CN104917614A - Bidirectional verification method and device of intelligent card and acceptance terminal - Google Patents
Bidirectional verification method and device of intelligent card and acceptance terminal Download PDFInfo
- Publication number
- CN104917614A CN104917614A CN201510190998.0A CN201510190998A CN104917614A CN 104917614 A CN104917614 A CN 104917614A CN 201510190998 A CN201510190998 A CN 201510190998A CN 104917614 A CN104917614 A CN 104917614A
- Authority
- CN
- China
- Prior art keywords
- key
- smart card
- accepting terminal
- card
- mac code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a bidirectional verification method of an intelligent card and an acceptance terminal, and a bidirectional verification device of the intelligent card and the acceptance terminal. The method comprises the following steps: the intelligent card verifies whether the acceptance terminal is legal by utilizing an external authentication secret key, and the acceptance terminal verifies whether the intelligent card is true by utilizing an internal authentication secret key; the external authentication secret key and the internal authentication secret key are dispersed from a main secret key by a secret key dispersion dynamic library according to identification information of the intelligent card and a dispersion algorithm; the secret key dispersion dynamic library is distributed to the acceptance terminal or a server of the acceptance terminal in advance through a network, and the main secret key is stored in the secret key dispersion dynamic library; and the secret key dispersion dynamic library can protect the main secret key form being exposed. The method and the device can guarantee safety of the main secret key and be in favor of reducing hardware cost, and updating management of the main secret key is convenient.
Description
Technical field
The present invention relates to information security management technical field, particularly relate to the bi-directional verification method and apparatus of a kind of smart card and accepting terminal.
Background technology
Along with the development of Information Integration technology, smart card is that the live and work of people brings great convenience.
In order to ensure the safety that smart card is concluded the business, all need to carry out bi-directional verification between smart card and smart card accepting terminal when concluding the business generation each time, i.e. the legitimacy of smart card authentication accepting terminal, the true and false of the smart card of accepting terminal checking simultaneously.In bi-directional verification process between smart card and accepting terminal, usually can use card sub-key.In order to ensure the safety of key, the method for key dispersion is preferably adopted to divide hair card sub-key.In this key process for dispersing, the distribution of key generates the sub-key needed for next stage by higher level.Even if sub-key is revealed, the master key of upper level also can not be threatened.
When adopting the method for key dispersion to divide hair card sub-key, in the process of the bi-directional verification of smart card and accepting terminal, each smart card accepting terminal all needs to obtain master key.
All master key can be got to make each smart card accepting terminal, the usual card by the SAM (Secure Access Module, secure access module) storing smart card master key is configured on each smart card accepting terminal or its server at present.In the process of the bi-directional verification of smart card and accepting terminal, smart card accepting terminal gets master key from configuration SAM card thereon or the SAM card be configured in its background server.
Method based on the SAM card distribution smart card of master key and the bi-directional verification of accepting terminal requires every platform accepting terminal or server all need to be provided with SAM card, and therefore the hardware cost of this method is higher.And when the informational needs in SAM card upgrades, then often open SAM card and all will deliver to renewal encryption equipment carrying out information, therefore this information updating method is comparatively complicated, and especially when the quantity of SAM card is more, the complexity of this information updating method is more outstanding.
Therefore, existing based on the SAM card distribution smart card of master key and the bi-directional verification method of accepting terminal, to there is hardware cost high, the problem of difficult management.
Summary of the invention
In view of this, the invention provides the bi-directional verification method and apparatus of a kind of smart card and accepting terminal, with overcome key distribution cost in existing method high, dispose complicated, not manageable defect.
In order to solve the problems of the technologies described above, present invention employs following technical scheme:
A bi-directional verification method for smart card and accepting terminal, described method comprises:
Smart card utilizes external authentication key to verify, and the whether legal and accepting terminal of accepting terminal utilizes the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described accepting terminal or described accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
A bi-directional verification device for smart card and accepting terminal, described device comprises:
First authentication module, verifies that for utilizing external authentication key whether accepting terminal is legal;
Second authentication module, for utilizing the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described accepting terminal or described accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
Compared to prior art, the present invention has following beneficial effect:
In bi-directional verification method between smart card provided by the invention and accepting terminal, master key is packaged into key dispersion dynamic base, key dispersion dynamic base can be protected outside master key is not exposed to, therefore, when the key dispersion dynamic base being packaged with master key being distributed on the background server of each smart card accepting terminal or accepting terminal by network, master key can not be exposed, therefore, by network the key dispersion dynamic base being packaged with master key is distributed to each smart card accepting terminal thus the mode realizing master key to be distributed to each smart card accepting terminal can ensure the safety of master key in network transmission process.
And, in the bi-directional verification method of smart card provided by the invention and accepting terminal, master key can be distributed to the accepting terminal of each smart card by network, without the need to adopting hardware device, in prior art, adopt the ways of distribution of SAM card, method provided by the invention reduces hardware cost.
Further, the bi-directional verification method of the smart card that the embodiment of the present invention provides and accepting terminal is convenient to the renewal of the master key of smart card accepting terminal, this is because: when the master key in smart card accepting terminal or background server needs to upgrade, master key after renewal can become key to disperse dynamic base by Reseal, then by network unification, the key dispersion dynamic base after renewal is distributed on each smart card accepting terminal or background server, key dispersion dynamic base after renewal can cover original key dispersion dynamic base, master key on smart card accepting terminal like this or background server just obtains renewal.Therefore, by the bi-directional verification method of smart card provided by the invention and accepting terminal, avoid in prior art and need the SAM card of every platform smart card accepting terminal to deliver on encryption equipment to re-write the loaded down with trivial details of the master key after renewal, can easily the master key of each smart card accepting terminal be upgraded.
Accompanying drawing explanation
In order to be expressly understood technical scheme of the present invention, the accompanying drawing that description the specific embodiment of the present invention is used is carried out brief description below, apparently, these accompanying drawings are only section Example of the present invention, those of ordinary skill in the art, under the prerequisite not paying creative work, can also obtain other accompanying drawing.
Fig. 1 is that the smart card that the embodiment of the present invention provides utilizes external authentication key to verify accepting terminal whether reasonably signaling diagram;
Fig. 2 is the flow chart of the method for the key dispersion dynamic base dispersion card sub-key that the embodiment of the present invention provides;
Fig. 3 is the signaling diagram that card sub-key is stored on smart card by card maker that the embodiment of the present invention provides;
Fig. 4 is the flow chart that card sub-key that the embodiment of the present invention provides is stored into the method on smart card;
Fig. 5 is the signaling process figure of the method for the smart card accepting terminal checking smart card true and false that the embodiment of the present invention provides;
The structural representation of the smart card payment system that Fig. 6 scene embodiment of the present invention provides;
Fig. 7 is the signaling diagram of the bi-directional verification method of the smart card that provides of scene embodiment of the present invention and accepting terminal;
Fig. 8 is the bi-directional verification apparatus structure schematic diagram of the smart card that provides of the embodiment of the present invention and accepting terminal;
Fig. 9 is the structural representation of the fabrication device that the embodiment of the present invention provides.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with accompanying drawing, clear, complete description is carried out to the specific embodiment of the present invention.Obviously, described embodiment is a part of embodiment of the present invention, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, in the every other embodiment not having to obtain under creative work prerequisite, belong to the scope of protection of the invention.
The bi-directional verification method of the smart card that the embodiment of the present invention provides and accepting terminal comprises:
Smart card utilizes external authentication key to verify, and the whether legal and accepting terminal of accepting terminal utilizes the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described smart card accepting terminal or described smart card accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
It should be noted that, in the embodiment of the present invention, whether smart card authentication accepting terminal is legal does not limit with the sequencing of the true and false of accepting terminal checking smart card.This bi-directional verification method first can verify that whether smart card accepting terminal is legal, then verifies the smart card true and false, or this bi-directional verification method first verifies the true and false of smart card, then verifies that whether smart card accepting terminal is legal.
In bi-directional verification method between smart card provided by the invention and accepting terminal, master key is packaged into key dispersion dynamic base, key dispersion dynamic base can be protected outside master key is not exposed to, therefore, when the key dispersion dynamic base being packaged with master key being distributed on the background server of each smart card accepting terminal or accepting terminal by network, master key can not be exposed, therefore, by network the key dispersion dynamic base being packaged with master key is distributed to each smart card accepting terminal thus the mode realizing master key to be distributed to each smart card accepting terminal can ensure the safety of master key in network transmission process.
And, in the bi-directional verification method of smart card provided by the invention and accepting terminal, master key can be distributed to the accepting terminal of each smart card by network, without the need to adopting hardware device, in prior art, adopt the ways of distribution of SAM card, method provided by the invention reduces hardware cost.
Further, the bi-directional verification method of the smart card that the embodiment of the present invention provides and accepting terminal is convenient to the renewal of the master key of smart card accepting terminal, this is because: when the master key in smart card accepting terminal or background server needs to upgrade, master key after renewal can become key to disperse dynamic base by Reseal, then by network unification, the key dispersion dynamic base after renewal is distributed on each smart card accepting terminal or background server, key dispersion dynamic base after renewal can cover original key dispersion dynamic base, master key on smart card accepting terminal like this or background server just obtains renewal.Therefore, by the bi-directional verification method of smart card provided by the invention and accepting terminal, avoid in prior art and need the SAM card of every platform smart card accepting terminal to deliver on encryption equipment to re-write the loaded down with trivial details of the master key after renewal, can easily the master key of each smart card accepting terminal be upgraded.
First introducing smart card below utilizes external authentication key to verify the embodiment whether accepting terminal is legal.
As a specific embodiment of the present invention, Fig. 1 is that smart card utilizes external authentication key to verify the signaling diagram whether accepting terminal is legal.As shown in Figure 1, smart card utilize external authentication key to verify whether accepting terminal legal specifically comprises the following steps:
S101, smart card accepting terminal obtain the identifying information of smart card:
First it should be noted that, the every sheet smart card described in the embodiment of the present invention carries the identifying information of smart card.Described identifying information can be the card number of smart card, also can be the name of holder, can certainly can identify the identifying information of this smart card for other.In addition, identifying information can also be the combination of multiple number.
When smart card is joint name card, described identifying information can also be made up of membership number and card recognition number.Further, described identifying information can also be made up of main account application sequence number, membership number and card number.From the number that each are different, pick out the numeral on ad-hoc location, the digit groups that these numerals become according to a definite sequence permutation and combination is identifying information.
Wherein, membership number is the number that card sending mechanism distributes to client, and this membership number is for identifying client, and client's this membership number when changing card can not change.Card recognition is number for distinguishing the number of the different cards of same client, and when client changes card, card recognition number can change.
In order to avoid the identifying information that the accepting terminal of unified configuration must be adopted to obtain smart card, in embodiments of the present invention, the identifying information of smart card can be arranged on simultaneously the diverse location of smart card.Such as the identifying information of smart card is printed on the card face of smart card, if when smart card is magnetic stripe card, can also the identifying information of smart card be stored on the magnetic stripe of smart card simultaneously, if when smart card is chip card, can the identifying information of smart card be stored in the chip of smart card again simultaneously.
In order to same sheet smart card can be made to be the accepting terminal identification of different configuration, the smart card that the embodiment of the present invention provides preferably integrates magnetic stripe and chip, and is stored in magnetic stripe and chip by the identifying information of smart card simultaneously.In addition, can also the identifying information of smart card be printed on card simultaneously.
When being printed with the identifying information of smart card on the card face of smart card, the identifying information that described smart card accepting terminal obtains smart card is specially: the identifying information inputting smart card in smart card accepting terminal, thus makes smart card accepting terminal get the identifying information of smart card.
When smart card is provided with magnetic stripe, and the identifying information of smart card is stored in this magnetic stripe, then the identifying information of described smart card accepting terminal acquisition smart card is specially: the magnetic stripe of smart card accepting terminal brush smart card, reads the identifying information of described smart card in described magnetic stripe.Now, smart card accepting terminal needs configuration can the equipment of brush magnetic stripe card.
In addition, when smart card is chip card, and the identifying information of smart card is stored in chip, then the identifying information of described smart card accepting terminal acquisition smart card is specially: smart card accepting terminal reads the smartcard identification information be stored in chip by the chip interface on smart card, thus makes smart card accepting terminal get the identifying information of smart card.Now, smart card accepting terminal needs configuration can read the equipment of chip card.
When smart card integrates magnetic stripe, the chip storing smartcard identification information, and the identifying information of smart card is printed on Ka Mianshang, then smart card accepting terminal can adopt its respective technological means to obtain the identifying information of smart card, this smart card eliminates the requirement to accepting terminal configuration, is conducive to applying of smart card.
Further, because chip card has hardware encipher structure, can use as encryption devices, and its special software architecture-COS (Chip Operation System) is again for data store and operation provides higher fail safe, can be used for the storage of small lot data.Therefore, the smart card described in the embodiment of the present invention is preferably chip card.
It should be noted that, the smart card accepting terminal described in the embodiment of the present invention can being POS terminal, can also, for connecting the computer software of card reader, can being again the client of the mobile terminal of use NFC function.Further, these smart card accepting terminal can for being configured in and the accepting terminal in the businessman of card sending mechanism cooperation, also can for being configured in the accepting terminal in card sending mechanism.When smart card accepting terminal is the accepting terminal be configured in card sending mechanism, this smart card accepting terminal can also for for testing the whether correct inspection software of the smart card that sends.In addition, this inspection software also can be configured in businessman inside.
Described identifying information is sent to key dispersion dynamic base by S102, smart card accepting terminal.
It should be noted that, in the bi-directional verification method of the smart card described in the embodiment of the present invention and accepting terminal, Key Issuance adopts key process for dispersing.Specifically, Key Issuance generates sub-key needed for next stage by higher level.The object of key dispersion, even if certain sub-key has been revealed, that also can not the safety of Threat Management master key, because cannot derive master key from sub-key and separate data, improves the fail safe of system, reduce security risk and management cost.
In embodiments of the present invention, master key is packaged into key dispersion dynamic base, stores master key in key dispersion dynamic base, and key dispersion dynamic base can be protected outside master key is not exposed to, therefore, key dispersion dynamic base can ensure the safety of master key.
In addition, in bi-directional verification method between the smart card provided in the embodiment of the present invention and accepting terminal, key dispersion dynamic stock is at twice key distribution, the card sub-key being divided the different intelligent card that sheds by decentralized algorithm from the master key of key dispersion dynamic base is needed when being once card personalization in card production course, and be written in smart card, once the card sub-key restoring smart card in smart card acceptance procedure according to the identifying information of the smart card obtained from key dispersion dynamic base in addition, and use it for reading or the renewal of data in smart card.Described card sub-key comprises external authentication key and internal authentication key.
S103, key dispersion dynamic base divides the external authentication key of the smart card that sheds according to described identifying information and decentralized algorithm from the master key of key dispersion dynamic base:
In embodiments of the present invention, identifying information is sent to key dispersion dynamic base by smart card accepting terminal, and this identifying information is as the plaintext input of key dispersion dynamic base.In addition, in the card structure of smart card, be also provided with the Ciphering Key Sequence Number of dissimilar key, key dispersion dynamic base can select master key according to Ciphering Key Sequence Number, and this master key is as the key of cryptographic algorithm.Then, after key dispersion dynamic base receives identifying information Ciphering Key Sequence Number, using identifying information as key dispersion factor, then key dispersion dynamic base selects corresponding master key according to key dispersion factor, this master key is as the key of cryptographic algorithm as 3DES algorithm, and last key dispersion dynamic base calculates the external authentication key of smart card according to this key and cryptographic algorithm.
Due in smart card acceptance procedure, smart card needs whether checking accepting terminal is legal terminal, and accepting terminal also will verify the true and false of smart card simultaneously.Therefore, each smart card accepting terminal or background server are all configured with key dispersion dynamic base, the key dispersion dynamic base being configured in each smart card accepting terminal is sent to by network on the background server of each accepting terminal or accepting terminal, because key dispersion is outside dynamic base can ensure that the master key stored in it is not exposed to, so, by network, the key dispersion dynamic base storing master key is sent to each accepting terminal, can not impacts the fail safe of master key.
As shown in Figure 2, step S103 specifically comprises the following steps:
S1031, key dispersion dynamic base selects master key according to Ciphering Key Sequence Number, the key as cryptographic algorithm:
It should be noted that, in embodiments of the present invention, described cryptographic algorithm can be 3DES algorithm.
The plaintext of described identifying information as cryptographic algorithm inputs by S1032, key dispersion dynamic base:
As a specific embodiment of the present invention, described identifying information can be made up of the main account application sequence of smart card number, the last two digits of card number of smart card, membership number, and the plaintext last to main account application sequence number, card number two and membership number coupled together in a certain order as cryptographic algorithm inputs.
S1033, key dispersion dynamic base calculates external authentication key according to described master key and cryptographic algorithm.
In the method for the dispersion card sub-key shown in Fig. 2, just obtain external authentication key by a secondary key dispersion.In fact, as another one embodiment of the present invention, described external authentication key can also comprise Part I and Part II, wherein Part I key is the card sub-key that key dispersion dynamic base obtains according to the first tactic identifying information and master key calculation, and Part II key is the card sub-key that key dispersion dynamic base obtains according to the second tactic identifying information and master key calculation.Part I key and Part II key are connected in series in certain sequence thus form external authentication key.Wherein, the first order is different with the second order, and both can be contrary order.
The external authentication key that its point sheds by S104, key dispersion dynamic base is sent to smart card accepting terminal.
S105, smart card accepting terminal send the instruction obtaining random number to smart card:
S106, smart card return the first random number to accepting terminal after receiving the instruction obtaining random number:
S107, accepting terminal utilize external authentication key to calculate a MAC code to the first random number, and a MAC code character is dressed up external authentication instruction, then this external authentication instruction are sent to smart card:
After S108, smart card receive external authentication instruction, intercept the MAC code in described external authentication instruction, the external authentication key utilizing smart card self to store calculates the 2nd MAC code to the first random number:
It should be noted that, the smart card memory described in the embodiment of the present invention contains external authentication key, and the external authentication key in key dispersion dynamic base is symmetric key with the external authentication key be stored in smart card.
Whether S109, smart card compare a MAC code consistent with the 2nd MAC code, and when a MAC code is consistent with the 2nd MAC code, accepting terminal is legal terminal, when a MAC code and the 2nd MAC code inconsistent time, accepting terminal is illegal terminal:
Because a MAC code utilizes point MAC code that the external authentication key shed calculates random number in key dispersion dynamic base, the 2nd MAC code is the MAC code that the external authentication key utilizing smart card self to store adopts same computational methods to calculate to same random number.If a MAC code is consistent with the 2nd MAC code, then illustrate that point external authentication key that the external authentication key and smart card self shed stores is consistent in key dispersion dynamic base, two keys are symmetric key, and then also just illustrate that smart card accepting terminal is legal terminal.Otherwise, when a MAC code and the 2nd MAC code inconsistent time, smart card accepting terminal is illegal terminal.
After determining that accepting terminal is legal terminal, can also comprise the following steps:
S110, when smart card accepting terminal is legal terminal, smart card performs operation corresponding to described external authentication instruction, and returns status indicator corresponding to described operation to accepting terminal.
If S111 status indicator is correct, smart card allows accepting terminal to carry out read-write operation to described smart card.
The embodiment whether the smart card authentication accepting terminal provided for the embodiment of the present invention is above legal.
As a specific embodiment of the present invention, described smart card can be chip card, and the COS security system of chip card can carry out internal calculation, thus judges whether accepting terminal is legal terminal.
It should be noted that, the smartcard internal described in the embodiment of the present invention stores the card sub-key of this smart card.As shown in Figure 3, the method that described card sub-key is stored on smart card specifically comprises the following steps:
S301, card maker obtain the identifying information of smart card:
As a specific embodiment of the present invention, described identifying information can be made up of the main account application sequence of smart card number, the last two digits of card number of smart card, membership number, and the plaintext last to main account application sequence number, card number two and membership number coupled together in a certain order as cryptographic algorithm inputs.
Described identifying information is sent to key dispersion dynamic base by S302, card maker.
S303, key dispersion dynamic base selects corresponding master key according to described identifying information, and described master key is as the key of cryptographic algorithm.
S304, key dispersion dynamic base calculates card sub-key according to described master key and cryptographic algorithm.
Card sub-key is sent to card maker by S305, key dispersion dynamic base.
Card sub-key is stored on smart card after receiving the card sub-key disperseing dynamic base to send by key by S306, card maker:
As a specific embodiment of the present invention, described being stored on smart card by card sub-key specifically comprises the following steps: create directory file; Create the key file under described catalogue file; Card sub-key is write in described key file.
How card sub-key is stored on smart card, illustrate for the application example of blank card below to be expressly understood.As shown in Figure 4, this storage means comprises the following steps:
S401, establishment MF catalogue file:
Key file under S402, establishment MF catalogue file:
S403, in key file, add MAC mode with ciphertext write card master control key and card maintenance key:
S404, set up DIR catalogue file, write catalogue data:
S405, establishment ADF catalogue file:
Key file under S406, establishment ADF catalogue:
S407, in key file, add with ciphertext that MAC mode writes application master control key, applicating maintenance key, PIN Personal Unlocking Key, PIN reset key, external authentication key, internal authentication key, individual PIN.
S408, establishment 3 EF files.
S409, end create structure.
Introduce the embodiment of the smart card accepting terminal checking smart card true and false below.As shown in Figure 5, the method for the smart card accepting terminal checking smart card true and false comprises the following steps:
S501, smart card accepting terminal obtain the identifying information of smart card:
This step is identical with the step S101 described in Fig. 1, for the sake of brevity, is not described in detail at this.
Described identifying information is sent to key dispersion dynamic base by S502, smart card accepting terminal.
S503, described key dispersion dynamic base divides the internal authentication key of the smart card that sheds from master key according to described identifying information and decentralized algorithm.
S504, smart card accepting terminal generate the second random number after receiving internal authentication key, and this second random number is assembled into internal authentication instruction, and this internal authentication instruction is sent to smart card:
After S505, smart card receive internal authentication instruction, the second random number in internal authentication instruction described in the internal authentication double secret key using smart card self to store calculates the 3rd MAC code, and the 3rd MAC code is back to accepting terminal:
After S506, accepting terminal receive the 3rd MAC code, the second random number utilizing step S503 to disperse to generate in the internal authentication double secret key step S504 obtained calculates the 4th MAC code:
Whether S507, accepting terminal compare the 3rd MAC code consistent with the 4th MAC code, and when the 3rd MAC code is consistent with the 4th MAC code, smart card is true card, when the 3rd MAC code and the 4th MAC code inconsistent time, smart card is pseudo-card.
It is more than the embodiment of the smart card accepting terminal checking smart card true and false.
It should be noted that, in the bi-directional verification method of the smart card described in the embodiment of the present invention and accepting terminal, its checking order can be: smart card first verifies the legitimacy of accepting terminal, after determining that accepting terminal is legal terminal, accepting terminal verifies the true and false of smart card again, thus completes the bi-directional verification of smart card and accepting terminal.In fact, as the expansion of the embodiment of the present invention, also can adopt following checking order: accepting terminal first verifies the true and false of smart card, smart card to be determined is that after true card, smart card verifies the legitimacy of accepting terminal again.In short, in the embodiment of the present invention, do not limit the sequencing of the smart card true and false and accepting terminal legitimate verification.
Need to further illustrate, when smart card accepting terminal is the accepting terminal in businessman, the bi-directional verification method of the smart card described in above-described embodiment one and accepting terminal is applied to key distribution when businessman accepts smart card and smart card authentication process.
When smart card accepting terminal is inspection software, the bi-directional verification method of the smart card described in above-described embodiment and accepting terminal is applied to tests the whether correct process of the card that sends.
In order to be expressly understood the bi-directional verification method of the smart card that the embodiment of the present invention provides and accepting terminal, the bi-directional verification method of smart card provided by the invention and accepting terminal is clearly described below using the bi-directional verification method being applied in smart card in smart card payment system and accepting terminal as scene embodiment.
Scene embodiment
Before introducing the bi-directional verification method of smart card and the accepting terminal be applied in smart card payment system, first introduce the lower smart card payment system supporting the bi-directional verification method of smart card provided by the invention and accepting terminal.
As shown in Figure 6, this smart card payment system relates to bank 61, accepting terminal 62 and key dispersion dynamic base 63.Wherein, bank 61 as the card sending mechanism of smart card and fabrication mechanism, accepting terminal 62 for being located at the smart card accepting terminal of trade company one side, on the background server that key dispersion dynamic base 63 is configured in trade company or in each accepting terminal.When key dispersion dynamic base 63 is configured on the background server of trade company, each accepting terminal of this trade company all can access key dispersion dynamic base 63.It should be noted that, in this smart card payment system, accepting terminal 62 can be multiple, and these accepting terminal can for belonging to the accepting terminal of same trade company, also can for belonging to the accepting terminal of different trade company.
Wherein, communicated by real-time performance between bank 61 with accepting terminal 62, thus bank 61 can be made to disperse dynamic base 63 to be sent to accepting terminal 62 key by network.
Can be identified by accepting terminal 62 in order to the bank card issued by bank 61 can be made, bank 61 sets up cooperative relationship with this trade company in advance, and some information by the client holding this row bank card being sent to trade company's end, the customer information being sent to trade company's end by bank can make trade company hold identification bank card and the rank obtaining bank card etc.So, when the bank card by this issued by banks goes to trade company to consume, the accepting terminal of trade company can identify this bank card, and can give certain preferential according to the rank of this bank card.
In addition, according to the algorithm of its inside, bank card also can verify whether accepting terminal is legal terminal, the bi-directional verification between bank card and accepting terminal, bank card can identify by accepting terminal, and then bank card user can be consumed in this trade company.
Therefore utilize this smart card payment system provided by the invention, as long as have cooperation between bank and trade company, client just can utilize the Duo Jia trade company that a bank card is being cooperated with this bank to consume.So client is without the need to handling multiple bank cards.Thus, this smart card payment system is utilized also to eliminate the trouble needing to handle multiple bank cards.
And utilize smart card payment system provided by the invention, achieve and first cooperate by expanding with trade company after card sending mechanism hair fastener, and card sending mechanism has control completely in the card of distribution.
Fig. 7 is the signaling diagram of the bi-directional verification method being applied to smart card in smart card payment system and accepting terminal.As shown in Figure 7, the bi-directional verification method of this smart card and accepting terminal comprises the following steps:
The accepting terminal of S701, trade company obtains the identifying information of bank card:
The accepting terminal of trade company obtains the identifying information of bank card according to its technological means.In order to avoid the identifying information adopting unified mode to obtain bank card, in embodiments of the present invention, the identifying information of bank card can be arranged on simultaneously the diverse location of bank card.Such as the identifying information of bank card is printed on the card face of bank card, if when bank card is magnetic stripe card, can also the identifying information of bank card be stored on the magnetic stripe of bank card simultaneously, if when bank card is chip card, can the identifying information of bank card be stored in the chip of bank card again simultaneously.
In order to same bank card can be made to be different accepting terminal identification, the bank card that the embodiment of the present invention provides preferably integrates magnetic stripe and chip, and is stored in magnetic stripe and chip by the identifying information of bank card simultaneously.In addition, can also the identifying information of bank card be printed on card simultaneously.
Described identifying information is sent to key dispersion dynamic base by S702, accepting terminal.
Due on the background server that the key dispersion dynamic base being packaged with master key is distributed to trade company by card sending mechanism in advance or in every platform accepting terminal of trade company, and when key dispersion dynamic base is distributed on the background server of trade company, every platform accepting terminal and the key be configured on background server of trade company disperse dynamic base to communicate to connect.
S703, key dispersion dynamic base divides the external authentication key of the bank card that sheds according to identifying information and decentralized algorithm from the master key of key dispersion dynamic base:
Accepting terminal divides the external authentication key of the bank card that sheds according to its identifying information obtained and decentralized algorithm from the master key of key dispersion dynamic base.
The external authentication key that its point sheds by S704, key dispersion dynamic base is sent to accepting terminal.
S705, smart card accepting terminal send the instruction obtaining random number to bank card.
S706, bank card return the first random number to accepting terminal after receiving the instruction obtaining random number.
S707, accepting terminal utilize external authentication key to calculate a MAC code to the first random number, and a MAC code character is dressed up external authentication instruction, then this external authentication instruction are sent to bank card:
After S708, bank card receive external authentication instruction, intercept the MAC code in described external authentication instruction, the external authentication key utilizing bank card self to store calculates the 2nd MAC code to random number:
It should be noted that, in the bank card described in the embodiment of the present invention, store external authentication key, and the external authentication key in key dispersion dynamic base is symmetric key with the external authentication key be stored in smart card.Further, external authentication key was stored in bank card in the fabrication stage by the external authentication key be stored in bank card.
Whether S709, bank card compare a MAC code consistent with the 2nd MAC code, and when a MAC code is consistent with the 2nd MAC code, accepting terminal is legal terminal, when a MAC code and the 2nd MAC code inconsistent time, accepting terminal is illegal terminal:
S710, when the accepting terminal of trade company is legal terminal, smart card accepting terminal obtains the identifying information of smart card again:
Described identifying information is sent to key dispersion dynamic base by S711, smart card accepting terminal again, disperses dynamic base from master key, to divide the internal authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
S712, smart card accepting terminal, after receiving internal authentication key, generate the second random number, and this second random number is assembled into internal authentication instruction, and this internal authentication instruction is sent to smart card:
After S713, smart card receive internal authentication instruction, the second random number in internal authentication instruction described in the internal authentication double secret key using smart card self to store calculates the 3rd MAC code, and the 3rd MAC code is back to accepting terminal:
After S714, accepting terminal receive the 3rd MAC code, the second random number utilizing step S711 to disperse to generate in the internal authentication double secret key step S712 obtained calculates the 4th MAC code:
Whether S715, accepting terminal compare the 3rd MAC code consistent with the 4th MAC code, and when the 3rd MAC code is consistent with the 4th MAC code, smart card is true card, when the 3rd MAC code and the 4th MAC code inconsistent time, smart card is pseudo-card.
In addition, after smart card authentication accepting terminal is legal terminal, the bi-directional verification method that scene embodiment of the present invention provides can also comprise the following steps:
S716, when smart card terminal is legal terminal, smart card performs operation corresponding to described external authentication instruction, and returns status indicator corresponding to described operation to accepting terminal.
If S717 status indicator is correct, smart card allows accepting terminal to carry out read operation to described smart card.
After bi-directional verification between bank card and the accepting terminal of trade company is passed through; when accepting terminal can read the cryptographic key protection data in bank card; the grade of bank card holder can be found, thus make accepting terminal provide different preferential, discount and service to client.
When accepting terminal is the accepting terminal of card sending mechanism mandate; after bi-directional verification between bank card and the accepting terminal of trade company is passed through; this mandate accepting terminal can also upgrade the cryptographic key protection data in bank card; that is, accepting terminal is authorized can also to perform write operation instruction to bank card.
Above for being applied to the bi-directional verification method between smart card in the smart card payment system of intelligent card payment technical field and accepting terminal.
The bi-directional verification method of the smart card provided based on above-described embodiment and accepting terminal, the embodiment of the present invention additionally provides the bi-directional verification device of smart card and accepting terminal.Specifically see following examples.
Fig. 8 is the structural representation of the bi-directional verification device of the smart card that provides of the embodiment of the present invention and accepting terminal.As shown in Figure 8, it comprises:
First authentication module 81, verifies that for utilizing external authentication key whether accepting terminal is legal;
Second authentication module 82, for utilizing the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described smart card accepting terminal or described smart card accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
By the device shown in Fig. 8; the master key used in the bi-directional verification process of this smart card and accepting terminal is encapsulated in key dispersion dynamic base; because key dispersion dynamic base can be protected outside master key is not exposed to; therefore, by network the key dispersion dynamic base being packaged with master key is distributed to each smart card accepting terminal thus the mode realizing master key to be distributed to each smart card accepting terminal can ensure the safety of master key in network transmission process.
And in the bi-directional verification device of smart card provided by the invention and accepting terminal, on the accepting terminal that master key can be distributed to each smart card by network or its background server, without the need to adopting hardware device, in prior art, adopt the ways of distribution of SAM card, device provided by the invention reduces hardware cost.
Further, the device that the embodiment of the present invention provides is convenient to the renewal of the master key of smart card accepting terminal, this is because: when the master key of smart card accepting terminal needs to upgrade, master key Reseal after renewal can become key to disperse dynamic base by key dispersal device, then by network unification, the key dispersion dynamic base after renewal is distributed to each smart card accepting terminal, the master key of smart card accepting terminal like this just obtains renewal.Therefore, by method provided by the invention, avoid in prior art and need the SAM card of every platform smart card accepting terminal to deliver on encryption equipment to re-write the loaded down with trivial details of the master key after renewal, can easily the master key of each smart card accepting terminal be upgraded.
As a specific embodiment of the present invention, described first authentication module 81 comprises:
First acquisition module 811, for obtaining the identifying information of smart card;
First sending module 812, for described identifying information being sent to key dispersion dynamic base, disperses dynamic base from master key, to divide the external authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Second sending module 813, after receiving in accepting terminal and dividing the external authentication key of the smart card shed from described key dispersion dynamic base, sends the instruction obtaining random number to described smart card;
3rd sending module 814, for receive described acquisition random number at smart card instruction after, return the first random number to described accepting terminal;
First processing module 815, for utilizing external authentication key to calculate a MAC code to described first random number, and dressing up external authentication instruction by a described MAC code character, then described external authentication instruction being sent to described smart card;
First computing module 816, after receiving described external authentication instruction at described smart card, intercepts the MAC code in described external authentication instruction, and the external authentication key utilizing described smart card self to store calculates the 2nd MAC code to described first random number:
First comparison module 817, whether consistent with described 2nd MAC code for a more described MAC code, when a described MAC code is consistent with described 2nd MAC code, described accepting terminal is legal terminal, when a described MAC code and described 2nd MAC code inconsistent time, described accepting terminal is illegal terminal.
Further, above-mentioned first authentication module 81 can also comprise:
External authentication instruction executable operations module 818, for when described accepting terminal is legal terminal, performs the operation that described external authentication instruction is corresponding, and returns status indicator corresponding to described operation to described accepting terminal; If status indicator is correct, smart card allows accepting terminal to carry out read-write operation to described smart card.
As a specific embodiment of the present invention, described second authentication module 82 comprises:
Second acquisition module 821, for obtaining the identifying information of smart card;
4th sending module 822, for described identifying information being sent to key dispersion dynamic base, disperses dynamic base from master key, to divide the internal authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Second processing module 823, generates the second random number after receiving internal authentication key in accepting terminal, and described second random number is assembled into internal authentication instruction, and described internal authentication instruction is sent to described smart card;
Second computing module 824, for receive described internal authentication instruction at smart card after, the second random number in internal authentication instruction described in the internal authentication double secret key using smart card self to store calculates the 3rd MAC code, and described 3rd MAC code is back to accepting terminal;
3rd computing module 825, for receive described 3rd MAC code in accepting terminal after, utilizes the second random number described in point internal authentication double secret key shed from key dispersion dynamic base to calculate the 4th MAC code;
Second comparison module 826, whether consistent with described 4th MAC code for more described 3rd MAC code, when described 3rd MAC code is consistent with described 4th MAC code, described smart card is true card, when described 3rd MAC code and described 4th MAC code inconsistent time, described smart card is pseudo-card.
As a specific embodiment of the present invention, described smart cards for storage has card sub-key, as shown in Figure 9, is comprised by the fabrication device that described card sub-key is stored on described smart card:
Acquiring unit 91, for obtaining the identifying information of smart card;
Transmitting element 92, for described identifying information being sent to key dispersion dynamic base, to make described key disperse dynamic base to select corresponding master key according to described identifying information, then obtains card sub-key according to described master key calculation;
Receiving element 93, for receiving the described card sub-key disperseing dynamic base to send by described key;
Memory cell 94, for being stored into described smart card by described card sub-key.
Further, described memory cell 94 comprises:
First creating unit 941, for the file that creaties directory;
Second creating unit 942, for creating the key file under described catalogue file;
Write cipher key unit 943, for writing card sub-key in described key file.
Be more than the preferred embodiments of the present invention; it should be pointed out that for the person of ordinary skill of the art, under the prerequisite not departing from inventive concept of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (15)
1. a bi-directional verification method for smart card and accepting terminal, is characterized in that, described method comprises:
Smart card utilizes external authentication key to verify, and the whether legal and accepting terminal of accepting terminal utilizes the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described accepting terminal or described accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
2. method according to claim 1, is characterized in that, described smart card utilize external authentication key to verify whether accepting terminal legal specifically comprises:
Accepting terminal obtains the identifying information of smart card;
Described identifying information is sent to key dispersion dynamic base by accepting terminal, disperses dynamic base from master key, to divide the external authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Accepting terminal sends the instruction obtaining random number after receiving and dividing the external authentication key of the smart card shed from described key dispersion dynamic base to described smart card;
Smart card returns the first random number to described accepting terminal after receiving the instruction of described acquisition random number;
Described accepting terminal utilizes external authentication key to calculate a MAC code to described first random number, and a described MAC code character is dressed up external authentication instruction, then described external authentication instruction is sent to described smart card:
After described smart card receives described external authentication instruction, intercept the MAC code in described external authentication instruction, the external authentication key utilizing described smart card self to store calculates the 2nd MAC code to described first random number:
Whether the more described MAC code of described smart card is consistent with described 2nd MAC code, when a described MAC code is consistent with described 2nd MAC code, described accepting terminal is legal terminal, when a described MAC code and described 2nd MAC code inconsistent time, described accepting terminal is illegal terminal.
3. method according to claim 2, is characterized in that, when described accepting terminal is legal terminal, described smart card performs operation corresponding to described external authentication instruction, and returns status indicator corresponding to described operation to described accepting terminal; If status indicator is correct, smart card allows accepting terminal to carry out read-write operation to described smart card.
4. the method according to any one of claim 1-3, is characterized in that, described accepting terminal utilizes the true and false of internal authentication key authentication smart card specifically to comprise:
Accepting terminal obtains the identifying information of smart card;
Described identifying information is sent to key dispersion dynamic base by accepting terminal, disperses dynamic base from master key, to divide the internal authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Accepting terminal generates the second random number after receiving described internal authentication instruction, and described second random number is assembled into internal authentication instruction, and described internal authentication instruction is sent to described smart card;
After smart card receives described internal authentication instruction, the second random number in internal authentication instruction described in the internal authentication double secret key using smart card self to store calculates the 3rd MAC code, and described 3rd MAC code is back to accepting terminal:
After accepting terminal receives described 3rd MAC code, the second random number described in point internal authentication double secret key shed from key dispersion dynamic base is utilized to calculate the 4th MAC code;
Whether the more described 3rd MAC code of accepting terminal is consistent with described 4th MAC code, when described 3rd MAC code is consistent with described 4th MAC code, described smart card is true card, when described 3rd MAC code and described 4th MAC code inconsistent time, described smart card is pseudo-card.
5. method according to claim 1, is characterized in that, described smart card memory contains card sub-key, and described card sub-key comprises external authentication key and internal authentication key, and the method that described card sub-key is stored on described smart card comprises:
Obtain the identifying information of smart card;
Described identifying information is sent to key dispersion dynamic base, to make described key disperse dynamic base to select corresponding master key according to described identifying information, then obtains card sub-key according to described master key calculation:
Receive the described card sub-key disperseing dynamic base to send by described key;
Described card sub-key is stored on described smart card.
6. method according to claim 5, is characterized in that, described being stored on described smart card by described card sub-key comprises:
Create directory file;
Create the key file under described catalogue file;
Card sub-key is write in described key file.
7. the method according to any one of claim 1-3, is characterized in that, described smart card is provided with magnetic stripe, stores the identifying information of smart card in described magnetic stripe, and the identifying information that described accepting terminal obtains smart card specifically comprises:
Accepting terminal reads the identifying information of described smart card in described magnetic stripe.
8. method according to claim 1, is characterized in that, described smart card is provided with chip, stores the identifying information of smart card in described chip, and the identifying information that described accepting terminal obtains smart card specifically comprises:
Accepting terminal reads the identifying information of described smart card in described chip.
9. method according to claim 1, is characterized in that, described smart card comprises card recognition number, and the identifying information that described accepting terminal obtains smart card specifically comprises:
The identifying information of smart card is obtained by reading described card recognition number.
10. a bi-directional verification device for smart card and accepting terminal, is characterized in that, described device comprises:
First authentication module, verifies that for utilizing external authentication key whether accepting terminal is legal;
Second authentication module, for utilizing the true and false of internal authentication key authentication smart card;
Described external authentication key and described internal authentication key are all that key dispersion dynamic base disperses out from master key according to the identifying information of smart card and decentralized algorithm; Described key dispersion dynamic base is dispensed in advance by network on the server of described accepting terminal or described accepting terminal, stores described master key in described key dispersion dynamic base; Described key dispersion dynamic base can protect described master key not expose.
11. devices according to claim 10, is characterized in that, described first authentication module comprises:
First acquisition module, for obtaining the identifying information of smart card;
First sending module, for described identifying information being sent to key dispersion dynamic base, disperses dynamic base from master key, to divide the external authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Second sending module, after receiving in accepting terminal and dividing the external authentication key of the smart card shed from described key dispersion dynamic base, sends the instruction obtaining random number to described smart card;
3rd sending module, for receive described acquisition random number at smart card instruction after, return the first random number to described accepting terminal;
First processing module, for utilizing external authentication key to calculate a MAC code to described first random number, and dressing up external authentication instruction by a described MAC code character, then described external authentication instruction being sent to described smart card;
First computing module, after receiving described external authentication instruction at described smart card, intercepts the MAC code in described external authentication instruction, and the external authentication key utilizing described smart card self to store calculates the 2nd MAC code to described first random number:
First comparison module, whether consistent with described 2nd MAC code for a more described MAC code, when a described MAC code is consistent with described 2nd MAC code, described accepting terminal is legal terminal, when a described MAC code and described 2nd MAC code inconsistent time, described accepting terminal is illegal terminal.
12. devices according to claim 11, is characterized in that, also comprise:
External authentication instruction executable operations module, for when described accepting terminal is legal terminal, performs the operation that described external authentication instruction is corresponding, and returns status indicator corresponding to described operation to described accepting terminal; If status indicator is correct, smart card allows accepting terminal to carry out read-write operation to described smart card.
13. devices according to any one of claim 10-12, it is characterized in that, described second authentication module specifically comprises:
Second acquisition module, for obtaining the identifying information of smart card;
4th sending module, for described identifying information being sent to key dispersion dynamic base, disperses dynamic base from master key, to divide the internal authentication key of the smart card that sheds according to described identifying information and decentralized algorithm to make described key;
Second processing module, after receiving described internal authentication key in described accepting terminal, generates the second random number, and described second random number is assembled into internal authentication instruction, and described internal authentication instruction is sent to described smart card;
Second computing module, for receive described internal authentication instruction at smart card after, the second random number in internal authentication instruction described in the internal authentication double secret key using smart card self to store calculates the 3rd MAC code, and described 3rd MAC code is back to accepting terminal:
3rd computing module, for receive described 3rd MAC code in accepting terminal after, utilizes the second random number described in point internal authentication double secret key shed from key dispersion dynamic base to calculate the 4th MAC code;
Second comparison module, whether consistent with described 4th MAC code for more described 3rd MAC code, when described 3rd MAC code is consistent with described 4th MAC code, described smart card is true card, when described 3rd MAC code and described 4th MAC code inconsistent time, described smart card is pseudo-card.
14. devices according to claim 13, is characterized in that, described smart cards for storage has card sub-key, are comprised by the fabrication device that described card sub-key is stored on described smart card:
Acquiring unit, for obtaining the identifying information of smart card;
Transmitting element, for described identifying information being sent to key dispersion dynamic base, to make described key disperse dynamic base to select corresponding master key according to described identifying information, then obtains card sub-key according to described master key calculation;
Receiving element, for receiving the described card sub-key disperseing dynamic base to send by described key;
Memory cell, for being stored into described smart card by described card sub-key.
15. devices according to claim 14, is characterized in that, described memory cell comprises:
First creating unit, for the file that creaties directory;
Second creating unit, for creating the key file under described catalogue file;
Write cipher key unit, for writing card sub-key in described key file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510190998.0A CN104917614A (en) | 2015-04-21 | 2015-04-21 | Bidirectional verification method and device of intelligent card and acceptance terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510190998.0A CN104917614A (en) | 2015-04-21 | 2015-04-21 | Bidirectional verification method and device of intelligent card and acceptance terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104917614A true CN104917614A (en) | 2015-09-16 |
Family
ID=54086346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510190998.0A Pending CN104917614A (en) | 2015-04-21 | 2015-04-21 | Bidirectional verification method and device of intelligent card and acceptance terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104917614A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245333A (en) * | 2015-10-26 | 2016-01-13 | 福建新大陆电脑股份有限公司 | Multi-application smart card key management method and multi-application smart card key management system |
| CN105516182A (en) * | 2015-12-30 | 2016-04-20 | 深圳市正东源科技有限公司 | Bidirectional authentication method and system used between smart card and reader-writer |
| CN105608775A (en) * | 2016-01-27 | 2016-05-25 | 大唐微电子技术有限公司 | Authentication method, terminal, access control card and SAM card |
| CN106055931A (en) * | 2016-05-18 | 2016-10-26 | 北京芯盾时代科技有限公司 | Software security component system of mobile terminal and secret key system used for system |
| CN106846664A (en) * | 2016-12-28 | 2017-06-13 | 广州智慧城市发展研究院 | A kind of financial IC card circle deposits circle and puies forward test system |
| CN106844199A (en) * | 2016-12-27 | 2017-06-13 | 广州智慧城市发展研究院 | A kind of financial IC card circle deposits circle and puies forward test system |
| CN107493167A (en) * | 2016-06-13 | 2017-12-19 | 广州江南科友科技股份有限公司 | Terminal key dissemination system and its terminal key distribution method |
| CN108320356A (en) * | 2018-02-02 | 2018-07-24 | 陈旭 | Lock control method, apparatus and system |
| CN108737092A (en) * | 2018-06-15 | 2018-11-02 | 董绍锋 | Mobile terminal administration server, mobile terminal, business cloud platform and application system |
| CN109167788A (en) * | 2018-09-07 | 2019-01-08 | 飞天诚信科技股份有限公司 | A kind of personalization method and system of the financial IC card with dynamic verification code |
| CN109446752A (en) * | 2018-12-13 | 2019-03-08 | 苏州科达科技股份有限公司 | Rights file management method, system, equipment and storage medium |
| WO2019237913A1 (en) * | 2018-06-12 | 2019-12-19 | 飞天诚信科技股份有限公司 | Ic card having fingerprint recognition function and working method therefor |
| CN112150682A (en) * | 2019-06-27 | 2020-12-29 | 北京小米移动软件有限公司 | Intelligent access control card, intelligent door lock terminal and intelligent access control card identification method |
| CN112241633A (en) * | 2019-07-17 | 2021-01-19 | 杭州海康威视数字技术股份有限公司 | Bidirectional authentication implementation method and system for non-contact smart card |
| CN112422281A (en) * | 2020-11-16 | 2021-02-26 | 杭州海康威视数字技术股份有限公司 | Method and system for changing secret key in security module |
| CN112566102A (en) * | 2020-12-09 | 2021-03-26 | 湖南新云网科技有限公司 | Communication terminal, communication system and communication method based on smart card |
| CN113162771A (en) * | 2021-04-25 | 2021-07-23 | 广州羊城通有限公司 | Smart card application management method, device and system |
| CN113259315A (en) * | 2021-04-01 | 2021-08-13 | 国网上海能源互联网研究院有限公司 | Communication message safety protection method and system suitable for power distribution network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136797A1 (en) * | 2005-01-11 | 2007-06-14 | Matsushita Electric Industrial Co., Ltd. | Secure device and system for issuing ic cards |
| CN101399670A (en) * | 2007-09-28 | 2009-04-01 | 东芝解决方案株式会社 | Encryption module distribution system and device |
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| CN101682656A (en) * | 2007-05-09 | 2010-03-24 | 艾利森电话股份有限公司 | Method and apparatus for protecting the routing of data packets |
| CN102316108A (en) * | 2011-09-09 | 2012-01-11 | 周伯生 | Device for establishing network isolated channel and method thereof |
| CN102542451A (en) * | 2010-12-24 | 2012-07-04 | 北大方正集团有限公司 | Electronic paying method, system and device thereof |
| CN103152174A (en) * | 2013-01-28 | 2013-06-12 | 深圳市捷顺科技实业股份有限公司 | Data processing method, device and parking lot management system applied to parking lot |
| CN103905388A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团广东有限公司 | Authentication method, authentication device, smart card, and server |
| CN104158655A (en) * | 2014-08-27 | 2014-11-19 | 融信信息科技有限公司 | POS master key generation and distribution management system and control method |
-
2015
- 2015-04-21 CN CN201510190998.0A patent/CN104917614A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136797A1 (en) * | 2005-01-11 | 2007-06-14 | Matsushita Electric Industrial Co., Ltd. | Secure device and system for issuing ic cards |
| CN101682656A (en) * | 2007-05-09 | 2010-03-24 | 艾利森电话股份有限公司 | Method and apparatus for protecting the routing of data packets |
| CN101399670A (en) * | 2007-09-28 | 2009-04-01 | 东芝解决方案株式会社 | Encryption module distribution system and device |
| CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
| CN102542451A (en) * | 2010-12-24 | 2012-07-04 | 北大方正集团有限公司 | Electronic paying method, system and device thereof |
| CN102316108A (en) * | 2011-09-09 | 2012-01-11 | 周伯生 | Device for establishing network isolated channel and method thereof |
| CN103905388A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团广东有限公司 | Authentication method, authentication device, smart card, and server |
| CN103152174A (en) * | 2013-01-28 | 2013-06-12 | 深圳市捷顺科技实业股份有限公司 | Data processing method, device and parking lot management system applied to parking lot |
| CN104158655A (en) * | 2014-08-27 | 2014-11-19 | 融信信息科技有限公司 | POS master key generation and distribution management system and control method |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245333A (en) * | 2015-10-26 | 2016-01-13 | 福建新大陆电脑股份有限公司 | Multi-application smart card key management method and multi-application smart card key management system |
| CN105516182A (en) * | 2015-12-30 | 2016-04-20 | 深圳市正东源科技有限公司 | Bidirectional authentication method and system used between smart card and reader-writer |
| CN105516182B (en) * | 2015-12-30 | 2019-05-24 | 深圳市正东源科技有限公司 | A kind of mutual authentication method and its system between smart card and reader |
| CN105608775A (en) * | 2016-01-27 | 2016-05-25 | 大唐微电子技术有限公司 | Authentication method, terminal, access control card and SAM card |
| CN105608775B (en) * | 2016-01-27 | 2018-12-28 | 大唐微电子技术有限公司 | A kind of method of authentication, terminal, access card and SAM card |
| CN106055931A (en) * | 2016-05-18 | 2016-10-26 | 北京芯盾时代科技有限公司 | Software security component system of mobile terminal and secret key system used for system |
| CN107493167A (en) * | 2016-06-13 | 2017-12-19 | 广州江南科友科技股份有限公司 | Terminal key dissemination system and its terminal key distribution method |
| CN107493167B (en) * | 2016-06-13 | 2021-01-29 | 广州江南科友科技股份有限公司 | Terminal key distribution system and terminal key distribution method thereof |
| CN106844199A (en) * | 2016-12-27 | 2017-06-13 | 广州智慧城市发展研究院 | A kind of financial IC card circle deposits circle and puies forward test system |
| CN106846664A (en) * | 2016-12-28 | 2017-06-13 | 广州智慧城市发展研究院 | A kind of financial IC card circle deposits circle and puies forward test system |
| CN108320356A (en) * | 2018-02-02 | 2018-07-24 | 陈旭 | Lock control method, apparatus and system |
| WO2019237913A1 (en) * | 2018-06-12 | 2019-12-19 | 飞天诚信科技股份有限公司 | Ic card having fingerprint recognition function and working method therefor |
| CN108737092A (en) * | 2018-06-15 | 2018-11-02 | 董绍锋 | Mobile terminal administration server, mobile terminal, business cloud platform and application system |
| CN109167788A (en) * | 2018-09-07 | 2019-01-08 | 飞天诚信科技股份有限公司 | A kind of personalization method and system of the financial IC card with dynamic verification code |
| CN109446752A (en) * | 2018-12-13 | 2019-03-08 | 苏州科达科技股份有限公司 | Rights file management method, system, equipment and storage medium |
| US11348387B2 (en) | 2019-06-27 | 2022-05-31 | Beijing Xiaomi Mobile Software Co., Ltd. | Smart management device, lock, and identification method |
| CN112150682A (en) * | 2019-06-27 | 2020-12-29 | 北京小米移动软件有限公司 | Intelligent access control card, intelligent door lock terminal and intelligent access control card identification method |
| CN112241633A (en) * | 2019-07-17 | 2021-01-19 | 杭州海康威视数字技术股份有限公司 | Bidirectional authentication implementation method and system for non-contact smart card |
| CN112241633B (en) * | 2019-07-17 | 2023-03-14 | 杭州海康威视数字技术股份有限公司 | Bidirectional authentication implementation method and system for non-contact smart card |
| CN112422281A (en) * | 2020-11-16 | 2021-02-26 | 杭州海康威视数字技术股份有限公司 | Method and system for changing secret key in security module |
| CN112566102A (en) * | 2020-12-09 | 2021-03-26 | 湖南新云网科技有限公司 | Communication terminal, communication system and communication method based on smart card |
| CN112566102B (en) * | 2020-12-09 | 2022-07-01 | 湖南新云网科技有限公司 | Communication terminal, communication system and communication method based on smart card |
| CN113259315A (en) * | 2021-04-01 | 2021-08-13 | 国网上海能源互联网研究院有限公司 | Communication message safety protection method and system suitable for power distribution network |
| CN113259315B (en) * | 2021-04-01 | 2023-04-18 | 国网上海能源互联网研究院有限公司 | Communication message safety protection method and system suitable for power distribution network |
| CN113162771A (en) * | 2021-04-25 | 2021-07-23 | 广州羊城通有限公司 | Smart card application management method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104917614A (en) | Bidirectional verification method and device of intelligent card and acceptance terminal | |
| CN101042736B (en) | Smart card and method for accessing objects in smart card | |
| KR100668996B1 (en) | A data storage apparatus and method | |
| CN101042738B (en) | Method for implementing smart card multi-application and data processing apparatus | |
| CN104463001A (en) | Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key | |
| CN101042737B (en) | Smart card and method for creating application and insertion objects in smart card | |
| US7971788B2 (en) | Electronic payment terminal, smart card adapted to such a terminal and method for loading a secret key in such a terminal | |
| CN1954345B (en) | Smart card data transaction system and method for providing storage and transmission security | |
| CN109063450B (en) | Control method of safe storage medium, safe storage medium and system | |
| CN101771680A (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| US20230252451A1 (en) | Contactless card with multiple rotating security keys | |
| CN101009012A (en) | Method, device and system for issuing card | |
| WO1997024831A1 (en) | Multiple cryptographic key distribution | |
| CN102542645B (en) | A kind of entrance guard authentication method and Verification System | |
| CN105160776A (en) | City card, business platform, card business system and realization method | |
| CN108460597A (en) | A kind of key management system and method | |
| CN1930592A (en) | Emv transactions in mobile terminals | |
| CN101571926A (en) | Safe read-write device for IC cards and method for using same | |
| CN205015906U (en) | Anti -fake verification system of electron certificate | |
| JP2003123032A (en) | Ic card terminal and individual authentication method | |
| CN107070924A (en) | Information processing method, apparatus and system | |
| CN110533128A (en) | A kind of anti-fake data processing method of tracing to the source, device, system and medium based on encryption | |
| EP4246873A1 (en) | Method and system for changing key in security module | |
| CN109447653A (en) | A kind of IC card encryption method, device, terminal and storage medium | |
| CN109741050A (en) | Extend method of financial IC card service life and associated method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150916 |
|
| RJ01 | Rejection of invention patent application after publication |