CN101547300A - Method for updating data and system for operating smart card - Google Patents
Method for updating data and system for operating smart card Download PDFInfo
- Publication number
- CN101547300A CN101547300A CN200910083044A CN200910083044A CN101547300A CN 101547300 A CN101547300 A CN 101547300A CN 200910083044 A CN200910083044 A CN 200910083044A CN 200910083044 A CN200910083044 A CN 200910083044A CN 101547300 A CN101547300 A CN 101547300A
- Authority
- CN
- China
- Prior art keywords
- data
- input data
- plaintext
- stored
- described input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the invention provides a method for updating data and a system for operating a smart card, wherein the method comprises the following steps: acquiring input data and an MAC value of a plain text of the input data; storing the plain text of the input data into a volatile memory; calculating the MAC value of the plain text of the input data according to the text of the input data stored in the volatile memory; and if the calculated MAC value of the plain text of the input data accords with the acquired MAC value of the plain text of the input data, using the input data as update data. By the method for updating the data and the system for operating the smart card, the smart card can update and use the data from unreliable equipment.
Description
Technical field
The present invention relates to digital TV field, relate in particular to a kind of data-updating method and smart card operating system that is applied to smart card.
Background technology
Condition receiving system (the CAS of digital TV field, Conditional Access System) in, MAC (Message Authentication Code, Message Authentication Code) often is used to guarantee entitlement management message (EMM, Entitlement Management Message) and authorization control message (ECM, Entitlement Control Message) integrality, purpose is after the EMM that generates of CAS front end system (trusted system/equipment) and ECM are sent to smart card by this insincere intermediate equipments such as set-top box, smart card can to from insincere intermediate equipment (such as: the integrality of data set-top box) authenticates, if authentication can be used these data by smart card, otherwise smart card is abandoned the use to these data.
The inventor finds in realizing process of the present invention, in the condition receiving system of digital TV field, smart card adopts the special intelligent card operation system that the data from insincere equipment are upgraded, and that is to say at present, the data-updating method of smart card is privately owned, can not be by widespread usage.On the other hand, universal intelligent card operation system (COS, Card Operating System) can be widely used in renewal to data, but this data-updating method mainly is at from card the Data Update of the credible equipment that physics contacts being arranged, such as: the ATM of bank, and in the condition receiving system of digital TV field, the data that smart card obtains from set-top box are that the CAS front end system generates, and the CAS that is widely used at present is unidirectional, thus the CAS front end system can't obtain the data that smart card produces (such as: random number) generate verify data/check code; Though set-top box has direct physics to contact with card but has insincere property, so can not be designed to obtain as above-mentioned credible equipment the key of card.Therefore in the inapplicable digital television conditional access system of existing universal intelligent card operation system smart card to renewal, so existing universal intelligent card operation system can't satisfy the demand of digital TV field condition receiving system from the data of set-top box.
Summary of the invention
Special-purpose smart card operating system can not be by widespread usage in the prior art in order to solve, the universal intelligent card operation system can't be satisfied with the problem of demand of the condition receiving system of digital TV field, and the embodiment of the invention provides a kind of data-updating method and smart card operating system.
The above-mentioned purpose of the embodiment of the invention is achieved by the following technical solution:
A kind of data-updating method is applied to smart card, and described method comprises: the MAC value of obtaining the plaintext of input data and described input data; With the stored in clear of described input data in volatile memory; Calculate the MAC value of the plaintext of described input data according to the plaintext of the described input data of described volatile memory stores; If the MAC value of the plaintext of the described input data that calculate is consistent with the MAC value of the plaintext of the described input data that get access to, then with described input data as new data more.
A kind of smart card operating system, described system comprises: acquiring unit is used to obtain the MAC value of the plaintext of input data and described input data; Volatile memory is used to store the plaintext of described input data; Computing unit is used for calculating according to the plaintext of the described input data of described volatile memory stores the MAC value of the plaintext of described input data; Comparing unit, whether the MAC value of plaintext that is used to contrast the described input data that MAC value and the described acquiring unit of the plaintext of the described input data that computing unit calculates get access to is consistent; Updating block is used for comparison result at described comparing unit and is the MAC value of plaintext of the described input data that MAC value and the acquiring unit of the plaintext of the described input data that computing unit calculates get access to when consistent, with described input data as new data more.
By data-updating method and the smart card operating system that the embodiment of the invention provides, can realize that smart card is to renewal and use from the data of insincere equipment.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the method flow diagram of the embodiment of the invention;
Fig. 2 is the method flow diagram of another embodiment of the present invention;
Fig. 3 is the method flow diagram of another embodiment of the present invention;
Fig. 4 is the method flow diagram of another embodiment of the present invention;
Fig. 5 is the method flow diagram of another embodiment of the present invention;
Fig. 6 is the method flow diagram of another embodiment of the present invention;
Fig. 7 is the method flow diagram of another embodiment of the present invention;
Fig. 8 is the method flow diagram of another embodiment of the present invention;
Fig. 9 is the block diagram of system of the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer,, the embodiment of the invention is described in further details below in conjunction with embodiment and accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
Embodiment one
The embodiment of the invention provides a kind of data-updating method, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 1 is the method flow diagram of the embodiment of the invention, and the method for present embodiment is applied to smart card, please refer to Fig. 1, and the data-updating method of the embodiment of the invention mainly comprises:
101: the MAC value of obtaining the plaintext of input data and described input data;
102: with the stored in clear of described input data in volatile memory;
103: the MAC value of calculating the plaintext of described input data according to the plaintext of the described input data of described volatile memory stores;
104: if the MAC value of the plaintext of the described input data that calculate is consistent with the MAC value of the plaintext of the described input data that get access to, then with described input data as new data more.
In the present embodiment, the input data are by insincere equipment input such as set-top box, and it can be any one of the data of following type, and the perhaps combination in any of the data of following type comprises:
Do not need to be stored in the non-key data of nonvolatile memory, for example smart card ID etc.;
Key encrypt data, for example ciphertext of business cipher key etc.;
Need be stored in the non-key data in the binary file of nonvolatile memory, for example will deposit the data of binary file etc. in;
Need be stored in the non-key data in the log file of nonvolatile memory, for example will deposit the data of log file etc. in.
Wherein, for non-key data, can be the plaintext form, also can be the ciphertext form.If the plaintext form, after getting access to this non-key data, can directly be stored in volatile memory; If the ciphertext form after get access to this non-key data, is decrypted it by the key that is stored in volatile memory or the nonvolatile memory earlier, obtain the plaintext of this non-key data after, again it is stored in the volatile memory.
Wherein, for the key encrypt data, owing to itself be exactly the ciphertext form, therefore, can directly be decrypted it, behind the plaintext of acquisition key data, again it is stored in the volatile memory by the key that is stored in volatile memory or the nonvolatile memory.
In the present embodiment, because the input data may be a kind of incessantly, for example might both comprise non-key data, also comprise the key encrypt data, therefore, behind the plaintext that obtains these input data, can be according to the sequencing that obtains these input data, it is stored in volatile memory, and this will be illustrated in following embodiment.
As a same reason, in the present embodiment, the MAC value of the plaintext of the input data of storing in to volatile memory is carried out in the computational process, also can be earlier according to the sequencing that obtains these input data, the plaintext of these input data is connected into data, calculate the MAC value of the data after connecting again, see following embodiment for details.
In the present embodiment, if the MAC value of the plaintext of the described input data that calculate is consistent with the MAC value of the plaintext of the described input data that get access to, then mac authentication is passed through, and, the input data are not illegally distorted yet, and smart card can use this input data.
Wherein, if the input data have comprised non-key data, then after mac authentication is passed through, can be as required with the assigned address of stored in clear in the binary file of nonvolatile memory of this non-key data, perhaps be stored in the assigned address in the log file of nonvolatile memory.
Wherein, if the input data have comprised key data, then after mac authentication is passed through, can be with the assigned address of stored in clear in the secure file of nonvolatile memory of this key data.
In addition, the non-key data for not needing to be stored in nonvolatile memory can directly use, and need not store.
In the present embodiment, calculated data MAC value expressly can be by means realization of the prior art, algorithm computation for example by predesignating, present embodiment not with this as restriction.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Clear more understandable for the data-updating method that makes the embodiment of the invention, below be illustrated by different embodiment.
Embodiment two
The embodiment of the invention also provides a kind of data-updating method, below in conjunction with accompanying drawing present embodiment is illustrated.
Fig. 2 is the method flow diagram of present embodiment, please refer to Fig. 2, and the method for present embodiment mainly comprises:
201: the MAC value of obtaining the plaintext of input data and these input data;
In the present embodiment, these input data are not for needing to be stored in the non-key data of nonvolatile memory, and in the present embodiment, with letter " A " expression, the MAC value that then should import the plaintext of data A is MAC (A expressly).
202: judge that described input data are plaintext or ciphertext, if described input data are that expressly then execution in step 203, otherwise execution in step 204;
203: the stored in clear of described input data in volatile memory, is continued step 205;
204: decipher the ciphertext of described input data, obtain the plaintext of described input data, execution in step 203;
In the present embodiment, can adopt the above-mentioned data ciphertext of secret key decryption of storing in the volatile memory of appointment or the nonvolatile memory to obtain data expressly.
205: the MAC value of the plaintext of the input data of calculating volatile memory stores;
206: judge whether the MAC value that calculates is consistent with the MAC value that gets access to;
207: if the MAC value that calculates is consistent with the MAC value that gets access to, then checking is passed through, and smart card can use this input data;
208: if the MAC value that calculates is inconsistent with the MAC value that gets access to, then the explanation checking is not passed through, and data may be distorted, and does not use this input data this moment.
In the present embodiment, because the input data are the non-key datas that do not need to be stored in nonvolatile memory, therefore, after the input data are passed through the mac authentication of smart card, smart card can use these data, and these data need not be stored in the nonvolatile memory of smart card.
The data-updating method of present embodiment can realize by function, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment three
The embodiment of the invention also provides a kind of data-updating method, below in conjunction with accompanying drawing present embodiment is illustrated.
Fig. 3 is the method flow diagram of present embodiment, please refer to Fig. 3, and the method for present embodiment mainly comprises:
301: the MAC value of obtaining the plaintext of input data and these input data;
In the present embodiment, these input data are the key encrypt data, and in the present embodiment, with letter " B " expression, the MAC value that then should import the plaintext of data B is MAC (B expressly).
302: decipher the ciphertext of described input data, obtain the plaintext of described input data;
In the present embodiment, can adopt the above-mentioned data ciphertext of secret key decryption of storing in the volatile memory of appointment or the nonvolatile memory to obtain data expressly.
303: with the stored in clear of described input data in volatile memory;
304: the MAC value of the plaintext of the input data of calculating volatile memory stores;
305: judge whether the MAC value that calculates is consistent with the MAC value that gets access to;
306: if the MAC value that calculates is consistent with the MAC value that gets access to, then checking is passed through, and smart card can use this input data;
307: if the MAC value that calculates is inconsistent with the MAC value that gets access to, then the explanation checking is not passed through, and data may be distorted, and this moment, smart card did not use this input data.
In the present embodiment, because the input data are key data, therefore, after mac authentication is passed through, can also comprise the steps:
308: judging whether need be with described input storage in nonvolatile memory;
309: be stored in if desired in the nonvolatile memory, then with the assigned address of the secure file of stored in clear in nonvolatile memory of described input data;
3010: if do not need the input storage in nonvolatile memory, process ends then, smart card can use this input data.
The data-updating method of present embodiment can realize by function, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment four
The embodiment of the invention also provides a kind of data-updating method, below in conjunction with accompanying drawing present embodiment is illustrated.
Fig. 4 is the method flow diagram of present embodiment, please refer to Fig. 4, and the method for present embodiment mainly comprises:
401: the MAC value of obtaining the plaintext of input data and these input data;
In the present embodiment, these input data are the non-key data in the binary file that need be stored in nonvolatile memory, and in the present embodiment, with letter " C " expression, the MAC value that then should import the plaintext of data C is MAC (C expressly).
402: judge that described input data are plaintext or ciphertext, if described input data are that expressly then execution in step 403, otherwise execution in step 404;
403: the stored in clear of described input data in volatile memory, is continued step 405;
404: decipher the ciphertext of described input data, obtain the plaintext of described input data, execution in step 403;
In the present embodiment, can adopt the above-mentioned data ciphertext of secret key decryption of storing in the volatile memory of appointment or the nonvolatile memory to obtain data expressly.
405: the MAC value of the plaintext of the input data of calculating volatile memory stores;
406: judge whether the MAC value that calculates is consistent with the MAC value that gets access to;
407: if the MAC value that calculates is consistent with the MAC value that gets access to, then checking is passed through, and smart card can use this input data, continues step 409;
408: if the MAC value that calculates is inconsistent with the MAC value that gets access to, then the explanation checking is not passed through, and data may be distorted, and this moment, smart card did not use this input data;
409: with the assigned address of the binary file of stored in clear in nonvolatile memory of described input data.
The data-updating method of present embodiment can realize by function, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment five
The embodiment of the invention also provides a kind of data-updating method, below in conjunction with accompanying drawing present embodiment is illustrated.
Fig. 5 is the method flow diagram of present embodiment, please refer to Fig. 5, and the method for present embodiment mainly comprises:
501: the MAC value of obtaining the plaintext of input data and these input data;
In the present embodiment, these input data are the non-key data in the log file that need be stored in nonvolatile memory, and in the present embodiment, with letter " D " expression, the MAC value that then should import the plaintext of data D is MAC (D expressly).
502: judge that described input data are plaintext or ciphertext, if described input data are that expressly then execution in step 503, otherwise execution in step 504;
503: the stored in clear of described input data in volatile memory, is continued step 505;
504: decipher the ciphertext of described input data, obtain the plaintext of described input data, execution in step 503;
In the present embodiment, can adopt the above-mentioned data ciphertext of secret key decryption of storing in the volatile memory of appointment or the nonvolatile memory to obtain data expressly.
505: the MAC value of the plaintext of the input data of calculating volatile memory stores;
506: judge whether the MAC value that calculates is consistent with the MAC value that gets access to;
507: if the MAC value that calculates is consistent with the MAC value that gets access to, then checking is passed through, and smart card can use this input data, continues step 509;
508: if the MAC value that calculates is inconsistent with the MAC value that gets access to, then the explanation checking is not passed through, and data may be distorted, and this moment, smart card did not use this input data;
509: with the assigned address of the log file of stored in clear in nonvolatile memory of described input data.
The data-updating method of present embodiment can realize by function, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment six
The embodiment of the invention also provides a kind of data-updating method, and this method is applied to smart card, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 6 is the method flow diagram of present embodiment, in the present embodiment, the input of smart card comprises the MAC value of the plaintext of input data and input data, wherein, the input data are: the data A ‖ key ciphertext B ‖ that need not be stored in nonvolatile memory need be stored in data C ‖ in the binary file of nonvolatile memory need be stored in data D in the log file of nonvolatile memory; The MAC value of the plaintext of input data is: MAC (A is ‖ B plaintext ‖ C plaintext ‖ D plaintext expressly).Please refer to Fig. 6, the data-updating method of present embodiment mainly comprises:
601: obtain the input data, and a stored in clear of input data comprises in the volatile memory of smart card:
Obtain the plaintext of A, and the stored in clear of A in the volatile memory of smart card; The secret key decryption B that stores in the smart card with appointment, the stored in clear of the B that decrypts in the volatile memory of smart card; Obtain the plaintext of C, and the stored in clear of C in the volatile memory of smart card; Obtain the plaintext of D, and the stored in clear of D in the volatile memory of smart card;
602: the sequencing that occurs according to A, B, C, D obtains the plaintext of A, the plaintext of B, the plaintext of C, the plaintext of D from the volatile memory of smart card, they are connected into a data E, wherein, the plaintext of the plaintext ‖ D of the plaintext ‖ C of the plaintext ‖ B of E=A;
603: data E is calculated MAC;
604: whether the MAC value that relatively calculates is identical with the MAC value of the plaintext of the input data of obtaining, if identical, mac authentication is passed through.
In the present embodiment, after mac authentication was passed through, smart card was stored B according to being provided with, and stored C according to being arranged in the corresponding binary file, stored D according to being arranged in the corresponding log file.
In the present embodiment, after mac authentication was passed through, smart card can use A, B, C, D.
The data-updating method of present embodiment can realize by one or more functions, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment seven
Present embodiment also provides a kind of data-updating method, and this method is applied to smart card, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 7 is the method flow diagram of present embodiment, and in the present embodiment, the input of smart card comprises the MAC value of the plaintext of input data and input data, and wherein, the input data are: key ciphertext B ‖ need not be stored in the data A of nonvolatile memory; The MAC value of the plaintext of input data is: MAC (B is ‖ A plaintext expressly).Please refer to Fig. 7, the data-updating method of present embodiment mainly comprises:
701: obtain the input data, and a stored in clear of input data comprises in the volatile memory of smart card:
The secret key decryption B that stores in the smart card with appointment, the stored in clear of the B that decrypts in the volatile memory of smart card; Obtain the plaintext of A, and the stored in clear of A in the volatile memory of smart card.
702: the sequencing that occurs according to B, A obtains the plaintext of B, the plaintext of A from the volatile memory of smart card, and they are connected into a data E, wherein, and the plaintext of the plaintext ‖ A of E=B;
703: data E is calculated MAC;
704: whether the MAC value that relatively calculates is identical with the MAC value of the plaintext of the input data of obtaining, if identical, mac authentication is passed through.
In the present embodiment, after mac authentication was passed through, smart card was stored B according to being provided with.
In the present embodiment, after mac authentication was passed through, smart card can use B, A.
The data-updating method of present embodiment can realize by one or more functions, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment eight
Present embodiment also provides a kind of data-updating method, and this method is applied to smart card, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 8 is the method flow diagram of present embodiment, in the present embodiment, the input of smart card comprises the MAC value of the plaintext of input data and input data, wherein, the input data are: need be stored in data C1 ‖ in the binary file of nonvolatile memory of card and need be stored in data C2 in the binary file of nonvolatile memory of card; The MAC value of the plaintext of input data is: MAC (C1 is ‖ C2 plaintext expressly).Please refer to Fig. 8, the data-updating method of present embodiment mainly comprises:
801: obtain the input data, and a stored in clear of input data comprises in the volatile memory of smart card:
Obtain the plaintext of C1, and the stored in clear of C1 in the volatile memory of smart card; Obtain the plaintext of C2, and the stored in clear of C2 in the volatile memory of smart card.
802: the sequencing that occurs according to C1, C2 obtains the plaintext of C1, the plaintext of C2 from the volatile memory of smart card, and they are connected into a data E, wherein, and the plaintext of the plaintext ‖ C2 of E=C1;
803: data E is calculated MAC;
804: whether the MAC value that relatively calculates is identical with the MAC value of the plaintext of the input data of obtaining, if identical, mac authentication is passed through.
In the present embodiment, after mac authentication was passed through, smart card was according to being arranged on storage C1 and C2 in the corresponding binary file.
In the present embodiment, after mac authentication was passed through, smart card can use C1, C2.
The data-updating method of present embodiment can realize by one or more functions, present embodiment not with this as restriction.In addition, the function in the method that is used for realizing present embodiment can also increase some executive conditions, and for example, the input data will be in certain scope, perhaps to the restriction of the figure place of input data etc., can be set according to actual needs.
By the data-updating method of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
Embodiment nine
The embodiment of the invention also provides a kind of smart card operating system, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 9 is the block diagram of system of present embodiment, please refer to Fig. 9, and the smart card operating system of present embodiment mainly comprises:
Acquiring unit 91 is used to obtain the MAC value of the plaintext of input data and described input data;
Comparing unit 94, whether the MAC value of plaintext that is used to contrast the input data that MAC value and the acquiring unit 91 of the plaintext of the input data that computing unit 93 calculates get access to is consistent;
Updating block 95 is used for comparison result at comparing unit 94 and is the MAC value of plaintext of the input data that MAC value and the acquiring unit 91 of the plaintext of the input data that computing unit 93 calculates get access to when consistent, will import data as new data more.
Wherein, the input data comprise following at least a: the non-key data that does not need to be stored in nonvolatile memory; The key encrypt data; Need be stored in the non-key data in the binary file of nonvolatile memory; Need be stored in the non-key data in the log file of nonvolatile memory.Volatile memory 92 also is used for the front and back order of the input data obtained according to acquiring unit 91 and dissimilar the plaintext of importing data is stored.
According to another embodiment of the invention, this smart card operating system also comprises:
Decrypting device 96 is used to utilize the key that is stored in volatile memory 92 or nonvolatile memory 98 that the ciphertext of input data is decrypted, and gets access to the plaintext of input data, with the stored in clear of the input data that get access in volatile memory 92.
According to another embodiment of the invention, this smart card operating system also comprises:
According to another embodiment of the invention, this smart card operating system also comprises:
The system of the embodiment of the invention is used to realize each step of the method for previous embodiment, in preceding method embodiment, each step is had been described in detail, so do not repeat them here.
Below by for example the embodiment of the invention being described of a concrete intelligence card operation system:
Suppose, set-top box is given in the EMM bag of smart card and comprised: data (the C class data) ‖ that ciphertext (category-B data) ‖ of card ID (category-A data) ‖ business cipher key will deposit binary file in will deposit the data (D class data) of log file in, and the MAC value that expressly makes up of these data of front, the smart card operating system of the then application of IC cards embodiment of the invention, the plaintext of above-mentioned data is deposited in the volatile memory of card, and after mac authentication is passed through, ciphertext to business cipher key, the data that deposit the data of binary file in and will deposit log file in are stored accordingly, so promptly finish the renewal of these data in smart card, can normally use above-mentioned card ID simultaneously, business cipher key, deposit the data of binary file and the data that will deposit log file in.
By the smart card operating system of present embodiment, can realize that smart card is to the renewal from the data of insincere equipment.
The method of describing in conjunction with embodiment disclosed herein or the step of algorithm can directly use the software module of hardware, processor execution, and perhaps the combination of the two is implemented.Software module can place the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a data-updating method is applied to smart card, it is characterized in that, described method comprises:
Obtain the MAC value of the plaintext of input data and described input data;
With the stored in clear of described input data in volatile memory;
Calculate the MAC value of the plaintext of described input data according to the plaintext of the described input data of described volatile memory stores;
If the MAC value of the plaintext of the described input data that calculate is consistent with the MAC value of the plaintext of the described input data that get access to, then with described input data as new data more.
2. method according to claim 1 is characterized in that, described input data comprise following at least a:
Do not need to be stored in the non-key data of nonvolatile memory;
The key encrypt data;
Need be stored in the non-key data in the binary file of nonvolatile memory;
Need be stored in the non-key data in the log file of nonvolatile memory.
3. method according to claim 2 is characterized in that, the stored in clear of described input data is comprised in volatile memory:
Store according to sequencing that obtains described input data and dissimilar plaintext described input data.
4. method according to claim 3 is characterized in that, if described input data comprise non-key data, then the stored in clear with described input data comprises in volatile memory:
If described non-key data is expressly, then with the stored in clear of described non-key data in volatile memory;
If described non-key data is a ciphertext, then utilize the key that is stored in volatile memory or nonvolatile memory that described ciphertext is decrypted, get access to the plaintext of described non-key data, with the stored in clear of the non-key data that gets access in volatile memory.
5. method according to claim 3 is characterized in that, if described input data comprise the key encrypt data, then the stored in clear with described input data comprises in volatile memory:
The key that utilization is stored in volatile memory or nonvolatile memory is decrypted described key encrypt data, gets access to the plaintext of described key data;
With the stored in clear of the key data that gets access in volatile memory.
6. method according to claim 2 is characterized in that, the MAC value of calculating the plaintext of described input data comprises:
According to the sequencing that obtains the input data plaintext of the input data of storing in the described volatile memory is connected into data;
Calculate the MAC value of the data after the described connection.
7. method according to claim 2 is characterized in that, described input data are also comprised as before the new data more:
The assigned address of stored in clear in the secure file of nonvolatile memory with described key data; Perhaps
The assigned address of stored in clear in the binary file of nonvolatile memory with described non-key data; Perhaps
The assigned address of stored in clear in the log file of nonvolatile memory with described non-key data.
8. a smart card operating system is characterized in that, described system comprises:
Acquiring unit is used to obtain the MAC value of the plaintext of input data and described input data;
Volatile memory is used to store the plaintext of described input data;
Computing unit is used for calculating according to the plaintext of the described input data of described volatile memory stores the MAC value of the plaintext of described input data;
Comparing unit, whether the MAC value of plaintext that is used to contrast the described input data that MAC value and the described acquiring unit of the plaintext of the described input data that computing unit calculates get access to is consistent;
Updating block is used for comparison result at described comparing unit and is the MAC value of plaintext of the described input data that MAC value and the acquiring unit of the plaintext of the described input data that computing unit calculates get access to when consistent, with described input data as new data more.
9. system according to claim 8 is characterized in that:
Described input data comprise following at least a: the non-key data that does not need to be stored in nonvolatile memory; The key encrypt data; Need be stored in the non-key data in the binary file of nonvolatile memory; Need be stored in the non-key data in the log file of nonvolatile memory;
Described volatile memory is used for the front and back order and the dissimilar plaintext to described input data of the input data obtained according to acquiring unit and stores.
10. system according to claim 9 is characterized in that, described system also comprises:
Decrypting device is used to utilize the key that is stored in volatile memory or nonvolatile memory that the ciphertext of described input data is decrypted, and gets access to the plaintext of described input data, with the stored in clear of the input data that get access in volatile memory.
11. system according to claim 8 is characterized in that, described system also comprises:
Linkage unit is used for the plaintext of the input data of volatile memory stores is connected into data according to obtaining sequencing, so that computing unit calculates the MAC value of the MAC value of the data after this connection as the plaintext of input data.
12. system according to claim 8 is characterized in that, described system also comprises:
Nonvolatile memory, be used for comparison result at described comparing unit and be the MAC value of plaintext of the described input data that MAC value and the acquiring unit of the plaintext of the described input data that computing unit calculates get access to when consistent, the assigned address in secure file is stored the plaintext of described key data; Perhaps the assigned address in binary file is stored the plaintext of described non-key data; Perhaps the assigned address in log file is stored the plaintext of described non-key data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083044A CN101547300A (en) | 2009-04-27 | 2009-04-27 | Method for updating data and system for operating smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083044A CN101547300A (en) | 2009-04-27 | 2009-04-27 | Method for updating data and system for operating smart card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101547300A true CN101547300A (en) | 2009-09-30 |
Family
ID=41194148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910083044A Pending CN101547300A (en) | 2009-04-27 | 2009-04-27 | Method for updating data and system for operating smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101547300A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778308A (en) * | 2016-12-19 | 2017-05-31 | 国网天津市电力公司信息通信公司 | The wiring method and device of a kind of chip keys |
-
2009
- 2009-04-27 CN CN200910083044A patent/CN101547300A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778308A (en) * | 2016-12-19 | 2017-05-31 | 国网天津市电力公司信息通信公司 | The wiring method and device of a kind of chip keys |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| EP2491510B1 (en) | Distribution system and method for distributing digital information | |
| EP1562318B1 (en) | System and method for key transmission with strong pairing to destination client | |
| CN100435581C (en) | Conditional-access terminal device and method | |
| CN109918925A (en) | Date storage method, back end and storage medium | |
| CN103152164B (en) | Cryptochannel and method thereof | |
| CN103329500A (en) | Control word protection | |
| US20210097187A1 (en) | Protecting data from brute force attack | |
| CN102164034A (en) | Device and method for establishing secure trust key | |
| CN110650010A (en) | Method, device and equipment for generating and using private key in asymmetric key | |
| CN105847005B (en) | Encryption device and method | |
| KR20120098764A (en) | Verifiable, leak-resistant encryption and decryption | |
| CN101149768A (en) | Special processor software encryption and decryption method | |
| CN102064944A (en) | Safety card issuing method as well as card issuing equipment and system | |
| CN101286994A (en) | Digital literary property management method, server and system for content sharing within multiple devices | |
| CN105553654A (en) | Key information query processing method and device and key information management system | |
| CN102238430A (en) | Personalized whitebox descramblers | |
| US9571273B2 (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
| CN111404952A (en) | Transformer substation data encryption transmission method and device, computer equipment and storage medium | |
| CN114640867A (en) | Video data processing method and device based on video stream authentication | |
| CN101048971B (en) | Method and system for managing authentication and payment for use of broadcast material | |
| CN108629192B (en) | Authorization data processing method and device | |
| US20120321079A1 (en) | System and method for generating round keys | |
| CN101547300A (en) | Method for updating data and system for operating smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090930 |