CN101964805A - Method, equipment and system for safely sending and receiving data - Google Patents

Method, equipment and system for safely sending and receiving data Download PDF

Info

Publication number
CN101964805A
CN101964805A CN2010105240573A CN201010524057A CN101964805A CN 101964805 A CN101964805 A CN 101964805A CN 2010105240573 A CN2010105240573 A CN 2010105240573A CN 201010524057 A CN201010524057 A CN 201010524057A CN 101964805 A CN101964805 A CN 101964805A
Authority
CN
China
Prior art keywords
smart card
data
encrypted
session key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010105240573A
Other languages
Chinese (zh)
Other versions
CN101964805B (en
Inventor
江先
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN201010524057.3A priority Critical patent/CN101964805B/en
Publication of CN101964805A publication Critical patent/CN101964805A/en
Application granted granted Critical
Publication of CN101964805B publication Critical patent/CN101964805B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method, equipment and a system for safely sending and receiving data, relates to the technical field of network security, and aims to reduce the complexity of safe data transmission. The method for safely sending the data comprises the following steps of: generating a session key, and encrypting the data by using the session key to form encrypted data; acquiring an enterprise-level key in a first smart card of a sending end, and encrypting the session key by using the enterprise-level key to form an encrypted session key; and writing the encrypted data and the encrypted session key into a second smart card of the sending end, and sending data information containing the encrypted data and the encrypted session key to a receiving end by using the second smart card, wherein the second smart card is a smart card having the functions of data transmission. The embodiment of the invention is used for safely transmitting the data.

Description

Method, equipment and system for safely transmitting and receiving data
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method, device, and system for securely transmitting and receiving data.
Background
The network security transmission technology is a technology that original information to be transmitted is embedded into a data packet of another protocol after being encrypted and protocol encapsulated, and the data packet is transmitted in a network like a common data packet. After the original information is encrypted and protocol encapsulated, only the users of the source end and the destination end can interpret and process the nested information in the transmission channel, but the nested information is not decryptable for other users.
Existing network security transmission technologies include technologies based on the Internet Key Exchange (IKE) protocol and digital envelope technologies. The technology based on the Internet key exchange protocol is that a communication source end and a communication destination end calculate and generate a shared key by exchanging data through a Diffie-Hellman algorithm, and a public key cryptosystem is adopted to carry out identity authentication on the shared key. The digital envelope technology comprises the following steps: the communication source end encrypts data by using a symmetric key generated randomly, and then encrypts the symmetric key by using a public key of the destination end, wherein the symmetric key encrypted by the public key is called a digital envelope. When data is transmitted, if a destination terminal wants to decrypt the data, the destination terminal must decrypt the digital envelope by using a private key of the destination terminal to obtain the symmetric key, and the symmetric key is used for decrypting the data.
However, the inventor finds that the following problems exist in the prior art: both the internet key exchange protocol-based technology and the digital envelope technology require a third-party authority certification authority to perform identity certification and public key distribution, and the complexity of a data security transmission system is increased by establishing a protocol system with the third-party authority certification authority.
Disclosure of Invention
Embodiments of the present invention provide a method, device, and system for transmitting and receiving data securely, which can reduce the complexity of data secure transmission.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a method of secure transmission of data, comprising:
generating a session key, and encrypting data by adopting the session key to form encrypted data;
acquiring an enterprise-level key in a first intelligent card of a sending end, and encrypting the session key by adopting the enterprise-level key to form an encrypted session key;
and writing the encrypted data and the encrypted session key into a second smart card of the sending end, and sending data information containing the encrypted data and the encrypted session key to a receiving end through the second smart card, wherein the second smart card is a smart card with a data transmission function.
Corresponding to the data sending method, an embodiment of the present invention further provides a method for safely receiving data, including:
acquiring data information obtained from a sending end from a second intelligent card, wherein the second intelligent card is an intelligent card with a data transmission function, and the data information comprises data encrypted by a session key of the sending end and the session key encrypted by an enterprise-level key;
acquiring an enterprise-level key in a first smart card of a receiving end, and decrypting the data information by adopting the enterprise-level key to obtain a decrypted session key;
and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to obtain the data.
In order to implement the method for securely sending data, an embodiment of the present invention provides a device for securely sending data, including:
the system comprises a first smart card, a second smart card and a receiving end, wherein the first smart card is used for generating a session key and storing an enterprise-level key, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key to form an encrypted session key, writing the encrypted data and the encrypted session key into the second smart card, and sending data information containing the encrypted data and the encrypted session key to the receiving end through the second smart card; wherein,
the second smart card is a smart card with a data transmission function.
In order to implement the method for securely receiving data, an embodiment of the present invention further provides a device for securely receiving data, including:
the second intelligent card is used for acquiring data information sent by the sending end, wherein the second intelligent card is an intelligent card with a data transmission function, and the data information comprises data encrypted by a session key of the sending end and a session key encrypted by an enterprise-level key;
the first smart card is used for storing an enterprise-level key, acquiring the data information acquired by the second smart card, decrypting the data information by adopting the enterprise-level key to acquire a decrypted session key, and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to acquire data.
An embodiment of the present invention further provides a system for secure data transmission, including: a transmission channel consisting of a transmitting end and a receiving end; wherein,
the transmitting end comprises: the system comprises a first intelligent card of a sending end, a second intelligent card of the sending end and a sending end, wherein the first intelligent card is used for generating a session key and storing an enterprise-level key of the sending end, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key of the sending end to form an encrypted session key, writing the encrypted data and the encrypted session key into the second intelligent card of the sending end, and sending data information containing the encrypted data and the encrypted session key to the receiving end through the second intelligent card; wherein,
the second smart card of the sending end is a smart card with a data transmission function;
the receiving end includes: the second smart card of the receiving end is used for acquiring the data information sent by the sending end, wherein the second smart card of the receiving end is a smart card with a data transmission function;
the first smart card of the receiving end is used for storing the enterprise-level key of the receiving end, acquiring the data information acquired by the second smart card of the receiving end from the sending end, decrypting the data information by adopting the enterprise-level key of the receiving end to obtain a decrypted session key, and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to obtain data.
When data is sent safely, the session key is used for encrypting the data, further, the enterprise-level key is used for encrypting the session key and is stored in first intelligent card equipment, the first intelligent card ensures the safety of the enterprise-level key, the encrypted session key and the encrypted data are sent to a receiving end through a second intelligent card with a data transmission function, and the second intelligent card ensures the safety of the data in the sending process. In correspondence with the secure transmission of data, the data is also secured by the smart card at the time of data reception. According to the method, the device and the system for safely transmitting and receiving the data, the intelligent card is used for realizing a data transmission channel, the intelligent card guarantees data safety, a third party authority certification authority is prevented from participating in the data safety transmission process, and the complexity of realizing the data safety transmission is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for securely transmitting data according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for securely receiving data according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for authenticating validity of a device according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for a first smart card to authenticate a second smart card according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a method for authenticating a first smart card by a second smart card according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a device for securely transmitting data according to a second embodiment of the present invention;
FIG. 7 is a diagram illustrating a device for securely receiving data according to a second embodiment of the present invention;
fig. 8 is a schematic diagram of a system for secure data transmission according to a third embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The embodiment of the invention aims to provide a method for safely transmitting data, which can reduce the complexity of safe data transmission. Referring to fig. 1, the present embodiment includes the following steps:
101. and generating a session key, and encrypting data by adopting the session key to form encrypted data.
The session key is a symmetric key between the sending end and the receiving end and is used for verification between the sending end and the receiving end, the session key can be generated by the first intelligent card of the sending end when data are sent at each time, the session keys generated at each time can be different, and the data to be sent are encrypted by the session key so as to ensure data safety.
102. And acquiring an enterprise-level key in a first intelligent card of a sending end, and encrypting the session key by adopting the enterprise-level key to form an encrypted session key.
The first smart card at the sending end can be a smart card with a storage function, the first smart card stores an enterprise-level key, the enterprise-level key is a key used for encrypting a session key, the first smart card is written in when the equipment is issued, and all enterprise-level keys are consistent in the same data security transmission system.
In the embodiment, the enterprise-level key is used for encrypting the session key, so that the security of the session key is ensured, and the data security is further ensured.
103. And writing the encrypted data and the encrypted session key into a second smart card of the sending end.
The second smart card is a smart card with a data transmission function, and writes the encrypted data and the encrypted session key into the second smart card at the sending end and sends the encrypted data and the encrypted session key to the receiving end through the second smart card.
Further, the second smart card may be a smart card integrating a contact operation mode and a contactless operation mode, for example, the second smart card may be a dual interface Subscriber Identity Module (SIM) card disposed in the mobile terminal, i.e., a Subscriber Identity Module (SIM) card having a contact operation mode and a contactless operation mode. When the double-interface intelligent card receives data from the first intelligent card, the second intelligent card works in a non-contact working mode, and when the double-interface intelligent card sends data to the receiving end, the second intelligent card works in a contact working mode, so that the data is sent to the receiving end through the terminal in electrical contact with the second intelligent card.
Writing the encrypted data and the encrypted session key into a second smart card of the sending end, and sending data information containing the encrypted data and the encrypted session key to a receiving end through the second smart card, so the embodiment further comprises the following steps:
104. and sending data information containing the encrypted data and the encrypted session key to a receiving end through the second intelligent card.
The second smart card can be arranged on the mobile terminal, so that the embodiment of the invention can realize the safe transmission of data between the mobile terminals.
In this embodiment, the generation of the session key, the encryption of the data, and the encryption of the session key may be performed in the first smart card, but the generation is not limited to be performed in the first smart card, and may also be performed in a terminal to which the first smart card is electrically connected.
Corresponding to the method for securely sending data, an embodiment of the present invention further provides a method for securely receiving data, referring to fig. 2, where the embodiment includes the following steps:
201. the data information obtained from the transmitting end is obtained from the second smart card.
Correspondingly, the second smart card at the receiving end acquires the data information sent by the sending end.
The second smart card is a smart card with a data transmission function, and the data information comprises data encrypted by a session key of a sending end and a session key encrypted by an enterprise-level key.
202. And acquiring an enterprise-level key in a first smart card of a receiving end, and decrypting the data information by adopting the enterprise-level key to obtain a decrypted session key.
The enterprise-level key in the first smart card at the receiving end is consistent with the enterprise-level key at the sending end and is written when the device is issued.
203. And decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to obtain the data.
In the method, the decryption of the session key and the decryption of the data may be performed in the first smart card on the receiving side, but the decryption may be performed not only in the first smart card but also in a terminal to which the first smart card is electrically connected.
In this embodiment, the sending end and the receiving end are distinguished only by the source end and the destination end of data transmission, and roles of the sending end and the receiving end can be interchanged for different transmission directions.
The method for safely transmitting and receiving data provided by the embodiment of the invention adopts the session key to encrypt the data, further, the enterprise-level key encrypts the session key, the enterprise-level key is stored in the first intelligent card device, the first intelligent card ensures the safety of the enterprise-level key, the encrypted session key and the data are transmitted to a receiving end through the second intelligent card with a data transmission function, and the second intelligent card ensures the safety of the data in the transmission process. In correspondence with the secure transmission of data, the data is also secured by the smart card at the time of data reception. The intelligent card realizes a data transmission channel, ensures data safety, avoids participation of a third party authority certification authority in a data safety transmission process, and reduces the complexity of realizing data safety transmission.
Further, before generating the session key and encrypting the data by using the session key to form encrypted data, the method of this embodiment includes a process of performing validity authentication on the smart card by using a dynamic password, which is shown in fig. 3, and specifically includes the following steps:
111. and the first smart card generates a dynamic password and writes the dynamic password into the second smart card.
112. And acquiring the dynamic password of the second smart card.
The second smart card receives the dynamic password sent by the first smart card and can display the dynamic password.
113. Determining that the dynamic password generated by the first smart card matches the dynamic password obtained from the second smart card.
The method comprises the steps of inputting a dynamic password displayed by a second smart card into a first smart card or a terminal electrically connected with the first smart card, comparing whether the dynamic password generated by the first smart card is matched with the dynamic password acquired from the second smart card, if so, sending and receiving data through a transmission channel formed by the first smart card and the second smart card, and if not, transmitting the data between the first smart card and the second smart card. Wherein the dynamic password may be a one-time pad.
Before each data transmission, the matching between the first smart card and the second smart card is verified by using the dynamic password, and the data transmission safety is further enhanced.
The method described in the above steps 111 to 113 is also suitable for performing validity authentication on the first smart card and the second smart card before receiving data, and the specific steps are the same as above and are not described herein again.
Further, before receiving and sending data, the present embodiment further includes the following steps:
and the second smart card acquires a user password and performs initial authentication on the second smart card.
And the user password is a number for carrying out identity identification on the second intelligent card when the equipment is issued, and the user password is adopted to log in the second intelligent card so as to prevent an illegal user from receiving or sending data by utilizing the second intelligent card.
Further, before generating the session key and encrypting the data by using the session key to form the encrypted data, referring to fig. 4, the present embodiment may further include the following step of authenticating the second smart card by the first smart card:
121. the first smart card generates a random number.
122. The first smart card sends the random number to the second smart card.
Sending the random number to a second smart card, so that the second smart card encrypts the random number by using an internal authentication key stored in the second smart card to form an encrypted random number, and therefore, the embodiment further includes step 123.
123. And the second intelligent card acquires the random number, and encrypts the random number according to the internal authentication key in the second intelligent card to form a first encrypted random number.
The second smart card returns the first encrypted random number to the first smart card.
124. And the first smart card receives the first encrypted random number sent by the second smart card and authenticates the encrypted random number according to the internal authentication key in the first smart card.
In this embodiment, the first smart card initiates authentication, and the second smart card encrypts the random number from the first smart card according to a preset internal authentication key. Further, the random number may be encrypted by a distributed key of the internal authentication key. And returning the encrypted random number to the first intelligent card, and decrypting the returned encrypted random number by the first intelligent card by adopting an internal authentication key which is symmetrical to the internal authentication key in the second intelligent card to finish authentication.
Further, in this embodiment, the authentication result of the first smart card to the second smart card may also be returned to the terminal electrically connected to the first smart card, and the specific method includes:
125. and the second smart card transmits the first encrypted random number to a terminal electrically connected with the first smart card through the first smart card.
126. And the first intelligent card encrypts the generated random number according to the internal authentication key and sends the encrypted random number to a terminal electrically connected with the first intelligent card.
127. And the terminal electrically connected with the first intelligent card confirms that the first encrypted random number is consistent with the data obtained by encrypting the generated random number by the first intelligent card, so that the result feedback of the authentication of the first intelligent card on the second intelligent card is completed.
The feedback result is consistent with the authentication result obtained according to steps 121 to 124. Of course, the feedback of the authentication result is not limited to the method described in the steps 125 to 127, and the first smart card may also output the authentication result directly to the terminal electrically connected to the first smart card.
Further, in this embodiment, before generating the session key and encrypting the data by using the session key to form encrypted data, the method may further include the following step of authenticating the first smart card by the second smart card:
131. the second smart card generating another random number;
132. the first smart card acquires the other random number generated by the second smart card, and encrypts the other random number according to an external authentication key in the first smart card to form a second encrypted random number;
133. and the first smart card sends the encrypted random number to the second smart card.
So that the second smart card authenticates the encrypted random number using an external authentication key stored in the second smart card.
134. And the second smart card acquires the second encrypted random number and authenticates the second encrypted random number according to an external authentication key in the second smart card.
In this embodiment, the second smart card initiates authentication, and the first smart card encrypts the random number from the second smart card according to a preset external authentication key. Further, the random number may be encrypted by a distributed key of the external authentication key. And returning the encrypted random number to the second intelligent card, and decrypting the returned encrypted random number by the second intelligent card by adopting an external authentication key which is symmetrical to the external authentication key in the first intelligent card to finish authentication.
Further, the embodiment may further lock a second smart card that sends or receives data, specifically: and the second smart card receives locking information, and locks the second smart card according to the locking information to make the second smart card inoperable.
More specifically, the step of locking the second smart card by the data transmission system includes the following steps:
141. an authorization device of the data transmission system obtains authorization to lock the second smart card.
142. And the authorization equipment generates locking information according to the locking instruction.
143. And sending the locking information to the second smart card.
144. And the second intelligent card receives the locking information and executes a locking instruction.
When the second smart card is lost or stolen, the possibility that the second smart card is illegally utilized exists, so that a locking instruction is sent by authorization equipment of a data transmission system, and the second smart card is locked according to the locking instruction, so that the second smart card is inoperable.
The embodiment of the invention provides a method for safely transmitting and receiving data, and simultaneously, in order to further ensure the safety of a data transmission channel, the embodiment adopts a user password to verify the validity of a second intelligent card, mutually verifies a first intelligent card and the second intelligent card, and dynamically verifies the first intelligent card and the second intelligent card by one time of one time before transmission. The embodiment of the invention ensures the safety of data in the transmission process through multiple guarantees.
Example two
The second embodiment of the invention provides equipment for realizing the safe data sending and receiving in the first embodiment of the invention.
Referring to fig. 6, the apparatus 1 for securely transmitting data in the present embodiment includes: the first smart card 2 is used for generating a session key and storing an enterprise-level key, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key to form an encrypted session key, writing the encrypted data and the encrypted session key into the second smart card 3, and sending data information containing the encrypted data and the encrypted session key to a receiving end through the second smart card 3; wherein, the second smart card 3 is a smart card with data transmission function.
The first smart card 2 and the second smart card 3 may not be in one device, the first smart card 2 may be connected to a PC for use, the second smart card 3 may be installed in a mobile terminal, the first smart card 2 has a sending and receiving function, and sends data to the second smart card 3 (for example, through an antenna), the second smart card 3 also has a sending and receiving function to receive the data of the first smart card 2 (for example, through an antenna), the second smart card 3 receives the data, and the mobile terminal installed with the second smart card 3 receives the data, and sends the data to a receiving end through a mobile communication network.
The session key is a symmetric key between the sending end and the receiving end and is used for verification between the sending end and the receiving end, the session key can be generated by the first intelligent card of the sending end every time when data is sent, and the session keys generated every time are different.
The first intelligent card also comprises a card reader which can be connected to a terminal, the terminal is electrically connected with the first intelligent card through a card reader module, and the terminal is provided with a software module which can trigger data transmission through the software module. The storage module of the first intelligent card stores an enterprise-level key, the enterprise-level key is used for encrypting a session key, the session key is written into the first intelligent card when equipment is issued, and all the enterprise-level keys are consistent in the same data security transmission system.
Further, the second smart card may be a smart card integrating a contact operation mode and a contactless operation mode, for example, the second smart card may be a dual interface Subscriber Identity Module (SIM) card disposed in the mobile terminal, i.e., a Subscriber Identity Module (SIM) card having a contact operation mode and a contactless operation mode. When the double-interface intelligent card receives data from the first intelligent card, the second intelligent card works in a non-contact working mode, and when the double-interface intelligent card sends data to the receiving end, the second intelligent card works in a contact working mode, so that the data is sent to the receiving end through the terminal in electrical contact with the second intelligent card.
Corresponding to the device for securely transmitting data, the device 4 for securely receiving data in this embodiment shown in fig. 7 includes: the second smart card 6 is used for acquiring data information sent by a sending end, wherein the second smart card 6 is a smart card with a data transmission function, and the data information comprises data encrypted by a session key of the sending end and a session key encrypted by an enterprise-level key; and the first smart card 5 is used for storing an enterprise-level key, acquiring the data information acquired by the second smart card 6, decrypting the data information by using the enterprise-level key to acquire a decrypted session key, and decrypting the data encrypted by the session key of the sending end by using the decrypted session key to acquire data.
It should be noted that the data security sending device and the data security receiving device of the present embodiment are only distinguished by the source end and the destination end of data transmission, and they have symmetric hardware structures, which are divided into a sending device and a receiving device for different transmission directions. The same first smart card or the second smart card can be used as an equipment module of a sending end and an equipment module of a receiving end.
The first smart card and the second smart card of the sending device and the receiving device of the embodiment are respectively provided with a microprocessor module, a storage module and a communication module; the micro-processing module performs operations such as data encryption and decryption, the storage module stores data related to session keys and enterprise-level keys and other data, and the communication module is used for sending and receiving data. The first smart card and the second smart card are both provided with a chip operating system for completing action operation in cooperation with a hardware module.
The embodiment of the invention can be applied to file transmission, the file transmission source and the file transmission destination are respectively a first intelligent card, the first intelligent card is a high-capacity intelligent card, the file to be transmitted is encrypted by the first intelligent card and then transmitted to a terminal of a receiving end through a terminal provided with a second intelligent card, and the terminal of the receiving end is also provided with the second intelligent card. The large-capacity smart card provides an environment for secure storage and encryption of files, and establishes a channel for file transmission through the second smart card.
The device for safely transmitting and receiving data provided by the embodiment of the invention encrypts data by using the session key, further encrypts the session key by using the enterprise-level key, stores the enterprise-level key in the first intelligent card device, ensures the safety of the enterprise-level key by using the first intelligent card, transmits the encrypted session key and the encrypted data to the receiving end by using the second intelligent card with a data transmission function, and ensures the safety of the data by using the second intelligent card in the transmission process. In correspondence with the secure transmission of data, the data is also secured by the smart card at the time of data reception. The intelligent card realizes a data transmission channel, ensures data safety, avoids participation of a third party authority certification authority in a data safety transmission process, and reduces the complexity of realizing data safety transmission.
Further, when data is sent or received safely, the first smart card of this embodiment is further configured to generate a dynamic password, write the dynamic password into the second smart card, obtain the dynamic password of the second smart card, and determine that the dynamic password generated by the first smart card matches the dynamic password obtained from the second smart card; the second smart card is further configured to receive the dynamic password sent by the first smart card.
The second smart card reads the dynamic password from the first smart card, can display the dynamic password, inputs the dynamic password displayed by the second smart card into the first smart card or a terminal electrically connected with the first smart card, compares whether the dynamic password generated by the first smart card is matched with the dynamic password acquired from the second smart card, if the dynamic password is matched with the dynamic password, data can be sent and received through a transmission channel formed by the first smart card and the second smart card, and if the dynamic password is not matched with the dynamic password, data cannot be transmitted between the first smart card and the second smart card. Wherein the dynamic password is a one-time pad.
Further, the second smart card is further configured to obtain a user password and perform initial authentication on the second smart card.
And the user password is a number for carrying out identity identification on the second intelligent card when the equipment is issued, and the user password is adopted to log in the second intelligent card so as to prevent an illegal user from receiving or sending data by utilizing the second intelligent card.
Further, the first smart card of this embodiment is further configured to store an internal authentication key and generate a random number, send the random number to the second smart card, receive a first encrypted random number formed by encrypting the random number by the second smart card, and authenticate the first encrypted random number according to the internal authentication key; the second smart card is further configured to store an internal authentication key, obtain the random number generated by the first smart card, and encrypt the random number according to the internal authentication key to form the first encrypted random number.
The first smart card initiates authentication, and the second smart card encrypts the random number from the first smart card according to a preset internal authentication key. Further, the random number may be encrypted by a distributed key of the internal authentication key. And returning the encrypted random number to the first intelligent card, and decrypting the returned encrypted random number by the first intelligent card by adopting an internal authentication key which is symmetrical to the internal authentication key in the second intelligent card to finish authentication. Furthermore, the terminal electrically connected with the first smart card can feed back the authentication result through the software module of the terminal.
Further, in this embodiment, the first smart card is further configured to store an external authentication key, obtain another random number generated by the second smart card, and encrypt the another random number according to the external authentication key to form the second encrypted random number; the second smart card is further configured to store an external authentication key and generate the another random number, send the another random number to the first smart card, receive a second encrypted random number formed by encrypting the another random number by the first smart card, and authenticate the second encrypted random number according to the external authentication key.
And the second smart card initiates authentication, and the first smart card encrypts the random number from the second smart card according to a preset external authentication key. Further, the random number may be encrypted by a distributed key of the external authentication key. And returning the encrypted random number to the second intelligent card, and decrypting the returned encrypted random number by the second intelligent card by adopting an external authentication key which is symmetrical to the external authentication key in the first intelligent card to finish authentication.
Further, the second smart card of this embodiment is further configured to receive locking information, and lock the second smart card according to the locking information, so that the second smart card is inoperable.
When the second smart card is lost or stolen, the possibility that the second smart card is illegally utilized exists, so that a locking instruction is sent by authorization equipment of a data transmission system, and the second smart card is locked according to the locking instruction, so that the second smart card is inoperable.
The embodiment of the invention provides equipment for safely transmitting and receiving data, and simultaneously, in order to further ensure the safety of a data transmission channel, the embodiment adopts a user password to verify the validity of the second intelligent card, mutually verifies the first intelligent card and the second intelligent card, and dynamically verifies the first intelligent card and the second intelligent card by one time of one time before transmission. The embodiment of the invention ensures the safety of data in the transmission process through multiple guarantees.
EXAMPLE III
Referring to fig. 8, based on the second embodiment, the embodiment of the present invention provides a system 7 for secure data transmission, including: a transmission channel composed of a transmitting end 1 and a receiving end 4; wherein,
the transmitting end 1 includes: the first intelligent card 2 of the sending end is used for generating a session key and storing an enterprise-level key of the sending end, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key of the sending end to form an encrypted session key, writing the encrypted data and the encrypted session key into the second intelligent card 3 of the sending end, and sending data information containing the encrypted data and the encrypted session key to the receiving end through the second intelligent card 3; the second smart card 3 at the sending end is a smart card with a data transmission function; (ii) a
The receiving end 4 includes: the second smart card 6 at the receiving end is used for acquiring the data information sent by the sending end, wherein the second smart card 6 at the receiving end is a smart card with a data transmission function;
and the first smart card 5 of the receiving end is used for storing the enterprise-level key of the receiving end, acquiring the data information acquired by the second smart card 6 of the receiving end from the transmitting end, decrypting the data information by adopting the enterprise-level key of the receiving end to obtain a decrypted session key, and decrypting the data encrypted by the session key of the transmitting end by adopting the decrypted session key to obtain data.
The present embodiment is based on the second embodiment, and includes the device for securely sending data and the device for securely receiving data described in the second embodiment, and the present embodiment has the functions and structural features of the smart card of the second embodiment, and specific details are given in the second embodiment, and are not described herein again.
In the system for data secure transmission according to the embodiment of the present invention, the first smart card and the second smart card at the sending end and the receiving end provide an environment for secure key storage and secure data encryption, thereby forming a secure data transmission channel. The channel for realizing data transmission by the intelligent card ensures data safety, avoids the participation of a third party authority certification authority in the process of data safety transmission, and reduces the complexity for realizing data safety transmission
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product, which includes several instructions for causing a computer device to execute the method described above in the embodiments of the present invention.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.

Claims (17)

1. A method for secure transmission of data, comprising:
generating a session key, and encrypting data by adopting the session key to form encrypted data;
acquiring an enterprise-level key in a first intelligent card of a sending end, and encrypting the session key by adopting the enterprise-level key to form an encrypted session key;
and writing the encrypted data and the encrypted session key into a second smart card of the sending end, and sending data information containing the encrypted data and the encrypted session key to a receiving end through the second smart card, wherein the second smart card is a smart card with a data transmission function.
2. A method for the secure transmission of data according to claim 1, wherein before said generating a session key, encrypting data using said session key to form encrypted data, the method comprises:
generating a dynamic password, and writing the dynamic password into the second smart card;
acquiring a dynamic password of the second smart card;
determining that the dynamic password generated by the first smart card matches the dynamic password obtained from the second smart card.
3. The method for securely transmitting data according to claim 1, wherein before said generating a session key, and encrypting data using said session key to form encrypted data, the method further comprises:
generating a random number;
sending the random number to the second smart card, so that the second smart card encrypts the random number by using an internal authentication key stored in the second smart card to form an encrypted random number;
and receiving the encrypted random number sent by the second smart card, and authenticating the encrypted random number according to the internal authentication key in the first smart card.
4. The method for securely transmitting data according to claim 1, wherein before said generating a session key, and encrypting data using said session key to form encrypted data, the method further comprises:
acquiring a random number generated by the second smart card, and encrypting the random number according to an external authentication key in the first smart card to form an encrypted random number;
and sending the encrypted random number to the second smart card so that the second smart card authenticates the encrypted random number by adopting an external authentication key stored in the second smart card.
5. A method for the secure transmission of data according to any of claims 1 to 4, wherein before said generating a session key, encrypting data using said session key to form encrypted data, the method comprises:
and the second smart card acquires a user password and performs initial authentication on the second smart card.
6. A method for the secure transmission of data according to claim 1, characterized in that the method further comprises:
and the second smart card receives locking information, and locks the second smart card according to the locking information to make the second smart card inoperable.
7. Method for the secure transmission of data according to claim 1, characterized in that said second smart card is embodied as a subscriber identity card having a contact mode of operation and a contactless mode of operation.
8. A method for secure reception of data, comprising:
acquiring data information obtained from a sending end from a second intelligent card, wherein the second intelligent card is an intelligent card with a data transmission function, and the data information comprises data encrypted by a session key of the sending end and the session key encrypted by an enterprise-level key;
acquiring an enterprise-level key in a first smart card of a receiving end, and decrypting the data information by adopting the enterprise-level key to obtain a decrypted session key;
and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to obtain the data.
9. An apparatus for secure transmission of data, comprising:
the system comprises a first smart card, a second smart card and a receiving end, wherein the first smart card is used for generating a session key and storing an enterprise-level key, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key to form an encrypted session key, writing the encrypted data and the encrypted session key into the second smart card, and sending data information containing the encrypted data and the encrypted session key to the receiving end through the second smart card; wherein,
the second smart card is a smart card with a data transmission function.
10. The apparatus for secure transmission of data according to claim 9, wherein:
the first smart card is further used for generating a dynamic password, writing the dynamic password into the second smart card, acquiring the dynamic password of the second smart card, and determining that the dynamic password generated by the first smart card is matched with the dynamic password acquired from the second smart card; wherein,
and the second smart card is also used for receiving the dynamic password sent by the first smart card.
11. Apparatus for the secure transmission of data according to claim 9, characterized by:
the first smart card is further configured to store an internal authentication key and generate a random number, send the random number to the second smart card, receive an encrypted random number formed by encrypting the random number by the second smart card, and authenticate the encrypted random number according to the internal authentication key; wherein,
the second smart card is further configured to store an internal authentication key, obtain the random number generated by the first smart card, and encrypt the random number according to the internal authentication key to form the encrypted random number.
12. Apparatus for the secure transmission of data according to claim 9, characterized by:
the first smart card is further configured to store an external authentication key, obtain a random number generated by the second smart card, and encrypt the random number according to the external authentication key to form an encrypted random number;
the second smart card is further configured to store an external authentication key and generate the random number, send the random number to the first smart card, receive the encrypted random number formed by encrypting the random number by the first smart card, and authenticate the encrypted random number according to the external authentication key.
13. Apparatus for the secure transmission of data according to any of claims 9 to 12, characterized in that: the second smart card is further used for obtaining a user password and performing initial authentication on the second smart card.
14. The apparatus for secure transmission of data according to claim 9, wherein:
and the second smart card is also used for receiving locking information and locking the second smart card according to the locking information so as to enable the second smart card to be inoperable.
15. The apparatus for secure transmission of data according to claim 9, wherein: the second smart card is specifically a subscriber identity module card having a contact mode of operation and a contactless mode of operation.
16. An apparatus for secure reception of data, comprising:
the second intelligent card is used for acquiring data information sent by the sending end, wherein the second intelligent card is an intelligent card with a data transmission function, and the data information comprises data encrypted by a session key of the sending end and a session key encrypted by an enterprise-level key;
the first smart card is used for storing an enterprise-level key, acquiring the data information acquired by the second smart card, decrypting the data information by adopting the enterprise-level key to acquire a decrypted session key, and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to acquire data.
17. A system for secure transmission of data, comprising: a transmission channel consisting of a transmitting end and a receiving end; wherein,
the transmitting end comprises: the system comprises a first intelligent card of a sending end, a second intelligent card of the sending end and a sending end, wherein the first intelligent card is used for generating a session key and storing an enterprise-level key of the sending end, encrypting data by adopting the session key to form encrypted data, encrypting the session key by adopting the enterprise-level key of the sending end to form an encrypted session key, writing the encrypted data and the encrypted session key into the second intelligent card of the sending end, and sending data information containing the encrypted data and the encrypted session key to the receiving end through the second intelligent card; wherein,
the second smart card of the sending end is a smart card with a data transmission function;
the receiving end includes: the second smart card of the receiving end is used for acquiring the data information sent by the sending end, wherein the second smart card of the receiving end is a smart card with a data transmission function;
the first smart card of the receiving end is used for storing the enterprise-level key of the receiving end, acquiring the data information acquired by the second smart card of the receiving end from the sending end, decrypting the data information by adopting the enterprise-level key of the receiving end to obtain a decrypted session key, and decrypting the data encrypted by the session key of the sending end by adopting the decrypted session key to obtain data.
CN201010524057.3A 2010-10-28 2010-10-28 Method, equipment and system for safely sending and receiving data Expired - Fee Related CN101964805B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010524057.3A CN101964805B (en) 2010-10-28 2010-10-28 Method, equipment and system for safely sending and receiving data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010524057.3A CN101964805B (en) 2010-10-28 2010-10-28 Method, equipment and system for safely sending and receiving data

Publications (2)

Publication Number Publication Date
CN101964805A true CN101964805A (en) 2011-02-02
CN101964805B CN101964805B (en) 2013-07-31

Family

ID=43517537

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010524057.3A Expired - Fee Related CN101964805B (en) 2010-10-28 2010-10-28 Method, equipment and system for safely sending and receiving data

Country Status (1)

Country Link
CN (1) CN101964805B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
CN104283680A (en) * 2013-07-05 2015-01-14 腾讯科技(深圳)有限公司 Data transmission method, client side, server and system
CN105208028A (en) * 2015-09-30 2015-12-30 北京金山安全软件有限公司 Data transmission method and related device and equipment
WO2017181518A1 (en) * 2016-04-22 2017-10-26 中兴通讯股份有限公司 Method, apparatus and system for encrypting communication
CN109101803A (en) * 2018-07-25 2018-12-28 腾讯科技(深圳)有限公司 Biometric apparatus and method
CN109410394A (en) * 2018-10-11 2019-03-01 深圳市捷恩斯威科技有限公司 A kind of method for sending information and information transmitting system of intelligent door lock
CN111107038A (en) * 2018-10-25 2020-05-05 山东量子科学技术研究院有限公司 Encryption method, decryption method and device
CN111181894A (en) * 2018-11-09 2020-05-19 北京天德科技有限公司 Efficient and safe protocol for block link point communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499142A (en) * 2008-12-29 2009-08-05 北京握奇数据系统有限公司 Double-interface smart card and method for processing application instruction
CN101521670A (en) * 2009-03-30 2009-09-02 北京握奇数据系统有限公司 Method and system for acquiring application data
CN101667240A (en) * 2009-08-20 2010-03-10 北京握奇数据系统有限公司 Intelligent card and card writing method, equipment and system thereof
CN101765105A (en) * 2009-12-17 2010-06-30 北京握奇数据系统有限公司 Method for realizing communication encryption as well as system and mobile terminal therefor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499142A (en) * 2008-12-29 2009-08-05 北京握奇数据系统有限公司 Double-interface smart card and method for processing application instruction
CN101521670A (en) * 2009-03-30 2009-09-02 北京握奇数据系统有限公司 Method and system for acquiring application data
CN101667240A (en) * 2009-08-20 2010-03-10 北京握奇数据系统有限公司 Intelligent card and card writing method, equipment and system thereof
CN101765105A (en) * 2009-12-17 2010-06-30 北京握奇数据系统有限公司 Method for realizing communication encryption as well as system and mobile terminal therefor

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
CN104283680A (en) * 2013-07-05 2015-01-14 腾讯科技(深圳)有限公司 Data transmission method, client side, server and system
CN105208028A (en) * 2015-09-30 2015-12-30 北京金山安全软件有限公司 Data transmission method and related device and equipment
CN105208028B (en) * 2015-09-30 2019-03-15 北京金山安全软件有限公司 Data transmission method and related device and equipment
CN107306261B (en) * 2016-04-22 2021-09-07 中兴通讯股份有限公司 Encryption communication method, device and system
WO2017181518A1 (en) * 2016-04-22 2017-10-26 中兴通讯股份有限公司 Method, apparatus and system for encrypting communication
CN107306261A (en) * 2016-04-22 2017-10-31 中兴通讯股份有限公司 A kind of encryption communication method and device, system
CN109101803A (en) * 2018-07-25 2018-12-28 腾讯科技(深圳)有限公司 Biometric apparatus and method
CN109101803B (en) * 2018-07-25 2023-06-23 腾讯科技(深圳)有限公司 Biometric identification apparatus and method
CN109410394A (en) * 2018-10-11 2019-03-01 深圳市捷恩斯威科技有限公司 A kind of method for sending information and information transmitting system of intelligent door lock
CN111107038B (en) * 2018-10-25 2022-07-29 山东量子科学技术研究院有限公司 Encryption method, decryption method and device
CN111107038A (en) * 2018-10-25 2020-05-05 山东量子科学技术研究院有限公司 Encryption method, decryption method and device
CN111181894A (en) * 2018-11-09 2020-05-19 北京天德科技有限公司 Efficient and safe protocol for block link point communication
CN111181894B (en) * 2018-11-09 2023-06-06 北京天德科技有限公司 Network communication method for enabling block chain nodes to efficiently communicate and safely

Also Published As

Publication number Publication date
CN101964805B (en) 2013-07-31

Similar Documents

Publication Publication Date Title
KR102519990B1 (en) Apparatus and method for authenticating
CN101964805B (en) Method, equipment and system for safely sending and receiving data
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN103152366B (en) Obtain the method for terminal authorization, terminal and server
CN101828357B (en) Credential provisioning method and device
CN113472793B (en) Personal data protection system based on hardware password equipment
CN109949461B (en) Unlocking method and device
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN108809633B (en) Identity authentication method, device and system
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
WO2015158172A1 (en) User identity identification card
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN101789068B (en) Card reader safety certification device and method
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN103905388A (en) Authentication method, authentication device, smart card, and server
JP2008535427A (en) Secure communication between data processing device and security module
CN113452687B (en) Method and system for encrypting sent mail based on quantum security key
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN105142134A (en) Parameter obtaining and transmission methods/devices
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
KR102521936B1 (en) Method of secured sharing of vehicle key
CN110611679A (en) Data transmission method, device, equipment and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd.

CP01 Change in the name or title of a patent holder
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130731

Termination date: 20211028

CF01 Termination of patent right due to non-payment of annual fee