A kind of application of IC cards implementation method and system of supporting many cover personal datas
Technical field
The invention belongs to smart card application technologies field, be specifically related to a kind of application of IC cards implementation method and system of supporting many cover personal datas.
Background technology
Along with the expansion of the universal and application of smart card, smart card progressively becomes instrument indispensable in the modern life.At present, the card sending mechanism of smart card is more, comprises bank, telecommunications, municipal administration, property etc.Application on smart card also exists diversity and repeatability, for example, is applied to the traffic all-purpose card electronic wallet application in public transport field, is applied to the debt-credit note application of financial field etc.Wherein, all-purpose card electronic wallet application also can be applied in multiple fields such as traffic, supermarket, movie theatre, payphone, and the application of finance debt-credit note can be applied to Duo Jia bank.
At present, an application of IC cards only can be used its corresponding a set of personal data, this just causes in the use procedure of smart card, the single personal data of its issuer is only supported in its corresponding application of IC cards, cannot be compatible other use the personal data of the issuer of same application, therefore cause different smart card issuers all to need to issue a smart card that is loaded with same application to user, user's smart card quantity is constantly increased, on the one hand user's use is caused to larger inconvenience, also wasted on the other hand more resource.
Solving in the problem of one card for multiple uses, the method adopting is at present that multiple identical application are installed on a sheet smart card, and each application is used separately independently personal data.The problem that adopts the method to produce is mainly to impact smart cards for storage resource, and the storage resources of smart card is a kind of limited resources.
Summary of the invention
For the defect existing in prior art, technical matters to be solved by this invention is to provide a kind of application of IC cards implementation method and the system that can support many cover personal datas.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
An application of IC cards implementation method of supporting many cover personal datas increases environment authentication document and aid operators application file in application of IC cards, is respectively used to storage environment verify data and aid operators application data; In the time of external device access application of IC cards for access intelligent card application, first according to described environment verify data, described external unit environment is authenticated; If by authentication, confirm the affiliated aid operators application data of described external unit; Again described aid operators application data is loaded in application of IC cards, carries out corresponding business processing for application of IC cards.
Application of IC cards implementation method as above, wherein, personal data comprises main operator personal data and aid operators personal data, described main operator personal data is pre-stored in described application of IC cards, in the time increasing the aid operators of application of IC cards, reload corresponding aid operators personal data.
Application of IC cards implementation method as above, wherein, environment verify data comprises message digest computation key, aid operators mark and aid operators application file address.Aid operators application data comprises personal data and the application data of aid operators.
Application of IC cards implementation method as above, wherein, the process outside facility environment being authenticated according to environment verify data is as follows:
Described external unit is initiated application choice instruction to described application of IC cards, and application choice result is returned to described external unit by described application of IC cards;
Described external unit initiates to obtain random number instruction to described application of IC cards, and described random number is returned to described external unit by described application of IC cards;
Described external unit will obtain after random number, be identified at and in security context, carry out SHA message digest computation with aid operators, the eap-message digest content of calculating and aid operators mark are encapsulated, be transferred to described application of IC cards, and initiate aid operators authentication instruction;
Described application of IC cards is according to the aid operators mark receiving, search with described aid operators and identify corresponding environment authentication document, message digest computation key in environment for use authentication document, the random number producing and aid operators mark are carried out to SHA message digest computation, and the result of calculation of the described external unit of result of calculation and reception is compared, if identical, be verified, otherwise authentication failed, verification process finishes.
Application of IC cards implementation method as above, wherein, digest calculations method adopts SHA1 algorithm or MD5 algorithm.
Support the application of IC cards of many cover personal datas to realize a system, comprise the first memory storage for storing multiple sets personal data;
For the second memory storage of storage environment authentication document and aid operators application file;
For when access intelligent card apply external device access application of IC cards time, the authenticate device described external unit environment being authenticated according to environment verify data;
Be used for confirming the affiliated aid operators application data of described external unit, described aid operators application data is loaded into the loading attachment in application of IC cards.
The application of IC cards that personal data is overlapped in support as above more realizes system, and wherein, the second memory storage comprises the first storage unit for storage environment authentication document, and for storing the second storage unit of aid operators application file.
The application of IC cards that personal data is overlapped in support as above more realizes system, and wherein, authenticate device comprises the transmission unit for receiving described external device instruction link order result;
For searching corresponding environment authentication document according to aid operators mark, the message digest computation key in environment for use authentication document, identifies to the random number producing and aid operators the computing unit that carries out SHA message digest computation;
For the comparing unit that the message digest computation result of the described external unit of described message digest computation result and reception is compared.
The method of the invention and system, can support application and the personal data of multiple operators by making single application of IC cards, on the one hand, avoid installing the situation of multiple identical applications of IC cards in the situation that of one card for multiple uses, greatly saved the storage space of card; On the other hand, by adopting the mode of multi-operator application and personal data, avoided account dispute corresponding to application of IC cards, to promoting, all-purpose card is used, one card for multiple uses has played positive effect.
Accompanying drawing explanation
Fig. 1 supports the application of IC cards of many cover personal datas to realize the structured flowchart of system in embodiment;
Fig. 2 is the process flow diagram of supporting the application of IC cards implementation method of many cover personal datas in embodiment;
Fig. 3 is the structural representation of application of IC cards file in embodiment;
Fig. 4 is the structural representation of aid operators application file in embodiment;
Fig. 5 is the process flow diagram flow chart in embodiment, outside facility environment being authenticated.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.
As shown in Figure 1, in present embodiment, support the applications of IC cards of overlapping personal datas to realize system 1 more and comprise the first memory storage 11, the second memory storage 12, authenticate device 13 and loading attachment 14.Wherein, the second memory storage 12 comprises the first storage unit 121 and the second storage unit 122, and authenticate device 13 comprises transmission unit 131, computing unit 132 and comparing unit 133.This system 1 is arranged in smart card.
The first memory storage 11 is for storing multiple sets personal data.Described personal data comprises main operator personal data and aid operators personal data.Main operator personal data is pre-stored in the first memory storage 11, in the time increasing the aid operators of application of IC cards, reloads corresponding aid operators personal data.The second memory storage 12 is for storage environment authentication document and aid operators application file, wherein, the first storage unit 121 storage environment authentication documents, the second storage unit 122 is stored aid operators application file.Authenticate device 13, in the time that external unit 2 access intelligent cards of access intelligent card are applied, authenticates described external unit environment according to environment verify data.Wherein, transmission unit 131 is for receiving described external device instruction link order result; Computing unit 132 is for searching corresponding environment authentication document according to aid operators mark, and the message digest computation key in environment for use authentication document, carries out SHA message digest computation to the random number producing and aid operators mark; Comparing unit 133 is for comparing the message digest computation result of the described external unit 2 of described message digest computation result and reception.Loading attachment 14, for confirming the affiliated aid operators application data of described external unit 2, is loaded into described aid operators application data in application of IC cards.
As shown in Figure 2, adopting system shown in Figure 1 to realize supports the method for the application of IC cards of many cover personal datas to comprise the following steps:
(1) realize in system and increase environment authentication document and aid operators application file in application of IC cards, be respectively used to storage environment verify data and aid operators application data.Environment authentication document is stored in the first storage unit 121, and aid operators application file is stored in the second storage unit 122.
The file structure that application of IC cards realizes system as shown in Figure 3, comprises master control key file, catalogue file, ADF(Application Dedicated File, application proprietary file) and other application files.ADF comprises application default document, increases environment authentication document and aid operators application file.Environment authentication document comprises the secret key of message digest computation, aid operators mark and aid operators application file address.
The structure of aid operators application file is identical with application default document structure, as shown in Figure 4, for storing aid operators application data, comprises personal data and the application data of aid operators.Personal data comprises KEY file and other personal datas, and application data comprises transaction record data, application-dependent data and other data.The application data of aid operators is the data that the application of storage intelligent card corresponding in use produces, the consumer record of such as stored value card etc.After smart card distribution, if there is new aid operators to use this application of IC cards, needs that the data of this aid operators are synchronized to application of IC cards and realize in system, so that existing intelligent card subscriber can be enjoyed the service of this aid operators.
(2), in the time of external device access application of IC cards, authenticate device 13 first authenticates described external unit environment according to described environment verify data.
Described external unit refers to terminal that can access intelligent card, as card reader, POS equipment, mobile device etc.
As shown in Figure 5, the process outside facility environment being authenticated is as follows:
1. external unit 2 is realized system 1 to application of IC cards and is initiated application choice instruction, and application of IC cards realizes transmission unit 131 in system 1, after receiving instruction, application choice result returned to described external unit 2;
2. external unit 2 is realized system 1 initiation to application of IC cards and is obtained random number instruction, and random number is returned to external unit 2 by transmission unit 131;
3. external unit 2 obtains after random number, be identified at and in security context, carry out SHA message digest computation with aid operators, the eap-message digest content of calculating and aid operators mark are encapsulated, be transferred to application of IC cards and realize system 1, and initiate aid operators authentication instruction;
4. application of IC cards realizes computing unit 132 in system 1 according to the aid operators mark receiving, search with aid operators and identify corresponding environment authentication document, message digest computation key in environment for use authentication document, the random number producing and aid operators mark are carried out to SHA message digest computation, comparing unit 133 compares the external unit result of calculation of result of calculation and reception, if identical, is verified, otherwise authentication failed, verification process finishes.Digest calculations method can adopt SHA1(Secure Hash Algorithm, Secure Hash Algorithm), MD5(Message Digest Algorithm, Message Digest 5) etc. existing algorithm.
(3), after authentication is passed through, loading attachment 14 is confirmed the affiliated aid operators application data of described external unit 2, and described aid operators application data is loaded in application of IC cards, carries out corresponding business processing for application of IC cards.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technology thereof, the present invention is also intended to comprise these changes and modification interior.