CN108551455A - The configuration method and device of smart card - Google Patents

Abstract

The disclosure is directed to a kind of configuration method of smart card and device, the method includes：Access control equipment obtains the verification information of smart card before the unlocking authority for configuring access control equipment for smart card；According to the verification information of smart card, smart card is verified；If smart card authentication passes through, unblocking key information is sent to smart card.In the technical solution that the embodiment of the present disclosure provides, before the unlocking authority for configuring access control equipment for smart card, first verifies smart card and unblocking key information is provided again, avoid configuring unlocking authority for counterfeit smart card, improve safety；Also, the mode for being adopted as smart card distribution unblocking key information is that smart card configures unlocking authority, compared in such a way that the card number of smart card is recorded in access control equipment, more securely and reliably.

Description

The configuration method and device of smart card

Technical field

The embodiment of the present disclosure is related to technical field of intelligent card, the more particularly to configuration method and device of a kind of smart card.

Background technology

Currently, smart card techniques have been used widely in access control system.

In the related art, by the way that smart card to be configured to the unlocking card of access control equipment, the smart card solution can be utilized It locks a door taboo.But the scheme configured at present to smart card, safety are relatively low.

Invention content

The embodiment of the present disclosure provides a kind of configuration method and device of smart card.

According to the first aspect of the embodiments of the present disclosure, a kind of configuration method of smart card is provided, access control equipment is applied to In, the method includes：

Before the unlocking authority for configuring the access control equipment for smart card, the verification information of the smart card is obtained；

According to the verification information of the smart card, the smart card is verified；

If the smart card authentication passes through, unblocking key information is sent to the smart card.

Optionally, the verification information of the smart card includes：The public key of the digital certificate of the smart card；

The verification information according to the smart card verifies the smart card, including：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

If the digital certificate is effective, the first checking request is sent to the smart card, in first checking request Carry data to be signed；

The signed data that the smart card is sent is received, the signed data uses the digital certificate by the smart card Private key sign to the data to be signed after generate；

The data to be signed are obtained to the signed data successful decryption according to the public key of the digital certificate, then really The fixed smart card authentication passes through.

Optionally, the verification information of the smart card includes：The symmetric key of the smart card；

The verification information according to the smart card verifies the smart card, including：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using in the smart card Preset symmetric key generates after the be-encrypted data is encrypted；

According to the smart card preset in the access control equipment symmetric key to the encryption data successful decryption Obtain the be-encrypted data, it is determined that the smart card authentication passes through.

Optionally, described to send unblocking key information to the smart card, including：

The unblocking key information is encrypted using the session key arranged between the smart card, is encrypted Unblocking key information afterwards；

The encrypted unblocking key information is sent to the smart card.

Optionally, the method further includes：

Generate the session key；

The session key is encrypted, key information is obtained；

The key information is sent to the smart card.

Optionally, the unblocking key information includes：Unblocking key；

The method further includes：

In operating mode, if detecting the smart card, verification request is sent to the smart card, Verification data is carried in the verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data use the unblocking key by the smart card It is generated after the verification data is encrypted；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

If the unblocking key of the smart card is correct, unlocking is triggered.

Optionally, the unblocking key information further includes：The attribute information of the unblocking key；

The method further includes：

In the operating mode, if detecting the smart card, information is sent to the smart card Read requests；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

If the smart card has the unlocking authority, and the unblocking key of the smart card is correct, then executes described touch The step of hair is unlocked.

According to the second aspect of the embodiment of the present disclosure, a kind of configuration method of smart card is provided, is applied in smart card, The method includes：

Before the unlocking authority for configuring access control equipment for the smart card, interacted with the access control equipment, with right The smart card is verified；

After the access control equipment passes through the smart card authentication, the unblocking key that the access control equipment is sent is received Information；

Preserve the unblocking key information.

Optionally, described to be interacted with the access control equipment, to be verified to the smart card, including：

The certification verification request that the access control equipment is sent is received, the certification verification request is for intelligence described in acquisition request The public key for the digital certificate that can block；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, described in reception The first checking request that access control equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public affairs using the digital certificate After key obtains the data to be signed to the signed data successful decryption, confirm that the smart card authentication passes through.

Optionally, described to be interacted with the access control equipment, to be verified to the smart card, including：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for pre- in using the access control equipment After the symmetric key for the smart card set obtains the be-encrypted data to the encryption data successful decryption, described in confirmation Smart card authentication passes through.

Optionally, the unblocking key information for receiving the access control equipment and sending, including：

Receive the encrypted unblocking key information that the access control equipment is sent；

The encrypted unblocking key information is solved using the session key arranged between the access control equipment It is close, obtain the unblocking key information.

Optionally, the method further includes：

The key information that the access control equipment is sent is received, the key information is close to the session by the access control equipment Key obtains after being encrypted；

The key information is decrypted, the session key is obtained；

Preserve the session key.

Optionally, the unblocking key information includes：Unblocking key；

The method further includes：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to the ciphertext data verification After the unblocking key of the smart card is correct, triggering is unlocked.

According to the third aspect of the embodiment of the present disclosure, a kind of configuration device of smart card is provided, is applied to access control equipment In, described device includes：

Data obtaining module is configured as before the unlocking authority for configuring the access control equipment for smart card, obtains institute State the verification information of smart card；

First authentication module is configured as the verification information according to the smart card, is verified to the smart card；

Information sending module, be configured as when the smart card authentication by when, to the smart card send unblocking key Information.

Optionally, the verification information of the smart card includes：The public key of the digital certificate of the smart card；

First authentication module, is configured as：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

When the digital certificate is effective, the first checking request is sent to the smart card, in first checking request Carry data to be signed；

The signed data that the smart card is sent is received, the signed data uses the digital certificate by the smart card Private key sign to the data to be signed after generate；

When obtaining the data to be signed to the signed data successful decryption using the public key of the digital certificate, really The fixed smart card authentication passes through.

Optionally, the verification information of the smart card includes：The symmetric key of the smart card；

First authentication module, is configured as：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using in the smart card Preset symmetric key generates after the be-encrypted data is encrypted；

When the symmetric key using the preset smart card in the access control equipment is to the encryption data successful decryption When obtaining the be-encrypted data, determine that the smart card authentication passes through.

Optionally, described information sending module is configured as：

The unblocking key information is encrypted using the session key arranged between the smart card, is encrypted Unblocking key information afterwards；

The encrypted unblocking key information is sent to the smart card.

Optionally, described device further includes key sending module, is configured as：

Generate the session key；

The session key is encrypted, key information is obtained；

The key information is sent to the smart card.

Optionally, the unblocking key information includes：Unblocking key；

Described device further includes the first unlocking module, is configured as：

In operating mode, when detecting the smart card, verification request is sent to the smart card, Verification data is carried in the verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data use the unblocking key by the smart card It is generated after the verification data is encrypted；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

When the unblocking key of the smart card is correct, triggering is unlocked.

Optionally, the unblocking key information further includes：The attribute information of the unblocking key；

First unlocking module, is additionally configured to：

In the operating mode, when detecting the smart card, information is sent to the smart card Read requests；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

When the smart card have the unlocking authority, and the smart card unblocking key it is correct when, triggering unlock.

According to the fourth aspect of the embodiment of the present disclosure, a kind of configuration device of smart card is provided, is applied in smart card, Described device includes：

Second authentication module is configured as before the unlocking authority for configuring access control equipment for the smart card, and described Access control equipment interacts, to be verified to the smart card；

Information receiving module is configured as after the access control equipment passes through the smart card authentication, described in reception The unblocking key information that access control equipment is sent；

Information preservation module is configured as preserving the unblocking key information.

Optionally, second authentication module, is configured as：

The certification verification request that the access control equipment is sent is received, the certification verification request is for intelligence described in acquisition request The public key for the digital certificate that can block；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, described in reception The first checking request that access control equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public affairs using the digital certificate After key obtains the data to be signed to the signed data successful decryption, confirm that the smart card authentication passes through.

Optionally, second authentication module, is configured as：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for pre- in using the access control equipment After the symmetric key for the smart card set obtains the be-encrypted data to the encryption data successful decryption, described in confirmation Smart card authentication passes through.

Optionally, described information receiving module is configured as：

Receive the encrypted unblocking key information that the access control equipment is sent；

The encrypted unblocking key information is solved using the session key arranged between the access control equipment It is close, obtain the unblocking key information.

Optionally, described device further includes key reception module, is configured as：

The key information that the access control equipment is sent is received, the key information is close to the session by the access control equipment Key obtains after being encrypted；

The key information is decrypted, the session key is obtained；

Preserve the session key.

Optionally, the unblocking key information includes：Unblocking key；

Described device further includes the second unlocking module, is configured as：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to the ciphertext data verification After the unblocking key of the smart card is correct, triggering is unlocked.

According to a fifth aspect of the embodiments of the present disclosure, a kind of configuration device of smart card is provided, described device includes：

Processor；

Memory for the executable instruction for storing the processor；

Wherein, the processor is configured as：

Before the unlocking authority for configuring the access control equipment for smart card, the verification information of the smart card is obtained；

According to the verification information of the smart card, the smart card is verified；

When the smart card authentication by when, to the smart card send unblocking key information.

According to the 6th of the embodiment of the present disclosure the aspect, a kind of configuration device of smart card is provided, described device includes：

Processor；

Memory for the executable instruction for storing the processor；

Wherein, the processor is configured as：

Before the unlocking authority for configuring access control equipment for the smart card, interacted with the access control equipment, with right The smart card is verified；

After the access control equipment passes through the smart card authentication, the unblocking key that the access control equipment is sent is received Information；

Preserve the unblocking key information.

According to the 7th of the embodiment of the present disclosure the aspect, a kind of non-transitorycomputer readable storage medium is provided, thereon The step of being stored with computer program, method as described in relation to the first aspect realized when the computer program is executed by processor.

According to the eighth aspect of the embodiment of the present disclosure, a kind of non-transitorycomputer readable storage medium is provided, thereon It is stored with computer program, is realized such as the step of second aspect the method when the computer program is executed by processor.

The technical solution that the embodiment of the present disclosure provides can include the following benefits：

In the technical solution that the embodiment of the present disclosure provides, before the unlocking authority for configuring access control equipment for smart card, First the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card；It is right compared to not Smart card does any verification, directly configures smart card to the scheme of the unlocking card of access control equipment, and the embodiment of the present disclosure provides Scheme be able to verify that whether the source of smart card genuine and believable, avoid configuring unlocking authority for counterfeit smart card, improve Safety.Also, it is in the related art, that the card identification information (such as card number) of smart card is stored in access control equipment, with reality Now be smart card configure unlocking authority, and the embodiment of the present disclosure provide technical solution in, be will be unlocked by access control equipment it is close Key information is supplied to smart card, unlocking authority is configured to be embodied as smart card, due to the card identification information (such as card number) of smart card It is often exposed in plain text outer, it is easy to be obtained by other people, criminal can produce after obtaining with the card identification information Counterfeit smart card, and unblocking key information is not easy to be obtained by other people, therefore safety higher.

It should be understood that above general description and following detailed description is only exemplary and explanatory, not The disclosure can be limited.

Description of the drawings

The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure Example, and together with specification for explaining the principles of this disclosure.

Fig. 1 is a kind of schematic diagram of system architecture shown according to an exemplary embodiment；

Fig. 2 is a kind of flow chart of the configuration method of smart card shown according to an exemplary embodiment；

Fig. 3 is a kind of flow chart of the configuration method of the smart card shown according to another exemplary embodiment；

Fig. 4 is a kind of flow chart of the configuration method of the smart card shown according to another exemplary embodiment；

Fig. 5 is the schematic diagram according to the unlocking flow shown in an exemplary embodiment；

Fig. 6 is a kind of block diagram of the configuration device of smart card shown according to an exemplary embodiment；

Fig. 7 is a kind of block diagram of the configuration device of the smart card shown according to another exemplary embodiment.

Specific implementation mode

Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.

Fig. 1 is a kind of schematic diagram of system architecture shown according to an exemplary embodiment, which may include： Smart card 10 and access control equipment 20.

Smart card 10 can be the entity card for being embedded with microchip, can also be the virtual card in mobile terminal, should Virtual card can replace entity card to complete corresponding function of swiping card.It optionally, can when smart card 10 is virtual card To be stored in the SE (Secure Element, safety element) of mobile terminal.In addition, the type for smart card 10 does not limit Fixed, illustratively, smart card 10 can be Mifare cards or CPU card.

Access control equipment 20 is to refer to identification intelligent card 10, carries out diplomatic clearance according to recognition result or forbidden sets It is standby.Access control equipment 20 can also be generally referred to by those skilled in the art as door latch device, intelligent door lock, passageway gate machine or some other classes As term.In addition, access control equipment 20 can be applied in different scenes, as household, cell entrance, office building go out Entrance, market entrance, subway station entrance, station entrance-exit, airport entrance, parking lot entrance, highway come in and go out Mouthful etc., the embodiment of the present disclosure is not construed as limiting this.

Optionally, access control equipment 20 belongs to PCD (Proximity Coupling Device, proximity Coupling device), intelligence 10 can be blocked to belong to (Proximity Card, proximity card).Short distance can be passed through between access control equipment 20 and smart card 10 Wireless communication technique communicated.For example, non-contact IC card standard can be passed through between access control equipment 20 and smart card 10 Agreement (such as ISO14443A agreements) is communicated, can also (Near Field Communication, near field are logical by NFC Letter), bluetooth or other communication protocols communicated.

In the related art, in the following way a sheet smart card is configured to the unlocking card of access control equipment：Gate inhibition sets For in configuration mode, request command is sent to having smart card of communication connection with it；Smart card is according to this Request command replys request-reply to access control equipment, and the card identification information built in it is carried in above-mentioned request-reply；Door After taboo equipment receives request-reply, the card identification information of smart card is therefrom extracted, and the card identification information storage is being opened It locks in white list.Subsequently, in the case where access control equipment is in operating mode, if detecting that a certain smart card is set close to gate inhibition Standby, access control equipment obtains the card identification information of the smart card, if the card identification information storage of the smart card is in unlocking white list In, then access control equipment triggering is unlocked.

Above-mentioned smart card can be dedicated smart card in access control system, can also be between other satisfactions and access control equipment Communications Protocol Specification smart card, such as bank card, mass transit card, work card, campus card card.The card identification information of smart card is used In the unique mark smart card, such as card identification information is card number.

It is above-mentioned smart card is configured during, access control equipment does not do any verification, safety to smart card It is relatively low.Also, since the card identification information of smart card is easy to be obtained by other people, if production is provided after being obtained by criminal There is the counterfeit smart card of the card identification information, then criminal can utilize the counterfeit smart card triggering access control equipment to unlock, and deposit In serious security risk.

Referring to FIG. 2, it illustrates the flow charts of the configuration method of the smart card of an embodiment of the present disclosure offer.The party Method can be applied in system architecture shown in FIG. 1.This method may include the following steps：

In step 201, access control equipment obtains smart card before the unlocking authority for configuring access control equipment for smart card Verification information.

The verification information of smart card is for verifying smart card, to ensure that it is a genuine and believable smart card, Improve safety.

In addition, configuring the unlocking authority of access control equipment for smart card, it may be such that do not have the intelligence of unlocking authority originally Can fixture for unlocking authority, can also be that the unlocking authority of the smart card to having had unlocking authority originally is adjusted, this public affairs Embodiment is opened to be not construed as limiting this.

In step 202, access control equipment verifies smart card according to the verification information of smart card.

Optionally, access control equipment can verify smart card based on the mode of digital certificate, can also be based on symmetrical The mode of key verifies smart card, or is verified to smart card based on other manner, as long as being able to verify that the intelligence Can the source of card be genuine and believable any verification mode, the embodiment of the present disclosure is not construed as limiting this.

In step 203, if smart card authentication passes through, access control equipment sends unblocking key information to smart card.

Unblocking key information is the information of smart card required verification when triggering access control equipment and unlocking.Optionally, by intelligence It can block and be configured to for the unlocking card of access control equipment, unblocking key information includes unblocking key, and access control equipment is carried to smart card For unblocking key, access control equipment unlocking can be triggered by possessing the smart card of unblocking key.

In step 204, smart card preserves unblocking key information.

In conclusion in the technical solution that the embodiment of the present disclosure provides, in the unlocking for configuring access control equipment for smart card Before permission, first the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card； Compared to any verification is not done to smart card, directly it configures smart card to the scheme of the unlocking card of access control equipment, the disclosure The scheme that embodiment provides is able to verify that whether the source of smart card is genuine and believable, avoids unlocking for counterfeit smart card configuration and weigh Limit, improves safety.Also, it is in the related art, that the card identification information (such as card number) of smart card is stored in gate inhibition to set In standby, unlocking authority is configured to be embodied as smart card, and in the technical solution that the embodiment of the present disclosure provides, it is to pass through access control equipment Unblocking key information is supplied to smart card, unlocking authority is configured to be embodied as smart card, due to the card identification information of smart card (such as card number) is often exposed to outer in plain text, it is easy to be obtained by other people, criminal can produce after obtaining with the card mark Know the counterfeit smart card of information, and unblocking key information is not easy to be obtained by other people, therefore safety higher.

Referring to FIG. 3, it illustrates the flow charts of the configuration method of the smart card of the disclosure another embodiment offer.It should Method can be applied in system architecture shown in FIG. 1.In Fig. 3 embodiments, mainly to the mode based on digital certificate to intelligence Card carries out verification and does introduction explanation.This method may include the following steps：

In step 301, in configuration mode, access control equipment sends certification verification request to smart card.

When needing to configure the unlocking authority of access control equipment for smart card, triggering access control equipment enters configuration mode.One In the possible embodiment of kind, equipped with triggering button on access control equipment, after user clicks above-mentioned triggering button, gate inhibition is triggered Equipment enters configuration mode.Optionally, above-mentioned triggering button can be physical button, can also be access control equipment display screen in The virtual key of display.In alternatively possible embodiment, access control equipment has the application program to link with it, the application Program can installation and operation in terminal device, user by operate above application program, the application program controlling door can be passed through Prohibit equipment and enters configuration mode.

In addition, the first communication connection can be established between access control equipment and smart card.For example, when needing to configure for smart card When the unlocking authority of access control equipment, by smart card close to access control equipment so that it is logical to establish first between smart card and access control equipment Letter connection.Optionally, which is the connection established based on short-range wireless communication technique.In the first communication link It connects after being successfully established, just can be interacted by first communication connection between smart card and access control equipment.

It is above-mentioned first communication connection can be established before access control equipment enters configuration mode, can also access control equipment into Enter configuration mode to establish later, the embodiment of the present disclosure is not construed as limiting this.

In the embodiments of the present disclosure, access control equipment and unblocking key information is provided not directly to smart card, but first verified Whether the source of smart card is genuine and believable.In the embodiments of the present disclosure, the mode that digital certificate may be used is verified, gate inhibition Equipment can communicate to connect to smart card by above-mentioned first and send certification verification request, which obtains for asking Take the public key of the digital certificate of smart card.

The digital certificate of smart card can it is preset within a smart card, can also be preserved during generating smart card Within a smart card.Only possess the smart card of effective digital certificate, can just be determined as the genuine and believable smart card in source.

In step 302, smart card sends the public key of digital certificate to access control equipment.

Smart card communicates to connect after the certification verification request for receiving access control equipment transmission by above-mentioned first, to Access control equipment sends the public key of digital certificate.

Digital certificate includes public key and private key.Wherein, the holder of the private key numeric only certificate of digital certificate possesses, and belongs to Private cipher key can be decrypted and be signed with private key；The public key of digital certificate is disclosed to other people by the holder of digital certificate, Belong to public keys, can be encrypted with public key and sign test.

In step 303, whether effective access control equipment verifies digital certificate according to the public key of digital certificate.

Whether access control equipment is effective according to the public key verifications digital certificate after receiving the public key of digital certificate.It can The validation verification of selection of land, digital certificate includes following 3 aspects：(1) validity verification；(2) root certificate is verified；(3)CRL (Certificate Revocation List, certificate revocation list) is verified.If access control equipment confirms that the digital certificate has Effect then illustrates that the digital certificate is that legal entity issues and the available certificate within the term of validity.

In step 304, if digital certificate is effective, access control equipment sends the first checking request to smart card.

Data to be signed are carried in first checking request.Data to be signed refer to being supplied to smart card, it is desirable that smart card is adopted The data signed to it with the private key of digital certificate.Data to be signed can be preset data, can also be with The data that machine generates.For example, access control equipment generates a random number, as above-mentioned data to be signed.

In addition, if digital certificate is invalid, access control equipment judgement smart card authentication does not pass through.

In step 305, smart card signs to data to be signed using the private key of digital certificate, generates number of signature According to.

Within step 306, smart card sends signed data to access control equipment.

In step 307, data to be signed are obtained to signed data successful decryption according to the public key of digital certificate, then door Prohibit equipment and determines that smart card authentication passes through.

Access control equipment receive smart card transmission signed data after, using digital certificate public key to signed data into Row decryption, obtains sign test data.If sign test data are consistent with above-mentioned data to be signed, sign test success illustrates intelligent fixture The standby correct public key of digital certificate and private key, the source-verify of smart card pass through.If sign test data and above-mentioned data to be signed Inconsistent, then sign test fails, and illustrates that smart card does not have the correct public key of digital certificate and/or private key, the source of smart card is tested Card failure.In the case of the failure of the source-verify of smart card, access control equipment judgement smart card authentication does not pass through.

In the embodiments of the present disclosure, the source of smart card is verified by way of sign test, it is ensured that by configuration data It is supplied to the smart card that source is genuine and believable.

In step 308, if smart card authentication passes through, access control equipment sends unblocking key information to smart card.

Access control equipment can communicate to connect to smart card by above-mentioned first and send unblocking key information, can also pass through it It communicates to connect to smart card and sends unblocking key information, as long as unblocking key information can accurately reach smart card, this Open embodiment is not construed as limiting this.

In addition, if smart card authentication does not pass through, access control equipment is refused to provide unblocking key information to smart card, with true Ensuring safety property.Unsanctioned in smart card authentication, access control equipment can directly terminate flow, can also generate verification and lose Response is lost, the verification that authentication failed response is used to indicate to smart card does not pass through.For example, access control equipment can be in display screen It shows above-mentioned authentication failed response, above-mentioned authentication failed response can also be played by voice mode, or above-mentioned verification is lost The application program that response is sent to linkage is lost, is shown by application program, the disclosure is not construed as limiting this.

In a step 309, smart card preserves unblocking key information.

Optionally, after configuration is completed, access control equipment disconnects above-mentioned first communication connection.By the above-mentioned means, helping In the communication resource and process resource of saving access control equipment.

In conclusion in the technical solution that the embodiment of the present disclosure provides, in the unlocking power for configuring access control equipment for smart card Before limit, first the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card；Phase Compared with any verification is not done to smart card, directly it configures smart card to the scheme of the unlocking card of access control equipment, the disclosure is real The scheme for applying example offer is able to verify that whether the source of smart card is genuine and believable, avoids unlocking for counterfeit smart card configuration and weigh Limit, improves safety.

In addition, can be verified to the source of smart card by the way of digital certificate, it is ensured that by unblocking key information The smart card for being supplied to a source genuine and believable.

Referring to FIG. 4, it illustrates the flow charts of the configuration method of the smart card of the disclosure another embodiment offer.It should Method can be applied in system architecture shown in FIG. 1.In Fig. 4 embodiments, mainly to the mode based on symmetric key to intelligence Card carries out verification and does introduction explanation.This method may include the following steps：

In step 401, in configuration mode, access control equipment sends the second checking request to smart card.

When needing to configure the unlocking authority of access control equipment for smart card, triggering access control equipment enters configuration mode.It is related Triggering access control equipment enters the possibility realization method of configuration mode, reference can be made to the introduction explanation in Fig. 3 embodiments, the present embodiment pair This is repeated no more.

In the embodiments of the present disclosure, access control equipment and unblocking key information is provided not directly to smart card, but first verified Whether the source of smart card is genuine and believable.In the embodiments of the present disclosure, the mode that symmetric key may be used is verified, gate inhibition Equipment can communicate to connect to smart card by first and send the second checking request.Number to be encrypted is carried in second checking request According to the second checking request is used to ask smart card that above-mentioned be-encrypted data is encrypted using preset symmetric key, and will Encryption data feeds back to access control equipment.

In step 402, smart card is encrypted be-encrypted data using preset symmetric key, generates encryption number According to.

The symmetric key of smart card can it is preset within a smart card, can also be preserved during generating smart card Within a smart card.Only possess the smart card of correct symmetric key, can just be determined as the genuine and believable smart card in source.

In step 403, smart card sends encryption data to access control equipment.

In step 404, according to the symmetric key of smart card preset in access control equipment to encryption data successful decryption Be-encrypted data is obtained, then access control equipment determines that smart card authentication passes through.

After access control equipment receives the encryption data of smart card transmission, using pair of smart card preset in access control equipment Claim key pair encryption data to be decrypted, obtains ciphertext data.If ciphertext data is consistent with above-mentioned be-encrypted data, illustrate Smart card possesses correct symmetric key, and access control equipment determines that smart card authentication passes through.If ciphertext data and above-mentioned to be encrypted Data are inconsistent, then illustrate that smart card does not possess correct symmetric key, access control equipment determines that smart card authentication does not pass through.

In step 405, if smart card authentication passes through, access control equipment sends unblocking key information to smart card.

In a step 406, smart card preserves unblocking key information.

Step 308-309 in step 405-406 and Fig. 3 embodiments is identical, sees above the introduction to step 308-309 Illustrate, details are not described herein again.

In conclusion in the technical solution that the embodiment of the present disclosure provides, in the unlocking power for configuring access control equipment for smart card Before limit, first the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card；Phase Compared with any verification is not done to smart card, directly it configures smart card to the scheme of the unlocking card of access control equipment, the disclosure is real The scheme for applying example offer is able to verify that whether the source of smart card is genuine and believable, avoids unlocking for counterfeit smart card configuration and weigh Limit, improves safety.

In addition, being verified to smart card by the way of symmetric key, verification flow is relatively more simple and efficient.

In the alternative embodiment provided based on Fig. 2, Fig. 3 or Fig. 4 any embodiment, unlock to further ensure that The safety of key information transmission can arrange dual lock key information and carry out the close of encryption and decryption between access control equipment and smart card Then transmission is encrypted in unblocking key information by key.Optionally, which includes the following steps：

1, access control equipment uses the session key dual lock key information arranged between smart card to be encrypted, and is added Unblocking key information after close；

2, access control equipment sends encrypted unblocking key information to smart card；

3, smart card uses the session key arranged between access control equipment to solve encrypted unblocking key information It is close, obtain unblocking key information.

In the embodiments of the present disclosure, the mode that dual lock key information is encrypted is not construed as limiting, such as may be used pair Claim cipher mode, asymmetric encryption mode can also be used.Wherein, symmetric cryptography mode is realized more simple.

Using for symmetric cryptography mode, to be decrypted used in encryption key and decrypting process used in ciphering process Key is identical.Access control equipment is encrypted using encryption key pair lock key information, obtains encrypted configuration data；Intelligence Card is decrypted encrypted unblocking key information using decruption key, obtains unblocking key information.

Using for asymmetric encryption mode, to be solved used in encryption key and decrypting process used in ciphering process Key is different.Access control equipment is encrypted using private key dual lock key information, obtains encrypted unblocking key information；Intelligence It can block and encrypted unblocking key information is decrypted using public key, obtain unblocking key information.

In addition, session key can be generated in advance, and in repeatedly different configuration process, it is close using identical session Key；Alternatively, session key can generate in configuration process each time, and in repeatedly different configuration process, generate in real time Different session key, to further increase the safety of session key.

In a kind of possible embodiment, agreement dual lock is negotiated using following manner between access control equipment and smart card Key information carries out the session key of encryption and decryption：

1, access control equipment generates session key；

Optionally, access control equipment generates session key after smart card authentication passes through.And by the agency of above, it should Session key can be symmetric key, can also be unsymmetrical key.

2, session key is encrypted in access control equipment, obtains key information；

In a kind of possible embodiment, smart card is verified if it is the mode based on digital certificate, due to Access control equipment has got the public key of the digital certificate of smart card, therefore door during being verified to smart card Session key is encrypted in the public key that digital certificate may be used in taboo equipment, obtains key information.Subsequently, it is used by smart card Key information is decrypted in the private key of digital certificate, obtains session key.

In alternatively possible embodiment, smart card is verified if it is the mode based on symmetric key, then Session key is encrypted in the symmetric key that smart card preset in access control equipment may be used in access control equipment, obtains key letter Breath.Subsequently, key information is decrypted using preset symmetric key by smart card, obtains session key.

Certainly, in other possible embodiments, key can also be adopted used by carrying out encryption and decryption to session key It otherwise holds consultation agreement, the embodiment of the present disclosure is not construed as limiting this.

3, access control equipment sends key information to smart card；

4, key information is decrypted in smart card, obtains session key；

5, smart card preserves session key.

Smart card preserves the session key that above-mentioned decryption obtains, so as to subsequently to encrypted unblocking key information It is used when being decrypted.

In the embodiments of the present disclosure, it is transmitted after being encrypted by dual lock key information, it can be ensured that unblocking key is believed Breath only has legitimate receiver that could obtain, even if other disabled users can be because if get encrypted unblocking key information For incorrect decruption key can not successful decryption go out unblocking key information, to ensure the safety of unblocking key information Property.

In addition, the session key that dual lock key information uses when being decrypted, which is also encryption, is supplied to smart card, fully The safety for ensuring the session key is difficult to be stolen.

In addition, access control equipment can first be negotiated with smart card before sending unblocking key information to smart card each time Arrange session key used by this encryption, to use different session keys in different configuration process, fully really Protect the safety of unblocking key information.

In the following, explanation is introduced by Fig. 5 embodiment dual lock processes.As shown in figure 5, unlocking process may include as Under several steps：

In step 501, access control equipment is in operating mode, if detecting smart card, access control equipment Verification request is sent to smart card.

Verification data is carried in verification request.Optionally, above-mentioned verification data is the hop count being preset in access control equipment According to can also be one piece of data that access control equipment generates after detecting smart card or access control equipment from other channels The data of acquisition, the embodiment of the present disclosure are not construed as limiting this.Optionally, above-mentioned verification data is random information, such as random number.Door Different verification datas can be generated respectively, to improve safety during unlocking each time by prohibiting equipment.

In step 502, smart card is encrypted verification data using unblocking key, generates ciphertext data.

Optionally, for some access control equipment, the unblocking key provided to different smart cards can be identical, It can also be different.When access control equipment provides different unblocking keys for different smart cards, it is ensured that unblocking key specially blocks It is special, further increase confidentiality and the safety of unblocking key.

In step 503, smart card sends ciphertext data to access control equipment.

In step 504, whether access control equipment is correct according to the unblocking key of ciphertext data verification smart card.

Optionally, access control equipment solves ciphertext data using the unblocking key of the above-mentioned smart card of its local terminal storage It is close, obtain ciphertext data.If ciphertext data is consistent with verification data, access control equipment is confirming the unblocking key of smart card just Really；If ciphertext data and verification data are inconsistent, access control equipment confirms that the unblocking key of smart card is incorrect.

In step 505, if the unblocking key of smart card is correct, access control equipment triggering is unlocked.

Optionally, if the unblocking key of smart card is incorrect, access control equipment sends out the prompt for being used to indicate failure of unlocking Information.

Optionally, in configuration process, access control equipment is also sent out to smart card other than sending unblocking key to smart card Send the attribute information of unblocking key.Wherein, the attribute information of unblocking key includes but not limited at least one of following：It identifies, have Effect phase, permission.Wherein, the mark of unblocking key is for uniquely indicating that unblocking key, different unblocking keys have different marks Know；The term of validity of unblocking key is used to indicate the unblocking key effective period, and unblocking key can trigger before the deadline It unlocks, unlocking can not be then triggered beyond the term of validity；The permission of unblocking key is used to indicate the permission that the unblocking key has, example The unblocking key can such as be set can trigger unlocking period in which daily.

If access control equipment provides the attribute information of unblocking key in configuration process to smart card, access control equipment exists After detecting smart card, first information read requests are sent to smart card；Smart card is according to above- mentioned information read requests, to gate inhibition Equipment sends the attribute information of unblocking key；Access control equipment determines that smart card possessed opens according to the attribute information received The attribute of key is locked, then the interaction flow of access control equipment 501-505 through the above steps, the unblocking key of smart card is carried out Verification.

In one example, when the attribute information of unblocking key includes the mark of unblocking key, access control equipment is according to connecing The attribute information received determines the unblocking key that smart card is possessed.Later, access control equipment is gathered around according to the smart card determined Whether ciphertext data are decrypted in some unblocking keys, correct with the unblocking key for verifying smart card.

In another example, when the attribute information of unblocking key includes the attributes such as the term of validity, the permission of unblocking key, Access control equipment determines the attribute for the unblocking key that smart card is possessed according to the attribute information received.Later, access control equipment root According to the attribute for the unblocking key that the smart card determined is possessed, whether detection smart card has unlocking authority, if smart card With unlocking authority, and the unblocking key of smart card is correct, then triggers unlocking.

In conclusion the embodiment of the present disclosure provide scheme in, by during unlocking to the unblocking key of smart card It is verified, to distinguish the true and false of smart card according to unblocking key, it is ensured that the safety of unlocking.

In addition, during unlocking, unblocking key does not need to plaintext transmission, and encryption and decryption is carried out using to verification data Mode verifies whether smart card has correct unblocking key, has substantially ensured confidentiality and the safety of unblocking key.

In addition, the attribute information by the way that unblocking key is arranged, can realize that the specially card of unblocking key is special, term of validity control The functions such as system, permission control so that unlocking process is more flexible controllable.

It should be noted is that in above method embodiment, the angle only from interaction between each main body, to this public affairs It opens technical solution and is described explanation.The above-mentioned step related to smart card can be implemented separately as the side of smart card side Method, the above-mentioned step related to access control equipment can be implemented separately as the method for access control equipment side.In addition, when smart card is to set When the virtual card being placed in mobile terminal, the above-mentioned step related to smart card can be by mobile terminal execution, or by moving SE in dynamic terminal is executed, and the embodiment of the present disclosure is not construed as limiting this.

Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.

Referring to FIG. 6, it illustrates the block diagrams of the configuration device of the smart card of an embodiment of the present disclosure offer.The device It can be applied in access control equipment, which has the function of realizing that access control equipment side step is rapid in above method example, the function Can corresponding software realization can also be executed by hardware by hardware realization.The device may include：Data obtaining module 610, First authentication module 620 and information sending module 630.

Data obtaining module 610 is configured as before the unlocking authority for configuring the access control equipment for smart card, is obtained The verification information of the smart card.

First authentication module 620, is configured as the verification information according to the smart card, tests the smart card Card.

Information sending module 630, be configured as when the smart card authentication by when, to the smart card send unlock it is close Key information.

In conclusion in the technical solution that the embodiment of the present disclosure provides, in the unlocking power for configuring access control equipment for smart card Before limit, first the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card；Phase Compared with any verification is not done to smart card, directly it configures smart card to the scheme of the unlocking card of access control equipment, the disclosure is real The scheme for applying example offer is able to verify that whether the source of smart card is genuine and believable, avoids unlocking for counterfeit smart card configuration and weigh Limit, improves safety.

In the alternative embodiment provided based on Fig. 6 embodiments, the verification information of the smart card includes：The intelligence The public key for the digital certificate that can block；

First authentication module 620, is configured as：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

When the digital certificate is effective, the first checking request is sent to the smart card, in first checking request Carry data to be signed；

The signed data that the smart card is sent is received, the signed data uses the digital certificate by the smart card Private key sign to the data to be signed after generate；

When obtaining the data to be signed to the signed data successful decryption using the public key of the digital certificate, really The fixed smart card authentication passes through.

In another alternative embodiment provided based on Fig. 6 embodiments, the verification information of the smart card includes：It is described The symmetric key of smart card；

First authentication module 620, is configured as：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using in the smart card Preset symmetric key generates after the be-encrypted data is encrypted；

When the symmetric key using the preset smart card in the access control equipment is to the encryption data successful decryption When obtaining the be-encrypted data, determine that the smart card authentication passes through.

In another alternative embodiment provided based on Fig. 6 embodiments, described information sending module 630 is configured as：

The unblocking key information is encrypted using the session key arranged between the smart card, is encrypted Unblocking key information afterwards；

The encrypted unblocking key information is sent to the smart card.

Optionally, described device further includes key sending module, is configured as：

Generate the session key；

The session key is encrypted, key information is obtained；

The key information is sent to the smart card.

In another alternative embodiment provided based on Fig. 6 embodiments, the unblocking key information includes：It unlocks close Key；

Described device further includes the first unlocking module, is configured as：

In operating mode, when detecting the smart card, verification request is sent to the smart card, Verification data is carried in the verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data use the unblocking key by the smart card It is generated after the verification data is encrypted；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

When the unblocking key of the smart card is correct, triggering is unlocked.

Optionally, the unblocking key information further includes：The attribute information of the unblocking key；

First unlocking module, is additionally configured to：

In the operating mode, when detecting the smart card, information is sent to the smart card Read requests；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

When the smart card have the unlocking authority, and the smart card unblocking key it is correct when, triggering unlock.

Referring to FIG. 7, it illustrates the block diagrams of the configuration device of the smart card of the disclosure another embodiment offer.The dress It sets and can be applied in smart card, which has the function of realizing that smart card side step is rapid in above method example, and the function can By hardware realization, corresponding software realization can also be executed by hardware.The device may include：Second authentication module 710, letter Cease receiving module 720 and information preservation module 730.

Second authentication module 710 is configured as before the unlocking authority for configuring access control equipment for the smart card, with institute It states access control equipment to interact, to verify the smart card.

Information receiving module 720 is configured as after the access control equipment passes through the smart card authentication, receives institute State the unblocking key information of access control equipment transmission.

Information preservation module 730 is configured as preserving the unblocking key information.

In conclusion in the technical solution that the embodiment of the present disclosure provides, in the unlocking power for configuring access control equipment for smart card Before limit, first the smart card is verified, unblocking key information is provided in the case where being verified, then to smart card；Phase Compared with any verification is not done to smart card, directly it configures smart card to the scheme of the unlocking card of access control equipment, the disclosure is real The scheme for applying example offer is able to verify that whether the source of smart card is genuine and believable, avoids unlocking for counterfeit smart card configuration and weigh Limit, improves safety.

In the alternative embodiment provided based on Fig. 7 embodiments, second authentication module 710 is configured as：

The certification verification request that the access control equipment is sent is received, the certification verification request is for intelligence described in acquisition request The public key for the digital certificate that can block；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, described in reception The first checking request that access control equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public affairs using the digital certificate After key obtains the data to be signed to the signed data successful decryption, confirm that the smart card authentication passes through.

In another alternative embodiment provided based on Fig. 7 embodiments, second authentication module 710 is configured as：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for pre- in using the access control equipment After the symmetric key for the smart card set obtains the be-encrypted data to the encryption data successful decryption, described in confirmation Smart card authentication passes through.

In another alternative embodiment provided based on Fig. 7 embodiments, described information receiving module 720 is configured as：

Receive the encrypted unblocking key information that the access control equipment is sent；

The encrypted unblocking key information is solved using the session key arranged between the access control equipment It is close, obtain the unblocking key information.

Optionally, described device further includes key reception module, is configured as：

The key information that the access control equipment is sent is received, the key information is close to the session by the access control equipment Key obtains after being encrypted；

The key information is decrypted, the session key is obtained；

Preserve the session key.

In another alternative embodiment provided based on Fig. 7 embodiments, the unblocking key information includes：It unlocks close Key；

Described device further includes the second unlocking module, is configured as：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to the ciphertext data verification After the unblocking key of the smart card is correct, triggering is unlocked.

Optionally, the unblocking key information further includes：The attribute information of the unblocking key；

Second unlocking module, is additionally configured to：

Receive the information read requests that the access control equipment is sent；

The attribute information is sent to the access control equipment, so that the access control equipment is according to the attribute information, is determined The attribute for the unblocking key that the smart card is possessed.

It should be noted is that above-described embodiment provide device when realizing its function, only with above-mentioned each function The division progress of module, can be according to actual needs and by above-mentioned function distribution by different work(for example, in practical application Can module complete, i.e., the content structure of terminal device is divided into different function modules, with complete it is described above whole or Person's partial function.

About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method Embodiment in be described in detail, explanation will be not set forth in detail herein.

One exemplary embodiment of the disclosure additionally provides a kind of configuration device of smart card, such as the device can be gate inhibition Equipment.The device may include：Processor, the memory of the executable instruction for storing the processor.Wherein, the place Reason device is configured as：

Before the unlocking authority for configuring the access control equipment for smart card, the verification information of the smart card is obtained；

According to the verification information of the smart card, the smart card is verified；

When the smart card authentication by when, to the smart card send unblocking key information.

In a possible design, the verification information of the smart card includes：The public affairs of the digital certificate of the smart card Key；

The processor is configured as：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

When the digital certificate is effective, the first checking request is sent to the smart card, in first checking request Carry data to be signed；

The signed data that the smart card is sent is received, the signed data uses the digital certificate by the smart card Private key sign to the data to be signed after generate；

When obtaining the data to be signed to the signed data successful decryption using the public key of the digital certificate, really The fixed smart card authentication passes through.

In another possible design, the verification information of the smart card includes：The symmetric key of the smart card；

The processor is configured as：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using in the smart card Preset symmetric key generates after the be-encrypted data is encrypted；

When the symmetric key using the preset smart card in the access control equipment is to the encryption data successful decryption When obtaining the be-encrypted data, determine that the smart card authentication passes through.

In another possible design, the unblocking key information includes：Unblocking key；

The processor is additionally configured to：

In operating mode, if detecting the smart card, verification request is sent to the smart card, Verification data is carried in the verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data use the unblocking key by the smart card It is generated after the verification data is encrypted；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

When the unblocking key of the smart card is correct, triggering is unlocked.

Optionally, the unblocking key information further includes：The attribute information of the unblocking key；

The processor is additionally configured to：

In the operating mode, if detecting the smart card, information is sent to the smart card Read requests；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

When the smart card have the unlocking authority, and the smart card unblocking key it is correct when, triggering unlock.

One exemplary embodiment of the disclosure additionally provides a kind of configuration device of smart card, such as the device can be intelligence Block or be stored with the mobile terminal of smart card.The device may include：Processor, for storing the executable of the processor The memory of instruction.Wherein, the processor is configured as：

Before the unlocking authority for configuring access control equipment for the smart card, interacted with the access control equipment, with right The smart card is verified；

After the access control equipment passes through the smart card authentication, the unblocking key that the access control equipment is sent is received Information；

Preserve the unblocking key information.

In a possible design, the processor is configured as：

The certification verification request that the access control equipment is sent is received, the certification verification request is for intelligence described in acquisition request The public key for the digital certificate that can block；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, described in reception The first checking request that access control equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public affairs using the digital certificate After key obtains the data to be signed to the signed data successful decryption, confirm that the smart card authentication passes through.

In another possible design, the processor is configured as：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for pre- in using the access control equipment After the symmetric key for the smart card set obtains the be-encrypted data to the encryption data successful decryption, described in confirmation Smart card authentication passes through.

In another possible design, the unblocking key information includes：Unblocking key；

The processor is additionally configured to：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to the ciphertext data verification After the unblocking key of the smart card is correct, triggering is unlocked.

One exemplary embodiment of the disclosure additionally provides a kind of non-transitorycomputer readable storage medium, is stored thereon with Computer program when the computer program is executed by the processor of access control equipment, realizes the gate inhibition provided such as above-described embodiment The configuration method of equipment side.

One exemplary embodiment of the disclosure additionally provides a kind of non-transitorycomputer readable storage medium, is stored thereon with Computer program when the computer program is executed by the processor of smart card or mobile terminal, is realized as above-described embodiment carries The configuration method of the smart card side of confession.

Illustratively, the non-transitorycomputer readable storage medium can be read-only memory (ROM), arbitrary access Memory (RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..

It should be understood that referenced herein " multiple " refer to two or more."and/or", description association The incidence relation of object indicates may exist three kinds of relationships, for example, A and/or B, can indicate：Individualism A, exists simultaneously A And B, individualism B these three situations.It is a kind of relationship of "or" that character "/", which typicallys represent forward-backward correlation object,.

Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or Person's adaptive change follows the general principles of this disclosure and includes the undocumented common knowledge in the art of the disclosure Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following Claim is pointed out.

It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.

Claims (21)

1. a kind of configuration method of smart card, which is characterized in that it is applied in access control equipment, the method includes：

Before the unlocking authority for configuring the access control equipment for smart card, the verification information of the smart card is obtained；

According to the verification information of the smart card, the smart card is verified；

If the smart card authentication passes through, unblocking key information is sent to the smart card.

2. according to the method described in claim 1, it is characterized in that, the verification information of the smart card includes：The smart card Digital certificate public key；

The verification information according to the smart card verifies the smart card, including：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

If the digital certificate is effective, the first checking request is sent to the smart card, is carried in first checking request Data to be signed；

The signed data that the smart card is sent is received, the signed data is used the private of the digital certificate by the smart card Key generates after signing to the data to be signed；

The data to be signed are obtained to the signed data successful decryption according to the public key of the digital certificate, it is determined that institute Smart card authentication is stated to pass through.

3. according to the method described in claim 1, it is characterized in that, the verification information of the smart card includes：The smart card Symmetric key；

The verification information according to the smart card verifies the smart card, including：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using preset in the smart card Symmetric key the be-encrypted data is encrypted after generate；

The encryption data successful decryption is obtained according to the symmetric key of the smart card preset in the access control equipment The be-encrypted data, it is determined that the smart card authentication passes through.

4. method according to any one of claims 1 to 3, which is characterized in that the unblocking key information includes：It unlocks close Key；

The method further includes：

In operating mode, if detecting the smart card, verification request is sent to the smart card, it is described Verification data is carried in verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data are by the smart card using the unblocking key to institute It states after verification data is encrypted and generates；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

If the unblocking key of the smart card is correct, unlocking is triggered.

5. according to the method described in claim 4, it is characterized in that, the unblocking key information further includes：The unblocking key Attribute information；

The method further includes：

In the operating mode, if detecting the smart card, sends information to the smart card and read Request；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

If the smart card has the unlocking authority, and the unblocking key of the smart card is correct, then executes the triggering and open The step of lock.

6. a kind of configuration method of smart card, which is characterized in that it is applied in smart card, the method includes：

Before the unlocking authority for configuring access control equipment for the smart card, interacted with the access control equipment, with to described Smart card is verified；

After the access control equipment passes through the smart card authentication, the unblocking key letter that the access control equipment is sent is received Breath；

Preserve the unblocking key information.

7. according to the method described in claim 6, it is characterized in that, described interact with the access control equipment, with to described Smart card is verified, including：

The certification verification request that the access control equipment is sent is received, the certification verification request is for smart card described in acquisition request Digital certificate public key；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, the gate inhibition is received The first checking request that equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public key pair using the digital certificate After the signed data successful decryption obtains the data to be signed, confirm that the smart card authentication passes through.

8. according to the method described in claim 6, it is characterized in that, described interact with the access control equipment, with to described Smart card is verified, including：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for using preset in the access control equipment After the symmetric key of the smart card obtains the be-encrypted data to the encryption data successful decryption, the intelligence is confirmed Card is verified.

9. according to claim 6 to 8 any one of them method, which is characterized in that the unblocking key information includes：It unlocks close Key；

The method further includes：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to described in the ciphertext data verification After the unblocking key of smart card is correct, triggering is unlocked.

10. a kind of configuration device of smart card, which is characterized in that be applied in access control equipment, described device includes：

Data obtaining module is configured as before the unlocking authority for configuring the access control equipment for smart card, obtains the intelligence The verification information that can block；

First authentication module is configured as the verification information according to the smart card, is verified to the smart card；

Information sending module, be configured as when the smart card authentication by when, to the smart card send unblocking key information.

11. device according to claim 10, which is characterized in that the verification information of the smart card includes：The intelligence The public key of the digital certificate of card；

First authentication module, is configured as：

According to the public key of the digital certificate, whether effective the digital certificate is verified；

When the digital certificate is effective, the first checking request is sent to the smart card, is carried in first checking request Data to be signed；

The signed data that the smart card is sent is received, the signed data is used the private of the digital certificate by the smart card Key generates after signing to the data to be signed；

When obtaining the data to be signed to the signed data successful decryption using the public key of the digital certificate, institute is determined Smart card authentication is stated to pass through.

12. device according to claim 10, which is characterized in that the verification information of the smart card includes：The intelligence The symmetric key of card；

First authentication module, is configured as：

The second checking request is sent to the smart card, be-encrypted data is carried in second checking request；

The encryption data that the smart card is sent is received, the encryption data is by the smart card using preset in the smart card Symmetric key the be-encrypted data is encrypted after generate；

When the symmetric key using the preset smart card in the access control equipment obtains the encryption data successful decryption When the be-encrypted data, determine that the smart card authentication passes through.

13. according to claim 10 to 12 any one of them device, which is characterized in that the unblocking key information includes：It opens Lock key；

Described device further includes the first unlocking module, is configured as：

In operating mode, when detecting the smart card, verification request is sent to the smart card, it is described Verification data is carried in verification request；

The ciphertext data that the smart card is sent are received, the ciphertext data are by the smart card using the unblocking key to institute It states after verification data is encrypted and generates；

Whether the unblocking key according to smart card described in the ciphertext data verification is correct；

When the unblocking key of the smart card is correct, triggering is unlocked.

14. device according to claim 13, which is characterized in that the unblocking key information further includes：The unlocking is close The attribute information of key；

First unlocking module, is additionally configured to：

In the operating mode, when detecting the smart card, sends information to the smart card and read Request；

Receive the attribute information that the smart card is sent；

According to the attribute information, the attribute for the unblocking key that the smart card is possessed is determined；

According to the attribute for the unblocking key that the smart card is possessed, detect whether the smart card has unlocking authority；

When the smart card have the unlocking authority, and the smart card unblocking key it is correct when, triggering unlock.

15. a kind of configuration device of smart card, which is characterized in that be applied in smart card, described device includes：

Second authentication module is configured as before the unlocking authority for configuring access control equipment for the smart card, with the gate inhibition Equipment interacts, to be verified to the smart card；

Information receiving module is configured as after the access control equipment passes through the smart card authentication, receives the gate inhibition The unblocking key information that equipment is sent；

Information preservation module is configured as preserving the unblocking key information.

16. device according to claim 15, which is characterized in that second authentication module is configured as：

The certification verification request that the access control equipment is sent is received, the certification verification request is for smart card described in acquisition request Digital certificate public key；

The public key of the digital certificate is sent to the access control equipment；

After the digital certificate described in public key verifications of the access control equipment according to the digital certificate is effective, the gate inhibition is received The first checking request that equipment is sent carries data to be signed in first checking request；

It is signed to the data to be signed using the private key of the digital certificate, generates signed data；

The signed data is sent to the access control equipment, the access control equipment is used in the public key pair using the digital certificate After the signed data successful decryption obtains the data to be signed, confirm that the smart card authentication passes through.

17. device according to claim 15, which is characterized in that second authentication module is configured as：

The second checking request that the access control equipment is sent is received, be-encrypted data is carried in second checking request；

The be-encrypted data is encrypted using symmetric key preset in the smart card, generates encryption data；

The encryption data is sent to the access control equipment, the access control equipment is used for using preset in the access control equipment After the symmetric key of the smart card obtains the be-encrypted data to the encryption data successful decryption, the intelligence is confirmed Card is verified.

18. according to claim 15 to 17 any one of them device, which is characterized in that the unblocking key information includes：It opens Lock key；

Described device further includes the second unlocking module, is configured as：

The verification request that the access control equipment is sent is received, verification data is carried in the verification request；

The verification data is encrypted using the unblocking key, generates ciphertext data；

The ciphertext data are sent to the access control equipment, the access control equipment is used for according to described in the ciphertext data verification After the unblocking key of smart card is correct, triggering is unlocked.

19. a kind of configuration device of smart card, which is characterized in that described device includes：

Processor；

Memory for the executable instruction for storing the processor；

Wherein, the processor is configured as：

Before the unlocking authority for configuring the access control equipment for smart card, the verification information of the smart card is obtained；

According to the verification information of the smart card, the smart card is verified；

If the smart card authentication passes through, unblocking key information is sent to the smart card.

20. a kind of configuration device of smart card, which is characterized in that described device includes：

Processor；

Memory for the executable instruction for storing the processor；

Wherein, the processor is configured as：

Before the unlocking authority for configuring access control equipment for the smart card, interacted with the access control equipment, with to described Smart card is verified；

After the access control equipment passes through the smart card authentication, the unblocking key letter that the access control equipment is sent is received Breath；

Preserve the unblocking key information.

21. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the meter It realizes such as the step of any one of claim 1 to 5 the method, or is realized as right is wanted when calculation machine program is executed by processor The step of seeking any one of 6 to 9 the method.