CN101739764A - Trusted card reading device - Google Patents
Trusted card reading device Download PDFInfo
- Publication number
- CN101739764A CN101739764A CN200810225572A CN200810225572A CN101739764A CN 101739764 A CN101739764 A CN 101739764A CN 200810225572 A CN200810225572 A CN 200810225572A CN 200810225572 A CN200810225572 A CN 200810225572A CN 101739764 A CN101739764 A CN 101739764A
- Authority
- CN
- China
- Prior art keywords
- card reading
- trusted
- trusted card
- reliable
- usb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A trusted card reading device relates to the technical field of information security. The device comprises trusted card reading equipment and a trusted PC mainframe. The device is characterized in that the trusted card reading equipment comprises the following modules: a processor, a storage unit, a storage management and protection unit, a random number generator, an RSA engine, a bank card reader, a keypad, a liquid crystal display (LCD) panel, a voice prompt module and a USB controller. The modules are communicated with each other by buses. The trusted card reading equipment is connected with the trusted PC mainframe as independent USB equipment or is connected with the trusted PC mainframe as whole USB equipment after being integrated with a PC keyboard by a universal serial bus (USB) HUB. Compared with the prior art, the device is convenient and easy to use and can effectively protect the security when the users use online banking and online payment transactions.
Description
Technical field
The present invention relates to field of information security technology, particularly the trusted card reading device in the trusted payment computer system.
Background technology
Along with the fast development of ecommerce, electronic banking business, increasing individual or enterprise customer select to use online electronic transaction, and Web bank and online payment portfolio also constantly increase thereupon.Use Web bank's service, the user can pass through the bank account of network online management oneself on personal computer, as query the balance, transfer accounts etc.Release is in the nitty-gritty details of bank outlets' queuing transacting business, and is very convenient and quick.Use online payment service, the user can be on personal computer selects commodity, pays payment for goods in real time by network real-time.Online payment service has greatly promoted the development of B2C, C2C commercial affairs.
But along with the fast development of Web bank and online payment business, the safety problem of its saliency is but perplexing terminal user, online shopping mall, bank and third party's payment mechanism etc. all the time, has restricted the development of this business.
In the prior art, in logging in to online banks and execution network payment process, the user need use number of the account and the password login remote server system of oneself.And the user is very easy by rogue program in this machine (as wooden horse) interception by the number of the account and the password of keyboard input, and is sent in assailant's hand in the dark, makes that user's account and fund are stolen.Because rogue programs such as wooden horse are more and more rampant, Web bank and online payment user hold receptor's huge risk.Simultaneously, the user needs the very long numeric string of input continuously in input number of the account and cryptographic processes, makes mistakes easily, and this makes the ease for use of Web bank and online payment service reduce, and inconvenient user uses.
Summary of the invention
In order to solve above-mentioned problems of the prior art, the purpose of this invention is to provide a kind of trusted card reading device.It is convenient easy-to-use, can effectively protect the user to use Web bank and online payment service security.
In order to reach the foregoing invention purpose, technical scheme of the present invention realizes as follows:
A kind of trusted card reading device, it comprises trusted card reading equipment and reliable PC main frame, its design feature is that described trusted card reading equipment comprises assembly:
Processor is responsible for the arithmetic sum logical operation, for the operation of software in the trusted card reading equipment provides the computing support;
Storage unit is responsible for stored programme Firmware and data, and program Firmware is responsible for realizing software function;
The storage administration protected location is realized allocation of space and access control to storage unit;
Randomizer generates the true random number meet national Password Management office standard;
The RSA engine is realized the RSA public key algorithm, and RSA Algorithm meets international RSA Algorithm standard;
The bank card card reader reads bank card magnetic track information;
Keypad is for the user provides input interface to trusted card reading equipment input digit;
Liquid crystal display provides information with the character way of output to the user;
Voice cue module provides information in the voice output mode to the user;
The USB controller, the organization internal data offer external unit in the usb signal mode, and the usb signal of outside input is converted into the manageable signal of trusted card reading device interior.
Intercom mutually by bus between each assembly of trusted card reading equipment, described trusted card reading equipment link to each other with the reliable PC main frame with independent USB device or by general-purpose serial bus USB HUB and after the PC keyboard is integrated as a whole USB device link to each other with the reliable PC main frame.
In above-mentioned trusted card reading device, the instruction set of described processor adopting standard 8051 nuclears or compatibility 8051.
In above-mentioned trusted card reading device, the data of storing in the described storage unit are the data of ephemeral data or permanent storage, and program in the storage unit and data are all stored with cipher mode.
In above-mentioned trusted card reading device, described reliable PC main frame is to be credible tolerance root, trusted storage root and credible report root with TPM, and the reliable PC main frame has been set up the reliable PC software and hardware system of " TPM---BIOS---MBR---operating system nucleus---application software " complete trust chain.
The present invention by authentication mutually, can prevent that the assailant from distorting swiping card equipment by transposing hardware or software simulation mode owing to adopted above-mentioned structure between trusted card reading equipment and the reliable PC main frame.Among the present invention, the user operates the input that just can finish Web bank or online payment number of the account by swiping the card, convenient easy-to-use.Simultaneously, the user is input to account in the main frame by this trusted card reading equipment and password is to occur with encrypted test mode, prevents that effectively rogue program such as wooden horse from intercepting, thereby has protected the user to use Web bank and online payment service security effectively.Trusted card reading device of the present invention can prevent that simple energy from analyzing SPA (Simple PowerAnalysis) and differential power is analyzed DPA (Differential Power Analysis) attack.
The invention will be further described below in conjunction with the drawings and specific embodiments.
Description of drawings
Fig. 1 is the structure principle chart of trusted card reading equipment of the present invention;
Fig. 2 is trusted card reading equipment of the present invention and the integrated synoptic diagram of PC keyboard;
Fig. 3 is the PC keyboard of the integrated trusted card reading equipment of the present invention and the connection diagram of reliable PC main frame;
Fig. 4 is the connection diagram of trusted card reading equipment of the present invention and reliable PC main frame;
Fig. 5 is the structural representation of concrete trusted card reading equipment among the present invention;
Fig. 6 is an application mode process flow diagram of the present invention.
Embodiment
Referring to Fig. 1 to Fig. 4, the present invention includes trusted card reading equipment and reliable PC main frame.Trusted card reading equipment comprises assembly: processor, and employing standard 8051 nuclear or compatible 8051 instruction set are responsible for the arithmetic sum logical operation, for the operation of software in the trusted card reading equipment provides the computing support; Storage unit is responsible for stored programme Firmware and data, and program Firmware is responsible for realizing software function, and the data of storage are the data of ephemeral data or permanent storage, and program in the storage unit and data are all stored with cipher mode; The storage administration protected location is realized allocation of space and access control to storage unit; Randomizer generates the true random number meet national Password Management office standard; The RSA engine is realized the RSA public key algorithm, and RSA Algorithm meets international RSA Algorithm standard, realizes that systematic parameter, key are to generation, Digital Signature Algorithm, Internet Key Exchange Protocol and cryptographic algorithm; The bank card card reader reads bank card magnetic track information; Keypad is for the user provides input interface to trusted card reading equipment input digit; Liquid crystal display provides information with the character way of output to the user; Voice cue module provides information in the voice output mode to the user; The USB controller, the organization internal data offer external unit in the usb signal mode, and the usb signal of outside input is converted into the manageable signal of trusted card reading device interior.Intercom mutually by bus between each assembly of trusted card reading equipment, trusted card reading equipment link to each other with the reliable PC main frame with independent USB device or by general-purpose serial bus USB HUB and after the PC keyboard is integrated as a whole USB device link to each other with the reliable PC main frame.The reliable PC main frame is to be credible tolerance root, trusted storage root and credible report root with TPM, and the reliable PC main frame has been set up the reliable PC software and hardware system of " TPM---BIOS---MBR---operating system nucleus---application software " complete trust chain.
Referring to Fig. 5, the structure that trusted card reading equipment of the present invention adopts.The Z8D64U chip is a chip that emerging integrated circuit (IC) design company limited produces in the Shenzhen; it has integrated modules such as processor, storage unit, storage administration protected location, randomizer, encryption and right discriminating system RSA (Ron Rivest, Adi Shamir and Leonard Adleman) engine in the trusted card reading equipment, USB controller.The RSA engine is by implanting the RSA Algorithm software code realization among public key algorithm engine in this chip and the firmware Firmware.The Z8D64U chip possesses the performance that prevents that SPA and DPA from attacking.Magtek 21006541 chips are a bank card reader devices, and it is encrypted with digital signature for the Z8D64U chip information transmission and handle after reading the magnetic track information that user's the operation of swiping the card produces.The HDM12232A chip is a liquid crystal indicator, and it is responsible for the command request character display information according to the transmission of Z8D64U chip.The ISD4004 chip is a sound prompt device, and it carries out voice suggestion according to the command request that the Z8D64U chip sends.Keypad key circuit is responsible for accepting the user keystroke action, and the keystroke action is decoded into numeral 0,1,2,3,4,5,6,7,8,9 and " affirmation ", " removing " action.The user keys in numeric string also after " affirmation ", and numeric string is transported to the Z8D64U chip, and this chip is encrypted with digital signature this numeric string and handled.
Referring to Fig. 6, the application process step of apparatus of the present invention is:
(1) during the trusted card reading device initialize, inner to generate the ECC key right, and PKI exports trusted third party to;
(2) trusted third party generates and issues digital certificate according to the PKI that generates and other relevant information (as the unique hardware sequence number of trusted card reading equipment) of this trusted card reading equipment, and digital certificate is imported trusted card reading equipment deposits storage unit in;
(3) before the use, trusted card reading equipment and reliable PC main frame carry out two-way authentication in the digital certificate mode, and authentication is set up secured communication channel by trusted card reading equipment and reliable PC main frame, otherwise stop;
When (4) user carried out the online payment operation, the reliable PC main frame was pointed out user card punching by voice cue module, and trusted card reading equipment begins delivery operation;
(5) trusted card reading equipment reads bank card magnetic track information, uses the RSA PKI in Unionpay's server numeral certificate to encrypt, and uses the RSA private key of trusted card reading equipment to sign, and the signature result outputs to the reliable PC main frame with the USB-HID signal;
(6) voice cue module prompting user imports bank card password, the user imports bank card password by keypad, liquid crystal display shows " * " number, trusted card reading equipment reads password, this password uses the RSA PKI in Unionpay's server numeral certificate to encrypt, and using the RSA private key of trusted card reading equipment to sign, the signature result outputs to the reliable PC main frame with the USB-HID signal;
(7) the reliable PC main frame will be submitted to Unionpay's server by the secure network passage through the bank card account number and the encrypted message of trusted card reading devices encrypt and signature, Unionpay's server use self RSA private key is decrypted above information, obtains user's bank card account number and password;
(8) Unionpay's server then to user account carry out inquiry into balance, operation such as withhold, and operating result fed back to the reliable PC main frame;
(9) if withholing to wait operates successfully, reliable PC to trusted card reading equipment, and shows end operation with information feedback such as deducted amounts on liquid crystal display.
Claims (4)
1. trusted card reading device, it comprises trusted card reading equipment and reliable PC main frame, it is characterized in that, described trusted card reading equipment comprises assembly:
Processor is responsible for the arithmetic sum logical operation, for the operation of software in the trusted card reading equipment provides the computing support;
Storage unit is responsible for stored programme Firmware and data, and program Firmware is responsible for realizing software function;
The storage administration protected location is realized allocation of space and access control to storage unit;
Randomizer generates the true random number meet national Password Management office standard;
The RSA engine is realized the RSA public key algorithm, and RSA Algorithm meets international RSA Algorithm standard;
The bank card card reader reads bank card magnetic track information;
Keypad is for the user provides input interface to trusted card reading equipment input digit;
Liquid crystal display provides information with the character way of output to the user;
Voice cue module provides information in the voice output mode to the user;
The USB controller, the organization internal data offer external unit in the usb signal mode, and the usb signal of outside input is converted into the manageable signal of trusted card reading device interior;
Intercom mutually by bus between each assembly of trusted card reading equipment, described trusted card reading equipment link to each other with the reliable PC main frame with independent USB device or by general-purpose serial bus USB HUB and after the PC keyboard is integrated as a whole USB device link to each other with the reliable PC main frame.
2. trusted card reading device according to claim 2 is characterized in that, the instruction set of described processor adopting standard 8051 nuclears or compatibility 8051.
3. trusted card reading device according to claim 1 and 2 is characterized in that the data of storing in the described storage unit are the data of ephemeral data or permanent storage, and program in the storage unit and data are all stored with cipher mode.
4. trusted card reading device according to claim 3, it is characterized in that, described reliable PC main frame is to be credible tolerance root, trusted storage root and credible report root with TPM, and the reliable PC main frame has been set up the reliable PC software and hardware system of " TPM---BIOS---MBR---operating system nucleus---application software " complete trust chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810225572A CN101739764A (en) | 2008-11-06 | 2008-11-06 | Trusted card reading device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810225572A CN101739764A (en) | 2008-11-06 | 2008-11-06 | Trusted card reading device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101739764A true CN101739764A (en) | 2010-06-16 |
Family
ID=42463202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810225572A Pending CN101739764A (en) | 2008-11-06 | 2008-11-06 | Trusted card reading device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101739764A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752265A (en) * | 2011-04-19 | 2012-10-24 | 中国银联股份有限公司 | Security information interaction system and method based on Internet |
-
2008
- 2008-11-06 CN CN200810225572A patent/CN101739764A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752265A (en) * | 2011-04-19 | 2012-10-24 | 中国银联股份有限公司 | Security information interaction system and method based on Internet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8661520B2 (en) | Systems and methods for identification and authentication of a user | |
| CN101739624A (en) | Trusted payment network system | |
| US20040044739A1 (en) | System and methods for processing PIN-authenticated transactions | |
| CA2914956C (en) | System and method for encryption | |
| CN102694781B (en) | Based on security information interaction system and the method for the Internet | |
| CN101576983A (en) | Electronic payment method and system based on mobile terminal | |
| CN101651675A (en) | Method and system for enhancing security of network transactions | |
| CN101739622A (en) | Trusted payment computer system | |
| CN102195932A (en) | Method and system for realizing network identity authentication based on two pieces of isolation equipment | |
| CN101808077B (en) | Information security input processing system and method and smart card | |
| CN101790166A (en) | Digital signing method based on mobile phone intelligent card | |
| CN201327659Y (en) | Credible card reading device | |
| CN104200365A (en) | Writing and paying method for electronic check | |
| CN101059853A (en) | Safe mobile macro-payment data processing system | |
| CN101212301A (en) | Authentication device and method | |
| CN102546168A (en) | Communication device for identity authentication | |
| CN102609842A (en) | Payment cipher device based on hardware signature equipment, and application method of payment cipher device | |
| CN101739763A (en) | Trusted card reading device | |
| CN201327658Y (en) | Credible card reading device | |
| CN101739764A (en) | Trusted card reading device | |
| CN101739623A (en) | Trusted payment computer system | |
| CN102708491A (en) | Trusted computing based novel USB (universal serial bus) Key device and safety transaction method thereof | |
| CN110505205A (en) | Cloud platform encryption and decryption services cut-in method and access system | |
| CN201378346Y (en) | Credible payment computer device | |
| CN203812270U (en) | IC card based data security processing terminal and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100616 |