CN104574652A - Method for increasing and deducting pollution discharge data of IC card and IC card - Google Patents

Method for increasing and deducting pollution discharge data of IC card and IC card Download PDF

Info

Publication number
CN104574652A
CN104574652A CN201310479322.4A CN201310479322A CN104574652A CN 104574652 A CN104574652 A CN 104574652A CN 201310479322 A CN201310479322 A CN 201310479322A CN 104574652 A CN104574652 A CN 104574652A
Authority
CN
China
Prior art keywords
random number
blowdown
card
money
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310479322.4A
Other languages
Chinese (zh)
Other versions
CN104574652B (en
Inventor
袁艳芳
王于波
付青琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201310479322.4A priority Critical patent/CN104574652B/en
Publication of CN104574652A publication Critical patent/CN104574652A/en
Application granted granted Critical
Publication of CN104574652B publication Critical patent/CN104574652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a method for increasing and deducting pollution discharge data of an IC card and an IC card. The method for increasing pollution discharge data of the IC card comprises the following steps: receiving a command of increasing discharge capacity issued by charging equipment, wherein the command of increasing discharge capacity comprises a first random number; judging whether the first random number is random or not, if yes, determining that the command of increasing discharge capacity is legal, and receiving the charging operation by the charging equipment. According to the method for increasing and deducting pollution discharge data of the IC card and the IC card, disclosed by the invention, the concept of the random number is introduced into the command of discharge capacity, so that illegal users are prevented from intercepting charging number to charge multiple times; a measure of a special authentication code is introduced, and the special authentication code is written into a safe data region of a chip to prevent generation of a cloned chip; a measure of a check code is introduced to prevent error of transmission of the pollution discharge data or illegal aggressive behavior in the transmission process so as to guarantee the safety and confidentiality of the pollution discharge data in the transmission process.

Description

The method that IC-card blowdown data increase, reduce and IC-card
Technical field
The present invention relates to data transmission and security technology area in the communications field, particularly, relate to the increase of IC-card blowdown data, the method for reducing and IC-card.
Background technology
Pollutant Discharge Permit System is for target with environmental protect quality, based on pollutant pollution permission system, specify the information such as kind, data that pollutant discharging unit discharges pollutants, being an administration system with intendment of law, is the means to key area, emphasis pollutant discharging unit discharge of major pollutant implementation quantified management.In the past in pollution source regulation process, only concentration of emission was controlled, can not contaminated solution problem on the whole, only have and prediction emission is carried out to major polluting sources, provide pollutant discharging license, whole regional environmental quality could be improved.Specifically for the environmental quality requirement that different regions are different, determine different pollution source, cut down different pollutant discharge amount.Pollution control is closely combined with environmental quality target, is conducive to saving improvement fund, realizes environmental quality target.
The IC card system used in current pollutant discharging license system, main employing be mifare card technique, or " China's finance integrated circuit (IC) calliper model " (JR/T 0025-2005) stored value card in (being called for short PB0C2.0 in the industry)/bankbook application technology.The quantity of wallet due to spatial relationship relatively limited, and algorithm security is lower.DES relative safety in crypto algorithm wherein in mifare card technique and Electronic Finance wallet bankbook is lower, and operating process is more complicated.
Realizing in process of the present invention, inventor finds that in prior art, at least there are the following problems:
The system that traditional IC-card blowdown data increase, reduce, what mainly adopt is mifare card technique, or the stored value card/bankbook application technology in " China's finance integrated circuit (IC) calliper model " (JR/T 0025-2005).What algorithmically adopt is crypto algorithm or DES algorithm; The simple purse application adopted, or Electronic Finance purse application.Current mifare technology is cracked, and the stored value card of finance amount deposited when depositing is plaintext transmission, easily produces the unsafe problem of transaction.
Summary of the invention
The present invention is the defect in order to overcome IC-card blowdown data security difference in prior art, according to an aspect of the present invention, proposes a kind of method that IC-card blowdown data increase.
According to the method that the IC-card blowdown data of the embodiment of the present invention increase, comprising:
Receive the increase blowdown flow rate instruction that the equipment of supplementing with money issues, this increase blowdown flow rate instruction comprises: the first random number;
Judge that whether the first random number is random, if the first random number is random, then increase blowdown flow rate instruction legal, what receive equipment of supplementing with money supplements operation with money.
The present invention, in order to overcome the defect of IC-card blowdown data security difference in prior art, according to another aspect of the present invention, proposes a kind of IC-card realizing blowdown data and increase.
According to the IC-card realizing the increase of blowdown data of the embodiment of the present invention, comprising:
Command reception module, for receiving the increase blowdown flow rate instruction that the equipment of supplementing with money issues, increasing blowdown flow rate instruction and comprising: the first random number;
Instruction authentication module, for judging that whether the first random number is random, if the first random number is random, then increase blowdown flow rate instruction legal, what receive equipment of supplementing with money supplements operation with money.
The method of the IC-card blowdown data increase of the embodiment of the present invention and IC-card, algorithmically have employed the close SM1 algorithm of state and instead of crypto algorithm or DES algorithm, and plaintext transmission of the prior art is changed into ciphertext transmission, ensure that the security of blowdown data in transmitting procedure and confidentiality.
The method of the IC-card blowdown data increase of the embodiment of the present invention and IC-card, introduce the concept of random number, effectively prevent disabled user and intercept load value data, repeatedly supplement with money in blowdown flow rate instruction; Introduce the measure of special authentication code, special authentication code is written to secure data district in chip, prevents the generation of clone's chip; Introduce the measure of check code, prevent the rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The present invention is the defect in order to overcome IC-card blowdown data security difference in prior art, according to an aspect of the present invention, proposes a kind of method that IC-card blowdown data are reduced.
According to the method that the IC-card blowdown data of the embodiment of the present invention are reduced, comprising:
What reception blowdown control terminal issued reduces blowdown flow rate instruction, reduces blowdown flow rate instruction and comprises: the 3rd random number, extra-code, and the 3rd random number and extra-code are used for producing the second check code when supplementing with money blowdown control terminal ESAM;
Judge that in IC-card, whether remaining sum is sufficient, if sufficient, then generate the 4th random number, if not enough, then do not generate random number;
The blowdown data of reducing, described 4th random number and the second special authentication code are encrypted and obtain encrypted cipher text, carry out MAC according to described 3rd random number to described extra-code and described encrypted cipher text and calculate the second check code, described extra-code, described encrypted cipher text and described second check code form the increase blowdown flow rate instruction of supplementing with money blowdown control terminal ESAM.
The present invention is the defect in order to overcome IC-card blowdown data security difference in prior art, according to an aspect of the present invention, proposes a kind of IC-card realizing blowdown data and reduce.
Realize according to the embodiment of the present invention IC-card that blowdown data reduce, comprising:
Command reception module, what reception blowdown control terminal issued reduces blowdown flow rate instruction, reduces blowdown flow rate instruction and comprises: the 3rd random number, extra-code, and the 3rd random number and extra-code are used for producing the second check code when supplementing with money blowdown control terminal ESAM;
Random number generation module, for judging that in IC-card, whether remaining sum is sufficient, if sufficient, then generate the 4th random number, if not enough, does not then generate random number;
Check code generation module, encrypted cipher text is obtained for being encrypted the blowdown data of reducing, the 4th random number and the second special authentication code, carry out MAC according to the 3rd random number to extra-code and encrypted cipher text and calculate the second check code, described extra-code, described encrypted cipher text and described second check code form the increase blowdown flow rate instruction of supplementing with money blowdown control terminal ESAM.
The method that the IC-card blowdown data of the embodiment of the present invention are reduced and IC-card, algorithmically have employed the close SM1 algorithm of state and instead of crypto algorithm or DES algorithm, and plaintext transmission of the prior art is changed into ciphertext transmission, ensure that the security of blowdown data in transmitting procedure and confidentiality.
The method that the IC-card blowdown data of the embodiment of the present invention are reduced and IC-card, introduce the concept of random number, effectively prevent disabled user and intercept load value data, repeatedly supplement with money in blowdown flow rate instruction; Introduce the measure of special authentication code, special authentication code is written to secure data district in chip, prevents the generation of clone's chip; Introduce the measure of check code, prevent the rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The method that the IC-card blowdown data of the embodiment of the present invention are reduced and IC-card, in the process of supplementing with money, blowdown data are ciphertext transmission mode, ensure that the security of transmission; Withhold in process at IC-card, output the message of supplementing with money blowdown control terminal ESAM, blowdown control terminal, just as a transmission medium, cannot be interfered supplementing message with money, ensure that the security of data.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from instructions, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write instructions, claims and accompanying drawing and obtain.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for instructions, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is IC-card recharge procedure schematic diagram of the present invention;
Fig. 2 is that IC-card of the present invention is withholdd and ESAM recharge procedure schematic diagram;
Fig. 3 is the IC-card structural representation realizing the increase of blowdown data of one embodiment of the invention;
Fig. 4 be another embodiment of the present invention realize the IC-card structural representation that blowdown data reduce.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail, but is to be understood that protection scope of the present invention not by the restriction of embodiment.
The present invention be directed in prior art the DES algorithm adopted in mifare technology and Electronic Finance wallet, during Electronic Finance wallet deposit, data are transmitted with clear-text way, the security that data store and transmit cannot be ensured, and the problem that transaction flow is too complicated, and the method that a kind of novel IC-card blowdown data proposed increase, reduce.
The present invention proposes a kind of method that novel IC-card blowdown data increase, realize the software systems of the method for downloading to the unique card as an enterprise in subscriber card, also can download to the ESAM(Embedded Secure Access Module in blowdown terminal control device, embedded safe control module simultaneously) as the memory module of " security information of blowdown terminal control device " and " blowdown data remaining sum ".The method is supported the increase blowdown data command of blowdown Data Control, reduces blowdown data command and is read the instruction of blowdown data remaining sum.
To achieve the above object of the invention, the invention provides a kind of method that IC-card blowdown data increase, concrete implementation step is as follows:
Blowdown enterprise needs to handle the unique pollutant discharging license of an IC-card as enterprise, the unique key of the enterprise for this reason of the key in this IC-card, and have corresponding relation (ESAM in blowdown terminal control device is disperseed to get by key in pollutant discharging license IC-card, and can not backstepping) with the ESAM in the blowdown terminal control device of this enterprise.
iC-card is supplemented with money:
As Fig. 1 shows, the embodiment of the invention discloses a kind of method that IC-card blowdown data increase, the present embodiment focuses on that higher environmental protection departments is supplemented with money IC-card, comprising:
Step 101: blowdown data manipulation personnel input blowdown data class for supplementing with money and recharge amount in the equipment of supplementing with money;
Step 102: the equipment of supplementing with money of higher environmental protection departments carries out authentication to pollutant discharging license IC-card;
Step 103: equipment of supplementing with money sends acquisition second random number (as: random number 1) instruction to IC-card, and IC-card generates random number 1 and sends it back the equipment of supplementing with money;
Step 104: the equipment of supplementing with money produces first random number (as: random number 2), supplement device interior with money and obtain the corresponding short file identifier of wallet (SFI) according to blowdown kind, according to enterprise's numbering, obtain enterprise's password, and according to order format, structure " instruction of increase blowdown flow rate " message;
Step 105: equipment of supplementing with money sends " increasing blowdown flow rate instruction " IC-card, wherein this instruction comprises: the short file identifier (SFI) of the wallet that the blowdown kind of purchase is corresponding, through key corresponding to this blowdown wallet of this enterprise, based on state close SM1 algorithm to the ciphertext after " the special authentication code of purchase volume+random number 2+ first " encryption, " command header+ciphertext ", the first check code of being calculated by MAC key and random number 1;
After step 106:IC is stuck in and receives " increasing blowdown flow rate instruction ", verify the first check code, verification is passed through, then illustrate that communications does not receive and attack or interference; Verification is not passed through, then return faulty operation;
Step 107:IC card according in " increase blowdown flow rate instruction " for blowdown wallet, find the counterpart keys of this wallet storage inside, the ciphertext that the above-mentioned steps 105 received based on this double secret key generates is decrypted;
Step 108: whether the first special authentication code that determining step 107 obtains is consistent with special authentication code built-in in IC-card, if unanimously, then illustrates that pollutant discharging unit is legitimate enterprise; If inconsistent, then return faulty operation;
Step 109: judge that whether random number 2 is random, if random number 2 be fixing coding, or the random number that (as: ten times) supplement operation with money with before has and mates, then this random number not at random, is supplemented order with money and may be subject to malicious attack, return faulty operation; If random number 2 is random, then this supplements the instruction that order is not malicious attack with money;
Step 110: after determining that random number 2 is random, equipment of supplementing with money supplements operation with money to blowdown wallet corresponding in IC-card.
Increase blowdown flow rate order format mentioned above is as shown in table 1:
Table 1
The short file identification SFI of P1---blowdown wallet file;
Recruitment (ciphertext 16 byte)---be by 4 byte recruitments expressly, supplement after 4 bytes fix authentication code+8 byte random number and got by SM1 encryption.
Check code---be the MAC value obtained through MAC cipher key calculation by " CLA+INS+P1+P2+Lc+ recruitment ".
iC-card is withholdd and is supplemented with money to ESAM:
As shown in Figure 2, another embodiment of the present invention discloses a kind of method that IC-card blowdown data are reduced, and the embodiment of the present invention focuses on withholds to IC-card and supplement with money blowdown control terminal ESAM, comprising:
Step 201: blowdown data manipulation people inputs recharge amount on blowdown control terminal;
Step 202: blowdown control terminal ESAM carries out authentication to IC-card, and certification is not passed through, then return faulty operation;
Step 203:IC card carries out authentication to blowdown control terminal ESAM, and certification is not passed through, then return faulty operation;
After step 204:IC card passes through the certification of blowdown control terminal, send blowdown control terminal ESAM and obtain random number instruction, blowdown control terminal produces the 3rd random number (as: random number 3), and random number 3 is sent to IC-card;
Step 205: blowdown control terminal is according to blowdown acquisition of information wallet SFI, and random number 3, extra-code, construct " reducing blowdown flow rate instruction " message;
Step 206: blowdown control terminal sends " reducing blowdown flow rate instruction " message to IC-card;
Step 207:IC card checks that whether remaining sum is sufficient, if Sorry, your ticket has not enough value in card, then returns faulty operation;
Step 208: if remaining sum is sufficient in IC-card, namely produces the 4th random number (as: random number 4) in IC-card inside;
Key after " data are reduced in blowdown " " random number 4 " " the second special authentication code " adopts key dispersion factor to carry out key dispersion by step 209:IC card is encrypted, and generates " supplementing ciphertext with money ";
Step 210:IC card adopts MAC key and random number 3, carries out MAC calculating, obtain the second check code to " extra-code " and " supplementing ciphertext with money ";
" increasing blowdown flow rate instruction " loopback that step 211:IC card will have been constructed by " supplementing ciphertext with money " and " check code " is to blowdown control terminal;
Step 212: blowdown control terminal is incidentally gone up " extra-code " adopt plaintext version to be transferred to blowdown control terminal ESAM by being received " increasing blowdown flow rate instruction " message that IC-card returns;
Step 213: blowdown control terminal ESAM is after receiving " increasing blowdown flow rate instruction ", and verify the second check code, verification is passed through, illustrates that communications does not receive and attacks or interference; Verification is not passed through, then return faulty operation;
Step 214: blowdown control terminal ESAM is according to the counterpart keys of " increase blowdown flow rate instruction ", and the ciphertext that the above-mentioned steps 209 received based on this double secret key generates is decrypted, and obtains the second special authentication code after deciphering;
Step 215: whether the second special authentication code that determining step 214 obtains is consistent with special authentication code built-in in IC-card, if unanimously, then illustrates that IC-card is legal; If inconsistent, then return faulty operation;
Step 216: judge that whether random number 4 is random, if random number 4 be fixing coding, or the random number that (as: ten times) supplement operation with money with before has and mates, then this random number not at random, is supplemented order with money and may be subject to malicious attack, return faulty operation; If random number 4 is random, then this supplements the instruction that order is not malicious attack with money;
Step 217: after determining that random number 4 is random, IC-card supplements operation with money to blowdown control terminal ESAM.
" reducing blowdown flow rate instruction " form that IC-card mentioned above is withholdd is as shown in table 2:
Table 2
P1---blowdown wallet file;
Extra-code---namely increase blowdown flow rate instruction head " E43Axx0014 ";
N---span is 0 ~ 3;
School Affairs---be the XOR value of each byte of " the CLA+INS+P1+P2+Lc+ amount of reducing ".
The method that the IC-card blowdown data of the embodiment of the present invention increase, reduce, in blowdown data transmission procedure, have employed the close SM1 algorithm for encryption of state to blowdown data, this algorithm is hardware implementing, and algorithm is underground, ensure that security and the confidentiality of blowdown data;
The method that the IC-card blowdown data of the embodiment of the present invention increase, reduce, adds the introducing of random number, effectively prevent after disabled user intercepts and captures load value data, the situation of repeatedly supplementing with money; Add the introducing of special authentication code, special authentication code is written to secure data district in the chips, and enterprise customer cannot obtain, and fundamentally prevents the possibility of clone's chip; Add the employing of check code, by the certification to check code, effectively can prevent blowdown data transmission fault and illegal Data attack behavior; The invention described above embodiment introduce measure ensure that blowdown data store and transmitting procedure in security and confidentiality.
The embodiment of the invention discloses a kind of IC-card realizing blowdown data and increase, as shown in Figure 3, comprise with lower module:
Command reception module 301, for receiving the blowdown flow rate instruction that the equipment of supplementing with money issues;
Instruction authentication module 302, for judging that whether the first random number is random, if the first random number is random, then increase blowdown flow rate instruction legal, what receive equipment of supplementing with money supplements operation with money.
Wherein, instruction authentication module 302 comprises with lower module:
Random number comparison sub-module 3021, for comparing the first random number and the random number of supplementing operation before with money;
Random number determination submodule 3022, for confirming that according to comparative result whether the first random number is random, if the first random number with to supplement the nonces match of operation before with money or the first random number is fixing coding, then the first random number is random, increases blowdown flow rate instruction illegal.
Wherein, realize the IC-card that blowdown data increase, also comprise with lower module:
Authentication code obtains module 303, for being decrypted encrypted cipher text according to decruption key, obtains the special authentication code after deciphering;
Authentication code comparison module 304, for being compared by the special authentication code stored in special authentication code and IC-card, if both are inconsistent, then certification is not passed through;
If special authentication code is consistent with the special authentication code stored in IC-card, then special authentication code certification is passed through.
Wherein, realize the IC-card that blowdown data increase, also comprise with lower module:
Receiving sending module 305, for receiving the acquisition random number instruction that the equipment of supplementing with money issues, generating the second random number, the second random number is sent it back the equipment of supplementing with money, increasing check code subsidiary in blowdown flow rate instruction for generating.
Wherein, realize the IC-card that blowdown data increase, also comprise with lower module:
Verification comparison module 306, compares for check code check code and IC-card internal calculation obtained, if both are equal, then verification is passed through;
If both are unequal, then verify and do not pass through.
The IC-card realizing the increase of blowdown data of the embodiment of the present invention, algorithmically have employed the close SM1 algorithm of state and instead of crypto algorithm or DES algorithm, and plaintext transmission of the prior art is changed into ciphertext transmission, ensure that the security of blowdown data in transmitting procedure and confidentiality.
The IC-card realizing the increase of blowdown data of the embodiment of the present invention, introduces the concept of random number, effectively prevent disabled user and intercept load value data, repeatedly supplement with money in blowdown flow rate instruction; Introduce the measure of special authentication code, special authentication code is written to secure data district in chip, prevents the generation of clone's chip; Introduce the measure of check code, prevent the rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The IC-card realizing the increase of blowdown data of the embodiment of the present invention, in the process of supplementing with money, blowdown data are ciphertext transmission mode, ensure that the security of transmission; Withhold in process at IC-card, output the message of supplementing with money blowdown control terminal ESAM, blowdown control terminal, just as a transmission medium, cannot be interfered supplementing message with money, ensure that the security of data.
The embodiment of the invention also discloses a kind of IC-card realizing blowdown data and reduce, as shown in Figure 4, comprise with lower module:
Command reception module 401, blowdown flow rate instruction is reduced for what receive that blowdown control terminal issues, reduce blowdown flow rate instruction to comprise: the 3rd random number, extra-code, the 3rd random number and extra-code are used for producing the second check code when supplementing with money blowdown control terminal ESAM.
Random number generation module module 402, for judging that in IC-card, whether remaining sum is sufficient, if sufficient, then generate the 4th random number, if not enough, does not then generate random number;
Check code generation module 403, encrypted cipher text is obtained for being encrypted the blowdown data of reducing, the 4th random number and the second special authentication code, carry out MAC according to the 3rd random number to extra-code and encrypted cipher text and calculate the second check code, described extra-code, described encrypted cipher text and described second check code form the increase blowdown flow rate instruction of supplementing with money blowdown control terminal ESAM.
Above-mentioned IC-card, also comprises:
Instruction authentication module 404, for judging that whether the 4th random number is random, if the 4th random number is random, then increases blowdown flow rate instruction legal, supplements operation with money to blowdown control terminal ESAM.
Wherein, instruction authentication module 404 comprises with lower module:
Random number comparison sub-module 4041, for comparing the 4th random number and the random number of supplementing operation before with money;
Random number determination submodule 4042, for confirming that whether the 4th random number is random according to comparative result, if the 4th random number with to supplement the nonces match of operation before with money or the 4th random number is fixing coding, then the first random number is random, increases blowdown flow rate instruction illegal.
Above-mentioned IC-card, also comprises:
Authentication code obtains module 405, for being decrypted encrypted cipher text, obtains the second special authentication code after deciphering;
Authentication code comparison module 406, for being compared by the special authentication code stored in the second special authentication code and blowdown control terminal ESAM, if both are inconsistent, then certification is not passed through;
If the second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, then special authentication code certification is passed through.
Above-mentioned IC-card, also comprises:
Check code comparison module 407, for comparing increasing the check code that in blowdown flow rate instruction, the second subsidiary check code and terminal ESAM internal calculation obtain, if both are equal, then verification is passed through;
If both are unequal, then verify and do not pass through.
The embodiment of the present invention realize the IC-card that blowdown data reduce, algorithmically have employed the close SM1 algorithm of state and instead of crypto algorithm or DES algorithm, and plaintext transmission of the prior art is changed into ciphertext transmission, ensure that the security of blowdown data in transmitting procedure and confidentiality.
The embodiment of the present invention realize the IC-card that blowdown data reduce, in blowdown flow rate instruction, introduce the concept of random number, effectively prevent disabled user and intercept load value data, repeatedly supplement with money; Introduce the measure of special authentication code, special authentication code is written to secure data district in chip, prevents the generation of clone's chip; Introduce the measure of check code, prevent the rogue attacks behavior in the error of transmission of blowdown data or transmitting procedure.
The embodiment of the present invention realize the IC-card that blowdown data reduce, in the process of supplementing with money, blowdown data are ciphertext transmission mode, ensure that the security of transmission; Withhold in process at IC-card, output the message of supplementing with money blowdown control terminal ESAM, blowdown control terminal, just as a transmission medium, cannot be interfered supplementing message with money, ensure that the security of data.
The present invention can have multiple multi-form embodiment; above for Fig. 1-Fig. 4 by reference to the accompanying drawings to technical scheme of the present invention explanation for example; this does not also mean that the instantiation that the present invention applies can only be confined in specific flow process or example structure; those of ordinary skill in the art should understand; specific embodiments provided above is some examples in multiple its preferred usage, and the embodiment of any embodiment the claims in the present invention all should within technical solution of the present invention scope required for protection.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (20)

1. a method for IC-card blowdown data increase, is characterized in that, comprising:
Receive the increase blowdown flow rate instruction that the equipment of supplementing with money issues, the instruction of described increase blowdown flow rate comprises: the first random number;
Judge that whether described first random number is random, if described first random number is random, then the instruction of described increase blowdown flow rate is legal, and that supplements equipment described in reception with money supplements operation with money.
2. method according to claim 1, is characterized in that, describedly judges that the first random number is whether random, comprising:
Described first random number and the random number of supplementing operation before with money are compared, if both couplings or described first random number are fixing coding, then described first random number is not random, and the instruction of described increase blowdown flow rate is illegal.
3. method according to claim 1, is characterized in that, also comprises:
The instruction of described increase blowdown flow rate also comprises: the encrypted cipher text of the first special authentication code and decruption key corresponding to described blowdown flow rate instruction;
According to described decruption key, described encrypted cipher text is decrypted, obtains the first special authentication code after deciphering;
Compared by the special authentication code stored in described first special authentication code and IC-card, if both are inconsistent, then certification is not passed through;
If described first special authentication code is consistent with the special authentication code stored in IC-card, then described special authentication code certification is passed through.
4. method according to claim 1, is characterized in that, also comprises:
The acquisition random number instruction that the equipment of supplementing with money described in reception issues, generates the second random number, supplements equipment with money, for generating the first check code subsidiary in the instruction of described increase blowdown flow rate described in described second random number being sent it back.
5. method according to claim 4, is characterized in that, also comprises:
After the described increase blowdown flow rate instruction that the equipment of supplementing with money described in reception issues, the check code that described first check code generate described equipment of supplementing with money and IC-card internal calculation obtain compares, if both are equal, then verification is passed through;
If both are unequal, then verify and do not pass through.
6. realize the IC-card that blowdown data increase, it is characterized in that, comprising:
Command reception module, for receiving the increase blowdown flow rate instruction that the equipment of supplementing with money issues, the instruction of described increase blowdown flow rate comprises: the first random number;
Instruction authentication module, for judging that whether described first random number is random, if described first random number is random, then the instruction of described increase blowdown flow rate is legal, and that supplements equipment described in reception with money supplements operation with money.
7. IC-card according to claim 6, is characterized in that, described instruction authentication module comprises:
Random number comparison sub-module, for comparing described first random number and the random number of supplementing operation before with money;
Random number determination submodule, for confirming that whether described first random number random according to described comparative result: if described first random number with supplement the nonces match of operation before with money or described first random number is fixing coding, then described first random number is not random, and the instruction of described increase blowdown flow rate is illegal.
8. IC-card according to claim 6, is characterized in that, the instruction of described increase blowdown flow rate also comprises: the encrypted cipher text of special authentication code and decruption key corresponding to described blowdown flow rate instruction, and IC-card also comprises:
Authentication code obtains module, for being decrypted described encrypted cipher text according to described decruption key, obtains the first special authentication code after deciphering;
Authentication code comparison module, compare for described first special authentication code is carried out contrast with the special authentication code stored in IC-card, if both are inconsistent, then certification is not passed through;
If described first special authentication code is consistent with the special authentication code stored in IC-card, then described special authentication code certification is passed through.
9. IC-card according to claim 6, is characterized in that, also comprises:
Receive sending module, for the acquisition random number instruction that the equipment of supplementing with money described in receiving issues, generating the second random number, supplementing equipment with money described in described second random number being sent it back, for generating the first check code subsidiary in the instruction of described increase blowdown flow rate.
10. IC-card according to claim 6, is characterized in that, also comprises:
Verification comparison module, for after the described increase blowdown flow rate instruction that the equipment of supplementing with money described in receiving issues, compares the check code that described first check code and IC-card internal calculation obtain, if both are equal, then verify and passes through;
If both are unequal, then verify and do not pass through.
The method that 11. 1 kinds of IC-card blowdown data are reduced, is characterized in that, comprising:
What receive that blowdown control terminal issues reduces blowdown flow rate instruction, described in reduce blowdown flow rate instruction and comprise: the 3rd random number, extra-code, described 3rd random number and described extra-code are used for producing the second check code when supplementing with money blowdown control terminal ESAM;
Judge that in IC-card, whether remaining sum is sufficient, if sufficient, then generate the 4th random number, if not enough, then do not generate random number;
The blowdown data of reducing, described 4th random number and the second special authentication code are encrypted and obtain encrypted cipher text, carry out MAC according to described 3rd random number to described extra-code and described encrypted cipher text and calculate the second check code, described extra-code, described encrypted cipher text and described second check code form the increase blowdown flow rate instruction of supplementing with money blowdown control terminal ESAM.
12. methods according to claim 11, is characterized in that, also comprise:
Judge that whether described 4th random number is random, if described 4th random number is random, then the instruction of described increase blowdown flow rate is legal, supplements operation with money to blowdown control terminal ESAM.
13. methods according to claim 12, is characterized in that, describedly judge that the 4th random number is whether random, comprising:
Described 4th random number and the random number of supplementing operation before with money are compared, if both couplings or described 4th random number are fixing coding, then described 4th random number is not random, and the instruction of described increase blowdown flow rate is illegal.
14. methods according to claim 11, is characterized in that, also comprise:
Described encrypted cipher text is decrypted, obtains the second special authentication code after deciphering;
Compared by the special authentication code stored in described second special authentication code and blowdown control terminal ESAM, if both are inconsistent, then certification is not passed through;
If described second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, then described special authentication code certification is passed through.
15. methods according to claim 11, is characterized in that, also comprise:
Compared by the check code that described second check code subsidiary in described blowdown flow rate instruction and terminal ESAM internal calculation obtain, if both are equal, then verification is passed through;
If both are unequal, then verify and do not pass through.
16. 1 kinds of IC-cards realizing blowdown data and reduce, is characterized in that, comprising:
Command reception module, blowdown flow rate instruction is reduced for what receive that blowdown control terminal issues, describedly reduce blowdown flow rate instruction and comprise: the 3rd random number, extra-code, described 3rd random number and described extra-code are used for producing the second check code when supplementing with money blowdown control terminal ESAM;
Random number generation module, for judging that in IC-card, whether remaining sum is sufficient, if sufficient, then generate the 4th random number, if not enough, does not then generate random number;
Check code generation module, encrypted cipher text is obtained for being encrypted the blowdown data of reducing, described 4th random number and the second special authentication code, carry out MAC according to described 3rd random number to described extra-code and described encrypted cipher text and calculate the second check code, described extra-code, described encrypted cipher text and described second check code form the increase blowdown flow rate instruction of supplementing with money blowdown control terminal ESAM.
17. IC-cards according to claim 16, is characterized in that, also comprise:
Instruction authentication module, for judging that whether described 4th random number is random, if described 4th random number is random, then the instruction of described increase blowdown flow rate is legal, supplements operation with money to blowdown control terminal ESAM.
18. IC-cards according to claim 16, is characterized in that, also comprise:
Random number comparison sub-module, for comparing the 4th random number and the random number of supplementing operation before with money;
Random number determination submodule, for confirming that whether the 4th random number is random according to comparative result, if the 4th random number with to supplement the nonces match of operation before with money or the 4th random number is fixing coding, then the first random number is random, increases blowdown flow rate instruction illegal.
19. IC-cards according to claim 16, is characterized in that, also comprise:
Authentication code obtains module, for being decrypted described encrypted cipher text, obtains the second special authentication code after deciphering;
Authentication code comparison module, for being compared by the special authentication code stored in described second special authentication code and blowdown control terminal ESAM, if both are inconsistent, then certification is not passed through;
If described second special authentication code is consistent with the special authentication code stored in blowdown control terminal ESAM, then described special authentication code certification is passed through.
20. IC-cards according to claim 16, is characterized in that, also comprise:
Check code comparison module, compares for the check code described second check code subsidiary in the instruction of described increase blowdown flow rate and terminal ESAM internal calculation obtained, if both are equal, then verification is passed through;
If both are unequal, then verify and do not pass through.
CN201310479322.4A 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card Active CN104574652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310479322.4A CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310479322.4A CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Publications (2)

Publication Number Publication Date
CN104574652A true CN104574652A (en) 2015-04-29
CN104574652B CN104574652B (en) 2017-12-15

Family

ID=53090605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310479322.4A Active CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Country Status (1)

Country Link
CN (1) CN104574652B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017166068A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166069A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166059A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166056A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166061A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166060A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166051A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0588339A2 (en) * 1992-09-18 1994-03-23 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
CN101247188A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for remotely managing electronic purse state
CN101499196A (en) * 2008-12-30 2009-08-05 北京握奇数据系统有限公司 Ammeter payment method, apparatus and system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data
CN102542448A (en) * 2011-12-15 2012-07-04 中国电力科学研究院 Recharge device, prepaid electricity vending system, electricity vending system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0588339A2 (en) * 1992-09-18 1994-03-23 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
CN101247188A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for remotely managing electronic purse state
CN101499196A (en) * 2008-12-30 2009-08-05 北京握奇数据系统有限公司 Ammeter payment method, apparatus and system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data
CN102542448A (en) * 2011-12-15 2012-07-04 中国电力科学研究院 Recharge device, prepaid electricity vending system, electricity vending system and method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017166068A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166069A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166059A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166056A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166061A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166060A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166051A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method

Also Published As

Publication number Publication date
CN104574652B (en) 2017-12-15

Similar Documents

Publication Publication Date Title
US12051064B2 (en) Transaction messaging
CN102725737B (en) The encryption and decryption of anti-leak can be verified
CN104574652A (en) Method for increasing and deducting pollution discharge data of IC card and IC card
CN105900375A (en) Efficient methods for protecting identity in authenticated transmissions
CN102377566A (en) Security processing device and system for electric meter data
CN103679062A (en) Intelligent electric meter main control chip and security encryption method
CN106357400A (en) Method and system for establishing channel between TBOX terminal and TSP platform
CN102663292A (en) Method and system for realizing smart card application and deployment
CN102693385A (en) Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof
CN107967605B (en) Rail transit automatic fare collection two-dimensional code credit payment encryption method
CN103326864A (en) Electronic tag anti-fake authentication method
Zhou et al. Implementation of cryptographic algorithm in dynamic QR code payment system and its performance
CN102592091A (en) Digital rights management system and security method based on distributed key
CN102164128A (en) Online payment system and online payment method for Internet television
CN107835172A (en) Billing information verification method and system, server and computer-readable recording medium
CN100476844C (en) Method for realizing binding function between electronic key and computer
CN101132276A (en) Method and system for symmetrical encryption of terminal data by SAM card
CN110222809B (en) Information combination and encryption method of two-dimensional code and two-dimensional code encryption machine
CN109889343B (en) Electronic invoice circulation control method, device and system
CN102609842A (en) Payment cipher device based on hardware signature equipment, and application method of payment cipher device
CN202600714U (en) Embedded terminal based on SD (Secure Digital) trusted computing module
CN101833822A (en) Security protection method for electric power prepaid system
CN111902815A (en) Data transfer method, system, device, electronic device, and readable storage medium
CN108768627B (en) Seal anti-counterfeiting security chip key management control system
CN103401683A (en) Key packaging method and key security management method based on key packaging method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant