CN107169761B - Method and device for generating IC (integrated circuit) card security data - Google Patents

Method and device for generating IC (integrated circuit) card security data Download PDF

Info

Publication number
CN107169761B
CN107169761B CN201710374072.6A CN201710374072A CN107169761B CN 107169761 B CN107169761 B CN 107169761B CN 201710374072 A CN201710374072 A CN 201710374072A CN 107169761 B CN107169761 B CN 107169761B
Authority
CN
China
Prior art keywords
data
security
data type
generating
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710374072.6A
Other languages
Chinese (zh)
Other versions
CN107169761A (en
Inventor
许先文
冀乃庚
傅宜生
田丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201710374072.6A priority Critical patent/CN107169761B/en
Publication of CN107169761A publication Critical patent/CN107169761A/en
Priority to PCT/CN2018/081751 priority patent/WO2018214649A1/en
Application granted granted Critical
Publication of CN107169761B publication Critical patent/CN107169761B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a method and a device for generating IC card security data, which comprises the following steps: the first equipment receives an IC card security data generation request which is used for requesting the first equipment to generate N data types of security data; for any of the N data types, the first device may generate the security data for that data type using a generation path that matches the performance consumption required to generate that data type. Since the first device can select a matching generation path for the generation of any data type in accordance with the performance consumption required for the generation of the security data of the any data type, the generation efficiency of the security data of the IC card can be effectively improved.

Description

Method and device for generating IC (integrated circuit) card security data
Technical Field
The invention relates to the technical field of internet, in particular to a method and a device for generating IC (integrated circuit) card security data.
Background
With the continuous development of information technology, IC cards are also more and more widely used in people's life. The IC card is used for replacing cash, so that various transactions can be rapidly and conveniently carried out, and the life of people is facilitated. However, when a transaction is performed using an IC card, security data such as personalized security information needs to be stored in the IC card in advance.
The existing generation of the IC card security data is mainly applied to the IC card scene of the bank issuing entity. After receiving the application of the IC card applied by the user, the bank generates safety data according to the personal information data of the user and the design specification of the IC card, and stores the safety data in the storage area of the IC card in the processes of card making and personalization. As can be seen, in this card issuing method, there is a process of preparing card data for generating the IC card security data, and the generation efficiency is low.
However, due to the increasing popularity of internet consumption scenes, the traditional IC card issuing method has not been able to meet people's needs. In the internet era, various card issuers can access the TSM platform and issue virtual IC cards through the internet. After a user submits a card application on the internet, a card issuer transmits safety data to an intelligent terminal such as a mobile phone of the user, and issuing of a virtual IC card, namely, card issuing in the air can be realized.
In the service scene of card issuing over the air, the application requirements of users are often intensive and highly concurrent, and the application and issuing of card applications can be realized in real time and rapidly, so that the traditional method for generating the security data of the IC card has low generation efficiency of the security data due to the existence of a generation process for preparing card data, cannot meet the intensive card applying requirements in the Internet environment, realizes the real-time card issuing for the users, and has poor user experience.
In summary, there is a need for a method for generating IC card security data, which is used to solve the technical problem of low generation efficiency of IC card security data in the prior art.
Disclosure of Invention
The invention provides a method and a device for generating IC (integrated circuit) card security data, which are used for solving the technical problem of low generation efficiency of the IC card security data in the prior art.
The method for generating the IC card security data provided by the embodiment of the invention comprises the following steps:
the method comprises the steps that a first device receives an IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
for any data type in the N data types, the first device generates the security data of any data type by adopting a generation path matched with the performance consumption required for generating the security data of any data type according to the performance consumption required for generating the security data of any data type.
Optionally, the first device generates the security data of any data type, including:
and if the first equipment determines that the performance consumption required for generating the safety data of any data type is greater than or equal to a performance consumption threshold value, acquiring the safety data of any data type from the safety data generated and stored in the second equipment in advance.
Optionally, the first device generates the security data of any data type, further comprising:
and if the first equipment determines that the performance consumption required for generating the safety data of any data type is less than a performance consumption threshold value, generating the safety data of any data type through local calculation or calling an encryption machine.
Optionally, the first device generates the security data of any data type through local computation, including:
if the first equipment determines that the security level of the security data of any data type is smaller than a security level threshold value, the first equipment generates the security data of any data type through a low security level calculation module and encrypts the security data through a high security level calculation module;
and if the first equipment determines that the security level of the first security data is greater than or equal to the security level threshold value, generating and encrypting the security data of any data type through the high security level calculation module.
Optionally, after the first device generates the security data of any data type, the method further includes:
if the first equipment determines that the security level of the security data of any data type is greater than or equal to a security level threshold value, the security data of any data type is stored through a security protection encryption module;
and if the security level of the security data of any data type is determined to be smaller than a security level threshold value, storing the security data of any data type through a non-security protection encryption module.
Based on the same inventive concept, the second embodiment of the present invention provides an apparatus for generating IC card security data, which includes:
the receiving module is used for receiving the IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
and the generating module is used for generating the safety data of any data type by adopting a generating path matched with the performance consumption required for generating the safety data of any data type according to the performance consumption required for generating the safety data of any data type aiming at any data type in the N data types.
Optionally, the generating module is specifically configured to:
and if the performance consumption required for generating the safety data of any data type is determined to be larger than or equal to the performance consumption threshold, acquiring the safety data of any data type from the safety data generated and stored in the second equipment in advance.
Optionally, the generating module is further specifically configured to:
and if the performance consumption required for generating the safety data of any data type is determined to be less than the performance consumption threshold value, generating the safety data of any data type through local calculation or calling an encryption machine.
Optionally, the generating module is further specifically configured to:
if the security level of the security data of any data type is determined to be smaller than the security level threshold, the security data of any data type is generated through a low security level calculation module, and encryption is carried out through a high security level calculation module;
and if the security level of the first security data is determined to be greater than or equal to the security level threshold, generating and encrypting the security data of any data type through the high security level calculation module.
Optionally, the generating module is further configured to:
if the security level of the security data of any data type is determined to be greater than or equal to a security level threshold value, the security data of any data type is stored through a security protection encryption module;
and if the security level of the security data of any data type is determined to be smaller than a security level threshold value, storing the security data of any data type through a non-security protection encryption module.
Based on the same inventive concept, a third embodiment of the present invention provides a computer device, which includes a memory and a processor, wherein the memory is used for storing program instructions, and the processor is used for calling the program instructions stored in the memory and executing any one of the above methods according to the obtained program.
Based on the same inventive concept, a fourth embodiment of the present invention provides a computer storage medium for storing computer program instructions for the above-mentioned computing device, which contains a program for executing the above-mentioned method for generating IC card security data.
In the embodiment of the invention, first equipment receives an IC (integrated circuit) card security data generation request, wherein the IC card security data generation request is used for requesting the first equipment to generate N data types of security data; for any of the N data types, the first device may generate the security data for that data type using a generation path that matches the performance consumption required to generate that data type. Since the first device can select a matching generation path for the generation of any data type in accordance with the performance consumption required for the generation of the security data of the any data type, the generation efficiency of the security data of the IC card can be effectively improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for generating IC card security data according to a first embodiment of the present invention;
fig. 2 is a schematic structural diagram of a unified interface module according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a second apparatus according to a first embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an apparatus for generating IC card security data according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computing device according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiment of the present invention, the first device is specifically configured to generate security data for a virtual IC card issued by each card issuer or card application provider in a real-time online card issuing system for issuing cards over the air. It may be various types of computing devices, for example, a high-performance computer, various types of encryptors, and the like, and is not limited herein.
The embodiments of the present invention will be described in further detail with reference to the drawings attached hereto.
Fig. 1 is a flowchart corresponding to a method for generating IC card security data according to a first embodiment of the present invention, as shown in fig. 1, including the following steps S101 to S102:
step S101: the method comprises the steps that a first device receives an IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
step S102: for any data type in the N data types, the first device generates the security data of any data type by adopting a generation path matched with the performance consumption required for generating the security data of any data type according to the performance consumption required for generating the security data of any data type.
In the embodiment of the invention, first equipment receives an IC (integrated circuit) card security data generation request, wherein the IC card security data generation request is used for requesting the first equipment to generate N data types of security data; for any of the N data types, the first device may generate the security data for that data type using a generation path that matches the performance consumption required to generate that data type. Since the first device can select a matching generation path for the generation of any data type in accordance with the performance consumption required for the generation of the security data of the any data type, the generation efficiency of the security data of the IC card can be effectively improved.
Specifically, in step S101, the first device receives an IC card security data generation request; the IC card security data generation request is used for generating security data meeting certain service requirements to the first equipment. The security data meeting certain service requirements may include security data of N data types, where N is an integer greater than or equal to 1.
For example, the security data of the N data types may specifically include personal information, card information, financial transaction data, a signature certificate, a data protection security key, a communication encryption key, a consumption key, and the like, or may also include other types of IC card security data, which is not specifically limited herein.
In the embodiment of the invention, the first equipment can receive the IC card security data generation requests from a plurality of service demand parties. For different business demanders, due to different application scenarios of virtual IC cards issued by the business demanders, or due to different pre-processing on initial data, security data requested to be generated in IC card generation requests sent by the different business demanders are also different, that is, N data types of security data requested to be generated by the different business demanders are different.
Therefore, the first device can receive the IC card security data generation request sent by each business demander through one unified interface module, and is used for providing a complete service for generating the security data for each business demander.
Fig. 2 is a schematic structural diagram of a unified interface module in an embodiment of the present invention, and as shown in fig. 2, the unified interface module 200 may further specifically include a basic service interface 201 and a plurality of personalized service interfaces (such as 2021, 2022, 2023, and 2024 shown in the figure).
The basic service interface is used for uniformly receiving the IC card security data generation requests sent by all the service demand parties, the personalized service interfaces inherited from the basic service interface are respectively used for receiving the security data generation requests from different service demand parties after the security data generation requests pass through the basic service interface, namely when the security data generation request from one service demand party reaches the personalized service interface, the security data of N data types requested by the security data generation request can be subjected to personalized preliminary processing including data check, response and the like according to the corresponding service demand.
Based on the design, the unified interface module is combined with the plurality of personalized service interfaces through the basic service interface, so that simplicity of an external release interface is guaranteed, calling of all service demanders is simplified, service interfaces of different service demanders are isolated, and efficient and timely data check and response of different safety data generation requests can be realized.
Furthermore, in step S102, the first device may further split the IC card security data generation request sent by each service demander according to the data type of the security data to be generated. As shown in fig. 2, the first device performs the splitting of the secure data generation request by the splitting module 203. The first device may further split the IC card security data generation request into N sub-requests according to two dimensions of security level and performance consumption after receiving the IC card security data generation request, where each sub-request corresponds to one data type of security data.
Because the calculation and encryption modes of different types of safety data are different, the IC card safety data generation request is divided into N sub-requests, so that the first equipment can pertinently select a proper generation path for the safety data requested in each safety data generation sub-request.
If a certain IC card security data generation request requests N data types of security data, for any one of the N data types, the first device may generate the security data of any one data type by parsing the security data generation sub-request, and according to performance consumption required for generating the security data of any one data type, using a generation path matched with the performance consumption required for generating the security data of any one data type.
Specifically, if it is determined that the performance consumption required for generating the secure data of any data type is smaller than a performance consumption threshold, the first device generates the secure data of any data type through local calculation, or invokes an encryption engine to perform real-time response calculation.
If the security data of any data type is determined to be generated through local calculation, the first device can judge the security level of the security data of any data type, and if the security level of the security data of any data type is determined to be smaller than a security level threshold value, the security data of any data type can be generated through a local low-security level calculation module, and encryption and protection are performed through a high-security level calculation module.
On the contrary, if the security level of the security data of any data type is determined to be greater than or equal to the security level threshold, the security data of any data type can be generated through a local high security level calculation module. In the embodiment of the present invention, the security data with higher security level may generally include application data of the IC card and a protection key of a key, such as various security certificates, a communication key, or a protection key of other application data, as well as a one-time consumption key of a transaction and a corresponding protection key thereof.
It should be noted that, in the embodiment of the present invention, the performance consumption threshold and the security level threshold may be set by a person skilled in the art according to practical situations, and the present invention is not limited to this specifically.
In IC card security data, security data often including some data types requires a large amount of calculation to generate, for example, a personalized security certificate. Therefore, if the security data of these data types is locally calculated, a large amount of calculation resources are consumed, and the efficiency of generating the security data is reduced.
In this case, if the first device determines that the performance consumption required for generating the security data of any data type is greater than or equal to the performance consumption threshold, the second device may be invoked to generate the security data of any data type.
The second device is specifically a dedicated computing resource specially deployed for generating security data with high performance consumption or high intensive computing, and may be a high performance computer, an HSM encryptor, or other type of computing device, which is not limited in this respect.
Fig. 3 is a schematic structural diagram of the second device in the first embodiment of the present invention. As shown in fig. 2, the second device includes a data service interface, a data generating module, and a data caching module. The data service interface is used for receiving a generation sub-request of security data of a certain data type sent by the first device, namely a generation sub-request of security data of a high-intensive computing type.
Since the security data generated by invoking the second device is required to be security data which is generally common to all users, the data generation module in the second device can continuously invoke the HSM encryption device to generate highly computationally intensive security data such as personalized certificate data according to the system condition of the second device and the preset time required for generating the security data of various data types, and then encrypt the generated security data by the data protection and encryption module and store the encrypted security data in the persistence device.
The data caching module can acquire the safety data generated in advance by the data generating module from the persistent equipment in a batch loading mode and provide data service. That is, when the first device calls the second device to generate the security data of a certain data type, the security data generation sub-request preferentially enters the data caching service through the data service interface, and the security data which is generated in advance is acquired from the data caching service.
Meanwhile, the data caching module also has a function of monitoring cached data, and when the data quantity of the safety data cached in the data caching module is smaller than a certain safety value, the data caching module can automatically load the safety data from the persistence equipment.
In some special cases, if the quantity of the pre-generated safety data in the data caching module and the persistence device cannot meet the requirement of a high-concurrency safety data generation request, or in other abnormal cases, the second device can calculate and generate the safety data in real time through the data generation module.
Therefore, in order to solve the problems of high performance consumption requirement and long time consumption in the high-intensive calculation type safety data generation process, the second equipment generates and stores the safety data uninterruptedly through the data generation module, and a mechanism of combining the data generation module with the data cache module to dynamically acquire the safety data from the persistence equipment can effectively utilize the idle time of the encryption equipment to convert the high-concurrency data generation into the persistent and uniform safety data generation process, so that the performance bottleneck of safety data generation in the traditional card issuing mode can be broken through, and the real-time online card issuing system can meet the centralized and high-concurrency card issuing requirements in the internet environment.
It should be noted that, in the embodiment of the present invention, the first device may further include a security protection encryption module. After the first device generates the security data through local calculation or invoking the second device to calculate, the encryption, protection and storage of the generated security data with different security levels are realized through an independent security protection encryption module.
Specifically, the method includes that if the first device determines that the security level of the security data of any data type is greater than or equal to a security level threshold, the security data of any data type is stored through a security protection encryption module.
And if the security level of the security data of any data type is determined to be smaller than a security level threshold value, storing the security data of any data type through a non-security protection encryption module.
For example, the secure data with higher security level, such as the root key of the security certificate authority, the industry secondary certificate, and the user private key certificate, may be stored in the security protection encryption module, and the communication encryption key, the consumption key, and the key under the protection of the key in the security protection module may be stored in the non-security protection encryption module.
In addition, the generated security data are transmitted to an intelligent terminal such as a mobile phone of a user through an internet environment, and the security protection encryption module can provide security protection for storage and transmission of the generated security data.
Therefore, the key storage mechanism stored in different security devices can isolate the problems of key security penetration and security boundary propagation from a physical layer, effectively support the splitting of the request of the first device for security data of different data types and the selection of a generation path, and ensure the security of each stage of generation, storage, transmission and the like.
Based on the same inventive concept, a second embodiment of the present invention provides an apparatus for generating IC card security data, and fig. 4 is a schematic structural diagram of the apparatus for generating IC card security data provided in the second embodiment of the present invention, as shown in fig. 4, the apparatus includes:
a receiving module 401, configured to receive an IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated;
a generating module 402, configured to, for any data type of the N data types, generate the security data of any data type by using a generating path that matches performance consumption required for generating the security data of any data type according to the performance consumption required for generating the security data of any data type.
Optionally, the generating module 402 is specifically configured to:
and if the performance consumption required for generating the safety data of any data type is determined to be larger than or equal to the performance consumption threshold, acquiring the safety data of any data type from the safety data generated and stored in the second equipment in advance.
Optionally, the generating module 402 is further specifically configured to:
and if the performance consumption required for generating the safety data of any data type is determined to be less than the performance consumption threshold value, generating the safety data of any data type through local calculation or calling an encryption machine.
Optionally, the generating module 402 is further specifically configured to:
if the security level of the security data of any data type is determined to be smaller than the security level threshold, the security data of any data type is generated through a low security level calculation module, and encryption is carried out through a high security level calculation module;
and if the security level of the first security data is determined to be greater than or equal to the security level threshold, generating and encrypting the security data of any data type through the high security level calculation module.
Optionally, the generating module 402 is further configured to:
if the security level of the security data of any data type is determined to be greater than or equal to a security level threshold value, the security data of any data type is stored through a security protection encryption module;
and if the security level of the security data of any data type is determined to be smaller than a security level threshold value, storing the security data of any data type through a non-security protection encryption module.
Based on the same inventive concept, the third embodiment of the present invention provides a computing device 500, where the computing device 500 may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. As shown in fig. 5, the computing device may include a Central Processing Unit (CPU), a memory, an input/output device, etc., the input device may include a keyboard, a mouse, a touch screen, etc., and the output device may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.
The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In an embodiment of the invention, the memory may be used to store a program for a secure carrier based configuration method.
The processor is used for executing the following steps according to the obtained program instructions by calling the program instructions stored in the memory: receiving an IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
and aiming at any data type in the N data types, generating the safety data of any data type by adopting a generation path matched with the performance consumption required for generating the safety data of any data type according to the performance consumption required for generating the safety data of any data type.
A fourth embodiment of the present invention provides a computer storage medium, configured to store computer program instructions for the computing device, where the computer program instructions include a program for executing the configuration method of the secure carrier.
The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
From the above, it can be seen that:
in the embodiment of the invention, first equipment receives an IC (integrated circuit) card security data generation request, wherein the IC card security data generation request is used for requesting the first equipment to generate N data types of security data; for any of the N data types, the first device may generate the security data for that data type using a generation path that matches the performance consumption required to generate that data type. Since the first device can select a matching generation path for the generation of any data type in accordance with the performance consumption required for the generation of the security data of the any data type, the generation efficiency of the security data of the IC card can be effectively improved. As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (8)

1. A method of generating IC card security data, the method comprising:
the method comprises the steps that a first device receives an IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
for any data type in the N data types, the first equipment generates the security data of any data type by adopting a generation path matched with the performance consumption required by the generation of the security data of any data type according to the performance consumption required by the generation of the security data of any data type;
the first device generating the secure data of any data type, comprising:
if the first equipment determines that the performance consumption required for generating the safety data of any data type is smaller than a performance consumption threshold value, the first equipment generates the safety data of any data type through local calculation or calling an encryption machine;
the first device generates the security data of any data type through local calculation, and the method comprises the following steps:
if the first equipment determines that the security level of the security data of any data type is smaller than a security level threshold value, the first equipment generates the security data of any data type through a low security level calculation module and encrypts the security data through a high security level calculation module;
and if the first equipment determines that the security level of the security data of any data type is greater than or equal to a security level threshold value, generating and encrypting the security data of any data type through the high security level calculation module.
2. The method of claim 1, wherein the first device generates the secure data of any data type, further comprising:
and if the first equipment determines that the performance consumption required for generating the safety data of any data type is greater than or equal to a performance consumption threshold value, acquiring the safety data of any data type from the safety data generated and stored in the second equipment in advance.
3. The method of claim 1 or 2, wherein after the first device generates the security data of any data type, further comprising:
if the first equipment determines that the security level of the security data of any data type is greater than or equal to a security level threshold value, the security data of any data type is stored through a security protection encryption module;
and if the security level of the security data of any data type is determined to be smaller than the security level threshold value, storing the security data of any data type through a non-security protection encryption module.
4. An apparatus for generating IC card security data, the apparatus comprising:
the receiving module is used for receiving the IC card security data generation request; the IC card security data generation request comprises N data types of security data to be generated; wherein N is an integer greater than or equal to 1;
a generating module, configured to, for any data type of the N data types, generate the security data of the any data type by using a generating path matched with performance consumption required for generating the security data of the any data type according to the performance consumption required for generating the security data of the any data type;
the generation module is specifically configured to:
if the performance consumption required for generating the safety data of any data type is determined to be smaller than a performance consumption threshold value, the safety data of any data type is generated through local calculation or an encryption machine is called;
the generating module is further specifically configured to:
if the security level of the security data of any data type is determined to be smaller than the security level threshold, the security data of any data type is generated through a low security level calculation module, and encryption is carried out through a high security level calculation module;
and if the security level of the security data of any data type is determined to be greater than or equal to the security level threshold value, generating and encrypting the security data of any data type through the high security level calculation module.
5. The apparatus of claim 4, wherein the generation module is specifically configured to:
and if the performance consumption required for generating the safety data of any data type is determined to be larger than or equal to the performance consumption threshold, acquiring the safety data of any data type from the safety data generated and stored in the second equipment in advance.
6. The apparatus of claim 4 or 5, wherein the generating module is further configured to:
if the security level of the security data of any data type is determined to be greater than or equal to a security level threshold value, the security data of any data type is stored through a security protection encryption module;
and if the security level of the security data of any data type is determined to be smaller than the security level threshold value, storing the security data of any data type through a non-security protection encryption module.
7. A computer device, characterized in that the computer device comprises:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 3 in accordance with the obtained program.
8. A computer storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 1 to 3.
CN201710374072.6A 2017-05-24 2017-05-24 Method and device for generating IC (integrated circuit) card security data Active CN107169761B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710374072.6A CN107169761B (en) 2017-05-24 2017-05-24 Method and device for generating IC (integrated circuit) card security data
PCT/CN2018/081751 WO2018214649A1 (en) 2017-05-24 2018-04-03 Method and device for generating security data for ic card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710374072.6A CN107169761B (en) 2017-05-24 2017-05-24 Method and device for generating IC (integrated circuit) card security data

Publications (2)

Publication Number Publication Date
CN107169761A CN107169761A (en) 2017-09-15
CN107169761B true CN107169761B (en) 2020-07-07

Family

ID=59820755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710374072.6A Active CN107169761B (en) 2017-05-24 2017-05-24 Method and device for generating IC (integrated circuit) card security data

Country Status (2)

Country Link
CN (1) CN107169761B (en)
WO (1) WO2018214649A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107169761B (en) * 2017-05-24 2020-07-07 中国银联股份有限公司 Method and device for generating IC (integrated circuit) card security data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8825677B2 (en) * 2006-09-20 2014-09-02 Ebay Inc. Listing generation utilizing catalog information
CN106209615A (en) * 2016-07-05 2016-12-07 云南大学 A kind of Dynamic Route Control method calculating forward-path based on SPFA algorithm

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2026552B1 (en) * 2007-08-17 2014-02-26 Accenture Global Services Limited Multiple channel automated refill system
US9185080B2 (en) * 2011-08-12 2015-11-10 Intel Deutschland Gmbh Data transmitting devices, data receiving devices, methods for controlling a data transmitting device, and methods for controlling a data receiving device
CN102612028B (en) * 2012-03-28 2015-04-15 电信科学技术研究院 Method, system and device for configuration transmission and data transmission
CN105376051A (en) * 2014-08-29 2016-03-02 宇龙计算机通信科技(深圳)有限公司 Encryption method and apparatus, and terminal
CN107169761B (en) * 2017-05-24 2020-07-07 中国银联股份有限公司 Method and device for generating IC (integrated circuit) card security data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8825677B2 (en) * 2006-09-20 2014-09-02 Ebay Inc. Listing generation utilizing catalog information
CN106209615A (en) * 2016-07-05 2016-12-07 云南大学 A kind of Dynamic Route Control method calculating forward-path based on SPFA algorithm

Also Published As

Publication number Publication date
WO2018214649A1 (en) 2018-11-29
CN107169761A (en) 2017-09-15

Similar Documents

Publication Publication Date Title
TWI734041B (en) Method and device for data audit
US8943319B2 (en) Managing security for computer services
TW201917666A (en) Data auditing method and device
US20160028702A1 (en) System and method for key management for issuer security domain using global platform specifications
US20180101850A1 (en) User and device authentication for web applications
WO2020192698A1 (en) Data secure backup and secure recovery methods, and electronic device
US11263632B2 (en) Information sharing methods, apparatuses, and devices
US11310244B2 (en) Information sharing methods, apparatuses, and devices
CN113821817B (en) Data processing method, device, equipment and system based on block chain
US11954686B2 (en) Information sharing methods and systems
WO2022161182A1 (en) Trusted computing method and apparatus based on data stream
CN115033923A (en) Method, device, equipment and storage medium for protecting transaction privacy data
CN107169761B (en) Method and device for generating IC (integrated circuit) card security data
US8904508B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN113114678A (en) Service execution method and device
US20230169204A1 (en) Secure sharing of personal data in distributed computing zones
US11514445B2 (en) Information sharing methods, apparatuses, and devices
US9424543B2 (en) Authenticating a response to a change request
WO2020211073A1 (en) Blockchain and secure multi-party computation-based transaction method and apparatus, and storage medium
CN113127535B (en) Data processing method and device based on block chain and electronic equipment
US11394717B2 (en) Digitally secure transactions over public networks
EP4307607A1 (en) System and method of secured interface to a blockchain based network
US20220222358A1 (en) Scalable cloning and replication for trusted execution environments
CN114154978A (en) Key management method, transaction method and device for digital currency on block chain
CN115796865A (en) Transaction authentication method, device, equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant