CN103152174B

CN103152174B - It is applied to the data processing method in parking lot, device and managing system of car parking

Info

Publication number: CN103152174B
Application number: CN201310031914.XA
Authority: CN
Inventors: 唐健; 李昕; 乐江波; 梁卫
Original assignee: Shenzhen Jieshun Science and Technology Industry Co Ltd
Current assignee: Shenzhen Jieshun Science and Technology Industry Co Ltd
Priority date: 2013-01-28
Filing date: 2013-01-28
Publication date: 2016-06-08
Anticipated expiration: 2033-01-28
Also published as: CN103152174A

Abstract

The embodiment of the invention discloses a kind of data processing method, device and the managing system of car parking that are applied to parking lot. The terminal of the embodiment of the present invention adopts the data processing request carrying the first randomized number and application sequence number receiving CPU card and sending, then this first randomized number and application sequence number are sent to SAM card, by SAM card, the first randomized number is encrypted, obtain the first enciphered data, the external authentication order carrying this first enciphered data be sent to CPU card by terminal, carrying out certification by CPU card, if the instruction certification of certification result is passed through, then terminal carries out data processing according to described data processing request. Data are processed by the mode of CPU card and SAM card interactive authentication and ciphertext transmission that have employed due to the program, it is possible to strengthen the protection to user data, substantially increase the security of managing system of car parking.

Description

It is applied to the data processing method in parking lot, device and managing system of car parking

Technical field

The present invention relates to electronic technology field, it is specifically related to a kind of data processing method, device and the managing system of car parking that are applied to parking lot.

Background technology

In the managing system of car parking of current China, mostly adopt contactless integrated circuit (IC, integratedcircuit) to block, and it is all adopt non-contact logic encryption card. Wherein, non-contact IC card is primarily of IC chip and induction antenna composition, and it is completely sealed in standard polyvinyl chloride (PVC, a polyvinylchloride) card, without exposed parts; The read-write process of non-contact IC card, is completed by radiowave by between non-contact IC card and read write line usually.

To, in the research and practice process of prior art, the present inventor finds, the security of existing managing system of car parking is not high.

Summary of the invention

The embodiment of the present invention provides a kind of data processing method, device and the managing system of car parking that are applied to parking lot, it is possible to improve the security of managing system of car parking.

The data processing method being applied to parking lot, comprising:

Receiving the data processing request that central processing unit (CPU, CentralProcessingUnit) card sends, described data processing request carries the first randomized number and user's identification paper (UID, UserIdentification) information;

Described first randomized number and application sequence number are sent to secure access module (SAM, SecureAccessModule) card;

Receiving the first enciphered data that SAM card returns, described first randomized number is encrypted gained by SAM card according to described application sequence number by described first enciphered data;

Sending external authentication order to CPU card, described first enciphered data carries the first enciphered data;

Receiving the response message carrying external authentication result that CPU card returns, the first enciphered data is decrypted and certification gained by described external authentication result by CPU card;

Determine described external authentication result instruction certification by time, carry out data processing according to described data processing request.

Optionally, wherein, described first randomized number is encrypted gained by SAM card according to described application sequence number by described first enciphered data, is specifically as follows:

Described main key is disperseed by SAM Cali by described application sequence number, obtains process key; Utilize described process key, adopt state's close encryption algorithm described first randomized number to be encrypted, obtain the first enciphered data.

Optionally, wherein, the first enciphered data is decrypted and certification gained by described external authentication result by CPU card, is specifically as follows:

CPU card utilizes the close deciphering algorithm of state the first enciphered data to be decrypted, and obtains the first data decryption; When determining that described first data decryption equals described first randomized number, generate the external authentication result that instruction external authentication is passed through.

Optionally, wherein, described carry out data processing according to described data processing request, it be specifically as follows:

According to described data processing request, user data, and by described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

Optionally, wherein, described according to described data processing request, user data, and by after described storage of subscriber data is on described server, it is also possible to comprising:

Calculate consumption charge according to user profile, entry time and time for competiton, from described CPU card, deduct described consumption charge.

Optionally, when in described CPU card, expense is not enough, it is also possible to alarm.

Optionally, before receiving the data processing request that CPU card sends, the method can also comprise:

Application sequence number is obtained to CPU card, and obtain the 2nd randomized number to SAM card, described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtain the 2nd enciphered data, receive the 2nd enciphered data that CPU card returns; Sending internal authentication order and be sent to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order; Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card; Determine described external authentication result instruction external authentication pass through, and determine described internal authentication result instruction internal authentication by time, carry out data processing according to described data processing request.

Optionally, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card, specifically can comprise:

Internal authentication key is disperseed by SAM card according to described application sequence number, obtains interim key; Utilize described interim key, adopt state's close deciphering algorithm described 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that described 2nd data decryption equals the 2nd randomized number, generate the internal authentication result that instruction internal authentication passes through.

Accordingly, the embodiment of the present invention also provides a kind of data processing equipment being applied to parking lot, comprises the first reception unit, the first transmission unit, the 2nd reception unit, the 2nd transmission unit, the 3rd reception unit and processing unit;

First reception unit, for receiving the data processing request that CPU card sends, described data processing request carries the first randomized number and application sequence number;

First transmission unit, for being sent to SAM card by described first randomized number and application sequence number;

2nd reception unit, for receiving the first enciphered data that SAM card returns, described first randomized number is encrypted gained by SAM card according to described application sequence number by described first enciphered data;

2nd transmission unit, for sending external authentication order to CPU card, described first enciphered data is carried in described external authentication order;

3rd reception unit, for receiving the response message carrying external authentication result that CPU card returns, the first enciphered data is decrypted and certification gained by described external authentication result by CPU card;

Processing unit, for determine described external authentication result instruction external authentication by time, carry out data processing according to described data processing request.

Optionally, wherein, described processing unit, specifically may be used for according to described data processing request, user data, and by described storage of subscriber data on the server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

Optionally, described processing unit, it is also possible to for calculating consumption charge according to user profile, entry time and time for competiton, deduct described consumption charge from described CPU card.

Optionally, described processing unit, it is also possible to time not enough for expense in described CPU card, alarm.

Optionally, this data processing equipment can also comprise internal authentication unit;

Internal authentication unit, it is possible to for obtaining application sequence number to CPU card, and obtain the 2nd randomized number to SAM card; Described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtains the 2nd enciphered data; Receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order; Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card; Carry out data processing according to described data processing request to be specially: determine this external authentication result instruction external authentication pass through, and determine this internal authentication result instruction internal authentication by time, carry out data processing according to this data processing request.

Accordingly, the embodiment of the present invention also provides a kind of managing system of car parking, comprises terminal, CPU card and SAM card;

Described terminal, for receiving the data processing request that CPU card sends, described data processing request carries the first randomized number and application sequence number, described first randomized number and application sequence number are sent to SAM card, receive the first enciphered data that SAM card returns, send external authentication order to CPU card, described first enciphered data is carried in described external authentication order, receive the response message carrying external authentication result that CPU card returns, determine described external authentication result instruction external authentication by time, carry out data processing according to described data processing request;

Described CPU card, for sending data processing request to described terminal, described data processing request carries the first randomized number and application sequence number; Receive the external authentication order carrying the first enciphered data that described terminal sends, the first enciphered data is decrypted and certification, obtains external authentication result, external authentication result is sent to described terminal;

Described SAM card, for receiving the first randomized number and the application sequence number that described terminal sends, is encrypted described first randomized number according to described application sequence number, obtains the first enciphered data, the first enciphered data is sent to described terminal.

Optionally, described SAM card, specifically may be used for utilizing described application sequence number to be disperseed by described main key, obtains process key, utilize described process key, adopts state's close encryption algorithm described first randomized number to be encrypted, obtains the first enciphered data.

Described CPU card, specifically may be used for utilizing the close deciphering algorithm of state the first enciphered data to be decrypted, obtains the first data decryption, it is determined that when described first data decryption equals described first randomized number, generates the external authentication result that instruction certification is passed through.

Optionally, this managing system of car parking can also comprise server;

Described server, for carrying out store and management to user data;

Then described terminal, specifically may be used for being processed by the user data on server according to described data processing request.

Optionally, described terminal, specifically may be used for according to described data processing request, user data, and by described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

Optionally, described terminal, it is also possible to for calculating consumption charge according to user profile, entry time and time for competiton, deduct described consumption charge from described CPU card.

Optionally, described terminal, it is also possible to time not enough for expense in described CPU card, alarm.

Optionally, described terminal, it is also possible to for obtaining application sequence number to CPU card, and obtain the 2nd randomized number to SAM card; Described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtains the 2nd enciphered data; Receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order; Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card; Determine described external authentication result instruction external authentication pass through, and determine described internal authentication result instruction internal authentication by time, carry out data processing according to described data processing request.

Optionally, described SAM card, it is also possible to for being disperseed by internal authentication key according to described application sequence number, obtain interim key; Utilize described interim key, adopt state's close deciphering algorithm described 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that described 2nd data decryption equals the 2nd randomized number, generate the internal authentication result that instruction internal authentication passes through.

The terminal of the embodiment of the present invention adopts the data processing request carrying the first randomized number and application sequence number receiving CPU card and sending, then this first randomized number and application sequence number are sent to SAM card, by SAM card, the first randomized number is encrypted, obtain the first enciphered data, by terminal, this first enciphered data is sent to CPU card, carrying out certification by CPU card, if the instruction external authentication of external authentication result is passed through, then terminal carries out data processing according to described data processing request. Data processing is processed by the mode of CPU card and SAM card interactive authentication and ciphertext transmission that have employed due to the program; so the protection to user data (such as user profile and transaction data) can be strengthened, substantially increase the security of managing system of car parking.

Accompanying drawing explanation

In order to the technical scheme being illustrated more clearly in the embodiment of the present invention, below the accompanying drawing used required in embodiment being described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.

Fig. 1 is the schema of the data processing method being applied to parking lot that the embodiment of the present invention provides;

Fig. 2 a is the principle schematic of the managing system of car parking that the embodiment of the present invention provides;

Fig. 2 b is the schema of the data processing method being applied to parking lot that the embodiment of the present invention provides;

Fig. 2 c is the scene schematic diagram in the parking lot that the embodiment of the present invention provides;

Fig. 3 is the structural representation of the data processing equipment being applied to parking lot that the embodiment of the present invention provides;

Fig. 4 is the structural representation of the managing system of car parking that the embodiment of the present invention provides;

Fig. 5 is another structural representation of the managing system of car parking that the embodiment of the present invention provides.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only the present invention's part embodiment, instead of whole embodiments. Based on the embodiment in the present invention, those skilled in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.

The embodiment of the present invention provides a kind of data processing method, device and the managing system of car parking that are applied to parking lot. Hereinafter it is described in detail respectively.

Embodiment one,

The embodiment of the present invention is described from the angle of terminal, and this terminal is specifically as follows consumption terminal or terminal deposited by circle.

A kind of data processing method being applied to parking lot, comprise: receive the data processing request carrying the first randomized number and application sequence number that CPU card sends, this first randomized number and application sequence number are sent to SAM card, receive the first enciphered data that SAM card returns, wherein, this first randomized number is encrypted gained by SAM card according to described application sequence number by this first enciphered data; Sending external authentication order to CPU card, the first enciphered data is carried in described external authentication order; Receive the response message carrying external authentication result that CPU card returns, wherein, first enciphered data is decrypted and certification gained by external authentication result by CPU card, it is determined that when the instruction external authentication of external authentication result is passed through, carry out data processing according to data processing request.

Wherein, CPU card refers to a kind of intellective IC card having CPU.

As shown in Figure 1, idiographic flow can be as follows:

101, receiving the data processing request that CPU card sends, wherein, data processing request carries the first randomized number and application sequence number;

102, the first randomized number in data processing request and application sequence number are sent to SAM card.

Wherein, SAM card can be arranged on facility, namely in terminal, such as specifically can be arranged on consumption terminal or circle is deposited in terminal, and wherein, circle is deposited terminal and is specifically as follows circle and deposits machine. Such as, SAM card can comprise main frame SAM card (HSAM, HostSecureAccessModule), deposit SAM card (ISAM, IncreaseSecureAccessModule) and/or consumption SAM card (PSAM, PurchaseSecureAccessModule); HSAM can be arranged on circle and deposit in terminal, for depositing, for CPU card carries out circle, operations such as supplementing with money; ISAM can be arranged on circle and deposit in terminal, it is also possible to for depositing, for CPU card carries out circle, operations such as supplementing with money; PSAM card then can be arranged in consumption terminal, for CPU card carries out the operations such as consumption charge deduction.

Wherein, circle is deposited finger and is deposited in the CPU card of user by money so that the remaining sum in CPU card increases;Consumption, refers to utilize the money in CPU card to buy service or commodity so that remaining sum reduces.

103, the first enciphered data that SAM card returns is received;

Wherein, this first enciphered data is stuck in by SAM, according to application sequence number, this first randomized number is encrypted gained, such as, and specifically can be as follows:

Main key is disperseed by SAM Cali by this application sequence number, obtains process key, utilizes this process key, adopts the close encryption algorithm of state this first randomized number to be encrypted, obtains the first enciphered data.

Wherein, the injection of main key can adopt ciphertext and message authentication code (MAC, MessageAuthenticationCode) circuit encrypts the mode combined, wherein, MAC can by adopting the close SM1(SM1cryptographicalgorithm of state) it is that the encryption of blocks of data of 128 obtains to grouping length.

Wherein, the close SM1 algorithm of state is by a kind of commercial password symmetrical algorithm of grouping standard of password management board of country establishment. This algorithm is the SM1 block cipher of password administrative authority of country examination & approval, grouping length and key length are all 128 bits, algorithm security encryption strength and relevant software and hardware realize performance and Advanced Encryption Standard (AES, AdvancedEncryptionStandard) suitable, this algorithm is underground, is only present in chip with the form of IP kernel. Owing to state's close SM1 algorithm is underground, so relative to existing adopted public algorithm DES/3DES(DataEncryptionStandard, being the data encryption standards of data encryption algorithm) algorithm etc., safer.

104, send external authentication order to CPU card, wherein, external authentication order is carried the first enciphered data received.

105, the response message carrying external authentication result that CPU card returns is received.

Wherein, first enciphered data is decrypted and certification gained by this external authentication result by CPU card, such as, if in step 103, SAM card adopts the close encryption algorithm of state the first randomized number to be encrypted, and obtains the first enciphered data, then now, CPU card specifically can utilize the close deciphering algorithm of state the first enciphered data to be decrypted, and obtains the first data decryption. That is, this external authentication result specifically can obtain in the following manner:

CPU card utilizes the close deciphering algorithm of state the first enciphered data to be decrypted, obtain the first data decryption, determine whether this first data decryption equals this first randomized number, if this first data decryption equals this first randomized number, then generate the certification result that instruction external authentication is passed through; If this first data decryption is not equal to this first randomized number, then flow process terminates, or, optionally, if this first data decryption is not equal to this first randomized number, it is also possible to generate the certification result of instruction external authentication failure.

106, determine external authentication result instruction external authentication by time, carry out data processing according to the data processing request received.

Such as, it is possible to according to this data processing request, the user data on server is processed, specifically can be as follows:

According to this data processing request, user data, and by this storage of subscriber data on the server, wherein, this user data can comprise the data such as user profile, entry time, time for competiton, parking lot information and/or equipment information.

In addition, in user data, and by this storage of subscriber data on the server after, the method can also comprise:

Calculate consumption charge according to user profile, entry time and time for competiton, from CPU card, deduct this consumption charge.

Optionally, when in CPU card, expense is not enough, terminal can also send warning, user to be pointed out.

, optionally, in addition CPU card can also be carried out circle and deposits and supplement with money by terminal (such as circle deposit terminal).

, optionally, in addition in order to strengthen the security of certification, it is also possible to the legitimacy of CPU5361 is carried out certification; For convenience, in embodiments of the present invention, the process of CPU card certification SAM card (SAM card can be installed in the terminal) is called external authentication, the process of SAM card certification CPU card is called internal authentication, namely, before carrying out data processing according to the data processing request received, the method can also comprise:

Application sequence number is obtained to CPU card, and obtain the 2nd randomized number to SAM card, the 2nd randomized number is sent to CPU card, so that CPU card adopts internal authentication double secret key the 2nd randomized number to carry out the close encryption of state, obtain the 2nd enciphered data, receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, the 2nd enciphered data and application sequence number is carried in this internal authentication order; Receive the response message carrying internal authentication result that SAM card returns.

Then now, carry out data processing (i.e. step 106) according to this data processing request to be specifically as follows: determine that the instruction external authentication of this external authentication result is passed through, and determine this internal authentication result instruction internal authentication by time, carry out data processing according to this data processing request.

Wherein, the 2nd enciphered data is decrypted and certification gained by this internal authentication result by SAM card, such as, and specifically can be as follows:

Internal authentication key is disperseed by SAM card according to this application sequence number, obtains interim key; Utilize this interim key, adopt the close deciphering algorithm of state the 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that the 2nd data decryption equals the 2nd randomized number, generate the internal authentication result (namely indicating the internal authentication result that internal authentication passes through) that instruction internal authentication passes through.

Optionally, if the 2nd data decryption is not equal to the 2nd randomized number, then flow process terminates, or, optionally, if the 2nd data decryption is not equal to the 2nd randomized number, it is also possible to generate the internal authentication result (namely indicating the internal authentication result of internal authentication failure) of instruction internal authentication failure.

It should be noted that, the execution of external authentication and internal authentication can in no particular order, in addition, also it should be noted that, it is also possible to only performs internal authentication, and does not perform external authentication, i.e. a kind of data processing method being applied to parking lot, comprising:

Application sequence number is obtained to CPU card, and obtain the 2nd randomized number to SAM card, the 2nd randomized number is sent to CPU card, so that CPU card adopts internal authentication double secret key the 2nd randomized number to carry out the close encryption of state, obtain the 2nd enciphered data, receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, the 2nd enciphered data and application sequence number is carried in this internal authentication order; Receive the response message carrying internal authentication result that SAM card returns, when determining that this internal authentication result instruction internal authentication passes through, carrying out data processing according to this data processing request, only perform the useful effect that internal authentication can also realize the embodiment of the present invention equally, this repeats no more.

As from the foregoing, the terminal of the present embodiment adopts the data processing request carrying the first randomized number and application sequence number receiving CPU card and sending, then this first randomized number and application sequence number are sent to SAM card, by SAM card, the first randomized number is encrypted, obtain the first enciphered data, the external authentication order carrying this first enciphered data be sent to CPU card by terminal, certification is carried out by CPU card, if the instruction external authentication of external authentication result is passed through, then terminal carries out data processing according to this data processing request.Data are processed by the mode of CPU card and SAM card interactive authentication and ciphertext transmission that have employed due to the program; so the protection to user data can be strengthened; particularly to the protection of user's fund stream safety, substantially increase the security of managing system of car parking.

Embodiment two,

According to the method described by embodiment one, below citing is described in further detail.

As shown in Figure 2 a, this figure is the principle schematic of managing system of car parking, and as shown in Figure 2, this managing system of car parking can comprise terminal, CPU card, SAM card and server, and wherein, the structure and function of each equipment specifically can be as follows:

(1) terminal;

Terminal can comprise the modules such as micro-control unit, SAM card driving circuit, CPU card driving circuit, operator-machine-interface, communication interface and radio frequency circuit interface;

Wherein, SAM card driving circuit support ISO7816 agreement, CPU card driving circuit support ISO14443 agreement, radio frequency circuit be used for driven antenna work. Terminal, as the mutual promoter of SAM card and CPU card and contact person, is transmitted and the interactive information for the treatment of S AM card and CPU card.

(2) CPU card;

This CPU card comprises the IP kernel (IntellectualPropertycore) supporting the close algorithm of state, comprises all user profile and transaction information, specifically can hold by user in this CPU card card.

(3) SAM card;

Including SM1 algorithm coprocessor, key calculation unit and safe module in SAM card, the operation of CPU card is carried out key management and control and certification by primary responsibility, it is ensured that user's card fund and information security.

Wherein, SAM card can be arranged on facility, namely in terminal, such as specifically can be arranged on consumption terminal or circle is deposited in terminal, and wherein, circle is deposited terminal and is specifically as follows circle and deposits machine. Such as, SAM card can comprise HSAM, ISAM and/or PSAM; HSAM can be arranged on circle and deposit in terminal, for depositing, for CPU card carries out circle, operations such as supplementing with money; ISAM can be arranged on circle and deposit in terminal, it is also possible to for depositing, for CPU card carries out circle, operations such as supplementing with money; PSAM card then can be arranged in consumption terminal, for CPU card carries out the operations such as consumption charge deduction.

(4) server

User profile and transaction data are carried out the work such as financial management and data backup by server.

It should be noted that, this managing system of car parking can also comprise other equipment, such as parking lot controller, controls for terminal, SAM card and/or server.

For this managing system of car parking, then such as Fig. 2 b, this data processing method being applied to parking lot specifically can be as follows:

201, terminal receives the data processing request that CPU card sends, and wherein, data processing request carries the first randomized number and application sequence number;

Such as, when vehicle enters parking lot, user's brush CPU card admission, now terminal will receive the data processing request about vehicle admission that CPU card sends; Again such as, when vehicle leaves parking lot, user's brush CPU card appears on the scene, and now terminal will receive the data processing request appeared on the scene about vehicle that CPU card sends; Again such as, when user needs to supplement with money, user deposits terminal (rising in value terminal also referred to as card) upper brush CPU card at circle, then now terminal can receive that CPU card sends about the data processing request supplemented with money for CPU card, can be specifically such as charging request, etc.

202, the first randomized number in data processing request and application sequence number are sent to SAM card by terminal.

Wherein, this SAM card can be installed in the terminal, it is also possible to is arranged in other equipment, is then communicated with terminal by wired or wireless mode.

203, SAM card receives the first randomized number and the application sequence number that terminal sends, and utilizes application sequence number to be disperseed by main key, obtains process key.

Wherein, main key preserved by SAM card. The injection of this main key can adopt ciphertext and MAC circuit to encrypt the mode combined, and wherein, MAC can by adopting state close SM1 to be obtained by the encryption of blocks of data that grouping length is 128.

204, this process key of SAM Cali, adopts the close encryption algorithm of state this first randomized number to be encrypted, obtains the first enciphered data, this first enciphered data is sent to terminal.

Wherein, the injection of main key can adopt ciphertext and MAC circuit to encrypt the mode combined, and wherein, MAC can by adopting state close SM1 to be obtained by the encryption of blocks of data that grouping length is 128.

Wherein, the close SM1 algorithm of state is by a kind of commercial password symmetrical algorithm of grouping standard of password management board of country establishment. This algorithm is the SM1 block cipher of password administrative authority of country examination & approval, grouping length and key length are all 128 bits, it is suitable with AES that algorithm security encryption strength and relevant software and hardware realize performance, and this algorithm is underground, is only present in chip with the form of IP kernel. Owing to state's close SM1 algorithm is underground, so relative to existing adopted public algorithm DES/3DES algorithm etc., safer.

205, terminal receives the first enciphered data that SAM card sends, and the external authentication order that send carries this first enciphered data is sent to CPU card.

206, CPU card receives the external authentication order carrying the first enciphered data that terminal sends, and utilizes the close deciphering algorithm of state the first enciphered data to be decrypted, obtains the first data decryption.

207, CPU card determines whether this first data decryption equals this first randomized number, if this first data decryption equals this first randomized number, then generate the external authentication result that instruction external authentication is passed through, and this external authentication result is carried and is sent to terminal in the response message; If this first data decryption is not equal to this first randomized number, then flow process terminates, or, optionally, if this first data decryption is not equal to this first randomized number, the external authentication result of instruction external authentication failure can also be generated, and external authentication result is carried and is sent to terminal in the response message.

208, terminal receives response message, it is determined that whether external authentication result indicates external authentication to pass through, if instruction external authentication is passed through, then can carry out subsequent operations, namely carry out data processing according to the data processing request received; If instruction external authentication failure, then flow process terminates, and now can generate prompting message to point out user.

Such as, whether the response message that terminal specifically can be determined to receive is " 9000 ", if then showing that external authentication is passed through, then now can carry out data processing according to the data processing request received, and if not, then certification failure, so flow process terminates.

Wherein, terminal carry out data processing according to the data processing request received specifically can be as follows:

In addition, it is also possible to calculate consumption charge according to user profile, entry time and time for competiton, deduct this consumption charge from CPU card, optionally, if expense is not enough in CPU card, terminal can also send warning, so that user is pointed out, etc.

Such as, specifically can see Fig. 2 c, this figure is the scene schematic diagram in parking lot, wherein, this managing system of car parking also comprises parking lot controller, for to each terminal imported and exported of parking lot, SAM card (comprises PSAM card and HSAM card etc.) and/or server controls, wherein, PSAM card is arranged in the consumption terminal of Fig. 2 c, this consumption terminal is used for recording user information, the vehicle time for competiton, parking lot information and equipment information, and according to calculation of price parking consumption charge, deduct the fee being blocked from CPU user by outlet terminal, if expense is not enough, alarm, HSAM card is arranged on circle and deposits in terminal, and this circle is deposited terminal and rised in value terminal also referred to as card, it is possible to the circle accepting user is deposited and supplemented with money, then the concrete operation under this application scene can be as follows:

When vehicle enters parking lot, the CPU card admission of car owner (i.e. user) brush, now, managing system of car parking by carrying out between CPU card and PSAM card ciphertext come alternately car owner is carried out authentication, start recording user information, vehicle entry time, parking lot information and equipment information simultaneously. Then, when vehicle leaves parking lot, car owner (i.e. user) brushes CPU and appears on the scene, now, car owner is carried out authentication by managing system of car parking, starts recording user information, vehicle time for competiton, parking lot information and equipment information simultaneously, and according to calculation of price parking consumption charge, deduct the fee being blocked from CPU user by outlet terminal, if expense is not enough, alarm.

In addition, optionally, (namely terminal deposited by the said circle of the embodiment of the present invention to card increment terminal in Fig. 2 c, HSAM card is installed) data processing request (can be specifically charging request) of the transmission of user can also be received, wherein, this data processing request carries the first randomized number and application sequence number, this first randomized number and application sequence number are sent to HSAM card by card increment terminal, come alternately car owner is carried out authentication by carrying out ciphertext between CPU card and HSAM card, if being verified, then accept this charging request, CPU card is rised in value; That is, in increment end, user can also deposit at circle and on machine, CPU card be carried out circle and deposit operation, and CPU card to be rised in value, certainly, user manually can also be rised in value at card business centre management, does not repeat them here.

It should be noted that, except above-mentioned flow process, in order to strengthen the security of certification, the legitimacy of CPU can be carried out certification, that is, terminal is before receiving the data processing request that CPU card sends, it is also possible to CPU card is carried out internal authentication, namely, before data being processed according to data processing request, the method can also comprise:

Application sequence number is obtained to CPU card, and obtain the 2nd randomized number to SAM card (such as PSAM card or HSAM card etc.), 2nd randomized number is sent to CPU card, so that CPU card adopts internal authentication double secret key the 2nd randomized number to carry out the close encryption of state, obtain the 2nd enciphered data, receive the 2nd enciphered data that CPU card returns; The internal authentication order carrying the 2nd enciphered data and application sequence number is sent to SAM card; Receive the response message carrying internal authentication result that SAM card returns.

Then now, carry out data processing (i.e. step 208) according to described data processing request to be specifically as follows: determine that the instruction external authentication of described external authentication result is passed through, and when determining that this internal authentication result instruction internal authentication passes through, data processing is carried out according to described data processing request, wherein, the mode of data processing specifically see embodiment above, can not repeat them here.

As from the foregoing, the terminal of the present embodiment adopts the data processing request carrying the first randomized number and application sequence number receiving CPU card and sending, then this first randomized number and application sequence number are sent to SAM card, by SAM card, the first randomized number is encrypted, obtain the first enciphered data, by terminal, the external authentication order carrying this first enciphered data is sent to CPU card, certification is carried out by CPU card, if the instruction external authentication of external authentication result is passed through, then terminal carries out data processing according to this data processing request. CPU card and SAM card interactive authentication and ciphertext transmission (terminal and CPU card is have employed due to the program, data clear text is not transmitted between SAM card, in this process, data have association key protection, and support that SM1 algorithm module encrypts and decrypts by solidification card, even if being illegally listened, because SM1 is underground, do not separate decryption key and relevant algorithm, so also cannot obtain expressly) mode user's identity is verified, so the protection to user data can be strengthened, particularly to the protection of user's fund stream safety, substantially increase the security of managing system of car parking.

In addition, further, before carrying out data processing according to this data processing request, except can carrying out external authentication, it is also possible to carry out internal authentication, if both having performed external authentication, also perform internal authentication, then its security can be further enhanced, and does not repeat them here.

Embodiment three,

Method described by preceding embodiment, consumption terminal will be specially respectively and terminal deposited by circle below with terminal, SAM fixture body is PSAM card and HSAM(ISAM) card is described for example, namely respectively to consume and circle is deposited and supplemented two scenes with money and be described further.

When specifically implementing, this managing system of car parking can comprise multiple terminal, multiple PSAM cards and/or multiple HSAM cards and/or ISAM card, and wherein, each terminal multiple PSAM cards corresponding or multiple HSAM cards or ISAM card, each terminal can multiple CPU card of correspondence.

(1) consume;

1, consumption terminal selects PSAM card;

2, PSAM card returns terminal machine numbering and consumes cipher key index to consumption terminal;

3, consumption terminal selects CPU card (i.e. user's card);

4, CPU card returns the information such as hair fastener square mark and application sequence number to consumption terminal;

5, consumption terminal carries out consumption initialize according to information such as terminal machine numbering, consumption cipher key index, hair fastener square mark and application sequence number;

6, CPU card sends data processing request, and such as consumer requests is to consumption terminal, and wherein, this consumer requests can carry the information such as the first randomized number and CPU card transaction sequence number, in addition, it is also possible to carry the information such as consumption key version number and consumption key algorithm mark;

7, the information such as the first randomized number and CPU card transaction sequence number are sent to PSAM card by consumption terminal, PSAM card is utilized to calculate MAC1, such as, specifically main key can be disperseed, obtain process key, utilize this process key, adopt the close encryption algorithm of state this first randomized number to be encrypted, obtain MAC1;

8, PSAM card returns MAC1 to consumption terminal;

9, CPU card is sent consumption order by consumption terminal, and wherein, this consumption order can carry MAC1;

10, MAC1 is decrypted by CPU card, and when determining that this first data decryption equals this first randomized number, returns MAC2 and TAC2 to consumption terminal;

11, MAC2 and TAC2(TAC is transaction verification code by consumption terminal) it is sent to PSAM card, verify MAC2 by PSAM card, if verification is passed through, then return instruction and verify the response message passed through to consumption terminal, otherwise, return the failed response message of instruction verification to consumption terminal;

If 12 receive instruction verifies the response message passed through, then consumption terminal can deduct the spending amount in CPU card.

(2) Application of composite consumption;

1, consumption terminal selects PSAM card;

2, PSAM card return terminal machine numbering and to consumption terminal give consumption cipher key index;

3, consumption terminal selects CPU card;

5, consumption terminal sends Application of composite consumption initialize order to CPU card;

6, CPU card sends data processing request, such as Application of composite consumer requests is to consumption terminal, wherein, this Application of composite consumer requests can carry and return the first randomized number and user blocks the information such as transaction sequence number, in addition, it is also possible to carry the information such as consumption key version number, consumption key algorithm mark, electronic purse balance amount, overdraw limit, algorithm mark;

8, PSAM card returns MAC1 to consumption terminal;

9, CPU card is sent and upgrades Application of composite data buffer memory order by consumption terminal;

10, CPU card is sent Application of composite consumption order by consumption terminal, wherein, can carry MAC1 in Application of composite consumption order;

11, MAC1 is decrypted by CPU card, and when determining that this first data decryption equals this first randomized number, returns MAC2 and TAC2 to consumption terminal;

12, MAC2 and TAC2 is sent to PSAM card, verifies MAC2 by PSAM card, if verification is passed through, then returns instruction and verifies the response message passed through to consumption terminal, otherwise, return the failed response message of instruction verification to consumption terminal;

If 13 receive instruction verifies the response message passed through, then consumption terminal can deduct the spending amount in CPU card.

(3) circle is deposited and is supplemented with money;

1, circle is deposited terminal and is selected CPU card;

2, CPU card returns the information such as hair fastener square mark and application sequence number to consumption terminal;

3, circle is deposited terminal CPU card is carried out validity check, and sends holder's password to CPU card;

4, CPU card returns the message of the validity of instruction holder's password to terminal;

5, circle is deposited terminal and is deposited initialize message to CPU card transmission circle, and wherein, this circle is deposited in initialize message and carried cipher key index;

6, CPU card checks that whether cipher key index is correct, if correctly, then returns charging request and deposits terminal to circle, wherein, carries the information such as the first randomized number and MAC1 in this charging request;

7, circle is deposited terminal and is sent the information such as the first randomized number and MAC1 to the HSAM card (or ISAM card) in financial host, and whether HSAM card checking MAC1 is correct, if MAC1 is correct, then the amount of money deposited by the circle subtracting input from the personal account of holder, and produces MAC2;

8, after HSAM card is successfully concluded the business, return circle and deposit transaction message and deposit terminal to circle, such as MAC2, the transaction time;

9, circle is deposited terminal and the circle that HSAM card returns is deposited transaction message is sent to CPU card, verifies the validity of MAC2 by CPU card, if MAC2 correctly, then upgrades the corresponding data of stored value card, such as upgrades electronic purse balance amount, and add 1 by on-line transaction sequence number;

10, CPU card calculates TAC(transaction verification code), and return transaction verification code and deposit terminal to circle;

11, after the TAC that terminal receives CPU card transmission deposited by circle, being sent to main frame and verify, if being verified, being then CPU card successful recharging, flow process terminates.

It should be noted that, three concrete application scenes of the above only just embodiment of the present invention, it should not be interpreted as restriction, also, it is to be understood that, the embodiment of the present invention can also have other application scene, does not repeat them here.

As from the foregoing; the present embodiment can also realize the useful effect described by preceding embodiment equally, namely can strengthen the protection to user data, particularly to the protection of user's fund stream safety; substantially increase the security of managing system of car parking, do not repeat them here.

Embodiment four,

Accordingly, the embodiment of the present invention also provides a kind of data processing equipment being applied to parking lot, specifically can as the terminal of the embodiment of the present invention. As shown in Figure 3, this data processing equipment being applied to parking lot comprises the first reception unit 301, first transmission unit 302, the 2nd reception unit 303, the 2nd transmission unit 304, the 3rd reception unit 305 and processing unit 306;

First reception unit 301, for receiving the data processing request that CPU card sends, wherein, data processing request carries the first randomized number and application sequence number;

First transmission unit 302, for being sent to SAM card by this first randomized number and application sequence number;

2nd reception unit 303, for receiving the first enciphered data that SAM card returns;

This main key is disperseed by SAM Cali application sequence number, obtains process key, utilizes this process key, adopts the close encryption algorithm of state this first randomized number to be encrypted, obtains the first enciphered data.

2nd transmission unit 304, for sending external authentication order to CPU card, wherein, this first enciphered data is carried in this external authentication order;

3rd reception unit 305, for receiving the response message carrying external authentication result that CPU card returns;

Wherein, first enciphered data is decrypted and certification gained by this external authentication result by CPU card, such as, if SAM card adopts the close encryption algorithm of state the first randomized number to be encrypted, obtain the first enciphered data, then now, CPU card specifically can utilize the close deciphering algorithm of state the first enciphered data to be decrypted, and obtains the first data decryption.

Processing unit 306, for determine this external authentication result instruction external authentication by time, carry out data processing according to this data processing request.

Such as, it is possible to according to this data processing request, the user data on server is processed, such as, specific as follows:

Processing unit 306, specifically may be used for according to this data processing request, user data, and by described storage of subscriber data on the server, wherein, user data comprises the information such as user profile, entry time, time for competiton, parking lot information and/or equipment information.

In addition, processing unit 306, it is also possible to for calculating consumption charge according to user profile, entry time and time for competiton, deduct described consumption charge from described CPU card.

Optionally, when in CPU card, expense is not enough, terminal can also send warning, user to be pointed out. That is:

Processing unit 306, it is also possible to time not enough for expense in CPU card, alarm.

, optionally, in addition processing unit 306, it is also possible to deposit supplement with money for CPU card being carried out circle.

In addition, in order to strengthen the security of certification, it is also possible to the legitimacy of CPU is carried out certification, namely this data processing equipment being applied to parking lot can also comprise internal authentication unit;

Internal authentication unit, for obtaining application sequence number to CPU card, and obtains the 2nd randomized number to SAM card; 2nd randomized number is sent to CPU card, so that CPU card adopts internal authentication double secret key the 2nd randomized number to carry out the close encryption of state, obtains the 2nd enciphered data; Receive the 2nd enciphered data that CPU card returns; Send the internal authentication order carrying the 2nd enciphered data and application sequence number to SAM card;Receive the response message carrying internal authentication result that SAM card returns; Determine that the instruction external authentication of this external authentication result is passed through, and when determining that this internal authentication result (the internal authentication result carried in the response message that namely SAM card returns) indicates internal authentication to pass through, carry out data processing according to this data processing request.

Wherein, the 2nd enciphered data is decrypted and certification gained by this certification result (the certification result carried in the response message that namely SAM card returns) by SAM card, such as, and specifically can be as follows:

Internal authentication key is disperseed by SAM card according to application sequence number, obtains interim key; Utilize this interim key, adopt the close deciphering algorithm of state the 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that the 2nd data decryption equals the 2nd randomized number, generate the internal authentication result (namely indicating the internal authentication result that internal authentication passes through) that instruction internal authentication passes through.

Optionally, if the 2nd data decryption is not equal to the 2nd randomized number, then flow process terminates, or, optionally, if the 2nd data decryption is not equal to the 2nd randomized number, it is also possible to generate the certification result (namely indicating the internal authentication result of internal authentication failure) of instruction internal authentication failure.

It should be noted that, the execution of external authentication and internal authentication can be in no particular order.

When specifically implementing, each unit above can realize as independent entity, it is also possible to carries out arbitrary combination, carrys out entity as same entity, and the concrete enforcement of each unit above see embodiment of the method above, can not repeat them here.

As from the foregoing, first reception unit 301 of the data processing equipment being applied to parking lot of the present embodiment receives the data processing request carrying the first randomized number and application sequence number that CPU card sends, then by the first transmission unit 302, this first randomized number and application sequence number are sent to SAM card, by SAM card, the first randomized number is encrypted, obtain the first enciphered data, by the 2nd of terminal the transmission unit 304 this first enciphered data is carried in external authentication order and it is sent to CPU card, certification is carried out by CPU card, if the instruction external authentication of external authentication result is passed through, then the processing unit 306 of terminal carries out data processing according to this data processing request. data (such as transaction data) are processed by the mode of CPU card and SAM card interactive authentication and ciphertext transmission that have employed due to the program, so the protection to user data can be strengthened, particularly to the protection of user's fund stream safety, substantially increase the security of managing system of car parking.

In addition, further, before processing unit 306 carries out data processing according to this data processing request, except can carrying out external authentication, internal authentication can also being carried out by internal authentication unit, if both having performed external authentication, also performing internal authentication, then its security can be further enhanced, and does not repeat them here.

Embodiment five,

Accordingly, the embodiment of the present invention also provides a kind of managing system of car parking, comprises terminal 401, CPU card 402 and SAM card 403; Wherein, terminal 401 is specially any one data processing equipment being applied to parking lot that the embodiment of the present invention provides, such as, and specifically can be as follows:

Terminal 401, for receiving the data processing request that CPU card sends, wherein, this data processing request carries the first randomized number and application sequence number, first randomized number and application sequence number are sent to SAM card 403, receive the first enciphered data that SAM card 403 returns, send the external authentication order carrying this first enciphered data to CPU card 402, receive the response message carrying external authentication result that CPU card 402 returns, determine this external authentication result instruction external authentication by time, carry out data processing according to data processing request;

CPU card 402, for sending data processing request to terminal 401, wherein, this data processing request carries the first randomized number and application sequence number; Receive the external authentication order carrying the first enciphered data that terminal 401 sends, the first enciphered data is decrypted and certification, obtains external authentication result, external authentication result is sent to terminal 401;

SAM card 403, for receiving the first randomized number and the application sequence number that terminal 401 sends, is encrypted the first randomized number according to this application sequence number, obtains the first enciphered data, the first enciphered data is sent to terminal 401.

Optionally, wherein, SAM card 403, specifically may be used for utilizing this application sequence number to be disperseed by described main key, obtains process key, utilize this process key, adopts the close encryption algorithm of state this first randomized number to be encrypted, obtains the first enciphered data.

Then now, CPU card 402, specifically may be used for utilizing the close deciphering algorithm of state the first enciphered data to be decrypted, obtains the first data decryption, it is determined that when this first data decryption equals this first randomized number, generates the external authentication result that instruction external authentication is passed through.

It should be noted that, if CPU card 402 determines that this first data decryption is not equal to this first randomized number, then flow process terminates, or, optionally, it is also possible to generate the external authentication result of instruction external authentication failure.

Also it should be noted that, wherein, SAM card 403 can be arranged on facility, namely in terminal, such as specifically can be arranged on consumption terminal or circle is deposited in terminal, and wherein, circle is deposited terminal and is specifically as follows circle and deposits machine. Such as, SAM card 403 can comprise HSAM, ISAM and/or PSAM; HSAM can be arranged on circle and deposit in machine, for depositing, for CPU card 402 carries out circle, operations such as supplementing with money; ISAM can be arranged on circle and deposit in machine, it is also possible to for depositing, for CPU card 402 carries out circle, operations such as supplementing with money; PSAM card then can be arranged in consumption terminal, for CPU card 402 carries out the operations such as consumption charge deduction.

, as shown in Figure 5, in addition this managing system of car parking can also comprise server 404;

Server 404, for carrying out store and management to user data;

Then terminal 401, specifically may be used for being processed by the user data on server 404 according to this data processing request. Such as, specifically can be as follows:

Terminal 401, specifically may be used for according to data processing request, user data, and by this storage of subscriber data on described server 404, wherein, user data can comprise the information such as user profile, entry time, time for competiton, parking lot information and/or equipment information.

In addition, this terminal 401, it is also possible to for calculating consumption charge according to user profile, entry time and time for competiton, deduct this consumption charge from described CPU card 402.

Optionally, terminal 401, time also for the deficiency of expense in CPU card 402, alarm.

, optionally, in addition terminal 401, also deposits supplement with money for CPU card carries out circle.

In addition, in order to strengthen the security of certification, it is also possible to the legitimacy of CPU is carried out certification, that is:

Terminal 401, it is also possible to for obtaining application sequence number to CPU card 402, and obtain the 2nd randomized number to SAM card 403; 2nd randomized number is sent to CPU card 402, so that CPU card 402 adopts internal authentication double secret key the 2nd, randomized number carries out the close encryption of state, obtains the 2nd enciphered data; Receive the 2nd enciphered data that CPU card 402 returns; Send the internal authentication order carrying the 2nd enciphered data and application sequence number to SAM card 403; Receive the response message carrying internal authentication result that SAM card 403 returns; Determine this external authentication result instruction external authentication pass through, and determine this internal authentication result instruction internal authentication by time, carry out data processing according to this data processing request.

Wherein, the 2nd enciphered data can be decrypted and certification gained by the internal authentication result carried in the response message that SAM card 403 returns by SAM card 403, such as, and specifically can be as follows:

SAM card 403, it is also possible to for being disperseed by internal authentication key according to this application sequence number, obtain interim key; Utilize described interim key, adopt state's close deciphering algorithm described 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that described 2nd data decryption equals the 2nd randomized number, generate the internal authentication result that instruction internal authentication passes through, this internal authentication result is sent to terminal 401.

Optionally, SAM card 403, can also be used for when the 2nd data decryption is not equal to the 2nd randomized number, process ends, or, optionally, when the 2nd data decryption is not equal to the 2nd randomized number, it is also possible to generate the internal authentication result (namely indicating the internal authentication result of internal authentication failure) of instruction internal authentication failure.

When specifically implementing, each equipment above can realize as independent entity, it is also possible to carries out arbitrary combination, realizes as same or some entities, and such as, SAM card 403 specifically can be contained in terminal 401, etc. Wherein, terminal 401 specifically can comprise the modules such as micro-control unit, SAM card driving circuit, CPU card driving circuit, operator-machine-interface, communication interface and radio frequency circuit interface; CPU card 402 comprises the IP kernel supporting the close algorithm of state; SAM card 403 comprises the modules such as M1 algorithm coprocessor, key calculation unit and safe module; And server 404 can comprise the safe module of SM1 etc., specifically see embodiment above, can not repeat them here.

As from the foregoing, terminal 401 in the managing system of car parking of the present embodiment can receive the data processing request carrying the first randomized number and application sequence number that CPU card sends, then this first randomized number and application sequence number are sent to SAM card 403, by SAM card 403, first randomized number is encrypted, obtain the first enciphered data, the external authentication order carrying this first enciphered data be sent to CPU card 402 by terminal 401, certification is carried out by CPU card 402, if the instruction external authentication of external authentication result is passed through, then terminal 401 carries out data processing according to this data processing request. CPU card 402 and SAM card 401 interactive authentication and ciphertext transmission (terminal 401 and CPU card 402 is have employed due to the program, data clear text is not transmitted between SAM card 403, in this process, data have association key protection, and support that SM1 algorithm module encrypts and decrypts by solidification card, even if being illegally listened, because SM1 is underground, do not separate decryption key and relevant algorithm, so also cannot obtain expressly) mode data are processed, so the protection to user data can be strengthened, particularly to the protection of user's fund stream safety, substantially increase the security of managing system of car parking.

The all or part of step that one of ordinary skill in the art will appreciate that in the various methods of above-described embodiment can be completed by the hardware that program carrys out instruction relevant, this program can be stored in a computer-readable recording medium, storage media can comprise: read-only storage (ROM, ReadOnlyMemory), random access memory body (RAM, RandomAccessMemory), disk or CD etc.

A kind of data processing method, device and the managing system of car parking the being applied to parking lot embodiment of the present invention provided above is described in detail, apply specific case herein the principle of the present invention and enforcement mode to have been set forth, illustrating just for helping the method understanding the present invention and core concept thereof of above embodiment; Meanwhile, for the technician of this area, according to the thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims

1. one kind is applied to the data processing method in parking lot, it is characterised in that, comprising:

Receiving the data processing request that central processor CPU card sends, described data processing request carries the first randomized number and application sequence number;

Described first randomized number and application sequence number are sent to secure access module SAM card;

Sending external authentication order to CPU card, the first enciphered data is carried in described external authentication order;

Determine described external authentication result instruction external authentication by time, carry out data processing according to described data processing request;

Described carry out data processing according to described data processing request before, also comprise:

Obtain application sequence number to CPU card, and obtain the 2nd randomized number to SAM card;

Described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtains the 2nd enciphered data;

Receive the 2nd enciphered data that CPU card returns;

Sending internal authentication order to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order;

Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card;

Then described determine that the instruction external authentication of described external authentication result is when passing through, carry out data processing according to described data processing request to be specially: determine that the instruction external authentication of described external authentication result is passed through, and determine described internal authentication result instruction internal authentication by time, carry out data processing according to described data processing request.

2. method according to claim 1, it is characterised in that, described first randomized number is encrypted gained by SAM card according to described application sequence number by described first enciphered data, is specially:

Main key is disperseed by SAM Cali by described application sequence number, obtains process key;

Utilize described process key, adopt state's close encryption algorithm described first randomized number to be encrypted, obtain the first enciphered data.

3. method according to claim 2, it is characterised in that, the first enciphered data is decrypted and certification gained by described external authentication result by CPU card, is specially:

CPU card utilizes the close deciphering algorithm of state the first enciphered data to be decrypted, and obtains the first data decryption;

When determining that described first data decryption equals described first randomized number, generate the external authentication result that instruction external authentication is passed through.

4. method according to the arbitrary item of claims 1 to 3, it is characterised in that, described carry out data processing according to described data processing request, it is specially:

According to described data processing request, user data, and by described storage of subscriber data on the server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

5. method according to claim 4, it is characterised in that, described according to described data processing request, user data, and after described storage of subscriber data is on described server, also will comprise:

6. method according to claim 5, it is characterised in that, the method also comprises:

When in described CPU card, expense is not enough, alarm.

7. method according to claim 1, it is characterised in that, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card, comprising:

Internal authentication key is disperseed by SAM card according to described application sequence number, obtains interim key;

Utilize described interim key, adopt state's close deciphering algorithm described 2nd enciphered data to be decrypted, obtain the 2nd data decryption;

When determining that described 2nd data decryption equals the 2nd randomized number, generate the internal authentication result that instruction internal authentication passes through.

8. one kind is applied to the data processing equipment in parking lot, it is characterised in that, comprising:

First reception unit, for receiving the data processing request that central processor CPU card sends, described data processing request carries the first randomized number and application sequence number;

First transmission unit, for being sent to secure access module SAM card by described first randomized number and application sequence number;

Processing unit, for determine described external authentication result instruction external authentication by time, carry out data processing according to described data processing request;

Also comprise internal authentication unit;

Internal authentication unit, for obtaining application sequence number to CPU card, and obtains the 2nd randomized number to SAM card; Described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtains the 2nd enciphered data;Receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order; Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card;

Then described processing unit, specifically for determine described external authentication result instruction external authentication pass through, and determine described internal authentication result instruction internal authentication by time, carry out data processing according to described data processing request.

9. the data processing equipment being applied to parking lot according to claim 8, it is characterised in that,

Described processing unit, specifically for according to described data processing request, user data, and by described storage of subscriber data on the server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

10. the data processing equipment being applied to parking lot according to claim 9, it is characterised in that,

Described processing unit, also for calculating consumption charge according to user profile, entry time and time for competiton, deducts described consumption charge from described CPU card.

11. data processing equipments being applied to parking lot according to claim 10, it is characterised in that,

Described processing unit, time also for the deficiency of expense in described CPU card, alarm.

12. 1 kinds of managing system of car parking, it is characterised in that, comprise terminal, central processor CPU card and secure access module SAM card;

Described terminal, for receiving the data processing request that CPU card sends, described data processing request carries the first randomized number and application sequence number, described first randomized number and application sequence number are sent to SAM card, receive the first enciphered data that SAM card returns, send external authentication order to CPU card, the first enciphered data is carried in described external authentication order, receive the response message carrying external authentication result that CPU card returns, determine described external authentication result instruction external authentication by time, carry out data processing according to described data processing request;

Described CPU card, for sending data processing request to described terminal, described data processing request carries the first randomized number and application sequence number; Receive the external authentication order of the first enciphered data carried that described terminal sends, the first enciphered data is decrypted and certification, obtains external authentication result, external authentication result is sent to described terminal;

Described SAM card, for receiving the first randomized number and the application sequence number that described terminal sends, is encrypted described first randomized number according to described application sequence number, obtains the first enciphered data, the first enciphered data is sent to described terminal;

Described terminal, also for obtaining application sequence number to CPU card, and obtains the 2nd randomized number to SAM card; Described 2nd randomized number is sent to CPU card, so that CPU card adopts the 2nd randomized number described in internal authentication double secret key to carry out the close encryption of state, obtains the 2nd enciphered data; Receive the 2nd enciphered data that CPU card returns; Sending internal authentication order to SAM card, described 2nd enciphered data and application sequence number is carried in described internal authentication order; Receiving the response message carrying internal authentication result that SAM card returns, the 2nd enciphered data is decrypted and certification gained by described internal authentication result by SAM card; Determine described external authentication result instruction external authentication pass through, and determine described internal authentication result instruction internal authentication by time, carry out data processing according to described data processing request.

13. managing system of car parking according to claim 12, it is characterised in that,

Described SAM card, specifically for utilizing described application sequence number to be disperseed by main key, obtains process key, utilizes described process key, adopts state's close encryption algorithm described first randomized number to be encrypted, obtains the first enciphered data.

14. managing system of car parking according to claim 13, it is characterised in that,

Described CPU card, specifically for utilizing the close deciphering algorithm of state the first enciphered data to be decrypted, obtains the first data decryption, it is determined that when described first data decryption equals described first randomized number, generates the external authentication result that instruction certification is passed through.

15. according to claim 12 to the managing system of car parking described in 14 arbitrary items, it is characterised in that, also comprise server;

Described server, for carrying out store and management to user data;

Then described terminal, specifically for according to described data processing request, processing the user data on server.

16. managing system of car parking according to claim 15, it is characterised in that,

Described terminal, specifically for according to described data processing request, user data, and by described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or equipment information.

17. managing system of car parking according to claim 16, it is characterised in that,

Described terminal, also for calculating consumption charge according to user profile, entry time and time for competiton, deducts described consumption charge from described CPU card.

18. managing system of car parking according to claim 17, it is characterised in that,

Described terminal, time also for the deficiency of expense in described CPU card, alarm.

19. managing system of car parking according to claim 12, it is characterised in that,

Described SAM card, also for being disperseed by internal authentication key according to described application sequence number, obtains interim key; Utilize described interim key, adopt state's close deciphering algorithm described 2nd enciphered data to be decrypted, obtain the 2nd data decryption; When determining that described 2nd data decryption equals the 2nd randomized number, generate the internal authentication result that instruction internal authentication passes through.