CN104579675B - Security module, parking lot data read-write system and security setting method - Google Patents
Security module, parking lot data read-write system and security setting method Download PDFInfo
- Publication number
- CN104579675B CN104579675B CN201410546392.1A CN201410546392A CN104579675B CN 104579675 B CN104579675 B CN 104579675B CN 201410546392 A CN201410546392 A CN 201410546392A CN 104579675 B CN104579675 B CN 104579675B
- Authority
- CN
- China
- Prior art keywords
- time
- security module
- key
- reader
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of security module, parking lot data read-write system and security setting methods.The security module includes:Transmit-Receive Unit, for carrying out data and instruction interaction with reader;It is stored with the encryption unit of key, for calling be-encrypted data of the key pair from reader to be encrypted, and encrypted data is returned to by Transmit-Receive Unit;Security module further includes timing unit, and timing unit includes:The time setter being connected with Transmit-Receive Unit, for instruction setting current time to be arranged according to the time, time setting instruction includes current time information;And RTC timers, for carrying out RTC time synchronisations according to current time;The key allocating time generated when encryption unit when returning to encrypted data for returning to RTC timers.The present invention increases time writing function, can effectively reinforce safety and reliability of the security module in data transmission, avoid artificially distorting by the way that current time is arranged and carries out RTC time synchronisations.
Description
Technical field
The present invention relates to intelligent and safe management domains, such as in intelligent transportation field, and in particular to a kind of security module, peace
The security setting method of full module, the security setting side of parking lot data read-write system and parking lot data read-write system
Method.
Background technology
Security module refers to the module for realizing safety certification in electronic product or system, such as PSAM cards, ESAM cards,
SIM card etc..Particularly, PSAM (Purchase Secure Access Module, terminal security module) is widely used in commercialization
In the equipment such as POS machine, site terminal, direct-connected terminal, there is security control management function, suitable for a variety of application environments.
For example, being presently used in the parking lot in the place such as institutional settings, market, office building, residential quarters usually all by property
Independent parking system is runed, is charged to the vehicle in the parking lot that comes in and goes out, the intelligence that parking lot is generally held by user
Data between card and the transaction terminal of turning roadway terminal communicate realization charge, in order to ensure the accuracy of charge, based on intelligence
The Secure Transaction of card is ensured that subscriber card is needed when terminal is traded by being installed on transaction terminal by key code system
PSAM is authenticated.If being related to consuming, PSAM has relevant consumption key.Manager by manage PSAM key and
The key of user is to reach the control of certification and consumption.The safety of transaction by key safety.
Another kind is the typical case based on smart card, such as:Such as highway ETC (Electronic Toll
Collection, electronic toll collection) entrance and exit in track is separately installed with a PSAM card.Only obtain
PSAM cards, subscriber card can just write access information when entering the tracks ETC, and could consume and withhold at outlet.Such as:Parking
Field entrance needs to write access information to include temporal information, and the temporal information of entrance is read in outlet again, is calculated by temporal information
Specific paying price.It practises fraud in order to prevent, entry time information may need encryption write-in parking card, and information is again decrypted in outlet
After use.
PSAM cards can be stored with the key of encrypting and decrypting, when needing to use PSAM cards progress cryptographic calculation, be by outside
It unites and be-encrypted data is sent to PSAM cards by instruction, PSAM cards use stored data key to be encrypted, and will add
Close result returns to external system.
Using backstage to either expressway tol lcollection mouth or other toll collection systems are managed in multiple parking lots when, own
Transaction record all contain temporal information and transaction sequence number, transaction record all can uniformly be collected into backstage, in networked fee collection
Transaction record is by the foundation as calculating inside system.But the rate of some transaction is related with the time, then owner is (i.e.
Freeway management person or parking lot management person) be possible by modification transaction record inside temporal information make
Disadvantage.Because transaction record is generated by toll collection system, and to may be each owner oneself build toll collection system, is generating friendship
Exchange hour can be deliberately changed when easily recording.Backstage can judge the complete of data by the continuity of transaction sequence number
Property, but transaction sequence number is also what toll collection system generated, if owner will practise fraud and can deliberately miss transaction record, then
Other serial number completions.
In addition, the management of PSAM cards is a problem.Although a PSAM cards manager can be arranged carries out pipe to PSAM cards
Reason, for example requires PSAM cards to have to use certified by the manager, avoid PSAM cards loss and caused by loss.
But once PSAM cards by certification, then PSAM cards can use always, or not used after stopping using, and manage at this time
Reason device be not aware that PSAM cards state how, on earth either with or without using unclear.
In the prior art, security module can only do common encrypting and decrypting and calculate, and be when being obtained by external clock
Between, this may provide opportunity to attacker.
Invention content
The technical problem to be solved in the present invention is, provides the security setting of a kind of improved security module, security module
The security setting method of method, parking lot data read-write system and parking lot data read-write system.
The technical solution adopted by the present invention to solve the technical problems is:A kind of security module is provided, including:
Transmit-Receive Unit, for carrying out data and instruction interaction with reader;And
It is stored with the encryption unit of key, for calling be-encrypted data of the key pair from reader to be encrypted, and
Encrypted data is returned by Transmit-Receive Unit;
Security module further includes timing unit, and timing unit includes:
The time setter being connected with Transmit-Receive Unit, the time setting instruction setting for being received according to Transmit-Receive Unit
Current time, time setting instruction includes current time information;And
RTC timers are connected with time setter, for carrying out RTC time synchronisations according to current time;
Encryption unit is additionally operable to the key allocating time generated when returning to RTC timers when returning to encrypted data.
Preferably, time setting instruction also includes age threshold, and security module further includes failure reset unit, is used for
RTC timers make security module fail when age threshold, so that encryption unit stops that key is called to be added
It is close.
Preferably, encryption unit includes a counter, and counter counts once in one secondary key of every calling, encryption unit
The count value that counter is returned when returning to encrypted data, is used as transaction sequence number.
Preferably, time setting instruction also includes a time MAC code obtained according to MAC algorithms;Security module further includes
MAC verification units, for carrying out MAC code checks to time MAC code.
A kind of security setting method of security module is also provided, is included the following steps:
S1:Security module receives the time setting instruction that reader is sent;
S2:The timing unit of security module is arranged current time according to current time information and starts RTC time synchronisations;
S3:When reader sends a be-encrypted data to security module, security module calls key by be-encrypted data
The key allocating time generated when being encrypted, and encrypted data and RTC timers are returned to reader.
Preferably, in step S3:
S3:Security module also judges whether the RTC time synchronisation times of timing unit reach age threshold, if it is not, then pacifying
Full module normal operation, and when reader sends a be-encrypted data to security module, security module calls key that will wait for
Encryption data is encrypted, and returns to encrypted data and key allocating time to reader;If so, security module fails,
Stop that key is called to be encrypted.
Preferably, time setting instruction also includes a time MAC code obtained according to MAC algorithms;In step sl, safety
Module carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out time MAC code correctly, thens follow the steps S2;If
It is incorrect, then terminate.
Preferably, in step s3, security module counts once in one secondary key of every calling, and encryption unit adds in return
The count value for returning to counter after close when data, is used as transaction sequence number.A kind of parking lot data read-write system is also provided, is wrapped
The security module for including reader and being arranged in reader, wherein reader is Lane regulation device.
A kind of security setting method of data read-write system is also provided, is included the following steps:
T1:Reader is arranged to security module sending time to be instructed;
T2:Security module is arranged instruction setting current time according to the time and starts RTC time synchronisations;
T3:When reader sends a be-encrypted data to security module, security module calls key by be-encrypted data
The key allocating time generated when being encrypted, and encrypted data and RTC timers are returned to reader.
Wherein, the time setting instruction in step T1 obtains as follows:
T4:Reader sends a time acquisition instruction to a manager, and manager is according to time acquisition instruction to reader
Time acquisition is returned as a result, the time obtains in result comprising current time information and the time MAC obtained according to MAC algorithms
Code;
T5:Reader obtains result according to the time and sends out time setting instruction to security module, and time setting instruction includes
Current time information and time MAC code;
In step T1:Security module carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out the time
MAC codes are correct, then follow the steps T2;If incorrect, terminate.
The beneficial effects of the practice of the present invention is:The present invention is increased by the way that current time is arranged and carries out RTC time synchronisations
The time writing function for calling key, can effectively reinforce safety and reliability of the security module in data transmission, avoid
Artificially distort.
In addition, the present invention generates transaction sequence number by the counting of security module, avoid transaction sequence number by toll collection system
Owner deliberately misses the cheating situation with completion transaction record after generation, further improves the reliability of data transmission.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the flow diagram that the data that security module sends reader in the prior art are encrypted;
Fig. 2 is the module diagram of the logical construction of security module and reader in some embodiments of the invention;
Fig. 3 is the brief flow diagram of the security setting method of security module in some embodiments of the invention;
Fig. 4 is the idiographic flow schematic diagram of the security setting method of the security module of some embodiments of the invention;
Fig. 5 is the module diagram of parking lot data read-write system in some embodiments of the invention;
Fig. 6 is the brief flow diagram of the security setting method of data read-write system in some embodiments of the invention;
Fig. 7 is the idiographic flow schematic diagram of the security setting method of the data read-write system of some embodiments of the invention.
Specific implementation mode
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail
The specific implementation mode of the present invention.
The security module 100 in some embodiments of the invention, the security module 100 can also be applied to as shown in Figure 2
Other systems are formed in other occasions.The security module 100 is used to carry out safe encryption to data, including Transmit-Receive Unit 10,
Encryption unit 20, encrypted initialization unit 30, timing unit 40, failure reset unit 50 and MAC verification units 60.Wherein, it receives
Bill member 10 carries out data and instruction interaction with external reader 900;Encryption unit 20 receives Transmit-Receive Unit 10 to be encrypted
Data are encrypted;Encrypted initialization unit 30 responds the encrypted initialization instruction that Transmit-Receive Unit 10 receives;Timing list
The time setting instruction that member 40 is received according to Transmit-Receive Unit 10 carries out current time setting and timing;Fail reset unit 50 to
Control encryption unit 20 stops encryption when the timing time of timing unit 40 reaches age threshold;MAC verification units 60 are to transmitting-receiving
The time MAC code that unit 10 receives carries out MAC code checks.
Wherein, Transmit-Receive Unit 10 is used to carry out data and instruction interaction with reader 900, can receive and comes from reader
900 data and instruction, and the data handled through 100 internal element of security module can be sent to reader 900.As choosing
It selects, instruction can also be transferred to reader 900 by PSAM card managers, and reader 900 can will also instruct corresponding result to feed back
Give PSAM card readers.
Encryption unit 20 is connect with Transmit-Receive Unit 10, for being encrypted, is stored with key.When encryption unit 20 is logical
Cross Transmit-Receive Unit 10 and receive the be-encrypted data from reader 900, encryption unit 20 call the key pair be-encrypted data into
Row encryption, when then by Transmit-Receive Unit 10 to the RTC timers of the return encrypted data of reader 900 and timing unit 40
The key allocating time of generation.Preferably, a counter is may also include in encryption unit 20, counter is in one secondary key of every calling
When count it is primary.Alternatively, the current count value of counter is may also include in encrypted data, which is used as transaction sequence
Row number.
Encrypted initialization unit 30, which is used to be instructed according to the encrypted initialization of reader 900, returns to an encrypted initialization result
To Transmit-Receive Unit 10, play the role of waking up security module 100.Alternatively, it is initial can also to omit encryption for security module 100
Change unit 30, can wake up by other means or start entire security module 100 and is in running order.
Timing unit 40 is used to carry out time record and on the basis of the current time information in time setting instruction, and will
Encryption unit 20 calls the time of key to be returned jointly as key allocating time, and with encrypted data, to prevent outside
System distorts the time and practises fraud.In the present embodiment, timing unit 40 may include time setter 41 and RTC timers 42.
Wherein, time setter 41 is connected with Transmit-Receive Unit 10, for current time to be arranged.When Transmit-Receive Unit 10 receives
When the time setting instruction arrived, current time is arranged according to the current time information in time setting instruction in time setter 41.
It is to be appreciated that when current time is arranged in time setter 41, then when timing unit 40 is carried out on the basis of the current time
Between record.Preferably, time setting instruction includes current time information, age threshold and the time MAC obtained according to MAC algorithms
Code etc..
RTC timers 42 are connected with time setter 41, for carrying out RTC time synchronisations according to current time, to
The key allocating time for calling key to be encrypted every time is provided.
Further, the failure reset unit 50 of the security module 100 can also be reached in the timing time of timing unit 40
When to age threshold so that security module 100 fails, so that encryption unit 20 stops that key is called to be encrypted, into one
Step forces the holding of security module 100 to be contacted with 100 manager of security module, so that 100 manager of security module is to safety
100 use state of module is tracked.
Further, the MAC verification units 60 of the security module 100 be used for the time setting instruction time MAC code into
Row MAC code checks can proceed with other settings, if incorrect, terminate if verifying out time MAC code correctly.As choosing
It selects, MAC verification units 60 can also be used to generate verification MAC codes and be combined with encrypted data to return by Transmit-Receive Unit 10 again,
MAC code checks are carried out by reader 900 or manager again, to improve the reliability of communication.
It is to be appreciated that the security module 100 can also omit MAC verification units 60, to simplify the knot of security module 100
Structure.
If Fig. 3 shows the security setting method of security module 100 in Fig. 2 embodiments, in this method, reader first
900 send time setting instruction to security module 100, and security module 100 returns to a result to reader 900;Then, it reads and writes
Device 900 sends other instructions further according to the result of return to security module 100, and security module 100 returns to other numbers to reader
According to.Wherein, when the usage time of security module 100 is more than age threshold, failure then needs to re-start setting.
To the security setting method further instruction in conjunction with shown in Fig. 4:Reader 900 is sent out to security module 100 first
Send time setting instruction, the Transmit-Receive Unit 10 of security module 100 to receive the time setting instruction that reader 900 is sent, this when
Between setting instruction include current time information and age threshold (S1).Wherein, current time information is used for as benchmark for peace
Full module 100 carries out time record, and age threshold is for after a certain time so that the failure of security module 100, forces safe mould
The holding of block 100 is contacted with 100 manager of security module, so that 100 manager of security module uses shape to security module 100
State is tracked.
Wherein, instruction example is:
Time setting instruction:00 00 12+ of 005A (14 byte current time information T1)+(3 byte age threshold T2)
Return to 1:9000
Wherein, 14 byte current time information T1 are BCD formats, YYYYMMDDHHNNSS.Age threshold T2, unit are
Second, i.e., the timing since T1 will fail after T2.
Alternatively, in some embodiments, time setting instruction also may include the time obtained according to MAC algorithms
MAC codes.The MAC verification units 60 of security module 100 carry out MAC code checks according to MAC algorithms to time MAC code, if verifying out
Time MAC code is correct, then allows to continue to execute subsequent step (step shown in Fig. 1);If incorrect, terminate, does not allow to continue
Execute subsequent step.
Then, current time is arranged according to current time information in the timing unit 40 of security module 100, and it is same to start RTC
Walk timing (S2).Timing unit 40 carries out time record according to current time information and records the time of calling key every time, from
And it prevents external system from distorting the time and practises fraud.Wherein, when the time that Transmit-Receive Unit 10 receives instruction being arranged, the time sets
It sets device 41 and current time is arranged according to the current time information in time setting instruction.It is to be appreciated that when time setter 41
When current time is arranged, then security module 100 carries out time record on the basis of the current time.RTC timers 42 are according to working as
The preceding time carries out RTC time synchronisations.
Finally, the failure reset unit 50 in security module 100 judge timing unit 40 the RTC time synchronisation times whether
Reach age threshold, to make security module 100 fail when 42 timing of RTC timers is to age threshold, so that plus
Close unit 20 stops that key is called to be encrypted, and security module 100 is further forced to keep carrying out with 100 manager of security module
Contact, so that 100 manager of security module is tracked 100 use state of security module.If the RTC time synchronisation times do not reach
To age threshold, then 100 normal operation of security module, and in reader 900 be-encrypted data is sent to security module 100
When, the encryption unit 20 of security module 100 calls key that be-encrypted data is encrypted, and returns and encrypt to reader 900
Encryption method as shown in Figure 1 can be used in data afterwards, wherein data encryption process;If reaching age threshold, security module 100
Failure stops that key is called to be encrypted (S3).After security module 100 fails, all state resets of security module 100, peace
After complete 100 manager of module must re-call time setting instruction, security module 100 can just work on.
In the embodiment above, in time setting instruction, current time and age threshold are in plain text that there are one for this
Determine hidden danger, a wrong time can be arranged to achieve the purpose that cheating in the system of cheating.Therefore, it is alternatively that, at some
In embodiment, current time and age threshold can be passed to security module 100 by time setting instruction again after encryption,
Security module 100 decrypts current time and age threshold after receiving time setting instruction, and whether verification is correct, if just
Really it is arranged accordingly again.
Alternatively, in some embodiments, key attribute can be also changed, a counter attribute is increased, such as:
In key new clothes or update, counter is set to 0.Hereafter application flow is with reference to figure 2, wherein instructing example
It is as follows:
For the first time:
Encrypted initialization instructs:801A270108+ (instruction of 8 byte encrypted initializations)
Encrypted initialization responds:9000
Be-encrypted data:80FA020008+ (8 byte be-encrypted data)
Encrypted data:(8 byte encrypted data)+(counter 00000001)+9000
Second:
Encrypted initialization instructs:801A270108+ (instruction of 8 byte encrypted initializations)
Encrypted initialization responds:9000
Be-encrypted data:80FA020008+ (8 byte be-encrypted data)
Encrypted data:(8 byte encrypted data)+(counter 00000002)+9000
Counter in security module 100 counts once in one secondary key of every calling, and encryption unit 20 is returning to encryption
The count value of the counter is returned when data afterwards, is used as transaction sequence number, background system or PSAM cards manager will be right
Encryption data is verified to examine the authenticity of transaction sequence number.Key new clothes or update hour counter reset are set to 0.
In the above-described embodiments, count value be in plain text, in order to avoid encrypted data by operation system when by business
System is distorted, and can generate school by MAC verification units 60 to the encrypted data, key allocating time and count value of return
It tests MAC codes and is combined with encrypted data, key allocating time and count value and returned again by Transmit-Receive Unit 10.
Wherein, instruction example is as follows:
Encrypted data:(8 byte encrypted data)+(counter 00000001)+(4 byte MAC)+9000
Wherein MAC algorithms are:By key itself to (8 byte encrypted data)+(counter 00000001)+(4 words
00) section is used standard MAC algorithms to calculate MAC and is obtained.
As Fig. 5 shows that the parking lot data read-write system in some embodiments of the invention, the system include reader
900 and setting reader 900 in, in such as Fig. 2 embodiment security module 100, wherein reader 900 is Lane regulation device.
If Fig. 6 shows the security setting method of data read-write system in the above embodiment of the present invention, in this method, in order to
Effectively management security module 100, introduces manager 800.It can be in " timeliness a check key built in the manager 800
(KeyT) ", an identical check key is set in security module 100.First, reader 900 is sent out to manager 800
A time acquisition instruction, manager 800 is sent to return to time acquisition to reader 900 as a result, so according to the time acquisition instruction
Afterwards, subsequent step is the same as step shown in Fig. 3.
In conjunction with as shown in fig. 7, in some embodiments, the security setting method of data read-write system includes:Reader first
900 send a time acquisition instruction to manager 800, and manager 800 returns for the moment according to time acquisition instruction to reader 900
Between obtain as a result, the time obtain result in include current time information, age threshold and the time obtained according to MAC algorithms
MAC codes (T4).Reader 900 obtains result according to the time and sends out time setting instruction, time setting instruction to security module 100
Including current time information, age threshold and time MAC code (T5).
Wherein, instruction example is as follows:
Time acquisition instruction:0051
Explanation:Time acquisition instruction is not 7816 agreements of standard, only draws an analogy 0051 here.
After 800 time of receipt (T of R) of manager acquisition instruction, obtains current time information and be converted into 14 byte BCD codes (T1), lattice
Formula YYYYMMDDHHNNSS, in addition the time-out time (T2) in seconds of 3 bytes, in addition 7 bytes 00, then use KeyT
4 byte MAC codes (M) are calculated to obtain with the MAC algorithms of standard.Then 28 byte results (T1+T2+M) is returned.
Time acquisition instruction result:28 byte result R.
Then, reader 900 is arranged to 100 sending time of security module and instructs, and time setting instruction includes current time
Information and an age threshold (T1).Security module 100 carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out
Time MAC code is correct, thens follow the steps T2;If incorrect, terminate.
Wherein, instruction example is as follows:
Time setting instruction:00 02 1C+ of 005A (21 byte data R)
Explanation:It is whether correct with same algorithm and key verification MAC after security module 100 receives, if it is correct again into
Row setting.02 in instruction represents the key version number of check key.
Return to 1:9000 or other error codes.
Finally, security module 100 is arranged instruction setting current time according to the time and starts RTC time synchronisations (T2).Peace
Full module 100 judges whether the RTC time synchronisation times reach age threshold, if it is not, then 100 normal operation of security module, and
Reader 900 to security module 100 send a be-encrypted data when, security module 100 call key by be-encrypted data into
Row encryption, and return to encrypted data, key allocating time and count value to reader 900;If so, security module 100 is lost
Effect stops that key is called to be encrypted (T3).Hereafter security module 100 works normally, after failure in T2 seconds, the return of all instructions
Result is 9009, indicates that security module 100 is no longer valid, at this time 100 all state resets of security module, security module 100
Manager can just work on after must re-calling the instruction.Here timeliness parameter, wherein timeliness are obtained by manager 800
Threshold value can be arranged by the tension management systematic unity of manager 800, and toll collection system is avoided arbitrarily to be arranged.Other content and figure
Security module 100 is identical in 1 illustrated embodiment, herein without repeating.
In some embodiments, security module can also be not provided with timing unit 10, and counter is only used only, and often call primary close
It is counted once when key, encryption unit 20 returns to the count value of the counter when returning to encrypted data, is used as transaction sequence
Number, background system or PSAM cards manager will verify encryption data to examine the authenticity of transaction sequence number, this
Kind mode can also improve safety to a certain extent.
The above is only a preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-mentioned implementation
Example, all technical solutions belonged under thinking of the present invention all belong to the scope of protection of the present invention.It should be pointed out that for the art
Those of ordinary skill for, several improvements and modifications without departing from the principles of the present invention, these improvements and modifications
Also it should be regarded as protection scope of the present invention.
Claims (7)
1. a kind of security module, including:
Transmit-Receive Unit (10), for carrying out data and instruction interaction with reader (900);And
It is stored with the encryption unit (20) of key, for calling the key pair to come from the number to be encrypted of the reader (900)
According to being encrypted, and passes through the Transmit-Receive Unit (10) and return to encrypted data;
It is characterized in that, the security module further includes timing unit (40), the timing unit (40) includes:
The time setter (41) being connected with the Transmit-Receive Unit (10), for what is received according to the Transmit-Receive Unit (10)
Time setting instruction setting current time, the time setting instruction includes current time information;And
RTC timers (42) are connected with the time setter (41), for carrying out RTC synchronizations according to the current time
Timing;
The encryption unit (20) is additionally operable to the key tune generated when returning to the RTC timers when returning to encrypted data
Use the time;
The time setting instruction also includes age threshold, and the security module further includes failure reset unit (50), is used for
The security module is made to fail when RTC timers (42) timing is to the age threshold, so that the encryption is single
First (20) stop that the key is called to be encrypted, all state resets of the security module;
The encryption unit (20) includes a counter, and the counter counts primary, institute in the primary key of every calling
The count value that encryption unit (20) also returns to the counter when returning to encrypted data is stated, transaction sequence number is used as;It is described
The counter resets are set to 0 when key new clothes or update.
2. security module according to claim 1, which is characterized in that the time setting instruction also includes one according to MAC
The time MAC code that algorithm obtains;The security module further includes MAC verification units (60), for being carried out to the time MAC codes
MAC code checks.
3. a kind of security setting method of the security module as described in any one of claim 1 to 2, which is characterized in that including as follows
Step:
S1:The security module (100) receives the time setting instruction that the reader (900) sends;
S2:The timing unit (40) of the security module (100) is arranged current time according to the current time information and starts
RTC time synchronisations;
S3:When the reader (900) sends a be-encrypted data to the security module (100), the security module
(100) it calls key that the be-encrypted data is encrypted, and encrypted data and described is returned to the reader (900)
The key allocating time generated when RTC timers;
In the step S3:The security module (100) also judge the timing unit (40) the RTC time synchronisation times whether
Reach the age threshold, if it is not, then security module (100) normal operation, and in the reader (900) to described
When security module (100) sends a be-encrypted data, the security module (100) calls key to carry out the be-encrypted data
Encryption, and return to encrypted data and the key allocating time to the reader (900);If so, the security module
(100) it fails, stops that the key is called to be encrypted, all state resets of the security module (100);
In the step S3, the security module (100) counts primary in the primary key of every calling, and the encryption is single
First (20) return to the count value of the counter when returning to encrypted data, are used as transaction sequence number;The key new clothes or
The counter resets are set to 0 when person's update.
4. the security setting method of security module according to claim 3, which is characterized in that the time setting instruction is also wrapped
The time MAC code obtained according to MAC algorithms containing one;In the step S1, the security module (100) is calculated according to the MAC
Method carries out MAC code checks to the time MAC codes, if verifying out the time MAC codes correctly, executes the step S2;If
It is incorrect, then terminate.
5. a kind of parking lot data read-write system, which is characterized in that including reader (900) and be arranged in the reader
(900) interior, such as claim 1 to 2 any one of them security module (100), wherein the reader (900) is that track is managed
Manage device (800).
6. a kind of security setting method of parking lot data read-write system as claimed in claim 5, which is characterized in that including such as
Lower step:
T1:Reader (900) sends the time setting instruction to the security module (100);
T2:The security module (100) is arranged instruction setting current time according to the time and starts RTC time synchronisations;
T3:When the reader (900) sends a be-encrypted data to the security module (100), the security module
(100) it calls key that the be-encrypted data is encrypted, and encrypted data and described is returned to the reader (900)
The key allocating time generated when RTC timers;
The security module (100) also judges whether the RTC time synchronisation times of the timing unit (40) reach the timeliness
Threshold value, if it is not, then security module (100) normal operation, and in the reader (900) to the security module
(100) when sending a be-encrypted data, the security module (100) calls key that the be-encrypted data is encrypted, and
Encrypted data and the key allocating time are returned to the reader (900);If so, the security module (100) is lost
Effect stops that the key is called to be encrypted, all state resets of the security module (100);
The security module (100) counts once in the primary key of every calling, and the encryption unit (20) adds in return
The count value for returning to the counter after close when data, is used as transaction sequence number;The meter when key new clothes or update
Number device reset is set to 0.
7. the security setting method of data read-write system according to claim 6, which is characterized in that wherein, the step T1
In the time setting instruction obtain as follows:
T4:The reader (900) sends a time acquisition instruction to a manager (800), and the manager (800) is according to institute
It states time acquisition instruction and returns to time acquisition as a result, the time obtains in result comprising described to the reader (900)
Current time information and the time MAC code obtained according to MAC algorithms;
T5:The reader (900) obtains result according to the time and sends out the time setting to the security module (100)
Instruction, the time setting instruction includes the current time information and the time MAC codes;
In the step T1:The security module (100) carries out MAC codes school according to the MAC algorithms to the time MAC codes
It tests, if verifying out the time MAC codes correctly, executes the step T2;If incorrect, terminate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410546392.1A CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410546392.1A CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104579675A CN104579675A (en) | 2015-04-29 |
| CN104579675B true CN104579675B (en) | 2018-09-07 |
Family
ID=53094956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410546392.1A Active CN104579675B (en) | 2014-10-15 | 2014-10-15 | Security module, parking lot data read-write system and security setting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104579675B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106355657A (en) * | 2015-07-19 | 2017-01-25 | 深圳成谷科技有限公司 | Vehicular electronic tag capable of achieving multi-industry application and implementation method thereof |
| CN105741117A (en) * | 2016-01-25 | 2016-07-06 | 恒宝股份有限公司 | Method and off-line transaction device based on security key |
| CN105788007B (en) * | 2016-02-25 | 2018-07-27 | 上海众人网络安全技术有限公司 | A kind of parking management system and its method based on dynamic token |
| CN105577700B (en) * | 2016-03-04 | 2019-05-21 | 广州益车益路软件科技有限公司 | Vehicle in and out port control system and its control method based on remote cipher key |
| CN109741180B (en) * | 2018-12-26 | 2021-04-27 | 中国工商银行股份有限公司 | Block chain continuous transaction sequence number generation method and device and block chain network node |
| CN111223198B (en) * | 2020-03-17 | 2021-06-25 | 深圳栩峰科技有限公司 | ETC-POS processing unit, electronic toll collection system, electronic toll collection method, computing device, and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585478A (en) * | 2003-08-20 | 2005-02-23 | 王耀 | Condition reception assembled controlling method without addressing authorization |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102129730A (en) * | 2010-01-14 | 2011-07-20 | 上海峥创电子有限公司 | Non-contact CPU (Central Processing Unit) card entrance guard reader |
| CN102402654A (en) * | 2010-09-16 | 2012-04-04 | 上海芯邦泰智能科技有限公司 | System and method for sharing security module by card readers |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
-
2014
- 2014-10-15 CN CN201410546392.1A patent/CN104579675B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585478A (en) * | 2003-08-20 | 2005-02-23 | 王耀 | Condition reception assembled controlling method without addressing authorization |
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102129730A (en) * | 2010-01-14 | 2011-07-20 | 上海峥创电子有限公司 | Non-contact CPU (Central Processing Unit) card entrance guard reader |
| CN102402654A (en) * | 2010-09-16 | 2012-04-04 | 上海芯邦泰智能科技有限公司 | System and method for sharing security module by card readers |
| CN104063650A (en) * | 2014-06-09 | 2014-09-24 | 韩晟 | Secret key storage device and application method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104579675A (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104579675B (en) | Security module, parking lot data read-write system and security setting method | |
| US20210049596A1 (en) | Resource transfer data management method and apparatus, and storage medium | |
| US7693797B2 (en) | Transaction and payment system security remote authentication/validation of transactions from a transaction provider | |
| CN102648471B (en) | System and method for hardware based security | |
| RU2537795C2 (en) | Trusted remote attestation agent (traa) | |
| CN110443075A (en) | A kind of method and device of block chain intelligence contract verifying deployment | |
| US9118643B2 (en) | Authentication and data integrity protection of token | |
| CN104363199B (en) | Safety certifying method and time synchronous code module based on time synchronized code | |
| CN111027028A (en) | Copyright data processing method and device based on intelligent contract | |
| CN102625939A (en) | System and method for managing electronic assets | |
| CN103250401A (en) | Secure device data records | |
| CN106027250B (en) | A kind of ID card information safe transmission method and system | |
| CN109117608A (en) | A kind of data processing method, device and relevant device | |
| CN108764909A (en) | A kind of block chain data monitoring and managing method | |
| CN109146499A (en) | User credit method of adjustment and its device, block chain node based on block chain | |
| CN106027457A (en) | Identity card information transmission method and system | |
| Dang et al. | Pricing data tampering in automated fare collection with NFC-equipped smartphones | |
| Tamrakar et al. | Tapping and Tripping with NFC | |
| CN108460867A (en) | Gate control method, device, gate and storage medium | |
| CN109302442A (en) | A kind of data storage method of proof and relevant device | |
| CN109146452A (en) | A kind of Internet of Things cost management method and system based on block chain | |
| Dang et al. | Large-scale invisible attack on AFC systems with NFC-equipped smartphones | |
| CN112286574A (en) | Method and device for counting application program versions, terminal equipment and storage medium | |
| CN104574535A (en) | PSAM (Purchase Secure Access Module) and management method and system thereof as well as vehicle charge management method and system | |
| CN106845978A (en) | IC-card self-cipher input system and IC-card self-cipher input method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |