CN103903022A - Realization method and system of intelligent card application supporting multiple sets of personal data - Google Patents
Realization method and system of intelligent card application supporting multiple sets of personal data Download PDFInfo
- Publication number
- CN103903022A CN103903022A CN201210583738.6A CN201210583738A CN103903022A CN 103903022 A CN103903022 A CN 103903022A CN 201210583738 A CN201210583738 A CN 201210583738A CN 103903022 A CN103903022 A CN 103903022A
- Authority
- CN
- China
- Prior art keywords
- application
- cards
- data
- aid operators
- environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a realization method and system of an intelligent card application supporting multiple sets of personal data, which belongs to the technical field of the intelligent card application. According to the invention, an environment authentication file and an auxiliary operator application file are added into the intelligent card application, and are respectively used for storing environment authentication data and auxiliary operator application data; when an external device which is used for accessing the intelligent card application accesses the intelligent card application, the external device environment is authenticated according to the environment authentication data; if the authentication is successful, the fact that the external device belongs to the auxiliary operator application data is confirmed; and the auxiliary operator application data are loaded to the intelligent card application, so that the intelligent card application carried out corresponding business processing. According to the invention, the condition that a number of same intelligent card applications are arranged under the condition of a multi-purpose card is avoided; the storage space of a card is greatly saved; account disputes corresponding to the intelligent card application is avoided; and a common card and the multi-purpose card are effectively promoted.
Description
Technical field
The invention belongs to smart card application technologies field, be specifically related to a kind of application of IC cards implementation method and system of supporting many cover personal datas.
Background technology
Along with the expansion of the universal and application of smart card, smart card progressively becomes instrument indispensable in the modern life.At present, the card sending mechanism of smart card is more, comprises bank, telecommunications, municipal administration, property etc.Application on smart card also exists diversity and repeatability, for example, is applied to the traffic all-purpose card electronic wallet application in public transport field, is applied to the debt-credit note application of financial field etc.Wherein, all-purpose card electronic wallet application also can be applied in multiple fields such as traffic, supermarket, movie theatre, payphone, and the application of finance debt-credit note can be applied to Duo Jia bank.
At present, an application of IC cards only can be used its corresponding a set of personal data, this just causes in the use procedure of smart card, the single personal data of its issuer is only supported in its corresponding application of IC cards, cannot be compatible other use the personal data of the issuer of same application, therefore cause different smart card issuers all to need to issue a smart card that is loaded with same application to user, user's smart card quantity is constantly increased, on the one hand user's use is caused to larger inconvenience, also wasted on the other hand more resource.
Solving in the problem of one card for multiple uses, the method adopting is at present that multiple identical application are installed on a sheet smart card, and each application is used separately independently personal data.The problem that adopts the method to produce is mainly to impact smart cards for storage resource, and the storage resources of smart card is a kind of limited resources.
Summary of the invention
For the defect existing in prior art, technical matters to be solved by this invention is to provide a kind of application of IC cards implementation method and the system that can support many cover personal datas.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
An application of IC cards implementation method of supporting many cover personal datas increases environment authentication document and aid operators application file in application of IC cards, is respectively used to storage environment verify data and aid operators application data; In the time of external device access application of IC cards for access intelligent card application, first according to described environment verify data, described external unit environment is authenticated; If by authentication, confirm the affiliated aid operators application data of described external unit; Again described aid operators application data is loaded in application of IC cards, carries out corresponding business processing for application of IC cards.
Application of IC cards implementation method as above, wherein, personal data comprises main operator personal data and aid operators personal data, described main operator personal data is pre-stored in described application of IC cards, in the time increasing the aid operators of application of IC cards, reload corresponding aid operators personal data.
Application of IC cards implementation method as above, wherein, environment verify data comprises message digest computation key, aid operators mark and aid operators application file address.Aid operators application data comprises personal data and the application data of aid operators.
Application of IC cards implementation method as above, wherein, the process outside facility environment being authenticated according to environment verify data is as follows:
Described external unit is initiated application choice instruction to described application of IC cards, and application choice result is returned to described external unit by described application of IC cards;
Described external unit initiates to obtain random number instruction to described application of IC cards, and described random number is returned to described external unit by described application of IC cards;
Described external unit will obtain after random number, be identified at and in security context, carry out SHA message digest computation with aid operators, the eap-message digest content of calculating and aid operators mark are encapsulated, be transferred to described application of IC cards, and initiate aid operators authentication instruction;
Described application of IC cards is according to the aid operators mark receiving, search with described aid operators and identify corresponding environment authentication document, message digest computation key in environment for use authentication document, the random number producing and aid operators mark are carried out to SHA message digest computation, and the result of calculation of the described external unit of result of calculation and reception is compared, if identical, be verified, otherwise authentication failed, verification process finishes.
Application of IC cards implementation method as above, wherein, digest calculations method adopts SHA1 algorithm or MD5 algorithm.
Support the application of IC cards of many cover personal datas to realize a system, comprise the first memory storage for storing multiple sets personal data;
For the second memory storage of storage environment authentication document and aid operators application file;
For when access intelligent card apply external device access application of IC cards time, the authenticate device described external unit environment being authenticated according to environment verify data;
Be used for confirming the affiliated aid operators application data of described external unit, described aid operators application data is loaded into the loading attachment in application of IC cards.
The application of IC cards that personal data is overlapped in support as above more realizes system, and wherein, the second memory storage comprises the first storage unit for storage environment authentication document, and for storing the second storage unit of aid operators application file.
The application of IC cards that personal data is overlapped in support as above more realizes system, and wherein, authenticate device comprises the transmission unit for receiving described external device instruction link order result;
For searching corresponding environment authentication document according to aid operators mark, the message digest computation key in environment for use authentication document, identifies to the random number producing and aid operators the computing unit that carries out SHA message digest computation;
For the comparing unit that the message digest computation result of the described external unit of described message digest computation result and reception is compared.
The method of the invention and system, can support application and the personal data of multiple operators by making single application of IC cards, on the one hand, avoid installing the situation of multiple identical applications of IC cards in the situation that of one card for multiple uses, greatly saved the storage space of card; On the other hand, by adopting the mode of multi-operator application and personal data, avoided account dispute corresponding to application of IC cards, to promoting, all-purpose card is used, one card for multiple uses has played positive effect.
Accompanying drawing explanation
Fig. 1 supports the application of IC cards of many cover personal datas to realize the structured flowchart of system in embodiment;
Fig. 2 is the process flow diagram of supporting the application of IC cards implementation method of many cover personal datas in embodiment;
Fig. 3 is the structural representation of application of IC cards file in embodiment;
Fig. 4 is the structural representation of aid operators application file in embodiment;
Fig. 5 is the process flow diagram flow chart in embodiment, outside facility environment being authenticated.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.
As shown in Figure 1, in present embodiment, support the applications of IC cards of overlapping personal datas to realize system 1 more and comprise the first memory storage 11, the second memory storage 12, authenticate device 13 and loading attachment 14.Wherein, the second memory storage 12 comprises the first storage unit 121 and the second storage unit 122, and authenticate device 13 comprises transmission unit 131, computing unit 132 and comparing unit 133.This system 1 is arranged in smart card.
The first memory storage 11 is for storing multiple sets personal data.Described personal data comprises main operator personal data and aid operators personal data.Main operator personal data is pre-stored in the first memory storage 11, in the time increasing the aid operators of application of IC cards, reloads corresponding aid operators personal data.The second memory storage 12 is for storage environment authentication document and aid operators application file, wherein, the first storage unit 121 storage environment authentication documents, the second storage unit 122 is stored aid operators application file.Authenticate device 13, in the time that external unit 2 access intelligent cards of access intelligent card are applied, authenticates described external unit environment according to environment verify data.Wherein, transmission unit 131 is for receiving described external device instruction link order result; Computing unit 132 is for searching corresponding environment authentication document according to aid operators mark, and the message digest computation key in environment for use authentication document, carries out SHA message digest computation to the random number producing and aid operators mark; Comparing unit 133 is for comparing the message digest computation result of the described external unit 2 of described message digest computation result and reception.Loading attachment 14, for confirming the affiliated aid operators application data of described external unit 2, is loaded into described aid operators application data in application of IC cards.
As shown in Figure 2, adopting system shown in Figure 1 to realize supports the method for the application of IC cards of many cover personal datas to comprise the following steps:
(1) realize in system and increase environment authentication document and aid operators application file in application of IC cards, be respectively used to storage environment verify data and aid operators application data.Environment authentication document is stored in the first storage unit 121, and aid operators application file is stored in the second storage unit 122.
The file structure that application of IC cards realizes system as shown in Figure 3, comprises master control key file, catalogue file, ADF(Application Dedicated File, application proprietary file) and other application files.ADF comprises application default document, increases environment authentication document and aid operators application file.Environment authentication document comprises the secret key of message digest computation, aid operators mark and aid operators application file address.
The structure of aid operators application file is identical with application default document structure, as shown in Figure 4, for storing aid operators application data, comprises personal data and the application data of aid operators.Personal data comprises KEY file and other personal datas, and application data comprises transaction record data, application-dependent data and other data.The application data of aid operators is the data that the application of storage intelligent card corresponding in use produces, the consumer record of such as stored value card etc.After smart card distribution, if there is new aid operators to use this application of IC cards, needs that the data of this aid operators are synchronized to application of IC cards and realize in system, so that existing intelligent card subscriber can be enjoyed the service of this aid operators.
(2), in the time of external device access application of IC cards, authenticate device 13 first authenticates described external unit environment according to described environment verify data.
Described external unit refers to terminal that can access intelligent card, as card reader, POS equipment, mobile device etc.
As shown in Figure 5, the process outside facility environment being authenticated is as follows:
1. external unit 2 is realized system 1 to application of IC cards and is initiated application choice instruction, and application of IC cards realizes transmission unit 131 in system 1, after receiving instruction, application choice result returned to described external unit 2;
2. external unit 2 is realized system 1 initiation to application of IC cards and is obtained random number instruction, and random number is returned to external unit 2 by transmission unit 131;
3. external unit 2 obtains after random number, be identified at and in security context, carry out SHA message digest computation with aid operators, the eap-message digest content of calculating and aid operators mark are encapsulated, be transferred to application of IC cards and realize system 1, and initiate aid operators authentication instruction;
4. application of IC cards realizes computing unit 132 in system 1 according to the aid operators mark receiving, search with aid operators and identify corresponding environment authentication document, message digest computation key in environment for use authentication document, the random number producing and aid operators mark are carried out to SHA message digest computation, comparing unit 133 compares the external unit result of calculation of result of calculation and reception, if identical, is verified, otherwise authentication failed, verification process finishes.Digest calculations method can adopt SHA1(Secure Hash Algorithm, Secure Hash Algorithm), MD5(Message Digest Algorithm, Message Digest 5) etc. existing algorithm.
(3), after authentication is passed through, loading attachment 14 is confirmed the affiliated aid operators application data of described external unit 2, and described aid operators application data is loaded in application of IC cards, carries out corresponding business processing for application of IC cards.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technology thereof, the present invention is also intended to comprise these changes and modification interior.
Claims (10)
1. an application of IC cards implementation method for personal data is overlapped in support more, it is characterized in that: in application of IC cards, increase environment authentication document and aid operators application file, be respectively used to storage environment verify data and aid operators application data; In the time of external device access application of IC cards for access intelligent card application, first according to described environment verify data, described external unit environment is authenticated; If by authentication, confirm the affiliated aid operators application data of described external unit; Again described aid operators application data is loaded in application of IC cards, carries out corresponding business processing for application of IC cards.
2. application of IC cards implementation method as claimed in claim 1, it is characterized in that: described personal data comprises main operator personal data and aid operators personal data, described main operator personal data is pre-stored in described application of IC cards, in the time increasing the aid operators of application of IC cards, reload corresponding aid operators personal data.
3. application of IC cards implementation method as claimed in claim 1, is characterized in that: described environment verify data comprises message digest computation key, aid operators mark and aid operators application file address.
4. application of IC cards implementation method as claimed in claim 1, is characterized in that: described aid operators application data comprises personal data and the application data of aid operators.
5. the application of IC cards implementation method as described in any one in claim 1 ~ 4, is characterized in that: the described process outside facility environment being authenticated according to environment verify data and aid operators application data is as follows:
Described external unit is initiated application choice instruction to described application of IC cards, and application choice result is returned to described external unit by described application of IC cards;
Described external unit initiates to obtain random number instruction to described application of IC cards, and described random number is returned to described external unit by described application of IC cards;
Described external unit will obtain after random number, be identified at and in security context, carry out SHA message digest computation with aid operators, the eap-message digest content of calculating and aid operators mark are encapsulated, be transferred to described application of IC cards, and initiate aid operators authentication instruction;
Described application of IC cards is according to the aid operators mark receiving, search with described aid operators and identify corresponding environment authentication document, message digest computation key in environment for use authentication document, the random number producing and aid operators mark are carried out to SHA message digest computation, and the result of calculation of the described external unit of result of calculation and reception is compared, if identical, be verified, otherwise authentication failed, verification process finishes.
6. application of IC cards implementation method as claimed in claim 5, is characterized in that: described digest calculations method adopts SHA1 algorithm.
7. application of IC cards implementation method as claimed in claim 5, is characterized in that: described digest calculations method adopts MD5 algorithm.
8. the application of IC cards that personal data is overlapped in support more realizes a system, it is characterized in that: described system comprises the first memory storage (11) for storing multiple sets personal data;
For second memory storage (12) of storage environment authentication document and aid operators application file;
For when access intelligent card apply external device access application of IC cards time, the authenticate device (13) described external unit environment being authenticated according to environment verify data;
Be used for confirming the affiliated aid operators application data of described external unit, described aid operators application data is loaded into the loading attachment (14) in application of IC cards.
9. the application of IC cards that personal data is overlapped in support as claimed in claim 8 more realizes system, it is characterized in that: described the second memory storage (12) comprises the first storage unit (121) for storage environment authentication document, and for storing second storage unit (122) of aid operators application file.
10. support as claimed in claim 8 or 9 that the application of IC cards of many cover personal datas realizes system, it is characterized in that: described authenticate device (13) comprises the transmission unit (131) for receiving described external device instruction link order result;
For searching corresponding environment authentication document according to aid operators mark, the message digest computation key in environment for use authentication document, identifies to the random number producing and aid operators the computing unit (132) that carries out SHA message digest computation;
For the comparing unit (133) that the message digest computation result of the described external unit of described message digest computation result and reception is compared.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210583738.6A CN103903022B (en) | 2012-12-28 | 2012-12-28 | It is a kind of support more cover personal data application of IC cards realization method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210583738.6A CN103903022B (en) | 2012-12-28 | 2012-12-28 | It is a kind of support more cover personal data application of IC cards realization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103903022A true CN103903022A (en) | 2014-07-02 |
| CN103903022B CN103903022B (en) | 2017-06-20 |
Family
ID=50994334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210583738.6A Expired - Fee Related CN103903022B (en) | 2012-12-28 | 2012-12-28 | It is a kind of support more cover personal data application of IC cards realization method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103903022B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107590149A (en) * | 2016-07-07 | 2018-01-16 | 北京数码视讯科技股份有限公司 | File directory creating method and apparatus in a kind of smart card |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1471050A (en) * | 2002-07-23 | 2004-01-28 | 深圳市明华澳汉科技有限公司 | Method and apparatus for operating data for integrated circuit coard |
| CN1516052A (en) * | 2003-01-06 | 2004-07-28 | 李之彦 | Opened function dynamic integrated intelligent card system |
| CN1742462A (en) * | 2003-02-21 | 2006-03-01 | 意大利电信股份公司 | Method and system for managing network access device using a smart card |
| CN1886747A (en) * | 2003-11-07 | 2006-12-27 | 诺基亚有限公司 | Method and device for controlling installation of applications using operator root certificates |
| CN101739755A (en) * | 2009-12-04 | 2010-06-16 | 北京握奇数据系统有限公司 | Method and device for realizing smart card multi-service application |
| CN102088349A (en) * | 2010-12-27 | 2011-06-08 | 深圳市安捷信联科技有限公司 | Personalized method and system of intelligent card |
| CN102394743A (en) * | 2011-08-10 | 2012-03-28 | 武汉天喻信息产业股份有限公司 | Method and device for personalizing Java card |
| CN102571348A (en) * | 2011-12-16 | 2012-07-11 | 汉柏科技有限公司 | Ethernet encryption and authentication system and encryption and authentication method |
| CN102571702A (en) * | 2010-12-22 | 2012-07-11 | 中兴通讯股份有限公司 | Key generation method, system and equipment in Internet of things |
-
2012
- 2012-12-28 CN CN201210583738.6A patent/CN103903022B/en not_active Expired - Fee Related
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1471050A (en) * | 2002-07-23 | 2004-01-28 | 深圳市明华澳汉科技有限公司 | Method and apparatus for operating data for integrated circuit coard |
| CN1516052A (en) * | 2003-01-06 | 2004-07-28 | 李之彦 | Opened function dynamic integrated intelligent card system |
| CN1742462A (en) * | 2003-02-21 | 2006-03-01 | 意大利电信股份公司 | Method and system for managing network access device using a smart card |
| CN1886747A (en) * | 2003-11-07 | 2006-12-27 | 诺基亚有限公司 | Method and device for controlling installation of applications using operator root certificates |
| CN101739755A (en) * | 2009-12-04 | 2010-06-16 | 北京握奇数据系统有限公司 | Method and device for realizing smart card multi-service application |
| CN102571702A (en) * | 2010-12-22 | 2012-07-11 | 中兴通讯股份有限公司 | Key generation method, system and equipment in Internet of things |
| CN102088349A (en) * | 2010-12-27 | 2011-06-08 | 深圳市安捷信联科技有限公司 | Personalized method and system of intelligent card |
| CN102394743A (en) * | 2011-08-10 | 2012-03-28 | 武汉天喻信息产业股份有限公司 | Method and device for personalizing Java card |
| CN102571348A (en) * | 2011-12-16 | 2012-07-11 | 汉柏科技有限公司 | Ethernet encryption and authentication system and encryption and authentication method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107590149A (en) * | 2016-07-07 | 2018-01-16 | 北京数码视讯科技股份有限公司 | File directory creating method and apparatus in a kind of smart card |
| CN107590149B (en) * | 2016-07-07 | 2021-01-08 | 北京数码视讯科技股份有限公司 | File directory creation method and device in smart card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103903022B (en) | 2017-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10936719B2 (en) | Preserving trust data during operating system updates of a secure element of an electronic device | |
| CN105391840B (en) | Automatically create destination application | |
| US9332060B2 (en) | Methods, secure element, server, computer programs and computer program products for improved application management | |
| CN102402820B (en) | Electronic transaction method and terminal equipment | |
| US8006084B2 (en) | Apparatus and method for managing plurality of certificates | |
| JP2022545145A (en) | Dynamic off-chain digital currency transaction processing | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| CN102202306B (en) | Mobile security authentication terminal and method | |
| KR20140072886A (en) | Authenticating device users | |
| CN101834946A (en) | Method for performing safe mobile phone payment and mobile phone for performing safe payment | |
| EP2736214B1 (en) | Controlling application access to mobile device functions | |
| CN105101169A (en) | Method and apparatus of information processing by trusted execution environment, terminal and SIM card | |
| US20230186257A1 (en) | Payment method, gateway device, server and storage medium | |
| CN102610045B (en) | Trustable mobile payment system and mobile payment method | |
| US10108947B2 (en) | Smart card reader with public key index on host device | |
| US20220253819A1 (en) | Multi-use near field communication front end on a point of sale system | |
| CN111311259A (en) | Bill processing method, device, terminal and computer readable storage medium | |
| CN105427102A (en) | Financial IC card based authentication method and corresponding device and system | |
| CN103903022A (en) | Realization method and system of intelligent card application supporting multiple sets of personal data | |
| EP4246873A1 (en) | Method and system for changing key in security module | |
| CN104796771A (en) | Control downloading method, system and downloading guiding module | |
| CN114119003A (en) | Method and device for realizing off-line payment service | |
| CN101667258B (en) | Data operating method and device for intelligent card | |
| US20150332263A1 (en) | Method for processing issuance of mobile credit card | |
| CN103402141A (en) | Ukey-based secure television payment method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100102 Beijing city Chaoyang District Wangjing Lize Park No. 101 Qiming International Building 7 Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100102 Beijing city Chaoyang District Wangjing Lize Park No. 101 Qiming International Building 7 Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Guo Tianguang Inventor after: Zhang Jiangtao Inventor before: Zhang Jiangtao |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170620 Termination date: 20211228 |