CN102291400B - Smart card having password protection and data verification method - Google Patents
Smart card having password protection and data verification method Download PDFInfo
- Publication number
- CN102291400B CN102291400B CN201110225459.8A CN201110225459A CN102291400B CN 102291400 B CN102291400 B CN 102291400B CN 201110225459 A CN201110225459 A CN 201110225459A CN 102291400 B CN102291400 B CN 102291400B
- Authority
- CN
- China
- Prior art keywords
- smart card
- client
- password code
- digital signature
- indicator light
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000013524 data verification Methods 0.000 title claims abstract description 6
- 238000012790 confirmation Methods 0.000 claims abstract description 14
- 241001269238 Data Species 0.000 claims description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 2
- 239000003086 colorant Substances 0.000 abstract description 2
- 238000012795 verification Methods 0.000 abstract 1
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a smart card having password protection and a data verification method. The method comprises the following steps that: 1) the smart card is connected with a client, and the client makes a signature request to the smart card; 2) the smart card accepts the request and reminds a user of inputting a password; 3) the smart card verifies the password, if the password passes the verification, the smart card performs digital signature on data transmitted by the client, and transmits a preparatory message subjected to digital signature to the client for confirmation, if the preparatory message passes the confirmation, a second confirmation is performed by the smart card, if the preparatory message passes the second confirmation, the smart card transmits the data subjected to digital signature to the client; and the smart card has a password input keyboard, and the password input in the step 2) is input through the password input keyboard. By the method, the security of the smart card is enhanced, the risk produced by smart card loss under the condition that a host is controlled is avoided, encryption strength is improved by utilizing the algorithm of mixed message digest, users can conveniently understand the status of the smart card by utilizing three indicator lamps of three different colors, and the expansion of an application level is facilitated by utilizing the standard of a Java smart card.
Description
Technical field
The present invention relates to smart card techniques, mainly realize a kind of method of the USB smart card with password code key.
Background technology
Smart card techniques is the important means ensureing internet bank trade; smart card computational process is carried out in card, and key does not enter host computer system, has higher fail safe; adopt rivest, shamir, adelman to carry out signature protection to transaction data, data have can not forge and the feature such as undeniable.At present, on market, You Duojia bank releases USB smart card (also known as U shield), these numerous smart cards all adopt USB interface, controlled by the driver installing management USB smart card in main frame, being also all by inputting password code in host interface to the checking of smart card operation person, password code being sent to smart card and verifying, after being verified, signed by smart card, signed data is passed back main frame, to complete trade confirmation.In this case, this design also exists unsafe factor, this can not resist the attack of following situation: when computer is controlled (this phenomenon is very general in current network environment) by rogue attacks person, user inputs password code in once concluding the business, this password code is obtained by illegal program, after user completes transaction, as long as the smart card of user is connected with computer, attacking all likely uses the password code of acquisition to usurp smart card, realizes illegal transaction.Another kind of situation is, when user lost smart card accidentally, and smart card password code is obtained by hacker in certain transaction, and user account safety also will exist material risk.Existing attack case proves that it must be improved.
Summary of the invention
The present invention is directed to above-mentioned technological deficiency, propose a kind of smart card with password protection and data verification method.
In order to solve the problems of the technologies described above, technical scheme of the present invention is as follows:
With an intelligent card data verification method for password protection, comprise the steps,
1) by smart card and client's side link, described client proposes signature request to described smart card;
2) described smart card accepts described request, and prompting user inputs password code;
3) password code described in described smart card authentication, as passed through, then digital signature is carried out to the data of described client transmissions, and the preliminary message after digital signature is transferred to described client confirms, as passed through to confirm, then carry out secondary-confirmation by described smart card, as secondary-confirmation passes through, described smart card is by the extremely described client of the transfer of data after digital signature;
Described smart card is provided with cipher inputting keyboard, described step 2) in input password code input at described cipher inputting keyboard.
Optionally, in described step 3), digital signature comprises the steps,
21) eap-message digest is calculated to the data of described client transmissions;
22) call random data generation module and produce random number sequence;
23) digital signature is carried out to described eap-message digest and random number sequence;
Described step 21) in adopt SHA1 and MD5 algorithm to carry out calculating obtaining eap-message digest respectively, described step 23) adopt RSA Algorithm to carry out digital signature.
Optionally, described step 2) in user input password code and comprise the steps:
31) described smart card accepts built-in errors number counter O reset after described request;
32) password code is inputted by the first indicator light prompting user, then point out user by the 3rd indicator light as correct and enter step 3), as mistake, then by the second indicator light prompting user, judge whether described errors number counter variable is less than set point number, as being less than, after described errors number counter variable is increased 1, prompting user inputs again; As being greater than then smart card as described in locking.
A kind of smart card with password protection; described smart card is provided with cipher inputting keyboard, the first indicator light, the second indicator light and the 3rd indicator light; described smart card carries out password code input by described cipher inputting keyboard after accepting client signature request; described first indicator light inputs password code for pointing out user; described second indicator light inputs password code error for pointing out user, and described 3rd indicator light is used to indicate user, and to input password code correct.
Optionally, described smart card is also provided with counter, and described counter is for calculating user error password code input number of times.
Beneficial effect of the present invention is: the present invention can strengthen the fail safe of smart card, the controlled lower smart card of main frame can be avoided to lose the risk brought, adopt mixed messaging digest algorithm, strengthen Cipher Strength, adopt the warning light of three different colours, person easy to use understands intelligent card state, adopts Java smart card standard, can conveniently apply and expansion.
Accompanying drawing explanation
Fig. 1 is the flow chart of steps of the inventive method;
Fig. 2 is the flow chart of password code checking in the inventive method process;
Fig. 3 is the flow chart of signature algorithm in the inventive method process.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described further.
With a smart card for password protection, add numeric keypad and indicator light within a smart card, by the transition of operation of input password code to smart card end, password code without host computer, thus ensures password code safety.Power by using USB interface and transmit data, face arranges a password code input validation button on smart cards, a trade confirmation button, 10 numerical keys, design three signal lamps, represent input password password prompt, password code miscue, normal Standby three states respectively.This smart card follows Java smart card related specifications, Java Applet can be performed, support that RSA Algorithm carries out digital signature and authentication, concrete function flow process describes as shown in Figure 1, when client is concluded the business, when entering the payment stage, smart card is inserted USB interface, by smart card driver adapter related communication, client application can detect the existence of smart card, and the certificate of smart card can be selected as certificate to be signed.This green indicating lamp is bright, represent that smart card is in normal Standby state, the transaction data formed is sent into smart card, smart card starts password code authentication module, be proved to be successful and rear digital signature carried out to data, now do not send digital signature result, but send the signal of a confirmation request, the Signature Confirmation of card numeral is carried out Client-Prompt user, press the acknowledgement key on smart card as client after, digital signature data is returned to client, and digital signature data is submitted to service provider by client, completes transaction.If in checking password code process, the unsuccessful number of times of password code reaches limited number of times, then smart card refusal digital signature, return error message to client, this process is not shown in the diagram.
Password code shown in Fig. 2 tests the flow process of positive module, after smart card receives signature request, first built-in errors number counter variable is reset, then blue indicator light is lighted, prompting user uses the numerical key input password code on smart card, user inputs password code and by after acknowledgement key, blue lamp is opened as flicker, smart card compares the password code of input and built-in data, if password code is incorrect, point sends out a warning, counter increases 1, blue lamp extinguishes, counter variable value increases 1, if this hour counter is more than or equal to 6, then lock card, by hair fastener, department unlocks, counting is less than 6, then put light blue lamp, re-enter password code.If password code input is correct, then gives a green light, extinguish blue lamp, enter signature blocks.
The inside signature process of smart card shown in Fig. 3.Be divided into 5 steps: 1) first calculate expressly summary info with SHA1 algorithm, obtain 20 byte datas (being designated as H1); 2) calculate expressly summary info with MD5 algorithm, obtain 16 byte datas, be designated as H2; 3) produce random number sequence, length is 20 bytes, is designated as R; 4) finally use RSA asymmetric arithmetic to (H1, H2, R) totally 56 bytes use RSA Algorithms to be encrypted; 5) by 4) result that obtains issues client, completes signature process.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, without departing from the inventive concept of the premise; can also make some improvements and modifications, these improvements and modifications also should be considered as in scope.
Claims (1)
1. the intelligent card data verification method with password protection, is characterized in that, comprise the steps,
1) by smart card and client's side link, described client proposes signature request to described smart card;
2) described smart card accepts described request, and prompting user inputs password code;
3) password code described in described smart card authentication, as passed through, then digital signature is carried out to the data of described client transmissions, and the preliminary message after digital signature is transferred to described client confirms, be proved to be successful and rear digital signature carried out to data, now do not send digital signature result, but send the signal of a confirmation request, the Signature Confirmation of card numeral is carried out Client-Prompt user, as passed through to confirm, then carry out secondary-confirmation by described smart card, as secondary-confirmation passes through, described smart card is by the extremely described client of the transfer of data after digital signature,
Described smart card is provided with cipher inputting keyboard, described step 2) in input password code input at described cipher inputting keyboard;
In described step 3), digital signature comprises the steps,
21) eap-message digest is calculated to the data of described client transmissions, comprise the plaintext summary info calculated with SHA1 algorithm, totally 20 byte datas; With the plaintext summary info that MD5 algorithm calculates, totally 16 byte datas;
22) call random data generation module and produce random number sequence, length is 20 bytes;
23) digital signature is carried out to described eap-message digest and random number sequence, comprise expressly summary info and random number sequence totally 56 bytes;
Described step 21) in adopt SHA1 and MD5 algorithm to carry out calculating obtaining eap-message digest respectively, described step 23) adopt RSA Algorithm to carry out digital signature;
Described step 2) in user input password code and comprise the steps:
31) described smart card accepts built-in errors number counter O reset after described request;
32) password code is inputted by the first indicator light prompting user, then point out user by the 3rd indicator light as correct and enter step 3), as mistake, then by the second indicator light prompting user, judge whether described errors number counter variable is less than set point number, as being less than, after described errors number counter variable is increased 1, prompting user inputs again; As being greater than then smart card as described in locking;
Described smart card is provided with cipher inputting keyboard, the first indicator light, the second indicator light and the 3rd indicator light, described smart card carries out password code input by described cipher inputting keyboard after accepting client signature request, described first indicator light inputs password code for pointing out user, described second indicator light inputs password code error for pointing out user, and described 3rd indicator light is used to indicate user, and to input password code correct;
Described smart card is also provided with counter, and described counter is for calculating user error password code input number of times.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110225459.8A CN102291400B (en) | 2011-08-08 | 2011-08-08 | Smart card having password protection and data verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110225459.8A CN102291400B (en) | 2011-08-08 | 2011-08-08 | Smart card having password protection and data verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102291400A CN102291400A (en) | 2011-12-21 |
| CN102291400B true CN102291400B (en) | 2015-04-22 |
Family
ID=45337508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110225459.8A Active CN102291400B (en) | 2011-08-08 | 2011-08-08 | Smart card having password protection and data verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102291400B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763331A (en) * | 2014-12-19 | 2016-07-13 | 北大方正集团有限公司 | Data encryption method, device, data decryption method and device |
| CN106789045A (en) * | 2017-02-22 | 2017-05-31 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | A kind of intellective IC card, digital signature system and method |
| CN110188011A (en) * | 2019-05-28 | 2019-08-30 | 东信和平科技股份有限公司 | A kind of smart card national secret algorithm test method and device |
| CN112016918B (en) * | 2019-05-30 | 2024-06-25 | 小米数字科技有限公司 | Signature writing method, signature verification method, device and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340294A (en) * | 2008-08-07 | 2009-01-07 | 深圳市紫金支点技术股份有限公司 | Cipher keyboard apparatus and implementing method thereof |
-
2011
- 2011-08-08 CN CN201110225459.8A patent/CN102291400B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340294A (en) * | 2008-08-07 | 2009-01-07 | 深圳市紫金支点技术股份有限公司 | Cipher keyboard apparatus and implementing method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102291400A (en) | 2011-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105162596B (en) | For generating the safety value used in being interacted with server and the equipment for sending user to | |
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| CN101631022B (en) | Signing method and system thereof | |
| CN103067402B (en) | The generation method and system of digital certificate | |
| CN202856452U (en) | Power distribution network system | |
| CN102945526B (en) | A kind of device and method for improving mobile equipment on-line safety of payment | |
| CN103516525B (en) | Dynamic password generation method and system | |
| WO2015058596A1 (en) | Dynamic password generation method and system, and transaction request processing method and system | |
| CN102291400B (en) | Smart card having password protection and data verification method | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| US20150294310A1 (en) | Transaction system and transaction method | |
| CN102255727B (en) | Improved anti-attacking intelligent card authentication method based on user defined algorithm environment | |
| CN109041021A (en) | A kind of document transmission method based on bluetooth, terminal device and storage medium | |
| CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment | |
| CN101645124B (en) | Method for unlocking PIN code and intelligent secret key device | |
| KR20120093598A (en) | System and method for transferring money using otp generated from account number | |
| CN104579659A (en) | Device for safety information interaction | |
| CN103746802B (en) | A kind of data processing method and mobile phone based on arranging key | |
| CN101729505A (en) | Information interaction method and security device thereof | |
| CN103813321B (en) | Agreement key based data processing method and mobile phone | |
| CN100592317C (en) | Peripheral apparatus and method for verifying authority thereof | |
| CN103051618A (en) | Terminal authentication equipment and network authentication method | |
| CN205210986U (en) | Light wave encryption and decryption general purpose key system | |
| CN203151519U (en) | One-time password display system | |
| CN102281510A (en) | Multi-factor credible identity authenticating method and system for mobile mailbox |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |