CN101132276A - Method and system for symmetrical encryption of terminal data by SAM card - Google Patents
Method and system for symmetrical encryption of terminal data by SAM card Download PDFInfo
- Publication number
- CN101132276A CN101132276A CNA200710152544XA CN200710152544A CN101132276A CN 101132276 A CN101132276 A CN 101132276A CN A200710152544X A CNA200710152544X A CN A200710152544XA CN 200710152544 A CN200710152544 A CN 200710152544A CN 101132276 A CN101132276 A CN 101132276A
- Authority
- CN
- China
- Prior art keywords
- terminal
- data
- odd
- key
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses a symmetric cipherring method and a system for terminal data by SAM cards, which introduces intelligent card SAM with various ciphered algorithms in it as a place for storing symmetric cryptographic keys, a receiving platform of a terminal transmits dispersion factions and generates a temporary cyrptographic key by the SAM card and encrypts the data so as to provide safe and efficient encryption and transmission. The method includes: a terminal starts up a request for business when a trade appears, the receiving platform sends trade information including dispersion factions, a SAM card in the terminal generates a temporary working cryptographic key according a sub-cryptographic key, the dispersion factors and the algorithm in the SAM, which encrypts the being transmitted data with the temporary key and sends the data to the platform then the terminal deletes the key after the trade.
Description
Technical field
The present invention relates to the network technology application, relate in particular to by SAM (Security AccessModule, secure access module) and stick into capable terminal data symmetric encryption method and system.
Background technology
At present, continuous expansion along with the electronic process of payment, Information Security in the electronization payment process seems more and more important, how to guarantee that data transmission safety is very important between platform and the terminal, and data encryption needs to follow following principle and designs on terminal:
1, the terminal data encryption requires with low cost.
2, terminal data is encrypted and is required to possess anti-reverse process capability.
3, terminal data is encrypted and is required computing fast several times, the computational efficiency height.
4, terminal data is encrypted and is required the energy anti-eavesdrop.
Summary of the invention
The technical problem to be solved in the present invention provides and a kind ofly sticks into capable terminal data symmetric encryption method and system by SAM, guarantees the fail safe of terminal data.
The core concept of the data symmetric encryption method of multistage dispersion of the present invention is: introduce the place that smart card SAM card is deposited as symmetric key, the built-in various cryptographic algorithm of SAM card, the dispersion factor of terminal receiving platform side transmission, terminal generates temporary key by the SAM card and data is encrypted, for terminal provides safe and efficient encryption and transmission, guarantee the safe and reliable transmission of data in network.
In order to solve the problems of the technologies described above, this provides a kind of is that SAM sticks into capable terminal data symmetric encryption method by secure access module, and the SAM card that writes sub-key is installed in the described terminal, and described method comprises:
When transaction took place, terminal was initiated transaction request, the Transaction Information that receiving platform issues, and described Transaction Information comprises dispersion factor, the SAM card in the terminal generates the odd-job key according to the algorithm in sub-key, dispersion factor and the SAM card;
The SAM card adopts in the odd-job key terminal data waiting for transmission is encrypted, and data encrypted is sent to platform;
Once or during closing the transaction several times, the odd-job key of this transaction of terminal deletion.
Further, said method also can have following characteristics, and it is that 3DEA generates the odd-job key that described SAM card adopts triple DEAs.
Further, said method also can have following characteristics, and it is that the DES algorithm is encrypted data waiting for transmission that described SAM card adopts data encryption standard algorithm.
Further, said method also can have following characteristics, after described SAM card adopts the odd-job key that data waiting for transmission are encrypted, utilizing described odd-job key that data encrypted is carried out MAC again calculates, obtain checking data, terminal is sent to platform with data encrypted with checking data.
In order to solve the problems of the technologies described above, it is that SAM sticks into capable terminal data symmetric encryption system by secure access module that the present invention also provides a kind of, comprises the system platform and the terminal that connect by network, wherein:
Described system platform comprises encryption equipment, Service Processing Module and access server, wherein:
Access server is used for communicating by letter of system platform and terminal;
Described Service Processing Module is used for the transaction request that receiving terminal is initiated, and sends Transaction Information to terminal;
Described encryption equipment is used for generating dispersion factor according to transaction request;
Once or during closing the transaction several times, described system platform is deleted the odd-job key of this transaction;
The SAM card is installed in the described terminal, wherein:
Described terminal is used to initiate transaction request, the Transaction Information that receiving platform issues, and to platform transmission data encrypted;
The dispersion factor that described SAM card is used for issuing according to the sub-key, algorithm and the platform that block generates the odd-job key, and with the odd-job key terminal data waiting for transmission is encrypted;
Once or during closing the transaction several times, the odd-job key of described this transaction of terminal deletion.
Further, said system also can have following characteristics, and it is that 3DEA generates the odd-job key that described SAM card adopts triple DEAs.
Further, said system also can have following characteristics, and it is that the DES algorithm is encrypted data waiting for transmission that described SAM card adopts data encryption standard algorithm.
Further, said system also can have following characteristics, after described SAM card adopts the odd-job key that data waiting for transmission are encrypted, utilizes described odd-job key that data encrypted is carried out MAC again and calculates, and obtains checking data; Described terminal is sent to platform with data encrypted with checking data.
The fail safe of the method for the invention cryptographic system does not rely on algorithm, but maintaining secrecy based on encryption key, use the odd-job key to carry out data encrypting and deciphering, increase the data difficulty of attacking greatly, criminal can only crack the temporary key of certain transaction and can not obtain user's sub-key, has guaranteed key safety; And because the life cycle of odd-job key is very short, uses up promptly and lost efficacy, therefore also guaranteed safety of data.In addition, the present invention adopts SAM to carry out operations such as the generation of odd-job key and data encryption, has improved arithmetic speed, and the terminal computing capability is required low, effectively reduces the whole cost of terminal.In sum, the scheme that adopts the present invention to describe, realized terminal data safe and reliable be transferred to platform, on the basis that fully ensures the data security transmission, guaranteed the safety of payment, ensure normally carrying out of payment transaction.
Description of drawings
Fig. 1 encrypts schematic diagram for terminal data;
Fig. 2 is terminal data encryption flow figure;
Fig. 3 is the schematic diagram of embodiment of the invention encryption system.
Embodiment
With reference to figure 1 and Fig. 2, terminal comprises the steps: the encryption implementation method of data
Sub-key is stored in the SAM card of distribution throughout one's life, can not change, and can not be derived.
Dispersion factor is the Serial No. that is generated at random by platform.
The SAM card can adopt 3DEA (Triple Data Encryption Algorithm, triple DEAs) to generate the odd-job key.
The odd-job key is present in the SAM card, derives from when transaction starts, and destroys when closing the transaction, can not be derived.
The cryptographic algorithm that uses in the present embodiment be obtain People's Bank of China regulation at present with extensive DES algorithm (the Data Encryption Standard of approval in the world, data encryption standard), this encryption method is a kind of district's group password that adopts the conventional cryptography method, uses identical key that data are carried out encryption and decryption.
In other embodiments, for the integrality that guarantees data and prevent that data from losing or distorted in transmission course, also can carry out MAC (Message Authentication Code to data, the message authentication sign indicating number) calculates for platform validation, particularly, in each financial transaction process, before data encrypted is sent to platform, the SAM card carries out MAC with the odd-job key to data encrypted and calculates, obtain checking data, terminal is sent to platform with data encrypted with checking data.
After this transaction is finished, terminal deletion odd-job key, next time, system regenerated dispersion factor when concluding the business, and terminal recomputates the odd-job key according to this dispersion factor, and data are encrypted, and has guaranteed safety of data with this.
The fail safe of DSE arithmetic is to be based upon on the basis of key confidentiality.Therefore, key is the key of whole system security mechanism.In the present embodiment, because decentralized algorithm is irreversible, cipher key derivation procedure is irreversible, promptly can go out subordinate's key from higher level's key derivation, but cannot guarantee the fail safe of key by the key derivation higher level of subordinate key.And, because the odd-job key derives from when transaction starts, when closing the transaction, to destroy, its life cycle is very short, and each odd-job key that participates in encrypting all is mutually different, has guaranteed safety of data.
The life cycle of odd-job key, except being arranged to each transaction back deletion, deletion again after can also being arranged to conclude the business several times, but at least should be within one day transaction count.
After platform side was received the data of terminal transmission, then algorithm according to a preconcerted arrangement and key were decrypted data.
Fig. 3 is the schematic diagram of embodiment of the invention encryption system, and as shown in Figure 3, encryption system comprises system platform and the terminal two parts that connect by network in the present embodiment.
System platform comprises encryption equipment, Service Processing Module and access server, wherein:
Access server is used for communicating by letter of system platform and terminal;
Described Service Processing Module is used for the transaction request that receiving terminal is initiated, and sends Transaction Information to terminal, and the processing of carrying out the business of terminal request;
Described encryption equipment is used to generate dispersion factor, and the data that terminal is sent are decrypted.
The SAM card is installed in the terminal, wherein:
Described terminal is used to initiate transaction request, the Transaction Information that receiving platform issues, and to platform transmission data encrypted;
The dispersion factor that described SAM card is used for issuing according to the sub-key, algorithm and the platform that block generates the odd-job key, and with the odd-job key terminal data waiting for transmission is encrypted; Described SAM card can also carry out MAC to data encrypted with the odd-job key and calculate, and obtains checking data.
Claims (8)
1. one kind is that SAM sticks into capable terminal data symmetric encryption method by secure access module, it is characterized in that the SAM card that writes sub-key is installed in the described terminal, and described method comprises:
When transaction took place, terminal was initiated transaction request, the Transaction Information that receiving platform issues, and described Transaction Information comprises dispersion factor, the SAM card in the terminal generates the odd-job key according to the algorithm in sub-key, dispersion factor and the SAM card;
The SAM card adopts in the odd-job key terminal data waiting for transmission is encrypted, and data encrypted is sent to platform;
Once or during closing the transaction several times, the odd-job key of this transaction of terminal deletion.
2. the method for claim 1 is characterized in that,
It is that 3DEA generates the odd-job key that described SAM card adopts triple DEAs.
3. the method for claim 1 is characterized in that,
It is that the DES algorithm is encrypted data waiting for transmission that described SAM card adopts data encryption standard algorithm.
4. the method for claim 1 is characterized in that,
After described SAM card adopts the odd-job key that data waiting for transmission are encrypted, utilize described odd-job key that data encrypted is carried out MAC again and calculate, obtain checking data, terminal is sent to platform with data encrypted with checking data.
5. one kind is that SAM sticks into capable terminal data symmetric encryption system by secure access module, it is characterized in that, comprises the system platform and the terminal that connect by network, wherein:
Described system platform comprises encryption equipment, Service Processing Module and access server, wherein:
Access server is used for communicating by letter of system platform and terminal;
Described Service Processing Module is used for the transaction request that receiving terminal is initiated, and sends Transaction Information to terminal;
Described encryption equipment is used for generating dispersion factor according to transaction request;
Once or during closing the transaction several times, described system platform is deleted the odd-job key of this transaction;
The SAM card is installed in the described terminal, wherein:
Described terminal is used to initiate transaction request, the Transaction Information that receiving platform issues, and to platform transmission data encrypted;
The dispersion factor that described SAM card is used for issuing according to the sub-key, algorithm and the platform that block generates the odd-job key, and with the odd-job key terminal data waiting for transmission is encrypted;
Once or during closing the transaction several times, the odd-job key of described this transaction of terminal deletion.
6. system as claimed in claim 5 is characterized in that,
It is that 3DEA generates the odd-job key that described SAM card adopts triple DEAs.
7. system as claimed in claim 5 is characterized in that,
It is that the DES algorithm is encrypted data waiting for transmission that described SAM card adopts data encryption standard algorithm.
8. system as claimed in claim 5 is characterized in that,
After described SAM card adopts the odd-job key that data waiting for transmission are encrypted, utilize described odd-job key that data encrypted is carried out MAC again and calculate, obtain checking data;
Described terminal is sent to platform with data encrypted with checking data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710152544XA CN101132276A (en) | 2007-09-27 | 2007-09-27 | Method and system for symmetrical encryption of terminal data by SAM card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710152544XA CN101132276A (en) | 2007-09-27 | 2007-09-27 | Method and system for symmetrical encryption of terminal data by SAM card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101132276A true CN101132276A (en) | 2008-02-27 |
Family
ID=39129409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200710152544XA Pending CN101132276A (en) | 2007-09-27 | 2007-09-27 | Method and system for symmetrical encryption of terminal data by SAM card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101132276A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101739756B (en) * | 2008-11-10 | 2012-01-11 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| CN102946311A (en) * | 2012-11-28 | 2013-02-27 | 成都卫士通信息产业股份有限公司 | Key dispersed method for enhancing safety of symmetric key system |
| CN101577022B (en) * | 2009-03-13 | 2013-03-27 | 深圳德诚信用咭制造有限公司 | Method for encrypting and decrypting CPU card data |
| CN103903129A (en) * | 2012-12-28 | 2014-07-02 | 北京握奇数据系统有限公司 | Remitting system and remitting method realized based on text message mode |
| CN104318461A (en) * | 2014-10-22 | 2015-01-28 | 浪潮软件集团有限公司 | Anti-counterfeiting code generation and verification method based on cipher machine and USBKey |
| CN107070881A (en) * | 2017-02-20 | 2017-08-18 | 北京古盘创世科技发展有限公司 | key management method, system and user terminal |
| CN108780530A (en) * | 2016-03-29 | 2018-11-09 | 李昕光 | Smart card service system and method |
-
2007
- 2007-09-27 CN CNA200710152544XA patent/CN101132276A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101739756B (en) * | 2008-11-10 | 2012-01-11 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| CN101577022B (en) * | 2009-03-13 | 2013-03-27 | 深圳德诚信用咭制造有限公司 | Method for encrypting and decrypting CPU card data |
| CN102946311A (en) * | 2012-11-28 | 2013-02-27 | 成都卫士通信息产业股份有限公司 | Key dispersed method for enhancing safety of symmetric key system |
| CN102946311B (en) * | 2012-11-28 | 2016-05-11 | 成都卫士通信息产业股份有限公司 | A kind of key process for dispersing that strengthens the security of symmetric key system |
| CN103903129A (en) * | 2012-12-28 | 2014-07-02 | 北京握奇数据系统有限公司 | Remitting system and remitting method realized based on text message mode |
| CN103903129B (en) * | 2012-12-28 | 2017-11-24 | 北京握奇数据系统有限公司 | A kind of funds transfer system realized based on short message mode and method |
| CN104318461A (en) * | 2014-10-22 | 2015-01-28 | 浪潮软件集团有限公司 | Anti-counterfeiting code generation and verification method based on cipher machine and USBKey |
| CN104318461B (en) * | 2014-10-22 | 2017-06-27 | 浪潮软件集团有限公司 | Anti-counterfeiting code generation and verification method based on cipher machine and USBKey |
| CN108780530A (en) * | 2016-03-29 | 2018-11-09 | 李昕光 | Smart card service system and method |
| CN107070881A (en) * | 2017-02-20 | 2017-08-18 | 北京古盘创世科技发展有限公司 | key management method, system and user terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789052B (en) | Remote key issuing system based on quantum communication network and use method thereof | |
| US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN100464549C (en) | Method for realizing data safety storing business | |
| CN101656007B (en) | Safe system realizing one machine with multiple ciphers on POS machine and method thereof | |
| CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
| CN101350724B (en) | Encrypting method base on biology characteristic information | |
| CN101807994B (en) | Method and system for application data transmission of IC card | |
| CN101132276A (en) | Method and system for symmetrical encryption of terminal data by SAM card | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN103413109A (en) | Bidirectional authentication method of radio frequency identification system | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN103095452A (en) | Random encryption method needing to adopt exhaustion method for deciphering | |
| CN103051459B (en) | The management method of the transaction key of safety card and device | |
| CN103326864A (en) | Electronic tag anti-fake authentication method | |
| CN111737770A (en) | Key management method and application | |
| CN101938353B (en) | Method for remotely resetting personal identification number (PIN) of key device | |
| CN108537537A (en) | A kind of safe and reliable digital cash Wallet System | |
| CN102255727B (en) | Improved anti-attacking intelligent card authentication method based on user defined algorithm environment | |
| CN104574652A (en) | Method for increasing and deducting pollution discharge data of IC card and IC card | |
| CN111047305A (en) | Private key storage and mnemonic method for encrypted digital currency wallet based on digital watermarking technology | |
| Zhou et al. | Implementation of cryptographic algorithm in dynamic QR code payment system and its performance | |
| TWI476629B (en) | Data security and security systems and methods | |
| CN101651538A (en) | Method for safe transmission of data based on creditable password module | |
| CN1953366B (en) | Password management method and system for intelligent secret key device | |
| CN102521777B (en) | A kind of method and system realizing remote credit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080227 |