CN104579675A - Safety module, data reading-writing system for parking lot and safety setting method - Google Patents
Safety module, data reading-writing system for parking lot and safety setting method Download PDFInfo
- Publication number
- CN104579675A CN104579675A CN201410546392.1A CN201410546392A CN104579675A CN 104579675 A CN104579675 A CN 104579675A CN 201410546392 A CN201410546392 A CN 201410546392A CN 104579675 A CN104579675 A CN 104579675A
- Authority
- CN
- China
- Prior art keywords
- time
- security module
- instruction
- write line
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a safety module, a data reading-writing system for a parking lot and a safety setting method. The safety module comprises a transceiver unit, an encryption unit and a timing unit, wherein the transceiver unit is used for data and instruction interaction with a reader-writer unit; the encryption unit in which keys are stored is used for calling the keys to encrypt to-be-encrypted data from the reader-writer unit and returning the encrypted data through the transceiver unit; the timing unit comprises a time setter and an RTC (real-time clock) timer; the time setter is connected with the transceiver unit and used for setting current time according to a time setting instruction including current time information; the RTC timer is used for synchronous RTC timing according to the current time; the encryption unit is also used for returning key calling time generated by timing of the RTC timer when the encrypted data is returned. By setting the current time and performing synchronous RTC timing, a time recording function is added, the safety and reliability of the safety module during data transmission can be effectively enhanced, and artificial tampering is avoided.
Description
Technical field
The present invention relates to intelligent and safe management domain, such as, at intelligent transportation field, be specifically related to the security setting method of a kind of security module, the security setting method of security module, parking lot data read-write system and parking lot data read-write system.
Background technology
Security module refers to for realizing the module of safety certification in electronic product or system, such as PSAM card, ESAM card, SIM card etc.Especially, PSAM (Purchase Secure Access Module, terminal security module) is widely used in, on the equipment such as commercial POS, site terminal, direct-connected terminal, having security control management function, be applicable in multiple applied environment.
Such as, independently parking system is all runed by property usually in the parking lot being used in institutional settings, market, office building, residential quarters etc. at present local, the vehicle in parking lot of coming in and going out is charged, data communication between the smart card that parking lot is generally held by user and the transaction terminal of turning roadway terminal realizes charging, in order to ensure the accuracy of charge, Secure Transaction based on smart card is ensured by key code system, subscriber card, when terminal is concluded the business, needs the PSAM by being installed on transaction terminal to carry out certification.If relate to consumption, PSAM has relevant consumption key.Manager by management the key of PSAM and the key of user to reach the control of certification and consumption.The security of concluding the business is by the safety of key.
Another kind is the typical apply based on smart card, such as: the entrance and exit as highway ETC (Electronic Toll Collection, electronic toll collection) track is separately installed with one PSAM card.Only have and obtain PSAM card, subscriber card just can write access information when entering ETC track, and could consume when outlet and withhold.Such as: Entrance needs to write access information and comprises temporal information, the temporal information of entrance is read in outlet again, calculates concrete paying price by temporal information.In order to prevent cheating, entry time information may need encryption write parking card, and outlet uses after decrypts information again.
PSAM card can store the key of encrypting and decrypting, need to use PSAM card when carrying out cryptographic calculation, send be-encrypted data to PSAM card by external system by instruction, PSAM card uses the double secret key data stored to be encrypted, and encrypted result is returned to external system.
When utilizing backstage to manage multiple parking lot or expressway tol lcollection mouth or other Fare Collection Systems, all transaction records all contain temporal information and transaction sequence number, transaction record all can be unified to collect backstage, and inside networking charging system, transaction record is using the foundation as calculating.But the rate of some transaction is relevant with the time, so owner (i.e. freeway management person or parking lot management person) is just likely practised fraud by the temporal information inside amendment transaction record.Because transaction record is produced by Fare Collection System, and Fare Collection System may be each owner oneself construction, just deliberately can revise exchange hour when producing transaction record.Backstage can judge the complete line of data by the continuity of transaction sequence number, but transaction sequence number is also Fare Collection System to be generated, if owner will practise fraud just deliberately can miss transaction record, then other sequence number completion.
In addition, the management of PSAM card is a difficult problem.Although a PSAM card manager can be arranged stick into line pipe reason to PSAM, such as require that PSAM card could must be used by the certification of manager, avoid PSAM card loss and the loss that causes.But once PSAM cartoon crosses certification, then PSAM card just can use, or does not re-use after stopping using always, now manager the state of not knowing PSAM card are how, have on earth not in use and unclear.
In prior art, security module can only be done common encrypting and decrypting and calculate, and is by external clock acquisition time, and this may provide opportunity to assailant.
Summary of the invention
The technical problem to be solved in the present invention is, provides the security setting method of the security setting method of a kind of security module of improvement, security module, parking lot data read-write system and parking lot data read-write system.
The technical solution adopted for the present invention to solve the technical problems is: provide a kind of security module, comprising:
Transmit-Receive Unit, for carrying out data and instruction interaction with read write line; And
Store the ciphering unit of key, be encrypted from the be-encrypted data of read write line for calling double secret key, and return encrypted data by Transmit-Receive Unit;
Security module also comprises timing unit, and timing unit comprises:
The set of time device be connected with Transmit-Receive Unit, arrange current time for the set of time instruction received according to Transmit-Receive Unit, set of time instruction comprises current time information; And
RTC timer, is connected with set of time device, for carrying out RTC time synchronisation according to current time;
The key allocating time produced ciphering unit is also for returning RTC timer during when returning encrypted data.
Preferably, set of time instruction also comprises age threshold, and security module also comprises inefficacy reset unit, for RTC timer up to age threshold time security module was lost efficacy, thus make ciphering unit stop calling key and being encrypted.
Preferably, ciphering unit comprises a counter, and counter counts once when often calling a secondary key, and ciphering unit returns the count value of counter when returning encrypted data, as transaction sequence number.
Preferably, set of time instruction also comprises a time MAC code drawn according to MAC algorithm; Security module also comprises MAC verification unit, for carrying out MAC code check to time MAC code.
A kind of security setting method of security module is also provided, comprises the steps:
S1: security module receives the set of time instruction that read write line sends;
S2: the timing unit of security module arranges current time according to current time information and starts RTC time synchronisation;
S3: when read write line sends a be-encrypted data to security module, security module is called key and be-encrypted data is encrypted, and the key allocating time produced when read write line returns encrypted data and RTC timer.
Preferably, in step S3:
S3: security module also judges whether the RTC time synchronisation time of timing unit reaches age threshold, if not, then security module is normally run, and when read write line sends a be-encrypted data to security module, security module is called key and be-encrypted data is encrypted, and returns encrypted data and key allocating time to read write line; If so, then security module lost efficacy, and stopped calling key and was encrypted.
Preferably, set of time instruction also comprises a time MAC code drawn according to MAC algorithm; In step sl, security module carries out MAC code check according to MAC algorithm to time MAC code, if it is correct to verify out time MAC code, then performs step S2; If incorrect, then terminate.
Preferably, in step s3, security module counts once when often calling a secondary key, and ciphering unit returns the count value of counter when returning encrypted data, as transaction sequence number.Also provide a kind of parking lot data read-write system, comprise read write line and be arranged on the security module in read write line, wherein, read write line is Lane regulation device.
A kind of security setting method of data read-write system is also provided, comprises the steps:
T1: read write line arranges instruction to security module transmitting time;
T2: security module arranges current time according to set of time instruction and starts RTC time synchronisation;
T3: when read write line sends a be-encrypted data to security module, security module is called key and be-encrypted data is encrypted, and the key allocating time produced when read write line returns encrypted data and RTC timer.
Wherein, the set of time instruction in step T1 obtains as follows:
T4: read write line sends time acquisition instruction to a manager, manager obtains instruction according to the time and returns time acquisition result to read write line, and the time obtains the time MAC code comprising current time information and draw according to MAC algorithm in result;
T5: read write line obtains result according to the time and sends set of time instruction to security module, and set of time instruction comprises current time information and time MAC code;
In step T1: security module carries out MAC code check according to MAC algorithm to time MAC code, if it is correct to verify out time MAC code, then perform step T2; If incorrect, then terminate.
Enforcement the invention has the beneficial effects as follows: the present invention, by arranging current time and carrying out RTC time synchronisation, adds the time writing function calling key, effectively can strengthen the safety and reliability of security module when data are transmitted, and avoids people for distorting.
In addition, the present invention produces transaction sequence number by the counting of security module, and after avoiding transaction sequence number to be generated by Fare Collection System, owner deliberately misses the cheating situation with completion transaction record, further increases the reliability of data transmission.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the schematic flow sheet that in prior art, security module is encrypted the data that read write line sends;
Fig. 2 is the logical organization of security module and the module diagram of read write line in some embodiments of the invention;
Fig. 3 is the concise and to the point schematic flow sheet of the security setting method of security module in some embodiments of the invention;
Fig. 4 is the idiographic flow schematic diagram of the security setting method of the security module of some embodiments of the invention;
Fig. 5 is the module diagram of parking lot data read-write system in some embodiments of the invention;
Fig. 6 is the concise and to the point schematic flow sheet of the security setting method of data read-write system in some embodiments of the invention;
Fig. 7 is the idiographic flow schematic diagram of the security setting method of the data read-write system of some embodiments of the invention.
Embodiment
In order to there be understanding clearly to technical characteristic of the present invention, object and effect, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail.
Security module 100 as shown in Figure 2 in some embodiments of the invention, this security module 100 also can be applied in other occasions the system forming other.This security module 100, for carrying out safety encipher to data, comprises Transmit-Receive Unit 10, ciphering unit 20, encrypted initialization unit 30, timing unit 40, inefficacy reset unit 50 and MAC verification unit 60.Wherein, Transmit-Receive Unit 10 and external reader 900 carry out data and instruction interaction; The be-encrypted data that ciphering unit 20 pairs of Transmit-Receive Units 10 receive is encrypted; The encrypted initialization instruction that encrypted initialization unit 30 pairs of Transmit-Receive Units 10 receive responds; Timing unit 40 carries out current time according to the set of time instruction that Transmit-Receive Unit 10 receives and arranges and timing; Inefficacy reset unit 50 stops encryption to controlling ciphering unit 20 when the timing time of timing unit 40 reaches age threshold; The time MAC code that MAC verification unit 60 pairs of Transmit-Receive Units 10 receive carries out MAC code check.
Wherein, Transmit-Receive Unit 10 is for carrying out data and instruction interaction with read write line 900, and it can receive data from read write line 900 and instruction, and the data through the process of security module 100 internal element can be sent to read write line 900.As selection, instruction is also transferred to read write line 900 by PSAM card manager, and read write line 900 also can by corresponding for instruction result feedback to PSAM card reader.
Ciphering unit 20 is connected with Transmit-Receive Unit 10, for being encrypted, is stored with key.When ciphering unit 20 receives the be-encrypted data from read write line 900 by Transmit-Receive Unit 10, ciphering unit 20 calls this be-encrypted data of double secret key and is encrypted, then by key allocating time that Transmit-Receive Unit 10 produces when read write line 900 returns the RTC timer of encrypted data and timing unit 40.Preferably, also can comprise a counter in ciphering unit 20, counter counts once when often calling a secondary key.As selection, also can comprise the current count value of counter in encrypted data, this count value is used as transaction sequence number.
Encrypted initialization unit 30, for returning an encrypted initialization result to Transmit-Receive Unit 10 according to the encrypted initialization instruction of read write line 900, plays the effect waking security module 100 up.As selection, security module 100 also can omit encrypted initialization unit 30, can wake up by other means or to start whole security module 100 in running order.
Interocclusal record when timing unit 40 is for carrying out with the current time information in set of time instruction for benchmark, and the time of ciphering unit 20 being called key is as key allocating time, and jointly return with encrypted data, thus prevent the external system time of distorting from practising fraud.In the present embodiment, timing unit 40 can comprise set of time device 41 and RTC timer 42.
Wherein, set of time device 41 is connected with Transmit-Receive Unit 10, for arranging current time.When the set of time instruction that Transmit-Receive Unit 10 receives, set of time device 41 arranges current time according to the current time information in set of time instruction.Understandably, when set of time device 41 arranges current time, then timing unit 40 with this current time for interocclusal record when benchmark carries out.Preferably, the set of time instruction time MAC code etc. that comprises current time information, age threshold and draw according to MAC algorithm.
RTC timer 42 is connected with set of time device 41, for carrying out RTC time synchronisation according to current time, thus provides the key allocating time calling key at every turn and be encrypted.
Further, the inefficacy reset unit 50 of this security module 100 can also when the timing time of timing unit 40 reaches age threshold, security module 100 was lost efficacy, thus make ciphering unit 20 stop calling key and being encrypted, security module 100 is forced to keep contacting, so that security module 100 manager is followed the trail of security module 100 using state with security module 100 manager further.
Further, the MAC verification unit 60 of this security module 100 is for carrying out MAC code check to the time MAC code of set of time instruction, if it is correct to verify out time MAC code, then can proceeds other and arrange, if incorrect, then terminate.As selection, MAC verification unit 60 also can be used for generating verification MAC code and being combined with encrypted data being returned by Transmit-Receive Unit 10 again, then carries out MAC code check by read write line 900 or manager, to improve the reliability of communication.
Understandably, this security module 100 also can omit MAC verification unit 60, to simplify the structure of security module 100.
As Fig. 3 shows the security setting method of security module 100 in Fig. 2 embodiment, in the method, first read write line 900 sends a set of time instruction to security module 100, and security module 100 returns a result to read write line 900; Then, read write line 900 sends other instructions according to the result returned to security module 100 again, and security module 100 returns other data to read write line.Wherein, when exceeding age threshold the service time of security module 100, it lost efficacy, then need to re-start setting.
To this security setting method further instruction shown in composition graphs 4: first read write line 900 sends a set of time instruction to security module 100, the Transmit-Receive Unit 10 of security module 100 receives the set of time instruction of read write line 900 transmission, and this set of time instruction comprises current time information and age threshold (S1).Wherein, interocclusal record when current time information is used for carrying out for security module 100 as benchmark, age threshold is used for after a certain time security module 100 being lost efficacy, security module 100 is forced to keep contacting, so that security module 100 manager is followed the trail of security module 100 using state with security module 100 manager.
Wherein, instruction example be:
Set of time instruction: 005A 00 00 12+ (14 byte current time information T1)+(3 byte age threshold T2)
Return 1:9000
Wherein, 14 byte current time information T1 are BCD form, YYYYMMDDHHNNSS.Age threshold T2, unit is second, i.e. timing from T1 will be lost efficacy after T2.
As selection, in certain embodiments, set of time instruction also can comprise a time MAC code drawn according to MAC algorithm.The MAC verification unit 60 of security module 100 carries out MAC code check according to MAC algorithm to time MAC code, if it is correct to verify out time MAC code, then allows to continue to perform subsequent step (shown in Fig. 1 step); If incorrect, then terminate, do not allow to continue to perform subsequent step.
Then, the timing unit 40 of security module 100 arranges current time according to current time information, and starts RTC time synchronisation (S2).Interocclusal record when timing unit 40 carries out according to current time information also records the time of at every turn calling key, thus prevents the external system time of distorting from practising fraud.Wherein, when the set of time instruction that Transmit-Receive Unit 10 receives, set of time device 41 arranges current time according to the current time information in set of time instruction.Understandably, when set of time device 41 arranges current time, then security module 100 with this current time for interocclusal record when benchmark carries out.RTC timer 42 carries out RTC time synchronisation according to current time.
Finally, inefficacy reset unit 50 in security module 100 judges whether the RTC time synchronisation time of timing unit 40 reaches age threshold, to lose efficacy to making security module 100 during age threshold in RTC timer 42 timing, thus make ciphering unit 20 stop calling key and being encrypted, security module 100 is forced to keep contacting, so that security module 100 manager is followed the trail of security module 100 using state with security module 100 manager further.If the RTC time synchronisation time does not reach age threshold, then security module 100 is normally run, and when read write line 900 sends a be-encrypted data to security module 100, the ciphering unit 20 of security module 100 calls key and be-encrypted data is encrypted, and return encrypted data to read write line 900, wherein data encryption process can adopt encryption method as shown in Figure 1; If reach age threshold, then security module 100 lost efficacy, and stopped calling key and was encrypted (S3).After security module 100 lost efficacy, all state reset of security module 100, after necessary this set of time instruction of re invocation of security module 100 manager, security module 100 just can work on.
In the embodiment above, in set of time instruction, current time and age threshold are expressly, and this exists certain hidden danger, and the system of cheating can arrange wrong time to reach the object of cheating.Therefore, as selection, in certain embodiments, security module 100 is imported into by set of time instruction again after current time and age threshold can be through encryption, security module 100 decrypts current time and age threshold after receiving set of time instruction, and whether verification is correct, if correctly arranged accordingly again.
As selection, in certain embodiments, also can revise key attribute, increase a counter attribute, such as:
At key new clothes or when upgrading, counter is set to 0.After this application flow is with reference to figure 2, and wherein instruction example is as follows:
For the first time:
Encrypted initialization instruction: 801A270108+ (8 byte encrypted initialization instruction)
Encrypted initialization responds: 9000
Be-encrypted data: 80FA020008+ (8 byte be-encrypted data)
Encrypted data: (8 byte encrypted data)+(counter 00000001)+9000
For the second time:
Encrypted initialization instruction: 801A270108+ (8 byte encrypted initialization instruction)
Encrypted initialization responds: 9000
Be-encrypted data: 80FA020008+ (8 byte be-encrypted data)
Encrypted data: (8 byte encrypted data)+(counter 00000002)+9000
Counter in security module 100 counts once when often calling a secondary key, ciphering unit 20 returns the count value of described counter when returning encrypted data, as transaction sequence number, background system or PSAM card manager will verify to enciphered data the authenticity checking transaction sequence number.Key new clothes or renewal hour counter reset and set to 0.
In the above-described embodiments, count value is expressly, in order to avoid encrypted data is being distorted by operation system through operation system, can to the encrypted data returned, key allocating time and count value, generate verification MAC code by MAC verification unit 60 and be combined with encrypted data, key allocating time and count value and returned by Transmit-Receive Unit 10 again.
Wherein, instruction example is as follows:
Encrypted data: (8 byte encrypted data)+(counter 00000001)+(4 byte MAC)+9000
Wherein MAC algorithm is: calculate MAC to (8 byte encrypted data)+(counter 00000001)+(4 byte 00) with standard MAC algorithm by key itself and obtain.
Show the parking lot data read-write system in some embodiments of the invention as Fig. 5, this system comprise read write line 900 and to arrange in read write line 900, as the security module 100 of embodiment in Fig. 2, wherein, read write line 900 is Lane regulation device.
As Fig. 6 shows the security setting method of data read-write system in the above embodiment of the present invention, in the method, in order to effective Administrative Security module 100, introduce manager 800.Can at built-in one of this manager 800 " timeliness check key (KeyT) ", an identical check key is set in security module 100.First, read write line 900 sends time acquisition instruction to manager 800, and manager 800 obtains instruction according to this time and returns time acquisition result to read write line 900, and then, subsequent step is with step shown in Fig. 3.
In conjunction with as shown in Figure 7, in some embodiments, the security setting method of data read-write system comprises: first read write line 900 sends time acquisition instruction to manager 800, manager 800 obtains instruction according to the time and returns time acquisition result to read write line 900, and the time obtains the time MAC code (T4) comprising current time information, age threshold and draw according to MAC algorithm in result.Read write line 900 obtains result according to the time and sends set of time instruction to security module 100, and set of time instruction comprises current time information, age threshold and time MAC code (T5).
Wherein, instruction example is as follows:
Time obtains instruction: 0051
Illustrate: the time obtains 7816 agreements that instruction is not standard, just draws an analogy 0051 here.
After the acquisition instruction of manager 800 time of receipt (T of R), obtain current time information and be converted into 14 byte binary-coded decimals (T1), form YYYYMMDDHHNNSS, add the time-out time (T2) in seconds of 3 bytes, add 7 bytes 00, then calculate 4 byte MAC codes (M) with KeyT with the MAC algorithm of standard.Then 28 byte result (T1+T2+M) are returned.
Time obtains instruction results: 28 byte result R.
Then, read write line 900 arranges instruction to security module 100 transmitting time, and set of time instruction comprises current time information and an age threshold (T1).Security module 100 carries out MAC code check according to MAC algorithm to time MAC code, if it is correct to verify out time MAC code, then performs step T2; If incorrect, then terminate.
Wherein, instruction example is as follows:
Set of time instruction: 005A 00 02 1C+ (21 byte data R)
Illustrate: after security module 100 receives, whether correct with same algorithm and key verification MAC, if correctly arranged again.In instruction 02 represents the key version number of check key.
Return 1:9000 or other error codes.
Finally, security module 100 arranges current time according to set of time instruction and starts RTC time synchronisation (T2).Security module 100 judges whether the RTC time synchronisation time reaches age threshold, if not, then security module 100 is normally run, and when read write line 900 sends a be-encrypted data to security module 100, security module 100 is called key and be-encrypted data is encrypted, and returns encrypted data, key allocating time and count value to read write line 900; If so, then security module 100 lost efficacy, and stopped calling key and was encrypted (T3).After this security module 100 normally works, after T2 lost efficacy second, returning results of all instructions was 9009, represented that security module 100 lost efficacy, the now all state reset of security module 100, security module 100 manager just can must work on after this instruction of re invocation.Here obtain timeliness parameter by manager 800, wherein age threshold can be arranged by the tension management systematic unity of manager 800, avoids Fare Collection System arbitrarily to arrange.Other guide is identical with middle security module 100 embodiment illustrated in fig. 1, does not repeat at this.
In some embodiments, security module also can not arrange timing unit 10, only use counter, count once when often calling a secondary key, ciphering unit 20 returns the count value of described counter when returning encrypted data, as transaction sequence number, background system or PSAM card manager will verify to enciphered data the authenticity checking transaction sequence number, and this mode also can improve security to a certain extent.
The above is only the preferred embodiment of the present invention, protection scope of the present invention be not only confined to above-described embodiment, and all technical schemes belonged under thinking of the present invention all belong to protection scope of the present invention.It should be pointed out that for those skilled in the art, several improvements and modifications without departing from the principles of the present invention, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (11)
1. a security module, comprising:
Transmit-Receive Unit (10), for carrying out data and instruction interaction with read write line (900); And
Store the ciphering unit (20) of key, be encrypted from the be-encrypted data of described read write line (900) for calling described double secret key, and return encrypted data by described Transmit-Receive Unit (10);
It is characterized in that, described security module also comprises timing unit (40), and described timing unit (40) comprising:
The set of time device (41) be connected with described Transmit-Receive Unit (10), arranges current time for the set of time instruction received according to described Transmit-Receive Unit (10), and described set of time instruction comprises current time information; And
RTC timer (42), is connected with described set of time device (41), for carrying out RTC time synchronisation according to described current time;
The key allocating time produced described ciphering unit (20) is also for returning described RTC timer during when returning encrypted data.
2. security module according to claim 1, it is characterized in that, described set of time instruction also comprises age threshold, described security module also comprises inefficacy reset unit (50), for making described security module lose efficacy in the timing of described RTC timer (42) to during described age threshold, thus described ciphering unit (20) stopping is made to call described key and be encrypted.
3. security module according to claim 1, it is characterized in that, described ciphering unit (20) comprises a counter, described counter counts once when often calling once described key, described ciphering unit (20) also returns the count value of described counter when returning encrypted data, as transaction sequence number.
4. the security module according to any one of claims 1 to 3, is characterized in that, described set of time instruction also comprises a time MAC code drawn according to MAC algorithm; Described security module also comprises MAC verification unit (60), for carrying out MAC code check to described time MAC code.
5. the security setting method of security module as described in any one of Claims 1-4, is characterized in that, comprise the steps:
S1: described security module (100) receives the set of time instruction that described read write line (900) sends;
S2: the timing unit (40) of described security module (100) arranges current time according to described current time information and starts RTC time synchronisation;
S3: when described read write line (900) sends a be-encrypted data to described security module (100), described security module (100) is called key and described be-encrypted data is encrypted, and the key allocating time produced when described read write line (900) returns encrypted data and described RTC timer.
6. the security setting method of security module according to claim 5, is characterized in that,
In described step S3: described security module (100) also judges whether the RTC time synchronisation time of described timing unit (40) reaches described age threshold, if not, then described security module (100) is normally run, and when described read write line (900) sends a be-encrypted data to described security module (100), described security module (100) is called key and described be-encrypted data is encrypted, and returns encrypted data and described key allocating time to described read write line (900); If so, then described security module (100) lost efficacy, and stopped calling described key and was encrypted.
7. the security setting method of security module according to claim 5, it is characterized in that, described set of time instruction also comprises a time MAC code drawn according to MAC algorithm; In described step S1, described security module (100) carries out MAC code check according to described MAC algorithm to described time MAC code, if it is correct to verify out described time MAC code, then performs described step S2; If incorrect, then terminate.
8. the security setting method of security module according to claim 5, it is characterized in that, in described step S3, described security module (100) counts once when often calling once described key, described ciphering unit (20) returns the count value of described counter when returning encrypted data, as transaction sequence number.
9. a parking lot data read-write system, it is characterized in that, comprise read write line (900) and be arranged on the security module (100) in described read write line (900), as described in any one of Claims 1-4, wherein, described read write line (900) is Lane regulation device (800).
10. a security setting method for parking lot data read-write system as claimed in claim 9, is characterized in that, comprise the steps:
T1: read write line (900) sends described set of time instruction to described security module (100);
T2: described security module (100) arranges current time according to described set of time instruction and starts RTC time synchronisation;
T3: when described read write line (900) sends a be-encrypted data to described security module (100), described security module (100) is called key and described be-encrypted data is encrypted, and the key allocating time produced when described read write line (900) returns encrypted data and described RTC timer.
The security setting method of 11. data read-write systems according to claim 10, it is characterized in that, wherein, the described set of time instruction in described step T1 obtains as follows:
T4: described read write line (900) sends time acquisition instruction to a manager (800), described manager (800) obtains instruction according to the described time and returns time acquisition result to described read write line (900), and the described time obtains the time MAC code comprising described current time information and draw according to MAC algorithm in result;
T5: described read write line (900) obtains result according to the described time and sends described set of time instruction to described security module (100), and described set of time instruction comprises described current time information and described time MAC code;
In described step T1: described security module (100) carries out MAC code check according to described MAC algorithm to described time MAC code, if it is correct to verify out described time MAC code, then perform described step T2; If incorrect, then terminate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410546392.1A CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410546392.1A CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104579675A true CN104579675A (en) | 2015-04-29 |
| CN104579675B CN104579675B (en) | 2018-09-07 |
Family
ID=53094956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410546392.1A Active CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104579675B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577700A (en) * | 2016-03-04 | 2016-05-11 | 陈锡鸿 | Vehicle entrance and exit control system based on remote secret key and control method thereof |
| CN105741117A (en) * | 2016-01-25 | 2016-07-06 | 恒宝股份有限公司 | Method and off-line transaction device based on security key |
| CN105788007A (en) * | 2016-02-25 | 2016-07-20 | 上海众人网络安全技术有限公司 | Parking management system and method based on dynamic tokens |
| CN106355657A (en) * | 2015-07-19 | 2017-01-25 | 深圳成谷科技有限公司 | Vehicular electronic tag capable of achieving multi-industry application and implementation method thereof |
| CN109741180A (en) * | 2018-12-26 | 2019-05-10 | 中国工商银行股份有限公司 | Block chain chain transaction serial number gencration method and module, block chain network node |
| CN111223198A (en) * | 2020-03-17 | 2020-06-02 | 深圳栩峰科技有限公司 | ETC-POS processing unit, electronic toll collection system, electronic toll collection method, computing device, and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585478A (en) * | 2003-08-20 | 2005-02-23 | 王耀 | Condition reception assembled controlling method without addressing authorization |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102129730A (en) * | 2010-01-14 | 2011-07-20 | 上海峥创电子有限公司 | Non-contact CPU (Central Processing Unit) card entrance guard reader |
| CN102402654A (en) * | 2010-09-16 | 2012-04-04 | 上海芯邦泰智能科技有限公司 | System and method for sharing security module by card readers |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
-
2014
- 2014-10-15 CN CN201410546392.1A patent/CN104579675B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585478A (en) * | 2003-08-20 | 2005-02-23 | 王耀 | Condition reception assembled controlling method without addressing authorization |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102129730A (en) * | 2010-01-14 | 2011-07-20 | 上海峥创电子有限公司 | Non-contact CPU (Central Processing Unit) card entrance guard reader |
| CN102402654A (en) * | 2010-09-16 | 2012-04-04 | 上海芯邦泰智能科技有限公司 | System and method for sharing security module by card readers |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106355657A (en) * | 2015-07-19 | 2017-01-25 | 深圳成谷科技有限公司 | Vehicular electronic tag capable of achieving multi-industry application and implementation method thereof |
| CN105741117A (en) * | 2016-01-25 | 2016-07-06 | 恒宝股份有限公司 | Method and off-line transaction device based on security key |
| CN105788007A (en) * | 2016-02-25 | 2016-07-20 | 上海众人网络安全技术有限公司 | Parking management system and method based on dynamic tokens |
| CN105788007B (en) * | 2016-02-25 | 2018-07-27 | 上海众人网络安全技术有限公司 | A kind of parking management system and its method based on dynamic token |
| CN105577700A (en) * | 2016-03-04 | 2016-05-11 | 陈锡鸿 | Vehicle entrance and exit control system based on remote secret key and control method thereof |
| CN105577700B (en) * | 2016-03-04 | 2019-05-21 | 广州益车益路软件科技有限公司 | Vehicle in and out port control system and its control method based on remote cipher key |
| CN109741180A (en) * | 2018-12-26 | 2019-05-10 | 中国工商银行股份有限公司 | Block chain chain transaction serial number gencration method and module, block chain network node |
| CN109741180B (en) * | 2018-12-26 | 2021-04-27 | 中国工商银行股份有限公司 | Block chain continuous transaction sequence number generation method and device and block chain network node |
| CN111223198A (en) * | 2020-03-17 | 2020-06-02 | 深圳栩峰科技有限公司 | ETC-POS processing unit, electronic toll collection system, electronic toll collection method, computing device, and medium |
| CN111223198B (en) * | 2020-03-17 | 2021-06-25 | 深圳栩峰科技有限公司 | ETC-POS processing unit, electronic toll collection system, electronic toll collection method, computing device, and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104579675B (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104579675A (en) | Safety module, data reading-writing system for parking lot and safety setting method | |
| CN108985818B (en) | Advertisement delivery system and method based on block chain technology | |
| US7693797B2 (en) | Transaction and payment system security remote authentication/validation of transactions from a transaction provider | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN203386245U (en) | Electronic toll collection (ETC) on board unit on-line issuing system combining mobile terminal | |
| CN104915829B (en) | Exchange method and device are applied based on NFC technique | |
| CN111027028A (en) | Copyright data processing method and device based on intelligent contract | |
| CN101807994B (en) | Method and system for application data transmission of IC card | |
| CN103259667A (en) | Method and system for eID authentication on mobile terminal | |
| CN103136663A (en) | Remote payment system based on terminal fingerprint identification | |
| CN106503492A (en) | A kind of authorization management method, server, customer equipment and system | |
| CN108831048B (en) | Intelligent card receiving and sending charging system and method based on code scanning information | |
| CN106910303B (en) | A kind of monitoring device of making out an invoice, billing system and billing method applied to tax control | |
| CN103400265A (en) | Quick payment method and system based on position information | |
| CN103942880A (en) | A payment method based on biological characteristics | |
| CN101741565A (en) | Method and system for transmitting IC (integrated circuit)-card application data | |
| CN104050567A (en) | Data interaction method under off-line mode, terminal and server | |
| CN107967605B (en) | Rail transit automatic fare collection two-dimensional code credit payment encryption method | |
| CN101599192B (en) | Method for achieving security guard of bank card | |
| CN101833823A (en) | Intelligent IC card advanced charge thermal clearing control system and control process thereof | |
| CN110147666A (en) | Lightweight NFC identity identifying method, Internet of Things communications platform under scenes of internet of things | |
| CN101141250A (en) | Instrument equipment, data safety access method, device and system | |
| CN101986355A (en) | Method, system and terminal for managing transaction authority of bank card | |
| CN108573181A (en) | A kind of RFID reader, RFID system and block chain network | |
| CN104574535A (en) | PSAM (Purchase Secure Access Module) and management method and system thereof as well as vehicle charge management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |