CN105991538B - Data interaction method and system - Google Patents

Data interaction method and system Download PDF

Info

Publication number
CN105991538B
CN105991538B CN201510055906.8A CN201510055906A CN105991538B CN 105991538 B CN105991538 B CN 105991538B CN 201510055906 A CN201510055906 A CN 201510055906A CN 105991538 B CN105991538 B CN 105991538B
Authority
CN
China
Prior art keywords
card
real
sleeve
manager
card sleeve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510055906.8A
Other languages
Chinese (zh)
Other versions
CN105991538A (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Corp filed Critical Tendyron Corp
Priority to CN201910478054.1A priority Critical patent/CN110445748A/en
Publication of CN105991538A publication Critical patent/CN105991538A/en
Application granted granted Critical
Publication of CN105991538B publication Critical patent/CN105991538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a data interaction method and a data interaction system, wherein the method comprises the following steps: the card sleeve executes binding operation with the simulation card and the real card manager; the card sleeve establishes safe connection with the simulation card and establishes safe connection with a real card manager, and the card sleeve acquires and prompts a real card information list of a card sleeve end; receiving a real card selection instruction, and determining a selected real card; the simulation card receives data sent by the transaction terminal and sends the data to the card sleeve; the card sleeve prompts and receives a confirmation instruction and then sends the instruction to a real card manager; the real card manager sends the selected real card to the real card; the selected real card is sent to a real card manager after transaction processing; the real card manager sends the real card to the card sleeve; the card sleeve sends the card sleeve to the simulation card; and the simulation card is sent to the transaction terminal. The data interaction method and the data interaction system can provide a novel transaction solution which is convenient for a user to carry and has higher safety.

Description

Data interaction method and system
Technical Field
The invention relates to the technical field of electronic information security, in particular to a data interaction method and system.
Background
In the existing transaction flow, for example: when a user withdraws money or swipes a card for shopping, the user usually needs to carry a bank card transacted from a bank, certain safety risk exists when the user carries the bank card, and once the bank card is lost, the property of the user is easily lost. In addition, because the bank cards are various in types, a user may have a plurality of bank cards of different banks at the same time, and if the user needs to carry the bank cards of the different banks, the user is not portable enough, and if the user only carries some bank cards of the bank cards for carrying the bank cards conveniently, when the user uses the bank cards to withdraw money or uses a card for swiping a card for shopping, cross-bank transactions may occur, which may cause unnecessary expenses to occur in the transactions.
Therefore, there is a need in the art to provide a transaction solution that is convenient for users to carry and has high security.
Disclosure of Invention
The present invention is directed to solving the above problems.
The invention mainly aims to provide a data interaction method;
another object of the present invention is to provide a data interaction system.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a data interaction method, including: the card sleeve and the simulation card execute binding operation, and the card sleeve and the real card manager execute binding operation, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager; the card sleeve is in safe connection with the simulation card, a first safe transmission key at the card sleeve end and a safe transmission key at the simulation card end for carrying out data safe transmission between the card sleeve and the simulation card are obtained, the card sleeve is in safe connection with a real card manager, and a second safe transmission key at the card sleeve end and a safe transmission key at the real card manager end for carrying out data safe transmission between the card sleeve and the real card manager are obtained; the card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; the card sleeve prompts a card sleeve end real card information list; the card sleeve receives a real card selection instruction and determines a selected real card; the simulation card receives the data sent by the transaction terminal, and sends the received data to the card sleeve after first processing is carried out on the received data by utilizing the safety transmission key of the simulation card end; the card sleeve receives data sent by the simulation card, prompts the data after second processing after the received data is subjected to second processing by using a first safe transmission key at the card sleeve end, receives a confirmation instruction for indicating the correctness of the data after second processing, performs first processing on the data after second processing by using a second safe transmission key at the card sleeve end, and sends the data to a real card manager; the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the processed data to the selected real card; the selected real card receives data sent by a real card manager, and sends the data obtained after transaction processing to the real card manager after the transaction processing; the real card manager receives data sent by the selected real card, performs first processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the card sleeve; the card sleeve receives data sent by the real card manager, and after second processing is carried out on the received data by using a second safe transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first safe transmission key at the card sleeve end, and then the data are sent to the simulation card; the simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using the safety transmission key of the simulation card end and then sent to the transaction terminal.
In addition, the data interaction method further comprises the following steps: the real card manager detects a real card connected with the real card manager; real card manager detects the real card back of being connected with real card manager, acquires the real card information of real card, and wherein, real card information includes at least: a card number; and after acquiring the real card information of the real card, the real card manager generates a real card information list of the real card manager.
In addition, the data interaction method further comprises the following steps: the real card manager also generates a real card manager end identification list, and the identification in the real card manager end identification list corresponds to the real card information in the real card manager end real card information list one by one.
In addition, before the card sleeve establishes a secure connection with the real card manager and obtains a second secure transmission key at the card sleeve end for data secure transmission between the card sleeve and the real card manager and a secure transmission key at the real card manager end, the data interaction method further includes: the card sleeve sends a login request to a real card manager; after the card sleeve is safely connected with the real card manager and a second card sleeve end safe transmission key for data safe transmission between the card sleeve and the real card manager and a real card manager end safe transmission key are obtained, the data interaction method further comprises the following steps: the card sleeve performs first processing on the received login password through a second secure transmission key at the card sleeve end and then sends the processed login password to the real card manager; the real card manager receives the data sent by the card sleeve, and verifies the correctness of the data after second processing after the received data is subjected to second processing by utilizing the safe transmission key of the real card manager; and after the real card manager verifies that the data processed by the second processing passes, the card sleeve logs in the real card manager.
In addition, the verifying the correctness of the data after the second processing by the real card manager after the second processing is performed on the received data by using the real card manager end secure transmission key comprises the following steps: the real card manager performs second processing on the received data by using the real card manager end secure transmission key to obtain a password to be verified; the real card manager judges whether the password to be verified is an alarm password; if the password to be verified is the alarm password, the real card manager determines that the password to be verified passes the verification and executes the alarm operation; and if the password to be verified is not the alarm password and is the login password, the real card manager determines that the password to be verified passes the verification.
In addition, after the card sleeve logs in the real card manager, the data interaction method further comprises the following steps: the card sleeve searches a card sleeve end identification list; if the card sleeve finds the card sleeve end identification list, the card sleeve end identification list is subjected to first processing by using a card sleeve end second safety transmission key and then is sent to a real card manager, the real card manager receives data sent by the card sleeve, the received data is subjected to second processing by using a real card manager end safety transmission key, whether the data after the second processing is the same as the real card manager end identification list stored by the real card manager is judged, if the data is not the same as the real card manager end identification list, the real card manager performs first processing on an update instruction and update data by using the real card manager end safety transmission key and then sends the update instruction and the update data to the card sleeve, the card sleeve receives the data sent by the real card manager, and updates the card sleeve end real card information list after performing second processing on the received data by using the card sleeve end second safety transmission key; if the card sleeve end identification list is not found, the card sleeve end second safety transmission key is utilized to carry out first processing on the preset identification and then send the preset identification to the real card manager, the real card manager receives data sent by the card sleeve, the real card manager carries out second processing on the received data by utilizing the real card manager end safety transmission key, the real card manager determines that the second processed data is used for indicating that the card sleeve end does not store the card sleeve end identification list, the real card manager end safety transmission key is utilized to carry out first processing on the updating instruction and the updating data and then sends the updating instruction and the updating data to the card sleeve, the card sleeve receives the data sent by the real card manager, and the card sleeve end real card information list is updated after the second processing is carried out on the received data by utilizing the card sleeve end second safety transmission key.
In addition, after the card sleeve logs in the real card manager, the data interaction method further comprises the following steps: the real card manager sends the real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing a real card manager end safety transmission key; the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged; if not, the card sleeve sends an updating request to the real card manager; the real card manager receives the updating request, performs first processing on the updating instruction and the updating data by using the real card manager end secure transmission key, and then sends the updating instruction and the updating data to the card sleeve; and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end.
In addition, the card sleeve further comprises a heartbeat sleep mode, wherein the heartbeat sleep mode is a low-power consumption non-working mode, and the data interaction method further comprises the following steps: the card sleeve sends detection information to a real card manager at intervals of first preset time under a heartbeat sleep mode; the real card manager receives the detection information and sends response information to the card sleeve; if the card sleeve does not receive the response information within the second preset time, the safe connection between the card sleeve and the real card manager is disconnected; and if the card sleeve receives the response information within the second preset time, the card sleeve is kept in the safe connection with the real card manager.
In addition, if the card sleeve receives the response information within the second preset time, and the response information also comprises the update prompt information, the data interaction method further comprises the following steps: the card sleeve stores the update prompt information; after the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve sends an updating triggering request to a real card manager; the real card manager receives the updating triggering request, and sends the real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing a real card manager end safety transmission key; the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged; if not, the card sleeve sends an updating request to the real card manager; the real card manager receives the updating request, performs first processing on the updating instruction and the updating data by using the real card manager end secure transmission key, and then sends the updating instruction and the updating data to the card sleeve; and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end.
In addition, if the card sleeve receives the response information within the second preset time, and the response information also comprises the update prompt information, the data interaction method further comprises the following steps: the card sleeve stores the update prompt information; after the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve performs first processing on a card sleeve end identification list by using a card sleeve end second secure transmission key and then sends the card sleeve end identification list to a real card manager; the real card manager receives the data sent by the card sleeve, and after second processing is carried out on the received data by utilizing a real card manager end safety transmission key, whether the second processed data is the same as a real card manager end identification list stored by the real card manager is judged; if not, the real card manager performs first processing on the update instruction and the update data by using the real card manager end secure transmission key and then sends the update instruction and the update data to the card sleeve; and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end.
In addition, the card sleeve and the simulation card execute the binding operation, which comprises the following steps: the card sleeve receives a trigger command for indicating the binding with the simulation card; the card cover sends a first binding instruction to the simulation card, wherein the first binding instruction comprises: the first binding random factor generated by the card sleeve, the card sleeve certificate and the unique card sleeve identifier; the simulation card receives the first binding instruction and verifies the card sleeve certificate by using the root certificate; generating a second binding random factor after the simulation card verifies that the card certificate is legal; the simulation card encrypts the first binding random factor and the second binding random factor by using a card sleeve public key in a card sleeve certificate to obtain a first binding ciphertext, and signs the first binding random factor and the second binding random factor by using a simulation card private key to obtain a first binding signature; the simulation card sends a first binding response to the card sleeve, wherein the first binding response comprises: the first binding ciphertext, the first binding signature, the simulation card certificate and the simulation card unique identifier; the card sleeve receives the first binding response and verifies the simulation card certificate by using the root certificate; after the card sleeve verifies that the simulation card certificate is legal, the card sleeve decrypts the first binding ciphertext by using a card sleeve private key to obtain a first binding random decryption factor and a second binding random decryption factor; the card sleeve verifies the first binding signature by using a simulation card public key, a first binding random decryption factor and a second binding random decryption factor in the simulation card certificate; after the card sleeve verifies that the first binding signature is correct, whether the first binding random decryption factor is the same as the first binding random factor is verified; after the card sleeve verifies that the first binding random decryption factor is the same as the first binding random factor, prompting the unique identification of the analog card; the card sleeve receives a trigger command for confirming that the unique identifier of the analog card is correct, signs the first binding random factor and the second binding random decryption factor by using a card sleeve private key to obtain a second binding signature, and stores the unique identifier of the analog card, the certificate of the analog card and the first binding factor of the card sleeve end to a first binding list of the card sleeve end, wherein the first binding factor of the card sleeve end is the second binding random decryption factor; the card sleeve sends a second binding signature to the simulation card; the simulation card receives the second binding signature, and the second binding signature is verified by using the card sleeve public key, the first binding random factor and the second binding random factor in the card sleeve certificate; and after the simulation card verifies that the second binding signature is correct, storing the unique card sleeve identification, the card sleeve certificate and the simulation card end binding factor to a simulation card end binding list, wherein the simulation card end binding factor is a second binding random factor.
In addition, the card case and the real card manager performing the binding operation includes: the card sleeve receives a trigger command for indicating the binding with the real card manager; the card sleeve sends a second binding instruction to the real card manager through a wireless network, wherein the second binding instruction comprises: a third binding random factor generated by the card sleeve, a card sleeve certificate and a card sleeve unique identifier; the real card manager receives the second binding instruction and verifies the card sleeve certificate by using the root certificate; after the real card manager verifies that the card sleeve certificate is legal, a fourth binding random factor is generated; the real card manager encrypts the third binding random factor and the fourth binding random factor by using a card sleeve public key in the card sleeve certificate to obtain a second binding ciphertext, and signs the third binding random factor and the fourth binding random factor by using a real card manager private key to obtain a third binding signature; the real card manager sends a second binding response to the card sleeve through the wireless network, wherein the second binding response comprises: the second binding ciphertext, the third binding signature, the real card manager certificate and the unique identifier of the real card manager; the card sleeve receives the second binding response and verifies the real card manager certificate by using the root certificate; after the card sleeve verifies that the certificate of the real card manager is legal, the card sleeve decrypts the second binding ciphertext by using a card sleeve private key to obtain a third binding random decryption factor and a fourth binding random decryption factor; the card sleeve verifies the third binding signature by using the real card manager public key, the third binding random decryption factor and the fourth binding random decryption factor in the real card manager certificate; after the card sleeve verifies that the third binding signature is correct, whether the third binding random decryption factor is the same as the third binding random factor is verified; after the card sleeve verifies that the third binding random decryption factor is the same as the third binding random factor, the card sleeve prompts the unique identifier of the real card manager; the card sleeve receives a trigger command for confirming that the unique identifier of the real card manager is correct, signs a third binding random factor and a fourth binding random decryption factor by using a card sleeve private key to obtain a fourth binding signature, and stores the unique identifier of the real card manager, the certificate of the real card manager and a second binding factor of the card sleeve end to a second binding list of the card sleeve end, wherein the second binding factor of the card sleeve end is the fourth binding random decryption factor; the card sleeve sends a fourth binding signature to the real card manager; the real card manager receives the fourth binding signature, and verifies the fourth binding signature by using the card sleeve public key, the third binding random factor and the fourth binding random factor in the card sleeve certificate; and after the fourth binding signature is verified to be correct by the real card manager, storing the unique card sleeve identifier, the card sleeve certificate and the real card manager end binding factor to a real card manager end binding list, wherein the real card manager end binding factor is a fourth binding random factor.
In addition, the safe connection of cutting ferrule and simulation card establishment includes: the cutting ferrule sends the first safe connection instruction that is used for instructing to establish safe connection to the simulation card, wherein, first safe connection instruction includes: the card sleeve encrypts a first binding factor at the card sleeve end and a generated first connection random factor by using a simulated card public key in a simulated card certificate to obtain a first connection ciphertext, and the card sleeve signs the first binding factor at the card sleeve end and the first connection random factor by using a card sleeve private key to obtain a first connection signature; the simulation card receives the first safe connection instruction, and decrypts the first connection ciphertext by using a simulation card private key to obtain a first binding decryption factor and a first connection random decryption factor at the card sleeve end; the simulation card verifies the first connection signature by using a card sleeve public key, a first binding decryption factor at the card sleeve end and a first connection random decryption factor in the card sleeve certificate; after the simulation card verifies that the first connection signature is correct, verifying whether the first binding decryption factor of the card sleeve end is the same as the binding factor of the simulation card end; after the simulation card verifies that the first binding decryption factor of the card sleeve end is the same as the binding factor of the simulation card end, a second connection random factor is generated; the simulation card encrypts the first connection random decryption factor and the second connection random factor by using a card sleeve public key in the card sleeve certificate to obtain a second connection ciphertext, and signs the first connection random decryption factor and the second connection random factor by using a simulation card private key to obtain a second connection signature; the simulation card sends a first secure connection response to the card sleeve, wherein the first secure connection response comprises: a second concatenated ciphertext and a second concatenated signature; the card sleeve receives the first secure connection response, decrypts the second connection ciphertext by using a card sleeve private key, and obtains a decrypted first connection random decryption factor and a decrypted second connection random decryption factor; the card sleeve verifies the second connection signature by using the simulation card public key, the decrypted first connection random decryption factor and the second connection random decryption factor in the simulation card certificate; after the card sleeve verifies that the second connection signature is correct, verifying whether the decrypted first connection random decryption factor is the same as the first connection random factor; after the card sleeve verifies that the decrypted first connection random decryption factor is the same as the first connection random factor, the card sleeve end first safe transmission key between the card sleeve and the simulation card is generated by at least utilizing the second connection random decryption factor; and the simulation card generates a simulation card end secure transmission key between the card sleeve and the simulation card by using at least a second connection random factor.
In addition, the safe connection of cutting ferrule and simulation card establishment includes: the card sleeve receives a third connection random factor generated by the simulation card sent by the simulation card and the unique identification of the simulation card; the cutting ferrule sends the second safety connection instruction that is used for instructing to establish safe connection to the simulation card, wherein, second safety connection instruction includes: the card sleeve unique identification, a third connection ciphertext obtained by encrypting the third connection random factor and the generated fourth connection random factor by the card sleeve by using a simulation card public key in a simulation card certificate, and a third connection signature obtained by signing the third connection random factor and the fourth connection random factor by using a card sleeve private key by the card sleeve; the simulation card receives a second safety connection instruction and judges whether the unique identification of the card sleeve is in a binding list of the simulation card end; if the unique identifier of the card sleeve is in the binding list of the analog card end, the analog card decrypts the third connection ciphertext by using the analog card private key to obtain a third connection random decryption factor and a fourth connection random decryption factor; the simulation card verifies the third connection signature by using the card sleeve public key, the third connection random decryption factor and the fourth connection random decryption factor in the card sleeve certificate; after the simulation card verifies that the third connection signature is correct, verifying whether the third connection random decryption factor is the same as the third connection random factor; if the third connection random decryption factor is the same as the third connection random factor, the simulation card signs the third connection random decryption factor and the fourth connection random decryption factor by using a simulation card private key to obtain a fourth connection signature; the simulated card sends a second secure connection response to the card sleeve, wherein the second secure connection response comprises: a fourth concatenated signature; the card sleeve receives the second secure connection response, and verifies a fourth connection signature by using a simulated card public key, a third connection random factor and a fourth connection random factor in the simulated card certificate; after the card sleeve verifies that the fourth connection signature is correct, generating a card sleeve end first safe transmission key between the card sleeve and the simulation card by using at least a fourth connection random factor and a card sleeve end first binding factor; the simulation card generates a simulation card end safe transmission key between the card sleeve and the simulation card by using at least a fourth connection random decryption factor and a simulation card end binding factor; the card sleeve sends the third connection random factor and the fourth connection random factor to the simulation card after carrying out first processing on the third connection random factor and the fourth connection random factor by using a card sleeve end first secure transmission key; the simulation card performs first processing on the third connection random decryption factor and the fourth connection random decryption factor by using a simulation card end secure transmission key and then sends the processed results to the card sleeve; the card sleeve receives data sent by the simulation card, performs second processing on the received data by using a first secure transmission key at the card sleeve end, and compares whether the second processed data is the same as a third connection random factor and a fourth connection random factor; and the simulation card receives the data sent by the card sleeve, performs second processing on the received data by using the safety transmission key at the simulation card end, and compares whether the data after the second processing is the same as the third connection random decryption factor and the fourth connection random decryption factor.
In addition, the secure connection established by the card sleeve and the real card manager comprises: the card sleeve sends a third secure connection instruction for indicating establishment of secure connection to the real card manager, wherein the third secure connection instruction comprises: the card sleeve encrypts the second binding factor of the card sleeve end and the generated fifth connection random factor by using a real card manager public key in a real card manager certificate to obtain a fifth connection ciphertext, and the card sleeve signs the second binding factor of the card sleeve end and the fifth connection random factor by using a card sleeve private key to obtain a fifth connection signature; the real card manager receives the third safe connection instruction, decrypts the fifth connection ciphertext by using a private key of the real card manager, and obtains a second binding decryption factor of the card sleeve end and a fifth connection random decryption factor; the real card manager verifies the fifth connection signature by using the card sleeve public key, the second binding decryption factor and the fifth connection random decryption factor in the card sleeve certificate; after the real card manager verifies that the fifth connection signature is correct, verifying whether the second binding decryption factor of the card sleeve end is the same as the binding factor of the real card manager end; the real card manager verifies that the second binding decryption factor of the card sleeve end is the same as the binding factor of the real card manager end, and then generates a sixth connection random factor; the real card manager encrypts the fifth connection random decryption factor and the sixth connection random factor by using a card sleeve public key in the card sleeve certificate to obtain a sixth connection ciphertext, and signs the fifth connection random decryption factor and the sixth connection random factor by using a real card manager private key to obtain a sixth connection signature; the real card manager sends a third secure connection response to the card sleeve, wherein the third secure connection response comprises: a sixth concatenated ciphertext and a sixth concatenated signature; the card sleeve receives the third secure connection response, decrypts the sixth connection ciphertext by using a card sleeve private key, and obtains a decrypted fifth connection random decryption factor and a decrypted sixth connection random decryption factor; the card sleeve verifies the sixth connection signature by using the real card manager public key, the decrypted fifth connection random decryption factor and the sixth connection random decryption factor in the real card manager certificate; after the card sleeve verifies that the sixth connection signature is correct, verifying whether the decrypted fifth connection random decryption factor is the same as the fifth connection random factor; after the card sleeve verifies that the decrypted fifth connection random decryption factor is the same as the fifth connection random decryption factor, generating a card sleeve end second secure transmission key between the card sleeve and the real card manager by using at least the sixth connection random decryption factor; and the real card manager generates a real card manager end secure transmission key between the card sleeve and the real card manager by using at least the sixth connecting random factor.
In addition, the secure connection established by the card sleeve and the real card manager comprises: the card sleeve receives a seventh connection random factor and a unique identifier of the real card manager, which are sent by the real card manager and generated by the real card manager; the card sleeve sends a fourth safety connection instruction for indicating to establish safety connection to the real card manager, wherein the fourth safety connection instruction comprises: the card sleeve unique identification, a seventh connection ciphertext obtained by encrypting the seventh connection random factor and the generated eighth connection random factor by the card sleeve by using a real card manager public key in a real card manager certificate, and a seventh connection signature obtained by signing the seventh connection random factor and the eighth connection random factor by using a card sleeve private key by the card sleeve; the real card manager receives the fourth safe connection instruction and judges whether the unique identifier of the card sleeve is in the real card manager end binding list or not; if the unique card sleeve identifier is in the real card manager end binding list, the real card manager decrypts the seventh connection ciphertext by using a real card manager private key to obtain a seventh connection random decryption factor and an eighth connection random decryption factor; the real card manager verifies the seventh connection signature by using the card sleeve public key, the seventh connection random decryption factor and the eighth connection random decryption factor in the card sleeve certificate; after the real card manager verifies that the seventh connection signature is correct, verifying whether the seventh connection random decryption factor is the same as the seventh connection random factor; if the seventh connection random decryption factor is the same as the seventh connection random factor, the real card manager signs the seventh connection random decryption factor and the eighth connection random decryption factor by using a private key of the real card manager to obtain an eighth connection signature; the real card manager sends a fourth secure connection response to the card sleeve, wherein the fourth secure connection response comprises: an eighth concatenated signature; the card sleeve receives the fourth secure connection response, and verifies the eighth connection signature by using the real card manager public key, the seventh connection random factor and the eighth connection random factor in the real card manager certificate; after the card sleeve verifies that the eighth connection signature is correct, generating a card sleeve end second secure transmission key between the card sleeve and the real card manager by using at least an eighth connection random factor and a card sleeve end second binding factor; the real card manager generates a real card manager end secure transmission key between the card sleeve and the real card manager by using at least the eighth connection random decryption factor and the real card manager end binding factor; the card sleeve sends the seventh connection random factor and the eighth connection random factor to the real card manager after carrying out first processing on the seventh connection random factor and the eighth connection random factor by using a second secure transmission key at the card sleeve end; the real card manager performs first processing on the seventh connection random decryption factor and the eighth connection random decryption factor by using a real card manager end secure transmission key and then sends the processed results to the card sleeve; the card sleeve receives the data sent by the real card manager, carries out second processing on the received data by using a second secure transmission key at the card sleeve end, and compares whether the second processed data is the same as the seventh connection random factor and the eighth connection random factor; and the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using the secure transmission key of the real card manager, and compares whether the data after the second processing is the same as the seventh connection random decryption factor and the eighth connection random decryption factor.
In addition, the data interaction method further comprises the following steps: the card sleeve at least sends the card sleeve certificate to the updating platform; the updating platform generates a first updating encryption key; the updating platform encrypts the card sleeve application program installation package by using the first updating encryption key to obtain a first installation package ciphertext; the updating platform signs the first installation package ciphertext by using the private key of the updating platform to obtain a first installation package signature; the updating platform encrypts a first updating encryption key by using a card sleeve public key in the card sleeve certificate to obtain a first updating encryption key ciphertext; update the platform and send cutting ferrule update message to the cutting ferrule, wherein, cutting ferrule update message includes: updating the platform certificate, the first installation package ciphertext, the first installation package signature and the first updated encryption key ciphertext; the card sleeve receives card sleeve update information and verifies and updates the platform certificate by using the root certificate; after the card sleeve verifies that the updating platform certificate passes, verifying the signature of the first installation package by using the updating platform public key in the updating platform certificate; after the card sleeve verifies that the signature of the first installation package is correct, the card sleeve decrypts the first updated encryption key ciphertext by using a card sleeve private key to obtain a first decryption key; the card sleeve decrypts the first installation package ciphertext by using the first decryption key to obtain a card sleeve application program installation package; the card sleeve verifies whether the data format of the card sleeve application program installation package is correct or not; if the card sleeve verifies that the data format of the card sleeve application program installation package is correct, the card sleeve is installed according to the card sleeve application program installation package.
In addition, the data interaction method further comprises the following steps: the card sleeve obtains a simulated card certificate from the simulated card and at least sends the simulated card certificate to the updating platform; the updating platform generates a second updating encryption key; the updating platform encrypts the simulation card application program installation package by using a second updating encryption key to obtain a second installation package ciphertext; the updating platform signs the second installation package ciphertext by using the private key of the updating platform to obtain a second installation package signature; the updating platform encrypts a second updated encryption key by using the simulated card public key in the simulated card certificate to obtain a second updated encryption key ciphertext; update the platform and update information transmission to the cutting ferrule with the simulation card, wherein, simulation card update information includes: updating the platform certificate, the second installation package ciphertext, the second installation package signature and the second update encryption key ciphertext; the card sleeve receives the updating information of the simulation card, and the updating information of the simulation card is subjected to first processing by utilizing a first safe transmission key at the card sleeve end and then is sent to the simulation card; the simulation card receives the data sent by the card sleeve, and after second processing is carried out on the received data by using the safety transmission key of the simulation card end, the update information of the simulation card is obtained; the simulation card verifies and updates the platform certificate by using the root certificate; after the simulated card passes the verification of the updating platform certificate, verifying the signature of the second installation package by using the public key of the updating platform in the updating platform certificate; after the simulation card verifies that the signature of the second installation package is correct, the simulation card private key is used for decrypting the second updated encryption key ciphertext to obtain a second decryption key; the simulation card decrypts the second installation package ciphertext by using the second decryption key to obtain a simulation card application program installation package; the simulation card verifies whether the data format of the simulation card application program installation package is correct or not; and if the data format of the simulation card application program installation package is verified to be correct by the simulation card, the simulation card is installed according to the simulation card application program installation package.
In addition, the data interaction method further comprises the following steps: the real card manager at least sends the real card manager certificate to the updating platform; the updating platform generates a third updating encryption key; the updating platform encrypts the real card manager application program installation package by using a third updated encryption key to obtain a third installation package ciphertext; the updating platform signs the third installation package ciphertext by using the private key of the updating platform to obtain a third installation package signature; the updating platform encrypts a third updated encryption key by using the real card manager public key in the real card manager certificate to obtain a third updated encryption key ciphertext; the updating platform sends the updating information of the real card manager to the real card manager, wherein the updating information of the real card manager comprises the following steps: updating the platform certificate, the third installation package ciphertext, the third installation package signature and the third updated encryption key ciphertext; the real card manager receives the update information of the real card manager, and verifies and updates the platform certificate by using the root certificate; after the real card manager verifies that the update platform certificate passes, verifying the signature of the third installation package by using the update platform public key in the update platform certificate; after the third installation package is verified to be correct in signature by the real card manager, decrypting a third updated encryption key ciphertext by using a private key of the real card manager to obtain a third decryption key; the real card manager decrypts the third installation package ciphertext by using the third decryption key to obtain a real card manager application program installation package; the real card manager verifies whether the data format of the real card manager application program installation package is correct or not; and if the real card manager verifies that the data format of the real card manager application program installation package is correct, the real card manager installs according to the real card manager application program installation package.
Further, the first processing includes: an encryption process, the second process comprising: carrying out decryption processing; or the first processing includes: a check calculation process, the second process including: checking, verifying and calculating; or the first processing includes: an encryption and verification calculation process, the second process comprising: and (5) decryption and verification calculation processing.
In addition, the real card manager performs opening and/or closing setting on the read-write authority of the real card information of the real card connected with the real card manager according to the security level of the real card.
In addition, when the cutting ferrule detects out that the simulation card exceeds the effective communication range of cutting ferrule, carry out the safety suggestion.
In addition, the cutting ferrule is the mobile device.
In addition, the card sleeve is a mobile device and an electronic signature device, or the card sleeve is an electronic signature device.
In another aspect, the present invention provides a data interaction system, including: simulating a card, a card sleeve and a real card manager; the simulated card, the card sleeve and the real card manager adopt the data interaction method to carry out data interaction.
According to the technical scheme provided by the invention, the data interaction between the simulation card, the card sleeve and the real card manager can be realized through the data interaction method and the data interaction system, so that a novel transaction solution which is convenient for a user to carry and has higher safety is provided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a data interaction method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a binding operation performed by a card sleeve and a simulation card in the data interaction method according to the embodiment of the present invention;
fig. 3 is a flowchart illustrating a binding operation performed by a card sleeve and a real card manager in the data interaction method according to the embodiment of the present invention;
fig. 4 is a flowchart of a first secure connection mode established between the card sleeve and the simulation card in the data interaction method according to the embodiment of the present invention;
fig. 5 is a flowchart of a second secure connection mode established between the card sleeve and the simulation card in the data interaction method provided in the embodiment of the present invention;
fig. 6 is a flowchart of a first secure connection method established between the card sleeve and the real card manager in the data interaction method according to the embodiment of the present invention;
Fig. 7 is a flowchart of a second secure connection mode established between the card sleeve and the real card manager in the data interaction method according to the embodiment of the present invention;
fig. 8 is a flowchart illustrating updating of a card sleeve application program in a data interaction method according to an embodiment of the present invention;
fig. 9 is a flowchart illustrating updating of a simulation card application in a data interaction method according to an embodiment of the present invention;
FIG. 10 is a flowchart illustrating real card manager application update in a data interaction method according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a data interaction system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The invention provides a data interaction architecture, which is used for providing a transaction solution which is convenient for a user to carry and has higher safety. The data interaction architecture comprises: simulated cards, cases, and real card managers.
Wherein:
the simulation card can comprise one or more cards, and the simulation card can be a separately manufactured card or a real card reserved with simulation card functions. The simulated card has the same size as the existing bank card, and replaces a real card to complete transaction in the data interaction architecture. The analog card has a contact and/or contactless interface to complete a transaction in conjunction with an existing transaction terminal (e.g., ATM, POS, etc.). The simulation card also has a wireless interface through which the simulation card can perform data interaction with the card sleeve. The contact type interface can be a contact point and the like, the non-contact type interface can be an NFC interface and the like, and the wireless interface can be a Bluetooth interface, an infrared interface, a 2.4GHz interface, a WIFI interface, an RFID interface and the like.
The card sleeve can comprise one or more card sleeves, and the card sleeve can manage one or more simulation cards, and each simulation card only belongs to one card sleeve and is managed by the card sleeve. This cutting ferrule can be for making alone the equipment of card overcoat shape, also can be for having the mobile device of the cutting ferrule function that provides in this data framework, includes: smart phones, tablet computers (PADs), PDAs (e.g., palm top computers, learning machines), laptop computers, e-book reading devices, wearable devices (e.g., smart wristwatches, smart glasses, etc.), and the like. The card sleeve can be provided with a contact type interface and/or a non-contact type interface so as to be matched with the contact type interface and/or the non-contact type interface of the simulation card for data interaction, the card sleeve can also be provided with a wireless interface so as to be matched with the corresponding interface of the simulation card for data interaction through the wireless interface, wherein the contact type interface can be a contact point and the like, the non-contact type interface can be an NFC interface and the like, and the wireless interface can be a Bluetooth interface, an infrared interface, a 2.4GHz interface, a WIFI interface, an RFID interface and the like; the card sleeve is also provided with a network interface so as to perform data interaction with a corresponding network interface of the real card manager through the network interface, wherein the network interface can be a WIFI interface, a mobile internet interface (such as a 3G network and a 4G network) and the like. In addition, the card holder may also be a combination of a mobile device and an electronic signature device, where the network interface of the card holder is implemented by means of a network interface of the mobile device, and other interfaces (e.g., a wireless interface, a contact and/or contactless interface, etc.) may all be located on the electronic signature device, or the other interfaces may all be located on the mobile device, or a part of the other interfaces may be located on the electronic signature device and a part of the interfaces may be located on the mobile device; the processing operations executed by the card sleeve are all executed on the electronic signature equipment; the case may also be an electronic signature device only. The electronic signature device may be a key device, such as a U shield of a work bank, a K bank of a farming bank, or the like.
Real card manager, can manage a plurality of cutting ferrule, and this real card manager has a plurality of contact (for example draw-in grooves etc.) interfaces and/or non-contact (for example NFC etc.) interfaces to make things convenient for real card manager can connect different kind's real cards through different modes, wherein, real card manager is connected with at least one real card, and the real card information list of real card manager end is stored, real card manager end real card information list includes the real card information of the real card of being connected with real card manager, this real card information can include: card number, card authentication information, and the like, the card authentication information being information for authenticating whether a real card is issued by a regular channel (e.g., a bank, a public transport company, and the like); the real card can be a bank card issued by a bank or a function card (such as a bus card, a meal card, a shopping card, a membership card, a bonus card and the like); optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so that a user may make different settings according to security requirements for the real cards, for example, the real card manager may be configured to set real card information that does not allow some real cards to be acquired, thereby ensuring security of the real cards. The real card manager also has a network interface for data interaction with a corresponding network interface of the card sleeve, wherein the network interface may be a WIFI interface, a mobile internet interface (e.g. 3G, 4G network), or the like.
In the data interaction architecture, the simulation card and the real card are intelligent chip cards.
The terms used in the present invention are explained below:
the first process includes: an encryption process, the second process comprising: carrying out decryption processing; specifically, the data transmission security is ensured by pure encryption, and when the security level requirement of the data to be transmitted is high, the data can be processed by adopting the method. Or
The first process includes: a check calculation process, the second process including: checking, verifying and calculating; specifically, the data transmission integrity is guaranteed through simple verification, tampering is prevented, and when the requirement on the integrity of the data to be transmitted is high, the data to be transmitted can be processed in the mode. Or
The first process includes: an encryption and verification calculation process, the second process comprising: and (5) decryption and verification calculation processing. Specifically, a mixed encryption and verification mode is adopted to ensure the safety and the integrity of data transmission, and when the requirement on the safety level of data to be transmitted is highest, the data can be processed by adopting the mode.
Based on the data interaction architecture, the invention provides a data interaction method, and data interaction between the simulation card, the card sleeve and the real card manager can be realized through the data interaction method, so that a novel transaction solution which is convenient for a user to carry and has higher safety is provided.
Fig. 1 shows a flowchart of a data interaction method provided by an embodiment of the present invention, and referring to fig. 1, the data interaction method of the present invention includes:
the card sleeve and the simulation card execute binding operation, and the card sleeve and the real card manager execute binding operation, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager;
the card sleeve is in safe connection with the simulation card, a first safe transmission key at the card sleeve end and a safe transmission key at the simulation card end for carrying out data safe transmission between the card sleeve and the simulation card are obtained, the card sleeve is in safe connection with a real card manager, and a second safe transmission key at the card sleeve end and a safe transmission key at the real card manager end for carrying out data safe transmission between the card sleeve and the real card manager are obtained;
the card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager;
The card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a real card selection instruction and determines a selected real card; the simulation card receives the data sent by the transaction terminal, and sends the received data to the card sleeve after first processing is carried out on the received data by utilizing the safety transmission key of the simulation card end;
the card sleeve receives data sent by the simulation card, prompts the data after second processing after the received data is subjected to second processing by using a first safe transmission key at the card sleeve end, receives a confirmation instruction for indicating the correctness of the data after second processing, performs first processing on the data after second processing by using a second safe transmission key at the card sleeve end, and sends the data to a real card manager;
the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the processed data to the selected real card;
the selected real card receives data sent by a real card manager, and sends the data obtained after transaction processing to the real card manager after the transaction processing;
the real card manager receives data sent by the selected real card, performs first processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the card sleeve;
The card sleeve receives data sent by the real card manager, and after second processing is carried out on the received data by using a second safe transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first safe transmission key at the card sleeve end, and then the data are sent to the simulation card;
the simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using the safety transmission key of the simulation card end and then sent to the transaction terminal.
The following is a detailed description of the data interaction method, and specifically, the data interaction method may include the following aspects:
firstly, binding:
1. the card sleeve and the simulation card execute binding operation:
in the invention, the card sleeve and the simulation card can be bound by the following modes:
the card sleeve and the simulation card mutually authenticate the certificate of the other party and the identity of the other party, and after the two parties pass the authentication, the card sleeve and the simulation card respectively store the binding factors generated in the authentication process.
The following provides a specific implementation mode for executing the binding operation between the card sleeve and the simulation card:
fig. 2 is a flowchart illustrating a binding operation performed by a card sleeve and a simulation card in the data interaction method provided by the embodiment of the present invention, and referring to fig. 2, the binding operation performed by the card sleeve and the simulation card includes:
The card sleeve receives a trigger command for indicating the binding with the simulation card; specifically, before the card sleeve is used, a boot operation may be performed on the card sleeve in advance, at this time, optionally, the card sleeve prompts a user to input a boot password, receives the boot password input by the user, verifies the correctness of the boot password input by the user, performs the boot operation after verifying that the boot password input by the user is correct, and the card sleeve enters a working mode. Before the card sleeve and the simulation card are used for data interaction, optionally, the card sleeve and the simulation card are bound to improve the security of subsequent data interaction. The trigger command received by the card sleeve for indicating the card sleeve to be bound with the analog card may be generated by a binding physical key separately arranged on the card sleeve, or may be generated by a binding virtual key on a touch screen of the card sleeve, or may be generated after the boot password is verified correctly, or may be generated after the analog card is inserted into the card sleeve, or may be generated by selecting a binding function in a menu displayed on a screen of the card sleeve, or may be generated in any other manner, which is not limited in the present invention.
The card cover sends a first binding instruction to the simulation card, wherein the first binding instruction comprises: the first binding random factor generated by the card sleeve, the card sleeve certificate and the unique card sleeve identifier; specifically, the card sleeve can send a first binding instruction to the simulation card through contact connection (through a contact interface), and the card sleeve can also send the first binding instruction to the simulation card through non-contact connection (through a non-contact interface or a wireless interface), wherein the former can improve binding safety, and the latter can improve binding convenience. The first binding instruction carries a first binding random factor to prevent replay attack, the first binding instruction carries a card sleeve certificate so as to facilitate the simulation card to authenticate the card sleeve, and the first binding instruction carries a card sleeve unique identifier so as to facilitate the simulation card to know which card sleeve is bound with the card sleeve; the first binding random factor can be a random number, a random character or a combination thereof generated by the card sleeve, and certainly, after the first binding random factor is generated, the randomness of the first binding random factor can be verified so as to improve the randomness of the first binding random factor and prevent the first binding random factor from being cracked; the unique identification of the card sleeve can be any one or the combination of the serial number of the card sleeve, the equipment identification code, the MAC address and the like to uniquely identify the card sleeve.
The simulation card receives the first binding instruction and verifies the card sleeve certificate by using the root certificate; specifically, the simulation card stores a root certificate in advance, and the verification of the card sleeve certificate is completed by using the root certificate so as to ensure the safety of subsequent use of the card sleeve certificate.
Generating a second binding random factor after the simulation card verifies that the card certificate is legal; specifically, the second binding random factor may be a random number generated by simulating a card, a random character, or a combination thereof; certainly, after the second binding random factor is generated, the randomness of the second binding random factor can be verified, so that the randomness of the second binding random factor is improved, and cracking is prevented.
The simulation card encrypts the first binding random factor and the second binding random factor by using a card sleeve public key in a card sleeve certificate to obtain a first binding ciphertext, and signs the first binding random factor and the second binding random factor by using a simulation card private key to obtain a first binding signature; specifically, the simulation card encrypts the first binding random factor and the second binding random factor by using the card sleeve public key to ensure the transmission security of the first binding random factor and the second binding random factor, and the simulation card signs the first binding random factor and the second binding random factor by using the simulation card private key to ensure that the subsequent card sleeve can authenticate the validity of the simulation card identity.
The simulation card sends a first binding response to the card sleeve, wherein the first binding response comprises: the first binding ciphertext, the first binding signature, the simulation card certificate and the simulation card unique identifier; specifically, a first binding response sent by the analog card carries an analog card certificate so that the card sleeve can authenticate the analog card, and the first binding response carries an analog card unique identifier so that the card sleeve can know which analog card is bound with the first binding response; the simulation card unique identifier can be any one or a combination of a simulation card serial number, an equipment identification code, an MAC address and the like to uniquely identify the simulation card.
The card sleeve receives the first binding response and verifies the simulation card certificate by using the root certificate; specifically, the card sleeve stores a root certificate in advance, and the root certificate is utilized to complete verification of the simulated card certificate so as to ensure the safety of subsequent use of the simulated card certificate.
After the card sleeve verifies that the simulation card certificate is legal, the card sleeve decrypts the first binding ciphertext by using a card sleeve private key to obtain a first binding random decryption factor and a second binding random decryption factor; specifically, the first bound ciphertext is decrypted by using the card sleeve private key, and if a data transmission error occurs in data transmission or tampering occurs in data transmission, the first bound random decryption factor and the second bound random decryption factor which are decrypted cannot be successfully decrypted, or the first bound random decryption factor and the second bound random decryption factor which are decrypted are different from the first bound random factor and the second bound random factor. And the card sleeve public key is used for encryption, only the card sleeve private key can be successfully decrypted, and therefore the security of data decryption can be ensured.
The card sleeve verifies the first binding signature by using a simulation card public key, a first binding random decryption factor and a second binding random decryption factor in the simulation card certificate; specifically, the card sleeve verifies the signature sent by the analog card by using the analog card public key after verification is passed so as to ensure the legal source of the data.
After the card sleeve verifies that the first binding signature is correct, whether the first binding random decryption factor is the same as the first binding random factor is verified; specifically, the card sleeve verifies that the first binding random factor generated by the card sleeve is the same as the first binding random decryption factor, so that the data can be ensured not to be tampered, and the encrypted data source is indeed the object of the card sleeve sending the first binding random factor.
After the card sleeve verifies that the first binding random decryption factor is the same as the first binding random factor, prompting the unique identification of the analog card; specifically, the card sleeve can display the unique identifier of the simulated card, and can also play the unique identifier of the simulated card through voice (such as speaker playing or playing through a headphone and the like), so that the authenticity of the simulated card can be confirmed by a user, and the binding safety is improved.
The card sleeve receives a trigger command for confirming that the unique identifier of the analog card is correct, signs the first binding random factor and the second binding random decryption factor by using a card sleeve private key to obtain a second binding signature, and stores the unique identifier of the analog card, the certificate of the analog card and the first binding factor of the card sleeve end to a first binding list of the card sleeve end, wherein the first binding factor of the card sleeve end is the second binding random decryption factor; specifically, the trigger command received by the card sleeve for confirming that the unique identifier of the analog card is correct may be generated by a confirmation physical key separately disposed on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a screen of the card sleeve, or may be generated after a voice confirmation instruction received by a voice acquisition device (e.g., a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and verified by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and verified by an iris acquisition device of the card sleeve passes verification, or may be generated in any other manner, which is not limited in the present invention; signing the first binding random factor and the second binding random decryption factor by using a card sleeve private key so as to facilitate the subsequent simulation card to authenticate the identity of the card sleeve; of course, the card sleeve can also store a card sleeve end first binding list, and the card sleeve end first binding list is used for recording relevant information of the analog card bound with the card sleeve, such as: the method comprises the steps of simulating a unique card identifier, simulating a card certificate and the like, wherein a card sleeve end first binding list is also used for storing a card sleeve end first binding factor, the card sleeve end first binding factor is a second binding random factor of ciphertext transmission, and the ciphertext transmission is based on the second binding random factor, so that the card sleeve end first binding factor is safe and is not tampered.
The card sleeve sends a second binding signature to the simulation card; specifically, the card sleeve sends a second binding signature to the mock card to facilitate the mock card authenticating the card sleeve identity.
The simulation card receives the second binding signature, and the second binding signature is verified by using the card sleeve public key, the first binding random factor and the second binding random factor in the card sleeve certificate; specifically, the simulated card verifies the signature sent by the card sleeve by using the card sleeve public key after verification is passed so as to ensure the legal source of the data.
And after the simulation card verifies that the second binding signature is correct, storing the unique card sleeve identification, the card sleeve certificate and the simulation card end binding factor to a simulation card end binding list, wherein the simulation card end binding factor is a second binding random factor. Specifically, the simulation card may further store a simulation card end binding list for recording information about the card sleeve to which the simulation card is bound, such as: the card sleeve unique identification, the card sleeve certificate and the like, and in addition, the simulation card end binding list is also used for storing a simulation card end binding factor which is a second binding random factor generated by the simulation card.
Therefore, based on the binding of the card sleeve and the simulation card, the safety of data interaction between the follow-up card sleeve and the simulation card can be ensured.
2. The card sleeve and the real card manager execute binding operation:
in the invention, the card sleeve and the real card manager can be bound by the following modes:
the card sleeve and the real card manager mutually authenticate the certificate of the other party and the identity of the other party, and after the two parties pass the authentication, the card sleeve and the real card manager respectively store the binding factors generated in the authentication process.
The following provides a specific implementation manner for the card sleeve and the real card manager to execute the binding operation:
fig. 3 is a flowchart illustrating a card sleeve and a real card manager performing a binding operation in a data interaction method provided by an embodiment of the present invention, and referring to fig. 3, the card sleeve and the real card manager performing a binding operation include:
the card sleeve receives a trigger command for indicating the binding with the real card manager; specifically, before the card sleeve is used, a boot operation may be performed on the card sleeve in advance, at this time, optionally, the card sleeve prompts a user to input a boot password, receives the boot password input by the user, verifies the correctness of the boot password input by the user, performs the boot operation after verifying that the boot password input by the user is correct, and the card sleeve enters a working mode. Before the card sleeve and the real card manager are used for data interaction, optionally, the card sleeve and the real card manager are bound to improve the security of subsequent data interaction. The trigger command received by the card sleeve for indicating the card sleeve to be bound with the real card manager may be generated by a binding physical key separately arranged on the card sleeve, or may be generated by a binding virtual key on a touch screen of the card sleeve, or may be generated after the boot password is verified correctly, or may be generated by selecting a binding function in a menu displayed on a screen of the card sleeve, or may be generated by any other method, which is not limited in the present invention.
The card sleeve sends a second binding instruction to the real card manager, wherein the second binding instruction comprises: a third binding random factor generated by the card sleeve, a card sleeve certificate and a card sleeve unique identifier; specifically, the card sleeve may send the second binding instruction to the real card manager in a wireless manner (e.g., mobile network, WIFI, etc.). The second binding instruction carries a card sleeve certificate so that a real card manager can authenticate the card sleeve, and the second binding instruction carries a card sleeve unique identifier so that the real card manager can know which card sleeve is bound with the card sleeve; the third binding random factor can be a random number, a random character or a combination thereof generated by the card sleeve, and certainly, after the third binding random factor is generated, the randomness of the third binding random factor can be verified so as to improve the randomness of the third binding random factor and prevent the third binding random factor from being cracked; the unique identification of the card sleeve can be any one or the combination of the serial number of the card sleeve, the equipment identification code, the MAC address and the like to uniquely identify the card sleeve.
The real card manager receives the second binding instruction and verifies the card sleeve certificate by using the root certificate; specifically, the real card manager stores a root certificate in advance, and completes verification of the card sleeve certificate by using the root certificate so as to ensure the security of subsequent use of the card sleeve certificate.
After the real card manager verifies that the card sleeve certificate is legal, a fourth binding random factor is generated; specifically, the fourth binding random factor may be a random number, a random character, or a combination thereof generated by the real card manager; of course, after the fourth binding random factor is generated, the randomness of the fourth binding random factor can be verified, so that the randomness of the fourth binding random factor is improved, and the fourth binding random factor is prevented from being cracked.
The real card manager encrypts the third binding random factor and the fourth binding random factor by using a card sleeve public key in the card sleeve certificate to obtain a second binding ciphertext, and signs the third binding random factor and the fourth binding random factor by using a real card manager private key to obtain a third binding signature; specifically, the real card manager encrypts the third binding random factor and the fourth binding random factor by using the card sleeve public key to ensure the transmission security of the third binding random factor and the fourth binding random factor, and the real card manager signs the third binding random factor and the fourth binding random factor by using the real card manager private key to ensure that the subsequent card sleeve can authenticate the identity validity of the real card manager.
The real card manager sends a second binding response to the card sleeve, wherein the second binding response comprises: the second binding ciphertext, the third binding signature, the real card manager certificate and the unique identifier of the real card manager; specifically, a second binding response sent by the real card manager carries a real card manager certificate so that the card sleeve authenticates the real card manager, and the second binding response carries a unique identifier of the real card manager so that the card sleeve knows which real card manager is bound with the real card manager; the unique identifier of the real card manager can be any one or a combination of a serial number of the real card manager, an equipment identification code, an MAC address and the like so as to uniquely identify the identifier of the real card manager.
The card sleeve receives the second binding response and verifies the real card manager certificate by using the root certificate; specifically, the card sleeve stores a root certificate in advance, and the root certificate is utilized to complete verification of the real card manager certificate so as to ensure the safety of subsequent use of the real card manager certificate.
After the card sleeve verifies that the certificate of the real card manager is legal, the card sleeve decrypts the second binding ciphertext by using a card sleeve private key to obtain a third binding random decryption factor and a fourth binding random decryption factor; specifically, the second bound ciphertext is decrypted by using the card sleeve private key, and if a data transmission error occurs in data transmission or tampering occurs in data transmission, the second bound ciphertext cannot be successfully decrypted, or the decrypted third bound random decryption factor and the decrypted fourth bound random decryption factor are different from the third bound random factor and the fourth bound random factor. And the card sleeve public key is used for encryption, only the card sleeve private key can be successfully decrypted, and therefore the security of data decryption can be ensured.
The card sleeve verifies the third binding signature by using the real card manager public key, the third binding random decryption factor and the fourth binding random decryption factor in the real card manager certificate; specifically, the card sleeve verifies the signature sent by the real card manager by using the public key of the real card manager after the verification is passed so as to ensure the legal source of the data.
After the card sleeve verifies that the third binding signature is correct, whether the third binding random decryption factor is the same as the third binding random factor is verified; specifically, the card sleeve verifies that the third binding random factor generated by the card sleeve is the same as the third binding random decryption factor, so that the data is not tampered, and the encrypted data source is indeed the object of the card sleeve sending the third binding random factor.
After the card sleeve verifies that the third binding random decryption factor is the same as the third binding random factor, the card sleeve prompts the unique identifier of the real card manager; specifically, the card sleeve can display the unique identifier of the real card manager, and can also play the unique identifier of the real card manager through voice (such as speaker playing or playing through a headphone or the like), so that a user can confirm the authenticity of the real card manager, and the binding safety is improved.
The card sleeve receives a trigger command for confirming that the unique identifier of the real card manager is correct, signs a third binding random factor and a fourth binding random decryption factor by using a card sleeve private key to obtain a fourth binding signature, and stores the unique identifier of the real card manager, the certificate of the real card manager and a second binding factor of the card sleeve end to a second binding list of the card sleeve end, wherein the second binding factor of the card sleeve end is the fourth binding random decryption factor; specifically, the trigger command received by the card sleeve for confirming that the unique identifier of the real card manager is correct may be generated by a confirmation physical key separately disposed on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a screen of the card sleeve, or may be generated after a voice confirmation instruction received by a voice acquisition device (e.g., a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and verified by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and verified by an iris acquisition device of the card sleeve passes verification, or may be generated in any other manner, which is not limited in the present invention; signing the third binding random factor and the fourth binding random decryption factor by using a card sleeve private key so as to facilitate a subsequent real card manager to authenticate the identity of the card sleeve; of course, the card sleeve can also store a card sleeve end second binding list, which is used to record the information related to the real card manager bound with the card sleeve, such as: the unique identifier of the real card manager, the certificate of the real card manager and the like, and in addition, the second binding list of the card sleeve end is also used for storing a second binding factor of the card sleeve end, the second binding factor of the card sleeve end is a fourth binding random factor of ciphertext transmission, and the ciphertext transmission is based on the fourth binding random factor, so the second binding factor of the card sleeve end is safe and is not tampered.
The card sleeve sends a fourth binding signature to the real card manager; specifically, the card sleeve sends a fourth binding signature to the real card manager so that the real card manager authenticates the card sleeve identity.
The real card manager receives the fourth binding signature, and verifies the fourth binding signature by using the card sleeve public key, the third binding random factor and the fourth binding random factor in the card sleeve certificate; specifically, the real card manager verifies the signature sent by the card sleeve by using the card sleeve public key after verification is passed so as to ensure the legal source of the data.
And after the fourth binding signature is verified to be correct by the real card manager, storing the unique card sleeve identifier, the card sleeve certificate and the real card manager end binding factor to a real card manager end binding list, wherein the real card manager end binding factor is a fourth binding random factor. Specifically, the real card manager may further store a real card manager side binding list for recording information about the card sleeve bound to the real card manager, such as: the card sleeve unique identifier, the card sleeve certificate and the like, and in addition, the real card manager end binding list is also used for storing real card manager end binding factors, and the real card manager end binding factors are fourth binding random factors generated by the real card manager.
Therefore, based on the binding of the card sleeve and the real card manager, the safety of data interaction between the subsequent card sleeve and the real card manager can be ensured.
Secondly, establishing a secure connection:
1. the cutting ferrule establishes safe connection with the simulation card, obtains the first safe transmission key of cutting ferrule end and the simulation card end safe transmission key that carry out data safe transmission between cutting ferrule and the simulation card:
in the invention, the card sleeve and the simulation card can establish safe connection in the following modes:
the first method is that the card sleeve and the simulation card mutually authenticate the identity of the other party again (for example, mutually authenticate the signature data of the other party), and in the process of mutually authenticating the identity of the other party again, whether the binding factors stored by the two parties are the same is compared, and after the binding factors stored by the two parties are compared to be the same and mutually authenticate the identity of the other party again, the safety transmission key (the first safety transmission key at the card sleeve end and the safety transmission key at the simulation card end) for data safety transmission between the card sleeve and the simulation card is generated.
The invention provides a specific implementation of the first mode:
fig. 4 shows a flowchart of a first method for establishing a secure connection between the card sleeve and the analog card in the data interaction method provided by the embodiment of the present invention, and referring to fig. 4, establishing a secure connection between the card sleeve and the analog card includes:
The cutting ferrule sends the first safe connection instruction that is used for instructing to establish safe connection to the simulation card, wherein, first safe connection instruction includes: the card sleeve encrypts a first binding factor at the card sleeve end and a generated first connection random factor by using a simulated card public key in a simulated card certificate to obtain a first connection ciphertext, and the card sleeve signs the first binding factor at the card sleeve end and the first connection random factor by using a card sleeve private key to obtain a first connection signature; specifically, before data interaction is performed between the card sleeve and the simulation card, optionally, a secure connection is established between the card sleeve and the simulation card, so as to improve the security of subsequent data interaction. The first secure connection instruction received by the card sleeve and used for indicating establishment of secure connection may be generated for a connection physical key separately arranged on the card sleeve, or may be generated for a connection virtual key on a touch screen of the card sleeve, or may be generated after a power-on password is verified correctly, or may be generated after a simulated card is pulled out from the card sleeve, or may be generated by selecting a connection function in a menu displayed on a screen of the card sleeve, or may be generated after a card sleeve end real card information list is obtained in the card sleeve, and a user selects a real card from the list. Of course, the present invention is not limited thereto, and may be generated in any other manner. The first connection random factor can be a random number, a random character or a combination thereof generated by the card sleeve, and certainly, after the first connection random factor is generated, the randomness of the first connection random factor can be verified so as to improve the randomness of the first connection random factor and prevent the first connection random factor from being cracked; specifically, the card sleeve encrypts the first binding factor and the first connection random factor of the card sleeve end by using the simulated card public key to ensure the transmission security of the first binding factor and the first connection random factor of the card sleeve end, and the card sleeve signs the first binding factor and the first connection random factor of the card sleeve end by using the card sleeve private key to ensure that the subsequent simulated card can authenticate the legality of the identity of the card sleeve. And sending the first binding factor of the card sleeve end to the simulation card so as to judge whether the first binding factor of the card sleeve end is the same as the stored binding factor of the subsequent simulation card, thereby judging whether the card sleeve is bound with the simulation card. Optionally, before this step, after the card sleeve detects the analog card, the card sleeve may determine whether the analog card is in the first binding list at the card sleeve end, for example: the determination can be made as follows: after detecting the simulation card, the card sleeve receives simulation card information (such as a simulation card unique identifier and/or a simulation card certificate) sent by the simulation card, and judges whether the simulation card is in a first binding list at the card sleeve end or not according to the received simulation card information; and/or whether the card sleeve is in the binding list at the end of the simulation card can be judged by the simulation card, for example: the determination can be made as follows: after detecting the simulation card, the card sleeve sends the card sleeve information (such as the unique card sleeve identifier and/or the card sleeve certificate) to the simulation card, and the simulation card judges whether the card sleeve is in a binding list at the simulation card end or not according to the received card sleeve information; and only after the other side is judged to be in the binding list of the other side, the subsequent flow is executed, so that the flow is optimized, and the efficiency is improved.
The simulation card receives the first safe connection instruction, and decrypts the first connection ciphertext by using a simulation card private key to obtain a first binding decryption factor and a first connection random decryption factor at the card sleeve end; specifically, the first connection ciphertext is decrypted by using the simulated card private key, and if a data transmission error occurs in data transmission or tampering occurs in data transmission, the first connection ciphertext cannot be successfully decrypted, or the decrypted first binding decryption factor and the decrypted first connection random decryption factor of the card sleeve end are different from the first binding factor and the first connection random factor of the card sleeve end. And the simulated card public key is used for encryption, only the simulated card private key can be successfully decrypted, and therefore the security of data decryption can be ensured.
The simulation card verifies the first connection signature by using a card sleeve public key, a first binding decryption factor at the card sleeve end and a first connection random decryption factor in the card sleeve certificate; specifically, the simulated card verifies the signature sent by the card sleeve by using the card sleeve public key to ensure the legal source of the data.
After the simulation card verifies that the first connection signature is correct, verifying whether the first binding decryption factor of the card sleeve end is the same as the binding factor of the simulation card end; specifically, the simulation card also verifies whether the decrypted first binding decryption factor of the card sleeve end is the same as a binding factor of the simulation card end stored in the simulation card, if so, the card sleeve is proved to have completed the binding operation before the card sleeve is safely connected with the simulation card, and based on the result, the simulation card can judge whether the card sleeve is bound with the simulation card.
After the simulation card verifies that the first binding decryption factor of the card sleeve end is the same as the binding factor of the simulation card end, a second connection random factor is generated; specifically, the second connection random factor may be a random number, a random character, or a combination thereof generated by the analog card, and certainly, after the second connection random factor is generated, the randomness of the second connection random factor may also be verified, so as to improve the randomness of the second connection random factor and prevent cracking.
The simulation card encrypts the first connection random decryption factor and the second connection random factor by using a card sleeve public key in the card sleeve certificate to obtain a second connection ciphertext, and signs the first connection random decryption factor and the second connection random factor by using a simulation card private key to obtain a second connection signature; specifically, the simulation card encrypts the first connection random decryption factor and the second connection random factor by using the card sleeve public key to ensure the transmission security of the first connection random decryption factor and the second connection random factor, and the simulation card signs the first connection random decryption factor and the second connection random factor by using the simulation card private key to ensure that the subsequent card sleeve can authenticate the validity of the simulation card identity.
The simulation card sends a first secure connection response to the card sleeve, wherein the first secure connection response comprises: a second concatenated ciphertext and a second concatenated signature; specifically, the analog card sends the second connection ciphertext and the second connection signature to the card sleeve, so that the card sleeve decrypts and verifies the received data.
The card sleeve receives the first secure connection response, decrypts the second connection ciphertext by using a card sleeve private key, and obtains a decrypted first connection random decryption factor and a decrypted second connection random decryption factor; specifically, the second connection ciphertext is decrypted by using the card sleeve private key, and if a data transmission error occurs in data transmission or tampering occurs in data transmission, the decryption cannot be successfully performed, or the decrypted first connection random decryption factor and the decrypted second connection random decryption factor are different from the first connection random factor and the second connection random factor. And the card sleeve public key is used for encryption, only the card sleeve private key can be successfully decrypted, and therefore the security of data decryption can be ensured.
The card sleeve verifies the second connection signature by using the simulation card public key, the decrypted first connection random decryption factor and the second connection random decryption factor in the simulation card certificate; specifically, the card sleeve verifies the signature sent by the analog card by using the analog card public key so as to ensure the legal source of the data.
After the card sleeve verifies that the second connection signature is correct, verifying whether the decrypted first connection random decryption factor is the same as the first connection random factor; specifically, the card sleeve verifies that the first connection random factor generated by the card sleeve is the same as the decrypted first connection random decryption factor, so that the data is not tampered, and the encrypted data source is indeed the object of the card sleeve sending the first connection random factor.
After the card sleeve verifies that the decrypted first connection random decryption factor is the same as the first connection random factor, the card sleeve end first safe transmission key between the card sleeve and the simulation card is generated by at least utilizing the second connection random decryption factor; and the simulation card generates a simulation card end secure transmission key between the card sleeve and the simulation card by using at least a second connection random factor. Specifically, the card sleeve may generate a first secure transmission key at the card sleeve end between the card sleeve and the simulation card by using the second connection random decryption factor, may also generate a first secure transmission key at the card sleeve end between the card sleeve and the simulation card by using the first connection random factor and the second connection random decryption factor, and may also generate a first secure transmission key at the card sleeve end between the card sleeve and the simulation card by using the first connection random factor, the second connection random decryption factor, and the first binding factor at the card sleeve end; similarly, the simulation card can also generate a simulation card end secure transmission key between the card sleeve and the simulation card by using the second connection random factor, can also generate a simulation card end secure transmission key between the card sleeve and the simulation card by using the first connection random decryption factor and the second connection random factor, and can also generate a simulation card end secure transmission key between the card sleeve and the simulation card by using the first connection random decryption factor, the second connection random factor and the simulation card end binding factor; the card sleeve and the simulation card only need to generate a secure transmission key by adopting the same algorithm with the same parameters. Therefore, in the invention, the secure transmission key factor at the card sleeve end can be the second connection random decryption factor, or the second connection random decryption factor and the first connection random factor; the secure transmission key factor may be the second connection random factor at the analog card end, or the second connection random factor and the first connection random decryption factor. In addition, the secure transmission key may include an encryption/decryption key and/or a verification key, the data transmission may be ensured by using the encryption/decryption key to participate in the data transmission, and the data transmission may be ensured to be complete by using the verification key to participate in the data transmission.
Certainly, in the present invention, the step of generating the secure transmission key of the analog card end between the card sleeve and the analog card by using at least the second connection random factor by the analog card is not limited to the step in the first embodiment, the secure transmission key of the analog card end may be generated after the analog card generates the second connection random factor, or the secure transmission key of the analog card end may be generated after receiving the success information sent by the card sleeve after the card sleeve verifies that the decrypted first connection random decryption factor is the same as the first connection random factor.
Therefore, based on the safe connection established between the card sleeve and the simulation card, the safety of data transmission can be improved, and meanwhile, whether both sides are bound or not can be verified, so that the safety is further improved.
In addition, the invention is not limited to the card sleeve initiating the establishment of the secure connection, and the card sleeve can trigger the analog card to initiate the establishment of the secure connection, at this time, the analog card sends the first secure connection instruction to the card sleeve, and other processes can be realized in contrast to the process implementation main body, and are not described in detail herein.
And secondly, mutually authenticating the identity of the other party (for example mutually authenticating the signature data of the other party) by the card sleeve and the simulation card again, generating a secure transmission key factor in the process of mutually authenticating the identity of the other party again, generating a secure transmission key (a first secure transmission key at the card sleeve end and a secure transmission key at the simulation card end) for data secure transmission between the card sleeve and the simulation card by using at least the stored binding factor and the secure transmission key factor after mutually authenticating the identity of the other party again, and verifying whether the secure transmission keys generated by the two parties are the same.
The invention provides a specific implementation of the second mode:
fig. 5 shows a flowchart of a second method for establishing a secure connection between the card sleeve and the analog card in the data interaction method provided by the embodiment of the present invention, and referring to fig. 5, establishing a secure connection between the card sleeve and the analog card includes:
the card sleeve receives a third connection random factor generated by the simulation card sent by the simulation card and the unique identification of the simulation card; specifically, the third connection random factor may be a random number, a random character, or a combination thereof generated by the analog card, and certainly, after the third connection random factor is generated, the randomness of the third connection random factor may also be verified, so as to improve the randomness of the third connection random factor and prevent cracking. Before the step, the simulation card generates a third connection random factor, and after the card sleeve detects the simulation card, the simulation card sends the third connection random factor and the unique simulation card identifier to the card sleeve.
The cutting ferrule sends the second safety connection instruction that is used for instructing to establish safe connection to the simulation card, wherein, second safety connection instruction includes: the card sleeve unique identification, a third connection ciphertext obtained by encrypting the third connection random factor and the generated fourth connection random factor by the card sleeve by using a simulation card public key in a simulation card certificate, and a third connection signature obtained by signing the third connection random factor and the fourth connection random factor by using a card sleeve private key by the card sleeve; specifically, before data interaction is performed between the card sleeve and the simulation card, optionally, a secure connection is established between the card sleeve and the simulation card, so as to improve the security of subsequent data interaction. The second secure connection instruction received by the card sleeve and used for indicating establishment of secure connection may be generated for a connection physical key separately arranged on the card sleeve, or may be generated for a connection virtual key on a touch screen of the card sleeve, or may be generated after a power-on password is verified correctly, or may be generated after a simulated card is pulled out from the card sleeve, or may be generated by selecting a connection function in a menu displayed on a screen of the card sleeve, or may be generated after a card sleeve end real card information list is obtained in the card sleeve, and a user selects a real card from the list. Of course, the present invention is not limited thereto, and may be generated in any other manner. Specifically, the card sleeve encrypts the third connection random factor and the generated fourth connection random factor by using the simulated card public key to ensure the transmission security of the third connection random factor and the generated fourth connection random factor, and signs the third connection random factor and the generated fourth connection random factor by using the card sleeve private key to ensure that the subsequent simulated card can authenticate the legality of the identity of the card sleeve. In addition, the fourth connection random factor may be a random number, a random character or a combination thereof generated by the card sleeve, and certainly, after the fourth connection random factor is generated, the randomness of the fourth connection random factor may also be verified, so as to improve the randomness of the fourth connection random factor and prevent cracking; optionally, before the step, after the card sleeve receives the unique identifier of the simulation card, the card sleeve may determine whether the simulation card is in the first binding list at the card sleeve end according to the unique identifier of the simulation card, and only after determining that the simulation card is in the first binding list at the card sleeve end, the subsequent process is executed, so that the process is optimized, and the efficiency is improved.
The simulation card receives a second safety connection instruction and judges whether the unique identification of the card sleeve is in a binding list of the simulation card end; specifically, the simulation card judges whether the card sleeve is in a simulation card end binding list or not according to the received unique card sleeve identifier; only after the card sleeve is judged to be in the binding list of the simulation card end, the subsequent process is executed, the process is optimized, and the efficiency is improved.
If the unique identifier of the card sleeve is in the binding list of the analog card end, the analog card decrypts the third connection ciphertext by using the analog card private key to obtain a third connection random decryption factor and a fourth connection random decryption factor; specifically, the third connection ciphertext is decrypted by using the simulated card private key, and if a data transmission error occurs in data transmission or tampering occurs in data transmission, the third connection ciphertext cannot be successfully decrypted, or the obtained third connection random decryption factor and the fourth connection random decryption factor are different from the third connection random factor and the fourth connection random factor. And the simulated card public key is used for encryption, only the simulated card private key can be successfully decrypted, and therefore the security of data decryption can be ensured.
The simulation card verifies the third connection signature by using the card sleeve public key, the third connection random decryption factor and the fourth connection random decryption factor in the card sleeve certificate; specifically, the simulated card verifies the signature sent by the card sleeve by using the card sleeve public key to ensure the legal source of the data.
After the simulation card verifies that the third connection signature is correct, verifying whether the third connection random decryption factor is the same as the third connection random factor; specifically, the third connection random factor generated by the analog card verification itself is the same as the third connection random decryption factor, so that it can be ensured that the data is not tampered, and the encrypted data source is indeed the object for the analog card to send the third connection random factor.
If the third connection random decryption factor is the same as the third connection random factor, the simulation card signs the third connection random decryption factor and the fourth connection random decryption factor by using a simulation card private key to obtain a fourth connection signature; specifically, the simulation card signs the third connection random decryption factor and the fourth connection random decryption factor by using the simulation card private key so as to ensure that the subsequent card sleeve can authenticate the validity of the identity of the simulation card.
The simulated card sends a second secure connection response to the card sleeve, wherein the second secure connection response comprises: a fourth concatenated signature; specifically, the analog card sends the fourth connection signature to the card sleeve so that the card sleeve verifies the received data.
The card sleeve receives the second secure connection response, and verifies a fourth connection signature by using a simulated card public key, a third connection random factor and a fourth connection random factor in the simulated card certificate; specifically, the card sleeve verifies the signature sent by the analog card by using the analog card public key so as to ensure the legal source of the data.
After the card sleeve verifies that the fourth connection signature is correct, generating a card sleeve end first safe transmission key between the card sleeve and the simulation card by using at least a fourth connection random factor and a card sleeve end first binding factor; the simulation card generates a simulation card end safe transmission key between the card sleeve and the simulation card by using at least a fourth connection random decryption factor and a simulation card end binding factor; specifically, the card sleeve may generate a first secure transmission key at the card sleeve end between the card sleeve and the simulation card by using the fourth connection random factor and the first binding factor at the card sleeve end, or may generate a first secure transmission key at the card sleeve end between the card sleeve and the simulation card by using the third connection random factor, the fourth connection random factor and the first binding factor at the card sleeve end; similarly, the simulation card can also generate a simulation card end secure transmission key between the card sleeve and the simulation card by using the fourth connection random decryption factor and the simulation card end binding factor, and also generate a simulation card end secure transmission key between the card sleeve and the simulation card by using the third connection random factor, the fourth connection random decryption factor and the simulation card end binding factor; the card sleeve and the simulation card only need to generate a secure transmission key by adopting the same algorithm with the same parameters. Therefore, in the invention, the secure transmission key factor at the card sleeve end can be a fourth connection random factor, or a third connection random factor and a fourth connection random factor; the secure transmission key factor may be a fourth concatenation random decryption factor at the analog card end, or a third concatenation random factor and a fourth concatenation random decryption factor. In addition, the secure transmission key may include an encryption/decryption key and/or a verification key, the data transmission may be ensured by using the encryption/decryption key to participate in the data transmission, and the data transmission may be ensured to be complete by using the verification key to participate in the data transmission.
The card sleeve sends the third connection random factor and the fourth connection random factor to the simulation card after carrying out first processing on the third connection random factor and the fourth connection random factor by using a card sleeve end first secure transmission key; the simulation card performs first processing on the third connection random decryption factor and the fourth connection random decryption factor by using a simulation card end secure transmission key and then sends the processed results to the card sleeve; specifically, the two parties perform first processing on data by using the respective generated secure transmission keys and then send the data to the other party, so that the other party can verify whether the secure transmission keys generated by the two parties are the same.
The card sleeve receives data sent by the simulation card, performs second processing on the received data by using a first secure transmission key at the card sleeve end, and compares whether the second processed data is the same as a third connection random factor and a fourth connection random factor; and the simulation card receives the data sent by the card sleeve, performs second processing on the received data by using the safety transmission key at the simulation card end, and compares whether the data after the second processing is the same as the third connection random decryption factor and the fourth connection random decryption factor. Specifically, after the two parties perform the second processing on the received data by using the respective generated secure transmission keys, the two parties respectively compare whether the second processed data is the same as the respective sent data, and if the second processed data is the same as the respective sent data, the secure transmission keys generated by the two parties are the same, so that the two parties can be ensured to perform the secure data transmission by using the respective generated secure transmission keys. In addition, when the same safe transmission key is generated by both parties, the same stored binding factor can be verified, the other party is further verified to be a real binding object, and the safety of subsequent data transmission is further improved.
Certainly, in the present invention, the step of generating the secure transmission key of the analog card end by simulating the card is not limited to the step in the second mode, and the secure transmission key of the analog card end may be generated after the fourth connection random decryption factor is obtained by decryption, or the secure transmission key of the analog card end may be generated after the card sleeve verifies that the fourth connection signature sent by the analog card is correct and receives the success information sent by the card sleeve; the step of generating the first secure transmission key at the card sleeve end by the card sleeve is not limited to the step in the second embodiment, and the first secure transmission key at the card sleeve end may also be generated after the card sleeve generates the fourth connection random factor.
Therefore, based on the safe connection established between the card sleeve and the simulation card, the safety of data transmission can be improved, and meanwhile, whether both sides are bound or not can be verified, so that the safety is further improved.
In addition, the invention is not limited to the card sleeve initiating the establishment of the secure connection, and the card sleeve can trigger the analog card to initiate the establishment of the secure connection, at this time, the analog card sends a second secure connection instruction to the card sleeve, and other processes can be realized in contrast to the process implementation main body, and are not described in detail herein.
2. The safe connection is established with real card manager to the cutting ferrule, obtains cutting ferrule end second safety transmission key and real card manager end safety transmission key that carry out data safety transmission between cutting ferrule and the real card manager:
in the invention, the card sleeve and the real card manager can establish a secure connection in the following way:
in the first mode, the card sleeve and the real card manager mutually authenticate the identity of the other party again, and in the process of mutually authenticating the identity of the other party again, whether the binding factors stored by the two parties are the same or not is compared, and after the binding factors stored by the two parties are compared to be the same and the identity of the other party is mutually authenticated again, a secure transmission key (a second secure transmission key at the card sleeve end and a secure transmission key at the real card manager end) for data secure transmission between the card sleeve and the real card manager is generated.
The scheme that the card sleeve and the real card manager adopt the first mode to establish the safe connection is different from the scheme that the card sleeve and the simulation card adopt the first mode to establish the safe connection only in that:
firstly, the execution main bodies are different: in the scheme that the card sleeve and the real card manager establish the safe connection in the first mode, the executing main bodies are the card sleeve and the real card manager; in the scheme of establishing the safe connection between the card sleeve and the simulation card in the first mode, the execution main body is the card sleeve and the simulation card. The card sleeve executes the same operation in the two schemes, and the real card manager and the simulation card execute the same operation in the two schemes.
Secondly, the generation modes of the safe connection instruction are different: in the first scheme of establishing the secure connection between the card sleeve and the real card manager, the third secure connection instruction may be generated by a connection physical key separately provided on the card sleeve, or may be generated by a connection virtual key on a touch screen of the card sleeve, or may be generated after the boot password is verified to be correct, or may be generated when the card sleeve sends a login request to the real card manager, or may be generated by selecting a connection function in a menu displayed on a screen of the card sleeve.
In the following, only the scheme of the secure connection between the card case and the real card manager will be briefly described, and will not be described in detail.
Fig. 6 is a flowchart illustrating a first method for establishing a secure connection between a card sleeve and a real card manager in a data interaction method according to an embodiment of the present invention, where referring to fig. 6, establishing a secure connection between a card sleeve and a real card manager includes:
the card sleeve sends a third secure connection instruction for indicating establishment of secure connection to the real card manager, wherein the third secure connection instruction comprises: the card sleeve encrypts the second binding factor of the card sleeve end and the generated fifth connection random factor by using a real card manager public key in a real card manager certificate to obtain a fifth connection ciphertext, and the card sleeve signs the second binding factor of the card sleeve end and the fifth connection random factor by using a card sleeve private key to obtain a fifth connection signature;
The real card manager receives the third safe connection instruction, decrypts the fifth connection ciphertext by using a private key of the real card manager, and obtains a second binding decryption factor of the card sleeve end and a fifth connection random decryption factor;
the real card manager verifies the fifth connection signature by using the card sleeve public key, the second binding decryption factor and the fifth connection random decryption factor in the card sleeve certificate;
after the real card manager verifies that the fifth connection signature is correct, verifying whether the second binding decryption factor of the card sleeve end is the same as the binding factor of the real card manager end;
the real card manager verifies that the second binding decryption factor of the card sleeve end is the same as the binding factor of the real card manager end, and then generates a sixth connection random factor;
the real card manager encrypts the fifth connection random decryption factor and the sixth connection random factor by using a card sleeve public key in the card sleeve certificate to obtain a sixth connection ciphertext, and signs the fifth connection random decryption factor and the sixth connection random factor by using a real card manager private key to obtain a sixth connection signature;
the real card manager sends a third secure connection response to the card sleeve, wherein the third secure connection response comprises: a sixth concatenated ciphertext and a sixth concatenated signature;
The card sleeve receives the third secure connection response, decrypts the sixth connection ciphertext by using a card sleeve private key, and obtains a decrypted fifth connection random decryption factor and a decrypted sixth connection random decryption factor;
the card sleeve verifies the sixth connection signature by using the real card manager public key, the decrypted fifth connection random decryption factor and the sixth connection random decryption factor in the real card manager certificate;
after the card sleeve verifies that the sixth connection signature is correct, verifying whether the decrypted fifth connection random decryption factor is the same as the fifth connection random factor;
after the card sleeve verifies that the decrypted fifth connection random decryption factor is the same as the fifth connection random decryption factor, generating a card sleeve end second secure transmission key between the card sleeve and the real card manager by using at least the sixth connection random decryption factor; and the real card manager generates a real card manager end secure transmission key between the card sleeve and the real card manager by using at least the sixth connecting random factor.
Certainly, in the present invention, the step of the real card manager generating the real card manager end secure transmission key between the card sleeve and the real card manager by using at least the sixth connection random factor is not limited to the step in the first embodiment, and the real card manager end secure transmission key may be generated after the real card manager generates the sixth connection random factor, or the real card manager end secure transmission key may be generated after the card sleeve verifies that the decrypted fifth connection random decryption factor is the same as the fifth connection random factor and receives the success information sent by the card sleeve.
Therefore, based on the safe connection established between the card sleeve and the real card manager, the safety of data transmission can be improved, and meanwhile, whether both sides are bound or not can be verified, so that the safety is further improved.
In addition, the invention is not limited to the card sleeve initiating the establishment of the secure connection, and the card sleeve can trigger the real card manager to initiate the establishment of the secure connection, at this time, the real card manager sends a third secure connection instruction to the card sleeve, and other processes can be realized by being opposite to the process implementation main body, and are not described in detail herein.
And secondly, mutually authenticating the identity of the other party by the card sleeve and the real card manager again, generating a secure transmission key factor in the process of mutually authenticating the identity of the other party again, generating a secure transmission key (a second secure transmission key at the card sleeve end and a secure transmission key at the real card manager end) for data secure transmission between the card sleeve and the real card manager by using at least the stored binding factor and the secure transmission key factor after mutually authenticating the identity of the other party, and verifying whether the secure transmission keys generated by the two parties are the same.
The scheme that the card sleeve and the real card manager adopt the second mode to establish the safe connection is different from the scheme that the card sleeve and the simulation card adopt the second mode to establish the safe connection only in that:
Firstly, the execution main bodies are different: in the scheme that the card sleeve and the real card manager establish safe connection in the second mode, the executing main bodies are the card sleeve and the real card manager; in the scheme of establishing the safe connection between the card sleeve and the simulation card in the second mode, the execution main body is the card sleeve and the simulation card. The card sleeve executes the same operation in the two schemes, and the real card manager and the simulation card execute the same operation in the two schemes.
Secondly, the generation modes of the safe connection instruction are different: in the scheme of establishing the secure connection in the second mode by the card sleeve and the real card manager, the fourth secure connection instruction may be generated by a connection physical key separately provided on the card sleeve, or may be generated by a connection virtual key on a touch screen of the card sleeve, or may be generated after the boot password is verified to be correct, or may be generated when the card sleeve sends a login request to the real card manager, or may be generated by selecting a connection function in a menu displayed on a screen of the card sleeve.
In the following, only the scheme of secure connection between the card sleeve and the real card manager in the second mode will be briefly described, and will not be described in detail herein.
Fig. 7 shows a flowchart of a second method for establishing a secure connection between the card sleeve and the real card manager in the data interaction method provided by the embodiment of the present invention, and referring to fig. 7, establishing a secure connection between the card sleeve and the real card manager includes:
the card sleeve receives a seventh connection random factor and a unique identifier of the real card manager, which are sent by the real card manager and generated by the real card manager;
the card sleeve sends a fourth safety connection instruction for indicating to establish safety connection to the real card manager, wherein the fourth safety connection instruction comprises: the card sleeve unique identification, a seventh connection ciphertext obtained by encrypting the seventh connection random factor and the generated eighth connection random factor by the card sleeve by using a real card manager public key in a real card manager certificate, and a seventh connection signature obtained by signing the seventh connection random factor and the eighth connection random factor by using a card sleeve private key by the card sleeve;
the real card manager receives the fourth safe connection instruction and judges whether the unique identifier of the card sleeve is in the real card manager end binding list or not;
if the unique card sleeve identifier is in the real card manager end binding list, the real card manager decrypts the seventh connection ciphertext by using a real card manager private key to obtain a seventh connection random decryption factor and an eighth connection random decryption factor;
The real card manager verifies the seventh connection signature by using the card sleeve public key, the seventh connection random decryption factor and the eighth connection random decryption factor in the card sleeve certificate;
after the real card manager verifies that the seventh connection signature is correct, verifying whether the seventh connection random decryption factor is the same as the seventh connection random factor;
if the seventh connection random decryption factor is the same as the seventh connection random factor, the real card manager signs the seventh connection random decryption factor and the eighth connection random decryption factor by using a private key of the real card manager to obtain an eighth connection signature;
the real card manager sends a fourth secure connection response to the card sleeve, wherein the fourth secure connection response comprises: an eighth concatenated signature;
the card sleeve receives the fourth secure connection response, and verifies the eighth connection signature by using the real card manager public key, the seventh connection random factor and the eighth connection random factor in the real card manager certificate;
after the card sleeve verifies that the eighth connection signature is correct, generating a card sleeve end second secure transmission key between the card sleeve and the real card manager by using at least an eighth connection random factor and a card sleeve end second binding factor; the real card manager generates a real card manager end secure transmission key between the card sleeve and the real card manager by using at least the eighth connection random decryption factor and the real card manager end binding factor;
The card sleeve sends the seventh connection random factor and the eighth connection random factor to the real card manager after carrying out first processing on the seventh connection random factor and the eighth connection random factor by using a second secure transmission key at the card sleeve end; the real card manager performs first processing on the seventh connection random decryption factor and the eighth connection random decryption factor by using a real card manager end secure transmission key and then sends the processed results to the card sleeve;
the card sleeve receives the data sent by the real card manager, carries out second processing on the received data by using a second secure transmission key at the card sleeve end, and compares whether the second processed data is the same as the seventh connection random factor and the eighth connection random factor; and the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using the secure transmission key of the real card manager, and compares whether the data after the second processing is the same as the seventh connection random decryption factor and the eighth connection random decryption factor.
Therefore, based on the safe connection established between the card sleeve and the real card manager, the safety of data transmission can be improved, and meanwhile, whether both sides are bound or not can be verified, so that the safety is further improved.
Certainly, in the present invention, the step of generating the secure transmission key of the real card manager end by the real card manager is not limited to the step in the second mode, and the secure transmission key of the real card manager end may be generated after the eighth connection random decryption factor is obtained through decryption, or the secure transmission key of the real card manager end may be generated after the card sleeve verifies that the eighth connection signature sent by the real card manager is correct, and the successful information sent by the card sleeve is received; the step of generating the second secure transmission key at the card sleeve end by the card sleeve is not limited to the step in the second embodiment, and the second secure transmission key at the card sleeve end may also be generated after the eighth connection random factor is generated by the card sleeve.
In addition, the invention is not limited to the card sleeve initiating the establishment of the secure connection, and the card sleeve can trigger the real card manager to initiate the establishment of the secure connection, at this time, the real card manager sends the fourth secure connection instruction to the card sleeve, and other processes can be realized by being opposite to the process implementation main body, and are not described in detail herein.
In addition, before the card sleeve and the real card manager establish safe connection and obtain a second safe transmission key at the card sleeve end for data safe transmission between the card sleeve and the real card manager and a safe transmission key at the real card manager end, the card sleeve sends a login request to the real card manager; specifically, the login request may be generated for a login physical key separately arranged on the card sleeve, or may be generated for a login virtual key on a touch screen of the card sleeve, or may be generated after the boot password is verified correctly, or may be generated for selecting a login function in a menu displayed on a screen of the card sleeve; the login request may include a unique identification of the card sleeve so that the real card manager knows which card sleeve requests to login.
Send the login request to real card manager at the cutting ferrule, the cutting ferrule establishes safe connection with real card manager, obtains between cutting ferrule and the real card manager to carry out after cutting ferrule end second safety transmission key and the real card manager end safety transmission key of data safety transmission:
the card sleeve performs first processing on the received login password through a second secure transmission key at the card sleeve end and then sends the processed login password to the real card manager; specifically, the card sleeve can prompt the user to input a login password, after the user inputs the login password, the login password is subjected to first processing by using a second secure transmission key at the card sleeve end and then is sent to the real card manager, and therefore the security of login password transmission can be improved.
The real card manager receives the data sent by the card sleeve, and verifies the correctness of the data after second processing after the received data is subjected to second processing by utilizing the safe transmission key of the real card manager; specifically, after the real card manager performs second processing on data sent by the card sleeve by using the real card manager end secure transmission key, the login password input by the user is obtained and compared with the stored legal login password, and the card sleeve is allowed to log in the real card manager only when the login password input by the user is the same as the stored legal login password, so that the login security is improved, and the security of subsequent data transmission is ensured. If the real card manager has the alarm function, a legal login password and a legal alarm password can be set in the real card manager in advance, and at the moment, the real card manager performs second processing on received data by using a real card manager end safety transmission key to obtain a password to be verified; the real card manager judges whether the password to be verified is an alarm password; if the password to be verified is the alarm password, the real card manager determines that the password to be verified passes the verification and executes the alarm operation; and if the password to be verified is not the alarm password and is the login password, the real card manager determines that the password to be verified passes the verification. Due to the fact that the alarm password is set, when the login password input by the user is the alarm password, the real card manager can recognize that the current login has safety risks and execute alarm operation (for example, the real card manager sends an alarm short message, dials an alarm phone to law enforcement departments, and the like).
And after the real card manager verifies that the data processed by the second processing passes, the card sleeve logs in the real card manager.
Therefore, before the secure connection between the card sleeve and the real card manager is established, the card sleeve initiates a login request in advance, the establishment of the secure connection is triggered while the card sleeve sends the login request, and the login password is verified after the secure connection is established, so that the process can be saved, and the processing speed is increased.
Thirdly, generating and updating a real card information list:
1. and (3) generating and updating a real card information list at the real card manager end:
the real card manager generates the real card information list of the real card manager end in the following way, of course, the invention is not limited to this:
the real card manager detects a real card connected with the real card manager; specifically, the real card manager detects a contact interface and/or a non-contact interface arranged thereon to determine whether a real card is connected to the real card manager, and may sequentially detect whether a real card is connected thereto, or may simultaneously detect whether a real card is connected thereto. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so that a user may make different settings according to security requirements for the real cards, for example, the real card manager may be configured to set real card information that does not allow some real cards to be acquired, thereby ensuring security of the real cards.
Real card manager detects the real card back of being connected with real card manager, acquires the real card information of real card, and wherein, real card information includes at least: a card number; specifically, when detecting that a real card is connected with the real card manager, the real card manager reads real card information stored in the real card connected with the real card manager, and finally obtains real card information of all real cards connected with the real card manager. The real card information may include information such as card authentication information and an issuer identification of the real card, in addition to the card number.
And after acquiring the real card information of the real card, the real card manager generates a real card information list of the real card manager. Specifically, after the real card manager acquires the real card information of the real card connected with the real card manager, a real card information list of the real card manager is generated, so that a subsequent card sleeve can acquire the real card information list of the real card manager, and subsequent use is facilitated. Alternatively, the real card manager may acquire real card information of a real card set by the user to be allowed to be acquired.
In addition, the real card manager generates a real card manager end identification list in addition to the real card manager end real card information list, and the identification in the real card manager end identification list is in one-to-one correspondence with the real card information in the real card manager end real card information list. Specifically, the identifier in the real card manager identifier list may uniquely identify the corresponding real card, and the identifier may be: the identifier indicating whether the contact interface and/or the contactless interface has a real card connected thereto (for example, 1 represents that the real card is present, and 0 represents that the real card is absent), or the identifier may be one of information such as an issuer code of the real card (for example, when the real card is a bank card, the code is a bank code), a tail number of the card number of the real card, a check value (for example, a CRC check value, etc.) of the card number of the real card, and the like, or any combination thereof. The real card manager generates the real card manager end identification list, so that the subsequent card sleeve can update the real card information list conveniently.
Certainly, the real card manager can detect and generate a real card information list of the real card manager after the real card manager is started up every time; or after the real card is detected by triggering through a functional key (a physical key or a virtual key) provided by the real card manager, a real card information list of the real card manager end is regenerated; or the real card manager can execute the operation of adding and/or deleting the real card information to the real card information list every time the real card manager detects that the real card is plugged in or pulled out or enters and leaves.
Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so that a user may make different settings according to security requirements for the real cards, for example, the real card manager may be configured to set real card information that does not allow some real cards to be acquired, thereby ensuring security of the real cards.
Specifically, the real card manager may partition the contact interface and/or the non-contact interface into a common card area and an important card area according to a difference in a usage safety factor. For example: real cards such as a user's small value card, a subsidiary card, a bus card and the like related to a smaller amount of money are placed in a common card area, and real cards such as a user's large value card, a credit card main card and the like related to a larger amount of money are placed in an important card area.
After the real card manager partitions the contact type interface and/or the non-contact type interface, reading a common card area allowing to acquire real card information of a real card so as to acquire the real card information of the real card connected in the common card area; the important card area which does not allow to acquire the real card information of the real card cannot be read, and the real card information of the real card connected in the important card area cannot be acquired. From this, can only contain the true card information of the true card of the regional connection of ordinary card in the true card information list of true card manager end that real card manager generated, the real card information of the true card that the cutting ferrule can acquire the regional connection of ordinary card, can't acquire the true card information of the true card of the regional connection of important card, for example: the real card in the common card area is visible to the card sleeve, and the card sleeve can be directly connected with the card sleeve for use; the real card in the important card area is invisible to the card sleeve, the card sleeve cannot be directly connected with the card sleeve for use, if the real card in the important card area needs to be connected for use, the card in the important card area needs to be set in one of the following modes, so that the card sleeve can be connected with all or part of the real cards in the important card area for use:
The card sleeve only has the authority of connecting and using all real cards in a common card area and does not have the authority of connecting and using the real cards in a key card area after a user inputs a login password, if the real cards in the key card area need to be connected and used, a physical key can be arranged on a real card manager, a virtual key can be arranged on the real card manager, or a function menu can be arranged on the real card manager, so that the user can set the authority of connecting and using the real cards in the key card area on the real card manager. For example: the user can press the options in the physical key, the virtual key or the function menu in a manual mode, and the card sleeve is started to have the authority of connecting and using all or part of real cards in the important card area, so that the card sleeve can be connected and used with real cards with the authority opened in the important card area.
And secondly, after the user inputs the login password, the card sleeve only has the authority of connecting and using all real cards in the common card area, and does not have the authority of connecting and using the real cards in the important card area, if the real cards in the important card area need to be connected and used, a client side can be arranged on the real card manager, or a control terminal (such as a PC (personal computer), a smart phone, a tablet personal computer and the like) connected with the real card manager is arranged on the control terminal, the user sets the authority through logging in the client side to open or close the authority of connecting and using all or part of the real cards in the important card area, so that the card sleeve can be connected and used with the real cards with the opened authority in the important card area.
In a third mode, after the user inputs the login password, the card sleeve only has the authority of connecting and using all real cards in the common card area and does not have the authority of connecting and using the real cards in the important card area, if the real cards in the important card area need to be connected and used, the authority password can be set on the real card manager, the user can initiate an authority setting request to the real card manager through the card sleeve, the real card manager only receives the authority setting request and the authority password input by the user, after the right password input by the user is verified to be correct, the right of the card sleeve for connecting and using all or part of the real cards in the important card area can be opened or closed, so that the sleeve can be connected with the real card with open authority in the important card area for use. Wherein, the authority password is different from the login password and the alarm password. Of course, if the real card manager verifies that the authority password input by the user is incorrect, the setting of the authority for connecting all or part of the real cards in the important card area is not performed.
2. Updating a card sleeve end real card information list:
in the invention, the card sleeve end real card information list acquired by the card sleeve is a real card manager end real card information list acquired from a real card manager.
The updating of the card sleeve end real card information list can comprise the following modes:
the method comprises the following steps that after the card sleeve logs in the real card manager, the real card manager judges whether the updating operation of the real card information list of the card sleeve end needs to be carried out:
one implementation of the first mode is provided as follows:
the card sleeve searches a card sleeve end identification list; specifically, the card sleeve end identification list is a real card manager end identification list acquired by the card sleeve from a real card manager.
If the card sleeve finds the card sleeve end identification list, the card sleeve end identification list is subjected to first processing by using a card sleeve end second safety transmission key and then is sent to a real card manager, the real card manager receives data sent by the card sleeve, the received data is subjected to second processing by using a real card manager end safety transmission key, whether the data after the second processing is the same as the real card manager end identification list stored by the real card manager is judged, if the data is not the same as the real card manager end identification list, the real card manager performs first processing on an update instruction and update data by using the real card manager end safety transmission key and then sends the update instruction and the update data to the card sleeve, the card sleeve receives the data sent by the real card manager, and updates the card sleeve end real card information list after performing second processing on the received data by using the card sleeve end second safety transmission key; specifically, updating the card sleeve end real card information list can be performed in the following manner: the card sleeve executes addition and/or deletion operation on a card sleeve end real card information list according to the update instruction and the update data after receiving the update instruction and the update data; or the updating instruction sent by the real card manager comprises an adding and/or deleting instruction, the updating data comprises an identifier corresponding to real card information needing to be added or deleted, and the card sleeve executes adding and/or deleting operation on the real card information list of the card sleeve end according to the updating instruction and the updating data after receiving the updating instruction and the updating data; or the updating instruction sent by the real card manager comprises a replacing instruction, the updating data comprises a latest real card manager end real card information list, and the card sleeve executes replacing operation on the card sleeve end real card information list according to the updating instruction and the updating data after receiving the updating instruction and the updating data.
If the card sleeve end identification list is not found, the card sleeve end second safety transmission key is utilized to carry out first processing on the preset identification and then send the preset identification to the real card manager, the real card manager receives data sent by the card sleeve, the real card manager carries out second processing on the received data by utilizing the real card manager end safety transmission key, the real card manager determines that the second processed data is used for indicating that the card sleeve end does not store the card sleeve end identification list, the real card manager end safety transmission key is utilized to carry out first processing on the updating instruction and the updating data and then sends the updating instruction and the updating data to the card sleeve, the card sleeve receives the data sent by the real card manager, and the card sleeve end real card information list is updated after the second processing is carried out on the received data by utilizing the card sleeve end second safety transmission key. Specifically, updating the card sleeve end real card information list can be performed in the following manner: the updating instruction sent by the real card manager comprises a storage instruction, the updating data comprises a latest real card manager end real card information list, and the card sleeve executes storage operation on the card sleeve end real card information list according to the updating instruction and the updating data after receiving the updating instruction and the updating data.
Based on the implementation scheme of the first mode, the card sleeve judges whether the card sleeve end identification list is consistent or not by sending the card sleeve end identification list to the real card manager, and the data volume of the card sleeve end identification list is far smaller than that of the card sleeve end real card information list, so that the data volume of data transmission is reduced, the data transmission rate is improved, and the judgment rate of the real card manager is also improved. If the card sleeve is used for the first time, the card sleeve does not store the card sleeve end identification list, at the moment, a preset identification is sent to the real card manager, so that the real card manager sends the real card manager end identification list and the real card manager end real card information list to the card sleeve, and the preset identification can be a null identification, a predefined numerical value, a predefined character and the like.
Of course, the present invention is not limited to the above implementation scheme of the first mode, and when the card sleeve and the real card manager do not store the identification list, the update of the real card information list at the card sleeve end can be realized through one of the following modes:
directly sending a card sleeve end real card information list to a real card manager by the card sleeve so as to judge whether to update after the real card manager compares; or
The card sleeve sends the list number of the card sleeve end real card information list to a real card manager so that the real card manager can compare whether the list numbers are the same and judge whether to update; or
After receiving an updating instruction input by a user, the real card manager sends a real card information list of the real card manager end to the card sleeve.
Of course, after the real card manager judges that the update is needed, the real card manager can also send an update inquiry request to the card sleeve, and the card sleeve prompts the update inquiry request to the user so that the user can confirm whether the update is needed or not.
Mode two, behind the real card manager of cutting ferrule login, the cutting ferrule judges whether need carry out the real card information list update operation of cutting ferrule end:
the real card manager sends the real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing a real card manager end safety transmission key;
the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged; specifically, if the card sleeve is used for the first time or the real card manager end identification list is never downloaded successfully, and the card sleeve end identification list is not stored, it is determined that the card sleeve end identification list is different.
If not, the card sleeve sends an updating request to the real card manager;
the real card manager receives the updating request, performs first processing on the updating instruction and the updating data by using the real card manager end secure transmission key, and then sends the updating instruction and the updating data to the card sleeve;
and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end. Specifically, updating the card sleeve end real card information list can be performed in the following manner: the card sleeve executes addition and/or deletion operation on a card sleeve end real card information list according to the update instruction and the update data after receiving the update instruction and the update data; or the updating instruction sent by the real card manager comprises an adding and/or deleting instruction, the updating data comprises an identifier corresponding to real card information needing to be added or deleted, and the card sleeve executes adding and/or deleting operation on the real card information list of the card sleeve end according to the updating instruction and the updating data after receiving the updating instruction and the updating data; or the updating instruction sent by the real card manager comprises a replacing instruction, the updating data comprises a latest real card manager end real card information list, and the card sleeve executes replacing operation on the card sleeve end real card information list according to the updating instruction and the updating data after receiving the updating instruction and the updating data.
Based on the above implementation scheme of the second mode, the real card manager sends the real card manager end identification list to the card sleeve to judge whether the real card manager end identification list is consistent or not, and the data volume of the real card manager end identification list is far smaller than that of the real card manager end real card information list, so that the data volume of data transmission is reduced, the data transmission rate is improved, and the judgment rate of the card sleeve is also improved. If the card sleeve is used for the first time, the card sleeve does not store the card sleeve end identification list, and at the moment, after the fact that the real card manager sends the real card manager end identification list is received, the updating request is directly sent so that the real card manager can send the real card manager end real card information list to the card sleeve.
Of course, the present invention is not limited to the above implementation scheme of the second mode, and when the card sleeve and the real card manager do not store the identification list, the update of the real card information list of the card sleeve end can be realized through one of the following modes:
the real card manager directly sends a real card manager end real card information list to the card sleeve so that the card sleeve can directly store the real card information list; or
The real card manager sends the list number of the real card information list of the real card manager to the card sleeve so that the card sleeve can compare whether the list numbers are the same and judge whether to update; or
After the card sleeve receives an updating instruction input by a user, the card sleeve sends an updating request to the real card manager, so that the real card manager directly issues a real card information list of the real card manager end and sends the real card information list to the card sleeve.
Certainly, after the card sleeve judges that the updating is needed, the user can be prompted to confirm whether the updating is needed or not, and after the user confirms that the updating is needed, the subsequent updating operation is executed.
The card sleeve provided by the invention has a heartbeat sleep mode besides a normal working mode, wherein the heartbeat sleep mode is a non-working mode with low power consumption, namely, unnecessary power consumption programs are closed. Specifically, the card sleeve can enter the heartbeat sleep mode after no operation within a preset time, and can also enter the heartbeat sleep mode under the control of the operation of a user.
The card sleeve can also judge whether to keep the safe connection established between the card sleeve and the real card manager or not in the heartbeat sleep mode, so that when the card sleeve is restored to the working mode from the heart sleep mode, the safe connection does not need to be established with the real card manager again, and convenience is improved.
The following provides a specific implementation manner for judging whether to keep the secure connection established between the card sleeve and the real card manager in the heartbeat sleep mode by the card sleeve:
The card sleeve sends detection information to a real card manager at intervals of first preset time under a heartbeat sleep mode;
the real card manager receives the detection information and sends response information to the card sleeve;
if the card sleeve does not receive the response information within the second preset time, the safe connection between the card sleeve and the real card manager is disconnected;
and if the card sleeve receives the response information within the second preset time, the card sleeve is kept in the safe connection with the real card manager.
The card sleeve does not receive the response information within the second preset time, which may be that the network between the card sleeve and the real card manager is unstable or the real card manager works abnormally, and at the moment, the safety connection between the card sleeve and the real card manager is disconnected, so that the safety is ensured; the card sleeve receives the response information within the second preset time, the card sleeve keeps safe connection with the real card manager, when the card sleeve recovers the working mode, safe connection does not need to be reestablished, and the card sleeve is convenient to use.
Of course, in the heartbeat sleep mode, the user may also select to manually disconnect the secure connection between the card sleeve and the real card manager, for example, to log out the card sleeve from the real card manager or perform a shutdown operation on the card sleeve.
The first preset time may be the same as or different from the second preset time.
The following provides a way for updating the real card information list of the card sleeve terminal in the heartbeat sleep mode:
mode three, behind the real card manager of cutting ferrule login, the cutting ferrule is under the heartbeat sleep mode, and the cutting ferrule judges whether need carry out the real card information list update operation of cutting ferrule end:
in the heartbeat sleep mode, if the card sleeve receives response information within second preset time and the response information also comprises update prompt information, the card sleeve stores the update prompt information; the updating prompt information informs the real card manager of the fact that the real card manager of the card sleeve has prompt information for updating the real card information list of the real card manager.
After the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve sends an updating triggering request to a real card manager; specifically, the ferrule may enter the working mode from the heartbeat sleep mode as follows: the card sleeve automatically enters the working mode after receiving the update prompt message, or the card sleeve enters the working mode after receiving an operation instruction input by a user (for example, an operation instruction input by a user through a key, and the like).
The real card manager receives the updating triggering request, and sends the real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing a real card manager end safety transmission key;
the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged; specifically, if the card sleeve is used for the first time or the real card manager end identification list is never downloaded successfully, and the card sleeve end identification list is not stored, it is determined that the card sleeve end identification list is different.
If not, the card sleeve sends an updating request to the real card manager;
the real card manager receives the updating request, performs first processing on the updating instruction and the updating data by using the real card manager end secure transmission key, and then sends the updating instruction and the updating data to the card sleeve;
and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end. Specifically, updating the card sleeve end real card information list can be performed in the following manner: the card sleeve executes addition and/or deletion operation on a card sleeve end real card information list according to the update instruction and the update data after receiving the update instruction and the update data; or the updating instruction sent by the real card manager comprises an adding and/or deleting instruction, the updating data comprises an identifier corresponding to real card information needing to be added or deleted, and the card sleeve executes adding and/or deleting operation on the real card information list of the card sleeve end according to the updating instruction and the updating data after receiving the updating instruction and the updating data; or the updating instruction sent by the real card manager comprises a replacing instruction, the updating data comprises a latest real card manager end real card information list, and the card sleeve executes replacing operation on the card sleeve end real card information list according to the updating instruction and the updating data after receiving the updating instruction and the updating data.
Based on the third implementation scheme, the real card manager sends the real card manager end identification list to the card sleeve to judge whether the real card manager end identification list is consistent with the card sleeve or not, and the data volume of the real card manager end identification list is far smaller than that of the real card manager end real card information list, so that the data volume of data transmission is reduced, the data transmission rate is improved, and the judging rate of the card sleeve is also improved. If the card sleeve is used for the first time, the card sleeve does not store the card sleeve end identification list, and at the moment, after the fact that the real card manager sends the real card manager end identification list is received, the updating request is directly sent so that the real card manager can send the real card manager end real card information list to the card sleeve.
Of course, the present invention is not limited to the implementation scheme of the third mode, and when the card sleeve and the real card manager do not store the identification list, the update of the real card information list at the card sleeve end can be realized through one of the following modes:
the real card manager directly sends a real card manager end real card information list to the card sleeve so that the card sleeve can directly store the real card information list; or
The real card manager sends the list number of the real card information list of the real card manager to the card sleeve so that the card sleeve can compare whether the list numbers are the same and judge whether to update; or
After the card sleeve receives an updating instruction input by a user, the card sleeve sends an updating request to the real card manager, so that the real card manager directly issues a real card information list of the real card manager end and sends the real card information list to the card sleeve.
After the card sleeve logs in the real card manager, the card sleeve is in a heartbeat sleep mode, and the real card manager judges whether the real card information list updating operation of the card sleeve end needs to be carried out:
the card sleeve is in a heartbeat sleep mode, and if the card sleeve receives response information within second preset time and the response information also comprises update prompt information, the card sleeve stores the update prompt information; the updating prompt information informs the real card manager of the fact that the real card manager of the card sleeve has prompt information for updating the real card information list of the real card manager.
After the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve performs first processing on a card sleeve end identification list by using a card sleeve end second secure transmission key and then sends the card sleeve end identification list to a real card manager; specifically, the ferrule may enter the working mode from the heartbeat sleep mode as follows: the card sleeve automatically enters the working mode after receiving the update prompt message, or the card sleeve enters the working mode after receiving an operation instruction input by a user (for example, an operation instruction input by a user through a key, and the like). If the card sleeve is used for the first time or the real card manager end identification list is never downloaded successfully, the card sleeve does not store the card sleeve end identification list, and at the moment, the card sleeve performs first processing on the preset identification by using a second secure transmission key of the card sleeve end and then sends the preset identification to the real card manager.
The real card manager receives the data sent by the card sleeve, and after second processing is carried out on the received data by utilizing a real card manager end safety transmission key, whether the second processed data is the same as a real card manager end identification list stored by the real card manager is judged; specifically, the real card manager receives the preset identifier and determines that the preset identifier is different.
If not, the real card manager performs first processing on the update instruction and the update data by using the real card manager end secure transmission key and then sends the update instruction and the update data to the card sleeve;
and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after performing second processing on the received data by using a second safe transmission key of the card sleeve end. Specifically, updating the card sleeve end real card information list can be performed in the following manner: the card sleeve executes addition and/or deletion operation on a card sleeve end real card information list according to the update instruction and the update data after receiving the update instruction and the update data; or the updating instruction sent by the real card manager comprises an adding and/or deleting instruction, the updating data comprises an identifier corresponding to real card information needing to be added or deleted, and the card sleeve executes adding and/or deleting operation on the real card information list of the card sleeve end according to the updating instruction and the updating data after receiving the updating instruction and the updating data; or the updating instruction sent by the real card manager comprises a replacing instruction, the updating data comprises a latest real card manager end real card information list, and the card sleeve executes replacing operation on the card sleeve end real card information list according to the updating instruction and the updating data after receiving the updating instruction and the updating data.
Based on the fourth implementation scheme, the card sleeve judges whether the card sleeve end identification list is consistent or not by sending the card sleeve end identification list to the real card manager, and the data volume of the card sleeve end identification list is far smaller than that of the card sleeve end real card information list, so that the data volume of data transmission is reduced, the data transmission rate is improved, and the judgment rate of the real card manager is also improved. If the card sleeve is used for the first time, the card sleeve does not store the card sleeve end identification list, at the moment, a preset identification is sent to the real card manager, so that the real card manager sends the real card manager end identification list and the real card manager end real card information list to the card sleeve, and the preset identification can be a null identification, a predefined numerical value, a predefined character and the like.
Of course, the present invention is not limited to the implementation scheme of the fourth mode, and when the card sleeve and the real card manager do not store the identification list, the update of the real card information list at the card sleeve end can be realized through one of the following modes:
directly sending a card sleeve end real card information list to a real card manager by the card sleeve so as to judge whether to update after the real card manager compares; or
The card sleeve sends the list number of the card sleeve end real card information list to a real card manager so that the real card manager can compare whether the list numbers are the same and judge whether to update; or
After receiving an updating instruction input by a user, the real card manager sends a real card information list of the real card manager end to the card sleeve.
Optionally, after the real card manager opens or closes the right of the card sleeve to connect and use all or part of the real cards in the important card area, because the real card manager end real card information list is updated, the real card manager can send the real card information, which opens the right of the card sleeve to connect and use all or part of the real cards in the important card area, to the card sleeve, so that the card sleeve updates the real card information list of the card sleeve end; or after the real card manager opens or closes the right of the card sleeve for connecting and using all or part of the real cards in the important card area, triggering the updating process of the real card information list at the card sleeve end, wherein the updating mode can refer to the updating modes of the first mode and the second mode, and detailed description is omitted here.
Fourthly, determining the selected real card:
the card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, optionally, before this step, operations of the card sleeve startup and the card sleeve login to the real card manager may also be performed, which are not described herein again, and reference may be specifically made to the above description related to the card sleeve startup and the card sleeve login to the real card manager. In this step, the card sleeve obtains the card sleeve end real card information list, and may further include a step of updating the card sleeve end real card information list by the card sleeve, which is not described herein again, and specifically refer to the above description of updating the card sleeve end real card information list by the card sleeve. The card sleeve is stored in the storage area of the card sleeve after acquiring the real card information list of the real card manager end from the real card manager, and the real card information list of the card sleeve end is used as the real card information list of the card sleeve end.
The card sleeve prompts a card sleeve end real card information list; specifically, the card sleeve displays a card sleeve end real card information list by using a display device of the card sleeve or by using an external display device, or the card sleeve displays the card sleeve end real card information list by using a voice playing device of the card sleeve or by using an external voice playing device (for example, speaker playing or playing through a headphone or the like), so that a user can select a real card to be used during transaction according to the card sleeve end real card information list, the user can select the real card conveniently, and the user experience is enhanced.
The card sleeve receives a real card selection instruction and determines a selected real card; specifically, the real card selection instruction received by the card sleeve may be generated for a physical key separately set on the card sleeve, or may be generated for a virtual key on a touch screen of the card sleeve, or may be generated for a menu item representing a selection function in a menu displayed on a screen of the card sleeve. The card sleeve receives the real card selection instruction and determines the selected real card, and the card sleeve realizes data transmission with the selected real card through the real card manager. In addition, the determination of the selected real card can be realized by the following ways: the card sleeve receives a real card selection instruction and obtains a selected identifier, wherein the selected identifier is used for indicating a selected real card; the card sleeve sends the selected identification to a real card manager; the real card manager determines a selected real card corresponding to the selected identification from real cards connected with the real card manager according to the selected identification; the selected identifier may be part or all of the information in the real card information, for example: reading and writing port identification by a card number and/or a real card manager; after the real card manager receives the selected identifier, the real card manager read-write port identifier corresponding to the selected identifier can be found in the real card manager real card information list, so that the real card manager can determine the read-write port of the real card manager, and data interaction is carried out on the selected real card through the read-write port.
Fifthly, trading:
by utilizing the data interaction architecture, operations such as transactions (such as ATM (automatic teller machine) withdrawal and transfer, POS (point of sale) machine card swiping and the like) can be realized, so that a user can conveniently carry the card sleeve and the simulation card to realize transactions of various real cards, the user can conveniently carry the card sleeve and the simulation card, and asset loss caused by loss of the real cards is avoided.
One specific transaction flow is provided below, but the invention is not limited thereto:
the card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, optionally, before this step, operations of the card sleeve startup and the card sleeve login to the real card manager may also be performed, which are not described herein again, and reference may be specifically made to the above description related to the card sleeve startup and the card sleeve login to the real card manager. In this step, the card sleeve obtains the card sleeve end real card information list, and may further include a step of updating the card sleeve end real card information list by the card sleeve, which is not described herein again, and specifically refer to the above description of updating the card sleeve end real card information list by the card sleeve. The card sleeve is stored in the storage area of the card sleeve after acquiring the real card information list of the real card manager end from the real card manager, and the real card information list of the card sleeve end is used as the real card information list of the card sleeve end.
The card sleeve prompts a card sleeve end real card information list; specifically, the card sleeve displays a card sleeve end real card information list by using a display device of the card sleeve or by using an external display device, or the card sleeve displays the card sleeve end real card information list by using a voice playing device of the card sleeve or by using an external voice playing device (for example, speaker playing or playing through a headphone or the like), so that a user can select a real card to be used during transaction according to the card sleeve end real card information list, the user can select the real card conveniently, and the user experience is enhanced.
The card sleeve receives a real card selection instruction and determines a selected real card; the simulation card receives the data sent by the transaction terminal, and sends the received data to the card sleeve after first processing is carried out on the received data by utilizing the safety transmission key of the simulation card end; specifically, the real card selection instruction received by the card sleeve may be generated for a physical key separately set on the card sleeve, or may be generated for a virtual key on a touch screen of the card sleeve, or may be generated for a menu item representing a selection function in a menu displayed on a screen of the card sleeve. The card sleeve receives the real card selection instruction and determines the selected real card, and the card sleeve realizes data transmission with the selected real card through the real card manager. In addition, during the transaction process, the analog card is connected (contact interface or non-contact interface) with a transaction terminal (such as an ATM machine, a POS machine, etc.), and the analog card receives data sent by the transaction terminal, wherein the data can be transaction data to be processed (such as withdrawal amount, deduction amount, etc.), so that a subsequent user can confirm whether the transaction data to be processed is correct. In addition, before the simulated card receives transaction data to be processed sent by the transaction terminal, the simulated card can also receive a request for acquiring the real card information of the selected real card sent by the transaction terminal, the card sleeve receives the data sent by the simulated card, carries out second processing on the received data by using a first safe transmission key at the card sleeve end, carries out first processing on the second processed data by using a second safe transmission key at the card sleeve end and then sends the processed data to a real card manager, the real card manager receives the data sent by the card sleeve and sends the received data to the selected real card after carrying out second processing on the received data by using a safe transmission key at the real card manager end, the selected real card receives the data sent by the real card manager end and sends the acquired real card information to the real card manager, and the real card manager receives the data sent by the selected real card, and the card sleeve receives the data sent by the real card manager, performs second processing on the received data by using a second secure transmission key at the card sleeve end, performs first processing on the second processed data by using the first secure transmission key at the card sleeve end, and sends the first processed data to the simulation card, and the simulation card receives the data sent by the card sleeve and performs second processing on the received data by using the secure transmission key at the simulation card end, and then sends the second processed data to the transaction terminal.
The card sleeve receives data sent by the simulation card, prompts the data after second processing after the received data is subjected to second processing by using a first safe transmission key at the card sleeve end, receives a confirmation instruction for indicating the correctness of the data after second processing, performs first processing on the data after second processing by using a second safe transmission key at the card sleeve end, and sends the data to a real card manager; specifically, the card sleeve can display the transaction data to be processed, and also can play the transaction data to be processed by voice (such as speaker playing or playing through an earphone or the like) so that a user can confirm whether the transaction data to be processed is correct, and only after the transaction data to be processed is correct, a confirmation instruction which indicates that the transaction data to be processed is correct and is input by the user is received, the transaction data to be processed is sent to the real card manager; if the user confirms that the transaction data to be processed is incorrect, the transaction can be cancelled directly, so that the security of the transaction is improved. The confirmation instruction received by the card sleeve for indicating that the second processed data is correct may be generated by a confirmation physical key separately arranged on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a card sleeve screen, or may be generated after a voice confirmation instruction received by a voice acquisition device (e.g., a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and passes verification by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and passes verification by an iris acquisition device of the card sleeve, or may be generated in any other manner, which is not limited in the present invention.
The real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the processed data to the selected real card; specifically, the real card manager sends the transaction data to be processed to the selected real card, so that the selected real card processes the transaction data to be processed.
The selected real card receives data sent by a real card manager, and sends the data obtained after transaction processing to the real card manager after the transaction processing; specifically, the selected real card performs transaction processing on the transaction data to be processed, and the transaction processing is a scheme of transaction processing of an existing smart card and is not described herein again.
The real card manager receives data sent by the selected real card, performs first processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the card sleeve;
the card sleeve receives data sent by the real card manager, and after second processing is carried out on the received data by using a second safe transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first safe transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using the safety transmission key of the simulation card end and then sent to the transaction terminal. Specifically, after receiving the data processed by the real card transaction, the transaction terminal may complete the transaction according to the existing transaction flow, such as withdrawing money and delivering money, transferring money, swiping a card and deducting money.
Based on above-mentioned transaction flow can realize the function of multiple different kind's true card through a simulation card, and the user only needs to carry simulation card and cutting ferrule when trading, need not to carry true card and can accomplish the transaction, improves transaction convenience and security.
The card sleeve can prompt the information needing to be confirmed in the transaction process, so that the user can confirm the information needing to be confirmed in the transaction process and then execute the transaction, authenticity of the transaction is guaranteed, and safety is improved.
In the data transmission process, the data interaction among the simulation card, the card sleeve and the real card manager is performed by encryption, decryption and/or verification through a secure transmission key, so that the security and integrity of data transmission are ensured.
In addition, because the real card matched with the transaction terminal can be selected for use, unnecessary expense (such as bank cross-bank withdrawal commission and the like) caused by the fact that the user does not carry the real card matched with the transaction terminal in the prior art can be solved.
Certainly, the above specific implementation only discloses a single data interaction from the transaction terminal to the real card, and from the real card to the transaction terminal, in practical application, there may be multiple data interactions, the interaction flow is similar to the above single data interaction, and in the multiple data interactions, whether the interaction data is prompted at the card sleeve or not can be set according to whether the interaction data needs to be confirmed to ensure the authenticity of the interaction data.
Sixthly, updating the application program:
1. updating the card sleeve application program:
in the invention, the card sleeve can also update or install a new application program for the application program which is already installed, so as to expand various applications of the card sleeve or upgrade the existing application of the card sleeve:
the invention provides a specific implementation scheme for updating a card sleeve application program, but the invention is not limited to the following scheme:
fig. 8 shows a flow chart of the card sleeve application update, and referring to fig. 8, the card sleeve application update comprises:
the card sleeve at least sends the card sleeve certificate to the updating platform; specifically, a secure update platform is separately provided to complete the update of the card sleeve application. The card sleeve sends the card sleeve certificate to the updating platform, so that the updating platform can know which card sleeve needs to be updated, and can verify the identity of the card sleeve; the card sleeve can also send the application program identification needing to be updated or other information informing the updating platform of the application program needing to be updated or downloaded to the updating platform, so that the updating platform can know which application program installation package needs to be sent to the card sleeve.
The updating platform generates a first updating encryption key; specifically, the update platform itself generates an update encryption key for encrypting the application program installation package, and the update encryption keys generated each time the application program is updated may be the same or different, and if different, they may be prevented from being decrypted, thereby improving security.
The updating platform encrypts the card sleeve application program installation package by using the first updating encryption key to obtain a first installation package ciphertext; specifically, the updating platform encrypts the card sleeve application program installation package by using the generated updating encryption key, so that the transmission security of the card sleeve application program installation package is ensured.
The updating platform signs the first installation package ciphertext by using the private key of the updating platform to obtain a first installation package signature; specifically, the update platform signs the first installation package ciphertext so that a subsequent card sleeve verifies the identity of the update platform.
The updating platform encrypts a first updating encryption key by using a card sleeve public key in the card sleeve certificate to obtain a first updating encryption key ciphertext; specifically, the updating platform utilizes the card sleeve public key to encrypt and update the encryption key, so that the transmission security of the updated encryption key can be ensured, meanwhile, only the card sleeve can decrypt the updated encryption key, and the transmission security of the application program installation package is improved.
Update the platform and send cutting ferrule update message to the cutting ferrule, wherein, cutting ferrule update message includes: updating the platform certificate, the first installation package ciphertext, the first installation package signature and the first updated encryption key ciphertext; specifically, the update information sent by the update platform carries an update platform certificate so that the card sleeve can authenticate the update platform, the update information carries a first installation package ciphertext to ensure the transmission security of the application program installation package, the update information carries a first installation package signature to ensure that the subsequent card sleeve can authenticate the validity of the identity of the update platform, and the update information carries an update encryption key ciphertext to ensure the transmission security of the update encryption key.
The card sleeve receives card sleeve update information and verifies and updates the platform certificate by using the root certificate; specifically, the card sleeve stores a root certificate in advance, and the root certificate is utilized to complete verification of the updated platform certificate so as to ensure the safety of subsequent use of the updated platform certificate.
After the card sleeve verifies that the updating platform certificate passes, verifying the signature of the first installation package by using the updating platform public key in the updating platform certificate; specifically, the card sleeve verifies the signature sent by the update platform by using the update platform public key in the update platform certificate after the verification is passed, so as to ensure the legal source of the data.
After the card sleeve verifies that the signature of the first installation package is correct, the card sleeve decrypts the first updated encryption key ciphertext by using a card sleeve private key to obtain a first decryption key; specifically, the card sleeve decrypts the decryption key by using the card sleeve private key so as to obtain the card sleeve application program installation package by subsequently decrypting the installation package ciphertext.
The card sleeve decrypts the first installation package ciphertext by using the first decryption key to obtain a card sleeve application program installation package;
the card sleeve verifies whether the data format of the card sleeve application program installation package is correct or not; specifically, the card sleeve also verifies whether the data format of the card sleeve application program installation package is correct, if the data format of the card sleeve application program installation package is incorrect, the installation operation is not executed, and if the data format of the card sleeve application program installation package is correct, the installation is executed.
If the card sleeve verifies that the data format of the card sleeve application program installation package is correct, the card sleeve is installed according to the card sleeve application program installation package. Specifically, if the card sleeve updates the installed application program, the installed application program can be covered, or the installed application program is upgraded, or the installed application program is uninstalled in advance and then a new application program is installed, and if the card sleeve is the new installed application program, the application program can be directly installed.
Based on the card sleeve updating the application program, the card sleeve can update the installed application program and download and install the new application program, thereby expanding the functions of the card sleeve and facilitating the use of users.
2. Updating of the simulation card application program:
in the invention, the simulation card can update the application program already installed by itself or install a new application program, so as to expand various applications of the simulation card or upgrade the existing applications of the simulation card:
the invention provides a specific implementation scheme for updating a simulation card application program, but the invention is not limited to the following scheme:
FIG. 9 shows a flow diagram of a simulated card application update, see FIG. 9, including:
the card sleeve obtains a simulated card certificate from the simulated card and at least sends the simulated card certificate to the updating platform; specifically, the card sleeve may obtain the simulated card certificate from the simulated card by: the card sleeve sends a request for acquiring a simulated card certificate to the simulated card after detecting the simulated card in a contact or non-contact manner, and the simulated card sends the simulated card certificate to the card sleeve after receiving the request sent by the card sleeve; or after the card sleeve detects the simulation card through contact or non-contact, the simulation card actively sends the simulation card certificate to the card sleeve. Alternative alternatives: the method comprises the steps that after a card sleeve detects a simulation card in a contact or non-contact manner, a request for obtaining a simulation card unique identifier is sent to the simulation card, the simulation card receives the request sent by the card sleeve and then sends the simulation card unique identifier to the card sleeve, and after the card sleeve receives the simulation card unique identifier, a simulation card certificate corresponding to the simulation card unique identifier can be obtained from a first binding list of a card sleeve end stored locally according to the simulation card unique identifier; or after the card sleeve detects the simulation card through a contact type or a non-contact type, the simulation card actively sends the simulation card unique identifier to the card sleeve, and after the card sleeve receives the simulation card unique identifier, the simulation card certificate corresponding to the simulation card unique identifier can be obtained from a locally stored card sleeve end first binding list according to the simulation card unique identifier. In addition, a secure update platform is separately provided to accomplish the updating of the simulated card application. The card sleeve sends the simulated card certificate to the updating platform so that the updating platform can know which simulated card needs to be updated and can verify the identity of the simulated card; the card sleeve can also send the application program identification needing to be updated or other information informing the updating platform of the application program needing to be updated or downloaded to the updating platform, so that the updating platform can know which application program installation package needs to be sent to the simulation card.
The updating platform generates a second updating encryption key; specifically, the update platform itself generates an update encryption key for encrypting the application program installation package, and the update encryption keys generated each time the application program is updated may be the same or different, and if different, they may be prevented from being decrypted, thereby improving security.
The updating platform encrypts the simulation card application program installation package by using a second updating encryption key to obtain a second installation package ciphertext; specifically, the updating platform encrypts the simulation card application program installation package by using the generated updating encryption key, so that the transmission security of the simulation card application program installation package is ensured.
The updating platform signs the second installation package ciphertext by using the private key of the updating platform to obtain a second installation package signature; specifically, the update platform signs the second installation package ciphertext, so that the identity of the update platform is verified by a subsequent simulation card.
The updating platform encrypts a second updated encryption key by using the simulated card public key in the simulated card certificate to obtain a second updated encryption key ciphertext; specifically, the updating platform utilizes the simulated card public key to encrypt and update the encryption key, so that the transmission security of the updated encryption key can be ensured, meanwhile, only the simulated card can decrypt the updated encryption key, and the transmission security of the application program installation package is improved.
Update the platform and update information transmission to the cutting ferrule with the simulation card, wherein, simulation card update information includes: updating the platform certificate, the second installation package ciphertext, the second installation package signature and the second update encryption key ciphertext; specifically, the update information sent by the update platform carries an update platform certificate so that the update platform can be authenticated by the simulation card, the update information carries a second installation package ciphertext to ensure the transmission security of the application installation package, the update information carries a second installation package signature to ensure that the subsequent simulation card can authenticate the validity of the identity of the update platform, and the update information carries an update encryption key ciphertext to ensure the transmission security of the update encryption key.
The card sleeve receives the updating information of the simulation card, and the updating information of the simulation card is subjected to first processing by utilizing a first safe transmission key at the card sleeve end and then is sent to the simulation card; specifically, the card sleeve processes and transmits the update information of the analog card by using a secure transmission key generated when the secure connection is established between the card sleeve and the analog card, so that the security of data transmission can be improved.
The simulation card receives the data sent by the card sleeve, and after second processing is carried out on the received data by using the safety transmission key of the simulation card end, the update information of the simulation card is obtained;
The simulation card verifies and updates the platform certificate by using the root certificate; specifically, the simulation card stores a root certificate in advance, and the root certificate is used for verifying the update platform certificate so as to ensure the safety of the subsequent use of the update platform certificate.
After the simulated card passes the verification of the updating platform certificate, verifying the signature of the second installation package by using the public key of the updating platform in the updating platform certificate; specifically, the simulation card verifies the signature sent by the update platform by using the update platform public key in the update platform certificate after verification is passed, so as to ensure the legal source of the data.
After the simulation card verifies that the signature of the second installation package is correct, the simulation card private key is used for decrypting the second updated encryption key ciphertext to obtain a second decryption key; specifically, the simulation card decrypts the decryption key by using the simulation card private key, so that the subsequent decryption installation package ciphertext can obtain the simulation card application program installation package.
The simulation card decrypts the second installation package ciphertext by using the second decryption key to obtain a simulation card application program installation package;
the simulation card verifies whether the data format of the simulation card application program installation package is correct or not; specifically, the simulation card also verifies whether the data format of the simulation card application program installation package is correct, if the data format of the simulation card application program installation package is incorrect, the installation operation is not executed, and if the data format of the simulation card application program installation package is correct, the installation is executed.
And if the data format of the simulation card application program installation package is verified to be correct by the simulation card, the simulation card is installed according to the simulation card application program installation package. Specifically, if the simulation card is used for updating the installed application program, the installed application program can be covered, or the installed application program can be upgraded, or the installed application program can be uninstalled in advance and then a new application program can be installed, and if the simulation card is used for installing the application program newly, the application program can be installed directly.
The application program can be updated based on the simulation card provided by the invention, the installed application program can be updated, a new application program can be downloaded and installed, the function of the simulation card is expanded, and the user can use the simulation card conveniently.
3. Real card manager application update:
in the invention, the real card manager can also update the application program already installed by itself or install a new application program, so as to expand various applications of the real card manager or upgrade the existing applications of the real card manager:
the invention provides a specific implementation scheme for updating an application program of a real card manager, but the invention is not limited to the following scheme:
Fig. 10 shows a flow chart of a real card manager application update, see fig. 10, comprising:
the real card manager at least sends the real card manager certificate to the updating platform; specifically, a secure update platform is separately provided to accomplish the update of the real card manager application. The real card manager sends the real card manager certificate to the updating platform, so that the updating platform can know which real card manager needs to be updated, and meanwhile, the identity of the real card manager can be verified; the real card manager can also send the application program identification needing to be updated or other information informing the updating platform of the application program needing to be updated or downloaded to the updating platform, so that the updating platform can know which application program installation package needs to be sent to the real card manager.
The updating platform generates a third updating encryption key; specifically, the update platform itself generates an update encryption key for encrypting the application program installation package, and the update encryption keys generated each time the application program is updated may be the same or different, and if different, they may be prevented from being decrypted, thereby improving security.
The updating platform encrypts the real card manager application program installation package by using a third updated encryption key to obtain a third installation package ciphertext; specifically, the update platform encrypts the real card manager application installation package by using the generated update encryption key, thereby ensuring the transmission security of the real card manager application installation package.
The updating platform signs the third installation package ciphertext by using the private key of the updating platform to obtain a third installation package signature; specifically, the update platform signs the third installation package ciphertext, so that a subsequent real card manager can verify the identity of the update platform.
The updating platform encrypts a third updated encryption key by using the real card manager public key in the real card manager certificate to obtain a third updated encryption key ciphertext; specifically, the updating platform utilizes the public key of the real card manager to encrypt and update the encryption key, so that the transmission security of the updated encryption key can be ensured, meanwhile, only the real card manager can decrypt the updated encryption key, and the transmission security of the application program installation package is improved.
The updating platform sends the updating information of the real card manager to the real card manager, wherein the updating information of the real card manager comprises the following steps: updating the platform certificate, the third installation package ciphertext, the third installation package signature and the third updated encryption key ciphertext; specifically, the update information sent by the update platform carries an update platform certificate so that the real card manager can authenticate the update platform, the update information carries a third installation package ciphertext to ensure the transmission security of the application installation package, the update information carries a third installation package signature to ensure that the subsequent real card manager can authenticate the validity of the identity of the update platform, and the update information carries an update encryption key ciphertext to ensure the transmission security of the update encryption key.
The real card manager receives the update information of the real card manager, and verifies and updates the platform certificate by using the root certificate; specifically, the real card manager stores a root certificate in advance, and completes verification of the update platform certificate by using the root certificate, so as to ensure the security of subsequent use of the update platform certificate.
After the real card manager verifies that the update platform certificate passes, verifying the signature of the third installation package by using the update platform public key in the update platform certificate; specifically, the real card manager verifies the signature sent by the update platform by using the update platform public key in the update platform certificate after verification is passed, so as to ensure the legal source of the data.
After the third installation package is verified to be correct in signature by the real card manager, decrypting a third updated encryption key ciphertext by using a private key of the real card manager to obtain a third decryption key; specifically, the real card manager decrypts the decryption key by using the real card manager private key, so that the subsequent decryption installation package ciphertext can obtain the real card manager application program installation package.
The real card manager decrypts the third installation package ciphertext by using the third decryption key to obtain a real card manager application program installation package;
The real card manager verifies whether the data format of the real card manager application program installation package is correct or not; specifically, the real card manager also verifies whether the data format of the real card manager application program installation package is correct, if the data format of the real card manager application program installation package is incorrect, the installation operation is not executed, and if the data format of the real card manager application program installation package is correct, the installation is executed.
And if the real card manager verifies that the data format of the real card manager application program installation package is correct, the real card manager installs according to the real card manager application program installation package. Specifically, if the real card manager updates the installed application program, the installed application program may be overwritten, or the installed application program may be upgraded, or the installed application program may be uninstalled in advance and then a new application program may be installed, and if the real card manager newly installs the application program, the application program may be directly installed.
Based on the update of the real card manager to the application program, the installed application program can be updated, and a new application program can be downloaded and installed, so that the functions of the real card manager are expanded, and the use by a user is facilitated.
Seventhly, application scenarios applicable to the data interaction architecture are as follows:
1. and (3) recharging the account:
in an application scenario provided in this embodiment, a user may recharge an account of a third party, for example, a prepaid account, based on the data interaction architecture.
The following is a specific description of the implementation of the present application scenario, but the present invention is not limited thereto:
the card sleeve logs in an account platform through a network; specifically, the card sleeve logs in an account platform through a wireless network, so that the card sleeve and a real card manager in the data interaction architecture of the invention complete the recharging of the account. The account platform may be a virtual third-party account platform, for example: e-commerce website account platforms (such as payment treasures and the like), electric charge payment platforms, and network financial platforms (such as funds and the like).
The card sleeve sends a recharging request to the account platform, wherein the recharging request comprises: recharge information; specifically, the card sleeve sends the recharging request to the account platform, so that the account platform feeds back the recharging packet according to the recharging request. Wherein, the recharging information comprises: the recharging amount and the like, and optionally, an account to be recharged can be included, so that the account platform knows which account is recharged.
The card sleeve receives a recharging packet, wherein the recharging packet is generated by the payment platform after receiving a recharging request; specifically, the card cover sends the recharging request to the payment platform at the same time of sending the recharging request to the account platform or after sending the recharging request to the account platform, or after receiving the recharging request, the account platform sends the recharging request to the payment platform, so that the payment platform can pay. After receiving the recharging request, the payment platform also generates a recharging packet, wherein the recharging packet comprises: the payment platform sends the recharging packet to the card sleeve, or the payment platform sends the recharging packet to the account platform, and then the account platform sends the recharging packet to the card sleeve, so that a user can confirm whether the recharging packet is correct on the card sleeve. The payment platform is a transaction platform corresponding to the real card, such as internet bank.
The card sleeve prompts the recharging packet and receives a confirmation instruction for confirming that the recharging packet is correct; specifically, after receiving the recharging packet, the card case further displays or plays the recharging packet in a voice manner, so that a user can confirm information in the recharging packet, if the user confirms that the recharging packet is correct, confirmation operation (such as pressing a confirmation key, selecting a confirmation option in a menu and the like) is performed on the card case to generate a confirmation instruction for confirming that the recharging packet is correct, and the card case receives the confirmation instruction so that the card case continues to perform subsequent operations; of course, if the user confirms that the refill bag has a problem, a cancellation operation can be performed on the case so as to cancel the refill. The confirmation instruction received by the card sleeve for confirming that the recharging packet is correct may be generated by a confirmation physical key separately arranged on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a screen of the card sleeve, or may be generated after a voice confirmation instruction received by a voice acquisition device (such as a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and passes verification by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and passes verification by an iris acquisition device of the card sleeve, or may be generated in any other manner, which is not limited in the present invention. Of course, at the same time of this step or before this step, the card sleeve needs to log in the real card manager and select the real card for recharging the account, and the operation of logging in the real card manager and the operation of selecting the real card by the card sleeve can refer to the above related description, and will not be described in detail herein.
The card sleeve sends the recharging packet to a real card manager after first processing is carried out on the recharging packet by utilizing a second safe transmission key at the card sleeve end, wherein the second safe transmission key at the card sleeve end is generated when the card sleeve is in safe connection with the real card manager, the real card manager is connected with at least one real card and stores a real card information list at the real card manager end, and the real card information list at the real card manager end comprises real card information of the real card connected with the real card manager; specifically, the card sleeve receives the recharging packet, and after the recharging packet confirms that the recharging packet is correct, the recharging packet is subjected to first processing and then sent to the real card manager, so that the transmission safety of the recharging packet is improved, and the real card manager can send the real recharging packet to the real card for processing. In addition, the real card manager-side real card information list includes real card information of a real card connected to the real card manager, and the real card information may include: card number, card authentication information, and the like, the card authentication information being information for authenticating whether a real card is issued by a regular channel (e.g., a bank, a public transport company, and the like); the real card may be a bank card issued by a bank or a function card (e.g., a bus card, a meal card, a shopping card, a membership card, a loyalty card, etc.). In addition, the generation manner of the card sleeve end second secure transmission key may refer to the above description of the generation of the card sleeve end second secure transmission key, and is not described in detail here. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so that a user may make different settings according to security requirements for the real cards, for example, the real card manager may be configured to set real card information that does not allow some real cards to be acquired, thereby ensuring security of the real cards.
The real card manager receives data sent by the card sleeve, and sends the received data to a selected real card after second processing is carried out on the received data by utilizing a real card manager end safety transmission key, wherein the real card manager end safety transmission key is generated when the card sleeve is safely connected with the real card manager, and the selected real card is as follows: the card sleeve prompts a card sleeve end real card information list and receives a real card determined after a real card selection instruction, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, after the real card manager receives the data sent by the card sleeve, the received data is subjected to second processing, the real and complete data is sent to the real card, and authenticity and integrity of the data processed by the real card are guaranteed, so that recharging safety is guaranteed. The generation method of the secure transmission key at the real card manager end can refer to the description of the generation method of the secure transmission key at the real card manager end, and is not described in detail here. The selection of the selected real card can refer to the above-mentioned related description of the selection of the real card, and is not described in detail here.
The selected real card receives the data sent by the real card manager, and carries out transaction processing on the received data to obtain a recharge processing packet; specifically, after the selected real card receives the real and complete data sent by the real card manager, transaction processing is performed on the received data so as to confirm that the transaction can be completed, and the process of performing transaction processing on the selected real card can refer to the existing smart card for performing the transaction processing flow, which is not described in detail herein.
The selected real card sends the recharging processing packet to a real card manager;
the real card manager performs first processing on the recharge processing packet by using a real card manager end security transmission key and then sends the recharge processing packet to the card sleeve;
the card sleeve receives data sent by the real card manager, and second processing is carried out on the received data by using a second safe transmission key at the card sleeve end and then the data are sent to the payment platform; specifically, the card sleeve receives the data processed by the selected real card and sends the data to the payment platform, so that the payment platform can pay.
And the account platform receives payment success information sent by the payment platform and executes recharging operation, wherein the payment success information is generated after the payment platform receives the second processed data sent by the card sleeve and executes transaction processing operation. Specifically, after the payment platform completes the payment, the payment success information is generated and sent to the account platform, so that the account platform knows that the payment is completed, and the recharging operation is completed. Certainly, the payment success information may also include verification information, so that the account platform verifies the payment success information, and only after the verification is passed, recharging is completed, thereby improving security.
Based on the mode, the data interaction architecture can complete recharging of the account platform, the application of the data interaction architecture is expanded, and the data interaction architecture is convenient for users to use.
2. And (3) recharging the real card:
in an application scenario provided by this embodiment, a user can recharge a real card, for example, a bus card, based on the data interaction architecture.
The following briefly describes an implementation of the present application scenario, but the present invention is not limited thereto:
the card sleeve determines a selected real card from real cards connected with the real card manager;
the recharging platform acquires the card information of the selected real card through the simulated card, the card sleeve and the real card manager, wherein the card information comprises: the card number and the card authentication information of the selected real card;
after the recharging platform determines that the payment is successful, a recharging packet is generated and sent to the selected real card through the simulation card, the card sleeve and the real card manager, wherein the recharging packet is prompted and confirmed through the card sleeve;
and the selected real card receives the data sent by the real card manager and executes the recharging operation.
Based on the above brief description, a specific implementation is provided below, but the invention is not limited thereto:
The card sleeve logs in a real card manager, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager; specifically, the ferrule registration step may refer to the related description of the ferrule registration, which is not described in detail herein. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so as to form a real card information list at the real card manager, so that a user may make different settings according to security requirements of the real cards, for example, the real card manager may be configured to set real card information that does not allow to obtain some real cards, thereby ensuring security of the real cards.
The card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, how the card sleeve obtains the real card information list may refer to the above-mentioned description of how the card sleeve obtains the real card information list, and is not described in detail here.
The card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a real card selection instruction and determines a selected real card; specifically, the card sleeve determines that the selected real card is a card to be charged, such as a bus card, and at this time, the simulated card in the data interaction architecture can be used as the card to be charged (such as a bus card).
The simulation card receives a card information acquisition request sent by the recharging platform, wherein the card information acquisition request at least comprises the card number and the card authentication information of the selected real card; specifically, the user connects the analog card with a recharging platform in a contact or non-contact manner, where the recharging platform may include a front-end recharging machine and a background recharging processing platform, for example: the simulated card receives a card information acquisition request sent by the recharging platform so as to acquire the real card information of the selected real card.
The method comprises the steps that a card information acquisition request is subjected to first processing by a simulation card through a simulation card end safety transmission key and then sent to a card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with a simulation card; specifically, after receiving the card information acquisition request, the simulation card performs first processing on the card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain a card information acquisition request. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the data to the selected real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected real card, so that the selected real card can obtain a card information obtaining request, and then card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected real card sends the card information of the selected real card to a real card manager;
the real card manager performs first processing on the received card information of the selected real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
the simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using a safety transmission key of the simulation card end and then sent to the recharging platform; specifically, the simulated card sends the acquired card information to the recharging platform, so that the recharging platform can know which real card is recharged.
After the recharging platform determines that the payment is successful, generating a recharging packet and sending the recharging packet to the simulation card; specifically, the top-up platform may determine that the payment was successful by: receiving cash, receiving check, completing POS card swiping, transferring and other arbitrary modes. And after the recharging platform determines that the payment is successful, a recharging packet is generated so that the selected real card can be recharged according to the recharging packet. Wherein the recharge package at least comprises: and (5) recharging the money amount.
The simulation card receives the recharging packet sent by the recharging platform, performs first processing on the recharging packet by using the safety transmission key of the simulation card end and then sends the recharging packet to the card sleeve;
the card sleeve receives data sent by the simulation card, and after second processing is carried out on the received data by using a first safe transmission key at the card sleeve end, the data after the second processing is prompted;
the card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the second secure transmission key at the card sleeve end is used for carrying out first processing on the second processed data and then sending the second processed data to the real card manager;
the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the selected real card;
and the selected real card receives the second processed data sent by the real card manager and executes the recharging operation. Specifically, after the selected real card obtains the recharging packet, the recharging operation is executed according to the recharging packet, and therefore recharging is completed.
Based on the above brief description, the present invention also provides a specific implementation manner of recharging by swiping a card, but the present invention is not limited to this:
the card sleeve logs in a real card manager, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager; specifically, the ferrule registration step may refer to the related description of the ferrule registration, which is not described in detail herein. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so as to form a real card information list at the real card manager, so that a user may make different settings according to security requirements of the real cards, for example, the real card manager may be configured to set real card information that does not allow to obtain some real cards, thereby ensuring security of the real cards.
The card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, how the card sleeve obtains the real card information list may refer to the above-mentioned description of how the card sleeve obtains the real card information list, and is not described in detail here.
The card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a first real card selection instruction and determines a selected first real card; specifically, the card sleeve determines that the selected first real card is a deduction card, such as a bank card, and at this time, the simulated card in the data interaction architecture may be used as the deduction card (e.g., a bank card).
The method comprises the steps that a simulation card receives a first card information acquisition request sent by a payment platform, wherein the first card information acquisition request at least comprises a card number of a selected first real card and card authentication information; specifically, a user connects a simulation card with a payment platform in a contact or non-contact manner, the payment platform includes a deduction terminal (for example, a POS machine) and a payment processing platform (for example, a bank background), the simulation card is connected with the deduction terminal so as to carry out deduction, and the simulation card receives a first card information acquisition request sent by the payment platform so as to acquire real card information of a selected first real card.
The simulation card utilizes the simulation card end safety transmission key to carry out first processing on the first card information acquisition request and then sends the first card information acquisition request to the card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with the simulation card; specifically, after receiving the first card information acquisition request, the simulation card performs first processing on the first card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the first card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain the first card information acquisition request conveniently. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the data to the selected first real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected first real card, so that the selected first real card can obtain a first card information obtaining request, and card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected first real card sends the card information of the selected first real card to a real card manager;
the real card manager performs first processing on the received card information of the selected first real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using the safety transmission key of the simulation card end and then sent to the payment platform; specifically, the simulated card sends the acquired card information of the first real card to the payment platform, so that the payment platform can know which real card is used for deduction.
The simulation card receives a deduction request sent by the payment platform, and sends the deduction request to the card sleeve after first processing is carried out on the deduction request by utilizing a safety transmission key of the simulation card end; in particular, the deduction request may comprise at least a deduction amount.
The card sleeve receives data sent by the simulation card, second processing is carried out on the received data by utilizing a first safe transmission key at the card sleeve end, and the data after the second processing is prompted; specifically, the card sleeve can display or play the deduction request in voice so that the user can confirm the information in the deduction request.
The card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the card sleeve performs first processing on the second processed data by using a second secure transmission key at the card sleeve end and then sends the second processed data to the real card manager; specifically, if the user confirms that the payment request is correct, a confirmation instruction for confirming that the payment request is correct is generated by performing a confirmation operation (for example, pressing a confirmation key, selecting a confirmation option in a menu, and the like) on the card sleeve, and the card sleeve receives the confirmation instruction so that the card sleeve continues to perform subsequent operations; of course, if the user confirms that the debit request is problematic, a cancellation operation may be performed on the card case to cancel the transaction. The confirmation instruction received by the card sleeve for indicating that the second processed data is correct may be generated by a confirmation physical key separately arranged on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a card sleeve screen, or may be generated after a voice confirmation instruction received by a voice acquisition device (e.g., a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and passes verification by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and passes verification by an iris acquisition device of the card sleeve, or may be generated in any other manner, which is not limited in the present invention.
The real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the selected first real card;
the selected first real card receives data sent by the real card manager, and sends the data obtained after transaction processing to the real card manager after transaction processing is carried out on the received data; specifically, after the selected first real card receives the real and complete data sent by the real card manager, transaction processing is performed on the received data so as to confirm that the transaction can be completed, and the process of performing transaction processing on the selected first real card can refer to the existing smart card for performing the transaction processing flow, which is not described in detail herein.
The real card manager receives data sent by a selected first real card, performs first processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the card sleeve;
the card sleeve receives data sent by the real card manager, and after second processing is carried out on the received data by using a second safe transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first safe transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and sends the received data to the payment platform for deduction operation after second processing is carried out on the received data by using the safety transmission key of the simulation card end; specifically, the payment platform receives data sent by the simulated card after transaction processing of the selected first real card, executes money deduction operation after verification is passed, and of course, after the payment platform executes the money deduction operation, payment success information can be generated so as to inform a user of successful payment.
The card sleeve prompts a card sleeve end real card information list; specifically, after the recharging platform determines that the payment is successful, the user can select a card to be recharged (such as a bank card) so as to recharge the card to be recharged.
The card sleeve receives a second real card selection instruction and determines a selected second real card; specifically, the card sleeve determines that the selected second real card is a card to be charged, such as a bus card, and at this time, the simulated card in the data interaction architecture can be used as the card to be charged (such as a bus card).
The simulated card receives a second card information acquisition request sent by the recharging platform, wherein the second card information acquisition request at least comprises the card number and the card authentication information of the selected second real card; specifically, the user connects the analog card with a recharging platform in a contact or non-contact manner, where the recharging platform may include a front-end recharging machine and a background recharging processing platform, for example: and the simulated card receives a second card information acquisition request sent by the recharging platform so as to acquire the real card information of the selected second real card.
The simulation card performs first processing on a second card information acquisition request by using a simulation card end safety transmission key and then sends the second card information acquisition request to the card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with the simulation card; specifically, after receiving the second card information acquisition request, the simulation card performs first processing on the card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain a card information acquisition request. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the processed data to a selected second real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected real card, so that the selected second real card can obtain a card information obtaining request, and then the card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected second real card sends the card information of the selected real card to a real card manager;
the real card manager performs first processing on the received card information of the selected second real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using a safety transmission key of the simulation card end and then sent to the recharging platform; specifically, the simulated card sends the acquired card information of the second real card to the recharging platform, so that the recharging platform is ensured to know which real card is recharged.
The simulated card receives a recharging packet generated by the recharging platform; specifically, the recharging platform generates a recharging packet after determining that the payment is successful and obtaining the card information of the selected second real card, so that the selected second real card can be recharged according to the recharging packet. Wherein the recharge package at least comprises: and (5) recharging the money amount.
The simulation card utilizes the safety transmission key of the simulation card end to carry out first processing on the recharge packet and then sends the recharge packet to the card sleeve;
the card sleeve receives data sent by the simulation card, and after second processing is carried out on the received data by using a first safe transmission key at the card sleeve end, the data after the second processing is prompted;
the card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the second secure transmission key at the card sleeve end is used for carrying out first processing on the second processed data and then sending the second processed data to the real card manager;
The real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and then sends the processed data to a selected second real card;
and the selected second real card receives the second processed data sent by the real card manager and executes the recharging operation. Specifically, after the selected second real card obtains the recharge packet, the recharge operation is executed according to the recharge packet, and recharging is completed.
Based on the mode, the data interaction architecture can complete recharging of the real card, the application of the data interaction architecture is expanded, and the data interaction architecture is convenient for users to use.
3. The second real card is the first real card with value:
in an application scenario provided by this embodiment, a user can recharge a real card based on the data interaction architecture, for example, a public transportation card is recharged by swiping a bank card or an electric card is recharged by swiping a bank card. In the application scenario, the second real card is different from the first real card in type, the second real card is a real card capable of being deducted, and the first real card is a real card to be recharged.
The following briefly describes an implementation of the present application scenario, but the present invention is not limited thereto:
the card sleeve determines a selected first real card from real cards connected with the real card manager;
the recharging platform acquires the card information of the selected first real card through the simulated card, the card sleeve and the real card manager, wherein the card information comprises: the card number and the card authentication information of the selected first real card;
the card sleeve determines a selected second real card from the real cards connected with the real card manager;
the payment platform carries out deduction processing with the selected second real card through the card sleeve and the real card manager;
the card sleeve determines a selected first real card from real cards connected with the real card manager;
the recharging platform generates a recharging packet and sends the recharging packet to the selected real card through the simulation card, the card sleeve and the real card manager, wherein the recharging packet is prompted and confirmed through the card sleeve;
and the selected real card receives the data sent by the real card manager and executes the recharging operation.
Based on the above brief description, a specific implementation is provided below, but the invention is not limited thereto:
The card sleeve logs in a real card manager, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager; specifically, the ferrule registration step may refer to the related description of the ferrule registration, which is not described in detail herein. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so as to form a real card information list at the real card manager, so that a user may make different settings according to security requirements of the real cards, for example, the real card manager may be configured to set real card information that does not allow to obtain some real cards, thereby ensuring security of the real cards.
The card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, how the card sleeve obtains the real card information list may refer to the above-mentioned description of how the card sleeve obtains the real card information list, and is not described in detail here.
The card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a first real card selection instruction and determines a selected first real card; specifically, the card sleeve determines that the selected first real card is a card to be charged, such as a bus card, and at this time, the simulated card in the data interaction architecture can be used as the card to be charged (such as a bus card).
The method comprises the steps that a simulated card receives a first card information acquisition request sent by a recharging platform, wherein the first card information acquisition request at least comprises a card number of a selected first real card and card authentication information; specifically, the user connects the analog card with a recharging platform in a contact or non-contact manner, where the recharging platform may include a front-end recharging machine and a background recharging processing platform, for example: the bus card recharging platform or the electric card recharging platform connects the simulation card with the front-end recharging machine, and the simulation card receives a first card information acquisition request sent by the recharging platform so as to acquire real card information of a selected first real card.
The simulation card utilizes the simulation card end safety transmission key to carry out first processing on the first card information acquisition request and then sends the first card information acquisition request to the card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with the simulation card; specifically, after receiving the first card information acquisition request, the simulation card performs first processing on the first card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the first card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain the first card information acquisition request conveniently. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the data to the selected first real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected first real card, so that the selected first real card can obtain a first card information obtaining request, and card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected first real card sends the card information of the selected first real card to a real card manager;
the real card manager performs first processing on the received card information of the selected first real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
the simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using a safety transmission key of the simulation card end and then sent to the recharging platform; specifically, the simulated card sends the acquired card information of the first real card to the recharging platform, so that the recharging platform is ensured to know which real card is recharged.
The card sleeve receives the recharging identification sent by the recharging platform and displays a card sleeve end real card information list; specifically, the card sleeve receives the recharging identification sent by the recharging platform to indicate which card to recharge, and prompts the user to select a second real card (deduction card) for recharging the first real card (card to be recharged). The recharging identifier can contain one or the combination of a first real card number to be recharged, an order number, a recharging amount and the like.
The card sleeve receives a second real card selection instruction and determines a selected second real card; specifically, the card sleeve determines that the selected second real card is a deduction card, such as a bank card.
The simulation card receives a second card information acquisition request sent by the payment platform, wherein the second card information acquisition request at least comprises the card number of the selected second real card and card authentication information; specifically, the user connects the simulated card with a payment platform in a contact or non-contact manner, the payment platform includes a deduction terminal (for example, a POS machine) and a payment processing platform (for example, a bank background), the simulated card is connected with the deduction terminal so as to carry out deduction, and the simulated card receives a second card information acquisition request sent by the payment platform so as to acquire real card information of a selected second real card.
The simulation card performs first processing on a second card information acquisition request by using a simulation card end safety transmission key and then sends the second card information acquisition request to the card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with the simulation card; specifically, after receiving the second card information acquisition request, the simulation card performs first processing on the second card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the second card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain a second card information acquisition request. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the processed data to a selected second real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected second real card, so that the selected second real card can obtain a second card information obtaining request, and the card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected second real card sends the card information of the selected second real card to the real card manager;
the real card manager performs first processing on the received card information of the selected second real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
the simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using the safety transmission key of the simulation card end and then sent to the payment platform; specifically, the simulated card sends the acquired card information of the second real card to the payment platform, so that the payment platform can know which real card is used for deduction.
The simulation card receives a deduction request sent by the payment platform, and sends the deduction request to the card sleeve after first processing is carried out on the deduction request by utilizing a safety transmission key of the simulation card end; specifically, the debit request may include at least a debit amount and a first real card number.
The card sleeve receives data sent by the simulation card, second processing is carried out on the received data by utilizing a first safe transmission key at the card sleeve end, and the data after the second processing is prompted; specifically, the card sleeve can display or play the deduction request in voice so that the user can confirm the information in the deduction request.
The card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the card sleeve performs first processing on the second processed data by using a second secure transmission key at the card sleeve end and then sends the second processed data to the real card manager; specifically, if the user confirms that the payment request is correct, a confirmation instruction for confirming that the payment request is correct is generated by performing a confirmation operation (for example, pressing a confirmation key, selecting a confirmation option in a menu, and the like) on the card sleeve, and the card sleeve receives the confirmation instruction so that the card sleeve continues to perform subsequent operations; of course, if the user confirms that the debit request is problematic, a cancellation operation may be performed on the card case to cancel the transaction. The confirmation instruction received by the card sleeve for indicating that the second processed data is correct may be generated by a confirmation physical key separately arranged on the card sleeve, or may be generated by a confirmation virtual key on a touch screen of the card sleeve, or may be generated by selecting a confirmation function in a menu displayed on a card sleeve screen, or may be generated after a voice confirmation instruction received by a voice acquisition device (e.g., a microphone) of the card sleeve passes verification, or may be generated after a fingerprint confirmation instruction is received and passes verification by a fingerprint acquisition device of the card sleeve, or may be generated after an iris confirmation instruction is received and passes verification by an iris acquisition device of the card sleeve, or may be generated in any other manner, which is not limited in the present invention.
The real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and then sends the processed data to a selected second real card;
the selected second real card receives the data sent by the real card manager, and sends the data obtained after transaction processing to the real card manager after transaction processing is carried out on the received data; specifically, after receiving the real and complete data sent by the real card manager, the selected second real card performs transaction processing on the received data so as to confirm that the transaction can be completed, and the process of performing transaction processing on the selected second real card can refer to the existing smart card to perform a transaction processing flow, which is not described in detail herein.
The real card manager receives data sent by the selected second real card, performs first processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the card sleeve;
the card sleeve receives data sent by the real card manager, and after second processing is carried out on the received data by using a second safe transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first safe transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and sends the received data to the payment platform after second processing is carried out on the received data by using the safety transmission key of the simulation card end;
the simulation card performs first processing on payment success information by using a simulation card end safety transmission key and then sends the payment success information to the card sleeve, wherein the payment success information is generated after the payment platform successfully executes payment; specifically, the payment platform executes a deduction operation after receiving the data after the transaction processing of the selected second real card, and generates payment success information after executing the deduction operation, wherein the payment success information may include the selected first real card number or other information indicating which card to recharge, as long as the recharging platform subsequently knows that the deduction for which card to recharge is successfully executed.
The card sleeve receives data sent by the simulation card, and second processing is carried out on the received data by utilizing a first safe transmission key at the card sleeve end to prompt a real card information list at the card sleeve end;
the card sleeve receives a first real card selection instruction and determines a selected first real card; specifically, the user selects the first real card again so as to complete the recharging operation of the first real card.
The simulation card receives a recharging packet sent by the recharging platform, wherein the recharging packet is generated after the recharging platform receives the successful payment information; specifically, the payment platform can also directly send the successful payment information to the recharging platform, or the card sleeve sends the successful payment information to the recharging platform, so that the recharging platform knows the successful payment and generates a recharging packet, and the recharging packet is sent to the selected first real card to complete recharging.
The simulation card utilizes the safety transmission key of the simulation card end to carry out first processing on the recharge packet and then sends the recharge packet to the card sleeve;
the card sleeve receives data sent by the simulation card, and after second processing is carried out on the received data by using a first safe transmission key at the card sleeve end, the data after the second processing is prompted;
the card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the second secure transmission key at the card sleeve end is used for carrying out first processing on the second processed data and then sending the second processed data to the real card manager;
the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the selected first real card;
And the first real card receives the data sent by the real card manager and executes the recharging operation. Specifically, after the selected first real card obtains the recharge packet, the recharge operation is executed according to the recharge packet, and recharging is completed.
Based on the mode, the data interaction architecture can finish recharging the first real card by utilizing the second real card, expands the application of the data interaction architecture and is convenient for users to use.
4. The account charges the real card:
in an application scenario provided by this embodiment, a user can charge a real card based on the data interaction architecture, for example, a bus card is charged by a bank or an internet bank.
The following briefly describes an implementation of the present application scenario, but the present invention is not limited thereto:
the card sleeve determines a selected real card from real cards connected with the real card manager;
the recharging platform acquires the card information of the selected real card through the simulated card, the card sleeve and the real card manager, wherein the card information comprises: the card number and the card authentication information of the selected real card;
the card sleeve logs in a payment platform, and the payment platform acquires the recharging identification and then carries out deduction processing;
After receiving the payment success information generated by the payment platform, the recharging platform generates a recharging packet and sends the recharging packet to the selected real card through the simulation card, the card sleeve and the real card manager, wherein the recharging packet is prompted and confirmed through the card sleeve;
and the selected real card receives the data sent by the real card manager and executes the recharging operation.
Based on the above brief description, a specific implementation is provided below, but the invention is not limited thereto:
the card sleeve logs in a real card manager, wherein the real card manager is connected with at least one real card and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager; specifically, the ferrule registration step may refer to the related description of the ferrule registration, which is not described in detail herein. Optionally, the real card manager may be configured to store real card information of all or part of real cards in the real cards connected to the real card manager, so as to form a real card information list at the real card manager, so that a user may make different settings according to security requirements of the real cards, for example, the real card manager may be configured to set real card information that does not allow to obtain some real cards, thereby ensuring security of the real cards.
The card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from a real card manager; specifically, how the card sleeve obtains the real card information list may refer to the above-mentioned description of how the card sleeve obtains the real card information list, and is not described in detail here.
The card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a real card selection instruction and determines a selected real card; specifically, the card sleeve determines that the selected real card is a card to be charged, such as a bus card, and at this time, the simulated card in the data interaction architecture can be used as the card to be charged (such as a bus card).
The simulation card receives a card information acquisition request sent by the recharging platform, wherein the card information acquisition request at least comprises the card number and the card authentication information of the selected real card; specifically, the user connects the analog card with a recharging platform in a contact or non-contact manner, where the recharging platform may include a front-end recharging machine and a background recharging processing platform, for example: the simulated card receives a card information acquisition request sent by the recharging platform so as to acquire the real card information of the selected real card.
The method comprises the steps that a card information acquisition request is subjected to first processing by a simulation card through a simulation card end safety transmission key and then sent to a card sleeve, wherein the simulation card end safety transmission key is generated when the card sleeve is in safety connection with a simulation card; specifically, after receiving the card information acquisition request, the simulation card performs first processing on the card information acquisition request by using the secure transmission key between the simulation card and the card sleeve and then sends the card information acquisition request to the card sleeve, so that the data transmission security is improved. The generation process of the simulated card-side secure transmission key can refer to the above-mentioned related description of the generation process of the simulated card-side secure transmission key, and is not described in detail here.
The card sleeve receives data sent by the simulation card, the card sleeve end first safety transmission key is used for carrying out second processing on the received data, then the card sleeve end second safety transmission key is used for carrying out first processing on the second processed data and sending the processed data to the real card manager, wherein the card sleeve end first safety transmission key is generated when the card sleeve is in safe connection with the simulation card, and the card sleeve end second safety transmission key is generated when the card sleeve is in safe connection with the real card manager; specifically, the card sleeve performs second processing on data sent by the analog card, performs first processing, and then sends the processed data to the real card manager, so that data transmission security is provided, and the real card manager can obtain a card information acquisition request. The first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end may refer to the above-mentioned description of the generation process of the first secure transmission key at the card sleeve end and the second secure transmission key at the card sleeve end, and will not be described in detail here.
The real card manager receives data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key and then sends the data to the selected real card, wherein the real card manager end safety transmission key is generated when the card sleeve is in safety connection with the real card manager; specifically, the real card manager performs second processing on data sent by the card sleeve and then sends the data to the selected real card, so that the selected real card can obtain a card information obtaining request, and then card information is returned. The generation process of the secure transmission key at the real card manager end can refer to the above description of the generation process of the secure transmission key at the real card manager end, and is not described in detail here.
The selected real card sends the card information of the selected real card to a real card manager;
the real card manager performs first processing on the received card information of the selected real card by using a real card manager end safety transmission key and then sends the card information to the card sleeve;
the card sleeve receives data sent by the real card manager, second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, first processing is carried out on the second processed data by using a first secure transmission key at the card sleeve end, and then the data are sent to the simulation card;
The simulation card receives the data sent by the card sleeve, and the received data is subjected to second processing by using a safety transmission key of the simulation card end and then sent to the recharging platform; specifically, the simulated card sends the acquired card information to the recharging platform, so that the recharging platform can know which real card is recharged.
The card sleeve logs on a payment platform; specifically, the card sleeve can log in the payment platform, and this payment platform can be the payment treasured, or the internet bank to accomplish the operation of deducting money, for example the user logs in the payment treasured and directly deducts money from the payment treasured, or the user logs in the internet bank and directly deducts money from the internet bank, or the user logs in the payment treasured and deducts money through the internet bank that binds with the payment treasured.
The card sleeve receives payment success information sent by the payment platform, wherein the payment success information is generated by the payment platform after payment operation is executed; specifically, the payment platform generates payment success information after completing payment, and sends the payment success information to the card sleeve, so that the user knows that the payment is successful. Before the payment platform executes the payment operation, the payment platform also acquires a recharging identifier, and the recharging identifier can be acquired in the following way: the method comprises the steps that a simulation card receives a recharging identifier sent by a recharging platform, the recharging identifier is subjected to first processing by using a safety transmission key of a simulation card end and then sent to a card sleeve, the card sleeve receives data sent by the simulation card, second processing is carried out on the received data by using a first safety transmission key of the card sleeve end to obtain the recharging identifier, and the recharging identifier is sent to a payment platform by the card sleeve. The charging identifier is generated after the charging platform receives the data processed by the analog card for the second time, specifically, after the charging platform obtains the card information of the first real card sent by the analog card, the charging identifier can be generated to indicate which real card is charged and the charging amount, and the charging identifier can be an order number generated for this charging and the like. And in the second mode, the recharging platform generates a recharging identifier after receiving the data processed by the simulation card for the second time, and directly sends the recharging identifier to the payment platform. In addition, the payment platform pays according to the recharging identifier so as to know which real card to pay and the payment amount.
The simulation card receives a recharging packet sent by the recharging platform, wherein the recharging packet is generated after the recharging platform receives payment success information generated by the payment platform; specifically, the payment platform further sends the payment success information to the recharging platform, or the payment platform sends the payment success information to the card sleeve, and the card sleeve sends the payment success information to the recharging platform, so that the recharging platform knows the payment success, and generates a recharging packet, so that the recharging packet is sent to the selected real card to complete recharging.
The simulation card utilizes the safety transmission key of the simulation card end to carry out first processing on the recharge packet and then sends the recharge packet to the card sleeve;
the card sleeve receives data sent by the simulation card, and after second processing is carried out on the received data by using a first safe transmission key at the card sleeve end, the data after the second processing is prompted;
the card sleeve receives a confirmation instruction for indicating that the second processed data is correct, and the second secure transmission key at the card sleeve end is used for carrying out first processing on the second processed data and then sending the second processed data to the real card manager;
the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using a real card manager end safety transmission key, and sends the processed data to the selected real card;
And the real card receives the data sent by the real card manager and executes the recharging operation. Specifically, after the selected real card obtains the recharging packet, the recharging operation is executed according to the recharging packet, and therefore recharging is completed.
Based on the mode, the data interaction architecture can complete the recharging of the real card by using the account, thereby expanding the application of the data interaction architecture and facilitating the use of users.
In all embodiments of the invention, in all normal data interaction processes between the card sleeve and the simulation card, the simulation card is located in the effective communication range of the card sleeve, if the card sleeve detects that the simulation card exceeds the effective communication range of the card sleeve, the card sleeve can prompt, or the card sleeve sends prompt information to a user terminal (such as a smart phone, a tablet personal computer and the like) for prompting, so as to prompt the user that the position of the simulation card is abnormal, thereby improving the use safety of the simulation card.
Eighthly, a data interaction system:
based on the above data interaction method, the present invention further provides a data interaction system, as shown in fig. 11, including: the card comprises a simulation card, a card sleeve and a real card manager, wherein the simulation card, the card sleeve and the real card manager respectively adopt the data interaction method to realize data interaction, and detailed description is omitted.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (27)

1. A method for data interaction, comprising:
the card sleeve and the simulation card execute binding operation, and the card sleeve and a real card manager execute binding operation, wherein the real card manager is connected with at least one real card through a contact type interface or a non-contact type interface and stores a real card manager end real card information list, and the real card manager end real card information list comprises real card information of the real card connected with the real card manager;
the card sleeve is in safe connection with the simulation card to obtain a first safe transmission key at the card sleeve end and a safe transmission key at the simulation card end for data safe transmission between the card sleeve and the simulation card, and the card sleeve is in safe connection with the real card manager to obtain a second safe transmission key at the card sleeve end and a safe transmission key at the real card manager end for data safe transmission between the card sleeve and the real card manager;
The card sleeve acquires a card sleeve end real card information list, wherein the card sleeve end real card information list is a real card manager end real card information list acquired from the real card manager;
the card sleeve prompts a card sleeve end real card information list;
the card sleeve receives a real card selection instruction and determines a selected real card; the simulation card receives data sent by the transaction terminal, performs first processing on the received data by using the safety transmission key of the simulation card end, and sends the processed data to the card sleeve;
the card sleeve receives the data sent by the simulation card, prompts the second processed data after the second processing is carried out on the received data by utilizing the first safe transmission key at the card sleeve end, and sends the first processed data to the real card manager after the first processing is carried out on the second processed data by utilizing the second safe transmission key at the card sleeve end after a confirmation instruction for indicating the correctness of the second processed data is received;
the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using the real card manager end safety transmission key, and sends the processed data to the selected real card;
The selected real card receives the data sent by the real card manager, and sends the data obtained after transaction processing to the real card manager after the transaction processing;
the real card manager receives the data sent by the selected real card, performs first processing on the received data by using the real card manager end secure transmission key, and sends the processed data to the card sleeve;
the card sleeve receives the data sent by the real card manager, performs second processing on the received data by using a second secure transmission key at the card sleeve end, performs first processing on the second processed data by using a first secure transmission key at the card sleeve end, and sends the processed data to the simulation card;
the simulation card receives the data sent by the card sleeve, and sends the data to the transaction terminal after second processing is carried out on the received data by using the safety transmission key at the simulation card end;
the data interaction method further comprises the following steps:
the real card manager detects a real card connected with the real card manager;
the real card manager acquires real card information of a real card connected with the real card manager after detecting the real card connected with the real card manager;
And after acquiring the real card information of the real card connected with the real card manager, the real card manager generates a real card information list of the real card manager.
2. The method of claim 1,
the real card information at least includes: a card number.
3. The method of claim 2, further comprising:
the real card manager also generates a real card manager end identification list, and the identifications in the real card manager end identification list correspond to the real card information in the real card manager end real card information list one by one.
4. The method according to any one of claims 1 to 3,
before the card sleeve establishes a secure connection with the real card manager and obtains a second secure transmission key at the card sleeve end for data secure transmission between the card sleeve and the real card manager and a secure transmission key at the real card manager end, the method further includes:
the card sleeve sends a login request to the real card manager;
after the card sleeve establishes a secure connection with the real card manager and obtains a second secure transmission key at the card sleeve end for data secure transmission between the card sleeve and the real card manager and a secure transmission key at the real card manager end, the method further comprises the following steps:
The card sleeve performs first processing on the received login password through a second secure transmission key at the card sleeve end and then sends the processed login password to the real card manager;
the real card manager receives the data sent by the card sleeve, and verifies the correctness of the data after second processing is carried out on the received data by utilizing the safe transmission key at the real card manager end;
and after the real card manager verifies that the data after the second processing passes, the card sleeve logs in the real card manager.
5. The method according to claim 4, wherein the verifying the correctness of the second processed data after the real card manager performs the second processing on the received data by using the real card manager-side secure transmission key comprises:
the real card manager performs second processing on the received data by using the real card manager end secure transmission key to obtain a password to be verified;
the real card manager judges whether the password to be verified is an alarm password;
if the password to be verified is an alarm password, the real card manager determines that the password to be verified passes verification and executes alarm operation;
And if the password to be verified is not the alarm password and is the login password, the real card manager determines that the password to be verified passes the verification.
6. The method of claim 4, wherein after said ferrule is registered with said real card manager, further comprising:
the card sleeve searches a card sleeve end identification list;
if the card sleeve finds the card sleeve end identification list, the card sleeve end identification list is subjected to first processing by using a second secure transmission key of the card sleeve end and then is sent to the real card manager, the real card manager receives data sent by the card sleeve, after the received data is subjected to second processing by using the secure transmission key of the real card manager end, whether the second processed data is the same as the real card manager end identification list stored by the real card manager is judged, if the second processed data is not the same as the real card manager end identification list, the real card manager performs first processing on an update instruction and update data by using the secure transmission key of the real card manager end and then sends the update instruction and the update data to the card sleeve, the card sleeve receives the data sent by the real card manager and performs second processing on the received data by using the second secure transmission key of the card sleeve end, updating the card sleeve end real card information list;
If the card sleeve does not find the card sleeve end identification list, the card sleeve end second secure transmission key is used for carrying out first processing on a preset identification and then sending the preset identification to the real card manager, the real card manager receives the data sent by the card sleeve, after the second processing is carried out on the received data by utilizing the safe transmission key of the real card manager, when the real card manager determines that the second processed data is used for indicating that the card sleeve end does not store the card sleeve end identification list, the real card manager end is used for carrying out first processing on the updating instruction and the updating data and then sending the updating instruction and the updating data to the card sleeve, and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
7. The method of claim 5, wherein after said ferrule is registered with said real card manager, further comprising:
the card sleeve searches a card sleeve end identification list;
if the card sleeve finds the card sleeve end identification list, the card sleeve end identification list is subjected to first processing by using a second secure transmission key of the card sleeve end and then is sent to the real card manager, the real card manager receives data sent by the card sleeve, after the received data is subjected to second processing by using the secure transmission key of the real card manager end, whether the second processed data is the same as the real card manager end identification list stored by the real card manager is judged, if the second processed data is not the same as the real card manager end identification list, the real card manager performs first processing on an update instruction and update data by using the secure transmission key of the real card manager end and then sends the update instruction and the update data to the card sleeve, the card sleeve receives the data sent by the real card manager and performs second processing on the received data by using the second secure transmission key of the card sleeve end, updating the card sleeve end real card information list;
If the card sleeve does not find the card sleeve end identification list, the card sleeve end second secure transmission key is used for carrying out first processing on a preset identification and then sending the preset identification to the real card manager, the real card manager receives the data sent by the card sleeve, after the second processing is carried out on the received data by utilizing the safe transmission key of the real card manager, when the real card manager determines that the second processed data is used for indicating that the card sleeve end does not store the card sleeve end identification list, the real card manager end is used for carrying out first processing on the updating instruction and the updating data and then sending the updating instruction and the updating data to the card sleeve, and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
8. The method of claim 4, wherein after said ferrule is registered with said real card manager, further comprising:
the real card manager sends a real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing the real card manager end safety transmission key;
The card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged;
if not, the card sleeve sends an updating request to the real card manager;
the real card manager receives the updating request, performs first processing on an updating instruction and updating data by using a safe transmission key of the real card manager, and then sends the updating instruction and the updating data to the card sleeve;
and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
9. The method of claim 5, wherein after said ferrule is registered with said real card manager, further comprising:
the real card manager sends a real card manager end identification list to the card sleeve after first processing is carried out on the real card manager end identification list by utilizing the real card manager end safety transmission key;
the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged;
If not, the card sleeve sends an updating request to the real card manager;
the real card manager receives the updating request, performs first processing on an updating instruction and updating data by using a safe transmission key of the real card manager, and then sends the updating instruction and the updating data to the card sleeve;
and the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
10. The method of claim 1, wherein the card sleeve further comprises a heartbeat sleep mode, wherein the heartbeat sleep mode is a low power consumption non-operational mode, the method further comprising:
the card sleeve sends detection information to the real card manager at intervals of first preset time under a heartbeat sleep mode;
the real card manager receives the detection information and sends response information to the card sleeve;
if the card sleeve does not receive the response information within second preset time, disconnecting the safe connection between the card sleeve and the real card manager;
and if the card sleeve receives the response information within second preset time, the card sleeve keeps the safe connection established between the card sleeve and the real card manager.
11. The method of claim 10,
if the card sleeve receives the response information within a second preset time, and the response information further comprises update prompt information, the method further comprises the following steps:
the card sleeve stores the updating prompt information;
after the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve sends an updating triggering request to the real card manager;
the real card manager receives the updating triggering request, performs first processing on the real card manager end identification list by using the real card manager end safety transmission key, and then sends the real card manager end identification list to the card sleeve;
the card sleeve receives the data sent by the real card manager, and after second processing is carried out on the received data by using a second secure transmission key at the card sleeve end, whether the second processed data is the same as a card sleeve end identification list stored in the card sleeve is judged;
if not, the card sleeve sends an updating request to the real card manager;
the real card manager receives the updating request, performs first processing on an updating instruction and updating data by using a safe transmission key of the real card manager, and then sends the updating instruction and the updating data to the card sleeve;
And the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
12. The method of claim 10,
if the card sleeve receives the response information within a second preset time, and the response information further comprises update prompt information, the method further comprises the following steps:
the card sleeve stores the updating prompt information;
after the card sleeve enters a working mode from a heartbeat sleep mode, the card sleeve performs first processing on a card sleeve end identification list by using a card sleeve end second secure transmission key and then sends the card sleeve end identification list to the real card manager;
the real card manager receives the data sent by the card sleeve, and after the received data is subjected to second processing by using the real card manager end secure transmission key, whether the second processed data is the same as a real card manager end identification list stored by the real card manager is judged;
if not, the real card manager performs first processing on the update instruction and the update data by using the real card manager end secure transmission key and then sends the update instruction and the update data to the card sleeve;
And the card sleeve receives the data sent by the real card manager, and updates the real card information list of the card sleeve end after carrying out second processing on the received data by using a second safe transmission key of the card sleeve end.
13. The method of any of claims 1 to 3, wherein the ferrule performing a binding operation with a mock card comprises:
the card sleeve receives a trigger command for indicating the binding with the simulation card;
the card sleeve sends a first binding instruction to the simulation card, wherein the first binding instruction comprises: the first binding random factor generated by the card sleeve, the card sleeve certificate and the unique card sleeve identifier;
the simulation card receives the first binding instruction and verifies the card sleeve certificate by using a root certificate;
after the simulated card verifies that the card sleeve certificate is legal, generating a second binding random factor;
the simulation card encrypts the first binding random factor and the second binding random factor by using a card sleeve public key in the card sleeve certificate to obtain a first binding ciphertext, and signs the first binding random factor and the second binding random factor by using a simulation card private key to obtain a first binding signature;
The simulation card sends a first binding response to the card sleeve, wherein the first binding response comprises: the first binding ciphertext, the first binding signature, a simulation card certificate and a simulation card unique identifier;
the card sleeve receives the first binding response and verifies the simulated card certificate by using a root certificate;
after the card sleeve verifies that the simulation card certificate is legal, the first binding ciphertext is decrypted by using a card sleeve private key to obtain a first binding random decryption factor and a second binding random decryption factor;
the card sleeve verifies the first binding signature by using a simulation card public key, the first binding random decryption factor and the second binding random decryption factor in the simulation card certificate;
after the card sleeve verifies that the first binding signature is correct, verifying whether the first binding random decryption factor is the same as the first binding random factor;
after the card sleeve verifies that the first binding random decryption factor is the same as the first binding random factor, prompting the unique identifier of the simulation card;
the card sleeve receives a trigger command for confirming that the simulation card unique identifier is correct, signs the first binding random factor and the second binding random decryption factor by using a card sleeve private key to obtain a second binding signature, and stores the simulation card unique identifier, the simulation card certificate and a card sleeve end first binding factor to a card sleeve end first binding list, wherein the card sleeve end first binding factor is the second binding random decryption factor;
The card sleeve sends the second binding signature to the simulation card;
the simulation card receives the second binding signature, and verifies the second binding signature by using the card sleeve public key, the first binding random factor and the second binding random factor in the card sleeve certificate;
and after the simulation card verifies that the second binding signature is correct, storing the unique card sleeve identification, the card sleeve certificate and the simulation card end binding factor to a simulation card end binding list, wherein the simulation card end binding factor is the second binding random factor.
14. The method of claim 13, wherein the binding of the card sleeve with a real card manager comprises:
the card sleeve receives a trigger command for indicating binding with the real card manager;
the card sleeve sends a second binding instruction to the real card manager through a wireless network, wherein the second binding instruction comprises: the third binding random factor generated by the card sleeve, the card sleeve certificate and the unique card sleeve identifier;
the real card manager receives the second binding instruction and verifies the card sleeve certificate by using a root certificate;
After the real card manager verifies that the card sleeve certificate is legal, a fourth binding random factor is generated;
the real card manager encrypts the third binding random factor and the fourth binding random factor by using a card sleeve public key in the card sleeve certificate to obtain a second binding ciphertext, and signs the third binding random factor and the fourth binding random factor by using a real card manager private key to obtain a third binding signature;
the real card manager sends a second binding response to the card sleeve through a wireless network, wherein the second binding response comprises: the second binding ciphertext, the third binding signature, a real card manager certificate, and a unique identification of the real card manager;
the card sleeve receives the second binding response and verifies the real card manager certificate by using a root certificate;
after the card sleeve verifies that the real card manager certificate is legal, the card sleeve decrypts the second binding ciphertext by using the card sleeve private key to obtain a third binding random decryption factor and a fourth binding random decryption factor;
the card sleeve verifies the third binding signature by using a real card manager public key, the third binding random decryption factor and the fourth binding random decryption factor in the real card manager certificate;
After the card sleeve verifies that the third binding signature is correct, verifying whether the third binding random decryption factor is the same as the third binding random factor;
after the card sleeve verifies that the third binding random decryption factor is the same as the third binding random factor, the card sleeve prompts the unique identifier of the real card manager;
the card sleeve receives a trigger command for confirming that the unique identifier of the real card manager is correct, signs the third binding random factor and the fourth binding random decryption factor by using a card sleeve private key to obtain a fourth binding signature, and stores the unique identifier of the real card manager, the certificate of the real card manager and a second binding factor of a card sleeve end to a second binding list of the card sleeve end, wherein the second binding factor of the card sleeve end is the fourth binding random decryption factor;
the card sleeve sends the fourth binding signature to the real card manager;
the real card manager receives the fourth binding signature, and verifies the fourth binding signature by using the card sleeve public key, a third binding random factor and the fourth binding random factor in the card sleeve certificate;
And after verifying that the fourth binding signature is correct, the real card manager stores the unique card sleeve identifier, the card sleeve certificate and a real card manager end binding factor to a real card manager end binding list, wherein the real card manager end binding factor is the fourth binding random factor.
15. The method of claim 13, wherein establishing a secure connection of the ferrule with the mock card comprises:
the card sleeve sends a first safety connection instruction used for indicating establishment of safety connection to the simulation card, wherein the first safety connection instruction comprises: the card sleeve encrypts a first binding factor of the card sleeve end and a generated first connection random factor by using the analog card public key in the analog card certificate to obtain a first connection ciphertext, and the card sleeve signs the first binding factor of the card sleeve end and the first connection random factor by using the card sleeve private key to obtain a first connection signature;
the simulation card receives the first safe connection instruction, decrypts the first connection ciphertext by using the simulation card private key, and obtains a first binding decryption factor and a first connection random decryption factor of the card sleeve end;
The simulation card verifies the first connection signature by using the card sleeve public key, the first binding decryption factor of the card sleeve end and the first connection random decryption factor in the card sleeve certificate;
after the simulation card verifies that the first connection signature is correct, verifying whether a first binding decryption factor of the card sleeve end is the same as a binding factor of the simulation card end;
after the simulation card verifies that the first binding decryption factor of the card sleeve end is the same as the binding factor of the simulation card end, a second connection random factor is generated;
the simulation card encrypts the first connection random decryption factor and the second connection random factor by using the card sleeve public key in the card sleeve certificate to obtain a second connection ciphertext, and signs the first connection random decryption factor and the second connection random factor by using the simulation card private key to obtain a second connection signature;
the simulated card sends a first secure connection response to the card sleeve, wherein the first secure connection response comprises: the second concatenated ciphertext and the second concatenated signature;
the card sleeve receives the first secure connection response, decrypts the second connection ciphertext by using the card sleeve private key, and obtains a decrypted first connection random decryption factor and a decrypted second connection random decryption factor;
The card sleeve verifies the second connection signature by using the simulation card public key, the decrypted first connection random decryption factor and the second connection random decryption factor in the simulation card certificate;
after the card sleeve verifies that the second connection signature is correct, verifying whether the decrypted first connection random decryption factor is the same as the first connection random factor;
after the card sleeve verifies that the decrypted first connection random decryption factor is the same as the first connection random factor, the card sleeve end first secure transmission key between the card sleeve and the simulation card is generated by using at least the second connection random decryption factor; and the simulation card generates the simulation card end secure transmission key between the card sleeve and the simulation card by using at least the second connection random factor.
16. The method of claim 13, wherein establishing a secure connection of the ferrule with the mock card comprises:
the card sleeve receives a third connection random factor generated by the simulation card and sent by the simulation card and the unique identification of the simulation card;
the card sleeve sends a second safety connection instruction used for indicating establishment of safety connection to the simulation card, wherein the second safety connection instruction comprises: the card sleeve unique identifier, a third connection ciphertext obtained by encrypting the third connection random factor and the generated fourth connection random factor by the card sleeve by using the simulation card public key in the simulation card certificate, and a third connection signature obtained by signing the third connection random factor and the fourth connection random factor by using the card sleeve private key;
The simulation card receives the second safety connection instruction and judges whether the unique card sleeve identification is in the simulation card end binding list or not;
if the unique card sleeve identifier is in the analog card end binding list, the analog card decrypts the third connection ciphertext by using the analog card private key to obtain a third connection random decryption factor and a fourth connection random decryption factor;
the simulation card verifies the third connection signature by using the card sleeve public key, the third connection random decryption factor and the fourth connection random decryption factor in the card sleeve certificate;
after the third connection signature is verified to be correct by the simulation card, verifying whether the third connection random decryption factor is the same as the third connection random factor;
if the third connection random decryption factor is the same as the third connection random factor, the simulation card signs the third connection random decryption factor and the fourth connection random decryption factor by using the simulation card private key to obtain a fourth connection signature;
the simulated card sends a second secure connection response to the card sleeve, wherein the second secure connection response comprises: the fourth connection signature;
The card sleeve receives the second secure connection response, and verifies the fourth connection signature by using the simulated card public key, the third connection random factor and the fourth connection random factor in the simulated card certificate;
after the card sleeve verifies that the fourth connection signature is correct, generating a card sleeve end first secure transmission key between the card sleeve and the simulation card by using at least the fourth connection random factor and the card sleeve end first binding factor; the simulation card generates the simulation card end safe transmission key between the card sleeve and the simulation card by using at least the fourth connection random decryption factor and the simulation card end binding factor;
the card sleeve sends the third connection random factor and the fourth connection random factor to the simulation card after carrying out first processing on the third connection random factor and the fourth connection random factor by using a first secure transmission key at the card sleeve end; the simulation card sends the third connection random decryption factor and the fourth connection random decryption factor to the card sleeve after first processing is carried out on the third connection random decryption factor and the fourth connection random decryption factor by using the simulation card end secure transmission key;
the card sleeve receives the data sent by the simulation card, performs second processing on the received data by using a first secure transmission key at the card sleeve end, and compares whether the second processed data is the same as the third connection random factor and the fourth connection random factor; and the simulation card receives the data sent by the card sleeve, performs second processing on the received data by using the safety transmission key at the simulation card end, and compares whether the second processed data is the same as the third connection random decryption factor and the fourth connection random decryption factor.
17. The method of claim 14, wherein establishing a secure connection between the card sleeve and the real card manager comprises:
the card sleeve sends a third secure connection instruction for indicating establishment of secure connection to the real card manager, wherein the third secure connection instruction includes: the card sleeve encrypts the second binding factor of the card sleeve end and the generated fifth connection random factor by using the real card manager public key in the real card manager certificate to obtain a fifth connection ciphertext, and the card sleeve signs the second binding factor of the card sleeve end and the fifth connection random factor by using the card sleeve private key to obtain a fifth connection signature;
the real card manager receives the third secure connection instruction, decrypts the fifth connection ciphertext by using the private key of the real card manager, and obtains a second binding decryption factor and a fifth connection random decryption factor of the card sleeve end;
the real card manager verifies the fifth connection signature by using the card sleeve public key, the second binding decryption factor and the fifth connection random decryption factor in the card sleeve certificate;
After verifying that the fifth connection signature is correct, the real card manager verifies whether a second binding decryption factor of the card sleeve end is the same as a binding factor of the real card manager end;
after the real card manager verifies that the second binding decryption factor of the card sleeve end is the same as the binding factor of the real card manager end, a sixth connection random factor is generated;
the real card manager encrypts the fifth connection random decryption factor and the sixth connection random factor by using the card sleeve public key in the card sleeve certificate to obtain a sixth connection ciphertext, and signs the fifth connection random decryption factor and the sixth connection random factor by using the real card manager private key to obtain a sixth connection signature;
the real card manager sends a third secure connection response to the card sleeve, wherein the third secure connection response comprises: the sixth concatenated ciphertext and the sixth concatenated signature;
the card sleeve receives the third secure connection response, decrypts the sixth connection ciphertext by using the card sleeve private key, and obtains a decrypted fifth connection random decryption factor and a decrypted sixth connection random decryption factor;
The card sleeve verifies the sixth connection signature by using the real card manager public key, the decrypted fifth connection random decryption factor and the sixth connection random decryption factor in the real card manager certificate;
after the card sleeve verifies that the sixth connection signature is correct, verifying whether the decrypted fifth connection random decryption factor is the same as the fifth connection random factor;
after the card sleeve verifies that the decrypted fifth connection random decryption factor is the same as the fifth connection random factor, the card sleeve end second secure transmission key between the card sleeve and the real card manager is generated by using at least the sixth connection random decryption factor; and the real card manager generates the real card manager end secure transmission key between the card sleeve and the real card manager by using at least the sixth connection random factor.
18. The method of claim 14, wherein establishing a secure connection between the card sleeve and the real card manager comprises:
the card sleeve receives a seventh connection random factor generated by the real card manager and the unique identifier of the real card manager, which are sent by the real card manager;
The card sleeve sends a fourth secure connection instruction for indicating establishment of secure connection to the real card manager, wherein the fourth secure connection instruction includes: the card sleeve unique identifier, a seventh connection ciphertext obtained by encrypting the seventh connection random factor and the generated eighth connection random factor by the card sleeve by using the real card manager public key in the real card manager certificate, and a seventh connection signature obtained by signing the seventh connection random factor and the eighth connection random factor by using the card sleeve private key by the card sleeve;
the real card manager receives the fourth secure connection instruction and judges whether the unique card sleeve identifier is in a real card manager end binding list or not;
if the unique card sleeve identifier is in the real card manager end binding list, the real card manager decrypts the seventh connection ciphertext by using the real card manager private key to obtain a seventh connection random decryption factor and an eighth connection random decryption factor;
the real card manager verifies the seventh connection signature by using the card sleeve public key, the seventh connection random decryption factor and the eighth connection random decryption factor in the card sleeve certificate;
After verifying that the seventh connection signature is correct, the real card manager verifies whether the seventh connection random decryption factor is the same as the seventh connection random factor;
if the seventh connection random decryption factor is the same as the seventh connection random factor, the real card manager signs the seventh connection random decryption factor and the eighth connection random decryption factor by using the private key of the real card manager to obtain an eighth connection signature;
the real card manager sends a fourth secure connection response to the card sleeve, wherein the fourth secure connection response comprises: the eighth connection signature;
the card sleeve receives the fourth secure connection response, and verifies the eighth connection signature by using the real card manager public key, a seventh connection random factor and the eighth connection random factor in the real card manager certificate;
after the card sleeve verifies that the eighth connection signature is correct, generating a second card sleeve end secure transmission key between the card sleeve and the real card manager by using at least the eighth connection random factor and the second card sleeve end binding factor; the real card manager generates the real card manager end secure transmission key between the card sleeve and the real card manager by using at least the eighth connection random decryption factor and the real card manager end binding factor;
The card sleeve sends the seventh connection random factor and the eighth connection random factor to the real card manager after carrying out first processing on the seventh connection random factor and the eighth connection random factor by using a second secure transmission key at the card sleeve end; the real card manager sends the seventh connection random decryption factor and the eighth connection random decryption factor to the card sleeve after performing first processing on the seventh connection random decryption factor and the eighth connection random decryption factor by using the real card manager end secure transmission key;
the card sleeve receives the data sent by the real card manager, carries out second processing on the received data by using a second secure transmission key at the card sleeve end, and compares whether the second processed data is the same as the seventh connection random factor and the eighth connection random factor; and the real card manager receives the data sent by the card sleeve, performs second processing on the received data by using the secure transmission key of the real card manager, and compares whether the second processed data is the same as the seventh connection random decryption factor and the eighth connection random decryption factor.
19. The method of claim 13, further comprising:
the card sleeve at least sends the card sleeve certificate to an update platform;
The update platform generates a first updated encryption key;
the updating platform encrypts the card sleeve application program installation package by using the first updating encryption key to obtain a first installation package ciphertext;
the updating platform signs the first installation package ciphertext by using an updating platform private key to obtain a first installation package signature;
the updating platform encrypts a first updating encryption key by using the card sleeve public key in the card sleeve certificate to obtain a first updating encryption key ciphertext;
the update platform sends cutting ferrule update information to the cutting ferrule, wherein, cutting ferrule update information includes: updating a platform certificate, the first installation package ciphertext, the first installation package signature and the first update encryption key ciphertext;
the card sleeve receives the card sleeve updating information and verifies the updating platform certificate by using a root certificate;
after the card sleeve verifies that the update platform certificate passes, verifying the signature of the first installation package by using an update platform public key in the update platform certificate;
after the card sleeve verifies that the signature of the first installation package is correct, the card sleeve decrypts the first updated encryption key ciphertext by using the card sleeve private key to obtain a first decryption key;
The card sleeve decrypts the first installation package ciphertext by using the first decryption key to obtain the card sleeve application program installation package;
the card sleeve verifies whether the data format of the card sleeve application program installation package is correct or not;
and if the card sleeve verifies that the data format of the card sleeve application program installation package is correct, the card sleeve is installed according to the card sleeve application program installation package.
20. The method of claim 13, further comprising:
the card sleeve obtains the simulated card certificate from the simulated card and at least sends the simulated card certificate to an updating platform;
the update platform generates a second updated encryption key;
the updating platform encrypts the simulation card application program installation package by using the second updating encryption key to obtain a second installation package ciphertext;
the updating platform signs the second installation package ciphertext by using an updating platform private key to obtain a second installation package signature;
the updating platform encrypts a second updating encryption key by using the analog card public key in the analog card certificate to obtain a second updating encryption key ciphertext;
the update platform will simulate card update message and send to the cutting ferrule, wherein, simulate card update message includes: updating a platform certificate, the second installation package ciphertext, the second installation package signature and the second update encryption key ciphertext;
The card sleeve receives the updating information of the simulation card, and the updating information of the simulation card is sent to the simulation card after first processing is carried out on the updating information of the simulation card by utilizing a first safe transmission key at the card sleeve end;
the simulation card receives the data sent by the card sleeve, and after the received data is subjected to second processing by using the safety transmission key at the simulation card end, the update information of the simulation card is obtained;
the simulation card verifies the update platform certificate by using a root certificate;
after the simulation card verifies that the updating platform certificate passes, verifying the signature of a second installation package by using an updating platform public key in the updating platform certificate;
after the simulation card verifies that the signature of the second installation package is correct, the simulation card decrypts the second updated encryption key ciphertext by using the simulation card private key to obtain a second decryption key;
the simulation card decrypts the second installation package ciphertext by using the second decryption key to obtain the simulation card application program installation package;
the simulation card verifies whether the data format of the simulation card application program installation package is correct or not;
and if the simulation card verifies that the data format of the simulation card application program installation package is correct, the simulation card is installed according to the simulation card application program installation package.
21. The method of claim 14, 17 or 18, further comprising:
the real card manager at least sends the real card manager certificate to an update platform;
the update platform generates a third updated encryption key;
the updating platform encrypts the real card manager application program installation package by using the third updated encryption key to obtain a third installation package ciphertext;
the updating platform signs the third installation package ciphertext by using an updating platform private key to obtain a third installation package signature;
the updating platform encrypts a third updated encryption key by using the real card manager public key in the real card manager certificate to obtain a third updated encryption key ciphertext;
the update platform sends real card manager update information to the real card manager, wherein the real card manager update information includes: updating a platform certificate, the third installation package ciphertext, the third installation package signature, and the third updated encryption key ciphertext;
the real card manager receives the update information of the real card manager, and verifies the update platform certificate by using a root certificate;
After the real card manager verifies that the updated platform certificate passes, verifying the signature of the third installation package by using an updated platform public key in the updated platform certificate;
after the third installation package is verified to be correct in signature by the real card manager, decrypting the third updated encryption key ciphertext by using the private key of the real card manager to obtain a third decryption key;
the real card manager decrypts the third installation package ciphertext by using the third decryption key to obtain the real card manager application program installation package;
the real card manager verifies whether the data format of the real card manager application program installation package is correct or not;
and if the real card manager verifies that the data format of the real card manager application program installation package is correct, the real card manager installs according to the real card manager application program installation package.
22. The method according to any one of claims 1 to 3,
the first processing includes: an encryption process, the second process comprising: carrying out decryption processing; or
The first processing includes: a check computation process, the second process comprising: checking, verifying and calculating; or
The first processing includes: an encryption and verification calculation process, the second process comprising: and (5) decryption and verification calculation processing.
23. The method according to any one of claims 1 to 3, wherein the real card manager sets the read/write authority of the real card information of the real card connected with the real card manager according to the security level of the real card.
24. The method of any of claims 1 to 3, wherein a security prompt is provided when the card sleeve detects that the simulated card is outside the effective communication range of the card sleeve.
25. A method according to any of claims 1 to 3, wherein the ferrule is a mobile device.
26. Method according to any of claims 1 to 3, wherein the card sleeve is a mobile device and an electronic signature device or the card sleeve is an electronic signature device.
27. A data interaction system, comprising: simulating a card, a card sleeve and a real card manager;
the simulated card, the ferrule and the real card manager interact data using the method of any of claims 1 to 26.
CN201510055906.8A 2014-11-07 2015-02-03 Data interaction method and system Active CN105991538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910478054.1A CN110445748A (en) 2014-11-07 2015-02-03 Data interactive method and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410643508 2014-11-07
CN2014106435083 2014-11-07

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910478054.1A Division CN110445748A (en) 2014-11-07 2015-02-03 Data interactive method and system

Publications (2)

Publication Number Publication Date
CN105991538A CN105991538A (en) 2016-10-05
CN105991538B true CN105991538B (en) 2021-07-13

Family

ID=57037044

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510055906.8A Active CN105991538B (en) 2014-11-07 2015-02-03 Data interaction method and system
CN201910478054.1A Pending CN110445748A (en) 2014-11-07 2015-02-03 Data interactive method and system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201910478054.1A Pending CN110445748A (en) 2014-11-07 2015-02-03 Data interactive method and system

Country Status (1)

Country Link
CN (2) CN105991538B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102005087A (en) * 2009-08-28 2011-04-06 中国银联股份有限公司 Multi-bank-card-in-one device and method for payment by using same
CN102890794A (en) * 2011-07-21 2013-01-23 梁露露 Method and system for realizing integration of multiple cards for mobile terminal
WO2013117061A1 (en) * 2012-02-09 2013-08-15 Yu Mengyuan Mobile terminal having virtual card-swiping function
CN103886455A (en) * 2012-12-19 2014-06-25 Nxp股份有限公司 Digital wallet device for virtual wallet

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101667240B (en) * 2009-08-20 2013-03-13 北京握奇数据系统有限公司 Intelligent card and card writing method, equipment and system thereof
CN101789934B (en) * 2009-11-17 2012-09-05 飞天诚信科技股份有限公司 Method and system for online security trading
CN103218646A (en) * 2013-03-22 2013-07-24 舒唯家 All-in-one digital mobile card and implementation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102005087A (en) * 2009-08-28 2011-04-06 中国银联股份有限公司 Multi-bank-card-in-one device and method for payment by using same
CN102890794A (en) * 2011-07-21 2013-01-23 梁露露 Method and system for realizing integration of multiple cards for mobile terminal
WO2013117061A1 (en) * 2012-02-09 2013-08-15 Yu Mengyuan Mobile terminal having virtual card-swiping function
CN103886455A (en) * 2012-12-19 2014-06-25 Nxp股份有限公司 Digital wallet device for virtual wallet

Also Published As

Publication number Publication date
CN110445748A (en) 2019-11-12
CN105991538A (en) 2016-10-05

Similar Documents

Publication Publication Date Title
US10515362B2 (en) Methods and apparatus for card transactions
KR101775668B1 (en) Electronic device, certification agency server and payment system
CN104301110A (en) Authentication method, authentication device and system applied to intelligent terminal
KR20170008645A (en) Electronic device, certification agency server and payment system
EP3649595A1 (en) Processing payments
CN105989481B (en) Data interaction method and system
US20210385093A1 (en) Digital signature terminal and secure communication method
CN105991538B (en) Data interaction method and system
EP3217620B1 (en) Data interaction method and system
WO2016124032A1 (en) Data exchange method
CN105989477A (en) Data interaction method
US20200160332A1 (en) Processing payments
WO2016070799A1 (en) Data interaction method and system
CN105991530A (en) Data interaction system
CN105991527A (en) Data interaction system
CN105991543B (en) Data interactive method
CN105989475A (en) Data interaction method
CN105989657A (en) Data interaction system
CN105991547A (en) Data interaction system
CN105991551A (en) Method interaction method
CN105991535A (en) Data interaction method
CN105991548A (en) Data interaction system
CN105989656A (en) Data interaction method
CN105991531A (en) Data interaction system
CN105991534A (en) Data interaction method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant