CN103259654B - A kind of smart card administrative system based on satellite communications services - Google Patents
A kind of smart card administrative system based on satellite communications services Download PDFInfo
- Publication number
- CN103259654B CN103259654B CN201210139324.4A CN201210139324A CN103259654B CN 103259654 B CN103259654 B CN 103259654B CN 201210139324 A CN201210139324 A CN 201210139324A CN 103259654 B CN103259654 B CN 103259654B
- Authority
- CN
- China
- Prior art keywords
- smart card
- card
- user
- rdss
- subscriber computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of smart card administrative system based on satellite communications services in satellite communications services technical field.The present invention includes subscriber computer, smart card and card Ore-controlling Role;Smart card is placed in subscriber computer, and smart card is provided with RDSS system authentication program and RDSS certification key, completes RNSS navigation message and strengthens the decryption processing of information and the generation of RDSS authentication code;Card Ore-controlling Role is installed on PC, including client-side program and read-write card equipment, provides the user the secure access to smart card and is registered by the Internet, updates and apply for.The present invention management by smart card and card Ore-controlling Role, it is possible to the identity of user is carried out effectively, the information security of the user of protection, it is to avoid satellite communication resource loss.
Description
Technical field
The invention belongs to satellite communications services technical field, particularly relate to a kind of smart card administrative system based on satellite communications services.
Background technology
NAVSTAR occupies important position in the development of the national economy, it is important component part and the propelling strength of IT application in the national economy construction, it is the important infrastructure of building national information systems, is that the guardian technique being directly connected to national security and economic development props up support system.A global new high-tech industry is progressively become with satellite navigation (GNSS) application industry that GPS is representative.
Satellite communications services towards civilian users has become as the main business of satellite communication.Existing satelline radio-navigation systems RNSS textual information and satellite radio detection service RDSS(RadioDeterminationSatelliteService, satellite radio detection services) processing mode of authentication code, radio navigation system RNSS textual information is encrypted by satellite side often, then the radio navigation system RNSS textual information of encryption is sent to subscriber computer, authentication is carried out by RDSS authentication code again, according to the mode arranged with satellite by the radio navigation system RNSS textual information of encryption is decrypted by subscriber computer.
Although adopting public key cryptography system between satellite side and subscriber computer, but safety existing some problems.First, the key probability that cause key be broken unrelated with timeliness is greatly increased;Secondly, whether subscriber computer is legal cannot confirm, causes that malicious user is possibly used satellite service.For current satelline radio-navigation systems RNSS textual information processing mode Problems existing, the present invention proposes a kind of smart card administrative system based on satellite communications services.
Summary of the invention
It is an object of the invention to, it is provided that a kind of smart card administrative system based on satellite communications services, for solving current satelline radio-navigation systems RNSS textual information processing mode Problems existing.
The technical scheme is that, a kind of smart card administrative system based on satellite communications services, it is characterized in that this system includes subscriber computer, smart card and card Ore-controlling Role;
Described smart card is placed in subscriber computer, and smart card is provided with RDSS system authentication program and RDSS certification key, completes RNSS navigation message and strengthens the decryption processing of information and the generation of RDSS authentication code;
Described card Ore-controlling Role is installed on PC, including client-side program and read-write card equipment, provides the user the secure access to smart card and is registered by the Internet, updates and apply for.
Described decryption processing function is particularly as follows: the navigation message that subscriber computer receives satellite transmission strengthens information;Smart card produces work at present Ageing Treatment parameter according to user's Ageing Treatment parameters spread, and information that navigation message is strengthened is decrypted process, and the navigation message enhancing information after deciphering is transferred to subscriber computer.
The generation of described authentication code is particularly as follows: subscriber computer sends location or communication request to smart card;Smart card calls RDSS system authentication program and RDSS certification key and produces authentication code, and authentication code is committed to satellite navigation system carries out authentication, if user identity is legal, satellite navigation system sends location or communication data to subscriber computer;Otherwise, satellite navigation system does not send location or communication data.
Described RDSS certification key is independently updated by card Ore-controlling Role or satellite user management system artificial regeneration.
Described user's Ageing Treatment parameter is independently updated by card Ore-controlling Role or satellite user management system artificial regeneration.
Described smart card adopts the encapsulation of COB card or paster encapsulation.
Described smart card is loaded with chip operating system.
The present invention management by smart card and card Ore-controlling Role, it is possible to the identity of user is carried out effectively, the information security of the user of protection, it is to avoid satellite communication resource loss.
Accompanying drawing explanation
Fig. 1 is user smart card composition schematic diagram;
Fig. 2 is smart card workflow.
Detailed description of the invention
Below in conjunction with accompanying drawing, preferred embodiment is elaborated.It is emphasized that the description below is merely exemplary, rather than in order to limit the scope of the present invention and application thereof.
Smart card administrative system is made up of smart card and card Ore-controlling Role two parts, it is provided that to authorized user.
User smart card is assemblied in inside subscriber computer, completes RNSS navigation message and strengthens decryption processing function and the RDSS authentication code generation function of information.User smart card is after the navigation message receiving subscriber computer transmission strengthens information ciphertext, work at present Ageing Treatment parameter is produced according to user's Ageing Treatment parameters spread, navigation message is strengthened information and is decrypted process, the enhancing information after deciphering is returned to subscriber computer.Service request, after receiving the service requests such as the RDSS location of subscriber computer transmission, communication, is authenticated processing by user smart card.User smart card can receive user and manages control instruction and complete the deletion to sensitive datas such as Ageing Treatment parameters and other process according to command content.The user that user's Ageing Treatment parameter can be down to the wire reminds user smart card, and the user that user's Ageing Treatment parameter is exceeded the time limit refuses service;Disabled user is refused service and returns error message.User smart card adapting card controls terminal, supports to carry out applying on the net and updating to user's Ageing Treatment parameter by the computer connecting the Internet.
One, RNSS modular system workflow
Satellite strengthens service and is based upon civilian users management system to strengthening on the basis of information encryption, Message Processing Subsystem receives the process enhancing information to be encrypted that satellite navigation system sends, within the designated treatment time, enhancing information is encrypted by the Ageing Treatment parameter pre-set according to the tupe specified use, and result is returned satellite navigation system.Information distributing will be strengthened after encryption to user terminal by satellite link by satellite navigation system.User terminal receives encryption enhancing information and is passed in the user smart card that user terminal is embedded, and user smart card calls the decryption processing program of inside and uses the internal Ageing Treatment parameter preserved to complete the decryption processing to encryption enhancing information.
RDSS mode user terminal equipment uses user smart card as the carrier of RDSS system authentication program and RDSS certification key, and user calls RDSS system authentication program every time and uses RDSS certification key to produce the legitimacy of authentication code proof own identification when submitting service request to system.Satellite navigation system confirms user identity by the authentication code in service request, only validated user is returned service request result.
Two, RDSS modular system workflow
RDSS mode user terminal equipment uses user smart card as the carrier of RDSS system authentication program and RDSS certification key, and user calls RDSS system authentication program every time and uses RDSS certification key to produce the legitimacy of authentication code proof own identification when submitting service request to system.Satellite navigation system confirms user identity by the authentication code in service request, only validated user is returned service request result.
Three, parameter updates workflow
Parameter updates the renewal distribution mainly including user's Ageing Treatment parameter and RDSS certification key: after user registration success or original Ageing Treatment parameter, RDSS certification key to after date, wish to obtain according to user and strengthen the time limit serviced the RDSS certification key of the user's Ageing Treatment parameter specified or next cycle is distributed to user.User obtains safely Ageing Treatment parameter or RDSS system authentication parameter by the mode of system artificial regeneration or online self-service renewal, in write user smart card.
1. system artificial regeneration
User carries user smart card, system user card administrative center is managed to satellite civilian users, fill in relevant updates parameter application, including wishing that acquisition strengthens the information such as the time of service, after auditing flow, center register card writer and complete to specify the distribution work of Ageing Treatment parameter, next cycle RDSS system authentication parameter.
Under special circumstances, Ageing Treatment parameter according to the application of user, can be sent to the terminal specifying user by satellite civilian users management system by satellite link, terminal security receive parameter and write user smart card, flow process below figure.
2. online self-service renewal
User smart card adapting card controls terminal, access the PC connecting the Internet, user fills in user by relevant WEB page and is desirable for the time limit and sends user and update application, and user manages subsystem examination & verification application and the Ageing Treatment parameter specified, RDSS system authentication parameter transmitted safely by connecting the PC of the Internet, card control terminal or user terminal and write user smart card.
Smart card is embedded in subscriber computer and uses, complete the interpretation process of enhancing information, user's Ageing Treatment parameter and the renewal of RDSS system authentication parameter, the public and private key of user RSA produces, user manages the work such as control, smart card can adopt the encapsulation of COB card or the different packing forms of paster encapsulation, to meet the different demands of polytype subscriber computer.
Smartcard internal loads special chip operating system (CardOS, hereinafter referred to as COS), builds secure file management system, runs concrete process application program, it is achieved business function on this basis.Processing application program and comprised master control scheduler module, RNSS interpretation process module, user's Ageing Treatment parameters spread processing module, RDSS system authentication processing module, online parameter updates Revest-Shamir-Adleman Algorithm (RSA) authentication processing module.Smart card forms as shown in Figure 1.
Smart card is as the unified carrier of file, data, parameter and algorithm and operation platform, it is achieved safe access control, the security processes such as data management.
COS and secure file management system provide the computing safeguard protection such as operational data RAM power-off disappearance, computing interference information generation;The safety protecting mechanism such as file and the safe read-write of data, limiting operation, out of order storage, unique smart card serial number is provided to accessing of user's sensitive traffic data.User's sensitive traffic data contain the sensitive datas such as private key for user, user's Ageing Treatment parameter, RDSS system authentication parameter.
Card control system is made up of the client-side program in online computer and read-write card equipment, and major function is to provide the user the secure access to smart card and can carry out register update application by the Internet.For the smart card of the encapsulation of COB cassette and paster two kinds of packing forms of encapsulation, card control system provides different access modes respectively.COB cassette packaging smart card can insert card control system after directly taking out from subscriber computer, card control system be responsible for smart card with power and clock communicates.For the paster packaging smart card in subscriber computer that is welded, it is possible to completed the communication with smart card by card control system by the standard data interface of subscriber computer.Read-write card equipment adopts general-purpose interface (USB or RS232) to communicate with online main frame.
Smart card workflow:
After smart card powers on, subscriber computer/card control system should send reset signal to smart card.The operation of smart card horizontal reset sends reset answer to subscriber computer, and smart card just can be carried out normal command operating by subscriber computer/card control system.The workflow of smart card is as shown in Figure 2:
1. after smart card resets; subscriber computer/card control system first should send self-checking command to card; operator are carried out using user authentication by smart card according to internal authentication password; if certification not over or self-inspection mistake; it is returned from error detection false information, if logical certification self-inspection simultaneously is correct, then returns self-inspection correct information; and carry out solving protection operation to the key parameter of storage inside, program enters application program controlling part.
2., after smart card self-inspection terminates, it is necessary to carry out data initialization, the present system time by sending into calculates work limitation parameter simultaneously;If the timeliness labelling in time judgement is invalid, then controls program and do not dispatch enhancing information interpretation module and the operation of RDSS system authentication module and work.
3. the user authentication of smart card is in use divided into 2 kinds of situations: application for registration and parameter update, and the handling process of both of these case is discrepant.
The above; being only the present invention preferably detailed description of the invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; the change that can readily occur in or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (7)
1., based on a smart card administrative system for satellite communications services, it is characterized in that this system includes subscriber computer, smart card and card Ore-controlling Role;
Described smart card is placed in subscriber computer, and smart card is provided with RDSS system authentication program and RDSS certification key, completes RNSS navigation message and strengthens the decryption processing of information and the generation of RDSS authentication code;
Described card Ore-controlling Role is installed on PC, including client-side program and read-write card equipment, provides the user the secure access to smart card and is registered by the Internet, updates and apply for;
The workflow of described smart card:
After smart card powers on, subscriber computer/card control system should send reset signal to smart card, and smart card performs reset operation and sends reset answer to subscriber computer, and smart card just can be carried out normal command operating by subscriber computer/card control system;
(1) after, smart card resets; subscriber computer/card control system first should send self-checking command to card; operator are carried out using user authentication by smart card according to internal authentication password; if certification not over or self-inspection mistake; it is returned from error detection false information, if correct by certification self-inspection simultaneously, then returns self-inspection correct information; and carry out solving protection operation to the key parameter of storage inside, program enters application program controlling part;
(2), after, smart card self-inspection terminates, it is necessary to carry out data initialization, the present system time by sending into calculates work limitation parameter simultaneously;If the timeliness labelling in time judgement is invalid, then controls program and do not dispatch enhancing information interpretation module and the operation of RDSS system authentication module and work.
2. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that described decryption processing function particularly as follows: the navigation message that subscriber computer receives satellite transmission strengthens information;Smart card produces work at present Ageing Treatment parameter according to user's Ageing Treatment parameters spread, and information that navigation message is strengthened is decrypted process, and the navigation message enhancing information after deciphering is transferred to subscriber computer.
3. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that the generation of described authentication code particularly as follows: subscriber computer sends location or communication request to smart card;Smart card calls RDSS system authentication program and RDSS certification key and produces authentication code, and authentication code is committed to satellite navigation system carries out authentication, if user identity is legal, satellite navigation system sends location or communication data to subscriber computer;Otherwise, satellite navigation system does not send location or communication data.
4. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that described RDSS certification key is independently updated by card Ore-controlling Role or satellite user management system artificial regeneration.
5. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that described user's Ageing Treatment parameter is independently updated by card Ore-controlling Role or satellite user management system artificial regeneration.
6. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that described smart card adopts the encapsulation of COB card or paster encapsulation.
7. a kind of smart card administrative system based on satellite communications services according to claim 1, is characterized in that described smart card is loaded with chip operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139324.4A CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139324.4A CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103259654A CN103259654A (en) | 2013-08-21 |
| CN103259654B true CN103259654B (en) | 2016-06-29 |
Family
ID=48963372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210139324.4A Active CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103259654B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780394B (en) * | 2014-01-23 | 2017-11-10 | 北京邮电大学 | A kind of access authentication and certificate scheme suitable for satellite data acquisition system |
| CN107241133A (en) * | 2017-06-14 | 2017-10-10 | 华安星科(北京)信息技术有限公司 | A kind of soft card user terminal device of the Big Dipper and system |
| CN110826667B (en) * | 2019-11-05 | 2023-03-14 | 深圳市远东华强导航定位有限公司 | Beidou RD smart card remote card reading method |
| CN111049567B (en) * | 2019-11-21 | 2021-03-02 | 北京天海达科技有限公司 | Implementation method of Beidou user card validity period management mode |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN101106564A (en) * | 2006-12-31 | 2008-01-16 | 泰州苏源集团科电有限公司 | A multi-function intelligent card network management system and method |
| WO2011157554A1 (en) * | 2010-06-15 | 2011-12-22 | The European Union, Represented By The European Commission | Method of providing an authenticable time-and-location indication |
-
2012
- 2012-05-07 CN CN201210139324.4A patent/CN103259654B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN101106564A (en) * | 2006-12-31 | 2008-01-16 | 泰州苏源集团科电有限公司 | A multi-function intelligent card network management system and method |
| WO2011157554A1 (en) * | 2010-06-15 | 2011-12-22 | The European Union, Represented By The European Commission | Method of providing an authenticable time-and-location indication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103259654A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102222049B (en) | Manage from the easily extensible of encrypted memory device | |
| CN101426012B (en) | Software module management device | |
| EP3780484B1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
| CN104395937A (en) | Device and method for controlling an access authorisation and/or driving authorisation for a vehicle | |
| CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
| CN103003822A (en) | Domain-authenticated control of platform resources | |
| US8892904B2 (en) | Hardware enforced security governing access to an operating system | |
| CN103259654B (en) | A kind of smart card administrative system based on satellite communications services | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| CN109088848A (en) | A kind of intelligent network connection automobile information method for security protection | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| CN106850638B (en) | Access control method and system for vehicle-mounted equipment | |
| CN104053149A (en) | Method and system for realizing security mechanism of vehicle networking equipment | |
| CN103457974A (en) | Safety control method and device for virtual machine mirror images | |
| CN109587142A (en) | A kind of the data safety AM access module and equipment of service-oriented stream | |
| CN112788150A (en) | Registration method, terminal device, block chain management screen platform and storage medium | |
| CN102546172A (en) | Access control method of intelligent card, intelligent card, terminal and system | |
| CN106777750A (en) | A kind of management method and look-up system of power distribution network line chart | |
| CN102685122A (en) | Software protection method based on cloud server | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN102968588B (en) | Intelligent terminal system | |
| CN103260157B (en) | Towards Subscriber Management System and the using method thereof of satellite communications services | |
| CN100571123C (en) | Be used to realize that application system and safety chip carry out mutual device and method | |
| CN102480724A (en) | Software authentication data card, software authentication system and software authentication method | |
| CN105187207A (en) | Authority authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220112 Address after: 101399 room 1115, 6 Anfu street, Houshayu Town, Shunyi District, Beijing Patentee after: Jiaoxin Beidou Technology Co.,Ltd. Patentee after: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER Address before: 100011 rear body of Chaoyang District foreign and foreign embassy in Beijing Patentee before: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230328 Address after: 100011 No. 1, back of Andingmen Waiguan, Chaoyang District, Beijing Patentee after: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER Address before: 101399 room 1115, 6 Anfu street, Houshayu Town, Shunyi District, Beijing Patentee before: Jiaoxin Beidou Technology Co.,Ltd. Patentee before: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER |