CN105989489B - A kind of method and payment terminal of IC card networking certification - Google Patents

A kind of method and payment terminal of IC card networking certification Download PDF

Info

Publication number
CN105989489B
CN105989489B CN201510053726.6A CN201510053726A CN105989489B CN 105989489 B CN105989489 B CN 105989489B CN 201510053726 A CN201510053726 A CN 201510053726A CN 105989489 B CN105989489 B CN 105989489B
Authority
CN
China
Prior art keywords
card
data
networked terminals
key
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510053726.6A
Other languages
Chinese (zh)
Other versions
CN105989489A (en
Inventor
陈校立
黄勇
刘本颖
武凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN CHTIOT INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHENZHEN CHTIOT INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN CHTIOT INFORMATION TECHNOLOGY Co Ltd filed Critical SHENZHEN CHTIOT INFORMATION TECHNOLOGY Co Ltd
Priority to CN201510053726.6A priority Critical patent/CN105989489B/en
Publication of CN105989489A publication Critical patent/CN105989489A/en
Application granted granted Critical
Publication of CN105989489B publication Critical patent/CN105989489B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention provides the method and payment terminal of a kind of IC card networking certification, this method is authenticated in using IC card networking payment process using process of the commercial cipher to IC card networking payment;Include the steps that the whether legal progress authenticating step of IC card and carries out secrecy processing in the process using IC card data of the SM7 algorithm to reading.The payment terminal, including reader device, processing unit, network communication device, further include security module.The present invention has the high feature of the close security level of quotient.

Description

A kind of method and payment terminal of IC card networking certification
Technical field
It is the present invention relates to mobile payment security field, in particular to a kind of that IC card networking certification is realized using commercial cipher Method and payment terminal.
Background technique
As China's mobile payment industry standard system, market environment, ecosystem constantly improve and technical products, quotient The innovation of industry mode supports, and mobile payment industrial market scale constantly expands, and continues to keep high-order growth, lead finance, Also bring great market opportunity while the fields innovation and development such as telecommunications, internet, traffic, lot of domestic and foreign science and technology, internet, Successively layout enters financial magnate to a high-profile, and under inter-trade fusion development spring tide, the mobile payment ecosphere constantly tends to optimize, city Honest step is developed forward in field.
However, with the fast development of Mobile payment terminal, card breaking techniques are also being rapidly developed, to each layer of country The level security in face causes huge threat, therefore a kind of using the peace with China's independent intellectual property right there is an urgent need to provide The system of full technology.
" Business Code Regulations " the chapter 1 Article 2 regulation implemented according to State Council on October 7 publication in 1999: Commercial cipher alleged by this provision refers to and encrypts to the information for not being related to state secret content or safety certification is used Cryptographic technique and password product.
Cryptographic technique is to protect the important means of information security, it is being protected by recompiling to information such as data While demonstrate,proving integrality and correctness, also guarantees the confidentiality of information, prevent information to be tampered, forge and reveal.Encryption is to make The process that information can not be interpreted in the case where unauthorized.Encryption according to being a kind of cryptographic algorithm and should at least have a kind of key, Even if being aware of algorithm for encryption information, without key, information can not be also interpreted.The application field of commercial cipher is very wide General, national Password Management office has formulated the commercial ciphers algorithm such as SM1, SM7, is mainly used for not being related to state secret content But internal information, administrative affair information, the economic information etc. with sensibility encrypt.Such as: commercial cipher can Transmission encryption, the storage encryption of all kinds of sensitive informations for enterprise, prevent illegal third party from obtaining the information content;It can also be used for Various safety certifications, e-payment, digital signature etc..
In view of this, seek it is a kind of use commercial cipher realize IC card networking certification method and Mobile payment terminal be this Field solves IC card and is cracked the fundamental way that data threaten.
Summary of the invention
The present invention realizes that networking pays faced safety problem for current IC card, provides a kind of IC card networking certification Method and Mobile payment terminal use the close security algorithm of SM7 state in the method for networking certification IC;It is provided in the networked terminals The close security module of SM7 state.
The technical scheme is that a kind of method of IC card networking certification, this method was paid using IC card networking Cheng Zhong is authenticated using process of the commercial cipher to IC card networking payment;The following steps are included:
Step A, whether legal to IC card to authenticate before networked terminals card reading, if certification is not failed by return authentication, Terminate this transaction;Continue subsequent processing if if authenticating;
Step B, networked terminals read IC card data;
Networked terminals send a command to IC card, obtain IC card NO and data Data, by IC card NO and data Data into Row DES operation obtains IC card data D1;
Step C, the IC card data D1 of reading is done cryptographic calculation by networked terminals;
Networked terminals generate key pair t1 and t2, are encrypted IC card data D1 SM7 algorithm, key t1 to obtain data D2, by data D2 and t2 progress des encryption formed it is close after IC card encryption data D3;
Step D, IC card encryption data D3 is sent to encryption equipment management server;
Step E, after encryption equipment management server receives IC card encryption data D3, by DES to IC card encryption data D3 Decryption obtains data D2 and key t2, and data D2 is decrypted by key t2 to obtain data D4, if data D4 is equal to IC card Data D1 then IC card networking certification success continues DES decryption returned data if mistake and returns to false command code.
The present invention also provides a kind of payment terminals, including reader device, processing unit, network communication device, further include peace Full module;
The security module is equipped with SM7 national secret algorithm, calculates containing the specified 128 SM7 block ciphers of national Password Management office Method;
The processing unit is connected with reader device, receives and carries out authentication processing by the IC card signal of reader device, leads to Cross the network communication device and encryption equipment management server communication.
The present invention due to use above technical scheme, be allowed to compared with prior art, the invention has the following advantages that
1, this networking certification terminal inner includes the password that national Password Management office specifies 128 SM7 block ciphers Module has the close security level of quotient, has multiple authentication security mechanism, thoroughly relieves IC card data and usurps bring and asks safely Topic.
2, the SM7 security module of this networking certification terminal uses QFN packaged type, is carried out by processor to security module Management, is conducive to data safety.
3, the data of terminal security resume module are passed through server by the service system on backstage by this networking certification terminal Terminal is returned again to after processing, improves the safety and reliability of terminal.
4, this networking certification terminal supports off line and on-line operation;
This networking certification terminal has commercial cipher security authentication mechanism, has data security protecting and networking certification function Can, it is suitable for the use of the systems such as e-payment, member management.
Control the drawings and specific embodiments carry out more further instruction to the present invention below.
Detailed description of the invention
Attached drawing 1 is a kind of connection block diagram using the networking certification terminal based on SM7 national secret algorithm of the invention.
A kind of main working process figure using the networking certification terminal based on SM7 national secret algorithm of the invention of attached drawing 2.
Specific embodiment
Embodiment 1: the present invention provides a kind of payment terminal close based on SM7 state,
Payment card terminal can carry out secure payment, carry out online payment using the IC card with e-payment feature.Such as Shown in Fig. 1, payment terminal includes read head module, processor, the security module with SM7 national secret algorithm, network transmission module.
Processor is separately connected read head module, security module, network transmission module and interaction data.Read head module is in safety Under the assistance of module, the data exchange between processor and IC card is completed.Read head module is for carrying out data exchange with IC card Module, there are many type, more commonly used such as NFC module or other card reader modules.
Security module includes commercial cipher algorithm, specifies 128 SM7 block ciphers containing national Password Management office, Complete secure cryptographic computations.Crypto module uses QFN chip package mode, and the budget and management of key are completed by processor, Guarantee safety.
Encryption equipment management server is the intermediary being mutually authenticated between security module and processor and IC card, is passed through The server completes safety certification.
Embodiments of the present invention are as follows:
Referring to Fig. 1, the present invention is a kind of networking certification terminal based on the close security algorithm of SM7 state, and processor is at data The control core part of reason, using ARM9 series processors, built-in a variety of Multi- channel Communication Ports load networked terminals program, Under the control of these programs, the various pieces of terminal are managed.
Security module with SM7 algorithm is security kernel part in networking certification terminal.It contains national Password Management Office specifies 128 SM7 block ciphers.Under the control of a processor, it is responsible for key authentication and the certification of SM7 algorithm and number According to protection.
Security module with SM7 national secret algorithm uses QFN packaged type, is managed by processor to security module Or upgrading, be conducive to data safety, be conducive to protect commercial cipher safety.
Processor is transmitted to encryption equipment management server by connection network transmission module, by IC card data, completes networking Verifying, guarantees the safety of data information.
The circuit of security module based on SM7 national secret algorithm is welded on mainboard.Security module is carried out by processor Management and update, simplify the volume of circuit, and be conducive to the safety and control of commercial cipher.
Referring to Fig. 2, the groundwork of the networking certification terminal based on the close security algorithm of SM7 state is shown in figure --- it reads The process of data.By operating method of the invention, operating procedure is as follows:
(1) user swipes the card in networked terminals.At this point, networked terminals authenticate the legitimacy of IC itself.
(2) networked terminals authenticate IC card under the action of processor and SM7 state close security module.If certification is not by returning It returns;Continue subsequent processing if if authenticating.
In the present embodiment, in order to guarantee to use legal IC card, when issuing IC, a pair of secret keys s1, s2 is generated, Middle s2 is stored in the memory of IC card, and key s1 is stored in card sending mechanism.
To the certification of IC card legitimacy, there are two types of modes:
First way can read this key s2 in memory, simultaneously when networked terminals read IC card information Generate a random number X.After networked terminals read key s2 and random number X, SM7 algorithm, close is utilized in networked terminals Key s2 is encrypted to obtain Y to random number X.
Another mode is that key s2 cannot be networked terminal reading, in IC card, when networked terminals pass through card reader When reading IC card for information about, the circuit in IC card is activated first, and generate a random number X, the circuit in IC card utilizes SM7 Algorithm, key s2 are encrypted to obtain Y to random number X.Then networked terminals read random number X and Y by card reader.
Both above mode is in two different IC card authentication modes, and main difference is somewhere to use SM7 algorithm, key s2 encrypt random number X to obtain Y, each have their own feature of two ways: the IC card knot of first way Structure is simpler, it is only necessary to have one storage key s2 memory can, the second way is safer, because its is close Key s2 cannot be read, but structure slightly complicated, it needs security module, here mainly the close security module of SM7 state and benefit Random number X is encrypted to obtain the circuit module of Y with SM7 algorithm, key s2.
, can be when networked terminals pass through card reader card reading about random number X, one random number of networked terminals inner utilization Generation module triggers generation in card reading, can also be generated when card reader activates IC card by IC card.If it is by networked terminals It generates random number X and sends IC card from networked terminals for random number then in the second way, calculated in IC card using SM7 Method, key s2 encrypt random number X to obtain the circuit module of Y.If random number X is generated in IC card, after generating Y It is read in networked terminals by card reader together.For in first way, if random number X is generated by networked terminals, no It needs to be sent to IC card, the key s2 in this random number and the IC card read is directly utilized in networked terminals Generate Y.
It can be identical substantially as the step of behind IC card legitimate authentication, networked terminals send random number X and Y to Mechanism for card;In card sending mechanism, generation is decrypted to Y in the key s1 generated together with key s2 when using SM7 algorithm, hair fastener Data Z returns to the information who passes through to networked terminals, otherwise returns to error coded if data Z=X.
If IC card be it is legal, carry out following step, otherwise terminate.
(3) networked terminals read IC card data under the action of MCU and SM7 crypto module.IC card data include IC card number NO and data Data.
(4) data of reading are done cryptographic calculation under the action of MCU and SM7 crypto module by networked terminals.
And obtain IC card NO and data Data and carry out DES operation, obtain data D1;
Networked terminals generate key pair t1 and t2, are encrypted data D1 SM7 algorithm, key t1 to obtain data D2, By data D2 and t2 progress des encryption formed it is close after IC card data D3;
(5) data are sent to encryption equipment management server by network transmission module.
(6) encryption equipment management server is handled by key, and returned data returns to mistake if mistake if success Accidentally instruction code.
The process and the inverse process of previous step (4) just of the step, encryption equipment management server receives encrypted After IC card data D3, encrypted IC card data D3 is decrypted to obtain data D2 and key t2 by DES, passes through key t2 logarithm It is decrypted to obtain data D4 according to D2, succeed if data D4 is equal to data D1, continue DES decryption returned data, if wrong Accidentally, then false command code is returned.
In conclusion function and advantage possessed by the IC card networked terminals using commercialization SM7 crypto module of the invention Are as follows: the safety of transaction data is effectively ensured, there is multiple authentication security mechanism, thoroughly relieves IC card data and usurps bring peace Full problem;The SM7 security module of networking certification terminal uses QFN packaged type, is managed by processor to security module, Be conducive to data safety;Networking certification terminal is by the service system on backstage by the data of terminal security resume module by service Terminal is returned again to after device processing, improves the safety and reliability of terminal;Networking certification terminal supports off line and on-line operation.
Certainly, those skilled in the art in the art are it should be appreciated that above-described embodiment is intended merely to illustrate this hair It is bright, and be not used as limitation of the invention, if in spirit of the invention, to the variation of above-described embodiment, Modification etc. will all be fallen within the scope of the claims.

Claims (4)

1. a kind of method of IC card networking certification, it is characterised in that: this method is in using IC card networking payment process, using quotient It is authenticated with process of the password to IC card networking payment;The following steps are included:
Step A, whether legal to IC card to authenticate before networked terminals card reading, if certification is not failed by return authentication, terminate This transaction;Continue subsequent processing if if authenticating;
Step B, networked terminals read IC card data;
Networked terminals send a command to IC card, obtain IC card NO and data Data, and IC card NO and data Data is carried out DES Operation obtains IC card data D1;
Step C, the IC card data D1 of reading is done cryptographic calculation by networked terminals;
Networked terminals generate key pair t1 and t2, are encrypted IC card data D1 SM7 algorithm, key t1 to obtain data D2, By data D2 and t2 progress des encryption formed it is close after IC card encryption data D3;
Step D, IC card encryption data D3 is sent to encryption equipment management server;
Step E, after encryption equipment management server receives IC card encryption data D3, IC card encryption data D3 is decrypted by DES Data D2 and key t2 are obtained, data D2 is decrypted by key t2 to obtain data D4, if data D4 is equal to IC card data D1 then IC card networking certification success continues DES decryption returned data if mistake and returns to false command code.
2. the method for IC card networking certification according to claim 1, it is characterised in that: include following in the step A Step:
Step A01, networked terminals activate IC card by card reader;
Step A02, in IC card generate a random number X, using SM7 algorithm, the key s2 saved in IC card to random number X into Row encryption obtains Y;
Step A03, networked terminals read random number X and Y by card reader;
Step A04, random number X and Y are sent card sending mechanism by networked terminals;
Step A05, in card sending mechanism, the key s1 generated together with key s2 when using SM7 algorithm, hair fastener solves Y It is dense at data Z, if data Z=X, return to the information who passes through to networked terminals, otherwise return to error coded.
3. the method for IC card networking certification according to claim 1, it is characterised in that: include following in the step A Step:
Step A11, networked terminals activate IC card by card reader;
Step A12, networked terminals read the random number X that IC card generates and the key s2 being stored in IC;
Step A13, networked terminals are encrypted to obtain Y using SM7 algorithm, key s2 to random number X;
Step A14, random number X and Y are sent card sending mechanism by networked terminals;
Step A15, in card sending mechanism, the key s1 generated together with key s2 when using SM7 algorithm, hair fastener solves Y It is dense at data Z, if data Z=X, return to the information who passes through to networked terminals, otherwise return to error coded.
4. a kind of payment terminal, including reader device, processing unit, network communication device, it is characterised in that: further include safe mould Block;
The security module is equipped with SM7 national secret algorithm, specifies 128 SM7 block ciphers containing national Password Management office;
The processing unit is connected with reader device, receives and carries out authentication processing by the IC card signal of reader device, certification is adopted With the method for IC card networking certification any in claims 1 to 3;Pass through the network communication device and encryption equipment management service Device communication.
CN201510053726.6A 2015-02-03 2015-02-03 A kind of method and payment terminal of IC card networking certification Expired - Fee Related CN105989489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510053726.6A CN105989489B (en) 2015-02-03 2015-02-03 A kind of method and payment terminal of IC card networking certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510053726.6A CN105989489B (en) 2015-02-03 2015-02-03 A kind of method and payment terminal of IC card networking certification

Publications (2)

Publication Number Publication Date
CN105989489A CN105989489A (en) 2016-10-05
CN105989489B true CN105989489B (en) 2019-07-05

Family

ID=57037257

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510053726.6A Expired - Fee Related CN105989489B (en) 2015-02-03 2015-02-03 A kind of method and payment terminal of IC card networking certification

Country Status (1)

Country Link
CN (1) CN105989489B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135194B (en) * 2017-02-09 2021-02-02 中国银联股份有限公司 Security information interaction method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004287590A (en) * 2003-03-19 2004-10-14 Matsushita Electric Ind Co Ltd Debugging system, microprocessor, and debugger
CN101593389B (en) * 2009-07-01 2012-04-18 中国建设银行股份有限公司 Key management method and key management system for POS terminal
CN104217327B (en) * 2014-09-25 2017-12-26 中孚信息股份有限公司 A kind of financial IC card internet terminal and its method of commerce

Also Published As

Publication number Publication date
CN105989489A (en) 2016-10-05

Similar Documents

Publication Publication Date Title
CN103701812B (en) TMK (Terminal Master Key) secure downloading method and system
CN100487715C (en) Date safety storing system, device and method
CN104217327B (en) A kind of financial IC card internet terminal and its method of commerce
CN109412812B (en) Data security processing system, method, device and storage medium
CN109361668A (en) A kind of data trusted transmission method
RU2584500C2 (en) Cryptographic authentication and identification method with real-time encryption
CN109905360B (en) Data verification method and terminal equipment
CN105160242B (en) Certificate loading method, certificate update method and the card reader of a kind of card reader
CN104756127A (en) Secure data handling by a virtual machine
AU2014256377A1 (en) Systems and methods for secure processing with embedded cryptographic unit
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN103036681B (en) A kind of password safety keyboard device and system
CN106603496A (en) Data transmission protection method, intelligent card, server, and communication system
CN110224834A (en) Identity identifying method, decryption and ciphering terminal based on dynamic token
CN104283686A (en) Digital right management method and system
CN104125064B (en) A kind of dynamic cipher authentication method, client and Verification System
CN109903052A (en) A kind of block chain endorsement method and mobile device
Putra et al. S-Mbank: Secure mobile banking authentication scheme using signcryption, pair based text authentication, and contactless smart card
CN108460597A (en) A kind of key management system and method
CN103606223A (en) Card authentication method and device
CN107733936A (en) A kind of encryption method of mobile data
WO2022132718A1 (en) Technologies for trust protocol with immutable chain storage and invocation tracking
CN110098925A (en) Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
CN100561913C (en) A kind of method of access code equipment
CN105989489B (en) A kind of method and payment terminal of IC card networking certification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190705

Termination date: 20200203

CF01 Termination of patent right due to non-payment of annual fee