CN104574652A - Method for increasing and deducting pollution discharge data of IC card and IC card - Google Patents

Method for increasing and deducting pollution discharge data of IC card and IC card Download PDF

Info

Publication number
CN104574652A
CN104574652A CN201310479322.4A CN201310479322A CN104574652A CN 104574652 A CN104574652 A CN 104574652A CN 201310479322 A CN201310479322 A CN 201310479322A CN 104574652 A CN104574652 A CN 104574652A
Authority
CN
China
Prior art keywords
random number
card
code
instruction
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310479322.4A
Other languages
Chinese (zh)
Other versions
CN104574652B (en
Inventor
袁艳芳
王于波
付青琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201310479322.4A priority Critical patent/CN104574652B/en
Publication of CN104574652A publication Critical patent/CN104574652A/en
Application granted granted Critical
Publication of CN104574652B publication Critical patent/CN104574652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

本发明公开了一种IC卡排污数据增加、扣减的方法和IC卡,其中,IC卡排污数据增加的方法包括:接收充值设备下发的增加排污量指令,增加排污量指令包括:第一随机数;判断第一随机数是否随机,如果第一随机数随机,则增加排污量指令合法,接收充值设备的充值操作。本发明的IC卡排污数据增加、扣减的方法和IC卡,在排污量指令中引入了随机数的概念,有效防止了非法用户截取充值数据,进行多次充值;引入了特殊认证码的措施,特殊认证码是写入到芯片中的安全数据区的,防止了克隆芯片的产生;引入校验码的措施,防止了排污数据的传输错误或者传输过程中的非法攻击行为,从而保证了排污数据在传输过程中的安全性和保密性。

The invention discloses a method for increasing and deducting the sewage discharge data of an IC card and an IC card, wherein the method for increasing the sewage discharge data of the IC card includes: receiving an instruction for increasing the sewage discharge amount issued by a recharging device, and the instruction for increasing the sewage discharge amount includes: first Random number: judging whether the first random number is random, if the first random number is random, the command to increase the amount of pollutant discharge is legal, and the recharge operation of the recharge device is accepted. The method for increasing and deducting the sewage data of the IC card and the IC card of the present invention introduce the concept of random numbers in the sewage discharge command, effectively preventing illegal users from intercepting the recharge data and performing multiple recharges; and introducing a special authentication code measure , the special authentication code is written into the security data area of the chip, which prevents the generation of cloned chips; the introduction of the check code measures prevents the transmission error of the sewage data or the illegal attack during the transmission process, thus ensuring the pollution discharge Security and confidentiality of data during transmission.

Description

IC卡排污数据增加、扣减的方法和IC卡Method for increasing and deducting pollutant discharge data of IC card and IC card

技术领域technical field

本发明涉及通信领域中数据传输与安全技术领域,具体地,涉及IC卡排污数据增加、扣减的方法和IC卡。The invention relates to the technical field of data transmission and safety in the communication field, in particular to a method for increasing and deducting sewage discharge data of an IC card and an IC card.

背景技术Background technique

排污许可证制度是以改善环境质量为目标,以污染物排污总量控制为基础,规定排污单位排放污染物的种类、数据等信息,是一项具有法律含义的行政管理制度,是对重点区域、重点排污单位主要污染物排放实行定量化管理的手段。以往在污染源整治过程中,只对排放浓度进行控制,不能从总体上解决污染问题,只有对重点污染源进行排放总量控制,发放排污许可证,才能改善整个区域环境质量。具体针对不同地区不同的环境质量要求,确定不同污染源,削减不同污染物排放量。将污染治理与环境质量目标紧密地结合起来,有利于节约治理资金,实现环境质量目标。The pollutant discharge permit system is aimed at improving environmental quality, based on the total amount of pollutant discharge control, and stipulates the types and data of pollutants discharged by pollutant discharge units. It is an administrative management system with legal implications. , The means of quantitative management of the main pollutant discharge of key pollutant discharge units. In the past, in the process of pollution source remediation, only the emission concentration was controlled, and the pollution problem could not be solved as a whole. Only by controlling the total amount of emission from key pollution sources and issuing pollutant discharge permits can the environmental quality of the entire region be improved. Specifically aiming at the different environmental quality requirements in different regions, identify different pollution sources and reduce the discharge of different pollutants. The close combination of pollution control and environmental quality objectives is conducive to saving treatment funds and achieving environmental quality objectives.

目前的排污许可证系统中所使用的IC卡系统,主要采用的是mifare卡技术,或者《中国金融集成电路(IC)卡规范》(JR/T 0025-2005)(业内简称PB0C2.0)中的电子钱包/存折应用技术。钱包的数量由于空间关系相对有限,而且算法安全性较低。其中mifare卡技术中的crypto算法以及金融电子钱包存折中的DES相对安全性较低,且操作流程较复杂。The IC card system used in the current pollution discharge permit system mainly adopts the mifare card technology, or the "China Financial Integrated Circuit (IC) Card Specification" (JR/T 0025-2005) (industry referred to as PB0C2.0) e-wallet/passbook application technology. The number of wallets is relatively limited due to the spatial relationship, and the algorithm security is low. Among them, the crypto algorithm in the mifare card technology and the DES in the financial electronic wallet passbook are relatively less secure, and the operation process is more complicated.

在实现本发明过程中,发明人发现现有技术中至少存在如下问题:In the course of realizing the present invention, the inventor finds that there are at least the following problems in the prior art:

传统的IC卡排污数据增加、扣减的系统,主要采用的是mifare卡技术,或者《中国金融集成电路(IC)卡规范》(JR/T 0025-2005)中的电子钱包/存折应用技术。在算法上采用的是crypto算法或者DES算法;采用的简单的钱包应用,或者金融电子钱包应用。目前mifare技术已经被破解,而金融的电子钱包在存款时存款金额为明文传输,容易产生交易不安全的问题。The traditional IC card sewage data addition and deduction system mainly uses mifare card technology, or the electronic wallet/passbook application technology in the "China Financial Integrated Circuit (IC) Card Specification" (JR/T 0025-2005). The algorithm adopts crypto algorithm or DES algorithm; it adopts simple wallet application or financial e-wallet application. At present, the mifare technology has been cracked, and the deposit amount of the financial electronic wallet is transmitted in clear text when depositing, which is prone to insecure transactions.

发明内容Contents of the invention

本发明是为了克服现有技术中IC卡排污数据安全性差的缺陷,根据本发明的一个方面,提出一种IC卡排污数据增加的方法。The purpose of the present invention is to overcome the defect of poor security of IC card sewage discharge data in the prior art, and according to one aspect of the present invention, a method for increasing IC card sewage discharge data is proposed.

根据本发明实施例的IC卡排污数据增加的方法,包括:The method for increasing the sewage discharge data of an IC card according to an embodiment of the present invention includes:

接收充值设备下发的增加排污量指令,该增加排污量指令包括:第一随机数;Receive an instruction to increase the amount of pollutant discharge issued by the recharge device, the instruction to increase the amount of pollutant discharge includes: a first random number;

判断第一随机数是否随机,如果第一随机数随机,则增加排污量指令合法,接收充值设备的充值操作。It is judged whether the first random number is random, and if the first random number is random, the command to increase the pollutant discharge amount is legal, and the recharge operation of the recharge device is accepted.

本发明为了克服现有技术中IC卡排污数据安全性差的缺陷,根据本发明的另一个方面,提出一种实现排污数据增加的IC卡。In order to overcome the defect of poor security of IC card sewage data in the prior art, the present invention proposes an IC card for increasing sewage data according to another aspect of the present invention.

根据本发明实施例的实现排污数据增加的IC卡,包括:The IC card for realizing the increase of sewage discharge data according to the embodiment of the present invention includes:

指令接收模块,用于接收充值设备下发的增加排污量指令,增加排污量指令包括:第一随机数;The instruction receiving module is used to receive the instruction for increasing the amount of pollutant discharge issued by the recharging device. The instruction for increasing the amount of pollutant emission includes: the first random number;

指令鉴权模块,用于判断第一随机数是否随机,如果第一随机数随机,则增加排污量指令合法,接收充值设备的充值操作。The instruction authentication module is used to judge whether the first random number is random, and if the first random number is random, then the instruction to increase the pollutant discharge amount is legal, and receives the recharge operation of the recharge device.

本发明实施例的IC卡排污数据增加的方法和IC卡,在算法上采用了国密SM1算法取代了crypto算法或者DES算法,且将现有技术中的明文传输改为密文传输,保证了排污数据在传输过程中的安全性和保密性。The method for increasing the sewage data of the IC card and the IC card of the embodiment of the present invention adopt the national secret SM1 algorithm to replace the crypto algorithm or the DES algorithm in the algorithm, and change the plaintext transmission in the prior art into the ciphertext transmission, which ensures The security and confidentiality of sewage data during transmission.

本发明实施例的IC卡排污数据增加的方法和IC卡,在排污量指令中引入了随机数的概念,有效防止了非法用户截取充值数据,进行多次充值;引入了特殊认证码的措施,特殊认证码是写入到芯片中的安全数据区的,防止了克隆芯片的产生;引入校验码的措施,防止了排污数据的传输错误或者传输过程中的非法攻击行为。The method for increasing the sewage discharge data of the IC card and the IC card of the embodiment of the present invention introduce the concept of random numbers in the sewage discharge command, which effectively prevents illegal users from intercepting the recharge data and recharging multiple times; introduces the measures of special authentication codes, The special authentication code is written into the security data area of the chip, which prevents the generation of cloned chips; the introduction of the check code measures prevents the transmission error of the sewage data or the illegal attack during the transmission process.

本发明是为了克服现有技术中IC卡排污数据安全性差的缺陷,根据本发明的一个方面,提出一种IC卡排污数据扣减的方法。The purpose of the present invention is to overcome the defect of poor security of IC card sewage discharge data in the prior art, and according to one aspect of the present invention, a method for deduction of IC card sewage discharge data is proposed.

根据本发明实施例的IC卡排污数据扣减的方法,包括:The method for deduction of IC card sewage data according to an embodiment of the present invention includes:

接收排污控制终端下发的扣减排污量指令,扣减排污量指令包括:第三随机数、附加码,第三随机数和附加码用于对排污控制终端ESAM进行充值时产生第二校验码;Receive the pollutant emission reduction command issued by the pollution discharge control terminal, the pollutant discharge reduction command includes: the third random number, the additional code, the third random number and the additional code are used to generate the second verification when recharging the pollution discharge control terminal ESAM code;

判断IC卡内余额是否充足,如果充足,则生成第四随机数,如果不足,则不生成随机数;Determine whether the balance in the IC card is sufficient, if sufficient, generate the fourth random number, if not, generate no random number;

对扣减的排污数据、所述第四随机数及第二特殊认证码进行加密得到加密密文,根据所述第三随机数对所述附加码和所述加密密文进行MAC计算得到第二校验码,所述附加码、所述加密密文及所述第二校验码构成对排污控制终端ESAM充值的增加排污量指令。Encrypt the deducted sewage data, the fourth random number and the second special authentication code to obtain encrypted ciphertext, and perform MAC calculation on the additional code and the encrypted ciphertext according to the third random number to obtain the second The verification code, the additional code, the encrypted ciphertext and the second verification code constitute an instruction to increase the amount of pollutant discharge for recharging the ESAM of the pollution control terminal.

本发明是为了克服现有技术中IC卡排污数据安全性差的缺陷,根据本发明的一个方面,提出了一种实现排污数据扣减的IC卡。The purpose of the present invention is to overcome the defect of poor security of IC card sewage discharge data in the prior art. According to one aspect of the present invention, an IC card for realizing deduction of sewage discharge data is proposed.

根据本发明实施例的实现排污数据扣减的IC卡,包括:According to the embodiment of the present invention, the IC card for realizing the deduction of sewage data includes:

指令接收模块,接收排污控制终端下发的扣减排污量指令,扣减排污量指令包括:第三随机数、附加码,第三随机数和附加码用于对排污控制终端ESAM进行充值时产生第二校验码;The instruction receiving module is used to receive the pollutant emission reduction instruction issued by the emission control terminal. The emission reduction instruction includes: the third random number, the additional code, and the third random number and the additional code are generated when recharging the emission control terminal ESAM the second check code;

随机数生成模块,用于判断IC卡内余额是否充足,如果充足,则生成第四随机数,如果不足,则不生成随机数;A random number generation module, used to judge whether the balance in the IC card is sufficient, if sufficient, generate a fourth random number, if not, generate no random number;

校验码生成模块,用于对扣减的排污数据、第四随机数及第二特殊认证码进行加密得到加密密文,根据第三随机数对附加码和加密密文进行MAC计算得到第二校验码,所述附加码、所述加密密文及所述第二校验码构成对排污控制终端ESAM充值的增加排污量指令。The verification code generation module is used to encrypt the deducted sewage data, the fourth random number and the second special authentication code to obtain encrypted ciphertext, and perform MAC calculation on the additional code and encrypted ciphertext according to the third random number to obtain the second The verification code, the additional code, the encrypted ciphertext and the second verification code constitute an instruction to increase the amount of pollutant discharge for recharging the ESAM of the pollution control terminal.

本发明实施例的IC卡排污数据扣减的方法和IC卡,在算法上采用了国密SM1算法取代了crypto算法或者DES算法,且将现有技术中的明文传输改为密文传输,保证了排污数据在传输过程中的安全性和保密性。The method and IC card of the IC card sewage data deduction of the embodiment of the present invention adopt the national secret SM1 algorithm to replace the crypto algorithm or the DES algorithm in the algorithm, and change the plain text transmission in the prior art into the cipher text transmission, guarantee It ensures the security and confidentiality of sewage data during transmission.

本发明实施例的IC卡排污数据扣减的方法和IC卡,在排污量指令中引入了随机数的概念,有效防止了非法用户截取充值数据,进行多次充值;引入了特殊认证码的措施,特殊认证码是写入到芯片中的安全数据区的,防止了克隆芯片的产生;引入校验码的措施,防止了排污数据的传输错误或者传输过程中的非法攻击行为。The method and IC card of the IC card sewage data deduction in the embodiment of the present invention introduce the concept of random numbers in the sewage discharge command, effectively preventing illegal users from intercepting recharge data and recharging multiple times; introducing special authentication code measures , the special authentication code is written into the security data area of the chip, which prevents the generation of cloned chips; the introduction of the check code measures prevents the transmission error of the sewage data or the illegal attack during the transmission process.

本发明实施例的IC卡排污数据扣减的方法和IC卡,在充值过程中,排污数据均为密文传输方式,保证了传输的安全性;在IC卡扣款过程中,输出了对排污控制终端ESAM进行充值的报文,排污控制终端只是作为一个传输媒介,对充值报文无法干涉,保证了数据的安全性。In the method for deduction of sewage discharge data of an IC card and the IC card in the embodiment of the present invention, during the recharging process, the sewage discharge data is transmitted in cipher text, which ensures the security of transmission; The control terminal ESAM recharges the message, and the sewage control terminal is only used as a transmission medium, which cannot interfere with the recharge message, ensuring data security.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

附图说明Description of drawings

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the description, and are used together with the embodiments of the present invention to explain the present invention, and do not constitute a limitation to the present invention. In the attached picture:

图1为本发明IC卡充值流程示意图;Fig. 1 is a schematic diagram of the IC card recharging process of the present invention;

图2为本发明IC卡扣款及ESAM充值流程示意图;Fig. 2 is a schematic diagram of IC card deduction and ESAM recharging process of the present invention;

图3为本发明一实施例的实现排污数据增加的IC卡结构示意图;Fig. 3 is the structural schematic diagram of the IC card that realizes the increase of sewage discharge data according to an embodiment of the present invention;

图4为本发明另一实施例的实现排污数据扣减的IC卡结构示意图。Fig. 4 is a structural schematic diagram of an IC card for realizing deduction of pollutant discharge data according to another embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图,对本发明的具体实施方式进行详细描述,但应当理解本发明的保护范围并不受具体实施方式的限制。The specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiments.

本发明是针对现有技术中采用mifare技术以及金融电子钱包中的DES算法,金融电子钱包存款时数据以明文方式传输,无法保证数据存储和传输的安全性,且交易流程过于复杂的问题,而提出的一种新型的IC卡排污数据增加、扣减的方法。The present invention is aimed at the problem that mifare technology and the DES algorithm in the financial electronic wallet are used in the prior art. When the financial electronic wallet deposits, the data is transmitted in plain text, the security of data storage and transmission cannot be guaranteed, and the transaction process is too complicated. A new method of increasing and deducting the emission data of IC card is proposed.

本发明提出了一种新型的IC卡排污数据增加的方法,实现该方法的软件系统用于下载到用户卡中作为一个企业的唯一证卡,同时也可以下载到排污终端控制设备中的ESAM(Embedded Secure Access Module,嵌入式安全控制模块)作为“排污终端控制设备的安全信息”以及“排污数据余额”的存储模块。该方法支持排污数据控制的增加排污数据指令、扣减排污数据指令以及读取排污数据余额指令。The present invention proposes a new method for increasing sewage discharge data of an IC card. The software system for realizing the method is used to download to the user card as the only card of an enterprise, and can also be downloaded to the ESAM ( Embedded Secure Access Module, embedded security control module) is used as the storage module of "security information of sewage terminal control equipment" and "pollution data balance". The method supports the instruction of increasing the pollutant discharge data, the instruction of deducting the pollutant discharge data and the instruction of reading the balance of the pollutant discharge data for controlling the pollutant discharge data.

为达到上述发明目的,本发明提供了一种IC卡排污数据增加的方法,具体实施步骤如下:In order to achieve the above-mentioned purpose of the invention, the present invention provides a method for increasing the sewage discharge data of an IC card, and the specific implementation steps are as follows:

排污企业需要办理一张IC卡作为企业的唯一排污许可证,此IC卡中的密钥为此企业的唯一密钥,且同该企业的排污终端控制设备中的ESAM有对应关系(排污终端控制设备中的ESAM由排污许可证IC卡中密钥分散得来,且不可逆推)。The sewage discharge enterprise needs to apply for an IC card as the only sewage discharge permit of the enterprise. The key in this IC card is the unique key of the enterprise, and has a corresponding relationship with the ESAM in the sewage discharge terminal control equipment of the enterprise (pollution discharge terminal control The ESAM in the device is obtained by dispersing the key in the IC card of the pollution discharge permit, and it is irreversible).

IC卡充值:IC card recharge:

如图1示,本发明实施例公开了一种IC卡排污数据增加的方法,本实施例着重于上级环保部门对IC卡进行充值,包括:As shown in Figure 1, the embodiment of the present invention discloses a method for increasing the sewage discharge data of an IC card. This embodiment focuses on the recharging of the IC card by the higher-level environmental protection department, including:

步骤101:排污数据操作人员向充值设备中输入欲充值的排污数据种类以及充值金额;Step 101: The pollutant discharge data operator inputs the type of pollutant discharge data to be recharged and the recharge amount into the recharging device;

步骤102:上级环保部门的充值设备对排污许可证IC卡进行身份认证;Step 102: The recharge device of the upper-level environmental protection department performs identity authentication on the IC card of the pollutant discharge permit;

步骤103:充值设备对IC卡发送获取第二随机数(如:随机数1)指令,IC卡生成随机数1并发送回充值设备;Step 103: The recharge device sends an instruction to obtain a second random number (eg, random number 1) to the IC card, and the IC card generates a random number 1 and sends it back to the recharge device;

步骤104:充值设备产生一个第一随机数(如:随机数2),充值设备内部根据排污种类获取对应的钱包短文件标识符(SFI),根据企业编号,获取企业密码,并根据指令格式,构造“增加排污量指令”报文;Step 104: The recharge device generates a first random number (such as: random number 2), and the recharge device obtains the corresponding wallet short file identifier (SFI) according to the type of pollution discharge, obtains the enterprise password according to the enterprise number, and according to the instruction format, Construct the "increase sewage discharge command" message;

步骤105:充值设备对IC卡发送“增加排污量指令”,其中该指令包含:购买的排污种类对应的钱包的短文件标识符(SFI)、经过该企业的此排污钱包对应的密钥,基于国密SM1算法对“购买量+随机数2+第一特殊认证码”加密后的密文、“命令头+密文”、通过MAC密钥以及随机数1计算得到的第一校验码;Step 105: The recharging device sends an "increase pollutant discharge command" to the IC card, where the instruction includes: the short file identifier (SFI) of the wallet corresponding to the purchased pollutant discharge type, the key corresponding to the pollutant discharge wallet that has passed through the enterprise, based on The national secret SM1 algorithm encrypts the ciphertext of "purchase amount + random number 2 + first special authentication code", "command header + ciphertext", the first check code calculated by MAC key and random number 1;

步骤106:IC卡在收到“增加排污量指令”后,对第一校验码进行校验,校验通过,则说明通信传输没有收到攻击或干扰;校验未通过,则返回错误操作;Step 106: After the IC card receives the "command to increase the amount of pollutant discharge", it verifies the first verification code. If the verification is passed, it means that the communication transmission has not received any attack or interference; if the verification fails, an error operation is returned ;

步骤107:IC卡根据“增加排污量指令”中针对的排污钱包,查到该钱包内部存储的对应密钥,基于该密钥对收到的上述步骤105生成的密文进行解密;Step 107: The IC card finds the corresponding key stored in the wallet according to the sewage wallet targeted in the "increase sewage volume command", and decrypts the received ciphertext generated in step 105 based on the key;

步骤108:判断步骤107得到的第一特殊认证码与IC卡中内置的特殊认证码是否一致,如果一致,则说明排污单位为合法企业;如果不一致,则返回错误操作;Step 108: judging whether the first special authentication code obtained in step 107 is consistent with the built-in special authentication code in the IC card, if consistent, then the pollutant discharge unit is a legal enterprise; if inconsistent, then return to an error operation;

步骤109:判断随机数2是否随机,如果随机数2为固定的编码,或者与之前(如:十次)充值操作的随机数有匹配,则该随机数不随机,充值命令可能受到恶意攻击,返回错误操作;如果随机数2随机,则此充值命令不是恶意攻击的指令;Step 109: Determine whether the random number 2 is random. If the random number 2 is a fixed code, or matches the random number of the previous (for example: ten) recharge operations, the random number is not random, and the recharge command may be subject to malicious attacks. Return error operation; if the random number 2 is random, then this recharge command is not a malicious attack command;

步骤110:在确定随机数2随机后,充值设备对IC卡中对应的排污钱包进行充值操作。Step 110: After determining the random number 2, the recharge device recharges the corresponding sewage wallet in the IC card.

上文所述的增加排污量指令格式如表1所示:The format of the instruction to increase the amount of pollutant discharge mentioned above is shown in Table 1:

表1Table 1

P1---排污钱包文件的短文件标识SFI;P1---Short file identifier SFI of sewage wallet file;

增加量(密文16字节)---是由4字节增加量明文,补充4字节固定认证码+8字节随机数后通过SM1加密得来。Increment (16 bytes of ciphertext) --- It is obtained by encrypting by SM1 after adding 4 bytes of fixed authentication code + 8 bytes of random number from 4 bytes of incremental plaintext.

校验码---是由“CLA+INS+P1+P2+Lc+增加量”经过MAC密钥计算得到的MAC值。Check code --- is the MAC value calculated by "CLA+INS+P1+P2+Lc+increment" through the MAC key.

IC卡扣款及给ESAM充值:IC card deduction and ESAM recharge:

如图2所示,本发明另一实施例公开了一种IC卡排污数据扣减的方法,本发明实施例着重于对IC卡扣款及对排污控制终端ESAM进行充值,包括:As shown in Figure 2, another embodiment of the present invention discloses a method for deduction of sewage data by IC card. The embodiment of the present invention focuses on deduction of IC card and recharging of sewage control terminal ESAM, including:

步骤201:排污数据操作人在排污控制终端上输入充值金额;Step 201: The sewage data operator enters the recharge amount on the sewage control terminal;

步骤202:排污控制终端ESAM对IC卡进行身份认证,认证未通过,则返回错误操作;Step 202: The sewage control terminal ESAM performs identity authentication on the IC card, and returns an error operation if the authentication fails;

步骤203:IC卡对排污控制终端ESAM进行身份认证,认证未通过,则返回错误操作;Step 203: The IC card authenticates the identity of the pollution discharge control terminal ESAM, and returns an error operation if the authentication fails;

步骤204:IC卡对排污控制终端认证通过后,对排污控制终端ESAM发送获取随机数指令,排污控制终端产生第三随机数(如:随机数3),并将随机数3发送给IC卡;Step 204: After the IC card passes the authentication of the pollution discharge control terminal, it sends an instruction to obtain a random number to the pollution discharge control terminal ESAM, and the pollution discharge control terminal generates a third random number (such as: random number 3), and sends the random number 3 to the IC card;

步骤205:排污控制终端根据排污信息获取钱包SFI,随机数3、附加码,构造“扣减排污量指令”报文;Step 205: The pollution discharge control terminal obtains the wallet SFI, random number 3, and additional code according to the pollution discharge information, and constructs a "pollution reduction command" message;

步骤206:排污控制终端对IC卡发送“扣减排污量指令”报文;Step 206: The pollution discharge control terminal sends a "pollution reduction command" message to the IC card;

步骤207:IC卡查看余额是否充足,如果卡内余额不足,则返回错误操作;Step 207: Check whether the IC card balance is sufficient, and return an error operation if the balance in the card is insufficient;

步骤208:如果IC卡内余额充足,即在IC卡内部产生一个第四随机数(如:随机数4);Step 208: If the balance in the IC card is sufficient, a fourth random number (such as: random number 4) is generated inside the IC card;

步骤209:IC卡将“排污扣减数据”“随机数4”“第二特殊认证码”采用密钥分散因子进行密钥分散后的密钥进行加密,生成“充值密文”;Step 209: The IC card encrypts the "pollution deduction data", "random number 4" and "second special authentication code" using the key dispersion factor to generate the "recharge ciphertext";

步骤210:IC卡采用MAC密钥以及随机数3,对“附加码”和“充值密文”进行MAC计算,获得第二校验码;Step 210: The IC card uses the MAC key and the random number 3 to perform MAC calculation on the "additional code" and "recharge ciphertext" to obtain the second verification code;

步骤211:IC卡将由“充值密文”和“校验码”构造好的“增加排污量指令”回送给排污控制终端;Step 211: The IC card sends back the "command to increase pollutant discharge volume" constructed by the "recharge ciphertext" and "check code" to the pollution discharge control terminal;

步骤212:排污控制终端将收到IC卡返回的“增加排污量指令”报文附带上“附加码”采用明文形式传输给排污控制终端ESAM;Step 212: The pollution discharge control terminal will receive the "increase pollution discharge command" message returned by the IC card with the "additional code" and transmit it to the pollution discharge control terminal ESAM in plain text;

步骤213:排污控制终端ESAM在收到“增加排污量指令”后,对第二校验码进行校验,校验通过,说明通信传输没有收到攻击或者干扰;校验未通过,则返回错误操作;Step 213: After receiving the "increase pollution discharge command", the pollution discharge control terminal ESAM verifies the second verification code, and if the verification is passed, it means that the communication transmission has not received any attack or interference; if the verification fails, an error is returned operate;

步骤214:排污控制终端ESAM根据“增加排污量指令”的对应密钥,基于该密钥对收到的上述步骤209生成的密文进行解密,得到解密后的第二特殊认证码;Step 214: The pollution discharge control terminal ESAM decrypts the received ciphertext generated in the above step 209 based on the key corresponding to the "command to increase the pollution discharge volume", and obtains the decrypted second special authentication code;

步骤215:判断步骤214得到的第二特殊认证码与IC卡中内置的特殊认证码是否一致,如果一致,则说明IC卡合法;如果不一致,则返回错误操作;Step 215: judging whether the second special authentication code obtained in step 214 is consistent with the special authentication code built in the IC card, if consistent, the IC card is legal; if inconsistent, return to an error operation;

步骤216:判断随机数4是否随机,如果随机数4为固定的编码,或者与之前(如:十次)充值操作的随机数有匹配,则该随机数不随机,充值命令可能受到恶意攻击,返回错误操作;如果随机数4随机,则此充值命令不是恶意攻击的指令;Step 216: Determine whether the random number 4 is random. If the random number 4 is a fixed code, or matches the random number of previous (for example: ten) recharge operations, the random number is not random, and the recharge command may be subject to malicious attacks. Return error operation; if the random number 4 is random, then this recharge command is not a malicious attack command;

步骤217:在确定随机数4随机后,IC卡对排污控制终端ESAM进行充值操作。Step 217: After the random number 4 is determined, the IC card recharges the pollution discharge control terminal ESAM.

上文所述IC卡扣款的“扣减排污量指令”格式如表2所示:The format of the "Deduction of Pollution Discharge Instruction" for IC card deduction mentioned above is shown in Table 2:

表2Table 2

P1---排污钱包文件;P1---sewage wallet file;

附加码---即增加排污量指令头“E43Axx0014”;Additional code---that is, increase the sewage discharge command header "E43Axx0014";

N---取值范围为0~3;N---The value range is 0~3;

校验和---为“CLA+INS+P1+P2+Lc+扣减量”的各字节的异或值。Checksum --- is the XOR value of each byte of "CLA+INS+P1+P2+Lc+deduction amount".

本发明实施例的IC卡排污数据增加、扣减的方法,在排污数据传输过程中,对排污数据采用了国密SM1算法加密,该算法为硬件实现,且算法不公开,保证了排污数据的安全性和保密性;The method for increasing and subtracting the sewage discharge data of the IC card in the embodiment of the present invention uses the national secret SM1 algorithm to encrypt the sewage discharge data during the transmission process of the sewage discharge data. security and confidentiality;

本发明实施例的IC卡排污数据增加、扣减的方法,增加了随机数的引入,有效防止了非法用户截获充值数据后,进行多次充值的情形;增加了特殊认证码的引入,特殊认证码是在芯片中写入到安全数据区的,企业用户无法获得,从根本上防止了克隆芯片的可能;增加了校验码的采用,通过对校验码的认证,能够有效防止排污数据传输错误及非法的数据攻击行为;上述本发明实施例引入的措施保证了排污数据在存储和传输过程中的安全性和保密性。The method for increasing and deducting IC card sewage data in the embodiment of the present invention adds the introduction of random numbers, which effectively prevents illegal users from recharging multiple times after intercepting recharge data; increases the introduction of special authentication codes, special authentication The code is written into the security data area in the chip, which cannot be obtained by enterprise users, which fundamentally prevents the possibility of cloning the chip; the adoption of the verification code is added, and the verification of the verification code can effectively prevent the transmission of sewage data Mistakes and illegal data attacks; the measures introduced by the above embodiments of the present invention ensure the security and confidentiality of the sewage data during storage and transmission.

本发明实施例公开了一种实现排污数据增加的IC卡,如图3所示,包括以下模块:The embodiment of the present invention discloses an IC card for realizing the increase of sewage data, as shown in Figure 3, including the following modules:

指令接收模块301,用于接收充值设备下发的排污量指令;An instruction receiving module 301, configured to receive the pollutant discharge instruction issued by the recharging device;

指令鉴权模块302,用于判断第一随机数是否随机,如果第一随机数随机,则增加排污量指令合法,接收充值设备的充值操作。The instruction authentication module 302 is used to judge whether the first random number is random, and if the first random number is random, then the instruction to increase the pollutant discharge volume is legal, and receives the recharge operation of the recharge device.

其中,指令鉴权模块302包括以下模块:Wherein, the instruction authentication module 302 includes the following modules:

随机数比较子模块3021,用于将第一随机数与之前充值操作的随机数进行比较;The random number comparison sub-module 3021 is used to compare the first random number with the random number of the previous recharge operation;

随机数确定子模块3022,用于根据比较结果确认第一随机数是否随机,如果第一随机数与之前充值操作的随机数匹配或者第一随机数为固定的编码,则第一随机数不随机,增加排污量指令不合法。The random number determination sub-module 3022 is used to confirm whether the first random number is random according to the comparison result. If the first random number matches the random number of the previous recharge operation or the first random number is a fixed code, the first random number is not random , the order to increase sewage discharge is illegal.

其中,实现排污数据增加的IC卡,还包括以下模块:Among them, the IC card that realizes the increase of sewage data also includes the following modules:

认证码获得模块303,用于根据解密密钥对加密密文进行解密,获得解密后的特殊认证码;An authentication code obtaining module 303, configured to decrypt the encrypted ciphertext according to the decryption key, and obtain a decrypted special authentication code;

认证码比较模块304,用于将特殊认证码与IC卡中存储的特殊认证码进行比较,如果两者不一致,则认证不通过;Authentication code comparison module 304, for comparing the special authentication code with the special authentication code stored in the IC card, if the two are inconsistent, then the authentication fails;

如果特殊认证码与IC卡中存储的特殊认证码一致,则特殊认证码认证通过。If the special authentication code is consistent with the special authentication code stored in the IC card, the authentication of the special authentication code is passed.

其中,实现排污数据增加的IC卡,还包括以下模块:Among them, the IC card that realizes the increase of sewage data also includes the following modules:

接收发送模块305,用于接收充值设备下发的获取随机数指令,生成第二随机数,将第二随机数发送回充值设备,用于生成增加排污量指令中附带的校验码。The receiving and sending module 305 is used to receive the random number acquisition instruction issued by the recharge device, generate a second random number, and send the second random number back to the recharge device for generating a check code attached to the instruction for increasing the pollutant discharge amount.

其中,实现排污数据增加的IC卡,还包括以下模块:Among them, the IC card that realizes the increase of sewage data also includes the following modules:

校验比较模块306,用于将校验码与IC卡内部计算得到的校验码进行比较,如果两者相等,则校验通过;The check comparison module 306 is used to compare the check code with the check code calculated inside the IC card, and if the two are equal, the check is passed;

如果两者不相等,则校验未通过。If the two are not equal, the validation fails.

本发明实施例的实现排污数据增加的IC卡,在算法上采用了国密SM1算法取代了crypto算法或者DES算法,且将现有技术中的明文传输改为密文传输,保证了排污数据在传输过程中的安全性和保密性。The IC card for realizing the increase of sewage data in the embodiment of the present invention adopts the national secret SM1 algorithm to replace the crypto algorithm or the DES algorithm in the algorithm, and changes the plain text transmission in the prior art into the cipher text transmission, which ensures that the sewage data is in Security and confidentiality during transmission.

本发明实施例的实现排污数据增加的IC卡,在排污量指令中引入了随机数的概念,有效防止了非法用户截取充值数据,进行多次充值;引入了特殊认证码的措施,特殊认证码是写入到芯片中的安全数据区的,防止了克隆芯片的产生;引入校验码的措施,防止了排污数据的传输错误或者传输过程中的非法攻击行为。The IC card that realizes the increase of sewage data in the embodiment of the present invention introduces the concept of random number in the sewage volume command, effectively preventing illegal users from intercepting the recharge data and recharging multiple times; introducing the measures of special authentication code, special authentication code It is written into the security data area of the chip, which prevents the generation of cloned chips; the introduction of the check code measures prevents the transmission error of the sewage data or the illegal attack during the transmission process.

本发明实施例的实现排污数据增加的IC卡,在充值过程中,排污数据均为密文传输方式,保证了传输的安全性;在IC卡扣款过程中,输出了对排污控制终端ESAM进行充值的报文,排污控制终端只是作为一个传输媒介,对充值报文无法干涉,保证了数据的安全性。In the IC card that realizes the increase of sewage data in the embodiment of the present invention, during the recharge process, the sewage data is transmitted in cipher text, which ensures the security of the transmission; For the recharge message, the sewage control terminal is only used as a transmission medium, and cannot interfere with the recharge message, ensuring data security.

本发明实施例还公开了一种实现排污数据扣减的IC卡,如图4所示,包括以下模块:The embodiment of the present invention also discloses an IC card for realizing deduction of sewage data, as shown in Figure 4, including the following modules:

指令接收模块401,用于接收排污控制终端下发的扣减排污量指令,扣减排污量指令包括:第三随机数、附加码,第三随机数和附加码用于对排污控制终端ESAM进行充值时产生第二校验码。The instruction receiving module 401 is used to receive the pollutant emission reduction instruction issued by the emission control terminal. The emission reduction instruction includes: a third random number, an additional code, and the third random number and the additional code are used to carry out A second verification code is generated when recharging.

随机数生成模块模块402,用于判断IC卡内余额是否充足,如果充足,则生成第四随机数,如果不足,则不生成随机数;Random number generating module module 402, for judging whether the balance in the IC card is sufficient, if sufficient, then generate the fourth random number, if insufficient, then not generate random number;

校验码生成模块403,用于对扣减的排污数据、第四随机数及第二特殊认证码进行加密得到加密密文,根据第三随机数对附加码和加密密文进行MAC计算得到第二校验码,所述附加码、所述加密密文及所述第二校验码构成对排污控制终端ESAM充值的增加排污量指令。The verification code generation module 403 is used to encrypt the deducted sewage data, the fourth random number and the second special authentication code to obtain the encrypted ciphertext, and perform MAC calculation on the additional code and the encrypted ciphertext according to the third random number to obtain the first Two verification codes, the additional code, the encrypted ciphertext and the second verification code constitute an instruction to increase the amount of pollutant discharge for recharging the ESAM of the pollution control terminal.

上述IC卡,还包括:The aforementioned IC card also includes:

指令鉴权模块404,用于判断第四随机数是否随机,如果第四随机数随机,则增加排污量指令合法,对排污控制终端ESAM进行充值操作。The instruction authentication module 404 is used to judge whether the fourth random number is random, and if the fourth random number is random, then the instruction to increase the pollution discharge amount is legal, and recharges the pollution discharge control terminal ESAM.

其中,指令鉴权模块404包括以下模块:Wherein, the instruction authentication module 404 includes the following modules:

随机数比较子模块4041,用于将第四随机数与之前充值操作的随机数进行比较;The random number comparison sub-module 4041 is used to compare the fourth random number with the random number of the previous recharge operation;

随机数确定子模块4042,用于根据比较结果确认第四随机数是否随机,如果第四随机数与之前充值操作的随机数匹配或者第四随机数为固定的编码,则第一随机数不随机,增加排污量指令不合法。The random number determination sub-module 4042 is used to confirm whether the fourth random number is random according to the comparison result. If the fourth random number matches the random number of the previous recharge operation or the fourth random number is a fixed code, the first random number is not random , the order to increase sewage discharge is illegal.

上述IC卡,还包括:The aforementioned IC card also includes:

认证码获得模块405,用于对加密密文进行解密,获得解密后的第二特殊认证码;An authentication code obtaining module 405, configured to decrypt the encrypted ciphertext, and obtain a decrypted second special authentication code;

认证码比较模块406,用于将第二特殊认证码与排污控制终端ESAM中存储的特殊认证码进行比较,如果两者不一致,则认证不通过;The authentication code comparison module 406 is used to compare the second special authentication code with the special authentication code stored in the sewage control terminal ESAM, and if the two are inconsistent, the authentication fails;

如果第二特殊认证码与排污控制终端ESAM中存储的特殊认证码一致,则特殊认证码认证通过。If the second special authentication code is consistent with the special authentication code stored in the sewage control terminal ESAM, the special authentication code authentication is passed.

上述IC卡,还包括:The aforementioned IC card also includes:

校验码比较模块407,用于将增加排污量指令中附带的第二校验码与终端ESAM内部计算得到的校验码进行比较,如果两者相等,则校验通过;The check code comparison module 407 is used to compare the second check code attached to the command to increase the pollutant discharge amount with the check code calculated inside the terminal ESAM, and if the two are equal, the check is passed;

如果两者不相等,则校验未通过。If the two are not equal, the validation fails.

本发明实施例的实现排污数据扣减的IC卡,在算法上采用了国密SM1算法取代了crypto算法或者DES算法,且将现有技术中的明文传输改为密文传输,保证了排污数据在传输过程中的安全性和保密性。The IC card for realizing the deduction of sewage data in the embodiment of the present invention adopts the national secret SM1 algorithm instead of the crypto algorithm or DES algorithm in the algorithm, and changes the plaintext transmission in the prior art into ciphertext transmission to ensure the sewage data Security and confidentiality during transmission.

本发明实施例的实现排污数据扣减的IC卡,在排污量指令中引入了随机数的概念,有效防止了非法用户截取充值数据,进行多次充值;引入了特殊认证码的措施,特殊认证码是写入到芯片中的安全数据区的,防止了克隆芯片的产生;引入校验码的措施,防止了排污数据的传输错误或者传输过程中的非法攻击行为。The IC card for realizing the deduction of sewage data in the embodiment of the present invention introduces the concept of random number in the sewage command, which effectively prevents illegal users from intercepting recharge data and recharging multiple times; introduces special authentication code measures, special authentication The code is written into the security data area of the chip, which prevents the generation of cloned chips; the introduction of the check code measures prevents the transmission error of the sewage data or the illegal attack during the transmission process.

本发明实施例的实现排污数据扣减的IC卡,在充值过程中,排污数据均为密文传输方式,保证了传输的安全性;在IC卡扣款过程中,输出了对排污控制终端ESAM进行充值的报文,排污控制终端只是作为一个传输媒介,对充值报文无法干涉,保证了数据的安全性。In the IC card that realizes the deduction of sewage data in the embodiment of the present invention, during the recharge process, the sewage data is transmitted in cipher text, which ensures the security of the transmission; For the recharge message, the sewage control terminal is only used as a transmission medium, and cannot interfere with the recharge message, ensuring data security.

本发明能有多种不同形式的具体实施方式,上面以图1-图4为例结合附图对本发明的技术方案作举例说明,这并不意味着本发明所应用的具体实例只能局限在特定的流程或实施例结构中,本领域的普通技术人员应当了解,上文所提供的具体实施方案只是多种优选用法中的一些示例,任何体现本发明权利要求的实施方式均应在本发明技术方案所要求保护的范围之内。The present invention can have a variety of specific implementations in different forms. The technical solutions of the present invention are illustrated in conjunction with the accompanying drawings by taking Fig. 1-Fig. 4 as examples above. In the specific process or embodiment structure, those of ordinary skill in the art should understand that the specific implementations provided above are only some examples of various preferred usages, and any implementation that embodies the claims of the present invention shall be included in the present invention. Within the scope of protection required by the technical solution.

最后应说明的是:以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Finally, it should be noted that: the above is only a preferred embodiment of the present invention, and is not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it still The technical solutions recorded in the foregoing embodiments may be modified, or some technical features thereof may be equivalently replaced. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (20)

1.一种IC卡排污数据增加的方法,其特征在于,包括:1. A method for increasing IC card sewage data, characterized in that it comprises: 接收充值设备下发的增加排污量指令,所述增加排污量指令包括:第一随机数;Receive an instruction to increase the amount of pollutant discharge issued by the recharge device, and the instruction to increase the amount of pollutant discharge includes: a first random number; 判断所述第一随机数是否随机,如果所述第一随机数随机,则所述增加排污量指令合法,接收所述充值设备的充值操作。Judging whether the first random number is random, if the first random number is random, the command to increase the pollutant discharge amount is legal, and the recharging operation of the recharging device is accepted. 2.根据权利要求1所述的方法,其特征在于,所述判断第一随机数是否随机,包括:2. The method according to claim 1, wherein said judging whether the first random number is random comprises: 将所述第一随机数与之前充值操作的随机数进行比较,如果两者匹配或者所述第一随机数为固定的编码,则所述第一随机数不随机,所述增加排污量指令不合法。Comparing the first random number with the random number of the previous recharge operation, if the two match or the first random number is a fixed code, the first random number is not random, and the instruction to increase the amount of pollutant discharge is not legitimate. 3.根据权利要求1所述的方法,其特征在于,还包括:3. The method according to claim 1, further comprising: 所述增加排污量指令还包括:第一特殊认证码的加密密文和所述排污量指令对应的解密密钥;The instruction for increasing the amount of pollutant discharge also includes: the encrypted ciphertext of the first special authentication code and the decryption key corresponding to the instruction for the amount of pollutant discharge; 根据所述解密密钥对所述加密密文进行解密,获得解密后的第一特殊认证码;Decrypting the encrypted ciphertext according to the decryption key to obtain a decrypted first special authentication code; 将所述第一特殊认证码与IC卡中存储的特殊认证码进行比较,如果两者不一致,则认证不通过;Comparing the first special authentication code with the special authentication code stored in the IC card, if the two are inconsistent, the authentication fails; 如果所述第一特殊认证码与IC卡中存储的特殊认证码一致,则所述特殊认证码认证通过。If the first special authentication code is consistent with the special authentication code stored in the IC card, the authentication of the special authentication code is passed. 4.根据权利要求1所述的方法,其特征在于,还包括:4. The method according to claim 1, further comprising: 接收所述充值设备下发的获取随机数指令,生成第二随机数,将所述第二随机数发送回所述充值设备,用于生成所述增加排污量指令中附带的第一校验码。receiving a random number acquisition instruction issued by the recharging device, generating a second random number, and sending the second random number back to the recharging device for generating a first check code attached to the instruction for increasing the amount of pollutant discharge . 5.根据权利要求4所述的方法,其特征在于,还包括:5. The method according to claim 4, further comprising: 接收所述充值设备下发的所述增加排污量指令之后,将所述充值设备生成的所述第一校验码与IC卡内部计算得到的校验码进行比较,如果两者相等,则校验通过;After receiving the instruction to increase the amount of pollutant discharge issued by the recharge device, compare the first check code generated by the recharge device with the check code calculated inside the IC card, and if the two are equal, check passed the test; 如果两者不相等,则校验未通过。If the two are not equal, the validation fails. 6.一种实现排污数据增加的IC卡,其特征在于,包括:6. An IC card for increasing sewage discharge data, characterized in that it comprises: 指令接收模块,用于接收充值设备下发的增加排污量指令,所述增加排污量指令包括:第一随机数;An instruction receiving module, configured to receive an instruction for increasing the amount of pollutant discharge issued by the recharge device, the instruction for increasing the amount of pollutant emission includes: a first random number; 指令鉴权模块,用于判断所述第一随机数是否随机,如果所述第一随机数随机,则所述增加排污量指令合法,接收所述充值设备的充值操作。The instruction authentication module is used for judging whether the first random number is random, if the first random number is random, the instruction for increasing the pollutant discharge amount is legal, and receives the recharge operation of the recharge device. 7.根据权利要求6所述的IC卡,其特征在于,所述指令鉴权模块包括:7. IC card according to claim 6, is characterized in that, described instruction authentication module comprises: 随机数比较子模块,用于将所述第一随机数与之前充值操作的随机数进行比较;The random number comparison submodule is used to compare the first random number with the random number of the previous recharge operation; 随机数确定子模块,用于根据所述比较结果确认所述第一随机数是否随机:如果所述第一随机数与之前充值操作的随机数匹配或者所述第一随机数为固定的编码,则所述第一随机数不随机,所述增加排污量指令不合法。The random number determining submodule is used to confirm whether the first random number is random according to the comparison result: if the first random number matches the random number of the previous recharge operation or the first random number is a fixed code, Then the first random number is not random, and the instruction to increase the amount of pollutant discharge is illegal. 8.根据权利要求6所述的IC卡,其特征在于,所述增加排污量指令还包括:特殊认证码的加密密文和所述排污量指令对应的解密密钥,IC卡还包括:8. The IC card according to claim 6, wherein the instruction to increase the amount of pollutant discharge also includes: the encrypted ciphertext of the special authentication code and the decryption key corresponding to the instruction for the amount of pollutant discharge, and the IC card further includes: 认证码获得模块,用于根据所述解密密钥对所述加密密文进行解密,获得解密后的第一特殊认证码;An authentication code obtaining module, configured to decrypt the encrypted ciphertext according to the decryption key, and obtain a decrypted first special authentication code; 认证码比较模块,用于将所述第一特殊认证码与IC卡中存储的特殊认证码进行对比比较,如果两者不一致,则认证不通过;An authentication code comparison module, configured to compare the first special authentication code with the special authentication code stored in the IC card, and if the two are inconsistent, the authentication fails; 如果所述第一特殊认证码与IC卡中存储的特殊认证码一致,则所述特殊认证码认证通过。If the first special authentication code is consistent with the special authentication code stored in the IC card, the authentication of the special authentication code is passed. 9.根据权利要求6所述的IC卡,其特征在于,还包括:9. The IC card according to claim 6, further comprising: 接收发送模块,用于接收所述充值设备下发的获取随机数指令,生成第二随机数,将所述第二随机数发送回所述充值设备,用于生成所述增加排污量指令中附带的第一校验码。The receiving and sending module is used to receive the random number acquisition instruction issued by the recharging device, generate a second random number, and send the second random number back to the recharging device for generating The first check code of . 10.根据权利要求6所述的IC卡,其特征在于,还包括:10. The IC card according to claim 6, further comprising: 校验比较模块,用于接收所述充值设备下发的所述增加排污量指令之后,将所述第一校验码与IC卡内部计算得到的校验码进行比较,如果两者相等,则校验通过;The check comparison module is used to compare the first check code with the check code calculated inside the IC card after receiving the instruction to increase the pollutant discharge amount issued by the recharge device, and if the two are equal, then Verification passed; 如果两者不相等,则校验未通过。If the two are not equal, the validation fails. 11.一种IC卡排污数据扣减的方法,其特征在于,包括:11. A method for deducting pollutant discharge data by an IC card, characterized in that it comprises: 接收排污控制终端下发的扣减排污量指令,所述扣减排污量指令包括:第三随机数、附加码,所述第三随机数和所述附加码用于对排污控制终端ESAM进行充值时产生第二校验码;Receive the pollutant discharge reduction instruction issued by the pollution discharge control terminal, the pollutant discharge reduction instruction includes: a third random number and an additional code, the third random number and the additional code are used to recharge the pollution discharge control terminal ESAM When the second check code is generated; 判断IC卡内余额是否充足,如果充足,则生成第四随机数,如果不足,则不生成随机数;Determine whether the balance in the IC card is sufficient, if sufficient, generate the fourth random number, if not, generate no random number; 对扣减的排污数据、所述第四随机数及第二特殊认证码进行加密得到加密密文,根据所述第三随机数对所述附加码和所述加密密文进行MAC计算得到第二校验码,所述附加码、所述加密密文及所述第二校验码构成对排污控制终端ESAM充值的增加排污量指令。Encrypt the deducted sewage data, the fourth random number and the second special authentication code to obtain encrypted ciphertext, and perform MAC calculation on the additional code and the encrypted ciphertext according to the third random number to obtain the second The verification code, the additional code, the encrypted ciphertext and the second verification code constitute an instruction to increase the amount of pollutant discharge for recharging the ESAM of the pollution control terminal. 12.根据权利要求11所述的方法,其特征在于,还包括:12. The method of claim 11, further comprising: 判断所述第四随机数是否随机,如果所述第四随机数随机,则所述增加排污量指令合法,对排污控制终端ESAM进行充值操作。It is judged whether the fourth random number is random, and if the fourth random number is random, then the instruction to increase the pollutant discharge volume is legal, and the operation of recharging the pollution discharge control terminal ESAM is performed. 13.根据权利要求12所述的方法,其特征在于,所述判断第四随机数是否随机,包括:13. The method according to claim 12, wherein said judging whether the fourth random number is random comprises: 将所述第四随机数与之前充值操作的随机数进行比较,如果两者匹配或者所述第四随机数为固定的编码,则所述第四随机数不随机,所述增加排污量指令不合法。Comparing the fourth random number with the random number of the previous recharge operation, if the two match or the fourth random number is a fixed code, the fourth random number is not random, and the instruction to increase the amount of pollutant discharge is not legitimate. 14.根据权利要求11所述的方法,其特征在于,还包括:14. The method of claim 11, further comprising: 对所述加密密文进行解密,获得解密后的第二特殊认证码;Decrypting the encrypted ciphertext to obtain a decrypted second special authentication code; 将所述第二特殊认证码与排污控制终端ESAM中存储的特殊认证码进行比较,如果两者不一致,则认证不通过;Comparing the second special authentication code with the special authentication code stored in the sewage control terminal ESAM, if the two are inconsistent, the authentication fails; 如果所述第二特殊认证码与排污控制终端ESAM中存储的特殊认证码一致,则所述特殊认证码认证通过。If the second special authentication code is consistent with the special authentication code stored in the pollution discharge control terminal ESAM, the authentication of the special authentication code is passed. 15.根据权利要求11所述的方法,其特征在于,还包括:15. The method of claim 11, further comprising: 将所述排污量指令中附带的所述第二校验码与终端ESAM内部计算得到的校验码进行比较,如果两者相等,则校验通过;Comparing the second check code attached to the pollutant discharge command with the check code calculated inside the terminal ESAM, if the two are equal, the check is passed; 如果两者不相等,则校验未通过。If the two are not equal, the validation fails. 16.一种实现排污数据扣减的IC卡,其特征在于,包括:16. An IC card for deduction of pollutant discharge data, characterized in that it comprises: 指令接收模块,用于接收排污控制终端下发的扣减排污量指令,所述扣减排污量指令包括:第三随机数、附加码,所述第三随机数和所述附加码用于对排污控制终端ESAM进行充值时产生第二校验码;The command receiving module is used to receive the command for reducing the amount of pollutant discharge issued by the pollution control terminal. The command for reducing the amount of pollutant discharge includes: a third random number and an additional code. The third random number and the additional code are used for The second check code is generated when the sewage control terminal ESAM recharges; 随机数生成模块,用于判断IC卡内余额是否充足,如果充足,则生成第四随机数,如果不足,则不生成随机数;A random number generation module, used to judge whether the balance in the IC card is sufficient, if sufficient, generate a fourth random number, if not, generate no random number; 校验码生成模块,用于对扣减的排污数据、所述第四随机数及第二特殊认证码进行加密得到加密密文,根据所述第三随机数对所述附加码和所述加密密文进行MAC计算得到第二校验码,所述附加码、所述加密密文及所述第二校验码构成对排污控制终端ESAM充值的增加排污量指令。A verification code generating module, configured to encrypt the deducted sewage data, the fourth random number and the second special authentication code to obtain encrypted ciphertext, and to encrypt the additional code and the encrypted ciphertext according to the third random number MAC calculation is performed on the cipher text to obtain a second check code, and the additional code, the encrypted cipher text, and the second check code constitute an instruction to increase the amount of pollutant discharge for recharging the ESAM of the pollution control terminal. 17.根据权利要求16所述的IC卡,其特征在于,还包括:17. The IC card according to claim 16, further comprising: 指令鉴权模块,用于判断所述第四随机数是否随机,如果所述第四随机数随机,则所述增加排污量指令合法,对排污控制终端ESAM进行充值操作。The instruction authentication module is used to judge whether the fourth random number is random, if the fourth random number is random, then the instruction to increase the pollution discharge amount is legal, and recharges the pollution discharge control terminal ESAM. 18.根据权利要求16所述的IC卡,其特征在于,还包括:18. The IC card according to claim 16, further comprising: 随机数比较子模块,用于将第四随机数与之前充值操作的随机数进行比较;The random number comparison sub-module is used to compare the fourth random number with the random number of the previous recharge operation; 随机数确定子模块,用于根据比较结果确认第四随机数是否随机,如果第四随机数与之前充值操作的随机数匹配或者第四随机数为固定的编码,则第一随机数不随机,增加排污量指令不合法。The random number determination sub-module is used to confirm whether the fourth random number is random according to the comparison result. If the fourth random number matches the random number of the previous recharge operation or the fourth random number is a fixed code, the first random number is not random. The order to increase the amount of sewage discharged is illegal. 19.根据权利要求16所述的IC卡,其特征在于,还包括:19. The IC card according to claim 16, further comprising: 认证码获得模块,用于对所述加密密文进行解密,获得解密后的第二特殊认证码;An authentication code obtaining module, configured to decrypt the encrypted ciphertext to obtain a decrypted second special authentication code; 认证码比较模块,用于将所述第二特殊认证码与排污控制终端ESAM中存储的特殊认证码进行比较,如果两者不一致,则认证不通过;The authentication code comparison module is used to compare the second special authentication code with the special authentication code stored in the sewage control terminal ESAM, if the two are inconsistent, the authentication fails; 如果所述第二特殊认证码与排污控制终端ESAM中存储的特殊认证码一致,则所述特殊认证码认证通过。If the second special authentication code is consistent with the special authentication code stored in the pollution discharge control terminal ESAM, the authentication of the special authentication code is passed. 20.根据权利要求16所述的IC卡,其特征在于,还包括:20. The IC card according to claim 16, further comprising: 校验码比较模块,用于将所述增加排污量指令中附带的所述第二校验码与终端ESAM内部计算得到的校验码进行比较,如果两者相等,则校验通过;The verification code comparison module is used to compare the second verification code attached to the instruction to increase the pollutant discharge amount with the verification code obtained by the internal calculation of the terminal ESAM, and if the two are equal, the verification is passed; 如果两者不相等,则校验未通过。If the two are not equal, the validation fails.
CN201310479322.4A 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card Active CN104574652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310479322.4A CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310479322.4A CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Publications (2)

Publication Number Publication Date
CN104574652A true CN104574652A (en) 2015-04-29
CN104574652B CN104574652B (en) 2017-12-15

Family

ID=53090605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310479322.4A Active CN104574652B (en) 2013-10-14 2013-10-14 The increase of IC-card blowdown data, the method reduced and IC-card

Country Status (1)

Country Link
CN (1) CN104574652B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017166056A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166059A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166051A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166069A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166060A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166061A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166068A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0588339A2 (en) * 1992-09-18 1994-03-23 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
CN101247188A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for remotely managing electronic purse state
CN101499196A (en) * 2008-12-30 2009-08-05 北京握奇数据系统有限公司 Ammeter payment method, apparatus and system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data
CN102542448A (en) * 2011-12-15 2012-07-04 中国电力科学研究院 Recharge device, prepaid electricity vending system, electricity vending system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0588339A2 (en) * 1992-09-18 1994-03-23 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
CN101247188A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for remotely managing electronic purse state
CN101499196A (en) * 2008-12-30 2009-08-05 北京握奇数据系统有限公司 Ammeter payment method, apparatus and system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data
CN102542448A (en) * 2011-12-15 2012-07-04 中国电力科学研究院 Recharge device, prepaid electricity vending system, electricity vending system and method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017166056A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166059A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging method
WO2017166051A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166069A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166060A1 (en) * 2016-03-29 2017-10-05 李昕光 Refill method
WO2017166061A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system
WO2017166068A1 (en) * 2016-03-29 2017-10-05 李昕光 Recharging system

Also Published As

Publication number Publication date
CN104574652B (en) 2017-12-15

Similar Documents

Publication Publication Date Title
US12051064B2 (en) Transaction messaging
US10666428B2 (en) Efficient methods for protecting identity in authenticated transmissions
US20220070001A1 (en) Methods for secure credential provisioning
CN104574652B (en) The increase of IC-card blowdown data, the method reduced and IC-card
CN107925572B (en) Secure binding of software applications to communication devices
CN106664206B (en) Efficient method for authenticated communication
KR102442663B1 (en) Secure remote payment transaction processing
CN101639957A (en) Method, terminal and banking system for realizing load deposit or load withdrawal
CN105120425A (en) M2M identification method and apparatus, internet of things terminal and M2M identification system
CN117152886A (en) POS machine body verification method based on secret information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant