A kind of application of IC cards scene Recognition method and system
Technical field
The invention belongs to smart card application technologies field, be specifically related to a kind of recognition methods and system of application of IC cards scene.
Background technology
Universal along with application of IC cards, swipe the card and become a part for people's daily life, but not necessarily safety of the environment of swiping the card.At present, identification for transaction scene is to be completed by the safety chip in POS terminal, only have POS terminal to know the scene that it uses, and for the main body smart card of concluding the business, itself does not also know that it hands over incident scene, this has brought larger potential safety hazard for offline transaction, especially off line payment technical field.When user is in the time that a POS terminal is concluded the business, user may and not know whether this terminal is the legal terminal of safety, and illegal POS terminal can be lured user's input card password into and be copied subscriber card, brings great risk to user's property safety.In addition, universal along with radio-frequency technique, non-connect to swipe the card become the main flow of offline transaction mode of doing business, its transaction security hidden danger is larger.
The security of smart card itself has obtained the consistent approval of industry, by smart card itself, the residing trading environment of application of IC cards is verified, can guarantee the security of smart card environment for use.
Summary of the invention
For the defect existing in prior art, technical matters to be solved by this invention is to provide a kind of application of IC cards scene Recognition method and system that can improve transaction security.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
A kind of application of IC cards scene Recognition method, comprises the following steps:
Card-reading terminal is initiated application choice instruction to smart card, and smart card generates verification random number, returns to trading environment check request and described random number to card-reading terminal;
When card-reading terminal is received after the trading environment check request of smart card, the random number that smart card is returned is encrypted according to agreement cipher mode in safety barrier;
After card-reading terminal is organized random number encryption result, card-reading terminal mark, initiate trading environment check request and described random number encryption result, card-reading terminal mark to smart card;
Smart card receives after the trading environment check request of card-reading terminal, use stipulated form to calculate the encryption key of card-reading terminal mark, and use random number described in described encryption secret key pair to be encrypted, whether verification is consistent with the random number encryption result of sending in card-reading terminal; If consistent, card-reading terminal is legal; Otherwise, forbid the application of card-reading terminal access intelligent card.
Application of IC cards scene Recognition method as above, wherein, in the time that card-reading terminal is initiated application choice instruction to smart card, also comprise and judge whether the selected application of card-reading terminal needs to carry out trading environment verification, if needed, regeneration verification random number is carried out subsequent treatment.
Application of IC cards scene Recognition method as above, wherein, the method that random number is encrypted adopts decentralized algorithm.Described decentralized algorithm adopts symmetric encipherment algorithm or rivest, shamir, adelman.
Application of IC cards scene Recognition method as above, wherein, after verification Card Reader terminal legality, also comprises and judges the whether step in blacklist of terminal iidentification, if in blacklist, forbids the application of card-reading terminal access intelligent card.
Application of IC cards scene Recognition method as above, wherein, for the card-reading terminal that can carry out screen display, also comprises the process that user confirms, specifically comprises the following steps:
Carry out card-reading terminal verification legal after, smart card uses card-reading terminal authenticate key to carry out symmetric cryptography user's confirmation, returns to card-reading terminal;
Card-reading terminal receives these data deciphering, data message is shown on the display screen of card-reading terminal, after being confirmed by user, confirmation result is sent on smart card, if confirm to pass through, card-reading terminal is legal, otherwise forbids the application of card-reading terminal access intelligent card.
A kind of application of IC cards scene Recognition system, comprises smart card and card-reading terminal, and described smart card comprises the first transmitting device, random number generating apparatus, calculation element, the first encryption device and calibration equipment; Described card-reading terminal comprises the second transmitting device and the second encryption device;
Described the second transmitting device is for initiating application choice instruction to smart card;
The application choice instruction that described the first transmitting device sends for receiving described the second transmitting device; Described random number generating apparatus is used for generating verification random number; Described the first transmitting device is also for returning to trading environment check request and described random number to card-reading terminal;
Described the second transmitting device is also for receiving described trading environment check request and described random number; Described the second encryption device, for receiving after the trading environment check request that smart card sends, is encrypted according to agreement cipher mode in safety barrier described random number; Described the second transmitting device is also for organizing backward described smart card to initiate the encrypted result of trading environment check request and described random number, card-reading terminal mark the encrypted result of described random number, card-reading terminal mark;
The trading environment check request that described the first transmitting device also sends for receiving card-reading terminal; Described calculation element is for using stipulated form to calculate the encryption key of card-reading terminal mark; Described the first encryption device is used for using random number described in described encryption secret key pair to be encrypted; Whether the encrypted result that described calibration equipment is encrypted described random number for the first encryption device described in verification is consistent with the random number encryption result of sending in described card-reading terminal.
Application of IC cards scene Recognition system as above, wherein, smart card also comprises in the time that described card-reading terminal is initiated application choice instruction to described smart card, judges whether the selected application of described card-reading terminal needs to carry out the first judgment means of trading environment verification.
Application of IC cards scene Recognition system as above, wherein, smart card also comprises for after card-reading terminal described in verification is legal, judges whether the second judgment means in blacklist of described card-reading terminal mark.
The method of the invention and system, the mode of the residing trading environment of smart card itself being identified and being verified by smart card, has guaranteed the security of smart card use scenes, has effectively avoided occurring black possibility.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of application of IC cards scene Recognition system in embodiment;
Fig. 2 is the process flow diagram of application of IC cards scene Recognition method in embodiment.
Embodiment
The present invention, by application choice process, increases the process to the environment authentication of swiping the card in smart card, guarantees the security of the whole transaction of swiping the card, and after environment authentication that and if only if is passed through, application of IC cards side can normally be used.This verification process can be unified to process (as Native card) by smart card independent utility processing module, also can be processed by application of IC cards itself by (as JAVA card).Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.
In present embodiment, first in smart card, increase trading environment identification and verification file, for storing to trading environment identification and verifying relevant data content.Single trading environment identification and verification file comprises: KEY file, card-reading terminal issuer identification document, card-reading terminal blacklist file, application of IC cards identification document, applied environment checking mark file.
KEY file is for storing the secret key of the authentication of verifying with card-reading terminal.Card-reading terminal issuer identification document is for storing the mark of card-reading terminal issuer.Card-reading terminal blacklist file is used for storing card-reading terminal blacklist information.Application of IC cards identification document, for the corresponding application of IC cards mark of storage environment identification and authentication file, can be application AID etc.Whether applied environment checking mark file needs to carry out environment verification for the corresponding application of storaging mark, comprises not verification, forces verification, optional verification etc.
If there are multiple application in smart card, need to create a trading environment identification and verification file for each application, carry out unified management or managed independently by application of IC cards itself by smart card.
As shown in Figure 1, in present embodiment, application of IC cards scene Recognition system comprises smart card 1 and card-reading terminal 2; Smart card 1 comprises the first transmitting device 11, random number generating apparatus 12, calculation element 13, the first encryption device 14 and calibration equipment 15, the first judgment means 16 and the second judgment means 17; Card-reading terminal 2 comprises the second transmitting device 21 and the second encryption device 22.
Wherein, the second transmitting device 21 is for initiating application choice instruction to smart card 1.The application choice instruction that the first transmitting device 11 sends for receiving the second transmitting device 21.The first judgment means 16 is for judging whether the selected application of card-reading terminal 2 needs to carry out trading environment verification.Random number generating apparatus 12 is for generating verification random number.The first transmitting device 11 is also for returning to trading environment check request and described random number to card-reading terminal 2.The second transmitting device 21 is also for receiving described trading environment check request and described random number.The second encryption device 22, for receiving after the trading environment check request that smart card 1 sends, is encrypted according to agreement cipher mode in safety barrier described random number.The second transmitting device 21 is also for organizing backward described smart card 1 to initiate the encrypted result of trading environment check request and described random number, card-reading terminal mark the encrypted result of described random number, card-reading terminal mark.The trading environment check request that the first transmitting device 11 also sends for receiving card-reading terminal 2.Calculation element 13 is for using stipulated form to calculate the encryption key of card-reading terminal mark.The first encryption device 14 is for using random number described in described encryption secret key pair to be encrypted.Whether the encrypted result that calibration equipment 15 is encrypted described random number for verification the first encryption device 14 is consistent with the random number encryption result of sending in card-reading terminal 2.The second judgment means 17 is for after card-reading terminal described in verification 2 is legal, judges that described card-reading terminal mark is whether in blacklist.
As shown in Figure 2, the method that adopts system shown in Figure 1 to realize application of IC cards scene Recognition comprises the following steps:
(1) in card-reading terminal 2, the second transmitting device 21 is initiated application choice instruction to smart card 1, in smart card 1, the first transmitting device 11 receives application choice instruction, the first judgment means 16 judges whether the selected application of card-reading terminal 2 needs to carry out trading environment verification, if needed, random number generating apparatus 12 generates verification random number, returns to trading environment check request and described random number to card-reading terminal 2.
(2) receive and need to carry out after trading environment check request when the second transmitting device 21 in card-reading terminal 2, the random number that the second encryption device 22 returns smart card 1 is encrypted according to agreement cipher mode in safety barrier.
In the safety barrier of card-reading terminal, for example PSAM card, increase by one group of card-reading terminal authentication secret of card-reading terminal mark (as numbering) being disperseed to generate by smart card authentication key, being used for carrying out card-reading terminal authentication uses, its decentralized algorithm can adopt symmetry algorithm or asymmetric arithmetic to realize, and is exemplified below:
If the authenticate key of smart cards for storage is master key (Km), dispersion factor is card-reading terminal numbering (X), and the distributed key of generation is Kc.In the time that the algorithm adopting is symmetry algorithm 3DES ECB, its implementation is as follows:
Kcl=3DES(Km,X)
Kcr=3DES(Km,NOT?X)
Kc=Kcl||Kcr
In the time that the algorithm adopting is asymmetric RSA Algorithm, its implementation is as follows:
In the safety barrier of card-reading terminal and application of IC cards, store all separately public private key datas.First, in the time carrying out trading environment check request, need carry out both sides' public key data exchange, application of IC cards and card-reading terminal safety barrier exchange both sides' public key data each other.Card-reading terminal is when to application of IC cards request verification random number, and application of IC cards is transferred to card-reading terminal after using the PKI of card-reading terminal to be encrypted the random number of generation.Card-reading terminal, after receiving the random number of encryption, is used the private key of card-reading terminal safety barrier to be decrypted; Card-reading terminal safety barrier uses the PKI of application of IC cards to be encrypted card-reading terminal mark and random number, and uses the private key of card-reading terminal safety barrier to sign to enciphered data.
(3), after the second transmitting device 21 is organized the encrypted result of random number, card-reading terminal mark in card-reading terminal 2, initiate encrypted result, the card-reading terminal mark of trading environment check request and described random number to smart card.Its organizational form is: trading environment check request order (arranging according to practical business instruction)+card-reading terminal mark (16 bit lengths or definite according to actual demand, can adopt LV form)+random number encryption result (determine concrete data length according to definite cryptographic algorithm, also can adopt LV form).
(4) in smart card 1, the first transmitting device 11 receives after the trading environment check request of card-reading terminal, calculation element 13 uses the key decentralized algorithm of agreement to calculate the encryption key of card-reading terminal mark, the verification random number that the first encryption device 14 uses described encryption secret key pair to issue is encrypted, and whether the encrypted result that calibration equipment 15 verification the first encryption devices 14 are encrypted described random number is consistent with the random number encryption result of sending in card-reading terminal 2.If consistent, card-reading terminal is legal; Otherwise, forbid the application of card-reading terminal access intelligent card.
After verification card-reading terminal is legal, preferred, the second judgment means 17 judges that card-reading terminal mark whether in blacklist, if in blacklist, forbids the application of card-reading terminal access intelligent card again.
For the card-reading terminal that can carry out screen display, preferred, also comprise the process that user confirms.Carry out card-reading terminal verification legal after, smart card uses card-reading terminal authenticate key to carry out symmetric cryptography user's confirmation (as nonsensitive datas such as address name, another name or names on account), returns to card-reading terminal.Card-reading terminal receives these data deciphering, data message is shown on the display screen of card-reading terminal, after being confirmed by user, confirmation result is sent on smart card, pass through if confirmed, card-reading terminal is legal, and card-reading terminal can access intelligent card application respective application, otherwise forbids the application of card-reading terminal access intelligent card.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technology thereof, the present invention is also intended to comprise these changes and modification interior.