unit 404, high capacity storage unit 405.The two-way transmission of the interconnection supports data traffic between each unit.Integrated equipment 400 also comprises power supply unit (not shown among Fig. 6) in addition.Preserve operating system, application software, file system in the control module 402 of integrated equipment 400 and the high capacity storage unit 405.The function of the encrypting and authenticating unit 201 in the function of encrypting and authenticating unit 401 and first embodiment is identical, does not repeat them here.
In the present embodiment, the encrypting and authenticating unit 401 in the integrated equipment 400 can be realized by hardware, also can use software, calls realization by the control module 402 of integrated equipment 400.Encrypting and authenticating unit 401 can independently also can be to integrate with control module 402 physically.The two has formed the CPU (central processing unit) 403 of integrated equipment 400 jointly.
In an embodiment of the present embodiment, high capacity storage unit 405 adopts flash memory to realize, connects data processing host interface unit 404 and adopts the IEEE1394 bus interface to realize.
Data processing main frame 300 has data processing host interface unit 301, and the data processing host interface unit 301 of data processing host side adopts the IEEE1394 bus interface.Data processing main frame 300 is connected and exchanges data with integrated equipment 400 by this data processing host interface unit 301.Data processing host interface unit 301 can have one or more interfaces, so that be connected with one or more integrated equipments 400 in the native system and carry out data double-way and transmit.
Data processing host interface unit 301 is connected with each integrated equipment 400 and output data, the data file of described data processing main frame 300 storages can be outputed to each integrated equipment 400 according to user's request; This data processing host interface unit 301 also can be used as the interface of data input, will be input to from the data of each integrated equipment 400 in the data processing main frame 300 and handle or store, and perhaps outputs in other equipment again and goes.
When a plurality of integrated equipments 400 are connected with the data processing main frame, being connected between parallel, the serial of the connection data processing host interface unit 404 of each integrated equipment 400 that data processing host interface unit 301 identification is connected and/or the air interface standard, initialization and each integrated equipment 400 the corresponding interface; According to the method for normalizing of interface standard agreement set up with each integrated equipment 400 between logic be connected; Explain, various control informations and data message between conversion, control and transmission data processing main frame 300 and each integrated equipment 400, realize being connected and exchanges data between each integrated equipment 400 and the data processing main frame 300.
The power supply unit of integrated equipment 400 (not shown among Fig. 6) can adopt battery, external direct current power supply.When integrated equipment 400 is connected with data processing main frame 300, also can adopt the IEEE1394 bus interface to power by the data processing main frame.Integrated equipment 400 carries out data exchange processing with the IC card system that data processing main frame 300 constitutes according to the solidification software of integrated equipment 400 and the operating system of data processing main frame 300, carries out encrypting and authenticating work according to the encrypting and authenticating unit 401 of integrated equipment 400 and the authentication mechanism for encrypting of presetting.Hereinafter will be described in detail these operations.
In an embodiment of this embodiment, integrated equipment 400 also can allow a plurality of users to use.In integrated equipment 400, set up multi-user's mechanism for this reason,, and distributed a virtual memory space for every user is provided with corresponding authentication information.Allow the user of integrated equipment 400 in working order to switch, when customer requirements withdraws from, wait for that program run of all relevant these users finish, preserve user profile; Reresent the next bit user and carry out authentication, if the verification passes, then call this user information, determine its rights of using to receive and carry out user instruction again.Fig. 7 has shown the operating process according to the IC card system of second embodiment of the invention.Details are as follows in conjunction with the accompanying drawings:
When integrated equipment 400 inserted data processing main frame 300, integrated equipment 400 carried out initial work, by data processing main frame 300 identification integrated equipments 400, sent inquiry information, according to replying of integrated equipment 400, it was configured.After integrated equipment 400 was finished by the 300 installation configurations of data processing main frame, integrated equipment 400 began to receive the instruction that data processing main frame 300 is sent, according to the type and the operand of the form decision instruction of instructing.At dissimilar instructions, explain and carry out this instruction and carry out corresponding operating, again to data processing main frame 300 return results.After an instruction is finished, waits for and assign next operational order until data processing main frame 300.
The instruction that data processing main frame 300 is sent is broadly divided into authentication, read data, write data, format, switching user and removes six kinds of operations such as integrated equipment.
For the authentication operational order, data processing main frame 300 will require the user to import the authentication information of appointment and send this information to integrated equipment 400; Integrated equipment 400 compares this authentication information and the authentication information that prestores, if authentication information conforms to prestored information, determines that then this user is to the operating right of integrated equipment 400 and to data processing main frame 300 return authentication successful information; If authentication information and prestored information are not inconsistent, then to data processing main frame 300 return authentication failure informations, and get back to Fig. 7 1. locate continue to wait for that data processing main frame 300 assigns operational order.
For the read data operational order, integrated equipment 400 is this user's of check operating right earlier, determines that this user has the read operation authority to integrated equipment high capacity storage unit 405; If the user does not possess the read data authority,, get back to the continuation wait data processing main frame 300 of 1. locating of Fig. 7 and assign operational order then to data processing main frame 300 return failure informations.If the user has the read data authority, then integrated equipment reading command data designated from high capacity storage unit 504 according to the setting of authentication mechanism for encrypting, judges whether these data are to decipher through encrypting and needing; Deciphering is then called and is returned to data processing main frame 300 after 401 pairs of these data in encrypting and authenticating unit are decrypted if desired; If these data need not deciphered, then directly return to data processing main frame 300.
Processing for the data writing operation instruction is similar to the read data operational order: integrated equipment 400 is this user's of check operating right earlier, determines that this user has the write operation authority to its high capacity storage unit 405; If the user does not possess the write data authority,, get back to the continuation wait data processing main frame 300 of 1. locating of Fig. 7 and assign operational order then to data processing main frame 300 return failure informations.If the user has the write data authority, whether needs are encrypted then to judge these data according to the setting of authentication mechanism for encrypting; Encrypt if desired, then call and write high capacity storage unit 405 after 401 pairs of these data in encrypting and authenticating unit are encrypted, return the write data successful information to data processing main frame 300 again; If these data need not encrypted, the high capacity storage unit 405 of then writing direct is returned the write data successful information.
For the format manipulation instruction, integrated equipment 400 is this user's of check operating right earlier, determines that this user has the format manipulation authority to its high capacity storage unit 405; If the user does not possess this operating right,, get back to the continuation wait data processing main frame 300 of 1. locating of Fig. 7 and assign operational order then to data processing main frame 300 return failure informations.If the user has this operating right, then high capacity storage unit 405 is carried out format manipulation, return the format manipulation successful information.
When switching between a plurality of users of integrated equipment 400, switch user's operation.The concrete processing is: integrated equipment 400 is preserved active user's information, data processing main frame 300 replacement integrated equipments 400, and operating process is got back to 1. locating of Fig. 7, and integrated equipment 400 continues wait data processing main frame 300 and assigns operational order.After having only the next bit user to finish the authentication operation, just can visit integrated equipment 400.
For removing the integrated equipment operational order, integrated equipment 400 is preserved and user-dependent information; After the user extracted integrated equipment 400, the operating process of total system finished.
Can be with the electron key of the integrated equipment in the present embodiment 400 as data processing main frame 300, only integrated equipment 400 is being inserted data processing main frame 300, and after the user has passed through authentication check and definite operating right, the data manipulation that can carry out in the authority data processing host 300; In like manner also can protect the data in the integrated equipment 400.
In addition, integrated equipment 400 also can be used as the encrypting and decrypting instrument of data, utilizes 401 pairs of data in encrypting and authenticating unit of integrated equipment 400 to carry out the encrypting and decrypting processing.
Have, integrated equipment 400 also can be used as mobile memory again, stores mass data and carries out data interaction with data processing main frame 300.
In addition, the specialized equipment of integrated equipment 400 as data processing main frame 300 only can also be used on one or more data processing main frame of setting.
In one embodiment, can be between integrated equipment 400 and the data processing main frame 300 by for example blue tooth interface realization of wireless connections mode.In this case, the data processing host interface unit 301 in connection data processing host interface unit in the integrated equipment 400 404 and the data processing main frame 300 all adopts the blue tooth interface standard construction and communicates.Integrated equipment 400 is by external direct current power supply or powered battery.
In sum; employing has integrated equipment and/or the integrated circuit card and the read write line thereof of high capacity storage and general-purpose interface; not only can realize transmitting data encrypts and protects; the user network digital signature; authentication; network access authority control; the file encryption management; data encrypting and deciphering; multinomial functions such as software property right protection; effectively the protection significant data is not monitored; intercept and distort; effectively guarantee the validity and the integrality of data; can also realize the exchange of mass data; handle and mobile storage; processing speed of data and ability are all improved greatly, can be widely used in the requirement authentication; identification; the mobile storage field and the security fields of data encryption.
More than being that the present invention is exemplarily illustrated, one of ordinary skill in the art will appreciate that, is not unique to the scheme of the setting of high capacity storage unit, and data exchange channel, encrypting and decrypting and authentication mechanism for encrypting also can adopt various known mature technologies.Marrow of the present invention is the combination and the functions expanding of high capacity memory technology, encryption and decryption technique, authentication mechanism for encrypting and universal data interface.Therefore, the various remodeling to technical solution of the present invention that do not depart from inventive concept will fall into the reserved-range that claim of the present invention limits.

Claims (9)

1. IC card system comprises:
Integrated circuit card (100);
Read write line (200) is used for integrated circuit card (100) is operated and carried out data exchange processing with data processing main frame (300);
Data processing main frame (300) is used for the operation of control to read write line (200), and by the operation of read write line (200) control to integrated circuit card (100), and can carry out data interaction with described read write line (200) and integrated circuit card (100),
Wherein, described read write line (200) and described integrated circuit card (100) all have high capacity storage unit and encrypting and authenticating unit respectively, realize the authentication that described data processing main frame (300) is operated by integrated circuit card (100) and read write line (200).
2. IC card system according to claim 1 is characterized in that,
Described integrated circuit card (100) also comprises:
Storage unit (102), integrating or divide with described high capacity storage unit is arranged,
Interface unit (103) is used for communicating with the interface of external unit,
Control module (101) is used to control the operation of described interface unit (103), storage unit (102) and described high capacity storage unit and carries out data processing;
Described read write line (200) also comprises:
Connect integrated circuit card interface unit (202), be used for connecting with described integrated circuit card (100) and carrying out exchanges data,
Connect data processing host interface units (204), be used for connecting and exchanges data with described data processing main frame (300),
Control module (203) is used for controlling the operation of each unit of described read write line (200);
Described data processing main frame (300) comprises data processing host interface unit (301), is used for connecting with described read write line (200) and carrying out exchanges data.
3. IC card system according to claim 2 is characterized in that, the encrypting and authenticating unit of described integrated circuit card (100) also is used for data are carried out encryption and decryption; Described encrypting and authenticating unit carries out the encrypting and authenticating operation separately, or finishes the encrypting and authenticating operation jointly with the encrypting and authenticating unit of read write line (200).
4. IC card system according to claim 1,
Wherein, by the authentication of integrated circuit card (100) realization to described read write line (200) operation.
5. according to claim 1 or 4 described IC card systems, it is characterized in that described read write line (200) comprises a plurality of integrated circuit card interfaces, respectively or simultaneously with the line data exchange of going forward side by side of a plurality of integrated circuit card connection.
6. IC card system according to claim 5 is characterized in that, realizes that in the following way read write line (200) is respectively or simultaneously with a plurality of integrated circuit card connection with carry out exchanges data:
In read write line (200), open up a virtual memory space, be used for storing the data of the integrated circuit card of this sequence number corresponding to the sequence number of each integrated circuit card; Perhaps
In the high capacity storage unit (205) of read write line (200), corresponding to each connection of integrated circuit card open up a virtual memory space, store relevant integrated circuit card at every turn from connecting the data between disconnecting.
7. IC card system according to claim 2, it is characterized in that, the encrypting and authenticating unit of described read write line (200) is realized separately by hardware or by the software that the control module (203) of described read write line calls, perhaps is integrated in the control module (203) of described read write line.
8. IC card system according to claim 2 is characterized in that, described data processing host interface unit (301) has a plurality of interfaces, is used for being connected with a plurality of read write lines (200) and carrying out exchanges data.
9. according to claim 1 or 4 described IC card systems, it is characterized in that, described high capacity storage unit adopts any in magnetic medium, light medium and the semiconductor storage medium, wherein said semiconductor storage medium is selected from any in flash medium, dynamic RAM, Electrically Erasable Read Only Memory, static memory, synchronous DRAM, ferroelectric memory, magnetic random access memory and the ultrahigh density storage chip, and described magnetic medium is selected from any in hard disk, portable hard drive and the micro hard disk.
CNB031433936A 2003-09-30 2003-09-30 Integrate circuit card system Expired - Lifetime CN100433051C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031433936A CN100433051C (en) 2003-09-30 2003-09-30 Integrate circuit card system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031433936A CN100433051C (en) 2003-09-30 2003-09-30 Integrate circuit card system

Publications (2)

Publication Number Publication Date
CN1604127A CN1604127A (en) 2005-04-06
CN100433051C true CN100433051C (en) 2008-11-12

Family

ID=34659407

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031433936A Expired - Lifetime CN100433051C (en) 2003-09-30 2003-09-30 Integrate circuit card system

Country Status (1)

Country Link
CN (1) CN100433051C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754448B (en) * 2008-11-28 2012-11-07 爱思开电讯投资(中国)有限公司 Dual-core intelligent card for mobile communication and data transmission and processing method thereof
CN105989382A (en) * 2015-02-03 2016-10-05 天地融科技股份有限公司 Real card management device and data interaction method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4960982A (en) * 1987-04-09 1990-10-02 Mitsubishi Denki Kabushiki Kaisha IC card with secure mass storage memory
CN1159034A (en) * 1995-12-08 1997-09-10 株式会社日立制作所 IC card read/write device and its operating method
CN1193151A (en) * 1997-02-24 1998-09-16 株式会社东芝 IC card system and method for making IC card system safety

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4960982A (en) * 1987-04-09 1990-10-02 Mitsubishi Denki Kabushiki Kaisha IC card with secure mass storage memory
CN1159034A (en) * 1995-12-08 1997-09-10 株式会社日立制作所 IC card read/write device and its operating method
CN1193151A (en) * 1997-02-24 1998-09-16 株式会社东芝 IC card system and method for making IC card system safety

Also Published As

Publication number Publication date
CN1604127A (en) 2005-04-06

Similar Documents

Publication Publication Date Title
CN101241569B (en) Electronic signature method and device and system
CN102037499B (en) NFC mobile communication device and NFC reader
CN101042737B (en) Smart card and method for creating application and insertion objects in smart card
CN101339597B (en) Method, system and equipment for upgrading read-write machine firmware
CN102946484A (en) Method for unlocking mobile terminal by near-filed communication and system
KR100659633B1 (en) Ic card with cipher key conversion function, ic card system and settlement terminal
CN105205508A (en) Self-service card issuing machine for intelligent card
CN101685425A (en) Mobile storage device and method of encrypting same
CN101364187A (en) Double operating system computer against worms
CN102646075A (en) Storage card locking method and system
CN105095945A (en) SD card capable of securely storing data
CN102663326A (en) SoC-used data security encryption module
CN201590091U (en) Encryption type memory card read/write device based on password authentication
CN102662874A (en) Double-interface encryption memory card and management method and system of data in double-interface encryption memory card
CN101789088A (en) SD card with payment function
CN100570633C (en) The disposal route of CPU and logical encrypt double-purpose smart card and critical data thereof
CN101499142A (en) Double-interface smart card and method for processing application instruction
CN107318103B (en) Machine switching prevention method and system based on Internet of things SIM card
WO2002003271A1 (en) Ic card, method for backing up ic card, and restoring method
CN100433051C (en) Integrate circuit card system
CN102316428A (en) Method for communication between mobile application client and intelligent card and device
CN106778939A (en) Electronic tag sensor-based system
CN202838553U (en) Electronic payment terminal
KR20040092669A (en) A rfid terminal and a tag with security function
KR100574238B1 (en) Data storage apparatus with usb interface ic chip, and storing method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: SHENZHEN CITY LANGKE TECHNOLOGY CO.,LTD.

Free format text: FORMER NAME OR ADDRESS: LANGKE SCIENCE AND TECHNOLOGY CO LTD, SHENZHEN CITY

CP01 Change in the name or title of a patent holder

Address after: The South high tech Zone of Shenzhen City, Guangdong province a Chinese Development Institute of science and technology incubator building, 6 floor

Patentee after: NETAC TECHNOLOGY Co.,Ltd.

Address before: The South high tech Zone of Shenzhen City, Guangdong province a Chinese Development Institute of science and technology incubator building, 6 floor

Patentee before: Netac Technology Co.,Ltd.

CX01 Expiry of patent term

Granted publication date: 20081112

CX01 Expiry of patent term