CN103138925B - Hair fastener method of operation, IC-card sheet and card-issuing equipment - Google Patents
Hair fastener method of operation, IC-card sheet and card-issuing equipment Download PDFInfo
- Publication number
- CN103138925B CN103138925B CN201110380665.6A CN201110380665A CN103138925B CN 103138925 B CN103138925 B CN 103138925B CN 201110380665 A CN201110380665 A CN 201110380665A CN 103138925 B CN103138925 B CN 103138925B
- Authority
- CN
- China
- Prior art keywords
- card
- pki
- private key
- initial
- card issuer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
The invention discloses a kind of hair fastener method of operation, IC-card sheet and card-issuing equipment, wherein, the method comprises: card receives and the preset initial PKI issued, and receives by card issuer's PKI of initial private key signature; Card adopts initial PKI to carry out signature verification, obtains card issuer's PKI; Card employing card issuer PKI is replaced initial PKI and is carried out signature verification.The present invention adopts the embodiment of initial public private key pair+formal public private key pair, what card vendor in the end adopted before hair fastener step is all, and initial public private key pair that card vendor's (card-issuing equipment) self generates completes the protection of usage right of card, in the end hair fastener step is by formal card issuer's PKI write card, realizes the closedown to card vendor's authority; Ensure that application key and data message are write the fail safe of card process by card issuer's system, avoid the risk that card issuer's key, various application key and data message etc. are revealed.
Description
Technical field
The present invention relates to data service technology in the communications field, particularly, relate to the method for a kind of hair fastener operation, IC-card sheet and card-issuing equipment.
Background technology
As shown in Figure 1-2, in prior art, the distribution of card is main in the following way:
In the stage 1: card-issuing equipment is preset original application master control key (symmetric key) in card, card issuer's system generates formal application master control key (symmetric key) and other application key;
Stage 2: card issuer's system will apply master control key and other applies Key Distribution to card-issuing equipment;
Stage 3: card-issuing equipment adopts the protection of original application master control key, the original application master control key in card is updated to formal application master control key, adopts the protection of formal application master control key, write other application key.
It should be noted that, the above-mentioned card issuer's system mentioned is the owner of this card and the work system of user-card issuer, such as common carrier is a kind of card issuer, card vendor entrusts for accepting card issuer, the operation side writing application master control key and other application key is carried out to this card, card-issuing equipment is card vendor carries out writing cipher key operation work system to card, card is the IC-card supporting asymmetric encryption computing function, the SIM card of such as common carrier, usim card, UIM card etc., also comprise all kinds of IC-cards not possessing communication function simultaneously, as: all kinds of contact, contactless bank IC card, bus IC card etc.
In prior art, there are the following problems:
1, card vendor has the sensitive data (as application master control key and other application key) of card issuer, and on the one hand card vendor has management responsibility and the risk of key, and card issuer also subjects because card vendor is not good at the risk that causes leaking to key management simultaneously;
2, the program also can adopt the preset initial password of card vendor, follow-uply carries out the processing mode of washing card by card issuer, but the process of washing card is not undertaken by unsecured network, has larger limitation.
Summary of the invention
The object of the invention is to have for card vendor in prior art the defect that important sensitive data causes security risk larger, propose a kind of hair fastener method of operation, IC-card sheet and card-issuing equipment.
For achieving the above object, according to an aspect of the present invention, a kind of hair fastener method of operation is provided.
According to the hair fastener method of operation of the embodiment of the present invention, comprising:
Card receives and the preset initial PKI issued, and receives by card issuer's PKI of initial private key signature;
Card adopts initial PKI to carry out signature verification, obtains card issuer's PKI;
Card employing card issuer PKI is replaced initial PKI and is carried out signature verification.
In technique scheme, also comprise adopting card issuer PKI to replace after initial PKI carries out the step of signature verification: card receives card issuer's system and to issue and by the symmetry application key of card issuer's private key signature, employing card issuer PKI carries out signature verification.
In technique scheme, also comprise adopting card issuer PKI to replace after initial PKI carries out the step of signature verification: card receives card issuer's system and issues and by the data message of card issuer's private key signature, adopt card issuer's PKI to carry out signature verification.
In technique scheme, replace before initial PKI carries out the step of signature verification at employing card issuer PKI and also comprise: card generates card public private key pair according to the instruction issued, by the indwelling of card private key, and the card PKI through card private key signature is returned to card-issuing equipment retention.
In technique scheme, after card PKI being returned to the step that card-issuing equipment retains, adopt card issuer PKI to replace initial PKI to carry out taking a step forward of the step of signature verification and comprise: card generates according to the instruction issued and applies public private key pair, adopt card private key to application public key signature, and the application PKI after signature is returned to card-issuing equipment.
In technique scheme, also comprise adopting card issuer PKI to replace after initial PKI carries out the step of signature verification: card receives card issuer's system and to issue and by the symmetry application key of card issuer's private key signature, employing card issuer PKI carries out signature verification.
In technique scheme, also comprise adopting card issuer PKI to replace after initial PKI carries out the step of signature verification: card receives card issuer's system and issues and by the data message of card issuer's private key signature, adopt card issuer's PKI to carry out signature verification.
In technique scheme, also comprised generate the step of card public private key pair at card before: card receives card-issuing equipment and issues and the instruction of generation card public private key pair by initial private key signature, adopts initial PKI to carry out signature verification.
For achieving the above object, according to another aspect of the present invention, another kind of hair fastener method of operation is provided.
According to the hair fastener method of operation of the embodiment of the present invention, comprising:
Card-issuing equipment generates initial public private key pair, preserves initial private key, and initial PKI is handed down to card;
Card-issuing equipment receives card issuer's PKI that card issuer's system issues, and issues the replacement instruction being replaced initial PKI by card issuer's PKI to card;
Card-issuing equipment adopts initial private key to sign to card issuer's PKI and described replacement instruction, and is handed down to card.
In technique scheme, hair fastener method of operation also comprises: card-issuing equipment issues the instruction generating card public private key pair to card, adopt initial PKI to sign to this instruction.
In technique scheme, hair fastener method of operation also comprises: card-issuing equipment issues the instruction generating application public private key pair to card, adopt initial PKI to sign to this instruction.
For achieving the above object, according to another aspect of the present invention, a kind of IC-card sheet is provided.
According to the IC-card sheet of the embodiment of the present invention, comprising:
Receiving preset module, for receiving and the preset initial PKI issued, and receiving by card issuer's PKI of initial private key signature;
Signature verification module, for adopting described initial PKI to carry out signature verification, obtains described card issuer's PKI;
Replace authentication module, replace described initial PKI for adopting described card issuer's PKI and carry out signature verification.
In technique scheme, IC-card sheet also comprises: signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
In technique scheme, IC-card sheet also comprises: signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
In technique scheme, IC-card sheet also comprises: key production module, for generating card public private key pair according to the instruction issued, by the indwelling of card private key, and the card PKI through described card private key signature is returned to card-issuing equipment retention.
In technique scheme, IC-card sheet also comprises: described key production module, also for generating application public private key pair according to the instruction issued, adopting described card private key to application public key signature, and the application PKI after signature is returned to card-issuing equipment.
In technique scheme, IC-card sheet also comprises: signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts described card issuer's PKI to carry out signature verification.
In technique scheme, IC-card sheet also comprises: signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
For achieving the above object, according to another aspect of the present invention, a kind of card-issuing equipment is provided.
According to the card-issuing equipment of the embodiment of the present invention, comprising:
Initial key module, for generating initial public private key pair, preserves initial private key, initial PKI is handed down to card;
Reception issues module, for receiving card issuer's PKI that card issuer's system issues, issues the replacement instruction being replaced initial PKI by card issuer's PKI to card;
Signature issues module, for adopting initial private key to sign to card issuer's PKI and described replacement instruction, and is handed down to card.
In technique scheme, card-issuing equipment also comprises: instruction issues module, for issuing the instruction generating card public private key pair to card, adopts initial PKI to sign to this instruction.
In technique scheme, card-issuing equipment also comprises: instruction issues module, also for issuing the instruction generating application public private key pair to card, adopts initial PKI to sign to this instruction.
The hair fastener method of operation of various embodiments of the present invention, IC-card sheet and card-issuing equipment, adopt the embodiment of initial public private key pair+formal public private key pair, what card vendor in the end adopted before hair fastener step is all, and initial public private key pair that card vendor's (card-issuing equipment) self generates completes the protection of usage right of card, in the end hair fastener step is by formal card issuer's PKI write card, realizes the closedown to card vendor's authority; In above process, card vendor cannot obtain card issuer's private key, card issuer's private key is only kept in card issuer's system, card issuer's system adopts card issuer's private key to sign to the application key and data message that are handed down to card, card adopts disclosed card issuer's PKI to carry out signature verification, confirm that this application key and data message issue for card issuer's system, ensure that application key and data message are write the fail safe of card process by card issuer's system, avoid the risk that card issuer's key, various application key and data message etc. are revealed.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the structural representation according to card issuing mode of the prior art;
Fig. 2 is the schematic flow sheet according to card issuing mode of the prior art;
Fig. 3 is the structural representation according to embodiment of the present invention hair fastener method of operation.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
In the prior art, card vendor is accepting the trust of card issuer, writes in the process of various key to card, adopts the protected mode of original application master control key, the original application master control key in card is updated to formal application master control key; Then adopt the protected mode of formal application master control key, write other application key.But above-mentioned original application master control key and formal application master control key are all symmetric keys, namely based on the key of symmetric cryptosystem, as: the key adopted in DES/3DES algorithm is symmetric key, therefore in the process of encryption and decryption, use identical key, confidentiality is lower.
And the process of above-mentioned write application key, entrusts card vendor to carry out by card issuer, therefore card vendor has above-mentioned original application master control key, important sensitive data such as formal application master control key and other application key etc., and its security risks is very large.
Compared with prior art, hair fastener method of operation of the present invention, IC-card sheet and card-issuing equipment, adopt the embodiment of initial public private key pair+formal public private key pair, i.e. unsymmetrical key, that is based on the key of asymmetric encryption techniques, as: RSA key is the mode of unsymmetrical key, what card vendor in the end adopted before hair fastener step is all, and initial public private key pair that card vendor's (card-issuing equipment) self generates completes the protection of usage right of card, in the end hair fastener step is by formal card issuer's PKI write card, realizes the closedown to card vendor's authority; In above process, card vendor cannot obtain card issuer's private key, card issuer's private key is only kept in card issuer's system, card issuer's system adopts card issuer's private key to sign to the application key and data message that are handed down to card, card adopts disclosed card issuer's PKI to carry out signature verification, confirm that this application key and data message issue for card issuer's system, ensure that application key and data message are write the fail safe of card process by card issuer's system, avoid the risk that card issuer's key, various application key and data message etc. are revealed.
It should be noted that, signature of the present invention based on public key cryptography, employing be rivest, shamir, adelman.Its major way is, the transmit leg of message generates a hashed value (or message digest) from message text, and transmit leg private key is encrypted the digital signature forming transmit leg to this hashed value; Then, this digital signature will send to the recipient of message together with message as the annex of message; First the recipient of message calculates corresponding hashed value (or message digest) from the original message received, and is then decrypted (i.e. signature verification) by the digital signature of PKI to COM Continuation of Message of transmit leg again; If two hashed values are identical, so recipient just can confirm that this digital signature is transmit leg, prevents message to be tampered in process of transmitting.
embodiment of the method
According to the embodiment of the present invention, provide a kind of hair fastener method of operation, Fig. 3 is the structural representation according to embodiment of the present invention hair fastener method of operation.This method embodiment one comprises:
Before card issues, generate initial public private key pair by card-issuing equipment, initial PKI is preset in card, and initial private key is kept in card-issuing equipment.
Step S102: card-issuing equipment sends the instruction generating card public private key pair to card, and adopts initial private key signature;
Step S104: card adopts instruction signed in initial public key verifications step S102;
Step S106: after signature verification is passed through, card generates card public private key pair, and adopts card private key to sign to card PKI, then card PKI is returned card-issuing equipment;
Step S108: newly-generated card PKI (containing signing messages) is retained by card-issuing equipment;
Step S110: card-issuing equipment sends the instruction generating application public private key pair to card, and adopts initial private key signature;
Step S112: card adopts instruction signed in initial public key verifications step S110;
Step S114: for the card application adopting asymmetric encryption techniques, after signature verification is passed through, card can be triggered and generate application public private key pair, namely the card private key adopting step S106 to generate is signed to newly-generated application PKI, return card-issuing equipment, card-issuing equipment utilizes the card PKI retained in step S108 to carry out signature verification, and be applied PKI;
In this step S114, the generation of application public private key pair is not necessary, only adopting asymmetric encryption techniques to carry out just generating in the card application of service interaction, then need not generate for adopting the application of the card of symmetric cryptosystem;
Step S116: card issuer's system generates the public and private key of card issuer, card issuer's private key is retained (outwardly not open, hold in close confidence), card issuer's PKI is handed down to card-issuing equipment, the instruction and card issuer's PKI of replacing PKI are together handed down to card by card-issuing equipment, and adopt initial key to sign;
Step S118: card adopts signed instruction and card issuer's PKI in initial public key verifications step S116, after signature verification is passed through, adopts card issuer's PKI to replace initial PKI, completes the operation of replacing PKI;
Step S120: card issuer's system writes other symmetry application key to card, adopts card issuer's private key signature;
Step S122: card receives the symmetry application key in step S120, adopts card issuer's PKI to carry out signature verification, obtains the application key that card issuer's system issues;
Step S124: card issuer's system writes data message to card, the content of concrete data message, then determine, employing card issuer private key signature according to the requirement of card application;
Step S126: card receives the data message in step S124, adopts card issuer's PKI to carry out signature verification, obtains the data message that card issuer's system issues.
It should be noted that, after step S120-S122 completes and replaces public key operation, card issuer's system is to the symmetrical step applying key of card write, with step S124-S126 complete replace public key operation after card issuer's system to write compared with the step of data message to card, two steps there is no restriction successively, both can first perform step S120-S122, perform step S124-S126 again, also can first perform step S124-S126, perform step S120-S122 again, or only perform in two steps.
In addition, above-mentioned steps S120-S122, step S124-S126 also can be issued to after in user's hand at card, are performed in unsecured network by mobile terminal or business hall card dispensing terminal.
The hair fastener method of operation of the present embodiment, before completing replacement public key operation, can realize card and generate asymmetrical application public private key pair, be deposited in card, application PKI is returned to card-issuing equipment by application private key.
The hair fastener method of operation of the present embodiment, after completing replacement public key operation, can realize symmetry application key write card or data message write card, in ablation process, adopt card issuer's private key signature by card issuer's system, card carries out signature verification by card issuer's PKI, ensure that in above-mentioned ablation process, symmetrical application key and data message can not be tampered, and ensure that the fail safe of data information transfer.
In said method embodiment one, S120-S122 needs to carry out after completing the operation of replacing PKI to the step of card write symmetrical application key and S124-S126 to the step of card write data message, be because now card issuer's system adopts is only the high card issuer's private key signature of owned fail safe, the fail safe writing key and data can be ensured; Step S110-S114 then can carry out to the step of card write unsymmetrical key before completing the operation of replacing PKI.
According to the embodiment of the present invention, provide another kind of hair fastener method of operation.The present embodiment comprises:
Before card issues, generate initial public private key pair by card-issuing equipment, initial PKI is preset in card, and initial private key is kept in card-issuing equipment.
Step S202: card-issuing equipment sends the instruction generating card public private key pair to card, and adopts initial private key signature;
Step S204: card adopts instruction signed in initial public key verifications step S202;
Step S206: after signature verification is passed through, card generates card public private key pair, and adopts card private key to sign to card PKI, then card PKI is returned card-issuing equipment;
Step S208: newly-generated card PKI (containing signing messages) sends to card issuer's system to carry out verifying and preserving by card-issuing equipment;
In this step S208, card issuer's system verification and the object of preserving card PKI are in order to card and card issuer's system carry out data encryption in follow-up reciprocal process and certification, such as: as needed card issuer's system to card encrypted transmission information, this card PKI then can be adopted to be encrypted, and to only have card private key corresponding in card to decipher; In addition, if card issuer's system needs the identity verifying card, then need card to sign to data, card issuer's system adopts this card PKI to verify;
Step S210: card issuer's system generates the public and private key of card issuer, card issuer's private key is retained (outwardly not open, hold in close confidence), card issuer's PKI is handed down to card-issuing equipment, the instruction and card issuer's PKI of replacing PKI are together handed down to card by card-issuing equipment, and adopt initial key to sign;
Step S212: card adopts signed instruction and card issuer's PKI in initial public key verifications step S210, after signature verification is passed through, adopts card issuer's PKI to replace initial PKI, completes the operation of replacing PKI;
Step S214: card issuer's system writes other symmetry application key to card, adopts card issuer's private key signature;
Step S216: card receives the symmetry application key in step S214, adopts card issuer's PKI to carry out signature verification, obtains the application key that card issuer's system issues;
Step S218: card issuer's system writes data message to card, adopts card issuer's private key signature;
Step S220: card receives the data message in step S218, adopts card issuer's PKI to carry out signature verification, obtains the data message that card issuer's system issues.
Step S222: after completing the replacement of card issuer's PKI, to operations such as the write of card image and the generations of public private key pair, must have card issuer's system authorization, namely command adapted thereto must by card issuer's private key signature; Now, because card-issuing equipment does not possess card operating right, therefore as needed card-issuing equipment to complete writing operation, then this card-issuing equipment just must can complete associative operation to card issuer's system application dependent instruction; In actual applications, card dispensing terminal is placed in business hall, and namely the business scenario that connection background system carries out long-range hair fastener belongs to this situation;
In this case, generate instruction triggers card generation public private key pair by card issuer's system to be undertaken by unsecured network, because the instruction of distorting and forging all cannot by the checking of card.
It should be noted that, after step S214-S216 completes and replaces public key operation, card issuer's system is to the symmetrical step applying key of card write, with step S218-S220 complete replace public key operation after card issuer's system to write compared with the step of data message to card, two steps there is no restriction successively, both can first perform step S214-S216, perform step S218-S220 again, also can first perform step S218-S220, perform step S214-S216 again, or only perform in two steps.
In addition, above-mentioned steps S214-S216, step S218-S220 also can be issued to after in user's hand at card, are performed in unsecured network by mobile terminal or business hall card dispensing terminal.
The hair fastener method of operation of the present embodiment, after completing replacement public key operation, can realize symmetry application key write card or data message write card, in ablation process, adopt card issuer's private key signature by card issuer's system, card carries out signature verification by card issuer's PKI, ensure that in above-mentioned ablation process, symmetrical application key and data message can not be tampered, and ensure that the fail safe of data information transfer.
device embodiment
According to the embodiment of the present invention, provide a kind of IC-card sheet, comprising:
Receiving preset module, for receiving and the preset initial PKI issued, and receiving by card issuer's PKI of initial private key signature;
Signature verification module, for adopting initial PKI to carry out signature verification, obtains card issuer's PKI;
Replace authentication module, replace initial PKI for adopting card issuer's PKI and carry out signature verification.
Wherein:
Described signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
Wherein:
Described signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
The IC-card sheet of the present embodiment also comprises:
Key production module, for generating card public private key pair according to the instruction issued, by the indwelling of card private key, and returns to card-issuing equipment retention by the card PKI through card private key signature.
Wherein:
Described key production module, also for generating application public private key pair according to the instruction issued, adopting described card private key to application public key signature, and the application PKI after signature is returned to card-issuing equipment.
Wherein:
Described signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
Wherein:
Described signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts card issuer's PKI to carry out signature verification.
The IC-card sheet of the present embodiment, before completing replacement public key operation, can realize card and generate asymmetrical application public private key pair, be deposited in card, application PKI is returned to card-issuing equipment by application private key.
The IC-card sheet of the present embodiment, after completing replacement public key operation, can realize symmetry application key write card or data message write card, in ablation process, adopt card issuer's private key signature by card issuer's system, card carries out signature verification by card issuer's PKI, ensure that in above-mentioned ablation process, symmetrical application key and data message can not be tampered, and ensure that the fail safe of data information transfer.
According to the embodiment of the present invention, provide a kind of card-issuing equipment, comprising:
Initial key module, for generating initial public private key pair, preserves initial private key, initial PKI is handed down to card;
Reception issues module, for receiving card issuer's PKI that card issuer's system issues, issues the replacement instruction being replaced initial PKI by card issuer's PKI to card;
Signature issues module, for adopting initial private key to sign to card issuer's PKI and replacement instruction, and is handed down to card.
The card-issuing equipment of the present embodiment, also comprises:
Instruction issues module, for issuing the instruction generating card public private key pair to card, adopts initial PKI to sign to this instruction.
Wherein:
Described instruction issues module, also for issuing the instruction generating application public private key pair to card, adopts initial PKI to sign to this instruction.
The card-issuing equipment of the present embodiment, after completing replacement public key operation, can realize symmetry application key write card or data message write card, in ablation process, adopt card issuer's private key signature by card issuer's system, card carries out signature verification by card issuer's PKI, ensure that in above-mentioned ablation process, symmetrical application key and data message can not be tampered, and ensure that the fail safe of data information transfer.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1. a hair fastener method of operation, is characterized in that, comprising:
Card receives and the preset initial PKI issued, and receives by card issuer's PKI of initial private key signature;
Described card adopts described initial PKI to carry out signature verification, obtains described card issuer's PKI;
Described card adopts the described initial PKI of described card issuer's PKI replacement to carry out signature verification;
Wherein, replace before initial PKI carries out the step of signature verification at employing card issuer PKI and also comprise:
Described card generates card public private key pair according to the instruction issued, and by the indwelling of card private key, and the card PKI through described card private key signature is returned to card-issuing equipment retention;
Wherein, sign as transmit leg private key is encrypted the digital signature formed to the hashed value generated from message text, this digital signature sends to the recipient of message as the annex of message together with message.
2. method according to claim 1, is characterized in that, replaces after initial PKI carries out the step of signature verification also comprise at employing card issuer PKI:
Described card receives card issuer's system and issues and by the symmetry application key of card issuer's private key signature, adopt described card issuer's PKI to carry out signature verification.
3. method according to claim 1, is characterized in that, replaces after initial PKI carries out the step of signature verification also comprise at employing card issuer PKI:
Described card receives card issuer's system and issues and by the data message of card issuer's private key signature, adopt described card issuer's PKI to carry out signature verification.
4. method according to claim 1, is characterized in that, after card PKI being returned to the step that card-issuing equipment retains, adopts card issuer PKI to replace initial PKI to carry out taking a step forward of the step of signature verification and comprise:
Described card generates application public private key pair according to the instruction issued, and adopts described card private key to application public key signature, and the application PKI after signature is returned to card-issuing equipment.
5. method according to claim 4, is characterized in that, replaces after initial PKI carries out the step of signature verification also comprise at employing card issuer PKI:
Described card receives card issuer's system and issues and by the symmetry application key of card issuer's private key signature, adopt described card issuer's PKI to carry out signature verification.
6. method according to claim 4, is characterized in that, replaces after initial PKI carries out the step of signature verification also comprise at employing card issuer PKI:
Described card receives card issuer's system and issues and by the data message of card issuer's private key signature, adopt described card issuer's PKI to carry out signature verification.
7. method according to claim 1, is characterized in that, also comprises before generating the step of card public private key pair at card:
Described card receives described card-issuing equipment and issues and the instruction of generation card public private key pair by described initial private key signature, adopts described initial PKI to carry out signature verification.
8. a hair fastener method of operation, is characterized in that, comprising:
Card-issuing equipment generates initial public private key pair, preserves initial private key, and initial PKI is handed down to card;
Described card-issuing equipment receives card issuer's PKI that card issuer's system issues, and issues the replacement instruction being replaced described initial PKI by described card issuer's PKI to described card;
Described card-issuing equipment adopts described initial private key to sign to described card issuer's PKI and described replacement instruction, and is handed down to described card.
9. method according to claim 8, is characterized in that, also comprises:
Described card-issuing equipment issues the instruction generating card public private key pair to described card, adopt described initial PKI to sign to this instruction.
10. method according to claim 9, is characterized in that, also comprises:
Described card-issuing equipment issues the instruction generating application public private key pair to described card, adopt described initial PKI to sign to this instruction.
11. 1 kinds of IC-card sheets, is characterized in that, comprising:
Receiving preset module, for receiving and the preset initial PKI issued, and receiving by card issuer's PKI of initial private key signature;
Signature verification module, for adopting described initial PKI to carry out signature verification, obtains described card issuer's PKI;
Replace authentication module, replace described initial PKI for adopting described card issuer's PKI and carry out signature verification;
Key production module, for generating card public private key pair according to the instruction issued, by the indwelling of card private key, and returns to card-issuing equipment retention by the card PKI through described card private key signature;
Wherein, sign as transmit leg private key is encrypted the digital signature formed to the hashed value generated from message text, this digital signature sends to the recipient of message as the annex of message together with message.
12. IC-card sheets according to claim 11, is characterized in that, also comprise:
Described signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts described card issuer's PKI to carry out signature verification.
13. IC-card sheets according to claim 11, is characterized in that, also comprise:
Described signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts described card issuer's PKI to carry out signature verification.
14. IC-card sheets according to claim 11, is characterized in that, also comprise:
Described key production module, also for generating application public private key pair according to the instruction issued, adopting described card private key to application public key signature, and the application PKI after signature is returned to card-issuing equipment.
15. IC-card sheets according to claim 14, is characterized in that, also comprise:
Described signature verification module, also issues for receiving card issuer's system and by the symmetry application key of card issuer's private key signature, adopts described card issuer's PKI to carry out signature verification.
16. IC-card sheets according to claim 14, is characterized in that, also comprise:
Described signature verification module, also issues for receiving card issuer's system and by the data message of card issuer's private key signature, adopts described card issuer's PKI to carry out signature verification.
17. 1 kinds of card-issuing equipments, is characterized in that, comprising:
Initial key module, for generating initial public private key pair, preserves initial private key, initial PKI is handed down to card;
Reception issues module, for receiving card issuer's PKI that card issuer's system issues, issues the replacement instruction being replaced described initial PKI by described card issuer's PKI to described card;
Signature issues module, for adopting described initial private key to sign to described card issuer's PKI and described replacement instruction, and is handed down to described card.
18. card-issuing equipments according to claim 17, is characterized in that, also comprise:
Instruction issues module, for issuing the instruction generating card public private key pair to described card, adopts described initial PKI to sign to this instruction.
19. card-issuing equipments according to claim 18, is characterized in that, also comprise:
Described instruction issues module, also for issuing the instruction generating application public private key pair to described card, adopts described initial PKI to sign to this instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110380665.6A CN103138925B (en) | 2011-11-25 | 2011-11-25 | Hair fastener method of operation, IC-card sheet and card-issuing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110380665.6A CN103138925B (en) | 2011-11-25 | 2011-11-25 | Hair fastener method of operation, IC-card sheet and card-issuing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103138925A CN103138925A (en) | 2013-06-05 |
| CN103138925B true CN103138925B (en) | 2016-03-02 |
Family
ID=48498283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110380665.6A Active CN103138925B (en) | 2011-11-25 | 2011-11-25 | Hair fastener method of operation, IC-card sheet and card-issuing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103138925B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991276A (en) * | 2015-01-27 | 2016-10-05 | 北京数码视讯科技股份有限公司 | Key transmission system, method and apparatus for integrated circuit card |
| CN105160242B (en) * | 2015-08-07 | 2018-01-05 | 北京亿速码数据处理有限责任公司 | Certificate loading method, certificate update method and the card reader of a kind of card reader |
| CN108243402B (en) * | 2015-12-09 | 2021-06-01 | Oppo广东移动通信有限公司 | Method and device for reading and writing smart card |
| CN105491067B (en) * | 2016-01-08 | 2017-10-24 | 腾讯科技(深圳)有限公司 | Service security verification method and device based on key |
| CN110138565A (en) * | 2019-04-22 | 2019-08-16 | 如般量子科技有限公司 | Anti- quantum calculation wired home quantum communications method and system based on unsymmetrical key pond pair |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729244A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| CN101923754A (en) * | 2009-06-17 | 2010-12-22 | 中国工商银行股份有限公司 | System and method for realizing rapid payment based on bank intelligent card |
| CN102064944A (en) * | 2010-11-30 | 2011-05-18 | 北京飞天诚信科技有限公司 | Safety card issuing method as well as card issuing equipment and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4470071B2 (en) * | 2008-03-03 | 2010-06-02 | フェリカネットワークス株式会社 | Card issuing system, card issuing server, card issuing method and program |
-
2011
- 2011-11-25 CN CN201110380665.6A patent/CN103138925B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729244A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| CN101923754A (en) * | 2009-06-17 | 2010-12-22 | 中国工商银行股份有限公司 | System and method for realizing rapid payment based on bank intelligent card |
| CN102064944A (en) * | 2010-11-30 | 2011-05-18 | 北京飞天诚信科技有限公司 | Safety card issuing method as well as card issuing equipment and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103138925A (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9647845B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| US20200372503A1 (en) | Transaction messaging | |
| US9860751B2 (en) | Secure short message service (SMS) communications | |
| US9705672B2 (en) | Key management method and system | |
| US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN103067401B (en) | Method and system for key protection | |
| US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN101847199B (en) | Security authentication method for radio frequency recognition system | |
| EP1282261B1 (en) | Method and system for the secure transfer of cryptographic keys via a network | |
| CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN105684346A (en) | Method for securing over-the-air communication between a mobile application and a gateway | |
| CN105160242A (en) | Certificate loading method and certificate updating method of card reader and card reader | |
| CN103259651A (en) | Encryption and decryption method and system of terminal data | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| US20140289129A1 (en) | Method for secure contactless communication of a smart card and a point of sale terminal | |
| CN103138925B (en) | Hair fastener method of operation, IC-card sheet and card-issuing equipment | |
| CN103914913A (en) | Intelligent card application scene recognition method and system | |
| CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
| CN102088349A (en) | Personalized method and system of intelligent card | |
| CN109800588A (en) | Bar code dynamic encrypting method and device, bar code dynamic decryption method and device | |
| CN110046906A (en) | A kind of the two-way authentication method of commerce and system of MPOS machine and server | |
| CN105407467A (en) | Short message encryption methods, devices and system | |
| CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
| CN101859453A (en) | Smart card loss reporting method based on short message service and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |