CN101630371B - Method and system for remotely realizing IC card service control and IC card reader - Google Patents
Method and system for remotely realizing IC card service control and IC card reader Download PDFInfo
- Publication number
- CN101630371B CN101630371B CN2009100419688A CN200910041968A CN101630371B CN 101630371 B CN101630371 B CN 101630371B CN 2009100419688 A CN2009100419688 A CN 2009100419688A CN 200910041968 A CN200910041968 A CN 200910041968A CN 101630371 B CN101630371 B CN 101630371B
- Authority
- CN
- China
- Prior art keywords
- card
- computer system
- remote computer
- read write
- write line
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for remotely realizing IC card service control, comprising the following steps: receiving a remote IC card service order sent by a remote computer system, wherein, the IC card service order is encrypted by a symmetric key; decrypting the remote IC card service order to obtain an IC card operation order; according to obtained IC card operation order, performing corresponding operation to the IC card. Correspondingly, the invention also discloses a system for remotely realizing IC card service control and an IC card reader. By applying the invention, a remote reader system provides the remote performing function of the IC card operation order, and the symmetric key is adopted to encrypt interactive data so as to ensure the safety of remote communication, realize various service functions and further strengthen the flexibility of the service.
Description
Technical field
The present invention relates to electronic application field, relate in particular to the method and system and the IC-card read write line of the professional control of a kind of long-range realization IC-card.
Background technology
Integrated circuit (IC) jig has basic characteristics such as memory capacity is big, safe, operating speed fast, long service life, is used widely in various industries.The IC-card read write line according to certain agreement, is set up correspondence with IC-card as the indispensable equipment to the IC-card operation, and IC-card is carried out read-write operation.At present the IC-card read write line mainly adopts dual mode to realize the read-write operation of IC-card: first kind is through the IC-card read write line IC-card operational order to be provided, and is installed in the communication interface of local application software through the IC-card read write line on local computer or the controller and is connected communication with the IC-card read write line also calling the IC-card operational order through DLL (API) accomplishes various operating functions.Under this application model, application software is responsible for realizing all service logics.If service logic changes, necessary upgrade application software is accomplished the develop and field work of application software again.Adopt the equipment of this pattern mainly to comprise the various IC-card read write lines that are connected with computing machine or controller.Second kind is, this IC-card read write line also is responsible for realizing all service logics except accomplishing the IC-card operation.Under this application model, the IC-card read write line can independently be accomplished the miscellaneous service function.If service logic changes, the firmware of the IC-card read write line of must upgrading is accomplished the exploitation and the download work of firmware again.Adopt the equipment of this pattern mainly to comprise public transport vehicle mounted money machine, parking meter etc., do not need computing machine or controller to control in the operating process.
But existing business logic processing flow process is realized by local application software or IC-card read write line internal firmware; When the business logic processing flow process adjusts; Need develop design again to application software on the IC-card read write line or read-write machine firmware, easily carry out upgrade job on the IC-card read write line, these are designed and developed with upgrade job again all can bring a large amount of work to IC-card making merchant and designer; The expansion of inconvenient other related services of IC-card lacks service flexibility.
Summary of the invention
In view of above-mentioned existing in prior technology problem; The present invention has supplied the method and system and the IC-card read write line of the professional control of a kind of long-range realization IC-card; Remote computer system and IC-card card reader through symmetric key to business datum encrypt carry out through; Thereby solved when transforming into, need not carry out corresponding software upgrading or hardware modification etc. the IC-card card reader in the face of service logic.
In order to address the above problem, the present invention proposes the method for the professional control of a kind of long-range realization IC-card, comprise the steps:
The remote I C card business instruction that the receiving remote computer system is sent, said IC-card service order is encrypted through symmetric key;
Said remote I C card business instruction is deciphered, obtain the IC-card operational order;
IC-card operational order according to obtaining carries out control operation to IC-card.
Accordingly, the embodiment of the invention has also proposed a kind of IC-card read write line, it is characterized in that, comprising:
First receiving element is used for the remote I C card business instruction that the receiving remote computer system is sent, and said IC-card service order is encrypted through symmetric key;
Decrypting device is used for the IC-card service order that said first receiving element receives is deciphered, and obtains the IC-card operational order;
Control module, the IC-card operational order that is used for obtaining according to said decrypting device carries out control operation to IC-card.
Accordingly, the embodiment of the invention has also proposed the system of the professional control of a kind of long-range realization IC-card, and said system comprises remote computer system and IC-card read write line, wherein:
Said remote computer system and IC-card card reader are carried out the information interaction of remote I C card business instruction, and through symmetric key said mutual IC-card service order information are encrypted or deciphered;
Said IC-card read write line is used for carrying out with remote computer system the information interaction of remote I C card business instruction; And through symmetric key said mutual IC-card service order information is encrypted or deciphered, and after said IC-card service order information is deciphered, obtain the IC-card operational order; IC-card operational order according to obtaining carries out control operation to IC-card.
Embodiment of the present invention embodiment has following beneficial effect: the long-range execution function through remote read-write device system provides the IC-card operational order, adopt symmetric key that mutual data are encrypted, thereby guarantee the security of telecommunication.This implementation realizes all business logic processing flow processs by remote read-write device system, and the IC-card read write line is responsible for carrying out the concrete IC-card operational order that is issued by remote computer system.Therefore, the adjustment of business logic processing flow process or upgrading only need be accomplished in remote computer system, and the IC-card read write line can adapt to new business logic processing flow process automatically, the workload and the complexity of can reduce exploitation, disposing and upgrading; And IC-card read write line and concrete type of service are irrelevant; Different remote computer systems can be realized the different service function; The IC-card read write line can be realized further having strengthened professional dirigibility by various business function through connecting with different remote computer systems.
Description of drawings
Fig. 1 realizes the structural representation of the system of the professional control of IC-card for embodiment of the invention medium-long range;
Fig. 2 realizes the method flow diagram of the professional control of IC-card for embodiment of the invention medium-long range;
Fig. 3 is an IC card reader operational flowchart in the embodiment of the invention;
Fig. 4 is the structural representation of IC card reader in the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Fig. 1 shows the system of the professional control of long-range realization IC-card in the embodiment of the invention; This system comprises remote computer system and IC-card read write line; Wherein: take data encryption (symmetric key) mode to carry out communication between IC-card read write line and the remote computer system, guarantee the security of telecommunication.Concrete, this remote computer system and IC-card card reader are carried out the information interaction of remote I C card business instruction, and through symmetric key mutual IC-card service order information are encrypted or deciphered; This IC-card read write line is used for carrying out with remote computer system the information interaction of remote I C card business instruction; And through symmetric key said mutual IC-card service order information is encrypted or deciphered, and after said IC-card service order information is deciphered, obtain the IC-card operational order; IC-card operational order according to obtaining carries out control operation to IC-card.
When communication is mutual first; Perhaps satisfy some conditions following time; IC-card read write line and remote computer system adopt the authentication protocol based on PKI to exchange symmetric key between the two, and the data communication between IC-card read write line and the remote computer system end adopts symmetric key to encrypt.Symmetric key is produced by remote computer system, is issued to the IC-card read write line through authentication protocol.The IC-card read write line is kept at the inner read-write storage area of read write line with symmetric key, and remote computer system is kept at symmetric key in internal memory/disk file or the Database Systems; Symmetric key has certain existence time limit, must carry out that authentication exchanges new symmetric key based on PKI after exceeding the time limit again.IC-card read write line and remote computer system comprise the communication counter in data communication.The initial value of communication counter is also produced by remote computer system, in the process of exchange symmetric key, carries out synchronous exchange, and preserving type is consistent with symmetric key.The IC-card read write line is at every turn set up new communication when being connected with remote computer system, and the communication counter is added up, and the communication counter is included in the communication data uploads; Remote computer system is according to the same rule of IC-card read write line the communication counter being changed synchronously; Remote computer system checks when being connected with the IC-card read write line whether both communication counters equate; Determine whether continuing communication, thereby can effectively prevent the message aggression of resetting.
The PKI verification process here is following, and the IC-card card reader is sent the verify data that includes IC-card read write line numbering to remote computer system; After remote computer system finds the PKI of IC-card read write line according to IC-card read write line numbering, the verify data that includes the symmetric key, communication counter and the authentication random number that generate at random of the use IC-card read write line public key encryption that the receiving remote computer system sends over; Use the private key of preserving that the said verify data of encrypting that uses public-key is deciphered the acquisition symmetric key; After encrypting, the verify data of using symmetric key will include described authentication random number feeds back to remote computer system; So that remote computer system uses aforesaid symmetric key that the verify data that receives is deciphered, and whether equate to confirm the legitimacy of said IC-card read write line according to the authentication random number of receiving and the authentication random number of generation.
The composition operation instruction that the definition of IC-card read write line is made up of a plurality of single IC-card operational orders and data improves long-range execution efficient.The IC-card read write line carries out the instruction of various standard operations IC-card except definition, and a plurality of IC-card operational orders relatively more commonly used, that have the specific operation order are become one or more composition operation instructions with data definition.Instruct through the definition composition operation, read and write at needs under the situation of a large amount of IC-card data or frequent execution specific instruction sequence, can reduce the exchanges data number of times between IC-card read write line and the remote computer system, improve long-range execution efficient.
The IC-card read write line is responsible for the long-range execution of IC-card operational order; Local client is responsible for forwarding of data and data necessary demonstration and input and output processing between IC-card read write line and the remote computer system; All business logic processing flow processs are realized by remote computer system; Reduce the develop and field workload, strengthen service flexibility.
The IC-card read write line is responsible for carrying out the concrete IC-card operational order that is issued by remote computer system, does not comprise concrete business logic processing flow process; All business logic processing flow processs are accomplished according to IC-card service data of sending on the IC-card read write line and mode of operation by remote computer system.All business logic processing flow processs are realized by remote computer system; Therefore the adjustment of business logic processing flow process or upgrading only need be accomplished in remote computer system; The IC-card read write line can adapt to new business logic processing flow process automatically, the workload and the complexity of can reduce exploitation, disposing and upgrading; And IC-card read write line and concrete type of service are irrelevant; Different remote computer systems can be realized the different service function; The IC-card read write line can be realized various business function through connecting with different remote computer systems; Comprise inquiry, increment, depreciation and authentication, read-write of IC-card etc., further strengthened professional dirigibility.
Embodiment of the invention medium-long range is realized the method for the professional control of IC-card, mainly is the remote I C card business instruction of being sent by IC-card read write line receiving remote computer system, and this IC-card service order is encrypted through symmetric key; And remote I C card business instruction deciphered, obtain the IC-card operational order; And IC-card is carried out control operation according to the IC-card operational order that obtains.
When carrying out this method; When if the IC-card read write line is set up communication with remote computer system first; Need carry out authentication with remote computer system, after the PKI authentication is passed through, carry out the information interaction that remote I C card business instructs with remote computer system based on public key architecture PKI.Should carry out realizing comprising with remote computer system: send the verify data that includes IC-card read write line numbering to remote computer system based on the authentication of public key architecture PKI; The verify data that includes the symmetric key, communication counter and the authentication random number that generate at random of the use IC-card read write line public key encryption that the receiving remote computer system sends over; Use the private key of preserving that the described verify data of encrypting that uses public-key is deciphered the acquisition symmetric key; After encrypting, the verify data of using symmetric key will include aforesaid authentication random number feeds back to remote computer system; So that using aforesaid symmetric key that the verify data that receives is deciphered the back, remote computer system judges whether authentication random number of receiving and the authentication random number that before generates equate to confirm the legitimacy of said IC-card read write line.After the PKI authentication is passed through, said symmetric key and communication counter are stored in the local storage medium.
After IC-card read write line and remote computer system are set up communication, also need of the timeliness checking of receiving remote computer system to symmetric key, if the timeliness of this symmetric key is expired, need carry out authentication with remote computer system again based on PKI.
Carrying out in the information interactive process of remote I C card business instruction with remote computer system; The communication counter that also need in the process that each and remote computer system communicate, add up, and judge whether the communication counter on communication counter and the remote computer system is consistent.
Need to prove that the IC-card operational order here is: the data transfer instruction of the security control instruction of the authentication instruction of the key management instruction of IC-card or the file management instruction of IC-card or IC-card or the encryption and decryption instruction of IC-card or IC-card or the initialization directive of IC-card or IC-card or the query statement of the read write command of IC-card or IC-card or increment instruction or the depreciation instruction of IC-card and other operational orders of IC-card or the like of IC-card.
Need to prove; If the IC-card read write line does not here have when carrying out the network interface of communication with remote computer; Need carry out interaction data by means of a client; This client is equivalent to a data transmission intermediary, is responsible between remote computer system and IC-card read write line, transmitting data.Remote computer system is responsible for handling all service logics, and the IC-card read write line is responsible for concrete operations because the IC-card read write line not necessarily has network interface, so and the data between the remote computer system need transmit by client.Client can also be responsible for carrying out the input and output operation in this process.In accomplishing concrete professional process; Need the user that certain input data are provided; And the result who needs operate shows or modes such as printout are prompted to the user, because the IC-card read write line not necessarily has input and output interfaces such as input keyboard and display screen, and this part is worked and what logical relation is concrete business do not have; As far as the different service implementation is general, so can be responsible for realization by client.The function of client also can directly realized or comprise to the IC-card read write line.
Concrete, Fig. 2 shows the method flow diagram of the professional control of long-range realization IC-card in the embodiment of the invention, and this IC-card and remote computer system carry out communication, comprise the steps:
The S201:IC card reader begins to set up communication with remote computer system and is connected;
Whether S202:IC card reader inspection storage area exists symmetric key and the communication counter that obtains through authentication, if do not exist, then carries out S203, otherwise carries out S207;
The S203:IC card reader uses authentication protocol and the remote computer system based on PKI to carry out authentication, mainly through send the verify data that includes IC-card read write line numbering to remote computer system; The verify data that includes the symmetric key, communication counter and the authentication random number that generate at random of the use IC-card read write line public key encryption that the receiving remote computer system sends over; Use the private key of preserving that the described verify data of encrypting that uses public-key is deciphered the acquisition symmetric key; After encrypting, the verify data of using symmetric key will include aforesaid authentication random number feeds back to remote computer system; So that using aforesaid symmetric key that the verify data that receives is deciphered the back, remote computer system judges whether the authentication random number of receiving equates to confirm the legitimacy of said IC-card read write line and accomplish certification work with the previous authentication random number that generates.
S204: judge whether this authentication is successful,, otherwise change S206 if this authentication success then carries out S204;
The S205:IC card reader is preserved symmetric key and the communication counter that obtains from remote computer system in the verification process;
S206: show error code, communication link failure, this communication connects abnormal ending;
The S207:IC card reader communication counter that adds up, behind the initial communication data of symmetric key encryption, and initial communication data sends remote computer system;
S208: the remote computer system corresponding communication counter of this IC-card read write line that adds up, judge whether corresponding symmetric key is expired, if out of date, forwards S212 to; Otherwise carry out S209;
S209: the data that remote computer system uses corresponding symmetric key deciphering to receive; Synchronously whether the communication counter that comprises in the judgment data (promptly equate) with the corresponding communication counter that remote computer system is preserved; If the communication counter is asynchronous, forwards S212 to, otherwise carry out S210;
S210: remote computer system handles and generates return data to decrypted data, is sent to the IC-card read write line behind the use symmetric key encryption;
The S211:IC card reader uses the symmetric key data decryption, and judges whether the communication counter is synchronous;
S212: return error code to the IC-card read write line, require authentication again, carry out S203;
The S213:IC card reader is handled decrypted data, and judges whether communication flow finishes, and finishes communication flow if desired, then carries out S215; Otherwise forward step 214 to;
Send to remote computer system after the data that S214, IC-card read write line return to remote computer system with needs are used symmetric key encryption, proceed S209;
S215, this communication connect the flow process normal termination.
Correspondingly, Fig. 3 shows IC card reader operational flowchart in the embodiment of the invention, and this process flow diagram comprises:
The S301:IC card reader is set up communication with remote computer system and is connected, after the successful connection with sending remote computer system on the initial condition data (use symmetric key encryption);
After S302, remote computer system are received communication data (using the symmetric key deciphering); According to business function corresponding service logical process flow process mode of operation and the result data that receives calculated and handle, issue input and output instruction or the IC-card operational order (use symmetric key encryption) that needs execution to the IC-card read write line successively;
The S303:IC card reader sends to the deciphering of IC-card read write line use symmetric key after receiving communication data, and IC-card read write line decision instruction type if belong to input and output instruction, forwards S304 to; Otherwise forward S307 to;
S304: local client is carried out input and output instruction, accomplishes corresponding input-output operation;
S305: local client judges whether input and output instruction belongs to the flow process END instruction, i.e. whether instruction is used for before flow process finishes output function being carried out in success or failure information, if belong to the flow process END instruction, forwards S309 to, otherwise forwards step S306 to;
The S306:IC card reader send remote computer system on using operating result behind the symmetric key encryption, forwards S302 to;
S307, IC-card read write line are carried out the IC-card operational order;
S308, IC-card read write line send remote computer system on using operating result behind the symmetric key encryption;
S309: this operational processes flow process finishes.
Correspondingly, Fig. 4 shows the structural representation of the IC-card read write line in the embodiment of the invention, and this IC-card card reader comprises:
First receiving element is used for the remote I C card business instruction that the receiving remote computer system is sent, and said IC-card service order is encrypted through symmetric key;
Decrypting device is used for the IC-card service order that said first receiving element receives is deciphered, and obtains the IC-card operational order;
Control module, the IC-card operational order that is used for obtaining according to said decrypting device carries out control operation to IC-card.
Correspondingly, this IC-card card reader also comprises authentication ' unit, is used for carrying out the authentication based on public key architecture PKI with remote computer system, and said authentication ' unit is through sending the verify data that includes IC-card read write line numbering to remote computer system; The verify data that includes the symmetric key, communication counter and the authentication random number that generate at random of the use IC-card read write line public key encryption that the receiving remote computer system sends over; Use the private key of preserving that the described verify data of encrypting that uses public-key is deciphered the acquisition symmetric key; After encrypting, the verify data of using symmetric key will include aforesaid authentication random number feeds back to remote computer system; So that using aforesaid symmetric key that the verify data that receives is deciphered the back, remote computer system judges whether authentication random number of receiving and the authentication random number that before generates equate to confirm the legitimacy of said IC-card read write line.
Obtain the unit, be used in authentication ' unit through said PKI verification process, from remote computer system acquisition symmetric key and communication counter;
Storage unit is used to store symmetric key and the communication counter that said acquisition unit obtains.
The timeliness authentication unit is used for the receiving remote computer system according to the timeliness checking of communication counter to said symmetric key;
The counter judging unit is used at the process that each and remote computer system the communicate communication counter that adds up, and judges whether the communication counter on communication counter and the remote computer system is consistent.
Ciphering unit is used for according to the symmetric key that obtains data being encrypted, and data encrypted is back to remote computer system.
Need to prove that the IC-card operational order here is: the data transfer instruction of the security control instruction of the authentication instruction of the key management instruction of IC-card or the file management instruction of IC-card or IC-card or the encryption and decryption instruction of IC-card or IC-card or the initialization directive of IC-card or IC-card or the query statement of the read write command of IC-card or IC-card or increment instruction or the depreciation instruction of IC-card and other operational orders of IC-card or the like of IC-card.
In sum, embodiment of the present invention embodiment, the long-range execution function through remote read-write device system provides the IC-card operational order adopts symmetric key that mutual data are encrypted, thereby guarantees the security of telecommunication.This implementation realizes all business logic processing flow processs by remote read-write device system, and the IC-card read write line is responsible for carrying out the concrete IC-card operational order that is issued by remote computer system.Therefore, the adjustment of business logic processing flow process or upgrading only need be accomplished in remote computer system, and the IC-card read write line can adapt to new business logic processing flow process automatically, the workload and the complexity of can reduce exploitation, disposing and upgrading; And IC-card read write line and concrete type of service are irrelevant; Different remote computer systems can be realized the different service function; The IC-card read write line can be realized further having strengthened professional dirigibility by various business function through connecting with different remote computer systems.
Above disclosedly be merely a kind of preferred embodiment of the present invention, can not limit the present invention's interest field certainly with this, the equivalent variations of therefore doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (14)
1. the method for the professional control of long-range realization IC-card is characterized in that, comprises the steps:
IC-card read write line and remote computer system carry out the authentication based on public key architecture PKI, and after said PKI authentication was passed through, IC-card read write line and remote computer system carried out the information interaction of remote I C card business instruction;
The remote I C card business instruction that IC-card read write line receiving remote computer system is sent, said IC-card service order is encrypted through symmetric key;
The IC-card read write line is deciphered said remote I C card business instruction, obtains the IC-card operational order;
The IC-card read write line carries out respective operations according to the IC-card operational order that obtains to IC-card;
Said IC-card read write line and remote computer system carry out being specially based on the authenticating step of public key architecture PKI:
The IC-card read write line sends the verify data that includes IC-card read write line numbering to remote computer system;
After remote computer system receives said verify data; Find the PKI of IC-card read write line according to IC-card read write line numbering, and the verify data of using described PKI will include the symmetric key, communication counter and the authentication random number that generate at random sends to the IC-card read write line after encrypting;
The IC-card read write line receives the private key of use preserving the back and deciphers the acquisition symmetric key, and the verify data of using symmetric key will include described authentication random number feeds back to remote computer system after encrypting;
Remote computer system receives and uses aforesaid symmetric key to decipher, and judges whether authentication random number of receiving and the authentication random number that before generates equate to confirm the legitimacy of said IC-card read write line.
2. the method for claim 1 is characterized in that, in said PKI verification process, also comprises:
The IC-card read write line is stored in said symmetric key and communication counter in the local storage medium after obtaining symmetric key and communication counter from remote computer system.
3. method as claimed in claim 2 is characterized in that, said PKI authentication through after also comprise:
The receiving remote computer system if the timeliness of said symmetric key is expired, is carried out the authentication based on PKI with remote computer system to the timeliness checking of said symmetric key again.
4. method as claimed in claim 3 is characterized in that, the information interaction that said IC-card read write line and remote computer system carry out the instruction of remote I C card business also comprises:
The communication counter that in the process that each and remote computer system communicate, adds up, and judge whether the communication counter on communication counter and the remote computer system is consistent.
5. the method for claim 1; It is characterized in that said IC-card operational order is: query statement or the increment instruction of IC-card or the depreciation instruction of IC-card of the data transfer instruction of the security control instruction of the authentication instruction of the key management instruction of IC-card or the file management instruction of IC-card or IC-card or the encryption and decryption instruction of IC-card or IC-card or the initialization directive of IC-card or IC-card or the read write command of IC-card or IC-card.
6. method as claimed in claim 5 is characterized in that, said method also comprises: utilize the symmetric key that obtains that data are encrypted, and data encrypted is back to remote computer system.
7. an IC-card read write line is characterized in that, comprising:
First receiving element is used for the remote I C card business instruction that the receiving remote computer system is sent, and said IC-card service order is encrypted through symmetric key;
Decrypting device is used for the IC-card service order that said first receiving element receives is deciphered, and obtains the IC-card operational order;
Control module, the IC-card operational order that is used for obtaining according to said decrypting device carries out control operation to IC-card;
Authentication ' unit is used for carrying out the authentication based on public key architecture PKI with remote computer system, and said authentication ' unit is sent the verify data that includes IC-card read write line numbering to remote computer system; After remote computer system finds the PKI of IC-card read write line according to IC-card read write line numbering, the verify data that includes the symmetric key, communication counter and the authentication random number that generate at random of the use IC-card read write line public key encryption that the receiving remote computer system sends over; Use the private key of preserving that the said verify data of encrypting that uses public-key is deciphered the acquisition symmetric key; After encrypting, the verify data of using symmetric key will include described authentication random number feeds back to remote computer system; So that remote computer system uses aforesaid symmetric key that the verify data that receives is deciphered, and whether equate to confirm the legitimacy of said IC-card read write line according to the authentication random number of receiving and the authentication random number of generation.
8. IC-card read write line as claimed in claim 7 is characterized in that, said IC-card read write line also comprises:
Obtain the unit, be used in authentication ' unit through said PKI verification process, from remote computer system acquisition symmetric key and communication counter;
Storage unit is used to store symmetric key and the communication counter that said acquisition unit obtains.
9. IC-card read write line as claimed in claim 8 is characterized in that, said IC-card read write line also comprises:
The timeliness authentication unit is used for the timeliness checking of receiving remote computer system to said symmetric key;
The counter operating unit is used at the process that each and remote computer system the communicate communication counter that adds up, and judges whether the communication counter on communication counter and the remote computer system is consistent.
10. IC-card read write line as claimed in claim 7; It is characterized in that said IC-card operational order is: query statement or the increment instruction of IC-card or the depreciation instruction of IC-card of the data transfer instruction of the security control instruction of the authentication instruction of the key management instruction of IC-card or the file management instruction of IC-card or IC-card or the encryption and decryption instruction of IC-card or IC-card or the initialization directive of IC-card or IC-card or the read write command of IC-card or IC-card.
11. IC-card read write line as claimed in claim 8 is characterized in that, said IC-card read write line also comprises:
Ciphering unit is used for according to the symmetric key that obtains data being encrypted, and data encrypted is back to remote computer system.
12. the system of the professional control of long-range realization IC-card is characterized in that said system comprises remote computer system and IC-card read write line, wherein:
Said remote computer system and IC-card card reader are carried out the information interaction of remote I C card business instruction, and through symmetric key said mutual IC-card service order information are encrypted or deciphered;
Said remote computer system carries out the authentication based on public key architecture PKI to said IC-card read write line; In said PKI verification process; Be stored in storage medium or the Database Systems after generating symmetric key and communication counter at random, and issue symmetric key and communication counter to IC-card read write line;
Said IC-card read write line is used for carrying out with remote computer system the information interaction of remote I C card business instruction; And through symmetric key said mutual IC-card service order information is encrypted or deciphered, and after said IC-card service order information is deciphered, obtain the IC-card operational order; IC-card operational order according to obtaining carries out control operation to IC-card.
13. system as claimed in claim 12; It is characterized in that; Said remote computer system is also verified the timeliness of the symmetric key on the said IC-card read write line, if the timeliness of said symmetric key is expired, then again said IC-card card reader is carried out the PKI authentication.
14. system as claimed in claim 12; It is characterized in that; Said remote computer system also judges according to the situation of adding up of communication counter whether the communication counter on the communication counter and remote computer system is consistent on the said IC-card read write line; If judge and then again said IC-card card reader carried out the PKI authentication when said communication counter is not consistent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100419688A CN101630371B (en) | 2009-08-19 | 2009-08-19 | Method and system for remotely realizing IC card service control and IC card reader |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100419688A CN101630371B (en) | 2009-08-19 | 2009-08-19 | Method and system for remotely realizing IC card service control and IC card reader |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101630371A CN101630371A (en) | 2010-01-20 |
| CN101630371B true CN101630371B (en) | 2012-07-25 |
Family
ID=41575474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100419688A Active CN101630371B (en) | 2009-08-19 | 2009-08-19 | Method and system for remotely realizing IC card service control and IC card reader |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101630371B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102360407A (en) * | 2011-06-28 | 2012-02-22 | 惠州Tcl移动通信有限公司 | Communication method for mobile phone and computer |
| CN103136697A (en) * | 2011-11-30 | 2013-06-05 | 尹亮 | Handling method, device and system of consumption data |
| CN110134424B (en) * | 2019-05-16 | 2023-06-06 | 上海东软载波微电子有限公司 | Firmware upgrading method and system, server, intelligent device and readable storage medium |
-
2009
- 2009-08-19 CN CN2009100419688A patent/CN101630371B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101630371A (en) | 2010-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4264782A (en) | Method and apparatus for transaction and identity verification | |
| US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| US9647845B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN103729942B (en) | Transmission security key is transferred to the method and system of key server from terminal server | |
| CN101241569B (en) | Electronic signature method and device and system | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN111292041B (en) | Electronic contract generation method, device, equipment and storage medium | |
| CN101627390B (en) | Method for the secure storing of program state data in an electronic device | |
| CN102013001B (en) | Card reader with authentication function and authentication method thereof | |
| CN104917807B (en) | Resource transfers methods, devices and systems | |
| CN111147432B (en) | KYC data sharing system with confidentiality and method thereof | |
| CN108769010B (en) | Method and device for node invited registration | |
| CA2914956C (en) | System and method for encryption | |
| CN108345806A (en) | A kind of hardware encryption card and encryption method | |
| CN104717198A (en) | Updating software on a secure element | |
| CN104618116A (en) | Collaborative digital signature system and method | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN102968861B (en) | Tax copying method | |
| CN112700245A (en) | Block chain-based digital mobile certificate application method and device | |
| CN101425112A (en) | Digital exequatur sending system and digital work decipher operation method | |
| CN101630371B (en) | Method and system for remotely realizing IC card service control and IC card reader | |
| CN101673434B (en) | Secret key management method of IC card terminal | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN101807237B (en) | Signature method and device | |
| CN105554693A (en) | Bluetooth device pairing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |