CN106296155A - A kind of implementation method of credit card issuer directive script chain type MAC - Google Patents
A kind of implementation method of credit card issuer directive script chain type MAC Download PDFInfo
- Publication number
- CN106296155A CN106296155A CN201610632515.2A CN201610632515A CN106296155A CN 106296155 A CN106296155 A CN 106296155A CN 201610632515 A CN201610632515 A CN 201610632515A CN 106296155 A CN106296155 A CN 106296155A
- Authority
- CN
- China
- Prior art keywords
- mac
- credit card
- card issuer
- directive script
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/16—Payments settled via telecommunication systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The invention discloses the implementation method of a kind of credit card issuer directive script chain type MAC, including: the process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, it is thus achieved that the MAC of this credit card issuer directive script;For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instructs 5 byte, application transaction counter last time, 8 byte authorization requests ciphertext and order data numeric field datas;For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 byte, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.The present invention constitutes chain structure by setting up the MAC of credit card issuer directive script, ensure that credit card issuer directive script sequence performs in order, effectively prevent credit card issuer directive script to be missed in transmitting procedure, intercept and capture or distort, be effectively guaranteed the safety of data transmission between card and credit card issuer.
Description
Technical field
The present invention relates to financial payment field, be specifically related to the implementation method of a kind of credit card issuer directive script chain type MAC.
Background technology
In financial transaction, the most key is credit card issuer script, and it is the order that sends to terminal of credit card issuer or order
Sequence, it is therefore an objective to input order continuously to IC-card sheet.But, data there may be in transmitting procedure monitored, be trapped or
The risk then distorted, causes any property loss to IC-card sheet holder or credit card issuer.
Summary of the invention
The technical problem to be solved is to improve existing credit card issuer directive script transmission plan, strengthens card and sends out
Certification between card row and the problem of the safety of data transmission.
In order to solve above-mentioned technical problem, the technical solution adopted in the present invention is to provide a kind of credit card issuer directive script chain
The implementation method of formula MAC, comprises the following steps:
The process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, obtains
Obtain the MAC of this credit card issuer directive script;
For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5
Byte, application transaction counter last time, 8 byte authorization requests ciphertext and order data numeric field datas;
For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instructs
5 bytes, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.
In the above-mentioned methods, the MAC of described credit card issuer directive script is the 8 full MAC of byte or 4 bytes MAC.
In the above-mentioned methods, described APDU instruction 5 byte include CLA, INS, P1, P2 and LC.
In the above-mentioned methods, use process key that the be-encrypted data of credit card issuer directive script is encrypted computing to use
3DES-CBC algorithm.
In the above-mentioned methods, for current application transaction counter, during tissue Article 1 credit card issuer directive script message,
MAC initial vector H0 is 8 bytes complete the zero of this directive script.
In the above-mentioned methods, as the MAC that MAC is 4 bytes of credit card issuer directive script, add to be-encrypted data
Taking 4 byte lengths on the left of the result of calculation of close computing successively as MAC, the rear nibble of juxtaposition CLA is 4.
In the above-mentioned methods, when the MAC length of a upper credit card issuer directive script is 4 byte, after MAC, 4 words are filled
Joint 00, forms 8 bytes MAC for organizing be-encrypted data.
The present invention calculates the MAC of Article 1 credit card issuer directive script and uses 8 byte authorization requests ciphertexts, and later
When calculating the MAC of next credit card issuer directive script, use 8 bytes MAC of a credit card issuer directive script, make same application
During transaction counter, the MAC of credit card issuer directive script constitutes chain structure, and this chain structure allows credit card issuer directive script sequence
Perform in order, it is possible to effectively prevent credit card issuer directive script to be missed in data transmission procedure, intercept and capture or distort;Due to
Finance debit, credit specification peripheral authenticating step are optional, and amendment card data must possess again certain safety,
And the premise passed through of unsuccessful verification MAC of the present invention is the successful execution of a upper directive script, i.e. just has as credit card issuer
True calculating data, are thus effectively guaranteed the reliable authentication between card and credit card issuer.
Accompanying drawing explanation
Fig. 1 is the transmission system structure schematic diagram of credit card issuer directive script in the present invention;
Fig. 2 is the organizational structure schematic diagram of be-encrypted data in the present invention;
The implementation method of a kind of credit card issuer directive script chain type MAC that Fig. 3 provides for using the present invention carries out hair fastener and travels far and wide
The flow chart of this instruction transmission.
Detailed description of the invention
Below in conjunction with Figure of description and specific embodiment, the present invention is described in detail.
The present invention, by each bar credit card issuer directive script MAC is formed chain type, is effectively guaranteed card 3 and credit card issuer 1
Between data transmission safety.In financial transaction, the transmission system of credit card issuer directive script is as it is shown in figure 1, include hair fastener
Row 1, terminal 2 and card 3;
Credit card issuer 1 for carrying out personal data and on-line processing to card 3, and travels far and wide by sending hair fastener to terminal 2
Data on this instruction modification card 3;
In financial transaction, (i.e. debit, credit transaction is due to the commodity between card holder and trade company or service switch-activity
And the information exchange, fund clearing and the clearing behavior that produce between card holder, card sending mechanism, trade company and receipts single file, class of concluding the business
Type includes online, off line and refusal transaction) in, terminal 2 is used for receiving credit card issuer directive script, sending APDU (application to card 3
Protocol Data Unit) instruct, receive the response message after card 3 processes APDU instruction, perform off line certification or to credit card issuer 1
Forward the response message of card 3;
Card 3 performs APDU instruction and the individualized number of storage credit card issuer 1 distribution that terminal 2 sends over for the place of execution
According to.
Wherein,
Personal data refers to that credit card issuer 1 is by the particular data that prescribed form is every card 3 tissue;
On-line processing refers to if card 3 and terminal 2 are determined deal, and needs an online mandate, and terminal 2 transmits a connection
Machine entitlement message is to credit card issuer 1, and this message includes authorization requests ciphertext, the data generating authorization requests ciphertext and processed off-line
Result indicator;
Credit card issuer directive script is the APDU order that sends to terminal 2 of credit card issuer 1 or APDU command sequence, to revise card
The data allowing credit card issuer 1 amendment of storage on 3;
Off line certification comprises static data certification (SDA) and Dynamic Data Authentication (DDA), and static data certification (SDA) is tested
Whether the significant data in card sheet is tampered after hair fastener, and terminal 2 uses in the credit card issuer public key verifications card 3 in card 3
Static state (constant) data;Whether the significant data in Dynamic Data Authentication (DDA) checking card 3 is tampered after hair fastener, with
Time checking card 3 whether be pseudo-card, and Dynamic Data Authentication has standard Dynamic Data Authentication (DDA) and compound Dynamic Data Authentication
(DDA/AC-CDA) two kinds, terminal 2 requires that card 3 provides by the dynamic signature of IC private key signature dynamic transaction data genaration, dynamic
State transaction data is by the unique data that terminal 2 and card 3 are current transaction generation, terminal 2 acquisition from card 3 data
IC-card PKI verifies dynamic signature.
The implementation method of a kind of credit card issuer directive script chain type MAC that the present invention provides is:
The be-encrypted data of credit card issuer directive script is added by the process key (MAC UDK) using card to derive MAC
Close computing (carries out computing by 3DES-CBC algorithm to be-encrypted data), it is thus achieved that MAC (8 bytes or 4 of this credit card issuer directive script
Byte), it is added at the end of APDU instruction, obtains credit card issuer directive script, MAC UDK is prepared by aiming at calculating MAC on card
Cipher key derivative obtain.
Credit card issuer uses authorization requests ciphertext (ARQC) to calculate the MAC of Article 1 credit card issuer directive script.
As in figure 2 it is shown, for the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by:
APDU 5 byte (including CLA, INS, P1, P2 and LC), application transaction counter last time, 8 byte authorization requests ciphertext and orders
Data field data;As the MAC that MAC is 4 bytes of credit card issuer directive script, then it is encrypted computing to be-encrypted data
Obtaining the data of 4 byte lengths on the left of result of calculation successively as MAC, then, the rear nibble putting CLA is 4.
For application transaction counter last time, during tissue Article 1 credit card issuer directive script message, the MAC of this directive script
Initial vector H0 is complete the zero of 8 bytes.
Use the MAC of a credit card issuer directive script, when calculating is not the MAC of Article 1 credit card issuer directive script, treat
The tissue order of encryption data is essentially identical with Article 1 credit card issuer directive script, only replaces with by 8 byte authorization requests ciphertexts
Change into the MAC of a credit card issuer directive script, i.e. be-encrypted data tissue order be followed successively by: APDU instruction 5 byte, on
Secondary application transaction counter, 8 bytes MAC of a upper credit card issuer directive script and order data numeric field data.
When the MAC length of a upper credit card issuer directive script is 4 byte, after MAC, fills 4 bytes 00, form 8 bytes
MAC is used for organizing be-encrypted data.
As it is shown on figure 3, utilize the present invention to carry out the transmission of credit card issuer directive script specifically include following steps:
Step S1, in debit, credit transaction, when card 3 and terminal 2 determine to carry out on-line transaction, need one online
Authorize (terminal 2 has connection ability), then terminal 2 transmits an online request (the most online entitlement message) to credit card issuer 1;
Described debit, credit transaction, do not describe part and follow China's finance integrated circuit (IC) card specification JR/ in this document
Debit/credit application relevant criterion in T 0025.
After step S2, credit card issuer 1 receive online request, send external authentication and instruct to card 3;
Step S3, card 3 process external authentication instruction, if passed through, then enter step S4;Otherwise, closing the transaction;
Step S4, card 3 are traded terminating final inspection, and generate final application cryptogram;
Step S5, credit card issuer 1 receive application cryptogram and determine transaction results, and use authorization requests cryptogram computation Article 1 to send out
The MAC of card row directive script, sends this instruction to card 3;
After step S6, card 3 receive credit card issuer directive script message and verify that MAC passes through, perform this credit card issuer script and refer to
Order;
Step S7, judge whether also next credit card issuer directive script, if it has, enter step S8;Otherwise, transaction knot
Bundle;
Step S8, credit card issuer 1 use the 8 full MAC of byte of a credit card issuer directive script, calculate next hair fastener and travel far and wide
The MAC of this instruction, and send this instruction to card 3;
Step S9, card 3 receive credit card issuer directive script message and verify MAC, by rear, perform this credit card issuer script and refer to
Order, then performs step S7.
Obviously, those skilled in the art can carry out various change and the modification essence without deviating from the present invention to the present invention
God and scope.So, if these amendments of the present invention and modification belong to the scope of the claims in the present invention and equivalent technologies thereof
Within, then the present invention is also intended to comprise these change and modification.
Claims (7)
1. the implementation method of credit card issuer directive script chain type MAC, it is characterised in that comprise the following steps:
The process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, it is thus achieved that should
The MAC of credit card issuer directive script;
For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 byte,
Last time application transaction counter, 8 byte authorization requests ciphertext and order data numeric field datas;
For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5
Byte, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.
2. the method for claim 1, it is characterised in that the MAC of described credit card issuer directive script is 8 byte full MAC or 4
Byte MAC.
3. method as claimed in claim 2, it is characterised in that described APDU instruction 5 byte include CLA, INS, P1, P2 and
LC。
4. the method for claim 1, it is characterised in that use the process key number to be encrypted to credit card issuer directive script
3DES-CBC algorithm is used according to being encrypted computing.
5. the method for claim 1, it is characterised in that for current application transaction counter, tissue Article 1 is sent out
Card travel far and wide this instruction message time, MAC initial vector H0 is 8 bytes complete the zero of this directive script.
6. method as claimed in claim 3, it is characterised in that as the MAC that MAC is 4 bytes of credit card issuer directive script, from
Be-encrypted data is encrypted on the left of the result of calculation of computing and takes 4 byte lengths successively as MAC, the rear half-word of juxtaposition CLA
Joint is 4.
7. method as claimed in claim 6, it is characterised in that when the MAC length of a upper credit card issuer directive script is 4 bytes
Time, after MAC, fill 4 bytes 00, form 8 bytes MAC for organizing be-encrypted data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610632515.2A CN106296155B (en) | 2016-08-04 | 2016-08-04 | A kind of implementation method of credit card issuer directive script chain type MAC |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610632515.2A CN106296155B (en) | 2016-08-04 | 2016-08-04 | A kind of implementation method of credit card issuer directive script chain type MAC |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106296155A true CN106296155A (en) | 2017-01-04 |
CN106296155B CN106296155B (en) | 2019-07-23 |
Family
ID=57665267
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610632515.2A Active CN106296155B (en) | 2016-08-04 | 2016-08-04 | A kind of implementation method of credit card issuer directive script chain type MAC |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106296155B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101042736A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for accessing objects in smart card |
CN101217728A (en) * | 2007-12-29 | 2008-07-09 | 北京握奇数据系统有限公司 | A blank card for wireless card writing, wireless card writing server and wireless card writing method |
CN102521094A (en) * | 2011-11-28 | 2012-06-27 | 飞天诚信科技股份有限公司 | Method for initializing java card and java card |
-
2016
- 2016-08-04 CN CN201610632515.2A patent/CN106296155B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101042736A (en) * | 2006-03-24 | 2007-09-26 | 中国银联股份有限公司 | Smart card and method for accessing objects in smart card |
CN101217728A (en) * | 2007-12-29 | 2008-07-09 | 北京握奇数据系统有限公司 | A blank card for wireless card writing, wireless card writing server and wireless card writing method |
CN102521094A (en) * | 2011-11-28 | 2012-06-27 | 飞天诚信科技股份有限公司 | Method for initializing java card and java card |
Also Published As
Publication number | Publication date |
---|---|
CN106296155B (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11055694B2 (en) | Secure remote payment transaction processing | |
US9705672B2 (en) | Key management method and system | |
KR102621116B1 (en) | Elecronic device and electronic payement method using id-based public key cryptography | |
US9418501B2 (en) | Method for digital signature authentication of pin-less debit card account transactions | |
US9530126B2 (en) | Secure mobile payment processing | |
US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
US20160028547A1 (en) | Key downloading method, management method, downloading management method, device and system | |
US20160028548A1 (en) | Key downloading method, management method, downloading management method, device and system | |
CN102081821A (en) | IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal | |
CN103714641A (en) | Security downloading method and system of TMK | |
CN110070443A (en) | A kind of bill processing method and device based on block chain | |
CN105809417A (en) | Safe reliable real-time electronic payment settlement merchant terminal, user terminal, bank front-end system, system, and method | |
CN109615376A (en) | A kind of method of commerce and device based on zero-knowledge proof | |
CN110348836B (en) | Payment method and device based on block chain and electronic equipment | |
CN102724180A (en) | Method and system for preventing signature information of universal serial bus (USB) key from being falsified | |
CN108449332A (en) | A kind of lightweight Mobile Payment Protocol design method based on double gateways | |
CN107395600A (en) | Business datum verification method, service platform and mobile terminal | |
CN111768206A (en) | Method for loading and saving campus card by bank card | |
CN106355404B (en) | Debit credit transaction system and method with security vulnerability protection mechanism | |
CN106296155B (en) | A kind of implementation method of credit card issuer directive script chain type MAC | |
WO2014048319A1 (en) | Security information exchange system, apparatus, and method | |
RU2743004C1 (en) | Method and system for executing non-fiat currency transactions in card infrastructure | |
WO2018125234A1 (en) | Anonymous electronic payment system | |
Cao | Improving Security of SET Protocol based on ECC | |
CA2993088A1 (en) | Online transaction method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |