CN106296155A - A kind of implementation method of credit card issuer directive script chain type MAC - Google Patents

A kind of implementation method of credit card issuer directive script chain type MAC Download PDF

Info

Publication number
CN106296155A
CN106296155A CN201610632515.2A CN201610632515A CN106296155A CN 106296155 A CN106296155 A CN 106296155A CN 201610632515 A CN201610632515 A CN 201610632515A CN 106296155 A CN106296155 A CN 106296155A
Authority
CN
China
Prior art keywords
mac
credit card
card issuer
directive script
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610632515.2A
Other languages
Chinese (zh)
Other versions
CN106296155B (en
Inventor
王小芬
熊传光
沈恺
胡瑞璟
肖灵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Tianyu Information Industry Co Ltd
Original Assignee
Wuhan Tianyu Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Tianyu Information Industry Co Ltd filed Critical Wuhan Tianyu Information Industry Co Ltd
Priority to CN201610632515.2A priority Critical patent/CN106296155B/en
Publication of CN106296155A publication Critical patent/CN106296155A/en
Application granted granted Critical
Publication of CN106296155B publication Critical patent/CN106296155B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The invention discloses the implementation method of a kind of credit card issuer directive script chain type MAC, including: the process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, it is thus achieved that the MAC of this credit card issuer directive script;For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instructs 5 byte, application transaction counter last time, 8 byte authorization requests ciphertext and order data numeric field datas;For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 byte, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.The present invention constitutes chain structure by setting up the MAC of credit card issuer directive script, ensure that credit card issuer directive script sequence performs in order, effectively prevent credit card issuer directive script to be missed in transmitting procedure, intercept and capture or distort, be effectively guaranteed the safety of data transmission between card and credit card issuer.

Description

A kind of implementation method of credit card issuer directive script chain type MAC
Technical field
The present invention relates to financial payment field, be specifically related to the implementation method of a kind of credit card issuer directive script chain type MAC.
Background technology
In financial transaction, the most key is credit card issuer script, and it is the order that sends to terminal of credit card issuer or order Sequence, it is therefore an objective to input order continuously to IC-card sheet.But, data there may be in transmitting procedure monitored, be trapped or The risk then distorted, causes any property loss to IC-card sheet holder or credit card issuer.
Summary of the invention
The technical problem to be solved is to improve existing credit card issuer directive script transmission plan, strengthens card and sends out Certification between card row and the problem of the safety of data transmission.
In order to solve above-mentioned technical problem, the technical solution adopted in the present invention is to provide a kind of credit card issuer directive script chain The implementation method of formula MAC, comprises the following steps:
The process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, obtains Obtain the MAC of this credit card issuer directive script;
For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 Byte, application transaction counter last time, 8 byte authorization requests ciphertext and order data numeric field datas;
For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instructs 5 bytes, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.
In the above-mentioned methods, the MAC of described credit card issuer directive script is the 8 full MAC of byte or 4 bytes MAC.
In the above-mentioned methods, described APDU instruction 5 byte include CLA, INS, P1, P2 and LC.
In the above-mentioned methods, use process key that the be-encrypted data of credit card issuer directive script is encrypted computing to use 3DES-CBC algorithm.
In the above-mentioned methods, for current application transaction counter, during tissue Article 1 credit card issuer directive script message, MAC initial vector H0 is 8 bytes complete the zero of this directive script.
In the above-mentioned methods, as the MAC that MAC is 4 bytes of credit card issuer directive script, add to be-encrypted data Taking 4 byte lengths on the left of the result of calculation of close computing successively as MAC, the rear nibble of juxtaposition CLA is 4.
In the above-mentioned methods, when the MAC length of a upper credit card issuer directive script is 4 byte, after MAC, 4 words are filled Joint 00, forms 8 bytes MAC for organizing be-encrypted data.
The present invention calculates the MAC of Article 1 credit card issuer directive script and uses 8 byte authorization requests ciphertexts, and later When calculating the MAC of next credit card issuer directive script, use 8 bytes MAC of a credit card issuer directive script, make same application During transaction counter, the MAC of credit card issuer directive script constitutes chain structure, and this chain structure allows credit card issuer directive script sequence Perform in order, it is possible to effectively prevent credit card issuer directive script to be missed in data transmission procedure, intercept and capture or distort;Due to Finance debit, credit specification peripheral authenticating step are optional, and amendment card data must possess again certain safety, And the premise passed through of unsuccessful verification MAC of the present invention is the successful execution of a upper directive script, i.e. just has as credit card issuer True calculating data, are thus effectively guaranteed the reliable authentication between card and credit card issuer.
Accompanying drawing explanation
Fig. 1 is the transmission system structure schematic diagram of credit card issuer directive script in the present invention;
Fig. 2 is the organizational structure schematic diagram of be-encrypted data in the present invention;
The implementation method of a kind of credit card issuer directive script chain type MAC that Fig. 3 provides for using the present invention carries out hair fastener and travels far and wide The flow chart of this instruction transmission.
Detailed description of the invention
Below in conjunction with Figure of description and specific embodiment, the present invention is described in detail.
The present invention, by each bar credit card issuer directive script MAC is formed chain type, is effectively guaranteed card 3 and credit card issuer 1 Between data transmission safety.In financial transaction, the transmission system of credit card issuer directive script is as it is shown in figure 1, include hair fastener Row 1, terminal 2 and card 3;
Credit card issuer 1 for carrying out personal data and on-line processing to card 3, and travels far and wide by sending hair fastener to terminal 2 Data on this instruction modification card 3;
In financial transaction, (i.e. debit, credit transaction is due to the commodity between card holder and trade company or service switch-activity And the information exchange, fund clearing and the clearing behavior that produce between card holder, card sending mechanism, trade company and receipts single file, class of concluding the business Type includes online, off line and refusal transaction) in, terminal 2 is used for receiving credit card issuer directive script, sending APDU (application to card 3 Protocol Data Unit) instruct, receive the response message after card 3 processes APDU instruction, perform off line certification or to credit card issuer 1 Forward the response message of card 3;
Card 3 performs APDU instruction and the individualized number of storage credit card issuer 1 distribution that terminal 2 sends over for the place of execution According to.
Wherein,
Personal data refers to that credit card issuer 1 is by the particular data that prescribed form is every card 3 tissue;
On-line processing refers to if card 3 and terminal 2 are determined deal, and needs an online mandate, and terminal 2 transmits a connection Machine entitlement message is to credit card issuer 1, and this message includes authorization requests ciphertext, the data generating authorization requests ciphertext and processed off-line Result indicator;
Credit card issuer directive script is the APDU order that sends to terminal 2 of credit card issuer 1 or APDU command sequence, to revise card The data allowing credit card issuer 1 amendment of storage on 3;
Off line certification comprises static data certification (SDA) and Dynamic Data Authentication (DDA), and static data certification (SDA) is tested Whether the significant data in card sheet is tampered after hair fastener, and terminal 2 uses in the credit card issuer public key verifications card 3 in card 3 Static state (constant) data;Whether the significant data in Dynamic Data Authentication (DDA) checking card 3 is tampered after hair fastener, with Time checking card 3 whether be pseudo-card, and Dynamic Data Authentication has standard Dynamic Data Authentication (DDA) and compound Dynamic Data Authentication (DDA/AC-CDA) two kinds, terminal 2 requires that card 3 provides by the dynamic signature of IC private key signature dynamic transaction data genaration, dynamic State transaction data is by the unique data that terminal 2 and card 3 are current transaction generation, terminal 2 acquisition from card 3 data IC-card PKI verifies dynamic signature.
The implementation method of a kind of credit card issuer directive script chain type MAC that the present invention provides is:
The be-encrypted data of credit card issuer directive script is added by the process key (MAC UDK) using card to derive MAC Close computing (carries out computing by 3DES-CBC algorithm to be-encrypted data), it is thus achieved that MAC (8 bytes or 4 of this credit card issuer directive script Byte), it is added at the end of APDU instruction, obtains credit card issuer directive script, MAC UDK is prepared by aiming at calculating MAC on card Cipher key derivative obtain.
Credit card issuer uses authorization requests ciphertext (ARQC) to calculate the MAC of Article 1 credit card issuer directive script.
As in figure 2 it is shown, for the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU 5 byte (including CLA, INS, P1, P2 and LC), application transaction counter last time, 8 byte authorization requests ciphertext and orders Data field data;As the MAC that MAC is 4 bytes of credit card issuer directive script, then it is encrypted computing to be-encrypted data Obtaining the data of 4 byte lengths on the left of result of calculation successively as MAC, then, the rear nibble putting CLA is 4.
For application transaction counter last time, during tissue Article 1 credit card issuer directive script message, the MAC of this directive script Initial vector H0 is complete the zero of 8 bytes.
Use the MAC of a credit card issuer directive script, when calculating is not the MAC of Article 1 credit card issuer directive script, treat The tissue order of encryption data is essentially identical with Article 1 credit card issuer directive script, only replaces with by 8 byte authorization requests ciphertexts Change into the MAC of a credit card issuer directive script, i.e. be-encrypted data tissue order be followed successively by: APDU instruction 5 byte, on Secondary application transaction counter, 8 bytes MAC of a upper credit card issuer directive script and order data numeric field data.
When the MAC length of a upper credit card issuer directive script is 4 byte, after MAC, fills 4 bytes 00, form 8 bytes MAC is used for organizing be-encrypted data.
As it is shown on figure 3, utilize the present invention to carry out the transmission of credit card issuer directive script specifically include following steps:
Step S1, in debit, credit transaction, when card 3 and terminal 2 determine to carry out on-line transaction, need one online Authorize (terminal 2 has connection ability), then terminal 2 transmits an online request (the most online entitlement message) to credit card issuer 1;
Described debit, credit transaction, do not describe part and follow China's finance integrated circuit (IC) card specification JR/ in this document Debit/credit application relevant criterion in T 0025.
After step S2, credit card issuer 1 receive online request, send external authentication and instruct to card 3;
Step S3, card 3 process external authentication instruction, if passed through, then enter step S4;Otherwise, closing the transaction;
Step S4, card 3 are traded terminating final inspection, and generate final application cryptogram;
Step S5, credit card issuer 1 receive application cryptogram and determine transaction results, and use authorization requests cryptogram computation Article 1 to send out The MAC of card row directive script, sends this instruction to card 3;
After step S6, card 3 receive credit card issuer directive script message and verify that MAC passes through, perform this credit card issuer script and refer to Order;
Step S7, judge whether also next credit card issuer directive script, if it has, enter step S8;Otherwise, transaction knot Bundle;
Step S8, credit card issuer 1 use the 8 full MAC of byte of a credit card issuer directive script, calculate next hair fastener and travel far and wide The MAC of this instruction, and send this instruction to card 3;
Step S9, card 3 receive credit card issuer directive script message and verify MAC, by rear, perform this credit card issuer script and refer to Order, then performs step S7.
Obviously, those skilled in the art can carry out various change and the modification essence without deviating from the present invention to the present invention God and scope.So, if these amendments of the present invention and modification belong to the scope of the claims in the present invention and equivalent technologies thereof Within, then the present invention is also intended to comprise these change and modification.

Claims (7)

1. the implementation method of credit card issuer directive script chain type MAC, it is characterised in that comprise the following steps:
The process key using card to derive MAC is encrypted computing to the be-encrypted data of credit card issuer directive script, it is thus achieved that should The MAC of credit card issuer directive script;
For the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 byte, Last time application transaction counter, 8 byte authorization requests ciphertext and order data numeric field datas;
For not being the MAC of Article 1 credit card issuer directive script, the tissue order of be-encrypted data is followed successively by: APDU instruction 5 Byte, application transaction counter last time, the MAC of a upper credit card issuer directive script and order data numeric field data.
2. the method for claim 1, it is characterised in that the MAC of described credit card issuer directive script is 8 byte full MAC or 4 Byte MAC.
3. method as claimed in claim 2, it is characterised in that described APDU instruction 5 byte include CLA, INS, P1, P2 and LC。
4. the method for claim 1, it is characterised in that use the process key number to be encrypted to credit card issuer directive script 3DES-CBC algorithm is used according to being encrypted computing.
5. the method for claim 1, it is characterised in that for current application transaction counter, tissue Article 1 is sent out Card travel far and wide this instruction message time, MAC initial vector H0 is 8 bytes complete the zero of this directive script.
6. method as claimed in claim 3, it is characterised in that as the MAC that MAC is 4 bytes of credit card issuer directive script, from Be-encrypted data is encrypted on the left of the result of calculation of computing and takes 4 byte lengths successively as MAC, the rear half-word of juxtaposition CLA Joint is 4.
7. method as claimed in claim 6, it is characterised in that when the MAC length of a upper credit card issuer directive script is 4 bytes Time, after MAC, fill 4 bytes 00, form 8 bytes MAC for organizing be-encrypted data.
CN201610632515.2A 2016-08-04 2016-08-04 A kind of implementation method of credit card issuer directive script chain type MAC Active CN106296155B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610632515.2A CN106296155B (en) 2016-08-04 2016-08-04 A kind of implementation method of credit card issuer directive script chain type MAC

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610632515.2A CN106296155B (en) 2016-08-04 2016-08-04 A kind of implementation method of credit card issuer directive script chain type MAC

Publications (2)

Publication Number Publication Date
CN106296155A true CN106296155A (en) 2017-01-04
CN106296155B CN106296155B (en) 2019-07-23

Family

ID=57665267

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610632515.2A Active CN106296155B (en) 2016-08-04 2016-08-04 A kind of implementation method of credit card issuer directive script chain type MAC

Country Status (1)

Country Link
CN (1) CN106296155B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101042736A (en) * 2006-03-24 2007-09-26 中国银联股份有限公司 Smart card and method for accessing objects in smart card
CN101217728A (en) * 2007-12-29 2008-07-09 北京握奇数据系统有限公司 A blank card for wireless card writing, wireless card writing server and wireless card writing method
CN102521094A (en) * 2011-11-28 2012-06-27 飞天诚信科技股份有限公司 Method for initializing java card and java card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101042736A (en) * 2006-03-24 2007-09-26 中国银联股份有限公司 Smart card and method for accessing objects in smart card
CN101217728A (en) * 2007-12-29 2008-07-09 北京握奇数据系统有限公司 A blank card for wireless card writing, wireless card writing server and wireless card writing method
CN102521094A (en) * 2011-11-28 2012-06-27 飞天诚信科技股份有限公司 Method for initializing java card and java card

Also Published As

Publication number Publication date
CN106296155B (en) 2019-07-23

Similar Documents

Publication Publication Date Title
US11055694B2 (en) Secure remote payment transaction processing
US9705672B2 (en) Key management method and system
KR102621116B1 (en) Elecronic device and electronic payement method using id-based public key cryptography
US9418501B2 (en) Method for digital signature authentication of pin-less debit card account transactions
US9530126B2 (en) Secure mobile payment processing
US9948624B2 (en) Key downloading method, management method, downloading management method, device and system
US20160028547A1 (en) Key downloading method, management method, downloading management method, device and system
US20160028548A1 (en) Key downloading method, management method, downloading management method, device and system
CN102081821A (en) IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal
CN103714641A (en) Security downloading method and system of TMK
CN110070443A (en) A kind of bill processing method and device based on block chain
CN105809417A (en) Safe reliable real-time electronic payment settlement merchant terminal, user terminal, bank front-end system, system, and method
CN109615376A (en) A kind of method of commerce and device based on zero-knowledge proof
CN110348836B (en) Payment method and device based on block chain and electronic equipment
CN102724180A (en) Method and system for preventing signature information of universal serial bus (USB) key from being falsified
CN108449332A (en) A kind of lightweight Mobile Payment Protocol design method based on double gateways
CN107395600A (en) Business datum verification method, service platform and mobile terminal
CN111768206A (en) Method for loading and saving campus card by bank card
CN106355404B (en) Debit credit transaction system and method with security vulnerability protection mechanism
CN106296155B (en) A kind of implementation method of credit card issuer directive script chain type MAC
WO2014048319A1 (en) Security information exchange system, apparatus, and method
RU2743004C1 (en) Method and system for executing non-fiat currency transactions in card infrastructure
WO2018125234A1 (en) Anonymous electronic payment system
Cao Improving Security of SET Protocol based on ECC
CA2993088A1 (en) Online transaction method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant