CN107169761A - A kind of method and device for generating IC-card secure data - Google Patents
A kind of method and device for generating IC-card secure data Download PDFInfo
- Publication number
- CN107169761A CN107169761A CN201710374072.6A CN201710374072A CN107169761A CN 107169761 A CN107169761 A CN 107169761A CN 201710374072 A CN201710374072 A CN 201710374072A CN 107169761 A CN107169761 A CN 107169761A
- Authority
- CN
- China
- Prior art keywords
- data
- secure data
- data type
- secure
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3226—Use of secure elements separate from M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The embodiment of the invention discloses a kind of method and device for generating IC-card secure data, including:First equipment receives the generation request of IC-card secure data, and IC-card secure data generation request is used for the secure data for asking the first equipment to generate N kind data types;Be directed to any of N kind data types data type, the first equipment can use with generate the data type needed for the generation path that matches of performance consumption, generate the secure data of the data type.Because the first equipment can select the generation path of matching according to the performance consumption needed for the secure data of generation any data type for the generation of any data type, thus, the formation efficiency of IC-card secure data can be effectively improved.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of method and device for generating IC-card secure data.
Background technology
With continuing to develop for information technology, application of the IC-card in people live is also more and more extensive.Use IC-card generation
Various transaction can be quickly and easily carried out for cash, so that convenient for people's lives.But when being traded using IC-card, need
To be prestored in IC-card just like secure datas such as individualized security information.
The generation of existing IC-card secure data is mainly used in the scene of issued by banks entity bank IC card.Bank connects
After the application for receiving user's application IC-card, according to the personal information data of user, secure data is generated according to IC-card design specification, and
During card makes and be personalized, store into IC-card storage region.It can be seen that, under this card issuing mode, IC
The generation of card secure data has the process of a preparation card data, and formation efficiency is relatively low.
However, because the continuous popularization of scene is consumed in internet, traditional IC-card issuing way can not meet people
The need for.In Internet era, various card issuings can access TSM platforms, pass through the virtual IC-card of the Internet.User network
After upper submission card application, card issuing side is by the intelligent terminals such as the mobile phone of safety data transmission to user, you can realize empty
Intend issuing for IC-card, i.e., aerial hair fastener.
In the air under the business scenario of hair fastener, the application demand of user is often intensive and high concurrent formula, and is wished
Prestige can realize in real time, rapidly realize the application of card application and issue, thus, the generation side of traditional IC-card secure data
Method, due to there is the generating process of a preparation card data so that the formation efficiency of secure data is relatively low, it is impossible to reply interconnection
Intensive Shen card demand under net environment, is that user realizes real-time hair fastener, thus, Consumer's Experience is poor.
To sum up, a kind of method for generating IC-card secure data is needed badly at present, for solving the safe number of IC-card in the prior art
According to the relatively low technical problem of formation efficiency.
The content of the invention
The present invention provides a kind of method and device for generating IC-card secure data, for solving IC-card safety in the prior art
The relatively low technical problem of the formation efficiencies of data.
A kind of method for generation IC-card secure data that the embodiment of the present invention one is provided, it includes:
First equipment receives the generation request of IC-card secure data;The IC-card secure data generation request includes to be generated
The N kind data types of secure data;Wherein, N is the integer more than or equal to 1;
Any data type in the N kinds data type is directed to, first equipment is according to generation any number
According to the performance consumption needed for the secure data of type, using the performance needed for the secure data with generating any data type
The generation path matched is consumed, the secure data of any data type is generated.
Alternatively, first equipment generates the secure data of any data type, including:
First equipment is if it is determined that performance consumption needed for generating the secure data of any data type is more than etc.
Any data type is obtained in performance consumption threshold value, the then secure data for previously generating and storing from the second equipment
Secure data.
Alternatively, first equipment generates the secure data of any data type, in addition to:
First equipment is if it is determined that performance consumption needed for generating the secure data of any data type is less than property
Can threshold value, then by local computing or call encryption equipment to generate the secure data of any data type.
Alternatively, first equipment generates the secure data of any data type by local computing, including:
First equipment is if it is determined that the level of security of the secure data of any data type is less than level of security threshold
Value, then generate the secure data of any data type by lower security rank computing module, and passes through high safety rank meter
Module is calculated to be encrypted;
First equipment is if it is determined that the level of security of first secure data then leads to more than or equal to level of security threshold value
Cross the secure data that the high safety rank computing module generates and encrypts any data type.
Alternatively, first equipment is generated after the secure data of any data type, in addition to:
First equipment is if it is determined that the level of security of the secure data of any data type is more than or equal to safe level
Other threshold value, then store the secure data of any data type by safeguard protection encrypting module;
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through
Non-security protection encrypting module stores the secure data of any data type.
Based on same inventive concept, the embodiment of the present invention two provides a kind of device for generating IC-card secure data, its
Including:
Receiving module, for receiving the generation request of IC-card secure data;The IC-card secure data generation request includes treating
The N kind data types of the secure data of generation;Wherein, N is the integer more than or equal to 1;
Generation module, for any data type being directed in the N kinds data type, according to generation any number
According to the performance consumption needed for the secure data of type, using the performance needed for the secure data with generating any data type
The generation path matched is consumed, the secure data of any data type is generated.
Alternatively, the generation module specifically for:
If it is determined that the performance consumption needed for generating the secure data of any data type is more than or equal to performance consumption threshold
The secure data of any data type is obtained in value, the then secure data for previously generating and storing from the second equipment.
Alternatively, the generation module also particularly useful for:
If it is determined that the performance consumption needed for generating the secure data of any data type is less than performance consumption threshold value, then
By local computing or encryption equipment is called to generate the secure data of any data type.
Alternatively, the generation module also particularly useful for:
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through low peace
Full level calculation module generates the secure data of any data type, and is added by high safety rank computing module
It is close;
If it is determined that the level of security of first secure data is more than or equal to level of security threshold value, then pass through the high safety
Level calculation module generates and encrypts the secure data of any data type.
Alternatively, the generation module is additionally operable to:
If it is determined that the level of security of the secure data of any data type is more than or equal to level of security threshold value, then pass through
Safeguard protection encrypting module stores the secure data of any data type;
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through
Non-security protection encrypting module stores the secure data of any data type.
Based on same inventive concept, the embodiment of the present invention three provides a kind of computer equipment, it include memory with
Processor, wherein, the memory is instructed for storage program, and the processor is used to call the journey stored in the memory
Sequence is instructed, and any of the above-described kind of method is performed according to the program of acquisition.
Based on same inventive concept, the embodiment of the present invention four provides a kind of computer-readable storage medium, the computer
Readable storage medium storing program for executing is used to save as the computer program instructions used in above-mentioned computing device, and it, which is included, is used to perform above-mentioned generation
The program of the method for IC-card secure data.
In the embodiment of the present invention, the first equipment receives the generation request of IC-card secure data, and IC-card secure data generation please
Seek the secure data for asking the first equipment to generate N kind data types;It is directed to any of N kind data types data class
Type, the first equipment can be used with generating the generation path that matches of performance consumption needed for the data type, generate the data class
The secure data of type.Because the first equipment can be according to the performance consumption needed for the secure data of generation any data type, for this
The generation path of the generation selection matching of any data type, thus, the formation efficiency of IC-card secure data can be effectively improved.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings
His accompanying drawing.
Fig. 1 is the schematic flow sheet corresponding to a kind of method of generation IC-card secure data in the embodiment of the present invention one;
Fig. 2 is the structural representation of unified interface module in the embodiment of the present invention one;
Fig. 3 is the structural representation of the second equipment in the embodiment of the present invention one;
Fig. 4 be the embodiment of the present invention two in a kind of generation IC-card secure data device structural representation;
Fig. 5 is a kind of structural representation of the computing device provided in the embodiment of the present invention three.
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into
One step it is described in detail, it is clear that described embodiment, only a part of embodiment of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
In the embodiment of the present invention, first equipment is specifically in the on-line real-time card sending system of hair fastener in the air, being
The virtual IC-card generation secure data that each card issuing side or card are issued using provider.It can set for various types of calculating
It is standby, such as, it can be high-performance computer or various types of encryption equipments etc., not be limited herein.
The embodiment of the present invention is described in further detail with reference to Figure of description.
Fig. 1 is the flow signal corresponding to a kind of method for generation IC-card secure data that the embodiment of the present invention one is provided
Figure, as shown in figure 1, comprising the following steps S101 to step S102:
Step S101:First equipment receives the generation request of IC-card secure data;The IC-card secure data generates request bag
Include the N kind data types of secure data to be generated;Wherein, N is the integer more than or equal to 1;
Step S102:Any data type in the N kinds data type is directed to, first equipment is according to generation institute
The performance consumption needed for the secure data of any data type is stated, using the secure data institute with generating any data type
The generation path that the performance consumption needed matches, generates the secure data of any data type.
In the embodiment of the present invention, the first equipment receives the generation request of IC-card secure data, and IC-card secure data generation please
Seek the secure data for asking the first equipment to generate N kind data types;It is directed to any of N kind data types data class
Type, the first equipment can be used with generating the generation path that matches of performance consumption needed for the data type, generate the data class
The secure data of type.Because the first equipment can be according to the performance consumption needed for the secure data of generation any data type, for this
The generation path of the generation selection matching of any data type, thus, the formation efficiency of IC-card secure data can be effectively improved.
Specifically, in step S101, the first equipment receives the generation request of IC-card secure data;The safe number of IC-card
It is used to generate the secure data for meeting certain business demand to the first equipment according to generation request.Wherein, it is described to meet certain business
The secure data of demand can include the secure data of N kind data types, and N is the integer more than or equal to 1.
For example, the secure data of the N kinds data type can specifically include personal information, card image, finance
Transaction data, signing certificate, data protection safe key, Traffic encryption key(TEK), consumption key etc., or, it can also include
Other kinds of IC-card secure data, is not particularly limited herein.
In the embodiment of the present invention, the first equipment can receive the generation request of IC-card secure data from multiple business demand sides.
For different business demand sides, because the application scenarios of the virtual IC-card of its distribution are different, or, because it is to initial
The pretreatment that data are done is different, and the secure data of generation is asked in the IC-card generation request that different business demand sides is sent
Also different, i.e., the secure data for the N kind data types that different business demand side's requests is generated is different.
Therefore, the first equipment can receive the IC-card peace that each business demand side is sent by a unified interface module
It is total to be asked according to generation, the complete service for providing generation secure data for each business demand side.
Fig. 2 is the structural representation of unified interface module in the embodiment of the present invention, as shown in Figure 2, the unified interface mould
(as illustrated in the drawing 2021, block 200 may particularly include an infrastructure service interface 201 and multiple personalization service interfaces again
2022、2023、2024)。
Wherein, infrastructure service interface is asked for uniformly receiving the IC-card secure data generation that each business demand side is sent
Ask, the multiple personalization service interfaces for being inherited from infrastructure service interface are respectively used to pass through basis clothes in secure data generation request
It is engaged in after interface, receives the secure data generation request from different business party in request, i.e., when the peace from a certain business demand side
, can be according to its corresponding business demand during the total request arrival personalization service interfaces according to generation, the N kind numbers asked it
Personalized preliminary treatment, including data inspection and response etc. are carried out according to the secure data of type.
Based on this, it can be seen that unified interface module is mutually tied by infrastructure service interface with multiple personalization service interfaces
The design of conjunction, both ensure that the simplicity of external issuing interface, while simplifying each business demand side again calls realization so that
The isolation of business interface between different business demand sides, it is possible to achieve to different secure datas generate request it is efficient and
When data inspection, response.
And then, in step s 102, the IC-card secure data that first equipment can send each business demand side
Generation request, according to the data type of the secure data of required generation, does and further splits again.As shown in Figure 2, it is described
First equipment performs the fractionation of secure data generation request by splitting module 203.First equipment can receive IC-card peace
After the total request according to generation, it can enter by IC-card secure data generation request according to two dimensions of level of security and performance consumption
One step is split as N number of sub- request, and each height request corresponds to a kind of secure data of data type respectively.
Calculating, cipher mode difference due to different types of secure data, therefore, IC-card secure data are generated and asked
N number of sub- request is divided into, can make the first equipment targetedly to asking safety in the generation son request of each secure data
The suitable generation path of data selection.
If requesting the secure data of N kind data types in a certain IC-card secure data generation request, the N is directed to
Any data type in data type is planted, first equipment can be by parsing secure data generation son request, according to life
Performance consumption into needed for the secure data of any data type, using the safe number with generating any data type
The generation path matched according to required performance consumption, generates the secure data of any data type.
Specifically, the first equipment is if it is determined that the performance consumption needed for generating the secure data of any data type is less than
Performance consumption threshold value, then generate the secure data of any data type by local computing, or calls encryption equipment to carry out
Response is calculated in real time.
If it is determined that generating the secure data of any data type by local computing, then the first equipment can be to described
The level of security of the secure data of one data type is judged, however, it is determined that the safety of the secure data of any data type
Rank is less than level of security threshold value, then the peace of any data type can be generated by local lower security rank computing module
Total evidence, and be encrypted and protect by high safety rank computing module.
It is on the contrary, however, it is determined that the level of security of the secure data of any data type is more than or equal to level of security threshold value,
The secure data of any data type can be then generated by local high safety rank computing module.The embodiment of the present invention
In, the higher secure data of level of security generally may include the application data of IC-card and the protection key of key, such as all kinds of safety
The protection key of certificate, communication key or other application data, and the disposable consumption key protection corresponding with its merchandised
Key.
It should be noted that in the embodiment of the present invention, the performance consumption threshold value and the level of security threshold value can be by these
Art personnel can be configured according to actual conditions, and the present invention is not particularly limited to this.
In IC-card secure data, often the secure data including some data types needs substantial amounts of calculating to generate,
Such as, individualize safety certificate.Therefore, if by the secure data of these data types of local computing, can consume a large amount of
Computing resource so that secure data formation efficiency reduction.
In this case, the first equipment is if it is determined that the performance needed for generating the secure data of any data type disappears
Consumption is more than or equal to performance consumption threshold value, then the secure data of any data type can be generated by calling the second equipment.
Wherein, second equipment is specifically exclusively for generation performance consumption is higher or secure data of highly dense calculation type
And the dedicated computing resource disposed, it can be high-performance computer, HSM encryption equipments, or other kinds of computing device, this
Invention is not particularly limited to this.
Fig. 3 is the structural representation of the second equipment described in the embodiment of the present invention one.As shown in Fig. 2 second equipment
Include database service interface, data generation module and data cache module.Wherein, database service interface is set for receiving first
The generation son request of the secure data for certain data type that preparation is sent, i.e., generation of the secure data of highly dense calculation type
Request.
It is typically to each user all general safe numbers due to needing the secure data by calling the second equipment to generate
According to therefore, data generation module in the second equipment according to the system status of second equipment and can generate various data class
Preset time needed for the secure data of type, it is highly dense to generate such as individualized certificate data constantly to call HSM encryption devices
Collect the secure data of calculation type, storage after the secure data encryption of generation is then arrived lasting by data protection and encrypting module
Change in equipment.
The data cache module can obtain the data generation mould by way of batch is loaded from persistence equipment
The secure data that block is previously generated, and to provide data, services.That is, when the generation of first the second equipment of equipment calls is a certain
During the secure data of data type, secure data generation son request preferentially enters data buffer service by database service interface,
The secure data previously generated is obtained from data buffer service.
Meanwhile, data cache module, which also has, monitors data cached function, when the safety cached in data cache module
When the data volume of data is less than a certain safety value, data cache module automatically can load secure data from persistence equipment.
It is some in particular cases, if the secure data previously generated in data cache module and persistence equipment
Quantity can not all meet the secure data generation request of high concurrent the need for, or, under other abnormal conditions, then described second
Equipment can calculate generation secure data in real time by data generation module.
It can be seen that, require higher to tackle performance consumption present in highly dense calculation type secure data generating process, expend
The problem of time may be longer, the second equipment pre-generatmg secure data and is stored incessantly by data generation module, with number
According to the cache module mechanism that dynamic access secure data is combined from persistence equipment, the sky of encryption device can be effectively utilized
Between idle, the data generation of high concurrent is converted into the generating process of lasting, uniform secure data, therefore, can be broken through
The performance bottleneck that secure data is generated in traditional hair fastener pattern so that on-line real-time card sending system can be tackled under internet environment
Centralization, the hair fastener demand of high concurrent.
It should be noted that in the embodiment of the present invention, a safeguard protection encryption mould is may also include in first equipment
Block.First equipment by local computing or call the second equipment calculate generation secure data after, pass through an independence
Safeguard protection encrypting module come realize the secure data to the different level of securitys of generation encryption, protection and store.
Specifically, including first equipment is if it is determined that the level of security of the secure data of any data type is big
In equal to level of security threshold value, then the secure data of any data type is stored by safeguard protection encrypting module.
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through
Non-security protection encrypting module stores the secure data of any data type.
For example, the level of security such as security authentication center root key, two grades of certificates of industry and private key for user certificate is higher
Secure data can be stored in safeguard protection encrypting module, and communication encryption key, consumption key and in safeguard protection
The key under cryptographic key protection in module can be stored in non-security protection encrypting module.
Further, since the secure data of generation will be transferred to the intelligent terminals such as the mobile phone of user by internet environment
In, the safeguard protection encrypting module can also provide safeguard protection for the storage and transmission of the secure data of generation.
It can be seen that, the cipher key storage mechanism of different safety means is stored in, key can be completely cut off from physical layer and oozed safely
Thoroughly and secure border is the problem of spread, and effectively support first equipment to the request of the secure data of different types of data
Split and generate the selection in path, it is ensured that the security in each stage such as generation, storage and transmission.
Based on same inventive concept, the embodiment of the present invention two provides a kind of device for generating IC-card secure data, Fig. 4
For a kind of structural representation of the device of generation IC-card secure data provided in the embodiment of the present invention two, as shown in figure 4, described
Device includes:
Receiving module 401, for receiving the generation request of IC-card secure data;The IC-card secure data generation request includes
The N kind data types of secure data to be generated;
Generation module 402, for any data type being directed in the N kinds data type, appoints according to generation
Performance consumption needed for the secure data of one data type, using needed for the secure data with generating any data type
The generation path that performance consumption matches, generates the secure data of any data type.
Alternatively, the generation module 402 specifically for:
If it is determined that the performance consumption needed for generating the secure data of any data type is more than or equal to performance consumption threshold
The secure data of any data type is obtained in value, the then secure data for previously generating and storing from the second equipment.
Alternatively, the generation module 402 also particularly useful for:
If it is determined that the performance consumption needed for generating the secure data of any data type is less than performance consumption threshold value, then
By local computing or encryption equipment is called to generate the secure data of any data type.
Alternatively, the generation module 402 also particularly useful for:
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through low peace
Full level calculation module generates the secure data of any data type, and is added by high safety rank computing module
It is close;
If it is determined that the level of security of first secure data is more than or equal to level of security threshold value, then pass through the high safety
Level calculation module generates and encrypts the secure data of any data type.
Alternatively, the generation module 402 is additionally operable to:
If it is determined that the level of security of the secure data of any data type is more than or equal to level of security threshold value, then pass through
Safeguard protection encrypting module stores the secure data of any data type;
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through
Non-security protection encrypting module stores the secure data of any data type.
Based on same inventive concept, the embodiment of the present invention three provides a kind of computing device 500, the computing device 500
It is specifically as follows desktop computer, portable computer, smart mobile phone, tablet personal computer, personal digital assistant (Personal
Digital Assistant, PDA) etc..As shown in figure 5, the computing device can include central processing unit (Center
Prosessing Unit, CPU), memory, input-output apparatus etc., input equipment can include keyboard, mouse, touch-screen
It can include display device, such as liquid crystal display (Liquid Crystal Display, LCD), cathode-ray Deng, output equipment
Manage (Cathode Ray Tube, CRT) etc..
Memory can include read-only storage (ROM) and random access memory (RAM), and provide storage to processor
The programmed instruction and data stored in device.In embodiments of the present invention, memory, which can be used for storage, is used to be based on safety barrier
Collocation method program.
Processor is by calling the programmed instruction of memory storage, and processor is used to perform according to the programmed instruction of acquisition:
Receive the generation request of IC-card secure data;The IC-card secure data generation request includes the N kind numbers of secure data to be generated
According to type;Wherein, N is the integer more than or equal to 1;
Any data type in the N kinds data type is directed to, according to the safety for generating any data type
Performance consumption needed for data, is matched using the performance consumption needed for the secure data with generating any data type
Path is generated, the secure data of any data type is generated.
The embodiment of the present invention four provides a kind of computer-readable storage medium, by saving as based on used in above-mentioned computing device
Calculation machine programmed instruction, it includes the program for the collocation method for being used to perform above-mentioned safety barrier.
The computer-readable storage medium can be any usable medium or data storage device that computer can be accessed, bag
Include but be not limited to magnetic storage (for example, floppy disk, hard disk, tape, magneto-optic disk (MO) etc.), optical memory (such as CD, DVD,
BD, HVD etc.) and semiconductor memory it is (such as ROM, EPROM, EEPROM, nonvolatile memory (NAND FLASH), solid
State hard disk (SSD)) etc..
By the above it can be seen that:
In the embodiment of the present invention, the first equipment receives the generation request of IC-card secure data, and IC-card secure data generation please
Seek the secure data for asking the first equipment to generate N kind data types;It is directed to any of N kind data types data class
Type, the first equipment can be used with generating the generation path that matches of performance consumption needed for the data type, generate the data class
The secure data of type.Because the first equipment can be according to the performance consumption needed for the secure data of generation any data type, for this
The generation path of the generation selection matching of any data type, thus, the formation efficiency of IC-card secure data can be effectively improved.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program product.Cause
This, the present invention can using complete hardware embodiment, complete software embodiment or combine software and hardware in terms of embodiment shape
Formula.It is can use moreover, the present invention can be used in one or more computer for wherein including computer usable program code
The computer program product that storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Form.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The function of being specified in present one flow of flow chart or one square frame of two or more flow and/or block diagram or two or more square frame
Device.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
The manufacture of device is made, the command device is realized in one flow of flow chart or two or more flow and/or one side of block diagram
The function of being specified in frame or two or more square frame.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or two or more flow and/or square frame
The step of function of being specified in one square frame of figure or two or more square frame.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described
Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (12)
1. a kind of method for generating IC-card secure data, it is characterised in that methods described includes:
First equipment receives the generation request of IC-card secure data;The IC-card secure data generation request includes safety to be generated
The N kind data types of data;Wherein, N is the integer more than or equal to 1;
Any data type in the N kinds data type is directed to, first equipment is according to the generation any data class
Performance consumption needed for the secure data of type, using the performance consumption needed for the secure data with generating any data type
The generation path matched, generates the secure data of any data type.
2. according to the method described in claim 1, it is characterised in that first equipment generates the peace of any data type
Total evidence, including:
First equipment is if it is determined that performance consumption needed for generating the secure data of any data type is more than or equal to property
The safety of any data type is obtained in energy threshold value, the then secure data for previously generating and storing from the second equipment
Data.
3. according to the method described in claim 1, it is characterised in that first equipment generates the peace of any data type
Total evidence, in addition to:
First equipment is if it is determined that the performance consumption needed for generating the secure data of any data type disappears less than performance
Threshold value is consumed, then by local computing or calls encryption equipment to generate the secure data of any data type.
4. method according to claim 3, it is characterised in that first equipment is generated described any by local computing
The secure data of data type, including:
First equipment is if it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then
The secure data of any data type is generated by lower security rank computing module, and passes through high safety rank computing module
It is encrypted;
First equipment is if it is determined that the level of security of first secure data then passes through institute more than or equal to level of security threshold value
State the secure data that high safety rank computing module generates and encrypts any data type.
5. method according to any one of claim 1 to 4, it is characterised in that the first equipment generation is described any
After the secure data of data type, in addition to:
First equipment is if it is determined that the level of security of the secure data of any data type is more than or equal to level of security threshold
Value, then store the secure data of any data type by safeguard protection encrypting module;
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through non-peace
Full guard encrypting module stores the secure data of any data type.
6. a kind of device for generating IC-card secure data, it is characterised in that the system includes:
Receiving module, for receiving the generation request of IC-card secure data;The IC-card secure data generation request includes to be generated
Secure data N kind data types;Wherein, N is the integer more than or equal to 1;
Generation module, for any data type being directed in the N kinds data type, according to the generation any data class
Performance consumption needed for the secure data of type, using the performance consumption needed for the secure data with generating any data type
The generation path matched, generates the secure data of any data type.
7. device according to claim 6, it is characterised in that the generation module specifically for:
If it is determined that the performance consumption needed for generating the secure data of any data type is more than or equal to performance consumption threshold value, then
The secure data of any data type is obtained in the secure data for previously generating and storing from the second equipment.
8. device according to claim 6, it is characterised in that the generation module also particularly useful for:
If it is determined that the performance consumption needed for generating the secure data of any data type is less than performance consumption threshold value, then pass through
Local computing or the secure data for calling the encryption equipment generation any data type.
9. device according to claim 8, it is characterised in that the generation module also particularly useful for:
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through low level security
Other computing module generates the secure data of any data type, and is encrypted by high safety rank computing module;
If it is determined that the level of security of first secure data is more than or equal to level of security threshold value, then pass through the high safety rank
Computing module generates and encrypts the secure data of any data type.
10. the device according to any one of claim 6 to 9, it is characterised in that the generation module is additionally operable to:
If it is determined that the level of security of the secure data of any data type is more than or equal to level of security threshold value, then pass through safety
Encrypting module is protected to store the secure data of any data type;
If it is determined that the level of security of the secure data of any data type is less than level of security threshold value, then pass through non-peace
Full guard encrypting module stores the secure data of any data type.
11. a kind of computer equipment, it is characterised in that the computer equipment includes:
Memory, for storage program instruction;
Processor, for calling the programmed instruction stored in the memory, is performed according to the program of acquisition:Receive IC-card safety
Data generation request;The IC-card secure data generation request includes the N kind data types of secure data to be generated;
Any data type in the N kinds data type is directed to, according to the secure data for generating any data type
Required performance consumption, the generation matched using the performance consumption needed for the secure data with generating any data type
Path, generates the secure data of any data type.
12. a kind of computer-readable storage medium, it is characterised in that the computer-readable recording medium storage has computer can perform
Instruction, the computer executable instructions are used to make the method any one of the computer perform claim requirement 1 to 5.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710374072.6A CN107169761B (en) | 2017-05-24 | 2017-05-24 | Method and device for generating IC (integrated circuit) card security data |
PCT/CN2018/081751 WO2018214649A1 (en) | 2017-05-24 | 2018-04-03 | Method and device for generating security data for ic card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710374072.6A CN107169761B (en) | 2017-05-24 | 2017-05-24 | Method and device for generating IC (integrated circuit) card security data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107169761A true CN107169761A (en) | 2017-09-15 |
CN107169761B CN107169761B (en) | 2020-07-07 |
Family
ID=59820755
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710374072.6A Active CN107169761B (en) | 2017-05-24 | 2017-05-24 | Method and device for generating IC (integrated circuit) card security data |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107169761B (en) |
WO (1) | WO2018214649A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018214649A1 (en) * | 2017-05-24 | 2018-11-29 | 中国银联股份有限公司 | Method and device for generating security data for ic card |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090047926A1 (en) * | 2007-08-17 | 2009-02-19 | Accenture S.P.A. | Multiple channel automated refill system |
CN102612028A (en) * | 2012-03-28 | 2012-07-25 | 电信科学技术研究院 | Method, system and device for configuration transmission and data transmission |
US20130039493A1 (en) * | 2011-08-12 | 2013-02-14 | Intel Mobile Communications Technology GmbH | Data transmitting devices, data receiving devices, methods for controlling a data transmitting device, and methods for controlling a data receiving device |
US8825677B2 (en) * | 2006-09-20 | 2014-09-02 | Ebay Inc. | Listing generation utilizing catalog information |
CN105376051A (en) * | 2014-08-29 | 2016-03-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method and apparatus, and terminal |
CN106209615A (en) * | 2016-07-05 | 2016-12-07 | 云南大学 | A kind of Dynamic Route Control method calculating forward-path based on SPFA algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107169761B (en) * | 2017-05-24 | 2020-07-07 | 中国银联股份有限公司 | Method and device for generating IC (integrated circuit) card security data |
-
2017
- 2017-05-24 CN CN201710374072.6A patent/CN107169761B/en active Active
-
2018
- 2018-04-03 WO PCT/CN2018/081751 patent/WO2018214649A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8825677B2 (en) * | 2006-09-20 | 2014-09-02 | Ebay Inc. | Listing generation utilizing catalog information |
US20090047926A1 (en) * | 2007-08-17 | 2009-02-19 | Accenture S.P.A. | Multiple channel automated refill system |
US20130039493A1 (en) * | 2011-08-12 | 2013-02-14 | Intel Mobile Communications Technology GmbH | Data transmitting devices, data receiving devices, methods for controlling a data transmitting device, and methods for controlling a data receiving device |
CN102612028A (en) * | 2012-03-28 | 2012-07-25 | 电信科学技术研究院 | Method, system and device for configuration transmission and data transmission |
CN105376051A (en) * | 2014-08-29 | 2016-03-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method and apparatus, and terminal |
CN106209615A (en) * | 2016-07-05 | 2016-12-07 | 云南大学 | A kind of Dynamic Route Control method calculating forward-path based on SPFA algorithm |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018214649A1 (en) * | 2017-05-24 | 2018-11-29 | 中国银联股份有限公司 | Method and device for generating security data for ic card |
Also Published As
Publication number | Publication date |
---|---|
WO2018214649A1 (en) | 2018-11-29 |
CN107169761B (en) | 2020-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11244393B2 (en) | Credit blockchain system, credit data storage method, device, and medium | |
US20190097807A1 (en) | Network access control based on distributed ledger | |
CN110365695A (en) | The block chain data interactive method and device of changeable common recognition algorithm | |
CN111047443B (en) | User scoring method and device, electronic equipment and computer readable storage medium | |
CN109409885A (en) | Across chain method of commerce, device and storage medium on block chain | |
CN110597916B (en) | Data processing method and device based on block chain, storage medium and terminal | |
CN110210207A (en) | Authorization method and equipment | |
CN109660352A (en) | A kind of distribution relation record method, apparatus and terminal device based on block chain | |
US9576288B1 (en) | Automatic approval | |
Awadallah | Usage of cloud computing in banking system | |
CN110471908A (en) | A kind of joint modeling method and device | |
CN112488707B (en) | Business circulation supervision method and system | |
CN114462989A (en) | Method, device and system for starting digital currency hardware wallet application | |
CN114070847B (en) | Method, device, equipment and storage medium for limiting current of server | |
Muruganandam et al. | Blockchain based adaptive resource allocation in cloud computing | |
CN107122446A (en) | The synchronisation control means and system of subscriber phone number between a kind of bank's multisystem | |
US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
CN107169761A (en) | A kind of method and device for generating IC-card secure data | |
CN110457619A (en) | Browser information transmission method and device | |
CN115801317A (en) | Service providing method, system, device, storage medium and electronic equipment | |
CN114168552A (en) | Space sharing method and device based on block chain technology and computer equipment | |
CN108920971A (en) | The method of data encryption, the method for verification, the device of encryption and verification device | |
JP7308977B2 (en) | Method, transaction management device and computer readable medium for facilitating concurrent trading | |
CN112508693A (en) | Resource distribution channel distribution method and device based on user tags and electronic equipment | |
CN106534047A (en) | Information transmitting method and apparatus based on Trust application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |