CN101577022B - Method for encrypting and decrypting CPU card data - Google Patents

Method for encrypting and decrypting CPU card data Download PDF

Info

Publication number
CN101577022B
CN101577022B CN 200910105744 CN200910105744A CN101577022B CN 101577022 B CN101577022 B CN 101577022B CN 200910105744 CN200910105744 CN 200910105744 CN 200910105744 A CN200910105744 A CN 200910105744A CN 101577022 B CN101577022 B CN 101577022B
Authority
CN
China
Prior art keywords
data block
data
bytes
key
mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200910105744
Other languages
Chinese (zh)
Other versions
CN101577022A (en
Inventor
杨敬源
冯茗
郑志刚
李能均
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Aisino Tak Technology Co. Ltd.
Original Assignee
SHENZHEN TAKCERE CREDIT CARD MANUFACTURING Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN TAKCERE CREDIT CARD MANUFACTURING Co Ltd filed Critical SHENZHEN TAKCERE CREDIT CARD MANUFACTURING Co Ltd
Priority to CN 200910105744 priority Critical patent/CN101577022B/en
Publication of CN101577022A publication Critical patent/CN101577022A/en
Application granted granted Critical
Publication of CN101577022B publication Critical patent/CN101577022B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Credit Cards Or The Like (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the safety technology of a CPU card, in particular to a method for encrypting and decrypting the CPU card data in the construction industry and the bank industry. The method comprises a KEY and is characterized in that the encrypting process comprises the following steps of: (1) dividing a data block; (2) implementing DES encryption through the KEY; (3) generating a MAC code through the KEY; and (4) adding the MAC code; the decrypting process comprises the following steps of: (a) removing the MAC code; (b) calculating the MAC value through the KEY; (c) comparing the MAC value with the received MAC code; if the two are the same, transferring to the step (e); (d) failing the MAC inspection and stopping; and (e) implementing DES decryption through the KEY. The invention provides a method for encrypting and decrypting the CPU card data with higher safety performance.

Description

The data encryption of a kind of CPU card and decryption method
Technical field
The present invention relates to CPU card safety technique, relate in particular to data encryption and the decryption method of a kind of building cause CPU card and banking industry CPU card.
Background technology
Up to now, China has had near more than 180 urban applications the communication IC-card system of different scales, issued volume is above 1.5 hundred million, city contactless logic encryption card of choice for use when using the IC-card system of 95% is arranged approximately, be equivalent to have approximately 1.4 hundred million logical encrypts to be stuck in China urban transportation cause IC-card system and use.Its range of application has covered public transport, subway, taxi, ferry, and the field such as small amount consumption.Yet the early stage main flow of using of current huge field of traffic with card MIFARE S50 card but As time goes on, many technical deficiencies have been shown especially, maximum problem is low no more than security performance, mass transit card card and card reader that a chief reason that causes the security performance deficiency is exactly current main-stream, the transmission of data is taked expressly to be eavesdropped by the offender easily between card reader and the system, distorts, analyze even decode, then copied.Caused very big hidden danger for China's urban transportation cause IC-card security of system.In a single day card image is suffered to copy on a large scale, and the IC-card system will face huge threat.
Summary of the invention
The object of the invention is to overcome above-mentioned the deficiencies in the prior art part and provide a kind of security performance the high data encryption of CPU card and decryption method.
Purpose of the present invention can be achieved through the following technical solutions:
The data encryption of a kind of CPU card and decryption method comprise a key K EY, it is characterized in that ciphering process may further comprise the steps: (1) partition data piece; (2) carry out des encryption by key K EY; (3) generate the MAC code by key K EY; (4) additional MAC code; Decrypting process may further comprise the steps: (a) reject the MAC code; (b) calculate the MAC value by key K EY; (c) MAC value and the MAC code of receiving are compared, if identical, turn (e); (d) MAC verification failure stops; (e) carry out the DES deciphering by key K EY.
The data encryption of a kind of CPU card and decryption method, it is characterized in that, described partition data piece of (1) step refers to the data of transmission are divided into the data block that 8 bytes are unit with this data block, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4......; Last data block might be 1~8 byte, if the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 00 00 ', if curtailment 8 bytes of last data block, then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then turned for (2) step, otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, turning again for (2) step.
The data encryption of a kind of CPU card and decryption method, it is characterized in that, described generation MAC code of (3) step, further may further comprise the steps: (3-1) initial value with 8 byte longs is set as 16 system numbers ' 00 00 00 00 00 00 00 00 '; (3-2) all input data are connected into a data block by specified order; (3-3) this data block is divided into the data block that 8 bytes are unit, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4......; Last data block might be 1~8 byte; If the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 00 00 ', forward (3-4) step to; If curtailment 8 bytes of last data block then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then forward (3-4) step to; Otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, forwarding (3-4) step to; The data that (3-4) obtain behind data block BLOCK1 and initial value ' the 00 00 00 00 00 00 00 00 ' XOR are encrypted by KEY and are obtained ciphertext, encrypt after as initial value and BLOCK2 XOR with this ciphertext again .... so analogize; (3-5) final calculation result is got high 4 bytes as the MAC code.
The data encryption of a kind of CPU card and decryption method is characterized in that, described CPU card is contactless CPU card.
The data encryption of CPU card and the decryption method that the present invention relates to, adopt the des encryption algorithm, carry out the ciphertext transmission, simultaneously, adopt the integrality of MAC checking data, must support and hold the key that generates the MCA code and just can transmit legal data, prevent that the third party to the distorting of data, guaranteeing integrality and the authenticity of data.Compared with prior art, CPU card of the present invention data encryption and decryption method have more security.
Description of drawings
Fig. 1 is first embodiment of the invention encryption flow figure.
Fig. 2 is first embodiment of the invention deciphering process flow diagram.
Embodiment
The invention will be further described below in conjunction with accompanying drawing.First embodiment of the present invention is a kind of contactless CPU card data encryption and decryption method, the FM1208 chip that hardware can adopt Shanghai Fudan Microelectronics Co., Ltd to produce.The method of 56 secret key encryption 64 bit data is adopted in DES (Data Encryption Standard) encryption and decryption.With reference to figure 1, Fig. 2, the data encryption of CPU card and the decryption method of first embodiment of the invention comprise a key K EY, it is characterized in that ciphering process may further comprise the steps: (1) partition data piece; (2) carry out des encryption by key K EY; (3) generate the MAC code by key K EY; (4) additional MAC code; Decrypting process may further comprise the steps: (a) reject the MAC code; (b) calculate the MAC value by key K EY; (c) MAC value and the MAC code of receiving are compared, if identical, turn (e); (d) MAC verification failure stops; (e) carry out the DES deciphering by key K EY.In the present embodiment, described partition data piece of (1) step refers to the data of transmission are divided into the data block that 8 bytes are unit with this data block, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4......; Last data block might be 1~8 byte, if the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 0000 ', if curtailment 8 bytes of last data block, then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then turned for (2) step, otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, turning again for (2) step.In the present embodiment, described generation MAC code of (3) step, further may further comprise the steps: (3-1) initial value with 8 byte longs is set as 16 system numbers ' 00 00 00 00 00 00 00 00 '; (3-2) all input data are connected into a data block by specified order; (3-3) this data block is divided into the data block that 8 bytes are unit, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4......; Last data block might be 1~8 byte; If the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 00 00 ', forward (3-4) step to; If curtailment 8 bytes of last data block then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then forward (3-4) step to; Otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, forwarding (3-4) step to; The data that (3-4) obtain behind data block BLOCK1 and initial value ' the 00 00 00 00 00 00 00 00 ' XOR are encrypted by KEY and are obtained ciphertext, encrypt after as initial value and BLOCK2 XOR with this ciphertext again .... so analogize; (3-5) final calculation result is got high 4 bytes as the MAC code.The data encryption of CPU card and the decryption method of present embodiment, adopt the des encryption algorithm, carry out the ciphertext transmission, simultaneously, adopt the integrality of MAC checking data, must support and hold the key that generates the MCA code and just can transmit legal data, prevent that the third party to the distorting of data, guaranteeing integrality and the authenticity of data.CPU card of the present invention data encryption and decryption method have more security.

Claims (2)

1. CPU card data encryption and decryption method comprise a key K EY, it is characterized in that,
Ciphering process may further comprise the steps:
(1) partition data piece;
(2) carry out des encryption by key K EY;
(3) generate the MAC code by key K EY;
(4) additional MAC code;
Decrypting process may further comprise the steps:
(a) reject the MAC code;
(b) calculate the MAC value by key K EY;
(c) MAC value and the MAC code of receiving are compared, if identical, turn (e);
(d) MAC verification failure stops;
(e) carry out the DES deciphering by key K EY;
Described partition data piece of (1) step refers to the data of transmission are divided into the data block that 8 bytes are unit with this data block, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4 Last data block might be 1 ~ 8 byte, if the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 00 00 ', if curtailment 8 bytes of last data block, then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then turned for (2) step, otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, turning again for (2) step;
Described generation MAC code of (3) step further may further comprise the steps:
(3-1) initial value with 8 byte longs is set as 16 system numbers ' 00 00 00 00 00 00 00 00 ';
(3-2) all input data are connected into a data block by specified order;
(3-3) this data block is divided into the data block that 8 bytes are unit, is expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4 Last data block might be 1 ~ 8 byte; If the length of last data block is 8 bytes, then after this data block, add again 8 complete byte data pieces ' 80 00 00 00 00 00 00 00 ', forward (3-4) step to; If curtailment 8 bytes of last data block then add 16 system numbers ' 80 ' thereafter, if reach 8 byte lengths, then forward (3-4) step to; Otherwise adding 16 system numbers ' 00 ' until length reaches 8 bytes thereafter, forwarding (3-4) step to;
The data that (3-4) obtain behind data block BLOCK1 and initial value ' the 00 00 00 00 00 00 00 00 ' XOR are encrypted by KEY and are obtained ciphertext, encrypt after as initial value and BLOCK2 XOR with this ciphertext again ..., so analogize;
(3-5) final calculation result is got high 4 bytes as the MAC code.
2. a kind of CPU card according to claim 1 data encryption and decryption method is characterized in that, described CPU card is contactless CPU card.
CN 200910105744 2009-03-13 2009-03-13 Method for encrypting and decrypting CPU card data Expired - Fee Related CN101577022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910105744 CN101577022B (en) 2009-03-13 2009-03-13 Method for encrypting and decrypting CPU card data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910105744 CN101577022B (en) 2009-03-13 2009-03-13 Method for encrypting and decrypting CPU card data

Publications (2)

Publication Number Publication Date
CN101577022A CN101577022A (en) 2009-11-11
CN101577022B true CN101577022B (en) 2013-03-27

Family

ID=41271956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910105744 Expired - Fee Related CN101577022B (en) 2009-03-13 2009-03-13 Method for encrypting and decrypting CPU card data

Country Status (1)

Country Link
CN (1) CN101577022B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103198269B (en) * 2012-01-06 2017-05-10 上海华虹集成电路有限责任公司 Anti-failure key storage system
CN102739406B (en) * 2012-07-17 2014-12-10 飞天诚信科技股份有限公司 Method for securely transmitting equipment information
CN106529651B (en) * 2016-11-15 2019-03-08 安徽汉威电子有限公司 A kind of radio frequency card using double-encryption algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1386249A (en) * 2000-06-08 2002-12-18 布尔Cp8公司 Method for secure storage of sensitive data in a silicon chip integrated system storage, in particular a smart carp, and integrated system therefor
CN101110141A (en) * 2006-06-29 2008-01-23 英卡股份有限公司 Method for key diversification on an ic card
CN101132276A (en) * 2007-09-27 2008-02-27 中兴通讯股份有限公司 Method and system for symmetrical encryption of terminal data by SAM card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1386249A (en) * 2000-06-08 2002-12-18 布尔Cp8公司 Method for secure storage of sensitive data in a silicon chip integrated system storage, in particular a smart carp, and integrated system therefor
CN101110141A (en) * 2006-06-29 2008-01-23 英卡股份有限公司 Method for key diversification on an ic card
CN101132276A (en) * 2007-09-27 2008-02-27 中兴通讯股份有限公司 Method and system for symmetrical encryption of terminal data by SAM card

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
于洪洲 等.智能卡的系统安全.《第六届全国信息获取与处理学术会议论文集》.2008, *
马雪英.数据传输安全方案的设计与实现.《教育信息化》.(第05期), *

Also Published As

Publication number Publication date
CN101577022A (en) 2009-11-11

Similar Documents

Publication Publication Date Title
CN102325320B (en) A kind of Wireless security communication method and system
CN101719205B (en) Digital copyright management method and system
CN103413159B (en) A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK
CN103795523B (en) Electric bidding document multilamellar encrypting and deciphering system and method for e-bidding
CN103078744B (en) Public key-based bidirectional radio frequency identification authorization method
CN101355422B (en) Novel authentication mechanism for encrypting vector
CN102034123B (en) RFID (Radio Frequency Identification) triple safety certification method based on label ID (Identification) random division
CN101807994B (en) Method and system for application data transmission of IC card
CN107911354B (en) Composite parallel data encryption method
GB2563294A (en) Progressive key encryption Algorithm
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN103414549A (en) QR two-dimensional code binary image partition-based key varying chaotic encryption method
CN106850190A (en) It is a kind of to the destroying method based on block chain digital certificate
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN102625025A (en) Encryption/decryption method and system based on image transmission
CN102117476B (en) Signature watermark system used for CAD (Computer-Aided Design) documents
CN110955918A (en) Contract text protection method based on RSA encrypted sha-256 digital signature
CN114499875B (en) Service data processing method, device, computer equipment and storage medium
Gayathri et al. Hybrid cryptography for random-key generation based on ECC algorithm
CN102752111A (en) Method and system for preventing electronic signature from being tampered of work form system
CN101923654A (en) Ultrahigh frequency reader-writer suitable for remote security control by different users
Vyakaranal et al. Performance analysis of symmetric key cryptographic algorithms
Zhou et al. Implementation of cryptographic algorithm in dynamic QR code payment system and its performance
CN113312608A (en) Electric power metering terminal identity authentication method and system based on timestamp
CN102857503A (en) Secure wireless transmission method for fingerprint data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB03 Change of inventor or designer information

Inventor after: Yang Jingyuan

Inventor after: Feng Ming

Inventor after: Zheng Zhigang

Inventor after: Li Nengjun

Inventor before: Yang Jingyuan

Inventor before: Liang Jianjun

Inventor before: Li Nengjun

COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: YANG JINGYUAN LIANG JIANJUN LI NENGJUN TO: YANG JINGYUAN FENG MING ZHENG ZHIGANG LI NENGJUN

C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 518004 east of 3 building, Peng Ji industrial zone, Luohu District Liantang, Shenzhen, Guangdong, China, 3

Patentee after: Shenzhen Aisino Tak Technology Co. Ltd.

Address before: 518004 east of 3 building, Peng Ji industrial zone, Luohu District Liantang, Shenzhen, Guangdong, China, 3

Patentee before: Shenzhen Takcere Credit Card Manufacturing Co., Ltd.

CP01 Change in the name or title of a patent holder
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130327

Termination date: 20190313