CN104579675B - Security module, parking lot data read-write system and security setting method - Google Patents

Security module, parking lot data read-write system and security setting method Download PDF

Info

Publication number
CN104579675B
CN104579675B CN201410546392.1A CN201410546392A CN104579675B CN 104579675 B CN104579675 B CN 104579675B CN 201410546392 A CN201410546392 A CN 201410546392A CN 104579675 B CN104579675 B CN 104579675B
Authority
CN
China
Prior art keywords
time
security module
key
reader
mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410546392.1A
Other languages
Chinese (zh)
Other versions
CN104579675A (en
Inventor
王政
冉立
张恩泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Genvict Technology Co Ltd
Original Assignee
Shenzhen Genvict Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Genvict Technology Co Ltd filed Critical Shenzhen Genvict Technology Co Ltd
Priority to CN201410546392.1A priority Critical patent/CN104579675B/en
Publication of CN104579675A publication Critical patent/CN104579675A/en
Application granted granted Critical
Publication of CN104579675B publication Critical patent/CN104579675B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of security module, parking lot data read-write system and security setting methods.The security module includes:Transmit-Receive Unit, for carrying out data and instruction interaction with reader;It is stored with the encryption unit of key, for calling be-encrypted data of the key pair from reader to be encrypted, and encrypted data is returned to by Transmit-Receive Unit;Security module further includes timing unit, and timing unit includes:The time setter being connected with Transmit-Receive Unit, for instruction setting current time to be arranged according to the time, time setting instruction includes current time information;And RTC timers, for carrying out RTC time synchronisations according to current time;The key allocating time generated when encryption unit when returning to encrypted data for returning to RTC timers.The present invention increases time writing function, can effectively reinforce safety and reliability of the security module in data transmission, avoid artificially distorting by the way that current time is arranged and carries out RTC time synchronisations.

Description

Security module, parking lot data read-write system and security setting method
Technical field
The present invention relates to intelligent and safe management domains, such as in intelligent transportation field, and in particular to a kind of security module, peace The security setting method of full module, the security setting side of parking lot data read-write system and parking lot data read-write system Method.
Background technology
Security module refers to the module for realizing safety certification in electronic product or system, such as PSAM cards, ESAM cards, SIM card etc..Particularly, PSAM (Purchase Secure Access Module, terminal security module) is widely used in commercialization In the equipment such as POS machine, site terminal, direct-connected terminal, there is security control management function, suitable for a variety of application environments.
For example, being presently used in the parking lot in the place such as institutional settings, market, office building, residential quarters usually all by property Independent parking system is runed, is charged to the vehicle in the parking lot that comes in and goes out, the intelligence that parking lot is generally held by user Data between card and the transaction terminal of turning roadway terminal communicate realization charge, in order to ensure the accuracy of charge, based on intelligence The Secure Transaction of card is ensured that subscriber card is needed when terminal is traded by being installed on transaction terminal by key code system PSAM is authenticated.If being related to consuming, PSAM has relevant consumption key.Manager by manage PSAM key and The key of user is to reach the control of certification and consumption.The safety of transaction by key safety.
Another kind is the typical case based on smart card, such as:Such as highway ETC (Electronic Toll Collection, electronic toll collection) entrance and exit in track is separately installed with a PSAM card.Only obtain PSAM cards, subscriber card can just write access information when entering the tracks ETC, and could consume and withhold at outlet.Such as:Parking Field entrance needs to write access information to include temporal information, and the temporal information of entrance is read in outlet again, is calculated by temporal information Specific paying price.It practises fraud in order to prevent, entry time information may need encryption write-in parking card, and information is again decrypted in outlet After use.
PSAM cards can be stored with the key of encrypting and decrypting, when needing to use PSAM cards progress cryptographic calculation, be by outside It unites and be-encrypted data is sent to PSAM cards by instruction, PSAM cards use stored data key to be encrypted, and will add Close result returns to external system.
Using backstage to either expressway tol lcollection mouth or other toll collection systems are managed in multiple parking lots when, own Transaction record all contain temporal information and transaction sequence number, transaction record all can uniformly be collected into backstage, in networked fee collection Transaction record is by the foundation as calculating inside system.But the rate of some transaction is related with the time, then owner is (i.e. Freeway management person or parking lot management person) be possible by modification transaction record inside temporal information make Disadvantage.Because transaction record is generated by toll collection system, and to may be each owner oneself build toll collection system, is generating friendship Exchange hour can be deliberately changed when easily recording.Backstage can judge the complete of data by the continuity of transaction sequence number Property, but transaction sequence number is also what toll collection system generated, if owner will practise fraud and can deliberately miss transaction record, then Other serial number completions.
In addition, the management of PSAM cards is a problem.Although a PSAM cards manager can be arranged carries out pipe to PSAM cards Reason, for example requires PSAM cards to have to use certified by the manager, avoid PSAM cards loss and caused by loss. But once PSAM cards by certification, then PSAM cards can use always, or not used after stopping using, and manage at this time Reason device be not aware that PSAM cards state how, on earth either with or without using unclear.
In the prior art, security module can only do common encrypting and decrypting and calculate, and be when being obtained by external clock Between, this may provide opportunity to attacker.
Invention content
The technical problem to be solved in the present invention is, provides the security setting of a kind of improved security module, security module The security setting method of method, parking lot data read-write system and parking lot data read-write system.
The technical solution adopted by the present invention to solve the technical problems is:A kind of security module is provided, including:
Transmit-Receive Unit, for carrying out data and instruction interaction with reader;And
It is stored with the encryption unit of key, for calling be-encrypted data of the key pair from reader to be encrypted, and Encrypted data is returned by Transmit-Receive Unit;
Security module further includes timing unit, and timing unit includes:
The time setter being connected with Transmit-Receive Unit, the time setting instruction setting for being received according to Transmit-Receive Unit Current time, time setting instruction includes current time information;And
RTC timers are connected with time setter, for carrying out RTC time synchronisations according to current time;
Encryption unit is additionally operable to the key allocating time generated when returning to RTC timers when returning to encrypted data.
Preferably, time setting instruction also includes age threshold, and security module further includes failure reset unit, is used for RTC timers make security module fail when age threshold, so that encryption unit stops that key is called to be added It is close.
Preferably, encryption unit includes a counter, and counter counts once in one secondary key of every calling, encryption unit The count value that counter is returned when returning to encrypted data, is used as transaction sequence number.
Preferably, time setting instruction also includes a time MAC code obtained according to MAC algorithms;Security module further includes MAC verification units, for carrying out MAC code checks to time MAC code.
A kind of security setting method of security module is also provided, is included the following steps:
S1:Security module receives the time setting instruction that reader is sent;
S2:The timing unit of security module is arranged current time according to current time information and starts RTC time synchronisations;
S3:When reader sends a be-encrypted data to security module, security module calls key by be-encrypted data The key allocating time generated when being encrypted, and encrypted data and RTC timers are returned to reader.
Preferably, in step S3:
S3:Security module also judges whether the RTC time synchronisation times of timing unit reach age threshold, if it is not, then pacifying Full module normal operation, and when reader sends a be-encrypted data to security module, security module calls key that will wait for Encryption data is encrypted, and returns to encrypted data and key allocating time to reader;If so, security module fails, Stop that key is called to be encrypted.
Preferably, time setting instruction also includes a time MAC code obtained according to MAC algorithms;In step sl, safety Module carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out time MAC code correctly, thens follow the steps S2;If It is incorrect, then terminate.
Preferably, in step s3, security module counts once in one secondary key of every calling, and encryption unit adds in return The count value for returning to counter after close when data, is used as transaction sequence number.A kind of parking lot data read-write system is also provided, is wrapped The security module for including reader and being arranged in reader, wherein reader is Lane regulation device.
A kind of security setting method of data read-write system is also provided, is included the following steps:
T1:Reader is arranged to security module sending time to be instructed;
T2:Security module is arranged instruction setting current time according to the time and starts RTC time synchronisations;
T3:When reader sends a be-encrypted data to security module, security module calls key by be-encrypted data The key allocating time generated when being encrypted, and encrypted data and RTC timers are returned to reader.
Wherein, the time setting instruction in step T1 obtains as follows:
T4:Reader sends a time acquisition instruction to a manager, and manager is according to time acquisition instruction to reader Time acquisition is returned as a result, the time obtains in result comprising current time information and the time MAC obtained according to MAC algorithms Code;
T5:Reader obtains result according to the time and sends out time setting instruction to security module, and time setting instruction includes Current time information and time MAC code;
In step T1:Security module carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out the time MAC codes are correct, then follow the steps T2;If incorrect, terminate.
The beneficial effects of the practice of the present invention is:The present invention is increased by the way that current time is arranged and carries out RTC time synchronisations The time writing function for calling key, can effectively reinforce safety and reliability of the security module in data transmission, avoid Artificially distort.
In addition, the present invention generates transaction sequence number by the counting of security module, avoid transaction sequence number by toll collection system Owner deliberately misses the cheating situation with completion transaction record after generation, further improves the reliability of data transmission.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the flow diagram that the data that security module sends reader in the prior art are encrypted;
Fig. 2 is the module diagram of the logical construction of security module and reader in some embodiments of the invention;
Fig. 3 is the brief flow diagram of the security setting method of security module in some embodiments of the invention;
Fig. 4 is the idiographic flow schematic diagram of the security setting method of the security module of some embodiments of the invention;
Fig. 5 is the module diagram of parking lot data read-write system in some embodiments of the invention;
Fig. 6 is the brief flow diagram of the security setting method of data read-write system in some embodiments of the invention;
Fig. 7 is the idiographic flow schematic diagram of the security setting method of the data read-write system of some embodiments of the invention.
Specific implementation mode
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail The specific implementation mode of the present invention.
The security module 100 in some embodiments of the invention, the security module 100 can also be applied to as shown in Figure 2 Other systems are formed in other occasions.The security module 100 is used to carry out safe encryption to data, including Transmit-Receive Unit 10, Encryption unit 20, encrypted initialization unit 30, timing unit 40, failure reset unit 50 and MAC verification units 60.Wherein, it receives Bill member 10 carries out data and instruction interaction with external reader 900;Encryption unit 20 receives Transmit-Receive Unit 10 to be encrypted Data are encrypted;Encrypted initialization unit 30 responds the encrypted initialization instruction that Transmit-Receive Unit 10 receives;Timing list The time setting instruction that member 40 is received according to Transmit-Receive Unit 10 carries out current time setting and timing;Fail reset unit 50 to Control encryption unit 20 stops encryption when the timing time of timing unit 40 reaches age threshold;MAC verification units 60 are to transmitting-receiving The time MAC code that unit 10 receives carries out MAC code checks.
Wherein, Transmit-Receive Unit 10 is used to carry out data and instruction interaction with reader 900, can receive and comes from reader 900 data and instruction, and the data handled through 100 internal element of security module can be sent to reader 900.As choosing It selects, instruction can also be transferred to reader 900 by PSAM card managers, and reader 900 can will also instruct corresponding result to feed back Give PSAM card readers.
Encryption unit 20 is connect with Transmit-Receive Unit 10, for being encrypted, is stored with key.When encryption unit 20 is logical Cross Transmit-Receive Unit 10 and receive the be-encrypted data from reader 900, encryption unit 20 call the key pair be-encrypted data into Row encryption, when then by Transmit-Receive Unit 10 to the RTC timers of the return encrypted data of reader 900 and timing unit 40 The key allocating time of generation.Preferably, a counter is may also include in encryption unit 20, counter is in one secondary key of every calling When count it is primary.Alternatively, the current count value of counter is may also include in encrypted data, which is used as transaction sequence Row number.
Encrypted initialization unit 30, which is used to be instructed according to the encrypted initialization of reader 900, returns to an encrypted initialization result To Transmit-Receive Unit 10, play the role of waking up security module 100.Alternatively, it is initial can also to omit encryption for security module 100 Change unit 30, can wake up by other means or start entire security module 100 and is in running order.
Timing unit 40 is used to carry out time record and on the basis of the current time information in time setting instruction, and will Encryption unit 20 calls the time of key to be returned jointly as key allocating time, and with encrypted data, to prevent outside System distorts the time and practises fraud.In the present embodiment, timing unit 40 may include time setter 41 and RTC timers 42.
Wherein, time setter 41 is connected with Transmit-Receive Unit 10, for current time to be arranged.When Transmit-Receive Unit 10 receives When the time setting instruction arrived, current time is arranged according to the current time information in time setting instruction in time setter 41. It is to be appreciated that when current time is arranged in time setter 41, then when timing unit 40 is carried out on the basis of the current time Between record.Preferably, time setting instruction includes current time information, age threshold and the time MAC obtained according to MAC algorithms Code etc..
RTC timers 42 are connected with time setter 41, for carrying out RTC time synchronisations according to current time, to The key allocating time for calling key to be encrypted every time is provided.
Further, the failure reset unit 50 of the security module 100 can also be reached in the timing time of timing unit 40 When to age threshold so that security module 100 fails, so that encryption unit 20 stops that key is called to be encrypted, into one Step forces the holding of security module 100 to be contacted with 100 manager of security module, so that 100 manager of security module is to safety 100 use state of module is tracked.
Further, the MAC verification units 60 of the security module 100 be used for the time setting instruction time MAC code into Row MAC code checks can proceed with other settings, if incorrect, terminate if verifying out time MAC code correctly.As choosing It selects, MAC verification units 60 can also be used to generate verification MAC codes and be combined with encrypted data to return by Transmit-Receive Unit 10 again, MAC code checks are carried out by reader 900 or manager again, to improve the reliability of communication.
It is to be appreciated that the security module 100 can also omit MAC verification units 60, to simplify the knot of security module 100 Structure.
If Fig. 3 shows the security setting method of security module 100 in Fig. 2 embodiments, in this method, reader first 900 send time setting instruction to security module 100, and security module 100 returns to a result to reader 900;Then, it reads and writes Device 900 sends other instructions further according to the result of return to security module 100, and security module 100 returns to other numbers to reader According to.Wherein, when the usage time of security module 100 is more than age threshold, failure then needs to re-start setting.
To the security setting method further instruction in conjunction with shown in Fig. 4:Reader 900 is sent out to security module 100 first Send time setting instruction, the Transmit-Receive Unit 10 of security module 100 to receive the time setting instruction that reader 900 is sent, this when Between setting instruction include current time information and age threshold (S1).Wherein, current time information is used for as benchmark for peace Full module 100 carries out time record, and age threshold is for after a certain time so that the failure of security module 100, forces safe mould The holding of block 100 is contacted with 100 manager of security module, so that 100 manager of security module uses shape to security module 100 State is tracked.
Wherein, instruction example is:
Time setting instruction:00 00 12+ of 005A (14 byte current time information T1)+(3 byte age threshold T2)
Return to 1:9000
Wherein, 14 byte current time information T1 are BCD formats, YYYYMMDDHHNNSS.Age threshold T2, unit are Second, i.e., the timing since T1 will fail after T2.
Alternatively, in some embodiments, time setting instruction also may include the time obtained according to MAC algorithms MAC codes.The MAC verification units 60 of security module 100 carry out MAC code checks according to MAC algorithms to time MAC code, if verifying out Time MAC code is correct, then allows to continue to execute subsequent step (step shown in Fig. 1);If incorrect, terminate, does not allow to continue Execute subsequent step.
Then, current time is arranged according to current time information in the timing unit 40 of security module 100, and it is same to start RTC Walk timing (S2).Timing unit 40 carries out time record according to current time information and records the time of calling key every time, from And it prevents external system from distorting the time and practises fraud.Wherein, when the time that Transmit-Receive Unit 10 receives instruction being arranged, the time sets It sets device 41 and current time is arranged according to the current time information in time setting instruction.It is to be appreciated that when time setter 41 When current time is arranged, then security module 100 carries out time record on the basis of the current time.RTC timers 42 are according to working as The preceding time carries out RTC time synchronisations.
Finally, the failure reset unit 50 in security module 100 judge timing unit 40 the RTC time synchronisation times whether Reach age threshold, to make security module 100 fail when 42 timing of RTC timers is to age threshold, so that plus Close unit 20 stops that key is called to be encrypted, and security module 100 is further forced to keep carrying out with 100 manager of security module Contact, so that 100 manager of security module is tracked 100 use state of security module.If the RTC time synchronisation times do not reach To age threshold, then 100 normal operation of security module, and in reader 900 be-encrypted data is sent to security module 100 When, the encryption unit 20 of security module 100 calls key that be-encrypted data is encrypted, and returns and encrypt to reader 900 Encryption method as shown in Figure 1 can be used in data afterwards, wherein data encryption process;If reaching age threshold, security module 100 Failure stops that key is called to be encrypted (S3).After security module 100 fails, all state resets of security module 100, peace After complete 100 manager of module must re-call time setting instruction, security module 100 can just work on.
In the embodiment above, in time setting instruction, current time and age threshold are in plain text that there are one for this Determine hidden danger, a wrong time can be arranged to achieve the purpose that cheating in the system of cheating.Therefore, it is alternatively that, at some In embodiment, current time and age threshold can be passed to security module 100 by time setting instruction again after encryption, Security module 100 decrypts current time and age threshold after receiving time setting instruction, and whether verification is correct, if just Really it is arranged accordingly again.
Alternatively, in some embodiments, key attribute can be also changed, a counter attribute is increased, such as:
In key new clothes or update, counter is set to 0.Hereafter application flow is with reference to figure 2, wherein instructing example It is as follows:
For the first time:
Encrypted initialization instructs:801A270108+ (instruction of 8 byte encrypted initializations)
Encrypted initialization responds:9000
Be-encrypted data:80FA020008+ (8 byte be-encrypted data)
Encrypted data:(8 byte encrypted data)+(counter 00000001)+9000
Second:
Encrypted initialization instructs:801A270108+ (instruction of 8 byte encrypted initializations)
Encrypted initialization responds:9000
Be-encrypted data:80FA020008+ (8 byte be-encrypted data)
Encrypted data:(8 byte encrypted data)+(counter 00000002)+9000
Counter in security module 100 counts once in one secondary key of every calling, and encryption unit 20 is returning to encryption The count value of the counter is returned when data afterwards, is used as transaction sequence number, background system or PSAM cards manager will be right Encryption data is verified to examine the authenticity of transaction sequence number.Key new clothes or update hour counter reset are set to 0.
In the above-described embodiments, count value be in plain text, in order to avoid encrypted data by operation system when by business System is distorted, and can generate school by MAC verification units 60 to the encrypted data, key allocating time and count value of return It tests MAC codes and is combined with encrypted data, key allocating time and count value and returned again by Transmit-Receive Unit 10.
Wherein, instruction example is as follows:
Encrypted data:(8 byte encrypted data)+(counter 00000001)+(4 byte MAC)+9000
Wherein MAC algorithms are:By key itself to (8 byte encrypted data)+(counter 00000001)+(4 words 00) section is used standard MAC algorithms to calculate MAC and is obtained.
As Fig. 5 shows that the parking lot data read-write system in some embodiments of the invention, the system include reader 900 and setting reader 900 in, in such as Fig. 2 embodiment security module 100, wherein reader 900 is Lane regulation device.
If Fig. 6 shows the security setting method of data read-write system in the above embodiment of the present invention, in this method, in order to Effectively management security module 100, introduces manager 800.It can be in " timeliness a check key built in the manager 800 (KeyT) ", an identical check key is set in security module 100.First, reader 900 is sent out to manager 800 A time acquisition instruction, manager 800 is sent to return to time acquisition to reader 900 as a result, so according to the time acquisition instruction Afterwards, subsequent step is the same as step shown in Fig. 3.
In conjunction with as shown in fig. 7, in some embodiments, the security setting method of data read-write system includes:Reader first 900 send a time acquisition instruction to manager 800, and manager 800 returns for the moment according to time acquisition instruction to reader 900 Between obtain as a result, the time obtain result in include current time information, age threshold and the time obtained according to MAC algorithms MAC codes (T4).Reader 900 obtains result according to the time and sends out time setting instruction, time setting instruction to security module 100 Including current time information, age threshold and time MAC code (T5).
Wherein, instruction example is as follows:
Time acquisition instruction:0051
Explanation:Time acquisition instruction is not 7816 agreements of standard, only draws an analogy 0051 here.
After 800 time of receipt (T of R) of manager acquisition instruction, obtains current time information and be converted into 14 byte BCD codes (T1), lattice Formula YYYYMMDDHHNNSS, in addition the time-out time (T2) in seconds of 3 bytes, in addition 7 bytes 00, then use KeyT 4 byte MAC codes (M) are calculated to obtain with the MAC algorithms of standard.Then 28 byte results (T1+T2+M) is returned.
Time acquisition instruction result:28 byte result R.
Then, reader 900 is arranged to 100 sending time of security module and instructs, and time setting instruction includes current time Information and an age threshold (T1).Security module 100 carries out MAC code checks according to MAC algorithms to time MAC code, if verifying out Time MAC code is correct, thens follow the steps T2;If incorrect, terminate.
Wherein, instruction example is as follows:
Time setting instruction:00 02 1C+ of 005A (21 byte data R)
Explanation:It is whether correct with same algorithm and key verification MAC after security module 100 receives, if it is correct again into Row setting.02 in instruction represents the key version number of check key.
Return to 1:9000 or other error codes.
Finally, security module 100 is arranged instruction setting current time according to the time and starts RTC time synchronisations (T2).Peace Full module 100 judges whether the RTC time synchronisation times reach age threshold, if it is not, then 100 normal operation of security module, and Reader 900 to security module 100 send a be-encrypted data when, security module 100 call key by be-encrypted data into Row encryption, and return to encrypted data, key allocating time and count value to reader 900;If so, security module 100 is lost Effect stops that key is called to be encrypted (T3).Hereafter security module 100 works normally, after failure in T2 seconds, the return of all instructions Result is 9009, indicates that security module 100 is no longer valid, at this time 100 all state resets of security module, security module 100 Manager can just work on after must re-calling the instruction.Here timeliness parameter, wherein timeliness are obtained by manager 800 Threshold value can be arranged by the tension management systematic unity of manager 800, and toll collection system is avoided arbitrarily to be arranged.Other content and figure Security module 100 is identical in 1 illustrated embodiment, herein without repeating.
In some embodiments, security module can also be not provided with timing unit 10, and counter is only used only, and often call primary close It is counted once when key, encryption unit 20 returns to the count value of the counter when returning to encrypted data, is used as transaction sequence Number, background system or PSAM cards manager will verify encryption data to examine the authenticity of transaction sequence number, this Kind mode can also improve safety to a certain extent.
The above is only a preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-mentioned implementation Example, all technical solutions belonged under thinking of the present invention all belong to the scope of protection of the present invention.It should be pointed out that for the art Those of ordinary skill for, several improvements and modifications without departing from the principles of the present invention, these improvements and modifications Also it should be regarded as protection scope of the present invention.

Claims (7)

1. a kind of security module, including:
Transmit-Receive Unit (10), for carrying out data and instruction interaction with reader (900);And
It is stored with the encryption unit (20) of key, for calling the key pair to come from the number to be encrypted of the reader (900) According to being encrypted, and passes through the Transmit-Receive Unit (10) and return to encrypted data;
It is characterized in that, the security module further includes timing unit (40), the timing unit (40) includes:
The time setter (41) being connected with the Transmit-Receive Unit (10), for what is received according to the Transmit-Receive Unit (10) Time setting instruction setting current time, the time setting instruction includes current time information;And
RTC timers (42) are connected with the time setter (41), for carrying out RTC synchronizations according to the current time Timing;
The encryption unit (20) is additionally operable to the key tune generated when returning to the RTC timers when returning to encrypted data Use the time;
The time setting instruction also includes age threshold, and the security module further includes failure reset unit (50), is used for The security module is made to fail when RTC timers (42) timing is to the age threshold, so that the encryption is single First (20) stop that the key is called to be encrypted, all state resets of the security module;
The encryption unit (20) includes a counter, and the counter counts primary, institute in the primary key of every calling The count value that encryption unit (20) also returns to the counter when returning to encrypted data is stated, transaction sequence number is used as;It is described The counter resets are set to 0 when key new clothes or update.
2. security module according to claim 1, which is characterized in that the time setting instruction also includes one according to MAC The time MAC code that algorithm obtains;The security module further includes MAC verification units (60), for being carried out to the time MAC codes MAC code checks.
3. a kind of security setting method of the security module as described in any one of claim 1 to 2, which is characterized in that including as follows Step:
S1:The security module (100) receives the time setting instruction that the reader (900) sends;
S2:The timing unit (40) of the security module (100) is arranged current time according to the current time information and starts RTC time synchronisations;
S3:When the reader (900) sends a be-encrypted data to the security module (100), the security module (100) it calls key that the be-encrypted data is encrypted, and encrypted data and described is returned to the reader (900) The key allocating time generated when RTC timers;
In the step S3:The security module (100) also judge the timing unit (40) the RTC time synchronisation times whether Reach the age threshold, if it is not, then security module (100) normal operation, and in the reader (900) to described When security module (100) sends a be-encrypted data, the security module (100) calls key to carry out the be-encrypted data Encryption, and return to encrypted data and the key allocating time to the reader (900);If so, the security module (100) it fails, stops that the key is called to be encrypted, all state resets of the security module (100);
In the step S3, the security module (100) counts primary in the primary key of every calling, and the encryption is single First (20) return to the count value of the counter when returning to encrypted data, are used as transaction sequence number;The key new clothes or The counter resets are set to 0 when person's update.
4. the security setting method of security module according to claim 3, which is characterized in that the time setting instruction is also wrapped The time MAC code obtained according to MAC algorithms containing one;In the step S1, the security module (100) is calculated according to the MAC Method carries out MAC code checks to the time MAC codes, if verifying out the time MAC codes correctly, executes the step S2;If It is incorrect, then terminate.
5. a kind of parking lot data read-write system, which is characterized in that including reader (900) and be arranged in the reader (900) interior, such as claim 1 to 2 any one of them security module (100), wherein the reader (900) is that track is managed Manage device (800).
6. a kind of security setting method of parking lot data read-write system as claimed in claim 5, which is characterized in that including such as Lower step:
T1:Reader (900) sends the time setting instruction to the security module (100);
T2:The security module (100) is arranged instruction setting current time according to the time and starts RTC time synchronisations;
T3:When the reader (900) sends a be-encrypted data to the security module (100), the security module (100) it calls key that the be-encrypted data is encrypted, and encrypted data and described is returned to the reader (900) The key allocating time generated when RTC timers;
The security module (100) also judges whether the RTC time synchronisation times of the timing unit (40) reach the timeliness Threshold value, if it is not, then security module (100) normal operation, and in the reader (900) to the security module (100) when sending a be-encrypted data, the security module (100) calls key that the be-encrypted data is encrypted, and Encrypted data and the key allocating time are returned to the reader (900);If so, the security module (100) is lost Effect stops that the key is called to be encrypted, all state resets of the security module (100);
The security module (100) counts once in the primary key of every calling, and the encryption unit (20) adds in return The count value for returning to the counter after close when data, is used as transaction sequence number;The meter when key new clothes or update Number device reset is set to 0.
7. the security setting method of data read-write system according to claim 6, which is characterized in that wherein, the step T1 In the time setting instruction obtain as follows:
T4:The reader (900) sends a time acquisition instruction to a manager (800), and the manager (800) is according to institute It states time acquisition instruction and returns to time acquisition as a result, the time obtains in result comprising described to the reader (900) Current time information and the time MAC code obtained according to MAC algorithms;
T5:The reader (900) obtains result according to the time and sends out the time setting to the security module (100) Instruction, the time setting instruction includes the current time information and the time MAC codes;
In the step T1:The security module (100) carries out MAC codes school according to the MAC algorithms to the time MAC codes It tests, if verifying out the time MAC codes correctly, executes the step T2;If incorrect, terminate.
CN201410546392.1A 2014-10-15 2014-10-15 Security module, parking lot data read-write system and security setting method Active CN104579675B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410546392.1A CN104579675B (en) 2014-10-15 2014-10-15 Security module, parking lot data read-write system and security setting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410546392.1A CN104579675B (en) 2014-10-15 2014-10-15 Security module, parking lot data read-write system and security setting method

Publications (2)

Publication Number Publication Date
CN104579675A CN104579675A (en) 2015-04-29
CN104579675B true CN104579675B (en) 2018-09-07

Family

ID=53094956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410546392.1A Active CN104579675B (en) 2014-10-15 2014-10-15 Security module, parking lot data read-write system and security setting method

Country Status (1)

Country Link
CN (1) CN104579675B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106355657A (en) * 2015-07-19 2017-01-25 深圳成谷科技有限公司 Vehicular electronic tag capable of achieving multi-industry application and implementation method thereof
CN105741117A (en) * 2016-01-25 2016-07-06 恒宝股份有限公司 Method and off-line transaction device based on security key
CN105788007B (en) * 2016-02-25 2018-07-27 上海众人网络安全技术有限公司 A kind of parking management system and its method based on dynamic token
CN105577700B (en) * 2016-03-04 2019-05-21 广州益车益路软件科技有限公司 Vehicle in and out port control system and its control method based on remote cipher key
CN109741180B (en) * 2018-12-26 2021-04-27 中国工商银行股份有限公司 Block chain continuous transaction sequence number generation method and device and block chain network node
CN111223198B (en) * 2020-03-17 2021-06-25 深圳栩峰科技有限公司 ETC-POS processing unit, electronic toll collection system, electronic toll collection method, computing device, and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585478A (en) * 2003-08-20 2005-02-23 王耀 Condition reception assembled controlling method without addressing authorization
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN102129730A (en) * 2010-01-14 2011-07-20 上海峥创电子有限公司 Non-contact CPU (Central Processing Unit) card entrance guard reader
CN102402654A (en) * 2010-09-16 2012-04-04 上海芯邦泰智能科技有限公司 System and method for sharing security module by card readers
CN104063650A (en) * 2014-06-09 2014-09-24 韩晟 Secret key storage device and application method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585478A (en) * 2003-08-20 2005-02-23 王耀 Condition reception assembled controlling method without addressing authorization
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN102129730A (en) * 2010-01-14 2011-07-20 上海峥创电子有限公司 Non-contact CPU (Central Processing Unit) card entrance guard reader
CN102402654A (en) * 2010-09-16 2012-04-04 上海芯邦泰智能科技有限公司 System and method for sharing security module by card readers
CN104063650A (en) * 2014-06-09 2014-09-24 韩晟 Secret key storage device and application method thereof

Also Published As

Publication number Publication date
CN104579675A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN104579675B (en) Security module, parking lot data read-write system and security setting method
US20210049596A1 (en) Resource transfer data management method and apparatus, and storage medium
US7693797B2 (en) Transaction and payment system security remote authentication/validation of transactions from a transaction provider
CN102648471B (en) System and method for hardware based security
RU2537795C2 (en) Trusted remote attestation agent (traa)
CN110443075A (en) A kind of method and device of block chain intelligence contract verifying deployment
US9118643B2 (en) Authentication and data integrity protection of token
CN104363199B (en) Safety certifying method and time synchronous code module based on time synchronized code
CN111027028A (en) Copyright data processing method and device based on intelligent contract
CN102625939A (en) System and method for managing electronic assets
CN103250401A (en) Secure device data records
CN106027250B (en) A kind of ID card information safe transmission method and system
CN109117608A (en) A kind of data processing method, device and relevant device
CN108764909A (en) A kind of block chain data monitoring and managing method
CN109146499A (en) User credit method of adjustment and its device, block chain node based on block chain
CN106027457A (en) Identity card information transmission method and system
Dang et al. Pricing data tampering in automated fare collection with NFC-equipped smartphones
Tamrakar et al. Tapping and Tripping with NFC
CN108460867A (en) Gate control method, device, gate and storage medium
CN109302442A (en) A kind of data storage method of proof and relevant device
CN109146452A (en) A kind of Internet of Things cost management method and system based on block chain
Dang et al. Large-scale invisible attack on AFC systems with NFC-equipped smartphones
CN112286574A (en) Method and device for counting application program versions, terminal equipment and storage medium
CN104574535A (en) PSAM (Purchase Secure Access Module) and management method and system thereof as well as vehicle charge management method and system
CN106845978A (en) IC-card self-cipher input system and IC-card self-cipher input method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant