CN105989481A - Data interaction method and system - Google Patents

Data interaction method and system Download PDF

Info

Publication number
CN105989481A
CN105989481A CN201510056316.7A CN201510056316A CN105989481A CN 105989481 A CN105989481 A CN 105989481A CN 201510056316 A CN201510056316 A CN 201510056316A CN 105989481 A CN105989481 A CN 105989481A
Authority
CN
China
Prior art keywords
described
cutting ferrule
binding
random factor
factor
Prior art date
Application number
CN201510056316.7A
Other languages
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN2014106418726 priority Critical
Priority to CN201410641872 priority
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of CN105989481A publication Critical patent/CN105989481A/en

Links

Abstract

The present invention provides a data interaction method and a data interaction system. The method includes the following steps that: a first device and a second device authenticate each other' certificates and identities, after the first device and the second device both pass the authentication, the first device and the second device store binding factors generated during the certification process respectively; the first device and the second device authenticate each other' identities again, and compare the binding factors stored by the first device and the second device to judge whether the binding factors are identical in the identity authentication process, after it is determined that the binding factors stored by the first device and the second device are identical, and the first device and the second device both pass the authentication again, secure transmission keys for data secure transmission between the first device and second device are generated; and the first device and the second device carries out data interaction by using the generated secure transmission keys. With the data interaction method and the data interaction system of the invention adopted, the security of data interaction can be improved.

Description

Data interactive method and system

Technical field

The present invention relates to electronic information security technical field, particularly relate to a kind of data interactive method and system.

Background technology

In existing transaction flow, such as: withdraw the money or do shopping and swipe the card, usual user needs to carry with the bank card handled from bank, and user is carry-on Carry bank card and there is certain security risk, once lose, then easily the assets of user are caused damage.Further, since bank card kind is multiple Various, a user may have the bank card of multiple different banks simultaneously, as carried with the bank card of multiple different banks, the most portable, If in order to be convenient for carrying, when only carrying some bank card in multiple bank cards, when using these bank cards to carry out withdrawing the money or do shopping to swipe the card, There may be inter-bank transaction, cause transaction occurs unnecessary expense.

Therefore, prior art is badly in need of the data interaction solution providing a kind of safety higher.

Summary of the invention

Present invention seek to address that the problems referred to above.

A kind of data interactive method of offer is provided;

Another object of the present invention is to provide a kind of data interaction system.

For reaching above-mentioned purpose, technical scheme is specifically achieved in that

One aspect of the present invention provides a kind of data interactive method, including: the first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, And after all certification is passed through both sides, each it is stored in verification process the binding factor generated;First equipment and the second equipment mutual authentication the other side again Identity, and during mutual authentication the other side identity again, the binding factor comparing both sides' storage is the most identical, in the binding of relatively both sides storage After the factor is identical and mutual authentication the other side identity is passed through again, generate that to carry out the safe transmission of Security Data Transmission between the first equipment and the second equipment close Key;The safe transmission key utilizing generation between first equipment and the second equipment carries out data interaction.

Additionally, the first equipment is cutting ferrule, the second equipment is simulation card;First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, And after all certification is passed through both sides, be each stored in verification process the binding factor generated and include: cutting ferrule receives and is used for indicating and simulates card and carry out The trigger command of binding;Cutting ferrule to simulation card send first binding instruction, wherein, first binding instruction includes: cutting ferrule generate first binding with The machine factor, cutting ferrule certificate and cutting ferrule uniquely identify;Simulation card receives the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;Mould After plan card checking cutting ferrule certificate is legal, generate the second binding random factor;Simulation card utilize cutting ferrule PKI in cutting ferrule certificate to the first binding with The machine factor and the second binding random factor are encrypted acquisition the first binding ciphertext, utilize simulation card private key to the first binding random factor and the Two binding random factors carry out signature and obtain the first binding signature;Simulation card sends the first binding response, wherein, the first binding response bag to cutting ferrule Include: the first binding ciphertext, the first binding signature, simulation card certificate and simulation card uniquely identify;Cutting ferrule receives the first binding response, utilizes Simulation card certificate is verified by root certificate;After cutting ferrule checking simulation card certificate is legal, utilize cutting ferrule private key that the first binding ciphertext is decrypted, Obtain the first binding decryption random factor and the second binding decryption random factor;Cutting ferrule utilizes the simulation card PKI in simulation card certificate, first ties up Determine the decryption random factor and the second binding decryption random factor pair first is bound signature and verified;After cutting ferrule checking the first binding signature is correct, test Card the first binding decryption random factor is the most identical with the first binding random factor;Cutting ferrule checking the first binding decryption random factor is random with the first binding After the factor is identical, prompting simulation card uniquely identifies;Cutting ferrule receives for confirming that simulating card uniquely identifies correct trigger command, utilizes cutting ferrule private First binding random factor and the second binding decryption random factor are signed by key, it is thus achieved that the second binding signature, and storage simulation card is unique Mark, simulation card certificate and cutting ferrule end the first binding factor are to cutting ferrule end the first list of bindings, and wherein, cutting ferrule end the first binding factor is second The binding decryption random factor;Cutting ferrule sends the second binding signature to simulation card;Simulation card receives the second binding signature, utilizes in cutting ferrule certificate Second binding signature is verified by cutting ferrule PKI, the first binding random factor and the second binding random factor;Simulation card checking the second binding is signed After name is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card bit end binding factor be to analog card bit end list of bindings, wherein, analog card Bit end binding factor is the second binding random factor.

Additionally, the first equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, compare both sides The binding factor of storage is the most identical, and the binding factor in relatively both sides storage is identical and after mutual authentication the other side identity is passed through again, generates first and sets The safe transmission key carrying out Security Data Transmission between standby and the second equipment includes: cutting ferrule sends to simulation card and sets up secure connection for instruction First secure connection instruction, wherein, the first secure connection instruction includes: cutting ferrule utilizes the simulation card PKI in simulation card certificate to cutting ferrule end the First connection random factor of one binding factor and generation is encrypted the first connection ciphertext of acquisition, and cutting ferrule utilizes cutting ferrule private key to cutting ferrule end first Binding factor and first connects random factor and carries out the first connection signature that signature obtains;Simulation card receives the first secure connection instruction, utilizes mould Intend card private key the first connection ciphertext is decrypted, it is thus achieved that cutting ferrule end first is bound decryption factor and first and connected the decryption random factor;Analog card Sheet utilizes the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end first to bind decryption factor and the first connection decryption random factor pair first connects signature and carries out Checking;After simulation card checking the first connection signature is correct, it is the most identical with analog card bit end binding factor that checking cutting ferrule end first binds decryption factor; Simulation card checking cutting ferrule end first bind decryption factor identical with analog card bit end binding factor after, generate second connect random factor;Simulation card Utilize the cutting ferrule PKI in cutting ferrule certificate to connect the decryption random factor to first and the second connection random factor be encrypted acquisition the second connection ciphertext, Utilize simulation card private key to connect the decryption random factor to first and the second connection random factor carries out signature and obtains the second connection signature;Simulation card Sending the first secure connection response to cutting ferrule, wherein, the first secure connection response includes: second connects ciphertext and second connects signature;Card socket Receive the first secure connection response, utilize cutting ferrule private key to connect ciphertext to second and be decrypted, it is thus achieved that the first connection decryption random factor and the after deciphering Two connect the decryption random factor;Cutting ferrule utilizes the first connection decryption random factor and second after the simulation card PKI in simulation card certificate, deciphering Connection decryption random factor pair second connects signature and verifies;After cutting ferrule checking the second connection signature is correct, the first connection after checking deciphering is random It is the most identical that decryption factor is connected random factor with first;The first connection decryption random factor after cutting ferrule checking deciphering is connected random factor phase with first After Tong, connect the decryption random factor at least with second and generate cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;Simulation card is at least The second connection random factor is utilized to generate the analog card bit end safe transmission key between cutting ferrule and simulation card.

Additionally, the first equipment is cutting ferrule, the second equipment is Truth cards manager;First equipment and second equipment mutual authentication the other side's certificate and the other side Identity, and after all certification is passed through both sides, be each stored in verification process the binding factor generated and include: cutting ferrule receives for instruction and true card Sheet manager carries out the trigger command bound;Cutting ferrule sends the second binding instruction, wherein, the second binding by wireless network to Truth cards manager Instruction includes: the 3rd binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;Truth cards manager receives the second binding and refers to Order, utilizes root certificate to verify cutting ferrule certificate;After Truth cards manager checking cutting ferrule certificate is legal, generate the 4th binding random factor;Very Real card management device utilizes the cutting ferrule PKI in cutting ferrule certificate that the 3rd binding random factor and the 4th binding random factor are encrypted acquisition second Binding ciphertext, utilizes Truth cards manager private key that the 3rd binding random factor and the 4th binding random factor are carried out signature acquisition the 3rd binding and signs Name;Truth cards manager sends the second binding response by wireless network to cutting ferrule, and wherein, the second binding response includes: the second binding ciphertext, 3rd binding signature, Truth cards manager certificate and Truth cards manager uniquely identify;Cutting ferrule receives the second binding response, utilizes root certificate Truth cards manager certificate is verified;After cutting ferrule checking Truth cards manager certificate is legal, utilize cutting ferrule private key that the second binding ciphertext is entered Row deciphering, it is thus achieved that the 3rd binding decryption random factor and the 4th binding decryption random factor;Cutting ferrule utilizes the true card in Truth cards manager certificate Sheet manager PKI, the 3rd binding decryption random factor and the 4th binding decryption random factor pair the 3rd binding signature are verified;Cutting ferrule checking the After three binding signatures are correct, checking the 3rd binding decryption random factor is the most identical with the 3rd binding random factor;Cutting ferrule checking the 3rd binding RANDOM SOLUTION After the close factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies;Cutting ferrule receives and is used for confirming Truth cards manager only The trigger command that one mark is correct, utilizes cutting ferrule private key to sign the 3rd binding random factor and the 4th binding decryption random factor, it is thus achieved that the Four binding signatures, and storage Truth cards manager uniquely identifies, Truth cards manager certificate and cutting ferrule end the second binding factor be to cutting ferrule end Second list of bindings, wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;Cutting ferrule sends the 4th to Truth cards manager and ties up Fixed signature;Truth cards manager receives the 4th binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd binding random factor and the 4th to tie up Determine random factor the 4th binding signature is verified;After Truth cards manager checking the 4th binding signature is correct, storage cutting ferrule uniquely identifies, blocks Set certificate and Truth cards manager end binding factor are to true card management device end list of bindings, wherein, Truth cards manager end binding factor It it is the 4th binding random factor.

Additionally, the first equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, compare both sides The binding factor of storage is the most identical, and the binding factor in relatively both sides storage is identical and after mutual authentication the other side identity is passed through again, generates first and sets The safe transmission key carrying out Security Data Transmission between standby and the second equipment includes: cutting ferrule sends to Truth cards manager and sets up safety for instruction The 3rd secure connection instruction connected, wherein, the 3rd secure connection instruction includes: cutting ferrule utilizes the Truth cards pipe in Truth cards manager certificate Reason device PKI is encrypted the 5th connection ciphertext of acquisition to the 5th connection random factor of cutting ferrule end the second binding factor and generation, and cutting ferrule utilizes card Set private key connects random factor and carries out the 5th connection signature that signature obtains cutting ferrule end the second binding factor and the 5th;Truth cards manager receives 3rd secure connection instruction, utilize Truth cards manager private key to the 5th connect ciphertext be decrypted, it is thus achieved that cutting ferrule end second bind decryption factor with And the 5th connect the decryption random factor;Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end second to bind decryption factor and Five connect decryption random factor pair the 5th connection signature verifies;After Truth cards manager checking the 5th connection signature is correct, checking cutting ferrule end the Two binding decryption factor are the most identical with Truth cards manager end binding factor;Truth cards manager checking cutting ferrule end second bind decryption factor with After Truth cards manager end binding factor is identical, generate the 6th connection random factor;Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate Connect the decryption random factor to the 5th and the 6th connection random factor is encrypted acquisition the 6th connection ciphertext, utilize Truth cards manager private key pair The 5th connection decryption random factor and the 6th connection random factor carry out signature acquisition the 6th connection and sign;Truth cards manager sends the to cutting ferrule Three secure connection responses, wherein, the 3rd secure connection response includes: the 6th connects ciphertext and the 6th connects signature;Cutting ferrule receives the 3rd and connects safely Connect response, utilize cutting ferrule private key to connect ciphertext to the 6th and be decrypted, it is thus achieved that the 5th connection decryption random factor and the 6th after deciphering connects RANDOM SOLUTION The close factor;Cutting ferrule utilizes the 5th connection decryption random factor and the 6th after the Truth cards manager PKI in Truth cards manager certificate, deciphering Connect decryption random factor pair the 6th connection signature to verify;After cutting ferrule checking the 6th connection signature is correct, the 5th connection after checking deciphering is random It is the most identical that decryption factor is connected random factor with the 5th;The 5th connection decryption random factor after cutting ferrule checking deciphering is connected random factor phase with the 5th After Tong, connect the decryption random factor at least with the 6th and generate cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;True card Sheet manager connects random factor at least with the 6th and generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager.

Additionally, cutting ferrule is mobile device.

Additionally, cutting ferrule is mobile device and electronic signature equipment, or cutting ferrule is electronic signature equipment.

Another aspect of the present invention provides a kind of data interactive method, including: the first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, And after all certification is passed through both sides, each it is stored in verification process the binding factor generated;First equipment and the second equipment mutual authentication the other side again Identity, and during mutual authentication the other side identity again, generate safe transmission cryptographic key factor, after mutual authentication the other side identity is passed through again, at least Utilizing the binding factor of storage and safe transmission cryptographic key factor to generate, to carry out the safe transmission of Security Data Transmission between the first equipment and the second equipment close Key, and verify that the safe transmission key that both sides generate is the most identical;After the safe transmission key of checking both sides' generation is identical, the first equipment and second The safe transmission key utilizing generation between equipment carries out data interaction.

Additionally, the first equipment is cutting ferrule, the second equipment is simulation card;First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, And after all certification is passed through both sides, be each stored in verification process the binding factor generated and include: cutting ferrule receives and is used for indicating and simulates card and carry out The trigger command of binding;Cutting ferrule to simulation card send first binding instruction, wherein, first binding instruction includes: cutting ferrule generate first binding with The machine factor, cutting ferrule certificate and cutting ferrule uniquely identify;Simulation card receives the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;Mould After plan card checking cutting ferrule certificate is legal, generate the second binding random factor;Simulation card utilize cutting ferrule PKI in cutting ferrule certificate to the first binding with The machine factor and the second binding random factor are encrypted acquisition the first binding ciphertext, utilize simulation card private key to the first binding random factor and the Two binding random factors carry out signature and obtain the first binding signature;Simulation card sends the first binding response, wherein, the first binding response bag to cutting ferrule Include: the first binding ciphertext, the first binding signature, simulation card certificate and simulation card uniquely identify;Cutting ferrule receives the first binding response, utilizes Simulation card certificate is verified by root certificate;After cutting ferrule checking simulation card certificate is legal, utilize cutting ferrule private key that the first binding ciphertext is decrypted, Obtain the first binding decryption random factor and the second binding decryption random factor;Cutting ferrule utilizes the simulation card PKI in simulation card certificate, first ties up Determine the decryption random factor and the second binding decryption random factor pair first is bound signature and verified;After cutting ferrule checking the first binding signature is correct, test Card the first binding decryption random factor is the most identical with the first binding random factor;Cutting ferrule checking the first binding decryption random factor is random with the first binding After the factor is identical, prompting simulation card uniquely identifies;Cutting ferrule receives for confirming that simulating card uniquely identifies correct trigger command, utilizes cutting ferrule private First binding random factor and the second binding decryption random factor are signed by key, it is thus achieved that the second binding signature, and storage simulation card is unique Mark, simulation card certificate and cutting ferrule end the first binding factor are to cutting ferrule end the first list of bindings, and wherein, cutting ferrule end the first binding factor is second The binding decryption random factor;Cutting ferrule sends the second binding signature to simulation card;Simulation card receives the second binding signature, utilizes in cutting ferrule certificate Second binding signature is verified by cutting ferrule PKI, the first binding random factor and the second binding random factor;Simulation card checking the second binding is signed After name is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card bit end binding factor be to analog card bit end list of bindings, wherein, analog card Bit end binding factor is the second binding random factor.

Additionally, the first equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, generate safe transmission Cryptographic key factor, after mutual authentication the other side identity is passed through again, binding factor and safe transmission cryptographic key factor at least with storage generate the first equipment And carry out the safe transmission key of Security Data Transmission between the second equipment, and verify that safe transmission key that both sides generate is the most identical and include: cutting ferrule The 3rd connection random factor and the simulation card that receive the simulation card generation that simulation card sends uniquely identify;Cutting ferrule sends to simulation card and is used for The second secure connection instruction of secure connection is set up in instruction, and wherein, the second secure connection instruction includes: cutting ferrule uniquely identifies, cutting ferrule utilizes analog card The 3rd connection that simulation card PKI in sheet certificate is encrypted acquisition to the 4th connection random factor of the 3rd connection random factor and generation is close Literary composition, cutting ferrule utilize cutting ferrule private key to connect random factor to the 3rd and the 4th connection random factor carries out the 3rd connection signature that signature obtains;Analog card Sheet receives the second secure connection instruction, it is judged that cutting ferrule uniquely identifies whether in analog card bit end list of bindings;If cutting ferrule uniquely identifies at analog card In bit end list of bindings, simulation card utilize simulation card private key to the 3rd connect ciphertext be decrypted, it is thus achieved that the 3rd connect the decryption random factor and 4th connects the decryption random factor;Simulation card utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd connection decryption random factor and the 4th to connect random Decryption factor connects signature to the 3rd and verifies;After simulation card checking the 3rd connection signature is correct, checking the 3rd connection decryption random factor and the Three connection random factors are the most identical;If it is identical that the 3rd connection decryption random factor connects random factor with the 3rd, simulation card utilizes simulation card Private key connects the decryption random factor to the 3rd and the 4th connection decryption random factor carries out signature and obtains the 4th connection signature;Simulation card is sent out to cutting ferrule Sending the second secure connection response, wherein, the second secure connection response includes: the 4th connects signature;Cutting ferrule receives the second secure connection response, utilizes Simulation card PKI in simulation card certificate, the 3rd connection random factor and the 4th connect random factor and verify the 4th connection signature;Cutting ferrule After verifying that the 4th connection signature is correct, connect random factor at least with the 4th and cutting ferrule end the first binding factor generates between cutting ferrule and simulation card Cutting ferrule end the first safe transmission key;Simulation card at least with the 4th connect the decryption random factor and analog card bit end binding factor generate cutting ferrule with Analog card bit end safe transmission key between simulation card;Cutting ferrule utilizes cutting ferrule end the first safe transmission double secret key the 3rd to connect random factor and the 4th Connect after random factor carries out the first process and send to simulating card;Simulation card utilizes analog card bit end safe transmission double secret key the 3rd to connect RANDOM SOLUTION The close factor and the 4th connection decryption random factor send to cutting ferrule after carrying out the first process;Cutting ferrule receives the data that simulation card sends, and utilizes card The set data that receive of end the first safe transmission double secret key carry out the second process, compare the data after the second process and are connected random factor and the with the 3rd Four connection random factors are the most identical;The data that simulation card receiving card set sends, and utilize the number that analog card bit end safe transmission double secret key receives According to carrying out the second process, compare the data after the second process be connected with the 3rd the decryption random factor and the 4th connect the decryption random factor the most identical.

Additionally, the first equipment is cutting ferrule, the second equipment is Truth cards manager;First equipment and second equipment mutual authentication the other side's certificate and the other side Identity, and after all certification is passed through both sides, be each stored in verification process the binding factor generated and include: cutting ferrule receives for instruction and true card Sheet manager carries out the trigger command bound;Cutting ferrule sends the second binding instruction, wherein, the second binding by wireless network to Truth cards manager Instruction includes: the 3rd binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;Truth cards manager receives the second binding and refers to Order, utilizes root certificate to verify cutting ferrule certificate;After Truth cards manager checking cutting ferrule certificate is legal, generate the 4th binding random factor;Very Real card management device utilizes the cutting ferrule PKI in cutting ferrule certificate that the 3rd binding random factor and the 4th binding random factor are encrypted acquisition second Binding ciphertext, utilizes Truth cards manager private key that the 3rd binding random factor and the 4th binding random factor are carried out signature acquisition the 3rd binding and signs Name;Truth cards manager sends the second binding response by wireless network to cutting ferrule, and wherein, the second binding response includes: the second binding ciphertext, 3rd binding signature, Truth cards manager certificate and Truth cards manager uniquely identify;Cutting ferrule receives the second binding response, utilizes root certificate Truth cards manager certificate is verified;After cutting ferrule checking Truth cards manager certificate is legal, utilize cutting ferrule private key that the second binding ciphertext is entered Row deciphering, it is thus achieved that the 3rd binding decryption random factor and the 4th binding decryption random factor;Cutting ferrule utilizes the true card in Truth cards manager certificate Sheet manager PKI, the 3rd binding decryption random factor and the 4th binding decryption random factor pair the 3rd binding signature are verified;Cutting ferrule checking the After three binding signatures are correct, checking the 3rd binding decryption random factor is the most identical with the 3rd binding random factor;Cutting ferrule checking the 3rd binding RANDOM SOLUTION After the close factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies;Cutting ferrule receives and is used for confirming Truth cards manager only The trigger command that one mark is correct, utilizes cutting ferrule private key to sign the 3rd binding random factor and the 4th binding decryption random factor, it is thus achieved that the Four binding signatures, and storage Truth cards manager uniquely identifies, Truth cards manager certificate and cutting ferrule end the second binding factor be to cutting ferrule end Second list of bindings, wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;Cutting ferrule sends the 4th to Truth cards manager and ties up Fixed signature;Truth cards manager receives the 4th binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd binding random factor and the 4th to tie up Determine random factor the 4th binding signature is verified;After Truth cards manager checking the 4th binding signature is correct, storage cutting ferrule uniquely identifies, blocks Set certificate and Truth cards manager end binding factor are to true card management device end list of bindings, wherein, Truth cards manager end binding factor It it is the 4th binding random factor.

Additionally, the first equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, generate safe transmission Cryptographic key factor, after mutual authentication the other side identity is passed through again, binding factor and safe transmission cryptographic key factor at least with storage generate the first equipment And carry out the safe transmission key of Security Data Transmission between the second equipment, and verify that safe transmission key that both sides generate is the most identical and include: cutting ferrule The 7th connection random factor and the Truth cards manager that receive the Truth cards manager generation that Truth cards manager sends uniquely identify;Cutting ferrule to Truth cards manager sends the 4th secure connection instruction setting up secure connection for instruction, and wherein, the 4th secure connection instruction includes: cutting ferrule is only One mark, cutting ferrule utilize the Truth cards manager PKI in Truth cards manager certificate to connect random factor and the 8th connection of generation to the 7th Random factor is encrypted the 7th connection ciphertext of acquisition, cutting ferrule utilizes cutting ferrule private key to connect random factor to the 7th and the 8th connection random factor enters The 7th connection signature that row signature obtains;Truth cards manager receives the 4th secure connection instruction, it is judged that cutting ferrule uniquely identifies whether at Truth cards In manager end list of bindings;If cutting ferrule uniquely identifies in Truth cards manager end list of bindings, Truth cards manager utilizes Truth cards Manager private key connects ciphertext to the 7th and is decrypted, it is thus achieved that the 7th connects the decryption random factor and the 8th connects the decryption random factor;Truth cards Manager utilize the cutting ferrule PKI in cutting ferrule certificate, the 7th connect the decryption random factor and the 8th connect decryption random factor pair the 7th connection sign into Row checking;After Truth cards manager checking the 7th connection signature is correct, whether checking the 7th connection decryption random factor is connected random factor with the 7th Identical;If it is identical that the 7th connection decryption random factor connects random factor with the 7th, Truth cards manager utilizes Truth cards manager private key pair The 7th connection decryption random factor and the 8th connection decryption random factor carry out signature acquisition the 8th connection and sign;Truth cards manager is sent out to cutting ferrule Sending the 4th secure connection response, wherein, the 4th secure connection response includes: the 8th connects signature;Cutting ferrule receives the 4th secure connection response, utilizes Truth cards manager PKI in Truth cards manager certificate, the 7th connect random factor and the 8th connect random factor connect the 8th sign into Row checking;After cutting ferrule checking the 8th connection signature is correct, connect random factor at least with the 8th and cutting ferrule end the second binding factor generate cutting ferrule with Cutting ferrule end the second safe transmission key between Truth cards manager;Truth cards manager connects the decryption random factor and true at least with the 8th Card management device end binding factor generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager;Cutting ferrule utilizes cutting ferrule end Second safe transmission double secret key the 7th connection random factor and the 8th connection random factor send to true card management device after carrying out the first process;Very Real card management device utilizes Truth cards manager end safe transmission double secret key the 7th to connect the decryption random factor and the 8th connection decryption random factor Send to cutting ferrule after carrying out the first process;Cutting ferrule receives the data that Truth cards manager sends, and utilizes cutting ferrule end the second safe transmission key to dock The data received carry out the second process, compare the data after the second process be connected with the 7th random factor and the 8th connect random factor the most identical; Truth cards manager receives the data that cutting ferrule sends, and the data utilizing Truth cards manager end safe transmission double secret key to receive are carried out at second Reason, compare the data after the second process be connected with the 7th the decryption random factor and the 8th connection the decryption random factor the most identical.

Additionally, cutting ferrule is mobile device.

Additionally, cutting ferrule is mobile device and electronic signature equipment, or cutting ferrule is electronic signature equipment.

One aspect of the present invention also provides for a kind of data interaction system, including: the first equipment and the second equipment;Wherein, the first equipment and the second equipment Mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, each it is stored in verification process the binding factor generated;First sets Standby with the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, the binding factor comparing both sides' storage is No identical, the binding factor in relatively both sides storage is identical and after mutual authentication the other side identity is passed through again, generates between the first equipment and the second equipment Carry out the safe transmission key of Security Data Transmission;The safe transmission key utilizing generation between first equipment and the second equipment carries out data interaction.

Additionally, the first equipment is cutting ferrule, the second equipment is simulation card;Cutting ferrule, for receiving for indicating and simulate the triggering that card carries out binding Order;Sending first to simulation card and bind instruction, wherein, the first binding instruction includes: the first binding random factor, cutting ferrule that cutting ferrule generates are demonstrate,proved Book and cutting ferrule uniquely identify;Simulation card, for receiving the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;Checking cutting ferrule card After book is legal, generate the second binding random factor;Utilize cutting ferrule PKI in cutting ferrule certificate to the first binding random factor and the second binding random because of Son is encrypted acquisition the first binding ciphertext, utilizes simulation card private key that the first binding random factor and the second binding random factor are carried out signature and obtained Obtain the first binding signature;Sending the first binding response to cutting ferrule, wherein, the first binding response includes: first binding ciphertext, first binding signature, Simulation card certificate and simulation card uniquely identify;Cutting ferrule, is additionally operable to receive the first binding response, utilizes root certificate to carry out simulation card certificate Checking;Checking simulation card certificate legal after, utilize cutting ferrule private key to first binding ciphertext be decrypted, it is thus achieved that first binding the decryption random factor and The second binding decryption random factor;Utilize the simulation card PKI in simulation card certificate, the first binding decryption random factor and the second binding random First binding signature is verified by decryption factor;After checking the first binding signature is correct, checking the first binding decryption random factor and the first binding with The machine factor is the most identical;After checking the first binding decryption random factor is identical with the first binding random factor, prompting simulation card uniquely identifies;Receive For confirm simulate card uniquely identify correct trigger command, utilize cutting ferrule private key to first binding random factor and second binding decryption random because of Son is signed, it is thus achieved that the second binding signature, and storage simulation card uniquely identifies, simulates card certificate and cutting ferrule end the first binding factor extremely Cutting ferrule end the first list of bindings, wherein, cutting ferrule end the first binding factor is the second binding decryption random factor;Send the second binding to simulation card to sign Name;Simulation card, is additionally operable to receive the second binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the first binding random factor and the second binding Second binding signature is verified by random factor;After checking the second binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card Bit end binding factor is to analog card bit end list of bindings, and wherein, analog card bit end binding factor is the second binding random factor.

Additionally, cutting ferrule, being additionally operable to send the first secure connection instruction setting up secure connection for instruction to simulation card, wherein, first connects safely Connect instruction to include: cutting ferrule utilize simulation card PKI in simulation card certificate to the first connection of cutting ferrule end the first binding factor and generation random because of Son is encrypted the first connection ciphertext of acquisition, and cutting ferrule utilizes cutting ferrule private key that cutting ferrule end the first binding factor and first are connected random factor and signs The first connection signature that name obtains;Simulation card, is additionally operable to receive the first secure connection instruction, utilizes simulation card private key to connect ciphertext to first and enter Row deciphering, it is thus achieved that cutting ferrule end first is bound decryption factor and first and connected the decryption random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end First binding decryption factor and the first connection decryption random factor pair first connect signature and verify;After checking the first connection signature is correct, checking It is the most identical with analog card bit end binding factor that cutting ferrule end first binds decryption factor;Checking cutting ferrule end first is bound decryption factor and is tied up with analog card bit end After determining cause is identical, generate the second connection random factor;The cutting ferrule PKI in cutting ferrule certificate is utilized to connect the decryption random factor and second even to first Connect random factor be encrypted acquisition second connection ciphertext, utilize simulation card private key to first connect the decryption random factor and second connect random because of Son carries out signature and obtains the second connection signature;Sending the first secure connection response to cutting ferrule, wherein, the first secure connection response includes: second connects Ciphertext and second connects signature;Cutting ferrule, is additionally operable to receive the first secure connection response, utilizes cutting ferrule private key to connect ciphertext to second and be decrypted, Obtain the first connection decryption random factor and second after deciphering and connect the decryption random factor;Utilize the simulation card PKI in simulation card certificate, solution The first connection decryption random factor and the second connection decryption random factor pair second after close connect signature and verify;Checking the second connection signature is correct After, it is the most identical that the first connection decryption random factor after checking deciphering is connected random factor with first;The first connection decryption random after checking deciphering After the factor is identical with the first connection random factor, pacify at least with the second cutting ferrule end first connected between decryption random factor generation cutting ferrule and simulation card Entirely transmit key;Simulation card, is additionally operable to connect random factor at least with second and generates the analog card bit end safe transmission between cutting ferrule and simulation card Key.

Additionally, the first equipment is cutting ferrule, the second equipment is Truth cards manager;Cutting ferrule, enters with Truth cards manager for instruction for receiving The trigger command of row binding;Sending the second binding instruction by wireless network to Truth cards manager, wherein, the second binding instruction includes: cutting ferrule The 3rd binding random factor, cutting ferrule certificate and the cutting ferrule that generate uniquely identify;Truth cards manager, for receiving the second binding instruction, utilizes Cutting ferrule certificate is verified by root certificate;After checking cutting ferrule certificate is legal, generate the 4th binding random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate 3rd binding random factor and the 4th binding random factor are encrypted acquisition the second binding ciphertext, utilize Truth cards manager private key to the 3rd Binding random factor and the 4th binding random factor carry out signature and obtain the 3rd binding signature;Send the second binding by wireless network to cutting ferrule to ring Should, wherein, the second binding response includes: the second binding ciphertext, the 3rd binding signature, Truth cards manager certificate and Truth cards manager Unique mark;Cutting ferrule, is additionally operable to receive the second binding response, utilizes root certificate to verify Truth cards manager certificate;Checking Truth cards After manager certificate is legal, utilize cutting ferrule private key that the second binding ciphertext is decrypted, it is thus achieved that the 3rd binding decryption random factor and the 4th binding are random Decryption factor;Utilize the Truth cards manager PKI in Truth cards manager certificate, the 3rd binding decryption random factor and the 4th binding random 3rd binding signature is verified by decryption factor;After verifying that the 3rd binding signature is correct, checking the 3rd binding decryption random factor and the 3rd binding with The machine factor is the most identical;After verifying that the 3rd binding decryption random factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies; Receive for confirming that Truth cards manager uniquely identifies correct trigger command, utilize cutting ferrule private key to the 3rd binding random factor and the 4th binding The decryption random factor is signed, it is thus achieved that the 4th binding signature, and storage Truth cards manager uniquely identify, Truth cards manager certificate with And cutting ferrule end the second binding factor is to cutting ferrule end the second list of bindings, wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;To Truth cards manager sends the 4th binding signature;Truth cards manager, is additionally operable to receive the 4th binding signature, utilizes the cutting ferrule in cutting ferrule certificate 4th binding signature is verified by PKI, the 3rd binding random factor and the 4th binding random factor;After verifying that the 4th binding signature is correct, deposit The unique mark of card storage set, cutting ferrule certificate and Truth cards manager end binding factor, to true card management device end list of bindings, wherein, truly block Sheet manager end binding factor is the 4th binding random factor.

Additionally, cutting ferrule, it is additionally operable to send the 3rd secure connection instruction setting up secure connection for instruction, wherein, the 3rd to Truth cards manager Secure connection instruction includes: cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate to cutting ferrule end the second binding factor and life The 5th connection random factor become is encrypted the 5th connection ciphertext of acquisition, and cutting ferrule utilizes cutting ferrule private key to cutting ferrule end the second binding factor and the 5th Connect random factor and carry out the 5th connection signature that signature obtains;Truth cards manager, is additionally operable to receive the 3rd secure connection instruction, utilizes true Card management device private key connects ciphertext to the 5th and is decrypted, it is thus achieved that cutting ferrule end second is bound decryption factor and the 5th and connected the decryption random factor;Profit Bind decryption factor with the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end second and the 5th connection decryption random factor pair the 5th connects signature and tests Card;After verifying that the 5th connection signature is correct, it is the most identical with Truth cards manager end binding factor that checking cutting ferrule end second binds decryption factor;Test Card sleeve end second bind decryption factor identical with Truth cards manager end binding factor after, generate the 6th connection random factor;Utilize cutting ferrule certificate In cutting ferrule PKI to the 5th connect the decryption random factor and the 6th connect random factor be encrypted acquisition the 6th connection ciphertext, utilize Truth cards Manager private key connects the decryption random factor to the 5th and the 6th connection random factor carries out signature and obtains the 6th connection signature;The 3rd is sent to cutting ferrule Secure connection responds, and wherein, the 3rd secure connection response includes: the 6th connects ciphertext and the 6th connects signature;Cutting ferrule, is additionally operable to receive the 3rd Secure connection responds, and utilizes cutting ferrule private key to connect ciphertext to the 6th and is decrypted, it is thus achieved that the 5th connection decryption random factor and the 6th after deciphering connects The decryption random factor;Utilize the 5th connection decryption random factor and the after the Truth cards manager PKI in Truth cards manager certificate, deciphering Six connect decryption random factor pair the 6th connection signature verifies;The 5th connection RANDOM SOLUTION after verifying that the 6th connection signature is correct, after checking deciphering It is the most identical that the close factor is connected random factor with the 5th;After verifying that the 5th connection decryption random factor after deciphering is identical with the 5th connection random factor, Connect the decryption random factor at least with the 6th and generate cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;Truth cards manages Device, is additionally operable to connect random factor at least with the 6th and generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager.

Additionally, cutting ferrule is mobile device.

Additionally, cutting ferrule is mobile device and electronic signature equipment, or cutting ferrule is electronic signature equipment.

Another aspect of the present invention additionally provides a kind of data interaction system, including: the first equipment and the second equipment;Wherein, the first equipment and second Equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, each it is stored in verification process the binding factor generated;The One equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, generate safe transmission cryptographic key factor, After mutual authentication the other side identity is passed through again, at least with the binding factor of storage and safe transmission cryptographic key factor generate the first equipment and the second equipment it Between carry out the safe transmission key of Security Data Transmission, and verify that the safe transmission key that both sides generate is the most identical;In the safety that checking both sides generate After transmission key is identical, the safe transmission key of generation between the first equipment and the second equipment, is utilized to carry out data interaction.

Additionally, the first equipment is cutting ferrule, the second equipment is simulation card;Cutting ferrule, for receiving for indicating and simulate the triggering that card carries out binding Order;Sending first to simulation card and bind instruction, wherein, the first binding instruction includes: the first binding random factor, cutting ferrule that cutting ferrule generates are demonstrate,proved Book and cutting ferrule uniquely identify;Simulation card, for receiving the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;Checking cutting ferrule card After book is legal, generate the second binding random factor;Utilize cutting ferrule PKI in cutting ferrule certificate to the first binding random factor and the second binding random because of Son is encrypted acquisition the first binding ciphertext, utilizes simulation card private key that the first binding random factor and the second binding random factor are carried out signature and obtained Obtain the first binding signature;Sending the first binding response to cutting ferrule, wherein, the first binding response includes: first binding ciphertext, first binding signature, Simulation card certificate and simulation card uniquely identify;Cutting ferrule, is additionally operable to receive the first binding response, utilizes root certificate to carry out simulation card certificate Checking;Checking simulation card certificate legal after, utilize cutting ferrule private key to first binding ciphertext be decrypted, it is thus achieved that first binding the decryption random factor and The second binding decryption random factor;Utilize the simulation card PKI in simulation card certificate, the first binding decryption random factor and the second binding random First binding signature is verified by decryption factor;After checking the first binding signature is correct, checking the first binding decryption random factor and the first binding with The machine factor is the most identical;After checking the first binding decryption random factor is identical with the first binding random factor, prompting simulation card uniquely identifies;Receive For confirm simulate card uniquely identify correct trigger command, utilize cutting ferrule private key to first binding random factor and second binding decryption random because of Son is signed, it is thus achieved that the second binding signature, and storage simulation card uniquely identifies, simulates card certificate and cutting ferrule end the first binding factor extremely Cutting ferrule end the first list of bindings, wherein, cutting ferrule end the first binding factor is the second binding decryption random factor;Send the second binding to simulation card to sign Name;Simulation card, is additionally operable to receive the second binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the first binding random factor and the second binding Second binding signature is verified by random factor;After checking the second binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card Bit end binding factor is to analog card bit end list of bindings, and wherein, analog card bit end binding factor is the second binding random factor.

Additionally, cutting ferrule, it is additionally operable to receive the 3rd connection random factor of the simulation card generation that simulation card sends and simulation card uniquely identifies; Send the second secure connection instruction setting up secure connection for instruction to simulation card, wherein, the second secure connection instruction includes: cutting ferrule is uniquely marked Know, cutting ferrule utilizes the simulation card PKI in simulation card certificate to be encrypted the 4th connection random factor of the 3rd connection random factor and generation The 3rd connection ciphertext, the cutting ferrule that obtain utilize cutting ferrule private key that the 3rd connection random factor and the 4th connection random factor are carried out the 3rd obtained that sign Connect signature;Simulation card, is additionally operable to receive the second secure connection instruction, it is judged that cutting ferrule uniquely identifies whether in analog card bit end list of bindings; If cutting ferrule uniquely identifies in analog card bit end list of bindings, utilize simulation card private key to connect ciphertext to the 3rd and be decrypted, it is thus achieved that the 3rd connects The decryption random factor and the 4th connects the decryption random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate, the 3rd connection decryption random factor and the 4th Connect decryption random factor pair the 3rd connection signature to verify;After verifying that the 3rd connection signature is correct, checking the 3rd connection decryption random factor and the Three connection random factors are the most identical;If the 3rd connects the decryption random factor to connect random factor with the 3rd identical, utilize and simulate card private key to the The three connection decryption random factors and the 4th connection decryption random factor carry out signature acquisition the 4th connection and sign;Send the second secure connection to cutting ferrule to ring Should, wherein, the second secure connection response includes: the 4th connects signature;Cutting ferrule, is additionally operable to receive the second secure connection response, utilizes simulation card Simulation card PKI in certificate, the 3rd connection random factor and the 4th connect random factor and verify the 4th connection signature;Verify the 4th connection After signature is correct, connects random factor at least with the 4th and cutting ferrule end the first binding factor generates cutting ferrule and the cutting ferrule end first simulated between card is pacified Entirely transmit key;Simulation card, is additionally operable to connect the decryption random factor at least with the 4th and analog card bit end binding factor generates cutting ferrule and simulation Analog card bit end safe transmission key between card;Cutting ferrule, be additionally operable to utilize cutting ferrule end the first safe transmission double secret key the 3rd connect random factor and 4th connection random factor sends to simulating card after carrying out the first process;Simulation card, is additionally operable to utilize analog card bit end safe transmission double secret key the The three connection decryption random factors and the 4th connection decryption random factor send to cutting ferrule after carrying out the first process;Cutting ferrule, is additionally operable to receive simulation card Data sent, and the data utilizing cutting ferrule end the first safe transmission double secret key to receive carry out the second process, compare the data after the second process and the It is the most identical that three connection random factors and the 4th connect random factor;Simulation card, is additionally operable to receive the data that cutting ferrule sends, and utilizes analog card The data that bit end safe transmission double secret key receives carry out the second process, compare the data after the second process and are connected the decryption random factor and with the 3rd The four connection decryption random factors are the most identical.

Additionally, the first equipment is cutting ferrule, the second equipment is Truth cards manager;Cutting ferrule, enters with Truth cards manager for instruction for receiving The trigger command of row binding;Sending the second binding instruction by wireless network to Truth cards manager, wherein, the second binding instruction includes: cutting ferrule The 3rd binding random factor, cutting ferrule certificate and the cutting ferrule that generate uniquely identify;Truth cards manager, for receiving the second binding instruction, utilizes Cutting ferrule certificate is verified by root certificate;After checking cutting ferrule certificate is legal, generate the 4th binding random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate 3rd binding random factor and the 4th binding random factor are encrypted acquisition the second binding ciphertext, utilize Truth cards manager private key to the 3rd Binding random factor and the 4th binding random factor carry out signature and obtain the 3rd binding signature;Send the second binding by wireless network to cutting ferrule to ring Should, wherein, the second binding response includes: the second binding ciphertext, the 3rd binding signature, Truth cards manager certificate and Truth cards manager Unique mark;Cutting ferrule, is additionally operable to receive the second binding response, utilizes root certificate to verify Truth cards manager certificate;Checking Truth cards After manager certificate is legal, utilize cutting ferrule private key that the second binding ciphertext is decrypted, it is thus achieved that the 3rd binding decryption random factor and the 4th binding are random Decryption factor;Utilize the Truth cards manager PKI in Truth cards manager certificate, the 3rd binding decryption random factor and the 4th binding random 3rd binding signature is verified by decryption factor;After verifying that the 3rd binding signature is correct, checking the 3rd binding decryption random factor and the 3rd binding with The machine factor is the most identical;After verifying that the 3rd binding decryption random factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies; Receive for confirming that Truth cards manager uniquely identifies correct trigger command, utilize cutting ferrule private key to the 3rd binding random factor and the 4th binding The decryption random factor is signed, it is thus achieved that the 4th binding signature, and storage Truth cards manager uniquely identify, Truth cards manager certificate with And cutting ferrule end the second binding factor is to cutting ferrule end the second list of bindings, wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;To Truth cards manager sends the 4th binding signature;Truth cards manager, is additionally operable to receive the 4th binding signature, utilizes the cutting ferrule in cutting ferrule certificate 4th binding signature is verified by PKI, the 3rd binding random factor and the 4th binding random factor;After verifying that the 4th binding signature is correct, deposit The unique mark of card storage set, cutting ferrule certificate and Truth cards manager end binding factor, to true card management device end list of bindings, wherein, truly block Sheet manager end binding factor is the 4th binding random factor.

Additionally, cutting ferrule, it is additionally operable to receive the 7th connection random factor and Truth cards of the Truth cards manager generation that Truth cards manager sends Manager uniquely identifies;Send the 4th secure connection instruction setting up secure connection for instruction to Truth cards manager, wherein, the 4th connects safely Connect instruction to include: cutting ferrule uniquely identifies, cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate to connect random factor to the 7th And the 8th connection random factor generated be encrypted the 7th connection ciphertext, cutting ferrule of acquisition utilize cutting ferrule private key connect the 7th random factor and 8th connects random factor carries out the 7th connection signature that signature obtains;Truth cards manager, is additionally operable to receive the 4th secure connection instruction, it is judged that Cutting ferrule uniquely identifies whether in Truth cards manager end list of bindings;If cutting ferrule uniquely identifies in Truth cards manager end list of bindings, Utilize Truth cards manager private key to the 7th connect ciphertext be decrypted, it is thus achieved that the 7th connect the decryption random factor and the 8th connect decryption random because of Son;Utilize the cutting ferrule PKI in cutting ferrule certificate, the 7th connection decryption random factor and the 8th to connect decryption random factor pair the 7th connection signature to carry out Checking;After verifying that the 7th connection signature is correct, it is the most identical that checking the 7th connection decryption random factor is connected random factor with the 7th;If the 7th even Connect the decryption random factor identical with the 7th connection random factor, utilize Truth cards manager private key to connect the decryption random factor and the 8th even to the 7th Connect the decryption random factor and carry out signature acquisition the 8th connection signature;The 4th secure connection response, wherein, the 4th secure connection respond packet is sent to cutting ferrule Include: the 8th connects signature;Cutting ferrule, is additionally operable to receive the 4th secure connection response, utilizes the Truth cards manager in Truth cards manager certificate PKI, the 7th connection random factor and the 8th connect random factor and verify the 8th connection signature;After verifying that the 8th connection signature is correct, at least Cutting ferrule end the second safe transmission utilizing the 8th connection random factor and cutting ferrule end the second binding factor to generate between cutting ferrule and Truth cards manager is close Key;Truth cards manager, be additionally operable at least with the 8th connect the decryption random factor and Truth cards manager end binding factor generate cutting ferrule with Truth cards manager end safe transmission key between Truth cards manager;Cutting ferrule, is additionally operable to utilize cutting ferrule end the second safe transmission double secret key the 7th Connection random factor and the 8th connection random factor send to true card management device after carrying out the first process;Truth cards manager, is additionally operable to profit After carrying out the first process by Truth cards manager end safe transmission double secret key the 7th connection decryption random factor and the 8th connection decryption random factor Send to cutting ferrule;Cutting ferrule, is additionally operable to receive the data that Truth cards manager sends, and utilizes cutting ferrule end the second safe transmission double secret key to receive Data carry out the second process, compare the data after the second process be connected with the 7th random factor and the 8th connect random factor the most identical;True card Sheet manager, is additionally operable to receive the data that cutting ferrule sends, and the data utilizing Truth cards manager end safe transmission double secret key to receive carries out second Process, compare the data after the second process be connected with the 7th the decryption random factor and the 8th connection the decryption random factor the most identical.

Additionally, cutting ferrule is mobile device.

Additionally, cutting ferrule is mobile device and electronic signature equipment, or cutting ferrule is electronic signature equipment.

As seen from the above technical solution provided by the invention, by data interactive method and the system of the present invention, the peace of data interaction can be improved Quan Xing.

Accompanying drawing explanation

In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, in describing embodiment below, the required accompanying drawing used is situated between simply Continue, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, from the point of view of those of ordinary skill in the art, not On the premise of paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.

The flow chart of the data interactive method that Fig. 1 provides for the embodiment of the present invention 1;

In the data interactive method that Fig. 2 provides for the embodiment of the present invention 1, cutting ferrule and simulation card perform the flow chart of bindings;

In the data interactive method that Fig. 3 provides for the embodiment of the present invention 1, the flow chart of secure connection set up by cutting ferrule and simulation card;

In the data interactive method that Fig. 4 provides for the embodiment of the present invention 1, cutting ferrule and Truth cards manager perform the flow chart of bindings;

In the data interactive method that Fig. 5 provides for the embodiment of the present invention 1, the flow chart of secure connection set up by cutting ferrule and Truth cards manager;

The structural representation of the data interaction system that Fig. 6 provides for the embodiment of the present invention 1;

The flow chart of the data interactive method that Fig. 7 provides for the embodiment of the present invention 2;

In the data interactive method that Fig. 8 provides for the embodiment of the present invention 2, the flow chart of secure connection set up by cutting ferrule and simulation card;

In the data interactive method that Fig. 9 provides for the embodiment of the present invention 2, the flow chart of secure connection set up by cutting ferrule and Truth cards manager;

The structural representation of the data interaction system that Figure 10 provides for the embodiment of the present invention 2.

Detailed description of the invention

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that retouched The embodiment stated is only a part of embodiment of the present invention rather than whole embodiments.Based on embodiments of the invention, ordinary skill people The every other embodiment that member is obtained under not making creative work premise, broadly falls into protection scope of the present invention.

In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, "front", "rear", " left ", The orientation of the instruction such as " right ", " vertically ", " level ", " top ", " end ", " interior ", " outward " or position relationship are to close based on orientation shown in the drawings or position System, be for only for ease of describe the present invention and simplifying describe rather than instruction or the hint device of indication or element must have specific orientation, with Specific azimuth configuration and operation, be therefore not considered as limiting the invention.Additionally, term " first ", " second " are only used for describing purpose, And it is not intended that indicate or imply relative importance or quantity or position.

In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " is installed ", " being connected ", " connection " should do Broadly understood, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Can be to be mechanically connected, it is also possible to be electricity Connect;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be the connection of two element internals.Common for this area For technical staff, above-mentioned term concrete meaning in the present invention can be understood with concrete condition.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

The invention provides the framework of a kind of data interaction, both facilitate user to carry to provide, and the trading solution that safety is higher.These data Interworking architecture includes: simulation card, cutting ferrule and Truth cards manager.

Wherein:

Simulation card, can include one or more, and this simulation card can be that separately fabricated card can also be for being reserved with simulation card function Truth cards.This simulation card is identical with existing bank card dimensions, in notebook data interworking architecture, substitutes Truth cards and completes transaction.Simulation Card has contact and/or non-contact interface, in order to coordinate existing transaction terminal (such as ATM, POS, mass transit card top-up machines etc.) Complete transaction.Simulation card also has wave point, and simulation card can carry out data interaction by this wave point and cutting ferrule.Wherein, contact Interface can be contact etc., and non-contact interface can be NFC interface etc., and this wave point can be blue tooth interface, infrared interface, 2.4GHz Interface, WIFI interface, RFID interface etc..

Cutting ferrule, can include one or more cutting ferrule, and this cutting ferrule can manage one or more simulation card, and every simulation card can only belong to one Individual cutting ferrule is also managed by it.This cutting ferrule can be the separately fabricated equipment for card envelope shape, it is also possible to for having the card provided in notebook data framework The mobile device of set function, including: smart mobile phone, panel computer (PAD), PDA (such as palm PC, learning machine), notebook computer, E-book reading device, wearable device (such as intelligent wristwatch, intelligent glasses etc.) etc..Cutting ferrule can have contact and/or non-contact interface, To coordinate the contact of simulation card and/or non-contact interface to carry out data interaction, cutting ferrule can also have wave point, in order to wireless by this Interface carries out data interaction with the simulation corresponding interface of card, and wherein, contact interface can be contact etc., and non-contact interface can be NFC Interface etc., this wave point can be blue tooth interface, infrared interface, 2.4GHz interface, WIFI interface, RFID interface etc.;Cutting ferrule also has net Network interface, in order to carrying out data interaction by this network interface network interface corresponding with Truth cards manager, wherein, this network interface can be WIFI interface, mobile interchange network interface (such as 3G, 4G network) etc..It addition, cutting ferrule can also be the group of mobile device and electronic signature equipment Closing, wherein the network interface of cutting ferrule realizes by means of the network interface of mobile device, other interfaces (such as wave point, contact and/or noncontact Formula interface etc.) can be respectively positioned in electronic signature equipment, or these other interfaces can also be respectively positioned in mobile device, or in the middle part of these other interfaces Tap mouth is positioned in electronic signature equipment, and part of interface is positioned in mobile device;The process operation that cutting ferrule performs all performs in electronic signature equipment; Cutting ferrule can moreover be only electronic signature equipment.Wherein, electronic signature equipment can be key equipment, such as industrial and commercial bank's U-shield, and agricultural bank K is precious.

Truth cards manager, can manage multiple cutting ferrule, and this Truth cards manager have multiple contact (such as draw-in groove etc.) interface and/ Or contactless (such as NFC etc.) interface, to facilitate Truth cards manager can connect different types of Truth cards by different modes, Wherein, Truth cards manager is connected with at least one Truth cards, and storage has Truth cards manager end Truth cards information list, truly Card management device end Truth cards information list includes the Truth cards information of the Truth cards being connected with Truth cards manager, this Truth cards information May include that the information such as card number, card authentication information, this card authentication information is whether certification Truth cards is regular channel (such as bank, public affairs Hand over to the collective or the state department etc.) card image issued;This Truth cards can be function card (such as mass transit card, mess card, purchase card, member card, accumulating card etc.) Or the bank card that bank issues;Optionally, what Truth cards manager could be arranged to preserve in connected Truth cards is all or part of true The Truth cards information of real card, in order to user makes different setting according to the security requirement of Truth cards, such as, can manage at Truth cards The Truth cards information not allowing to obtain some Truth cards is set on device, thus ensures the safety of these Truth cards.Truth cards manager is also There is network interface, in order to carrying out data interaction by this network interface network interface corresponding with cutting ferrule, wherein, this network interface can be WIFI Interface, mobile interchange network interface (such as 3G, 4G network) etc..

In notebook data interworking architecture, simulation card and Truth cards are smart chip card.

Hereinafter, the term in the present invention is illustrated:

First process includes: encryption, and the second process includes: decryption processing;Specifically, simple encryption ensures data transmission security, is treating When transmission data security levels requires higher, can process to use this kind of mode.Or

First process includes: verification calculating processes, and the second process includes: verification verifies that calculating processes;Specifically, simple verification ensures data transmission Integrity, prevents from distorting, and when treating integrity of data transmission requirement and being higher, can process to use this kind of mode.Or

First process includes: encrypts and verifies calculating and process, and the second process includes: deciphers and verifies checking calculating and process.Specifically, encryption is used Ensure data transmission security and complete with verification hybrid mode, when data security levels to be transmitted is required the highest, can carry out to use this kind of mode Process.

Based on above-mentioned data interaction framework, the embodiment of the present invention provides a kind of data interactive method, in order to carry out data interaction safely.

Embodiment 1

Fig. 1 shows the flow chart of the data interactive method provided into the embodiment of the present invention 1, sees Fig. 1, the data that the embodiment of the present invention 1 provides Exchange method includes:

First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;Specifically, the first equipment and the second equipment can verify mutually that the other side's certificate is legal and can be signed via the other side by checking The data of name are passed through, and verify that the other side's identity is legal, thereby guarantee that legitimacy and the verity of communicating pair identity;In verification process, both sides are also In interaction, generate binding factor, after all certification is passed through both sides, each store this binding factor.

First equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, compare both sides' storage Binding factor is the most identical, and the binding factor in relatively both sides storage is identical and after mutual authentication the other side identity is passed through again, generates the first equipment and the The safe transmission key of Security Data Transmission is carried out between two equipment;Specifically, the first equipment and the second equipment also utilize and verify via the other side's signature Whether data are by carrying out the certification of the other side's identity, and transmission binding factor compares judgement binding factor to the other side during authentication The most identical, it is determined that then can authenticate both sides after binding factor is identical and successfully carry out binding and both sides' identity is legal and true, the most each self-generating is follow-up Carry out the safe transmission key of data interaction.

The safe transmission key utilizing generation between first equipment and the second equipment carries out data interaction.

As can be seen here, by the data interactive method of the present invention, the safety of data interaction can be improved.

It addition, data interaction framework based on the present invention, if the first equipment is cutting ferrule, the second equipment can be analog card sheet or Truth cards pipe Reason device.Certainly, in the present invention, the second equipment can also be cutting ferrule, then the first equipment is simulation card or Truth cards manager.

Hereinafter, with the first equipment as cutting ferrule, the second equipment is for illustrating as a example by simulation card:

1, cutting ferrule and simulation card execution bindings:

Cutting ferrule and simulation card mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, each it is stored in verification process generation Binding factor.

Below, it is provided that a kind of cutting ferrule and the specific implementation simulating card execution bindings:

Fig. 2 shows that in the data interactive method that the embodiment of the present invention 1 provides, cutting ferrule and simulation card perform the flow chart of bindings, see Fig. 2, The cutting ferrule that the embodiment of the present invention 1 provides performs bindings with simulation card and includes:

Cutting ferrule receives for indicating and simulate the trigger command that card carries out binding;Specifically, before cutting ferrule uses, can in advance cutting ferrule be performed Power-on operation, now, optionally, cutting ferrule prompting user inputs startup password, and receives the startup password that user inputs, opening of checking user's input The correctness of secret code, after the startup password of checking user's input is correct, performs power-on operation, and card covers into mode of operation.Use cutting ferrule with Before simulation card carries out data interaction, optionally, cutting ferrule is bound with simulation card, the safety mutual to improve follow-up data.Wherein, What cutting ferrule received can be to be provided separately within the binding physical button generation that card puts for the trigger command indicating cutting ferrule and simulation card to carry out binding , or can be that the binding virtual key on the touch screen of cutting ferrule generates, or can be that start-up password verification generates the most afterwards, or permissible For generate after simulation card is inserted into cutting ferrule, or can be the menu of display to select binding function to generate on cutting ferrule screen, certainly, Can also generate for other any modes, the most not be restricted.

Cutting ferrule sends the first binding instruction to simulation card, and wherein, the first binding instruction includes: the first binding random factor, cutting ferrule that cutting ferrule generates Certificate and cutting ferrule uniquely identify;Specifically, cutting ferrule can connect (by contact interface) to simulation card transmission the first binding by contact Instruction, cutting ferrule can also send the first binding instruction by contactless connection (by non-contact interface or wave point) to simulation card, The former can improve binding safety, and the latter can improve binding convenience.The first binding random factor is carried in first binding instruction and is possible to prevent weight Put attack, cutting ferrule certificate is carried in the first binding instruction so that cutting ferrule is authenticated by simulation card, cutting ferrule is carried in the first binding instruction and uniquely identifies So that simulation card knows which cutting ferrule is bound with it;Wherein, first binding random factor can be cutting ferrule generation random number, random character or its Combination, certainly, after generating the first binding random factor, it is also possible to verify the randomness of the first binding random factor, tie up improving first Determine the randomness of random factor, prevent from being cracked;Cutting ferrule uniquely identify can be cutting ferrule serial number, EIC equipment identification code, MAC Address etc. arbitrary or A combination thereof is with unique mark identifying cutting ferrule.

Simulation card receives the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;Specifically, simulation card prestores root certificate, This root certificate is utilized to complete the checking to cutting ferrule certificate, to ensure the safety of follow-up use cutting ferrule certificate.

After simulation card checking cutting ferrule certificate is legal, generate the second binding random factor;Specifically, the second binding random factor can be analog card sheet Random number, random character or a combination thereof generated;Certainly, generate second binding random factor after, it is also possible to second binding random factor with Machine is verified, to improve the randomness of the second binding random factor, prevents from being cracked.

Simulation card utilizes the cutting ferrule PKI in cutting ferrule certificate that the first binding random factor and the second binding random factor are encrypted acquisition first Binding ciphertext, utilizes simulation card private key that the first binding random factor and the second binding random factor are carried out signature and obtains the first binding signature;Tool Body ground, simulation card utilize cutting ferrule PKI be encrypted to ensure to the first binding random factor and the second binding random factor the first binding random because of Son and second binding random factor transmission safety, simulation card utilize simulation card private key to first binding random factor and second binding with The machine factor is signed, to ensure that the legitimacy of simulation card identity can be authenticated by follow-up cutting ferrule.

Simulation card sends the first binding response to cutting ferrule, and wherein, the first binding response includes: the first binding ciphertext, the first binding signature, simulation Card certificate and simulation card uniquely identify;Specifically, the first binding response that simulation card sends is carried simulation card certificate so that cutting ferrule pair Simulation card is authenticated, and carries simulation card and uniquely identify so that cutting ferrule knows which simulation card is bound with it in the first binding response;Wherein, It can be that analog card sheet serial number, EIC equipment identification code, MAC Address etc. are arbitrary or a combination thereof is with unique mark simulation card that simulation card uniquely identifies Mark.

Cutting ferrule receives the first binding response, utilizes root certificate to verify simulation card certificate;Specifically, cutting ferrule prestores root certificate, utilizes This root certificate completes the checking to simulation card certificate, to ensure the follow-up safety using simulation card certificate.

After cutting ferrule checking simulation card certificate is legal, utilize cutting ferrule private key that the first binding ciphertext is decrypted, it is thus achieved that the first binding decryption random factor With the second binding decryption random factor;Specifically, cutting ferrule private key is utilized to be decrypted, the first binding ciphertext if there occurs number in the data transmission According to error of transmission, or there occurs in the data transmission and distort, then will cause cannot successful decryption, or the first binding decryption random decrypted because of Son and the second binding decryption random factor are different from the first binding random factor and the second binding random factor.And added by cutting ferrule PKI Close, only cutting ferrule private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.

Cutting ferrule utilizes the simulation card PKI in simulation card certificate, the first binding decryption random factor and the second binding decryption random factor pair first Binding signature is verified;Specifically, the signature that cutting ferrule utilizes the simulation card PKI after being verified to send simulation card is verified, with really Protect the legitimate origin of data.

After cutting ferrule checking the first binding signature is correct, checking the first binding decryption random factor is the most identical with the first binding random factor;Specifically, The first binding random factor and the first binding decryption random factor that cutting ferrule checking generates self are identical, it is ensured that data are also not tampered with, and encryption Data Source really for cutting ferrule send first binding random factor object.

After cutting ferrule checking the first binding decryption random factor is identical with the first binding random factor, prompting simulation card uniquely identifies;Specifically, cutting ferrule Can show that simulation card uniquely identifies, it is also possible to speech play (such as loudspeaker are play or by headset earpiece broadcasting etc.) simulation card is uniquely marked Know, in order to the verity of simulation card is confirmed by user, improve binding safety.

Cutting ferrule receives for confirming that simulating card uniquely identifies correct trigger command, utilizes cutting ferrule private key to tie up the first binding random factor and second Determine the decryption random factor to sign, it is thus achieved that the second binding signature, and storage simulation card uniquely identifies, simulates card certificate and cutting ferrule end the One binding factor is to cutting ferrule end the first list of bindings, and wherein, cutting ferrule end the first binding factor is the second binding decryption random factor;Specifically, cutting ferrule Receiving can be to be provided separately within the confirmation physical button generation that card puts for confirming that simulation card uniquely identifies correct trigger command, or Can be that confirming on the touch screen of cutting ferrule selects in virtual key generation, or the menu shown on cutting ferrule screen to confirm what function generated, or Can be that the voice that the voice acquisition device (such as Mike) of cutting ferrule receives generates when confirming instruction and be verified rear, or can be cutting ferrule Fingerprint acquisition device receive and generate after fingerprint identification indicates and is verified, or it is true to be that the iris collection device of cutting ferrule receives iris Generate after recognizing instruction and being verified, it is, of course, also possible to generate for other any modes, the most it is not restricted;Utilize cutting ferrule private First binding random factor and the second binding decryption random factor are signed so that the identity of cutting ferrule is authenticated by follow-up simulation card by key;When So, cutting ferrule can also store cutting ferrule end the first list of bindings, and this cutting ferrule end first list of bindings is relevant to the simulation card of cutting ferrule binding for record Information, such as: simulation card uniquely identifies, simulates card certificate etc., ties up it addition, cutting ferrule end the first list of bindings is additionally operable to store cutting ferrule end first Determining cause, this cutting ferrule end first binding factor is the second binding random factor of ciphertext transmission, is ciphertext transmission based on the second binding random factor, Therefore, this cutting ferrule end first binding factor is safety and is not tampered with.

Cutting ferrule sends the second binding signature to simulation card;Specifically, cutting ferrule sends the second binding signature to simulation card, in order to simulation card is to card Set identity is authenticated.

Simulation card receives the second binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the first binding random factor and the second binding random factor Second binding signature is verified;Specifically, the signature that simulation card utilizes the cutting ferrule PKI after being verified to send cutting ferrule is verified, with Guarantee the legitimate origin of data.

After simulation card checking the second binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card bit end binding factor be to analog card Bit end list of bindings, wherein, analog card bit end binding factor is the second binding random factor.Specifically, simulation card can also store simulation card End list of bindings, this analog card bit end list of bindings is for recording and simulate the relevant information of cutting ferrule of card binding, such as: cutting ferrule uniquely identifies, Cutting ferrule certificates etc., it addition, analog card bit end list of bindings is additionally operable to store analog card bit end binding factor, this analog card bit end binding factor is simulation The second binding random factor that card generates.

As can be seen here, bind based on above-mentioned cutting ferrule and simulation card, it is ensured that the safety of data interaction between follow-up cutting ferrule and simulation card.

2, secure connection set up by cutting ferrule and simulation card:

In the present invention, cutting ferrule can set up secure connection in the following way with simulation card:

Below, it is provided that the specific implementation of secure connection set up by a kind of embodiment of the present invention 1 cutting ferrule and simulation card:

Fig. 3 shows that in the data interactive method that the embodiment of the present invention provides, the flow chart of secure connection set up by cutting ferrule and simulation card, sees Fig. 3, Cutting ferrule is set up secure connection with simulation card and is included:

Cutting ferrule sends the first secure connection instruction setting up secure connection for instruction to simulation card, and wherein, the first secure connection instruction includes: card Set utilizes the simulation card PKI in analog card sheet certificate to be encrypted the first connection random factor of cutting ferrule end the first binding factor and generation and obtains The the first connection ciphertext obtained, cutting ferrule utilizes cutting ferrule private key that cutting ferrule end the first binding factor and the first connection random factor are carried out the first of signature acquisition Connect signature;Specifically, before using cutting ferrule to carry out data interaction with simulation card, optionally, between cutting ferrule and simulation card, safety is set up Connect, the safety mutual to improve follow-up data.Wherein, what cutting ferrule received is used for indicating the first secure connection instruction setting up secure connection permissible The connection physical button put for being provided separately within card generates, or can be that the virtual key that connects on the touch screen of cutting ferrule generates, or permissible Generate the most afterwards for start-up password verification, or can be that simulation card is generated after cutting ferrule is extracted, or can be aobvious on cutting ferrule screen Selecting linkage function to generate in the menu shown, or can be to obtain cutting ferrule end Truth cards information list at cutting ferrule, user therefrom selects truly to block Generate after sheet.It is, of course, also possible to generate for other any modes, the most it is not restricted.Wherein, the first connection random factor can Think random number, random character or a combination thereof that cutting ferrule generates, certainly, after generating the first connection random factor, it is also possible to connect random to first The randomness of the factor is verified, to improve the randomness of the first connection random factor, prevents from being cracked;Specifically, cutting ferrule utilizes simulation card public Key connects random factor and is encrypted to ensure that cutting ferrule end the first binding factor and first connects at random cutting ferrule end the first binding factor and first The safety of factor transmission, cutting ferrule utilizes cutting ferrule private key that cutting ferrule end the first binding factor and first are connected random factor and signs, after ensureing The legitimacy of cutting ferrule identity can be authenticated by continuous simulation card.Cutting ferrule end the first binding factor is sent to simulating card, in order to follow-up analog card Binding factor that whether cutting ferrule end the first binding factor is stored by sheet with it is identical to be judged, thus judges whether this cutting ferrule is carried out with this simulation card Binding.Optionally, before this step, after cutting ferrule detects simulation card, cutting ferrule may determine that whether simulation card is bound at cutting ferrule end first In list, such as: can judge in the following way: be fastened in after simulation card being detected, the simulation card image that simulation card sends is received (such as simulation card uniquely identifies and/or simulates card certificate etc.), according to the simulation card image received, it is judged that whether this simulation card is at card In set end the first list of bindings;And/or can also by simulation card judge cutting ferrule whether in analog card bit end list of bindings, such as: can pass through as follows Mode judges: is fastened in after simulation card being detected, sends cutting ferrule information (such as cutting ferrule uniquely identify and/or cutting ferrule certificate etc.) to simulation Card, simulation card is according to the cutting ferrule information received, it is judged that whether this cutting ferrule is in analog card bit end list of bindings;Only judging that the other side is certainly After in the list of bindings of body, just perform follow-up flow process, optimize flow process, improve efficiency.

Simulation card receives the first secure connection instruction, utilizes simulation card private key to connect ciphertext to first and is decrypted, it is thus achieved that cutting ferrule end first is bound Decryption factor and first connects the decryption random factor;Specifically, utilize simulation card private key to connect ciphertext to first to be decrypted, if in data Transmission there occurs data transmission fault, or there occurs in the data transmission and distort, then will cause cannot successful decryption, or the cutting ferrule decrypted It is different from cutting ferrule end the first binding factor and the first connection random factor that end the first binding decryption factor and first connects the decryption random factor.And lead to Crossing simulation card PKI to be encrypted, only simulation card private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.

Simulation card utilizes the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end first to bind decryption factor and the first connection decryption random factor pair first connects Connect signature to verify;Specifically, the signature that simulation card utilizes cutting ferrule PKI to send cutting ferrule is verified, to guarantee the legitimate origin of data.

After simulation card checking the first connection signature is correct, it is the most identical with analog card bit end binding factor that checking cutting ferrule end first binds decryption factor; Specifically, simulation card also verify the cutting ferrule end first decrypted bind decryption factor whether with the analog card bit end binding of simulation card self storage because of Son is the most identical, if identical, then illustrate that this is fastened in and simulates before card sets up secure connection, has been completed the operation of binding, based on this, Simulation card may determine that whether cutting ferrule is bound with simulation card.

Simulation card checking cutting ferrule end first bind decryption factor identical with analog card bit end binding factor after, generate second connect random factor;Specifically Ground, second connect random factor can be analog card sheet generate random number, random character or a combination thereof, certainly, generate second connect random because of After son, it is also possible to the second randomness connecting random factor is verified, to improve the randomness of the second connection random factor, prevents from being cracked.

Simulation card utilizes the cutting ferrule PKI in cutting ferrule certificate to connect the decryption random factor to first and the second connection random factor is encrypted acquisition Second connects ciphertext, utilizes simulation card private key to connect the decryption random factor to first and the second connection random factor carries out signature and obtains the second connection Signature;Specifically, simulation card utilizes cutting ferrule PKI to connect the decryption random factor and second to first to connect random factor and be encrypted to ensure the One connects the decryption random factor and second connects the safety of random factor transmission, and simulation card utilizes simulation card private key to connect RANDOM SOLUTION to first The close factor and second connects random factor and signs, to ensure that the legitimacy of simulation card identity can be authenticated by follow-up cutting ferrule.

Simulation card sends the first secure connection response to cutting ferrule, and wherein, the first secure connection response includes: second connects ciphertext and second connects Signature;Specifically, simulation card connects second ciphertext and second and connects signature transmission to cutting ferrule, in order to the data received are decrypted by cutting ferrule And checking.

Cutting ferrule receives the first secure connection response, utilizes cutting ferrule private key to connect ciphertext to second and is decrypted, it is thus achieved that the first connection RANDOM SOLUTION after deciphering The close factor and second connects the decryption random factor;Specifically, utilize cutting ferrule private key to connect ciphertext to second to be decrypted, if sent out in the data transmission Given birth to data transmission fault, or there occurs in the data transmission and distort, then will cause cannot the first connection after successful decryption, or deciphering random It is different from the first connection random factor and the second connection random factor that decryption factor connects the decryption random factor with second.And added by cutting ferrule PKI Close, only cutting ferrule private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.

Cutting ferrule utilizes the simulation card PKI in simulation card certificate, the first connection decryption random factor and second after deciphering to connect the decryption random factor Connect signature to second to verify;Specifically, the signature that cutting ferrule utilizes simulation card PKI to send simulation card is verified, to guarantee data Legitimate origin.

After cutting ferrule checking the second connection signature is correct, it is the most identical that the first connection decryption random factor after checking deciphering is connected random factor with first; Specifically, the first connection random factor that cutting ferrule checking self generates is identical with the first connection decryption random factor after deciphering, it is ensured that data are also It is not tampered with, and the Data Source of encryption sends the object of the first connection random factor really for cutting ferrule.

Cutting ferrule checking deciphering after first connection the decryption random factor with first connect random factor identical after, at least with second connection decryption random because of Son generates cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;Simulation card connects random factor at least with second and generates cutting ferrule and mould Intend the analog card bit end safe transmission key between card.Specifically, cutting ferrule can utilize the second connection decryption random factor to generate cutting ferrule and simulation card Between cutting ferrule end the first safe transmission key, it is also possible to utilize the first connection random factor, second connect the decryption random factor and generate cutting ferrule and analog card Cutting ferrule end the first safe transmission key between sheet, it is also possible to utilize the first connection random factor, the second connection decryption random factor and cutting ferrule end first Binding factor generates cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;Same, simulation card can also utilize the second connection random The factor generate cutting ferrule and simulation card between analog card bit end safe transmission key, it is also possible to utilize the first connection decryption random factor, second connect with The machine factor generates the analog card bit end safe transmission key between cutting ferrule and simulation card, it is also possible to utilize the first connection decryption random factor, the second connection Random factor and analog card bit end binding factor generate the analog card bit end safe transmission key between cutting ferrule and simulation card;If cutting ferrule and analog card Sheet uses the algorithm that identical parameter is identical to generate safe transmission key.As can be seen here, in the present invention, safe transmission cryptographic key factor is at cutting ferrule End can be the second connection decryption random factor, or second connects the decryption random factor and the first connection random factor;Safe transmission cryptographic key factor Can be the second connection random factor in analog card bit end, or second connects random factor and the first connection decryption random factor.It addition, safety Transmission key can include encryption and decryption key and/or check key, uses encryption and decryption key can participate in data transmission and can ensure that the safety that data are transmitted Property, use check key to participate in data transmission and can ensure that the integrity that data are transmitted, in the present invention it is possible to according to the safety etc. of transmission data Level optionally uses safe transmission key.

Certainly, in the present invention, simulation card connects random factor at least with second and generates the analog card bit end safe transmission between cutting ferrule and simulation card The step of key is not limited to the step in the manner, it is also possible to generate analog card bit end peace after simulation card generates the second connection random factor Entirely transmit key, it is also possible to after cutting ferrule verifies that the first connection decryption random factor after deciphering is identical with the first connection random factor, receive cutting ferrule and send out Analog card bit end safe transmission key is generated after the successful information sent.

As can be seen here, the secure connection set up with simulation card based on above-mentioned cutting ferrule, can improve the safety of data transmission.At the same time it can also be test Whether card both sides are bound, and further increase safety.

Additionally, the invention is not limited in that the foundation of secure connection initiated by above-mentioned cutting ferrule, it is also possible to triggered simulation card by cutting ferrule and initiate secure connection Setting up, now, simulation card send the first secure connection and instruct to cutting ferrule, other flow processs are contrary with above-mentioned flow implementation main body can be realized, This repeats the most one by one.

Hereinafter, with the first equipment as cutting ferrule, the second equipment is to illustrate as a example by Truth cards manager:

1, cutting ferrule and Truth cards manager execution bindings:

Cutting ferrule and Truth cards manager mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, each it is stored in verification process The binding factor of middle generation:

Below, it is provided that a kind of cutting ferrule and the specific implementation of Truth cards manager execution bindings:

Fig. 4 shows that in the data interactive method that the embodiment of the present invention provides, cutting ferrule and Truth cards manager perform the flow chart of bindings, see Fig. 4, cutting ferrule and Truth cards manager execution bindings include:

Cutting ferrule reception carries out the trigger command bound for instruction and Truth cards manager;Specifically, before cutting ferrule uses, can be in advance to card Set performs power-on operation, and now, optionally, cutting ferrule prompting user inputs startup password, and receives the startup password that user inputs, and checking user is defeated The correctness of the startup password entered, after the startup password of checking user's input is correct, performs power-on operation, and card covers into mode of operation.Using Before cutting ferrule and Truth cards manager carry out data interaction, optionally, cutting ferrule is bound with Truth cards manager, to improve follow-up data Mutual safety.Wherein, the trigger command being used for indicating cutting ferrule and Truth cards manager to carry out binding that cutting ferrule receives can be to be provided separately within The binding physical button that card puts generates, or can be that the binding virtual key on the touch screen of cutting ferrule generates, or can be that startup password is tested Generate after card is correct, or can be the menu of display to select binding function to generate, it is, of course, also possible to be that other are any on cutting ferrule screen Mode generates, and is not the most restricted.

Cutting ferrule to Truth cards manager send second binding instruction, wherein, second binding instruction includes: cutting ferrule generate the 3rd binding random factor, Cutting ferrule certificate and cutting ferrule uniquely identify;Specifically, cutting ferrule can wirelessly (such as mobile network, WIFI etc.) to Truth cards pipe Reason device sends the second binding instruction.Second binding instruction is carried the 3rd binding random factor and is possible to prevent Replay Attack, the second binding instruction is carried Cutting ferrule certificate, so that cutting ferrule is authenticated by Truth cards manager, carries cutting ferrule in the second binding instruction and uniquely identifies so that Truth cards manager obtains Know which cutting ferrule is bound with it;Wherein, the 3rd binding random factor can be random number, random character or a combination thereof that cutting ferrule generates, certainly, Generate the 3rd binding random factor after, it is also possible to the 3rd binding random factor randomness verify, with improve the 3rd binding random factor with Machine, prevents from being cracked;It can be that cutting ferrule serial number, EIC equipment identification code, MAC Address etc. are arbitrary or a combination thereof is with unique mark that cutting ferrule uniquely identifies Know the mark of cutting ferrule.

Truth cards manager receives the second binding instruction, utilizes root certificate to verify cutting ferrule certificate;Specifically, Truth cards manager is in advance Storage root certificate, utilizes this root certificate to complete the checking to cutting ferrule certificate, to ensure the safety of follow-up use cutting ferrule certificate.

After Truth cards manager checking cutting ferrule certificate is legal, generate the 4th binding random factor;Specifically, the 4th binding random factor can be true Random number, random character or a combination thereof that real card management device generates;Certainly, after generating the 4th binding random factor, it is also possible to the 4th binding The randomness of random factor is verified, to improve the randomness of the 4th binding random factor, prevents from being cracked.

Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate that the 3rd binding random factor and the 4th binding random factor are encrypted and are obtained Obtain the second binding ciphertext, utilize Truth cards manager private key that the 3rd binding random factor and the 4th binding random factor are carried out signature acquisition the 3rd Binding signature;Specifically, Truth cards manager utilize cutting ferrule PKI to the 3rd binding random factor and the 4th binding random factor be encrypted with Ensureing the 3rd binding random factor and the safety of the 4th binding random factor transmission, Truth cards manager utilizes Truth cards manager private key pair 3rd binding random factor and the 4th binding random factor are signed, to ensure that follow-up cutting ferrule can be to the legitimacy of Truth cards manager identity It is authenticated.

Truth cards manager sends the second binding response to cutting ferrule, and wherein, the second binding response includes: second binding ciphertext, the 3rd binding signature, Truth cards manager certificate and Truth cards manager uniquely identify;Specifically, the second binding response that Truth cards manager sends is carried Truth cards manager certificate, so that Truth cards manager is authenticated by cutting ferrule, carries Truth cards manager and uniquely identifies in the second binding response So that cutting ferrule knows which Truth cards manager is bound with it;Wherein, Truth cards manager uniquely identifies can be Truth cards manager sequence Number, EIC equipment identification code, MAC Address etc. are arbitrary or a combination thereof is with unique mark identifying Truth cards manager.

Cutting ferrule receives the second binding response, utilizes root certificate to verify Truth cards manager certificate;Specifically, cutting ferrule prestores root certificate, This root certificate is utilized to complete the checking to Truth cards manager certificate, to ensure the safety of follow-up use Truth cards manager certificate.

After cutting ferrule checking Truth cards manager certificate is legal, utilize cutting ferrule private key that the second binding ciphertext is decrypted, it is thus achieved that the 3rd binding RANDOM SOLUTION The close factor and the 4th binding decryption random factor;Specifically, cutting ferrule private key is utilized to be decrypted, the second binding ciphertext if sent out in the data transmission Given birth to data transmission fault, or there occurs in the data transmission and distort, then will cause cannot successful decryption, or the 3rd binding decrypted is random Decryption factor and the 4th binding decryption random factor are different from the 3rd binding random factor and the 4th binding random factor.And entered by cutting ferrule PKI Row encryption, only cutting ferrule private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.

Cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate, the 3rd binding decryption random factor and the 4th binding RANDOM SOLUTION Close factor pair the 3rd binding signature is verified;Specifically, cutting ferrule utilizes the Truth cards manager PKI after being verified to Truth cards manager The signature sent is verified, to guarantee the legitimate origin of data.

After cutting ferrule checking the 3rd binding signature is correct, checking the 3rd binding decryption random factor is the most identical with the 3rd binding random factor;Specifically, The 3rd binding random factor and the 3rd binding decryption random factor that cutting ferrule checking generates self are identical, it is ensured that data are also not tampered with, and encryption Data Source really for cutting ferrule send the 3rd binding random factor object.

After cutting ferrule checking the 3rd binding decryption random factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies;Specifically, Cutting ferrule can show that Truth cards manager uniquely identifies, it is also possible to speech play (such as loudspeaker are play or by headset earpiece broadcasting etc.) is true Card management device uniquely identifies, in order to the verity of Truth cards manager is confirmed by user, improves binding safety.

Cutting ferrule receives for confirming that Truth cards manager uniquely identifies correct trigger command, utilize cutting ferrule private key to the 3rd binding random factor and The 4th binding decryption random factor is signed, it is thus achieved that the 4th binding signature, and storage Truth cards manager uniquely identifies, Truth cards management Device certificate and cutting ferrule end the second binding factor are to cutting ferrule end the second list of bindings, and wherein, cutting ferrule end the second binding factor is the 4th binding decryption random The factor;Specifically, what cutting ferrule received can be to be provided separately within what card put for confirming that Truth cards manager uniquely identifies correct trigger command Confirm what physical button generated, or can be confirming in virtual key generation, or the menu shown on cutting ferrule screen on the touch screen of cutting ferrule Select to confirm what function generated, or can be after the voice that the voice acquisition device (such as Mike) of cutting ferrule receives confirms to indicate and be verified Shi Shengcheng's, or can be that the fingerprint acquisition device of cutting ferrule receives and generates after fingerprint identification indicates and is verified, or can be cutting ferrule Iris collection device receives generation after iris confirms instruction and is verified, it is, of course, also possible to generate for other any modes, in the present invention In be not restricted;Cutting ferrule private key is utilized to sign so that follow-up Truth cards to the 3rd binding random factor and the 4th binding decryption random factor The identity of cutting ferrule is authenticated by manager;Certainly, cutting ferrule can also store cutting ferrule end the second list of bindings, and this cutting ferrule end second list of bindings is used for The relevant information of Truth cards manager of record and cutting ferrule binding, such as: Truth cards manager uniquely identifies, Truth cards manager certificate etc., It addition, cutting ferrule end the second list of bindings is additionally operable to store cutting ferrule end the second binding factor, this cutting ferrule end second binding factor is that the 4th of ciphertext transmission is tied up Determining random factor, be ciphertext transmission based on the 4th binding random factor, therefore, this cutting ferrule end second binding factor is safety and is not tampered with.

Cutting ferrule sends the 4th binding signature to Truth cards manager;Specifically, cutting ferrule sends the 4th binding signature to Truth cards manager, in order to Cutting ferrule identity is authenticated by Truth cards manager.

Truth cards manager receive the 4th binding signature, utilize the cutting ferrule PKI in cutting ferrule certificate, the 3rd binding random factor and the 4th binding with Machine factor pair the 4th binding signature is verified;Specifically, Truth cards manager utilizes the signature that cutting ferrule is sent by the cutting ferrule PKI after being verified Verify, to guarantee the legitimate origin of data.

After Truth cards manager checking the 4th binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and the binding of Truth cards manager end The factor is to true card management device end list of bindings, and wherein, Truth cards manager end binding factor is the 4th binding random factor.Specifically, very Real card management device can also store Truth cards manager end list of bindings, and this Truth cards manager end list of bindings is for record and Truth cards The relevant information of cutting ferrule of manager binding, such as: cutting ferrule uniquely identifies, cutting ferrule certificate etc., it addition, Truth cards manager end list of bindings is also For storing Truth cards manager end binding factor, this Truth cards manager end binding factor be Truth cards manager generate the 4th binding with The machine factor.

As can be seen here, bind based on above-mentioned cutting ferrule and Truth cards manager, it is ensured that data between follow-up cutting ferrule and Truth cards manager Mutual safety.

2, secure connection set up by cutting ferrule and Truth cards manager:

Below, it is provided that the specific implementation of secure connection set up by the embodiment of the present invention 1 cutting ferrule and Truth cards manager:

Fig. 5 shows that in the data interactive method that the embodiment of the present invention provides, the flow chart of secure connection set up by cutting ferrule and Truth cards manager, sees Fig. 5, cutting ferrule sets up secure connection with Truth cards manager and includes:

Cutting ferrule sends the 3rd secure connection instruction setting up secure connection for instruction, wherein, the 3rd secure connection instruction bag to Truth cards manager Include: cutting ferrule utilize Truth cards manager PKI in Truth cards manager certificate to the 5th connection of cutting ferrule end the second binding factor and generation with The machine factor is encrypted the 5th connection ciphertext of acquisition, and cutting ferrule utilizes cutting ferrule private key to enter cutting ferrule end the second binding factor and the 5th connection random factor The 5th connection signature that row signature obtains;Specifically, before using cutting ferrule to carry out data interaction with Truth cards manager, optionally, at cutting ferrule And set up secure connection between Truth cards manager, the safety mutual to improve follow-up data.Wherein, what cutting ferrule received is used for indicating foundation peace Complete the 3rd secure connection instruction connected can be to be provided separately within the connection physical button generation that card puts, or can be on the touch screen of cutting ferrule Connect what virtual key generated, or can be that start-up password verification generates the most afterwards, or can be that cutting ferrule is stepped on to the transmission of Truth cards manager Generate during record request, or can be the menu of display to select linkage function to generate on cutting ferrule screen.It is, of course, also possible to be that other are any Mode generates, and is not the most restricted.Wherein, the 5th connect random factor can be cutting ferrule generation random number, random character or its Combination, certainly, after generating the 5th connection random factor, it is also possible to verify the 5th randomness connecting random factor, to improve the 5th even Connect the randomness of random factor, prevent from being cracked;Specifically, cutting ferrule utilizes Truth cards manager PKI to cutting ferrule end the second binding factor and Five connect random factor is encrypted to ensure the safety that cutting ferrule end the second binding factor and the 5th connects random factor transmission, and cutting ferrule utilizes cutting ferrule Private key connects random factor to cutting ferrule end the second binding factor and the 5th and signs, to ensure that follow-up Truth cards manager can be to cutting ferrule identity Legitimacy be authenticated.Cutting ferrule end the second binding factor is sent to true card management device, in order to follow-up Truth cards manager is to cutting ferrule end the Binding factor that whether two binding factors store with it is identical to be judged, thus judges whether this cutting ferrule is bound with this Truth cards manager. Optionally, before this step, after cutting ferrule detects Truth cards manager, cutting ferrule may determine that whether Truth cards manager is at cutting ferrule end In two list of bindings, such as: can judge in the following way: be fastened in after Truth cards manager being detected, Truth cards manager is received The Truth cards manager information (such as Truth cards manager uniquely identify and/or Truth cards manager certificate etc.) sent, according to receive Truth cards manager information, it is judged that whether this Truth cards manager is in cutting ferrule end the second list of bindings;And/or can also be managed by Truth cards Device judge cutting ferrule whether in Truth cards manager end list of bindings, such as: can judge in the following way: be fastened in and true card detected After sheet manager, cutting ferrule information (such as cutting ferrule uniquely identify and/or cutting ferrule certificate etc.) is sent to true card management device, Truth cards manager According to the cutting ferrule information received, it is judged that whether this cutting ferrule is in Truth cards manager end list of bindings;Only judging the other side's binding at self After in list, just perform follow-up flow process, optimize flow process, improve efficiency.

Truth cards manager receives the 3rd secure connection instruction, utilizes Truth cards manager private key to connect ciphertext to the 5th and is decrypted, it is thus achieved that card Set end second is bound decryption factor and the 5th and is connected the decryption random factor;Specifically, utilize Truth cards manager private key to connect ciphertext to the 5th to enter Row deciphering, if there occurs data transmission fault in the data transmission, or there occurs in the data transmission and distorts, then will cause cannot successful decryption, Or the cutting ferrule end second decrypted binds decryption factor and the 5th connection decryption random factor is connected with cutting ferrule end the second binding factor and the 5th Random factor is different.And be encrypted by Truth cards manager PKI, only Truth cards manager private key with successful decryption, thus can also may be used To ensure the safety of data deciphering.

Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end second to bind decryption factor and the 5th connection decryption random factor pair 5th connects signature verifies;Specifically, the signature that Truth cards manager utilizes cutting ferrule PKI to send cutting ferrule is verified, to guarantee data Legitimate origin.

After Truth cards manager checking the 5th connection signature is correct, checking cutting ferrule end second bind decryption factor and the binding of Truth cards manager end because of Son is the most identical;Specifically, Truth cards manager also verifies that the cutting ferrule end second decrypted binds decryption factor with Truth cards manager the most certainly The Truth cards manager end binding factor of body storage is the most identical, if identical, then illustrate that this is fastened in and connects with Truth cards manager foundation safety Before connecing, having been completed the operation of binding, based on this, Truth cards manager may determine that whether cutting ferrule is tied up with Truth cards manager Fixed.

Truth cards manager checking cutting ferrule end second bind decryption factor identical with Truth cards manager end binding factor after, generate the 6th connect with The machine factor;Specifically, the 6th connection random factor can be random number, random character or a combination thereof that Truth cards manager generates, certainly, Generate the 6th connection random factor after, it is also possible to the 6th connect random factor randomness verify, with improve the 6th connection random factor with Machine, prevents from being cracked.

Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate to connect the decryption random factor to the 5th and the 6th connection random factor adds Close acquisition the 6th connects ciphertext, utilizes Truth cards manager private key to connect the decryption random factor to the 5th and the 6th connection random factor is signed Obtain the 6th connection signature;Specifically, Truth cards manager utilize cutting ferrule PKI to the 5th connect the decryption random factor and the 6th connect random because of Son is encrypted to ensure the safety that the 5th connection decryption random factor and the 6th connects random factor transmission, and Truth cards manager utilizes true Card management device private key connects the decryption random factor to the 5th and the 6th connection random factor is signed, to ensure that follow-up cutting ferrule can be to true card The legitimacy of sheet manager identity is authenticated.

Truth cards manager sends the 3rd secure connection response to cutting ferrule, and wherein, the 3rd secure connection response includes: the 6th connects ciphertext and the Six connect signature;Specifically, Truth cards manager connects the 6th ciphertext and the 6th and connects signature and send to cutting ferrule, in order to cutting ferrule is to receiving Data are decrypted and verify.

Cutting ferrule receives the 3rd secure connection response, utilizes cutting ferrule private key to connect ciphertext to the 6th and is decrypted, it is thus achieved that the 5th connection RANDOM SOLUTION after deciphering The close factor and the 6th connects the decryption random factor;Specifically, utilize cutting ferrule private key to connect ciphertext to the 6th to be decrypted, if sent out in the data transmission Given birth to data transmission fault, or there occurs in the data transmission and distort, then will cause cannot the 5th connection after successful decryption, or deciphering random It is different from the 5th connection random factor and the 6th connection random factor that decryption factor connects the decryption random factor with the 6th.And added by cutting ferrule PKI Close, only cutting ferrule private key can be with successful decryption, thus it is also ensured that the safety of data deciphering.

Cutting ferrule utilizes the 5th connection decryption random factor and the 6th connection after the Truth cards manager PKI in Truth cards manager certificate, deciphering Decryption random factor pair the 6th connects signature and verifies;Specifically, cutting ferrule utilizes Truth cards manager PKI to send Truth cards manager Signature is verified, to guarantee the legitimate origin of data.

After cutting ferrule checking the 6th connection signature is correct, it is the most identical that the 5th connection decryption random factor after checking deciphering is connected random factor with the 5th; Specifically, the 5th connection random factor that cutting ferrule checking self generates is identical with the 5th connection decryption random factor after deciphering, it is ensured that data are also It is not tampered with, and the Data Source of encryption sends the object of the 5th connection random factor really for cutting ferrule.

Cutting ferrule checking deciphering after the 5th connection the decryption random factor with the 5th connect random factor identical after, at least with the 6th connection decryption random because of Son generates cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;Truth cards manager connects random factor at least with the 6th Generate the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager.Specifically, cutting ferrule can utilize the 6th connection RANDOM SOLUTION The close factor generates cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager, it is also possible to utilize the 5th connection random factor, the 6th company Connect the decryption random factor and generate cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager, it is also possible to utilize the 5th connection random because of Son, the 6th connection decryption random factor and cutting ferrule end the second binding factor generate cutting ferrule end the second safe transmission between cutting ferrule and Truth cards manager Key;Same, Truth cards manager can also utilize the 6th connection random factor to generate the Truth cards pipe between cutting ferrule and Truth cards manager Reason device end safe transmission key, it is also possible to utilize the 5th connection decryption random factor, the 6th connection random factor to generate cutting ferrule and Truth cards manager Between Truth cards manager end safe transmission key, it is also possible to utilize the 5th connection decryption random factor, the 6th connect random factor and truly blocking Sheet manager end binding factor generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager;If cutting ferrule and true card Sheet manager uses the algorithm that identical parameter is identical to generate safe transmission key.As can be seen here, in the present invention, safe transmission cryptographic key factor Can be the 6th connection decryption random factor at cutting ferrule end, or the 6th connects the decryption random factor and the 5th connection random factor;Safe transmission is close The key factor Truth cards manager end can be the 6th connect random factor, or the 6th connect random factor and the 5th connect decryption random because of Son.It addition, safe transmission key can include encryption and decryption key and/or check key, use encryption and decryption key can participate in data transmission and can ensure that The safety of data transmission, uses check key to participate in data transmission and can ensure that the integrity that data are transmitted, in the present invention it is possible to according to transmission The safety grades of data optionally uses safe transmission key.

Certainly, in the present invention, Truth cards manager connects, at least with the 6th, the true card that random factor generates between cutting ferrule and Truth cards manager The step that the step of sheet manager end safe transmission key is not limited in the manner, it is also possible to generate the 6th connection at Truth cards manager random Truth cards manager end safe transmission key is generated, it is also possible to the 5th connection decryption random factor and the 5th after cutting ferrule checking deciphering after the factor After connection random factor is identical, after receiving the successful information that cutting ferrule sends, generate Truth cards manager end safe transmission key.

As can be seen here, the secure connection set up with Truth cards manager based on above-mentioned cutting ferrule, can improve the safety of data transmission.Meanwhile, also Can verify whether both sides are bound, further increase safety.

Additionally, the invention is not limited in that the foundation of secure connection initiated by above-mentioned cutting ferrule, it is also possible to triggered Truth cards manager by cutting ferrule and initiate safety Establishment of connection, now, is sent the 3rd secure connection by Truth cards manager and instructs to cutting ferrule, and other flow processs are contrary with above-mentioned flow implementation main body Can realize, this is no longer going to repeat them.

The embodiment of the present invention 1 also provides for a kind of data interaction system, and this data interaction system uses above-mentioned data interactive method, is not described in detail in this, Only the structure of this data interaction system is briefly described, referring specifically to Fig. 6, the data interaction system of the present invention, including: the first equipment and Second equipment;Wherein,

First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;

First equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again, compare both sides' storage Binding factor is the most identical, and the binding factor in relatively both sides storage is identical and after mutual authentication the other side identity is passed through again, generates the first equipment and the The safe transmission key of Security Data Transmission is carried out between two equipment;

The safe transmission key utilizing generation between first equipment and the second equipment carries out data interaction.

It addition, with the first equipment as cutting ferrule, as a example by the second equipment is for simulation card, be further described:

1, cutting ferrule and simulation card execution bindings:

Cutting ferrule, for receiving for indicating and simulate the trigger command that card carries out binding;Send the first binding to simulation card to instruct, wherein, the One binding instruction includes: the first binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;

Simulation card, for receiving the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;After checking cutting ferrule certificate is legal, generate the Two binding random factors;Utilize cutting ferrule PKI in cutting ferrule certificate that the first binding random factor and the second binding random factor are encrypted acquisition the One binding ciphertext, utilizes simulation card private key that the first binding random factor and the second binding random factor are carried out signature and obtains the first binding signature; Sending the first binding response to cutting ferrule, wherein, the first binding response includes: first binding ciphertext, first binding signature, simulation card certificate and Simulation card uniquely identifies;

Cutting ferrule, is additionally operable to receive the first binding response, utilizes root certificate to verify simulation card certificate;After checking simulation card certificate is legal, Utilize cutting ferrule private key that the first binding ciphertext is decrypted, it is thus achieved that the first binding decryption random factor and the second binding decryption random factor;Utilize simulation Simulation card PKI, the first binding decryption random factor and the second binding decryption random factor pair first in card certificate are bound signature and are tested Card;After checking the first binding signature is correct, checking the first binding decryption random factor is the most identical with the first binding random factor;Checking the first binding After the decryption random factor is identical with the first binding random factor, prompting simulation card uniquely identifies;Reception is used for confirming that simulating card uniquely identifies correctly Trigger command, utilize cutting ferrule private key to first binding random factor and second binding the decryption random factor sign, it is thus achieved that second binding signature, And storage simulation card uniquely identifies, simulates card certificate and cutting ferrule end the first binding factor to cutting ferrule end the first list of bindings, wherein, cutting ferrule Holding the first binding factor is the second binding decryption random factor;The second binding signature is sent to simulation card;

Simulation card, is additionally operable to receive the second binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the first binding random factor and the second binding Second binding signature is verified by random factor;After checking the second binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card Bit end binding factor is to analog card bit end list of bindings, and wherein, analog card bit end binding factor is the second binding random factor.

2, secure connection set up by cutting ferrule and simulation card:

Cutting ferrule, is additionally operable to send the first secure connection instruction setting up secure connection for instruction, wherein, the first secure connection instruction to simulation card Including: cutting ferrule utilizes the simulation card PKI in simulation card certificate to carry out the first connection random factor of cutting ferrule end the first binding factor and generation The first connection ciphertext that encryption obtains, cutting ferrule utilizes cutting ferrule private key that cutting ferrule end the first binding factor and the first connection random factor are carried out signature and obtained First connection signature;

Simulation card, is additionally operable to receive the first secure connection instruction, utilizes simulation card private key to connect ciphertext to first and be decrypted, it is thus achieved that cutting ferrule end First binding decryption factor and first connects the decryption random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end first bind decryption factor with And first connect decryption random factor pair first and connect signature and verify;After checking the first connection signature is correct, checking cutting ferrule end first binds deciphering The factor is the most identical with analog card bit end binding factor;Checking cutting ferrule end first bind decryption factor identical with analog card bit end binding factor after, generation Second connects random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate to connect the decryption random factor to first and the second connection random factor is encrypted Obtain the second connection ciphertext, utilize simulation card private key that the first connection decryption random factor and second are connected random factor and carry out acquisition second of signing Connect signature;Sending the first secure connection response to cutting ferrule, wherein, the first secure connection response includes: second connects ciphertext and second connects label Name;

Cutting ferrule, is additionally operable to receive the first secure connection response, utilizes cutting ferrule private key to connect ciphertext to second and be decrypted, it is thus achieved that first after deciphering is even Connect the decryption random factor and second and connect the decryption random factor;Utilize the simulation card PKI in simulation card certificate, the first connection after deciphering random Decryption factor and the second connection decryption random factor pair second connect signature and verify;After checking the second connection signature is correct, the after checking deciphering It is the most identical that the one connection decryption random factor is connected random factor with first;The first connection decryption random factor after checking deciphering is connected with first at random After the factor is identical, connects the decryption random factor at least with second and generate cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;

Simulation card, is additionally operable to connect random factor at least with second and generates the analog card bit end safe transmission key between cutting ferrule and simulation card.

Below with the first equipment as cutting ferrule, the second equipment is to illustrate as a example by Truth cards manager:

1, cutting ferrule and Truth cards manager execution bindings:

Cutting ferrule, carries out the trigger command bound for reception for instruction and Truth cards manager;Sent out to Truth cards manager by wireless network Sending the second binding instruction, wherein, the second binding instruction includes: the 3rd binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;

Truth cards manager, for receiving the second binding instruction, utilizes root certificate to verify cutting ferrule certificate;After checking cutting ferrule certificate is legal, Generate the 4th binding random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate that the 3rd binding random factor and the 4th binding random factor are encrypted Obtain the second binding ciphertext, utilize Truth cards manager private key that the 3rd binding random factor and the 4th binding random factor are carried out acquisition the of signing Three binding signatures;Sending the second binding response by wireless network to cutting ferrule, wherein, the second binding response includes: the second binding ciphertext, the 3rd tie up Fixed signature, Truth cards manager certificate and Truth cards manager uniquely identify;

Cutting ferrule, is additionally operable to receive the second binding response, utilizes root certificate to verify Truth cards manager certificate;Checking Truth cards manager After certificate is legal, utilize cutting ferrule private key to second binding ciphertext be decrypted, it is thus achieved that the 3rd binding the decryption random factor and the 4th binding decryption random because of Son;Utilize the Truth cards manager PKI in Truth cards manager certificate, the 3rd binding the decryption random factor and the 4th binding decryption random because of 3rd binding signature is verified by son;After verifying that the 3rd binding signature is correct, checking the 3rd binding decryption random factor and the 3rd binding random factor The most identical;After verifying that the 3rd binding decryption random factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies;Receive For confirming that Truth cards manager uniquely identifies correct trigger command, utilize cutting ferrule private key random to the 3rd binding random factor and the 4th binding Decryption factor is signed, it is thus achieved that the 4th binding signature, and storage Truth cards manager uniquely identifies, Truth cards manager certificate and card Set end the second binding factor is to cutting ferrule end the second list of bindings, and wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;To truly Card management device sends the 4th binding signature;

Truth cards manager, is additionally operable to receive the 4th binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd binding random factor and the 4th binding signature is verified by four binding random factors;After verifying that the 4th binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and Truth cards manager end binding factor is to true card management device end list of bindings, and wherein, Truth cards manager end binding factor is the 4th binding Random factor.

2, secure connection set up by cutting ferrule and Truth cards manager:

Cutting ferrule, is additionally operable to send the 3rd secure connection instruction setting up secure connection for instruction to Truth cards manager, and wherein, the 3rd connects safely Connect instruction to include: cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate to cutting ferrule end the second binding factor and the of generation Five connect random factors is encrypted acquisition the 5th connection ciphertext, cutting ferrule utilize cutting ferrule private key to cutting ferrule end the second binding factor and the 5th connect with The machine factor carries out the 5th connection signature that signature obtains;

Truth cards manager, is additionally operable to receive the 3rd secure connection instruction, utilizes Truth cards manager private key to connect ciphertext to the 5th and be decrypted, Obtain cutting ferrule end second and bind decryption factor and the 5th connection decryption random factor;The cutting ferrule PKI in cutting ferrule certificate, cutting ferrule end second is utilized to bind Decryption factor and the 5th connects decryption random factor pair the 5th connection signature and verifies;After verifying that the 5th connection signature is correct, checking cutting ferrule end the Two binding decryption factor are the most identical with Truth cards manager end binding factor;Checking cutting ferrule end second binds decryption factor and Truth cards manager After end binding factor is identical, generate the 6th connection random factor;Cutting ferrule PKI in cutting ferrule certificate is utilized to connect the decryption random factor and the to the 5th Six connect random factor is encrypted acquisition the 6th connection ciphertext, utilizes Truth cards manager private key to connect the decryption random factor and the 6th to the 5th Connect random factor and carry out signature acquisition the 6th connection signature;Sending the 3rd secure connection response to cutting ferrule, wherein, the 3rd secure connection response includes: 6th connects ciphertext and the 6th connects signature;

Cutting ferrule, is additionally operable to receive the 3rd secure connection response, utilizes cutting ferrule private key to connect ciphertext to the 6th and be decrypted, it is thus achieved that the 5th after deciphering is even Connect the decryption random factor and the 6th and connect the decryption random factor;After utilizing the Truth cards manager PKI in Truth cards manager certificate, deciphering The 5th connection decryption random factor and the 6th connects decryption random factor pair the 6th connection signature and verifies;After verifying that the 6th connection signature is correct, test It is the most identical that the 5th connection decryption random factor after card deciphering is connected random factor with the 5th;Checking deciphering after the 5th connection the decryption random factor with After 5th connection random factor is identical, pacify at least with the 6th cutting ferrule end second connected between decryption random factor generation cutting ferrule and Truth cards manager Entirely transmit key;

Truth cards manager, is additionally operable to connect random factor at least with the 6th and generates the Truth cards manager between cutting ferrule and Truth cards manager End safe transmission key.

Embodiment 2

Fig. 7 shows the flow chart of the data interactive method provided into the embodiment of the present invention 2, sees Fig. 7, the data that the embodiment of the present invention 2 provides Exchange method includes:

First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;Specifically, the first equipment and the second equipment can verify mutually that the other side's certificate is legal and can be signed via the other side by checking The data of name are passed through, and verify that the other side's identity is legal, thereby guarantee that legitimacy and the verity of communicating pair identity;In verification process, both sides are also In interaction, generate binding factor, after all certification is passed through both sides, each store this binding factor.

First equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again generate safe transmission key because of Son, after mutual authentication the other side identity is passed through again, binding factor and safe transmission cryptographic key factor at least with storage generate the first equipment and second Carry out the safe transmission key of Security Data Transmission between equipment, and verify that the safe transmission key that both sides generate is the most identical;Specifically, first set Standby also utilization with the second equipment verifies that whether the data via the other side's signature are by carrying out the certification of the other side's identity and raw during authentication Becoming safe transmission cryptographic key factor, after judging that both sides' identity is legal and true, the binding factor utilizing safe transmission cryptographic key factor and the storage generated is raw Become the follow-up safe transmission key carrying out data interaction.

After the safe transmission key of checking both sides' generation is identical, the safe transmission key of generation between the first equipment and the second equipment, is utilized to carry out data Alternately.

As can be seen here, by the data interactive method of the present invention, it is possible to use binding factor generates safe transmission key, thus improves safe transmission close The safety of key, at the same time it can also be improve the safety of data interaction.

It addition, data interaction framework based on the present invention, if the first equipment is cutting ferrule, the second equipment can be analog card sheet or Truth cards pipe Reason device.Certainly, in the present invention, the second equipment can also be cutting ferrule, then the first equipment is simulation card or Truth cards manager.

Hereinafter, with the first equipment as cutting ferrule, the second equipment is for illustrating as a example by simulation card:

1, cutting ferrule and simulation card execution bindings:

It is identical with the cutting ferrule in embodiment 1 and simulation card execution bindings that this cutting ferrule performs bindings with simulation card, is not described in detail in this.

2, secure connection set up by cutting ferrule and simulation card:

In the present invention, cutting ferrule can set up secure connection in the following way with simulation card:

Below, it is provided that the specific implementation of secure connection set up by a kind of embodiment of the present invention 2 cutting ferrule and simulation card:

Fig. 8 shows that in the data interactive method that the embodiment of the present invention provides, the flow chart of secure connection set up by cutting ferrule and simulation card, sees Fig. 8, Cutting ferrule is set up secure connection with simulation card and is included:

Cutting ferrule receives to simulate the 3rd connection random factor of the simulation card generation that card sends and simulate card and uniquely identifies;Specifically, the 3rd even Connecing random factor can be random number, random character or a combination thereof that analog card sheet generates, and certainly, after generating the 3rd connection random factor, also may be used Verify with the randomness to the 3rd connection random factor, to improve the randomness of the 3rd connection random factor, prevent from being cracked.This step it Before, simulation card generate the 3rd connection random factor, after cutting ferrule detects this simulation card, simulation card by the 3rd connect random factor and Simulation card uniquely identifies transmission to cutting ferrule.

Cutting ferrule sends the second secure connection instruction setting up secure connection for instruction to simulation card, and wherein, the second secure connection instruction includes: card The unique mark of set, cutting ferrule utilize the simulation card PKI in simulation card certificate to connect the 4th connection random factor of random factor and generation to the 3rd Be encrypted the 3rd connection ciphertext of acquisition, cutting ferrule utilizes cutting ferrule private key to connect random factor to the 3rd and the 4th connection random factor carries out signature and obtains The 3rd connection signature obtained;Specifically, before using cutting ferrule to carry out data interaction with simulation card, optionally, between cutting ferrule and simulation card Set up secure connection, the safety mutual to improve follow-up data.Wherein, the second secure connection setting up secure connection for instruction that cutting ferrule receives Instruction can be to be provided separately within the connection physical button generation that card puts, or can be that the virtual key that connects on the touch screen of cutting ferrule generates, Or can be that start-up password verification generates the most afterwards, or can be that simulation card is generated after cutting ferrule is extracted, or can be at cutting ferrule Selecting linkage function to generate on screen in the menu of display, or can be to obtain cutting ferrule end Truth cards information list at cutting ferrule, user therefrom selects Generate after selecting Truth cards.It is, of course, also possible to generate for other any modes, the most it is not restricted.Specifically, cutting ferrule utilizes Simulation card PKI connect the 3rd the 4th connection random factor of random factor and generation be encrypted to ensure the 3rd connection random factor and The safety of the 4th connection random factor transmission generated, cutting ferrule utilizes cutting ferrule private key random to the 4th connection of the 3rd connection random factor and generation The factor is signed, to ensure that the legitimacy of cutting ferrule identity can be authenticated by follow-up simulation card.It addition, the 4th connection random factor can be Random number, random character or a combination thereof that cutting ferrule generates, certainly, after generating the 4th connection random factor, it is also possible to connect random factor to the 4th Randomness verify, with improve the 4th connection random factor randomness, prevent from being cracked;Optionally, before this step, cutting ferrule receives To simulation after card uniquely identifies, cutting ferrule uniquely can identify according to simulation card judge simulation card whether in cutting ferrule end the first list of bindings, Only after judging that simulation card is in cutting ferrule end the first list of bindings, just perform follow-up flow process, optimize flow process, improve efficiency.

Simulation card receives the second secure connection instruction, it is judged that cutting ferrule uniquely identifies whether in analog card bit end list of bindings;Specifically, analog card Sheet uniquely identifies according to the cutting ferrule received, it is judged that whether this cutting ferrule is in analog card bit end list of bindings;Only it is fastened in analog card bit end in judgement After in list of bindings, just perform follow-up flow process, optimize flow process, improve efficiency.

If cutting ferrule uniquely identifies in analog card bit end list of bindings, simulation card utilizes simulation card private key to connect ciphertext to the 3rd and is decrypted, Obtain the 3rd connection decryption random factor and the 4th and connect the decryption random factor;Specifically, utilize simulation card private key to connect ciphertext to the 3rd to carry out Deciphering, if there occurs data transmission fault in the data transmission, or there occurs in the data transmission and distorts, then will cause cannot successful decryption, Or obtain the 3rd connection the decryption random factor and the 4th connect the decryption random factor be connected with the 3rd random factor and the 4th connection random because of Son is different.And be encrypted by simulation card PKI, only simulation card private key can be with successful decryption, thus it is also ensured that the peace of data deciphering Quan Xing.

Simulation card utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd connection decryption random factor and the 4th to connect decryption random factor pair the 3rd connection Signature is verified;Specifically, the signature that simulation card utilizes cutting ferrule PKI to send cutting ferrule is verified, to guarantee the legitimate origin of data.

After simulation card checking the 3rd connection signature is correct, it is the most identical that checking the 3rd connection decryption random factor is connected random factor with the 3rd;Specifically Ground, it is identical that the 3rd connection random factor and the 3rd that simulation card checking generates self connects the decryption random factor, it is ensured that data are also not tampered with, And the Data Source of encryption sends the object of the 3rd connection random factor really for simulation card.

If it is identical that the 3rd connection decryption random factor connects random factor with the 3rd, simulation card utilizes simulation card private key to the 3rd connection RANDOM SOLUTION The close factor and the 4th connects the decryption random factor and carries out signature acquisition the 4th connection signature;Specifically, simulation card utilizes simulation card private key to the The three connection decryption random factors and the 4th connect the decryption random factor and sign, to ensure that follow-up cutting ferrule can be to the legitimacy of simulation card identity It is authenticated.

Simulation card sends the second secure connection response to cutting ferrule, and wherein, the second secure connection response includes: the 4th connects signature;Specifically, mould Intend card and connect signature transmission by the 4th to cutting ferrule, in order to the data received are verified by cutting ferrule.

Cutting ferrule receive second secure connection response, utilize simulation card certificate in simulation card PKI, the 3rd connect random factor and the 4th connect with Machine factor pair the 4th connects signature and verifies;Specifically, the signature that cutting ferrule utilizes simulation card PKI to send simulation card is verified, with really Protect the legitimate origin of data.

After cutting ferrule checking the 4th connection signature is correct, connects random factor at least with the 4th and cutting ferrule end the first binding factor generates cutting ferrule and simulation Cutting ferrule end the first safe transmission key between card;Simulation card connects the decryption random factor at least with the 4th and analog card bit end binding factor is raw Become the analog card bit end safe transmission key between cutting ferrule and simulation card;Specifically, cutting ferrule can utilize the 4th connection random factor and cutting ferrule end the One binding factor generates cutting ferrule end the first safe transmission key between cutting ferrule and simulation card, it is also possible to utilize the 3rd connection random factor, the 4th connection Random factor and cutting ferrule end the first binding factor generate cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;Same, simulate card The analog card bit end that the 4th connection decryption random factor and analog card bit end binding factor can also be utilized to generate between cutting ferrule and simulation card passes safely Defeated key, it is also possible to utilize the 3rd connection random factor, the 4th connection decryption random factor and analog card bit end binding factor to generate cutting ferrule and simulation Analog card bit end safe transmission key between card;As long as the algorithm that the parameter that cutting ferrule is identical with simulation card employing is identical generates safe transmission key i.e. Can.As can be seen here, in the present invention, safe transmission cryptographic key factor cutting ferrule end can be the 4th connect random factor, or the 3rd connect random because of Son and the 4th connects random factor;Safe transmission cryptographic key factor can be the 4th connection decryption random factor in analog card bit end, or the 3rd connects Random factor and the 4th connects the decryption random factor.It addition, safe transmission key can include encryption and decryption key and/or check key, use and add solution Decryption key can participate in data transmission and can ensure that the safety that data are transmitted, and uses check key participation data transmission to can ensure that data are transmitted complete Whole property, in the present invention it is possible to optionally use safe transmission key according to the safety grades of transmission data.

Cutting ferrule utilizes cutting ferrule end the first safe transmission double secret key the 3rd to connect random factor and the 4th connection random factor carries out transmission after the first process To simulating card;Simulation card utilizes analog card bit end safe transmission double secret key the 3rd to connect the decryption random factor and the 4th connection decryption random factor Send to cutting ferrule after carrying out the first process;Specifically, both sides utilize the safe transmission data key of each self-generating to send to right after carrying out the first process Side, in order to the other side verifies that the safe transmission key that both sides generate is the most identical.

Cutting ferrule receives the data that simulation card sends, and the data utilizing cutting ferrule end the first safe transmission double secret key to receive carry out the second process, compare Data after second process are connected random factor with the 3rd and the 4th connection random factor is the most identical;The data that simulation card receiving card set sends, And the data utilizing analog card bit end safe transmission double secret key to receive carry out the second process, compare the data after the second process and be connected RANDOM SOLUTION with the 3rd It is the most identical that the close factor and the 4th connects the decryption random factor.Specifically, both sides utilize the data that the safe transmission double secret key of each self-generating receives After carrying out the second process, each comparing the data after the second process the most identical with the data each sent, if identical, then explanation both sides generate Safe transmission key is identical, in order to ensure that the follow-up safe transmission key that can utilize each self-generating of both sides carries out Security Data Transmission.It addition, testing While safe transmission key that card both sides generate is identical, it is also possible to the binding factor of checking each storage is identical, and checking the other side is real further Bound object, improves the safety of subsequent data transmission further.

Certainly, in the present invention, simulation card generates the step that the step of analog card bit end safe transmission key is not limited in the manner, it is also possible to Analog card bit end safe transmission key is generated, it is also possible to the sent at cutting ferrule checking simulation card after deciphering obtains the 4th connection decryption random factor After four connection signatures are errorless, after receiving the successful information that cutting ferrule sends, generate analog card bit end safe transmission key;Cutting ferrule generates cutting ferrule end the first safety The step that the step of transmission key is also not limited in the manner, it is also possible to generate cutting ferrule end the first safety after cutting ferrule generates the 4th connection random factor Transmission key.

As can be seen here, the secure connection set up with simulation card based on above-mentioned cutting ferrule, can improve the safety of data transmission.At the same time it can also be test Whether card both sides are bound, and further increase safety.

Additionally, the invention is not limited in that the foundation of secure connection initiated by above-mentioned cutting ferrule, it is also possible to triggered simulation card by cutting ferrule and initiate secure connection Setting up, now, simulation card send the second secure connection and instruct to cutting ferrule, other flow processs are contrary with above-mentioned flow implementation main body can be realized, This repeats the most one by one.

Hereinafter, with the first equipment as cutting ferrule, the second equipment is to illustrate as a example by Truth cards manager:

1, cutting ferrule and Truth cards manager execution bindings:

It is identical with the cutting ferrule in embodiment 1 and Truth cards manager execution bindings that this cutting ferrule performs bindings with Truth cards manager, This no longer describes in detail.

2, secure connection set up by cutting ferrule and Truth cards manager:

Below, it is provided that the specific implementation of secure connection set up by the embodiment of the present invention 2 cutting ferrule and Truth cards manager:

Fig. 9 shows that in the data interactive method that the embodiment of the present invention provides, the flow chart of secure connection set up by cutting ferrule and Truth cards manager, sees Fig. 9, cutting ferrule sets up secure connection with Truth cards manager and includes:

The 7th connection random factor and Truth cards manager that the Truth cards manager that cutting ferrule reception Truth cards manager sends generates are unique Mark;Specifically, the 7th connects random number, random character or a combination thereof that random factor can be the generation of Truth cards manager, certainly, is giving birth to After becoming the 7th connection random factor, it is also possible to the 7th randomness connecting random factor is verified, to improve the random of the 7th connection random factor Property, prevent from being cracked.Before this step, Truth cards manager generates the 7th connection random factor, detects that this Truth cards manages at cutting ferrule After device, Truth cards manager connects random factor by the 7th and Truth cards manager uniquely identifies transmission to cutting ferrule.

Cutting ferrule sends the 4th secure connection instruction setting up secure connection for instruction, wherein, the 4th secure connection instruction bag to Truth cards manager Include: cutting ferrule uniquely identifies, cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate to connect random factor and generation to the 7th The 8th connection random factor be encrypted the 7th connection ciphertext, cutting ferrule of acquisition and utilize cutting ferrule private key to connect random factor and the 8th connection to the 7th Random factor carries out the 7th connection signature that signature obtains;Specifically, before using cutting ferrule to carry out data interaction with Truth cards manager, optional , between cutting ferrule and Truth cards manager, set up secure connection, the safety mutual to improve follow-up data.Wherein, what cutting ferrule received is used for It can be to be provided separately within the connection physical button generation that card puts that the 4th secure connection instruction of secure connection is set up in instruction, or can be cutting ferrule Touch screen on connect what virtual key generated, or can be that start-up password verification generates the most afterwards, or can be that cutting ferrule is to Truth cards pipe Reason device generates when sending logging request, or can be to select linkage function to generate on cutting ferrule screen in the menu of display.It is, of course, also possible to Generate for other any modes, be not the most restricted.Specifically, cutting ferrule utilizes Truth cards manager PKI to connect at random the 7th 8th connection random factor of the factor and generation is encrypted to ensure the 8th connection random factor transmission of the 7th connection random factor and generation Safety, the 8th connection random factor that cutting ferrule utilizes cutting ferrule private key to connect random factor and generation to the 7th signs, with ensure follow-up very The legitimacy of cutting ferrule identity can be authenticated by real card management device.It addition, the 8th connect random factor can be cutting ferrule generation random number, with Machine character or a combination thereof, certainly, after generating the 8th connection random factor, it is also possible to the 8th randomness connecting random factor is verified, with Improve the randomness of the 8th connection random factor, prevent from being cracked;Optionally, before this step, it is unique that cutting ferrule receives Truth cards manager After mark, cutting ferrule uniquely can identify according to Truth cards manager judge Truth cards manager whether in cutting ferrule end the second list of bindings, only Have after judging that Truth cards manager is in cutting ferrule end the second list of bindings, just perform follow-up flow process, optimize flow process, improve efficiency.

Truth cards manager receives the 4th secure connection instruction, it is judged that cutting ferrule uniquely identifies whether in Truth cards manager end list of bindings;Tool Body ground, Truth cards manager uniquely identifies according to the cutting ferrule received, it is judged that whether this cutting ferrule is in Truth cards manager end list of bindings;Only Have after judging to be fastened in Truth cards manager end list of bindings, just perform follow-up flow process, optimize flow process, improve efficiency.

If cutting ferrule uniquely identifies in Truth cards manager end list of bindings, Truth cards manager utilizes Truth cards manager private key to the 7th Connect ciphertext to be decrypted, it is thus achieved that the 7th connects the decryption random factor and the 8th connects the decryption random factor;Specifically, Truth cards is utilized to manage Device private key connects ciphertext to the 7th and is decrypted, if there occurs data transmission fault in the data transmission, or there occurs in the data transmission and distorts, Then will cause cannot successful decryption, or obtain the 7th connection the decryption random factor and the 8th connect the decryption random factor be connected with the 7th random because of It is different that son and the 8th connects random factor.And be encrypted by Truth cards manager PKI, only Truth cards manager private key can be successful Deciphering, thus it is also ensured that the safety of data deciphering.

Truth cards manager utilizes the cutting ferrule PKI in cutting ferrule certificate, the 7th connects the decryption random factor and the 8th and connect decryption random factor pair the Seven connect signature verifies;Specifically, the signature that Truth cards manager utilizes cutting ferrule PKI to send cutting ferrule is verified, to guarantee data Legitimate origin.

After Truth cards manager checking the 7th connection signature is correct, checking the 7th connection decryption random factor is connected random factor whether phase with the 7th With;Specifically, it is identical that the 7th connection random factor and the 7th that Truth cards manager checking self generates connects the decryption random factor, it is ensured that Data are also not tampered with, and the Data Source of encryption sends the object of the 7th connection random factor really for Truth cards manager.

If the 7th to connect the decryption random factor identical with the 7th connection random factor, Truth cards manager utilizes Truth cards manager private key to the The seven connection decryption random factors and the 8th connection decryption random factor carry out signature acquisition the 8th connection and sign;Specifically, Truth cards manager profit With Truth cards manager private key, the 7th connection decryption random factor and the 8th are connected the decryption random factor to sign, to ensure that follow-up cutting ferrule can It is authenticated with the legitimacy to Truth cards manager identity.

Truth cards manager sends the 4th secure connection response to cutting ferrule, and wherein, the 4th secure connection response includes: the 8th connects signature;Specifically Ground, Truth cards manager connects signature by the 8th and sends to cutting ferrule, in order to the data received are verified by cutting ferrule.

Cutting ferrule receives the 4th secure connection response, utilizes the Truth cards manager PKI in Truth cards manager certificate, the 7th connection random factor Connect random factor with the 8th the 8th connection signature is verified;Specifically, cutting ferrule utilizes Truth cards manager PKI to Truth cards manager The signature sent is verified, to guarantee the legitimate origin of data.

After cutting ferrule checking the 8th connection signature is correct, connects random factor at least with the 8th and cutting ferrule end the second binding factor generates cutting ferrule with true Cutting ferrule end the second safe transmission key between card management device;Truth cards manager connects the decryption random factor and Truth cards at least with the 8th Manager end binding factor generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager;Specifically, cutting ferrule can be in order to Connect random factor with the 8th and cutting ferrule end the second binding factor generate cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager, The 7th connection random factor, the 8th connection random factor and cutting ferrule end the second binding factor can also be utilized to generate between cutting ferrule and Truth cards manager Cutting ferrule end the second safe transmission key;Same, Truth cards manager can also utilize the 8th connection decryption random factor and Truth cards pipe Reason device end binding factor generates the Truth cards manager end safe transmission key between cutting ferrule and Truth cards manager, it is also possible to utilize the 7th connection with The machine factor, the 8th connection decryption random factor and Truth cards manager end binding factor generate the Truth cards between cutting ferrule and Truth cards manager Manager end safe transmission key;As long as the algorithm that the parameter that cutting ferrule is identical with Truth cards manager employing is identical generates safe transmission key. As can be seen here, in the present invention, safe transmission cryptographic key factor cutting ferrule end can be the 8th connect random factor, or the 7th connect random factor with And the 8th connect random factor;Safe transmission cryptographic key factor can be the 8th connection decryption random factor at Truth cards manager end, or the 7th connects Connect random factor and the 8th and connect the decryption random factor.It addition, safe transmission key can include encryption and decryption key and/or check key, use adds Decruption key can participate in data transmission and can ensure that the safety that data are transmitted, and uses check key to participate in data transmission and can ensure that what data were transmitted Integrity, in the present invention it is possible to optionally use safe transmission key according to the safety grades of transmission data.

Cutting ferrule utilizes cutting ferrule end the second safe transmission double secret key the 7th to connect random factor and the 8th connection random factor carries out transmission after the first process To true card management device;Truth cards manager utilizes Truth cards manager end safe transmission double secret key the 7th to connect the decryption random factor and the The eight connection decryption random factors send to cutting ferrule after carrying out the first process;Specifically, both sides utilize the safe transmission data key of each self-generating to carry out Send to the other side after first process, in order to the other side verifies that the safe transmission key that both sides generate is the most identical.

Cutting ferrule receives the data that Truth cards manager sends, and the data utilizing cutting ferrule end the second safe transmission double secret key to receive are carried out at second Reason, compare the data after the second process be connected with the 7th random factor and the 8th connection random factor the most identical;Truth cards manager receiving card Overlap the data sent, and the data utilizing Truth cards manager end safe transmission double secret key to receive carry out the second process, after comparing the second process Data are connected the decryption random factor with the 7th and the 8th connection decryption random factor is the most identical.Specifically, both sides utilize the safety of each self-generating to pass After the data that defeated double secret key receives carry out the second process, each compare the data after the second process the most identical with the data each sent, if phase With, then the safe transmission key that explanation both sides generate is identical, in order to ensure that the follow-up safe transmission key that can utilize each self-generating of both sides carries out data Safe transmission.It addition, while the safe transmission key of checking both sides' generation is identical, it is also possible to the binding factor of checking each storage is identical, enters It is real bound object that one step demonstrate,proves the other side, improves the safety of subsequent data transmission further.

Certainly, in the present invention, Truth cards manager generates the step of Truth cards manager end safe transmission key and is not limited in the manner Step, it is also possible to generate Truth cards manager end safe transmission key after deciphering obtains the 8th connection decryption random factor, it is also possible to test at cutting ferrule Card Truth cards manager send the 8th connection signature errorless after, receive cutting ferrule send successful information after generate Truth cards manager end pass safely Defeated key;Cutting ferrule generates the step that the step of cutting ferrule end the second safe transmission key is also not limited in the manner, it is also possible to generate the 8th even at cutting ferrule Cutting ferrule end the second safe transmission key is generated after connecing random factor.

As can be seen here, the secure connection set up with Truth cards manager based on above-mentioned cutting ferrule, can improve the safety of data transmission.Meanwhile, also Can verify whether both sides are bound, further increase safety.

Additionally, the invention is not limited in that the foundation of secure connection initiated by above-mentioned cutting ferrule, it is also possible to triggered Truth cards manager by cutting ferrule and initiate safety Establishment of connection, now, is sent the 4th secure connection by Truth cards manager and instructs to cutting ferrule, and other flow processs are contrary with above-mentioned flow implementation main body Can realize, this is no longer going to repeat them.

The present invention also provides for a kind of data interaction system, and this data interaction system uses above-mentioned exchange method, is not described in detail in this, only hands over these data Mutually the structure of system is briefly described, referring specifically to Figure 10, and the data interaction system of the present invention, including: the first equipment and the second equipment;Its In,

First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;

First equipment and the second equipment mutual authentication the other side identity again, and during mutual authentication the other side identity again generate safe transmission key because of Son, after mutual authentication the other side identity is passed through again, binding factor and safe transmission cryptographic key factor at least with storage generate the first equipment and second Carry out the safe transmission key of Security Data Transmission between equipment, and verify that the safe transmission key that both sides generate is the most identical;

After the safe transmission key of checking both sides' generation is identical, the safe transmission key of generation between the first equipment and the second equipment, is utilized to carry out data Alternately.

First equipment is cutting ferrule below, and the second equipment is for illustrating as a example by simulation card:

1, cutting ferrule and simulation card execution bindings:

Cutting ferrule, for receiving for indicating and simulate the trigger command that card carries out binding;Send the first binding to simulation card to instruct, wherein, the One binding instruction includes: the first binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;

Simulation card, for receiving the first binding instruction, utilizes root certificate to verify cutting ferrule certificate;After checking cutting ferrule certificate is legal, generate the Two binding random factors;Utilize cutting ferrule PKI in cutting ferrule certificate that the first binding random factor and the second binding random factor are encrypted acquisition the One binding ciphertext, utilizes simulation card private key that the first binding random factor and the second binding random factor are carried out signature and obtains the first binding signature; Sending the first binding response to cutting ferrule, wherein, the first binding response includes: first binding ciphertext, first binding signature, simulation card certificate and Simulation card uniquely identifies;

Cutting ferrule, is additionally operable to receive the first binding response, utilizes root certificate to verify simulation card certificate;After checking simulation card certificate is legal, Utilize cutting ferrule private key that the first binding ciphertext is decrypted, it is thus achieved that the first binding decryption random factor and the second binding decryption random factor;Utilize simulation Simulation card PKI, the first binding decryption random factor and the second binding decryption random factor pair first in card certificate are bound signature and are tested Card;After checking the first binding signature is correct, checking the first binding decryption random factor is the most identical with the first binding random factor;Checking the first binding After the decryption random factor is identical with the first binding random factor, prompting simulation card uniquely identifies;Reception is used for confirming that simulating card uniquely identifies correctly Trigger command, utilize cutting ferrule private key to first binding random factor and second binding the decryption random factor sign, it is thus achieved that second binding signature, And storage simulation card uniquely identifies, simulates card certificate and cutting ferrule end the first binding factor to cutting ferrule end the first list of bindings, wherein, cutting ferrule Holding the first binding factor is the second binding decryption random factor;The second binding signature is sent to simulation card;

Simulation card, is additionally operable to receive the second binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the first binding random factor and the second binding Second binding signature is verified by random factor;After checking the second binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and analog card Bit end binding factor is to analog card bit end list of bindings, and wherein, analog card bit end binding factor is the second binding random factor.

2, secure connection set up by cutting ferrule and simulation card:

Cutting ferrule, is additionally operable to receive the 3rd connection random factor of the simulation card generation that simulation card sends and simulation card uniquely identifies;To simulation Card sends the second secure connection instruction setting up secure connection for instruction, and wherein, the second secure connection instruction includes: cutting ferrule uniquely identifies, blocks The 4th connection random factor that set utilizes the simulation card PKI in analog card sheet certificate to connect random factor and generation to the 3rd is encrypted acquisition The 3rd connection ciphertext, cutting ferrule utilize cutting ferrule private key to connect random factor and the 4th to the 3rd to connect random factor and carry out the 3rd connection that signature obtains Signature;

Simulation card, is additionally operable to receive the second secure connection instruction, it is judged that cutting ferrule uniquely identifies whether in analog card bit end list of bindings;If card Set uniquely identifies in analog card bit end list of bindings, utilizes simulation card private key to connect ciphertext to the 3rd and is decrypted, it is thus achieved that the 3rd connects RANDOM SOLUTION The close factor and the 4th connects the decryption random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate, the 3rd connect the decryption random factor and the 4th connect with Machine decryption factor connects signature to the 3rd and verifies;After verifying that the 3rd connection signature is correct, checking the 3rd connection decryption random factor is connected with the 3rd Random factor is the most identical;If it is identical that the 3rd connection decryption random factor connects random factor with the 3rd, simulation card private key is utilized to connect the 3rd The decryption random factor and the 4th connects the decryption random factor and carries out signature acquisition the 4th connection signature;The second secure connection response is sent to cutting ferrule, its In, the second secure connection response includes: the 4th connects signature;

Cutting ferrule, is additionally operable to receive the second secure connection response, utilizes the simulation card PKI in simulation card certificate, the 3rd connects random factor and the Four connect random factor verifies the 4th connection signature;After verifying that the 4th connection signature is correct, connect random factor and card at least with the 4th Set end the first binding factor generates cutting ferrule end the first safe transmission key between cutting ferrule and simulation card;

Simulation card, is additionally operable to connect the decryption random factor at least with the 4th and analog card bit end binding factor generates between cutting ferrule and simulation card Analog card bit end safe transmission key;

Cutting ferrule, is additionally operable to utilize cutting ferrule end the first safe transmission double secret key the 3rd to connect random factor and the 4th connection random factor carries out the first process Rear transmission is to simulating card;

Simulation card, is additionally operable to utilize analog card bit end safe transmission double secret key the 3rd to connect the decryption random factor and the 4th and connects the decryption random factor Send to cutting ferrule after carrying out the first process;

Cutting ferrule, is additionally operable to receive the data that simulation card sends, and the data utilizing cutting ferrule end the first safe transmission double secret key to receive is carried out at second Reason, compare the data after the second process be connected with the 3rd random factor and the 4th connection random factor the most identical;

Simulation card, is additionally operable to receive the data that cutting ferrule sends, and the data utilizing analog card bit end safe transmission double secret key to receive is carried out at second Reason, compare the data after the second process be connected with the 3rd the decryption random factor and the 4th connection the decryption random factor the most identical.

Below with the first equipment as cutting ferrule, the second equipment is to illustrate as a example by Truth cards manager:

1, cutting ferrule and Truth cards manager execution bindings:

Cutting ferrule, carries out the trigger command bound for reception for instruction and Truth cards manager;Sent out to Truth cards manager by wireless network Sending the second binding instruction, wherein, the second binding instruction includes: the 3rd binding random factor, cutting ferrule certificate and cutting ferrule that cutting ferrule generates uniquely identify;

Truth cards manager, for receiving the second binding instruction, utilizes root certificate to verify cutting ferrule certificate;After checking cutting ferrule certificate is legal, Generate the 4th binding random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate that the 3rd binding random factor and the 4th binding random factor are encrypted Obtain the second binding ciphertext, utilize Truth cards manager private key that the 3rd binding random factor and the 4th binding random factor are carried out acquisition the of signing Three binding signatures;Sending the second binding response by wireless network to cutting ferrule, wherein, the second binding response includes: the second binding ciphertext, the 3rd tie up Fixed signature, Truth cards manager certificate and Truth cards manager uniquely identify;

Cutting ferrule, is additionally operable to receive the second binding response, utilizes root certificate to verify Truth cards manager certificate;Checking Truth cards manager After certificate is legal, utilize cutting ferrule private key to second binding ciphertext be decrypted, it is thus achieved that the 3rd binding the decryption random factor and the 4th binding decryption random because of Son;Utilize the Truth cards manager PKI in Truth cards manager certificate, the 3rd binding the decryption random factor and the 4th binding decryption random because of 3rd binding signature is verified by son;After verifying that the 3rd binding signature is correct, checking the 3rd binding decryption random factor and the 3rd binding random factor The most identical;After verifying that the 3rd binding decryption random factor is identical with the 3rd binding random factor, prompting Truth cards manager uniquely identifies;Receive For confirming that Truth cards manager uniquely identifies correct trigger command, utilize cutting ferrule private key random to the 3rd binding random factor and the 4th binding Decryption factor is signed, it is thus achieved that the 4th binding signature, and storage Truth cards manager uniquely identifies, Truth cards manager certificate and card Set end the second binding factor is to cutting ferrule end the second list of bindings, and wherein, cutting ferrule end the second binding factor is the 4th binding decryption random factor;To truly Card management device sends the 4th binding signature;

Truth cards manager, is additionally operable to receive the 4th binding signature, utilizes the cutting ferrule PKI in cutting ferrule certificate, the 3rd binding random factor and the 4th binding signature is verified by four binding random factors;After verifying that the 4th binding signature is correct, storage cutting ferrule uniquely identifies, cutting ferrule certificate and Truth cards manager end binding factor is to true card management device end list of bindings, and wherein, Truth cards manager end binding factor is the 4th binding Random factor.

2, secure connection set up by cutting ferrule and Truth cards manager:

Cutting ferrule, is additionally operable to receive the 7th connection random factor and Truth cards manager of the Truth cards manager generation that Truth cards manager sends Unique mark;The 4th secure connection instruction setting up secure connection for instruction, wherein, the 4th secure connection instruction is sent to Truth cards manager Including: cutting ferrule uniquely identifies, cutting ferrule utilizes the Truth cards manager PKI in Truth cards manager certificate to connect random factor and life to the 7th The 8th connection random factor become is encrypted the 7th connection ciphertext of acquisition, cutting ferrule utilizes cutting ferrule private key to connect random factor and the 8th even to the 7th Connect random factor and carry out the 7th connection signature that signature obtains;

Truth cards manager, is additionally operable to receive the 4th secure connection instruction, it is judged that cutting ferrule uniquely identifies whether at Truth cards manager end binding row In table;If cutting ferrule uniquely identifies in Truth cards manager end list of bindings, utilize Truth cards manager private key to connect ciphertext to the 7th and carry out Deciphering, it is thus achieved that the 7th connects the decryption random factor and the 8th connects the decryption random factor;Utilize the cutting ferrule PKI in cutting ferrule certificate, the 7th connect with Machine decryption factor and the 8th connects decryption random factor pair the 7th connection signature and verifies;After verifying that the 7th connection signature is correct, checking the 7th is even Connecing the decryption random factor, to be connected random factor with the 7th the most identical;If it is identical that the 7th connection decryption random factor connects random factor with the 7th, profit With Truth cards manager private key, the 7th connection decryption random factor and the 8th connection decryption random factor are carried out signature acquisition the 8th connection to sign; Sending the 4th secure connection response to cutting ferrule, wherein, the 4th secure connection response includes: the 8th connects signature;

Cutting ferrule, is additionally operable to receive the 4th secure connection response, utilizes the Truth cards manager PKI in Truth cards manager certificate, the 7th connection Random factor and the 8th connects random factor and verifies the 8th connection signature;After verifying that the 8th connection signature is correct, at least with the 8th connect with The machine factor and cutting ferrule end the second binding factor generate cutting ferrule end the second safe transmission key between cutting ferrule and Truth cards manager;

Truth cards manager, be additionally operable at least with the 8th connect the decryption random factor and Truth cards manager end binding factor generate cutting ferrule with Truth cards manager end safe transmission key between Truth cards manager;

Cutting ferrule, is additionally operable to utilize cutting ferrule end the second safe transmission double secret key the 7th to connect random factor and the 8th connection random factor carries out the first process Rear transmission is to true card management device;

Truth cards manager, is additionally operable to utilize Truth cards manager end safe transmission double secret key the 7th to connect the decryption random factor and the 8th connection The decryption random factor sends to cutting ferrule after carrying out the first process;

Cutting ferrule, is additionally operable to receive the data that Truth cards manager sends, and the data utilizing cutting ferrule end the second safe transmission double secret key to receive is carried out Second process, compare the data after the second process be connected with the 7th random factor and the 8th connection random factor the most identical;

Truth cards manager, is additionally operable to receive the data that cutting ferrule sends, and utilizes the number that Truth cards manager end safe transmission double secret key receives According to carrying out the second process, compare the data after the second process be connected with the 7th the decryption random factor and the 8th connect the decryption random factor the most identical.

In flow chart or at this, any process described otherwise above or method description are construed as, and represent and include that one or more is for reality The module of code, fragment or the part of the executable instruction of the step of existing specific logical function or process, and the model of the preferred embodiment of the present invention Enclose and include other realization, wherein can not by order that is shown or that discuss, including according to involved function by basic mode simultaneously or by phase Anti-order, performs function, and this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In the above-described embodiment, multiple Step or method can realize with software or the firmware that storage in memory and is performed by suitable instruction execution system.Such as, if using hardware Realize, with the most the same, can realize by any one in following technology well known in the art or their combination: there is use In the discrete logic of the logic gates that data signal is realized logic function, there is the special IC of suitable combination logic gate circuit, Programmable gate array (PGA), field programmable gate array (FPGA) etc..

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries can be by program The hardware that instruction is relevant completes, and described program can be stored in a kind of computer-readable recording medium, and this program is upon execution, real including method One or a combination set of step executing example.

Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be the independent physics of unit Exist, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module both can realize to use the form of hardware, it is possible to To use the form of software function module to realize.If described integrated module realizes and as independent production marketing using the form of software function module Or when using, it is also possible to it is stored in a computer read/write memory medium.

Storage medium mentioned above can be read only memory, disk or CD etc..

In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " Deng description means to combine this embodiment or example describes specific features, structure, material or feature be contained at least one embodiment of the present invention Or in example.In this manual, the schematic representation to above-mentioned term is not necessarily referring to identical embodiment or example.And, the tool of description Body characteristics, structure, material or feature can combine in any one or more embodiments or example in an appropriate manner.

Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary, it is impossible to it is right to be interpreted as The restriction of the present invention, those of ordinary skill in the art in the case of without departing from the principle of the present invention and objective within the scope of the invention can on State embodiment to be changed, revise, replace and modification.The scope of the present invention is limited by claims and equivalent thereof.

Claims (28)

1. a data interactive method, it is characterised in that including:
First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;
Described first equipment and described second equipment mutual authentication the other side identity again, and during the described the other side's identity of mutual authentication again, than The most identical compared with the described binding factor of both sides' storage, the described binding factor in relatively both sides storage is identical and the described the other side's identity of mutual authentication again By rear, generate the safe transmission key carrying out Security Data Transmission between described first equipment and described second equipment;
The described safe transmission key utilizing generation between described first equipment and described second equipment carries out data interaction.
Method the most according to claim 1, it is characterised in that described first equipment is cutting ferrule, described second equipment is simulation card;
Described first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, be each stored in and authenticated The binding factor generated in journey includes:
The reception of described cutting ferrule carries out the trigger command bound for instruction and described simulation card;
Described cutting ferrule sends the first binding instruction to described simulation card, and wherein, described first binding instruction includes: the first of described cutting ferrule generation is tied up Determine random factor, cutting ferrule certificate and cutting ferrule uniquely to identify;
Described simulation card receives described first binding instruction, utilizes root certificate to verify described cutting ferrule certificate;
After described simulation card verifies that described cutting ferrule certificate is legal, generate the second binding random factor;
Described simulation card utilizes the cutting ferrule PKI in described cutting ferrule certificate to described first binding random factor and described second binding random factor It is encrypted acquisition the first binding ciphertext, utilizes simulation card private key that described first binding random factor and described second binding random factor are carried out Signature obtains the first binding signature;
Described simulation card sends the first binding response to described cutting ferrule, and wherein, described first binding response includes: described first binding ciphertext, institute State the first binding signature, simulation card certificate and simulation card uniquely to identify;
Described cutting ferrule receives described first binding response, utilizes root certificate to verify described simulation card certificate;
After described cutting ferrule verifies that described simulation card certificate is legal, utilize described cutting ferrule private key that described first binding ciphertext is decrypted, it is thus achieved that first The binding decryption random factor and the second binding decryption random factor;
Described cutting ferrule utilize the simulation card PKI in described simulation card certificate, described first binding the decryption random factor and described second binding with Described first binding signature is verified by machine decryption factor;
After the described first binding signature of described cutting ferrule checking is correct, verify that the described first binding decryption random factor with described first binding random factor is No identical;
After the described first binding decryption random factor of described cutting ferrule checking is identical with described first binding random factor, described simulation card is pointed out uniquely to mark Know;
Described cutting ferrule receives for confirming that described simulation card uniquely identifies correct trigger command, utilize described cutting ferrule private key to described first binding with The machine factor and described second binding the decryption random factor sign, it is thus achieved that second binding signature, and store described simulation card uniquely identify, Described simulation card certificate and cutting ferrule end the first binding factor are to cutting ferrule end the first list of bindings, and wherein, described cutting ferrule end the first binding factor is institute State the second binding decryption random factor;
Described cutting ferrule sends described second binding signature to described simulation card;
Described simulation card receive described second binding signature, utilize the described cutting ferrule PKI in described cutting ferrule certificate, first binding random factor and Described second binding signature is verified by described second binding random factor;
After the described second binding signature of described simulation card checking is correct, store described cutting ferrule uniquely identify, described cutting ferrule certificate and analog card bit end Binding factor is to analog card bit end list of bindings, and wherein, described analog card bit end binding factor is described second binding random factor.
Method the most according to claim 2, it is characterised in that described first equipment and described second equipment mutual authentication the other side identity again, And during the described the other side's identity of mutual authentication again, the described binding factor comparing both sides' storage is the most identical, in the institute of relatively both sides storage State that binding factor is identical and after the described the other side's identity of mutual authentication again passes through, generate and carry out data peace between described first equipment and described second equipment The safe transmission key of full transmission includes:
Described cutting ferrule sends the first secure connection instruction setting up secure connection for instruction, wherein, described first secure connection to described simulation card Instruction includes: described cutting ferrule utilizes described simulation card PKI in described simulation card certificate to described cutting ferrule end the first binding factor and generation First connects random factor is encrypted the first connection ciphertext of acquisition, and described cutting ferrule utilizes described cutting ferrule private key to described cutting ferrule end the first binding factor And described first connect random factor carry out signature obtain first connection signature;
Described simulation card receives described first secure connection instruction, utilizes described simulation card private key to connect ciphertext to described first and is decrypted, obtains Obtain cutting ferrule end first and bind decryption factor and the first connection decryption random factor;
Described simulation card utilizes the described cutting ferrule PKI in described cutting ferrule certificate, described cutting ferrule end first to bind decryption factor and described first connection Described in decryption random factor pair, the first connection signature is verified;
After the described first connection signature of described simulation card checking is correct, verify that described cutting ferrule end first is bound decryption factor and tied up with described analog card bit end Determining cause is the most identical;
Described simulation card verify described cutting ferrule end first bind decryption factor identical with described analog card bit end binding factor after, generate second connect with The machine factor;
Described simulation card utilizes the described cutting ferrule PKI in described cutting ferrule certificate to connect the decryption random factor and described second connection to described first Random factor is encrypted acquisition the second connection ciphertext, utilizes described simulation card private key to connect the decryption random factor and described second to described first Connect random factor and carry out signature acquisition the second connection signature;
Described simulation card sends the first secure connection response to described cutting ferrule, and wherein, described first secure connection response includes: described second connects Ciphertext and described second connects signature;
Described cutting ferrule receives described first secure connection response, utilizes described cutting ferrule private key to connect ciphertext to described second and is decrypted, it is thus achieved that after deciphering First connection the decryption random factor and second connect the decryption random factor;
Described cutting ferrule utilizes the first connection decryption random factor after the described simulation card PKI in described simulation card certificate, described deciphering and described Second connects the second connection signature described in decryption random factor pair verifies;
Described cutting ferrule checking described second connect signature correct after, verify after described deciphering the first connection decryption random factor be connected with described first with The machine factor is the most identical;
After described cutting ferrule verifies that the first connection decryption random factor after described deciphering is identical with described first connection random factor, at least with described the Two connect the decryption random factor generates described cutting ferrule end the first safe transmission key between described cutting ferrule and described simulation card;Described simulation card is at least Utilize described second to connect random factor and generate the described analog card bit end safe transmission key between described cutting ferrule and described simulation card.
Method the most according to claim 1, it is characterised in that described first equipment is cutting ferrule, described second equipment is Truth cards management Device;
Described first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, be each stored in and authenticated The binding factor generated in journey includes:
The reception of described cutting ferrule carries out the trigger command bound for instruction and described Truth cards manager;
Described cutting ferrule sends the second binding instruction by wireless network to described Truth cards manager, and wherein, described second binding instruction includes: institute The 3rd binding random factor, cutting ferrule certificate and the cutting ferrule of stating cutting ferrule generation uniquely identify;
Described Truth cards manager receives described second binding instruction, utilizes root certificate to verify described cutting ferrule certificate;
After described Truth cards manager verifies that described cutting ferrule certificate is legal, generate the 4th binding random factor;
Described Truth cards manager utilize cutting ferrule PKI in described cutting ferrule certificate to described 3rd binding random factor and described 4th binding with The machine factor is encrypted acquisition the second binding ciphertext, utilizes Truth cards manager private key to described 3rd binding random factor and described 4th binding Random factor carries out signature and obtains the 3rd binding signature;
Described Truth cards manager sends the second binding response by wireless network to described cutting ferrule, and wherein, described second binding response includes: institute State the second binding ciphertext, described 3rd binding signature, Truth cards manager certificate and Truth cards manager uniquely to identify;
Described cutting ferrule receives described second binding response, utilizes root certificate to verify described Truth cards manager certificate;
After described cutting ferrule verifies that described Truth cards manager certificate is legal, utilize described cutting ferrule private key that described second binding ciphertext is decrypted, obtain Obtain the 3rd binding decryption random factor and the 4th binding decryption random factor;
Described cutting ferrule utilizes the Truth cards manager PKI in described Truth cards manager certificate, the described 3rd binding decryption random factor and institute State the 3rd binding signature described in the 4th binding decryption random factor pair to verify;
After the described 3rd binding signature of described cutting ferrule checking is correct, verify that the described 3rd binding decryption random factor with described 3rd binding random factor is No identical;
After the described 3rd binding decryption random factor of described cutting ferrule checking is identical with described 3rd binding random factor, point out described Truth cards manager Unique mark;
Described cutting ferrule receives for confirming that described Truth cards manager uniquely identifies correct trigger command, utilizes described cutting ferrule private key to the described 3rd Binding random factor and the described 4th binding decryption random factor are signed, it is thus achieved that the 4th binding signature, and store the management of described Truth cards Device uniquely identifies, described Truth cards manager certificate and cutting ferrule end the second binding factor be to cutting ferrule end the second list of bindings, wherein, described cutting ferrule Holding the second binding factor is the described 4th binding decryption random factor;
Described cutting ferrule sends described 4th binding signature to described Truth cards manager;
Described Truth cards manager receive described 4th binding signature, utilize the described cutting ferrule PKI in described cutting ferrule certificate, the 3rd binding random because of Described 4th binding signature is verified by sub and described 4th binding random factor;
After the described 4th binding signature of described Truth cards manager checking is correct, store described cutting ferrule uniquely identify, described cutting ferrule certificate and true Card management device end binding factor is to true card management device end list of bindings, and wherein, described Truth cards manager end binding factor is the described 4th Binding random factor.
Method the most according to claim 4, it is characterised in that described first equipment and described second equipment mutual authentication the other side identity again, And during the described the other side's identity of mutual authentication again, the described binding factor comparing both sides' storage is the most identical, in the institute of relatively both sides storage State that binding factor is identical and after the described the other side's identity of mutual authentication again passes through, generate and carry out data peace between described first equipment and described second equipment The safe transmission key of full transmission includes:
Described cutting ferrule sends the 3rd secure connection instruction setting up secure connection for instruction, wherein, described 3rd peace to described Truth cards manager Full link order includes: described cutting ferrule utilizes the described Truth cards manager PKI in described Truth cards manager certificate to described cutting ferrule end second 5th connection random factor of binding factor and generation is encrypted the 5th connection ciphertext of acquisition, and described cutting ferrule utilizes described cutting ferrule private key to described Cutting ferrule end the second binding factor and the described 5th connects random factor and carries out the 5th connection signature that signature obtains;
Described Truth cards manager receives described 3rd secure connection instruction, utilizes described Truth cards manager private key to connect ciphertext to the described 5th It is decrypted, it is thus achieved that cutting ferrule end second is bound decryption factor and the 5th and connected the decryption random factor;
Described Truth cards manager utilizes the described cutting ferrule PKI in described cutting ferrule certificate, described cutting ferrule end second to bind decryption factor and described Five connect the 5th connection signature described in decryption random factor pair verifies;
After the described 5th connection signature of described Truth cards manager checking is correct, verify that described cutting ferrule end second binds decryption factor and described true card Sheet manager end binding factor is the most identical;
Described Truth cards manager verify described cutting ferrule end second bind decryption factor identical with described Truth cards manager end binding factor after, give birth to Become the 6th connection random factor;
Described Truth cards manager utilizes described cutting ferrule PKI in described cutting ferrule certificate to connect the decryption random factor and described the to the described 5th Six connect random factor is encrypted acquisition the 6th connection ciphertext, utilizes described Truth cards manager private key to connect the decryption random factor to the described 5th And described 6th connect random factor carry out signature obtain the 6th connection signature;
Described Truth cards manager sends the 3rd secure connection response to described cutting ferrule, and wherein, described 3rd secure connection response includes: described the Six connect ciphertext and the described 6th connects signature;
Described cutting ferrule receives described 3rd secure connection response, utilizes described cutting ferrule private key to connect ciphertext to the described 6th and is decrypted, it is thus achieved that after deciphering The 5th connection the decryption random factor and the 6th connect the decryption random factor;
Described cutting ferrule utilizes the 5th connection RANDOM SOLUTION after the described Truth cards manager PKI in described Truth cards manager certificate, described deciphering The close factor and the described 6th connects the 6th connection signature described in decryption random factor pair and verifies;
Described cutting ferrule checking the described 6th connect signature correct after, verify the after described deciphering the 5th connection decryption random factor be connected with the described 5th with The machine factor is the most identical;
After described cutting ferrule verifies that the 5th connection decryption random factor after described deciphering is identical with described 5th connection random factor, at least with described the Six connect the decryption random factor generates described cutting ferrule end the second safe transmission key between described cutting ferrule and described Truth cards manager;Described true card Sheet manager connects random factor at least with the described 6th and generates the described Truth cards manager between described cutting ferrule and described Truth cards manager End safe transmission key.
6. according to the method described in any one of claim 2 to 5, it is characterised in that described cutting ferrule is mobile device.
7. according to the method described in any one of claim 2 to 5, it is characterised in that described cutting ferrule is mobile device and electronic signature equipment, or Cutting ferrule described in person is electronic signature equipment.
8. a data interactive method, it is characterised in that including:
First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;
Described first equipment and described second equipment mutual authentication the other side identity again, and during the described the other side's identity of mutual authentication again, generate peace Entirely transmit cryptographic key factor, after the described the other side's identity of mutual authentication again is passed through, at least with storage binding factor and described safe transmission key because of Son generates the safe transmission key carrying out Security Data Transmission between described first equipment and described second equipment, and verifies the safe transmission that both sides generate Key is the most identical;
After the safe transmission key of checking both sides' generation is identical, between described first equipment and described second equipment, utilize the described safe transmission of generation Key carries out data interaction.
Method the most according to claim 8, it is characterised in that described first equipment is cutting ferrule, described second equipment is simulation card;
Described first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, be each stored in and authenticated The binding factor generated in journey includes:
The reception of described cutting ferrule carries out the trigger command bound for instruction and described simulation card;
Described cutting ferrule sends the first binding instruction to described simulation card, and wherein, described first binding instruction includes: the first of described cutting ferrule generation is tied up Determine random factor, cutting ferrule certificate and cutting ferrule uniquely to identify;
Described simulation card receives described first binding instruction, utilizes root certificate to verify described cutting ferrule certificate;
After described simulation card verifies that described cutting ferrule certificate is legal, generate the second binding random factor;
Described simulation card utilizes the cutting ferrule PKI in described cutting ferrule certificate to described first binding random factor and described second binding random factor It is encrypted acquisition the first binding ciphertext, utilizes simulation card private key that described first binding random factor and described second binding random factor are carried out Signature obtains the first binding signature;
Described simulation card sends the first binding response to described cutting ferrule, and wherein, described first binding response includes: described first binding ciphertext, institute State the first binding signature, simulation card certificate and simulation card uniquely to identify;
Described cutting ferrule receives described first binding response, utilizes root certificate to verify described simulation card certificate;
After described cutting ferrule verifies that described simulation card certificate is legal, utilize described cutting ferrule private key that described first binding ciphertext is decrypted, it is thus achieved that first The binding decryption random factor and the second binding decryption random factor;
Described cutting ferrule utilize the simulation card PKI in described simulation card certificate, described first binding the decryption random factor and described second binding with Described first binding signature is verified by machine decryption factor;
After the described first binding signature of described cutting ferrule checking is correct, verify that the described first binding decryption random factor with described first binding random factor is No identical;
After the described first binding decryption random factor of described cutting ferrule checking is identical with described first binding random factor, described simulation card is pointed out uniquely to mark Know;
Described cutting ferrule receives for confirming that described simulation card uniquely identifies correct trigger command, utilize described cutting ferrule private key to described first binding with The machine factor and described second binding the decryption random factor sign, it is thus achieved that second binding signature, and store described simulation card uniquely identify, Described simulation card certificate and cutting ferrule end the first binding factor are to cutting ferrule end the first list of bindings, and wherein, described cutting ferrule end the first binding factor is institute State the second binding decryption random factor;
Described cutting ferrule sends described second binding signature to described simulation card;
Described simulation card receive described second binding signature, utilize the described cutting ferrule PKI in described cutting ferrule certificate, first binding random factor and Described second binding signature is verified by described second binding random factor;
After the described second binding signature of described simulation card checking is correct, store described cutting ferrule uniquely identify, described cutting ferrule certificate and analog card bit end Binding factor is to analog card bit end list of bindings, and wherein, described analog card bit end binding factor is described second binding random factor.
Method the most according to claim 9, it is characterised in that described first equipment and described second equipment mutual authentication the other side identity again, And during the described the other side's identity of mutual authentication again, generate safe transmission cryptographic key factor, after the described the other side's identity of mutual authentication again is passed through, extremely Carry out data between few binding factor utilizing storage and described safe transmission cryptographic key factor described first equipment of generation and described second equipment to pass safely Defeated safe transmission key, and verify that safe transmission key that both sides generate is the most identical and include:
The 3rd connection random factor and described simulation card that the described simulation card that the described cutting ferrule described simulation card of reception sends generates uniquely are marked Know;
Described cutting ferrule sends the second secure connection instruction setting up secure connection for instruction, wherein, described second secure connection to described simulation card Instruction includes: described cutting ferrule uniquely identifies, described cutting ferrule utilize described simulation card PKI in described simulation card certificate connect the described 3rd with 4th connection random factor of the machine factor and generation is encrypted the 3rd connection ciphertext of acquisition, described cutting ferrule utilizes described cutting ferrule private key to described the The 3rd connection that three connection random factors and described 4th connection random factor carry out signature acquisition is signed;
Described simulation card receives described second secure connection instruction, it is judged that described cutting ferrule uniquely identifies whether in described analog card bit end list of bindings In;
If described cutting ferrule uniquely identifies in described analog card bit end list of bindings, described simulation card utilizes described simulation card private key to described Three connect ciphertext is decrypted, it is thus achieved that the 3rd connects the decryption random factor and the 4th connects the decryption random factor;
Described simulation card utilize the described cutting ferrule PKI in described cutting ferrule certificate, described 3rd connect the decryption random factor and described 4th connect with Machine decryption factor connects signature to the described 3rd and verifies;
Described simulation card checking the described 3rd connect signature correct after, verify the described 3rd connect the decryption random factor be connected with the described 3rd random because of Son is the most identical;
If it is identical that the described 3rd connection decryption random factor connects random factor with the described 3rd, described simulation card utilizes described simulation card private key Connect the decryption random factor to the described 3rd and the described 4th connection decryption random factor carries out signature and obtains the 4th connection signature;
Described simulation card sends the second secure connection response to described cutting ferrule, and wherein, described second secure connection response includes: the described 4th connects Signature;
Described cutting ferrule receives described second secure connection response, utilizes the described simulation card PKI in described simulation card certificate, the 3rd connection random The factor and the described 4th connects random factor and verifies described 4th connection signature;
Described cutting ferrule checking the described 4th connect signature correct after, connect random factor at least with the described 4th and described cutting ferrule end first bind because of Son generates described cutting ferrule end the first safe transmission key between described cutting ferrule and described simulation card;Described simulation card connects at least with the described 4th The decryption random factor and described analog card bit end binding factor generate the described analog card bit end safe transmission between described cutting ferrule and described simulation card Key;
Described cutting ferrule utilizes the 3rd connection random factor described in described cutting ferrule end the first safe transmission double secret key and described 4th connection random factor to enter Row first sends to described simulation card after processing;Described simulation card utilizes the 3rd connection described in described analog card bit end safe transmission double secret key random Decryption factor and the described 4th connects the decryption random factor and carries out transmission extremely described cutting ferrule after the first process;
Described cutting ferrule receives the data that described simulation card sends, and the data utilizing described cutting ferrule end the first safe transmission double secret key to receive carry out the Two process, compare the data after the second process be connected with the described 3rd random factor and described 4th connection random factor the most identical;Described simulation Card receives the data that described cutting ferrule sends, and the data utilizing described analog card bit end safe transmission double secret key to receive carry out the second process, compare Data after second process are connected the decryption random factor with the described 3rd and the described 4th connection decryption random factor is the most identical.
11. methods according to claim 8, it is characterised in that described first equipment is cutting ferrule, described second equipment is Truth cards management Device;
Described first equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, be each stored in and authenticated The binding factor generated in journey includes:
The reception of described cutting ferrule carries out the trigger command bound for instruction and described Truth cards manager;
Described cutting ferrule sends the second binding instruction by wireless network to described Truth cards manager, and wherein, described second binding instruction includes: institute The 3rd binding random factor, cutting ferrule certificate and the cutting ferrule of stating cutting ferrule generation uniquely identify;
Described Truth cards manager receives described second binding instruction, utilizes root certificate to verify described cutting ferrule certificate;
After described Truth cards manager verifies that described cutting ferrule certificate is legal, generate the 4th binding random factor;
Described Truth cards manager utilize cutting ferrule PKI in described cutting ferrule certificate to described 3rd binding random factor and described 4th binding with The machine factor is encrypted acquisition the second binding ciphertext, utilizes Truth cards manager private key to described 3rd binding random factor and described 4th binding Random factor carries out signature and obtains the 3rd binding signature;
Described Truth cards manager sends the second binding response by wireless network to described cutting ferrule, and wherein, described second binding response includes: institute State the second binding ciphertext, described 3rd binding signature, Truth cards manager certificate and Truth cards manager uniquely to identify;
Described cutting ferrule receives described second binding response, utilizes root certificate to verify described Truth cards manager certificate;
After described cutting ferrule verifies that described Truth cards manager certificate is legal, utilize described cutting ferrule private key that described second binding ciphertext is decrypted, obtain Obtain the 3rd binding decryption random factor and the 4th binding decryption random factor;
Described cutting ferrule utilizes the Truth cards manager PKI in described Truth cards manager certificate, the described 3rd binding decryption random factor and institute State the 3rd binding signature described in the 4th binding decryption random factor pair to verify;
After the described 3rd binding signature of described cutting ferrule checking is correct, verify that the described 3rd binding decryption random factor with described 3rd binding random factor is No identical;
After the described 3rd binding decryption random factor of described cutting ferrule checking is identical with described 3rd binding random factor, point out described Truth cards manager Unique mark;
Described cutting ferrule receives for confirming that described Truth cards manager uniquely identifies correct trigger command, utilizes described cutting ferrule private key to the described 3rd Binding random factor and the described 4th binding decryption random factor are signed, it is thus achieved that the 4th binding signature, and store the management of described Truth cards Device uniquely identifies, described Truth cards manager certificate and cutting ferrule end the second binding factor be to cutting ferrule end the second list of bindings, wherein, described cutting ferrule Holding the second binding factor is the described 4th binding decryption random factor;
Described cutting ferrule sends described 4th binding signature to described Truth cards manager;
Described Truth cards manager receive described 4th binding signature, utilize the described cutting ferrule PKI in described cutting ferrule certificate, the 3rd binding random because of Described 4th binding signature is verified by sub and described 4th binding random factor;
After the described 4th binding signature of described Truth cards manager checking is correct, store described cutting ferrule uniquely identify, described cutting ferrule certificate and true Card management device end binding factor is to true card management device end list of bindings, and wherein, described Truth cards manager end binding factor is the described 4th Binding random factor.
12. methods according to claim 11, it is characterised in that described first equipment and described second equipment mutual authentication the other side body again Part, and during the described the other side's identity of mutual authentication again, generate safe transmission cryptographic key factor, after the described the other side's identity of mutual authentication again is passed through, Binding factor and described safe transmission cryptographic key factor at least with storage generate and carry out data safety between described first equipment and described second equipment The safe transmission key of transmission, and verify that safe transmission key that both sides generate is the most identical and include:
Described cutting ferrule receive described Truth cards manager send described Truth cards manager generate the 7th connection random factor and described truly Card management device uniquely identifies;
Described cutting ferrule sends the 4th secure connection instruction setting up secure connection for instruction, wherein, described 4th peace to described Truth cards manager Full link order includes: described cutting ferrule uniquely identifies, described cutting ferrule utilizes the described Truth cards manager in described Truth cards manager certificate public Key is encrypted the 7th connection ciphertext of acquisition to the 8th connection random factor of described 7th connection random factor and generation, described cutting ferrule utilizes institute State cutting ferrule private key to described 7th connect random factor and described 8th connect random factor carry out signature obtain the 7th connection signature;
Described Truth cards manager receives described 4th secure connection instruction, it is judged that described cutting ferrule uniquely identifies whether at described Truth cards manager In end list of bindings;
If described cutting ferrule uniquely identifies in described Truth cards manager end list of bindings, described Truth cards manager utilizes described Truth cards Manager private key connects ciphertext to the described 7th and is decrypted, it is thus achieved that the 7th connects the decryption random factor and the 8th connects the decryption random factor;
Described Truth cards manager utilizes the described cutting ferrule PKI in described cutting ferrule certificate, the described 7th connection decryption random factor and the described 8th Connect the 7th connection signature described in decryption random factor pair to verify;
After the described 7th connection signature of described Truth cards manager checking is correct, verify that the described 7th connection decryption random factor is connected with the described 7th Random factor is the most identical;
If it is identical that the described 7th connection decryption random factor connects random factor with the described 7th, described Truth cards manager utilizes described true card Sheet manager private key connects the decryption random factor to the described 7th and the described 8th connection decryption random factor carries out signature and obtains the 8th connection signature;
Described Truth cards manager sends the 4th secure connection response to described cutting ferrule, and wherein, described 4th secure connection response includes: described the Eight connect signature;
Described cutting ferrule receive described 4th secure connection response, utilize the described Truth cards manager PKI in described Truth cards manager certificate, 7th connection random factor and the described 8th connects random factor and verifies described 8th connection signature;
Described cutting ferrule checking the described 8th connect signature correct after, connect random factor at least with the described 8th and described cutting ferrule end second bind because of Son generates described cutting ferrule end the second safe transmission key between described cutting ferrule and described Truth cards manager;Described Truth cards manager at least with Described 8th connects between the decryption random factor and the described Truth cards manager end binding factor described cutting ferrule of generation and described Truth cards manager Described Truth cards manager end safe transmission key;
Described cutting ferrule utilizes the 7th connection random factor described in described cutting ferrule end the second safe transmission double secret key and described 8th connection random factor to enter Row first sends to described Truth cards manager after processing;Described Truth cards manager utilizes described Truth cards manager end safe transmission key Connect the decryption random factor to the described 7th and the described 8th connection decryption random factor carries out transmission extremely described cutting ferrule after the first process;
Described cutting ferrule receives the data that described Truth cards manager sends, and utilizes the data that described cutting ferrule end the second safe transmission double secret key receives Carry out the second process, compare the data after the second process be connected with the described 7th random factor and described 8th connect random factor the most identical;Institute State Truth cards manager and receive the data that described cutting ferrule sends, and utilize the data that described Truth cards manager end safe transmission double secret key receives Carry out the second process, compare the data after the second process and be connected with the described 7th whether the decryption random factor and the described 8th connects the decryption random factor Identical.
13. according to the method described in any one of claim 9 to 12, it is characterised in that described cutting ferrule is mobile device.
14. according to the method described in any one of claim 9 to 12, it is characterised in that described cutting ferrule is mobile device and electronic signature equipment, Or described cutting ferrule is electronic signature equipment.
15. 1 kinds of data interaction systems, it is characterised in that including: the first equipment and the second equipment;Wherein,
Described first equipment and described second equipment mutual authentication the other side's certificate and the other side's identity, and after all certification is passed through both sides, be each stored in and recognize The binding factor generated during card;
Described first equipment and described second equipment mutual authentication the other side identity again, and during the described the other side's identity of mutual authentication again, than The most identical compared with the described binding factor of both sides' storage, the described binding factor in relatively both sides storage is identical and the described the other side's identity of mutual authentication again By rear, generate the safe transmission key carrying out Security Data Transmission between described first equipment and described second equipment;
The described safe transmission key utilizing generation between described first equipment and described second equipment carries out data interaction.
16. systems according to claim 15, it is characterised in that described first equipment is cutting ferrule, described second equipment is simulation card;
Described cutting ferrule, carries out the trigger command bound for reception for instruction and described simulation card;Send the first binding to described simulation card to refer to Order, wherein, described first binding instruction includes: the first binding random factor, cutting ferrule certificate and cutting ferrule that described cutting ferrule generates uniquely identify;
Described simulation card, is used for receiving described first binding instruction, utilizes root certificate to verify described cutting ferrule certificate;Verify that described cutting ferrule is demonstrate,proved After book is legal, generate the second binding random factor;Utilize cutting ferrule PKI in described cutting ferrule certificate to described first binding random factor and described the Two binding random factors are encrypted acquisition the first binding ciphertext, utilize simulation card private key to tie up described first binding random factor and described second Determine random factor and carry out signature acquisition the first binding signature;Sending the first binding response to described cutting ferrule, wherein, described first binding response includes: Described first binding ciphertext, described first binding signature, simulation card certificate and simulation card uniquely identify;
Described cutting ferrule, is additionally operable to receive described first binding response, utilizes root certificate to verify described simulation card certificate;Verify described simulation After card certificate is legal, utilize described cutting ferrule private key that described first binding ciphertext is decrypted, it is thus achieved that the first binding decryption random factor and second is tied up Determine the decryption random factor;The simulation card PKI in described simulation card certificate, the described first binding decryption random factor and described second is utilized to tie up Determine the first binding signature described in decryption random factor pair to verify;After verifying that described first binding signature is correct, verify described first binding RANDOM SOLUTION The close factor is the most identical with described first binding random factor;Verify that the described first binding decryption random factor is identical with described first binding random factor After, point out described simulation card uniquely to identify;Receive for confirming that described simulation card uniquely identifies correct trigger command, utilize described cutting ferrule private Described first binding random factor and the described second binding decryption random factor are signed by key, it is thus achieved that the second binding signature, and storage is described Simulation card uniquely identifies, described simulation card certificate and cutting ferrule end the first binding factor be to cutting ferrule end the first list of bindings, wherein, described cutting ferrule Holding the first binding factor is the described second binding decryption random factor;Described second binding signature is sent to described simulation card;
Described simulation card, is additionally operable to receive described second binding signature, utilizes the described cutting ferrule PKI in described cutting ferrule certificate, the first binding random Described second binding signature is verified by the factor and described second binding random factor;After verifying that described second binding signature is correct, storage is described Cutting ferrule uniquely identifies, described cutting ferrule certificate and analog card bit end binding factor to analog card bit end list of bindings, wherein, described analog card bit end is tied up Determining cause is described second binding random factor.
17. systems according to claim 16, it is characterised in that
Described cutting ferrule, is additionally operable to send the first secure connection instruction setting up secure connection for instruction, wherein, described first to described simulation card Secure connection instruction includes: described cutting ferrule utilize described simulation card PKI in described simulation card certificate to described cutting ferrule end the first binding factor with And the first connection random factor generated is encrypted the first connection ciphertext of acquisition, described cutting ferrule utilizes described cutting ferrule private key to described cutting ferrule end first Binding factor and described first connects random factor and carries out the first connection signature that signature obtains;
Described simulation card, is additionally operable to receive described first secure connection instruction, utilizes described simulation card private key to connect ciphertext to described first and carry out Deciphering, it is thus achieved that cutting ferrule end first is bound decryption factor and first and connected the decryption random factor;Utilize the described cutting ferrule PKI in described cutting ferrule certificate, Described cutting ferrule end first is bound the first connection signature described in decryption factor and described first connection decryption random factor pair and is verified;Verify described After one connection signature is correct, verify that described cutting ferrule end first binds decryption factor the most identical with described analog card bit end binding factor;Verify described card Set end first bind decryption factor identical with described analog card bit end binding factor after, generate second connect random factor;Utilize in described cutting ferrule certificate Described cutting ferrule PKI to described first connect the decryption random factor and described second connect random factor be encrypted acquisition second connection ciphertext, profit With described simulation card private key, the described first connection decryption random factor and described second are connected random factor and carry out signature acquisition the second connection label Name;Sending the first secure connection response to described cutting ferrule, wherein, described first secure connection response includes: described second connects ciphertext and described Second connects signature;
Described cutting ferrule, is additionally operable to receive described first secure connection response, utilizes described cutting ferrule private key to connect ciphertext to described second and be decrypted, obtain The first connection decryption random factor and second after must deciphering connects the decryption random factor;Utilize the described simulation card in described simulation card certificate public The first connection decryption random factor and described second after key, described deciphering connects the second connection signature described in decryption random factor pair and verifies;Test Demonstrate,prove described second connect signature correct after, verify that after described deciphering the first connection decryption random factor is connected random factor whether phase with described first With;Verify after described deciphering first connection the decryption random factor with described first connect random factor identical after, at least with described second connection with Machine decryption factor generates described cutting ferrule end the first safe transmission key between described cutting ferrule and described simulation card;
Described simulation card, is additionally operable to connect random factor at least with described second and generates the described analog card between described cutting ferrule and described simulation card Bit end safe transmission key.
18. systems according to claim 15, it is characterised in that described first equipment is cutting ferrule, described second equipment is Truth cards pipe Reason device;
Described cutting ferrule, carries out the trigger command bound for reception for instruction and described Truth cards manager;By wireless network to described truly Card management device sends the second binding instruction, and wherein, described second binding instruction includes: the 3rd binding random factor, the cutting ferrule that described cutting ferrule generates Certificate and cutting ferrule uniquely identify;
Described Truth cards manager, is used for receiving described second binding instruction, utilizes root certificate to verify described cutting ferrule certificate;Checking is described After cutting ferrule certificate is legal, generate the 4th binding random factor;Utilize cutting ferrule PKI in described cutting ferrule certificate to described 3rd binding random factor and Described 4th binding random factor is encrypted acquisition second binding ciphertext, utilize Truth cards manager private key to described 3rd binding random factor with And described 4th binding random factor carry out signature obtain the 3rd binding signature;The second binding response is sent to described cutting ferrule by wireless network, wherein, Described second binding response includes: described second binding ciphertext, described 3rd binding signature, Truth cards manager certificate and Truth cards management Device uniquely identifies;
Described cutting ferrule, is additionally operable to receive described second binding response, utilizes root certificate to verify described Truth cards manager certificate;Checking institute State Truth cards manager certificate legal after, utilize described cutting ferrule private key to described second binding ciphertext be decrypted, it is thus achieved that the 3rd binding decryption random The factor and the 4th binding decryption random factor;Utilize the Truth cards manager PKI in described Truth cards manager certificate, described 3rd binding with 3rd binding signature described in machine decryption factor and described 4th binding decryption random factor pair is verified;Verify that described 3rd binding signature is correct After, verify that the described 3rd binding decryption random factor is the most identical with described 3rd binding random factor;Verify the described 3rd binding decryption random factor After identical with described 3rd binding random factor, described Truth cards manager is pointed out uniquely to identify;Reception is used for confirming described Truth cards manager The trigger command that unique mark is correct, utilizes described cutting ferrule private key to enter described 3rd binding random factor and the described 4th binding decryption random factor Row signature, it is thus achieved that the 4th binding signature, and store described Truth cards manager uniquely identify, described Truth cards manager certificate and cutting ferrule Holding the second binding factor to cutting ferrule end the second list of bindings, wherein, described cutting ferrule end the second binding factor is the described 4th binding decryption random factor; Described 4th binding signature is sent to described Truth cards manager;
Described Truth cards manager, is additionally operable to receive described 4th binding signature, utilizes the described cutting ferrule PKI in described cutting ferrule certificate, the 3rd ties up Determine random factor and described 4th binding signature is verified by described 4th binding random factor;After verifying that described 4th binding signature is correct, deposit Store up described cutting ferrule uniquely identify, described cutting ferrule certificate and Truth cards manager end binding factor to true card management device end list of bindings, wherein, Described Truth cards manager end binding factor is described 4th binding random factor.
19. systems according to claim 18, it is characterised in that
Described cutting ferrule, is additionally operable to send the 3rd secure connection instruction setting up secure connection for instruction, wherein, institute to described Truth cards manager State the 3rd secure connection instruction to include: described cutting ferrule utilizes the described Truth cards manager PKI in described Truth cards manager certificate to described card 5th connection random factor of set end the second binding factor and generation is encrypted the 5th connection ciphertext of acquisition, and described cutting ferrule utilizes described cutting ferrule private Key connects random factor and carries out the 5th connection signature that signature obtains described cutting ferrule end the second binding factor and the described 5th;
Described Truth cards manager, is additionally operable to receive described 3rd secure connection instruction, utilizes described Truth cards manager private key to the described 5th Connect ciphertext to be decrypted, it is thus achieved that cutting ferrule end second is bound decryption factor and the 5th and connected the decryption random factor;Utilize the institute in described cutting ferrule certificate State cutting ferrule PKI, described cutting ferrule end second binds decryption factor and the 5th connection signature described in described 5th connection decryption random factor pair is tested Card;After verifying that described 5th connection signature is correct, verify that described cutting ferrule end second binds decryption factor and described Truth cards manager end binding factor The most identical;Verify described cutting ferrule end second bind decryption factor identical with described Truth cards manager end binding factor after, generate the 6th connection with The machine factor;Utilize the described cutting ferrule PKI in described cutting ferrule certificate to connect the decryption random factor to the described 5th and described 6th connection random factor enters Row encryption obtains the 6th connection ciphertext, utilizes described Truth cards manager private key to connect the decryption random factor and described 6th connection to the described 5th Random factor carries out signature and obtains the 6th connection signature;The 3rd secure connection response, wherein, described 3rd secure connection response is sent to described cutting ferrule Including: the described 6th connects ciphertext and the described 6th connects signature;
Described cutting ferrule, is additionally operable to receive described 3rd secure connection response, utilizes described cutting ferrule private key to connect ciphertext to the described 6th and be decrypted, obtain The 5th connection decryption random factor and the 6th after must deciphering connects the decryption random factor;Utilize in described Truth cards manager certificate described truly The 5th connection decryption random factor and the described 6th after card management device PKI, described deciphering connects the 6th connection signature described in decryption random factor pair Verify;After verifying that described 6th connection signature is correct, verify that the after described deciphering the 5th connection decryption random factor is connected with the described 5th at random The factor is the most identical;After verifying that the 5th connection decryption random factor after described deciphering is identical with described 5th connection random factor, at least with described 6th connects the decryption random factor generates described cutting ferrule end the second safe transmission key between described cutting ferrule and described Truth cards manager;
Described Truth cards manager, is additionally operable to connect random factor at least with the described 6th and generates between described cutting ferrule and described Truth cards manager Described Truth cards manager end safe transmission key.
20. according to the system described in any one of claim 16 to 19, it is characterised in that described cutting ferrule is mobile device.
21. according to the system described in any one of claim 16 to 19, it is characterised in that described cutting ferrule is mobile device and electronic signature equipment, Or described cutting ferrule is electronic signature equipment.
22. 1 kinds of data interaction systems, it is characterised in that including: the first equipment and the second equipment;Wherein,
First equipment and the second equipment mutual authentication the other side's certificate and the other side's identity, and after both sides, all certification is passed through, be each stored in verification process The binding factor generated;
Described first equipment and described second equipment mutual authentication the other side identity again, and during the described the other side's identity of mutual authentication again, generate peace Entirely transmit cryptographic key factor, after the described the other side's identity of mutual authentication again is passed through, at least with storage binding factor and described safe transmission key because of Son generates the safe transmission key carrying out Security Data Transmission between described first equipment and described second equipment, and verifies the safe transmission that both sides generate Key is the most identical;
After the safe transmission key of checking both sides' generation is identical, between described first equipment and described second equipment, utilize the described safe transmission of generation Key carries out data interaction.
23. systems according to claim 22, it is characterised in that described first equipment is cutting ferrule, described second equipment is simulation card;
Described cutting ferrule, carries out the trigger command bound for reception for instruction and described simulation card;Send the first binding to described simulation card to refer to Order, wherein, described first binding instruction includes: the first binding random factor, cutting ferrule certificate and cutting ferrule that described cutting ferrule generates uniquely identify;
Described simulation card, is used for receiving described first binding instruction, utilizes root certificate to verify described cutting ferrule certificate;Verify that described cutting ferrule is demonstrate,proved After book is legal, generate the second binding random factor;Utilize cutting ferrule PKI in described cutting ferrule certificate to described first binding random factor and described the Two binding random factors are encrypted acquisition the first binding ciphertext, utilize simulation card private key to tie up described first binding random factor and described second Determine random factor and carry out signature acquisition the first binding signature;Sending the first binding response to described cutting ferrule, wherein, described first binding response includes: Described first binding ciphertext, described first binding signature, simulation card certificate and simulation card uniquely identify;
Described cutting ferrule, is additionally operable to receive described first binding response, utilizes root certificate to verify described simulation card certificate;Verify described simulation After card certificate is legal, utilize described cutting ferrule private key that described first binding ciphertext is decrypted, it is thus achieved that the first binding decryption random factor and second is tied up Determine the decryption random factor;The simulation card PKI in described simulation card certificate, the described first binding decryption random factor and described second is utilized to tie up Determine the first binding signature described in decryption random factor pair to verify;After verifying that described first binding signature is correct, verify described first binding RANDOM SOLUTION The close factor is the most identical with described first binding random factor;Verify that the described first binding decryption random factor is identical with described first binding random factor After, point out described simulation card uniquely to identify;Receive for confirming that described simulation card uniquely identifies correct trigger command, utilize described cutting ferrule private Described first binding random factor and the described second binding decryption random factor are signed by key, it is thus achieved that the second binding signature, and storage is described Simulation card uniquely identifies, described simulation card certificate and cutting ferrule end the first binding factor be to cutting ferrule end the first list of bindings, wherein, described cutting ferrule Holding the first binding factor is the described second binding decryption random factor;Described second binding signature is sent to described simulation card;
Described simulation card, is additionally operable to receive described second binding signature, utilizes the described cutting ferrule PKI in described cutting ferrule certificate, the first binding random Described second binding signature is verified by the factor and described second binding random factor;After verifying that described second binding signature is correct, storage is described Cutting ferrule uniquely identifies, described cutting ferrule certificate and analog card bit end binding factor to analog card bit end list of bindings, wherein, described analog card bit end is tied up Determining cause is described second binding random factor.
24. systems according to claim 23, it is characterised in that
Described cutting ferrule, is additionally operable to receive the 3rd connection random factor and described simulation card of the described simulation card generation that described simulation card sends Unique mark;Send the second secure connection instruction setting up secure connection for instruction to described simulation card, wherein, described second secure connection refers to Order includes: described cutting ferrule uniquely identifies, described cutting ferrule utilizes the described simulation card PKI in described simulation card certificate to connect random to the described 3rd 4th connection random factor of the factor and generation is encrypted the 3rd connection ciphertext of acquisition, described cutting ferrule utilizes described cutting ferrule private key to the described 3rd Connect random factor and described 4th connection random factor carries out the 3rd connection signature that signature obtains;
Described simulation card, is additionally operable to receive described second secure connection instruction, it is judged that described cutting ferrule uniquely identifies whether to tie up in described analog card bit end Determine in list;If described cutting ferrule uniquely identifies in described analog card bit end list of bindings, utilize described simulation card private key to described 3rd connection Ciphertext is decrypted, it is thus achieved that the 3rd connects the decryption random factor and the 4th connects the decryption random factor;Utilize the described cutting ferrule in described cutting ferrule certificate PKI, the described 3rd connection decryption random factor and the described 4th connect the 3rd connection signature described in decryption random factor pair and verify;Checking institute State the 3rd connection signature correct after, verify that the described 3rd connects the decryption random factor to be connected random factor with the described 3rd the most identical;If described It is identical that the three connection decryption random factors connect random factor with the described 3rd, utilizes described simulation card private key to connect the decryption random factor to the described 3rd And described 4th connect the decryption random factor carry out signature obtain the 4th connection signature;Send the second secure connection to described cutting ferrule to respond, wherein, Described second secure connection response includes: the described 4th connects signature;
Described cutting ferrule, is additionally operable to receive described second secure connection response, utilize the described simulation card PKI in described simulation card certificate, the 3rd Connect random factor and described 4th connection random factor connects signature to the described 4th and verifies;After verifying that described 4th connection signature is correct, extremely Utilize the described 4th to connect random factor less and described cutting ferrule end the first binding factor generates the described cutting ferrule between described cutting ferrule and described simulation card Hold the first safe transmission key;
Described simulation card, is additionally operable to connect the decryption random factor at least with the described 4th and described analog card bit end binding factor generates described card Described analog card bit end safe transmission key between set and described simulation card;
Described cutting ferrule, is additionally operable to utilize the 3rd connection random factor and the described 4th described in described cutting ferrule end the first safe transmission double secret key to connect random The factor sends to described simulation card after carrying out the first process;
Described simulation card, is additionally operable to utilize the 3rd connection decryption random factor and the described 4th described in described analog card bit end safe transmission double secret key Connect after the decryption random factor carries out the first process and send to described cutting ferrule;
Described cutting ferrule, is additionally operable to receive the data that described simulation card sends, and utilizes the number that described cutting ferrule end the first safe transmission double secret key receives According to carrying out the second process, compare the data after the second process be connected with the described 3rd random factor and described 4th connect random factor the most identical;
Described simulation card, is additionally operable to receive the data that described cutting ferrule sends, and utilizes the number that described analog card bit end safe transmission double secret key receives According to carrying out the second process, compare the data after the second process be connected with the described 3rd the decryption random factor and described 4th connect the decryption random factor be No identical.
25. systems according to claim 22, it is characterised in that described first equipment is cutting ferrule, described second equipment is Truth cards pipe Reason device;
Described cutting ferrule, carries out the trigger command bound for reception for instruction and described Truth cards manager;By wireless network to described truly Card management device sends the second binding instruction, and wherein, described second binding instruction includes: the 3rd binding random factor, the cutting ferrule that described cutting ferrule generates Certificate and cutting ferrule uniquely identify;
Described Truth cards manager, is used for receiving described second binding instruction, utilizes root certificate to verify described cutting ferrule certificate;Checking is described After cutting ferrule certificate is legal, generate the 4th binding random factor;Utilize cutting ferrule PKI in described cutting ferrule certificate to described 3rd binding random factor and Described 4th binding random factor is encrypted acquisition second binding ciphertext, utilize Truth cards manager private key to described 3rd binding random factor with And described 4th binding random factor carry out signature obtain the 3rd binding signature;The second binding response is sent to described cutting ferrule by wireless network, wherein, Described second binding response includes: described second binding ciphertext, described 3rd binding signature, Truth cards manager certificate and Truth cards management Device uniquely identifies;
Described cutting ferrule, is additionally operable to receive described second binding response, utilizes root certificate to verify described Truth cards manager certificate;Checking institute State Truth cards manager certificate legal after, utilize described cutting ferrule private key to described second binding ciphertext be decrypted, it is thus achieved that the 3rd binding decryption random The factor and the 4th binding decryption random factor;Utilize the Truth cards manager PKI in described Truth cards manager certificate, described 3rd binding with 3rd binding signature described in machine decryption factor and described 4th binding decryption random factor pair is verified;Verify that described 3rd binding signature is correct After, verify that the described 3rd binding decryption random factor is the most identical with described 3rd binding random factor;Verify the described 3rd binding decryption random factor After identical with described 3rd binding random factor, described Truth cards manager is pointed out uniquely to identify;Reception is used for confirming described Truth cards manager The trigger command that unique mark is correct, utilizes described cutting ferrule private key to enter described 3rd binding random factor and the described 4th binding decryption random factor Row signature, it is thus achieved that the 4th binding signature, and store described Truth cards manager uniquely identify, described Truth cards manager certificate and cutting ferrule Holding the second binding factor to cutting ferrule end the second list of bindings, wherein, described cutting ferrule end the second binding factor is the described 4th binding decryption random factor; Described 4th binding signature is sent to described Truth cards manager;
Described Truth cards manager, is additionally operable to receive described 4th binding signature, utilizes the described cutting ferrule PKI in described cutting ferrule certificate, the 3rd ties up Determine random factor and described 4th binding signature is verified by described 4th binding random factor;After verifying that described 4th binding signature is correct, deposit Store up described cutting ferrule uniquely identify, described cutting ferrule certificate and Truth cards manager end binding factor to true card management device end list of bindings, wherein, Described Truth cards manager end binding factor is described 4th binding random factor.
26. systems according to claim 25, it is characterised in that
Described cutting ferrule, is additionally operable to receive the 7th connection random factor and institute of the described Truth cards manager generation that described Truth cards manager sends State Truth cards manager uniquely to identify;The 4th secure connection instruction setting up secure connection for instruction is sent to described Truth cards manager, its In, described 4th secure connection instruction include: described cutting ferrule uniquely identifies, described cutting ferrule utilize in described Truth cards manager certificate described very Real card management device PKI connect the described 7th the 8th connection random factor of random factor and generation be encrypted acquisition the 7th connection ciphertext, Described cutting ferrule utilizes described cutting ferrule private key to connect random factor to the described 7th and described 8th connection random factor carries out the 7th of signature acquisition and connects Connect signature;
Described Truth cards manager, is additionally operable to receive described 4th secure connection instruction, it is judged that described cutting ferrule uniquely identifies whether at described true card In sheet manager end list of bindings;If described cutting ferrule uniquely identifies in described Truth cards manager end list of bindings, utilize described Truth cards Manager private key connects ciphertext to the described 7th and is decrypted, it is thus achieved that the 7th connects the decryption random factor and the 8th connects the decryption random factor;Utilize Described cutting ferrule PKI in described cutting ferrule certificate, the described 7th connect the decryption random factor and the described 8th and connect described in decryption random factor pair the 7th Connect signature to verify;After verifying that described 7th connection signature is correct, verify that the described 7th connection decryption random factor is connected with the described 7th at random The factor is the most identical;If it is identical that the described 7th connection decryption random factor connects random factor with the described 7th, utilize described Truth cards manager Private key connects the decryption random factor to the described 7th and the described 8th connection decryption random factor carries out signature and obtains the 8th connection signature;To described card Set sends the 4th secure connection response, and wherein, described 4th secure connection response includes: the described 8th connects signature;
Described cutting ferrule, is additionally operable to receive described 4th secure connection response, utilizes the described Truth cards in described Truth cards manager certificate to manage Device PKI, the 7th connection random factor and the described 8th connect random factor and verify described 8th connection signature;Verify that the described 8th connects label After name is correct, connects random factor at least with the described 8th and described cutting ferrule end the second binding factor generates described cutting ferrule and described Truth cards pipe Described cutting ferrule end the second safe transmission key between reason device;
Described Truth cards manager, be additionally operable at least with described 8th connect the decryption random factor and described Truth cards manager end binding because of Son generates the described Truth cards manager end safe transmission key between described cutting ferrule and described Truth cards manager;
Described cutting ferrule, is additionally operable to utilize the 7th connection random factor and the described 8th described in described cutting ferrule end the second safe transmission double secret key to connect random The factor sends to described Truth cards manager after carrying out the first process;
Described Truth cards manager, is additionally operable to utilize the 7th connection decryption random factor described in described Truth cards manager end safe transmission double secret key And the described 8th connect the decryption random factor and carry out sending to described cutting ferrule after the first process;
Described cutting ferrule, is additionally operable to receive the data that described Truth cards manager sends, and utilizes described cutting ferrule end the second safe transmission double secret key to receive To data carry out the second process, compare the data after the second process and be connected with the described 7th whether random factor and the described 8th connects random factor Identical;
Described Truth cards manager, is additionally operable to receive the data that described cutting ferrule sends, and utilizes described Truth cards manager end safe transmission key The data received are carried out the second process, compare the data after the second process be connected with the described 7th the decryption random factor and described 8th connect with Machine decryption factor is the most identical.
27. according to the system described in any one of claim 23 to 26, it is characterised in that described cutting ferrule is mobile device.
28. according to the system described in any one of claim 23 to 26, it is characterised in that described cutting ferrule is mobile device and electronic signature equipment, Or described cutting ferrule is electronic signature equipment.
CN201510056316.7A 2014-11-07 2015-02-03 Data interaction method and system CN105989481A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2014106418726 2014-11-07
CN201410641872 2014-11-07

Publications (1)

Publication Number Publication Date
CN105989481A true CN105989481A (en) 2016-10-05

Family

ID=57035827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510056316.7A CN105989481A (en) 2014-11-07 2015-02-03 Data interaction method and system

Country Status (1)

Country Link
CN (1) CN105989481A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850680A (en) * 2017-03-20 2017-06-13 株洲中车时代电气股份有限公司 A kind of intelligent identity identification method and device for Transit Equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183468A (en) * 2006-11-13 2008-05-21 杨文烈 Terminal login system and method
CN103813333A (en) * 2014-02-21 2014-05-21 天地融科技股份有限公司 Data processing method based on negotiation keys
CN103886455A (en) * 2012-12-19 2014-06-25 Nxp股份有限公司 Digital wallet device for virtual wallet

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183468A (en) * 2006-11-13 2008-05-21 杨文烈 Terminal login system and method
CN103886455A (en) * 2012-12-19 2014-06-25 Nxp股份有限公司 Digital wallet device for virtual wallet
CN103813333A (en) * 2014-02-21 2014-05-21 天地融科技股份有限公司 Data processing method based on negotiation keys

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850680A (en) * 2017-03-20 2017-06-13 株洲中车时代电气股份有限公司 A kind of intelligent identity identification method and device for Transit Equipment

Similar Documents

Publication Publication Date Title
CN103544599B (en) Embedded-type security element for authenticating, storing and trading in mobile terminal
AU2011205391B2 (en) Anytime validation for verification tokens
AU2010315111B2 (en) Verification of portable consumer devices for 3-D secure services
CN103714639B (en) A kind of method and system that realize the operation of POS terminal security
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
CN102315942B (en) Security terminal with Bluetooth and communication method thereof of security terminal and client end
US20140297539A1 (en) Dongle device with rechargeable power supply for a secure electronic transaction
CN101300808B (en) Method and arrangement for secure autentication
US20020112156A1 (en) System and method for secure smartcard issuance
Aarts et al. Formal models of bank cards for free
CN103201998B (en) For the protection of the data processing of the local resource in mobile device
CN103415855B (en) Mass-memory unit memory encryption method, system and device
CN104951937B (en) Method for authenticating and right discriminating system between a kind of mobile equipment
CN101923660B (en) Dynamic password identity authorization system and method based on RFID
JP6264674B2 (en) Authentication system and method using QR code
US9674705B2 (en) Method and system for secure peer-to-peer mobile communications
CN103259667A (en) Method and system for eID authentication on mobile terminal
ES2403233T3 (en) Method for authenticating access to a chip protected by a test device
CN103136664A (en) Trading system and trading method of smart card with electronic signature function
EP2973343A1 (en) Pending deposit for payment processing system
Chen et al. NFC mobile payment with Citizen Digital Certificate
CN103617531B (en) Safe payment method based on credible two-dimension code and device
CN102123027A (en) Information security processing method and mobile terminal
CN102789607B (en) A kind of network trading method and system
CN110337797A (en) Method for executing two-factor authentication

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination