CN108574572A

CN108574572A - A kind of card washes the method and device of card distribution

Info

Publication number: CN108574572A
Application number: CN201710145113.4A
Authority: CN
Inventors: 李长水
Original assignee: Hangzhou Hikvision Digital Technology Co Ltd
Current assignee: Hangzhou Hikvision Digital Technology Co Ltd
Priority date: 2017-03-13
Filing date: 2017-03-13
Publication date: 2018-09-25
Anticipated expiration: 2037-03-13
Also published as: CN108574572B

Abstract

An embodiment of the present invention provides the method and devices that a kind of card washes card distribution, wherein method includes：Compare the key in manufacture key and the card card to be washed in key master card；When there is the manufacture key being consistent with the key in card card to be washed in key master card, the first matching key is sent to card card to be washed, being updated to wash card card for the first time；Compare second washed in card key card to wash card key and wash the key in card card for the first time；When wash in card key card exist with first matching key be consistent second wash card key when, send second matching key to card card is washed for the first time, be updated to wash card card for the second time；Compare the second user associated key in work main card and washes the second matching key deposited in card card for the second time；When second user associated key is consistent with the second matching key, it is written into exclusive key and is sent to and wash card card for the second time, generate card to be issued.Safety of card during washing card distribution can be improved through the invention.

Description

A kind of card washes the method and device of card distribution

Technical field

The present invention relates to field of information security technology, and the method and device of card distribution is washed more particularly to a kind of card.

Background technology

Currently, people using more card include IC (Integrated Circuit, integrated circuit) card, smart card, All-purpose card etc., these cards can bring economic loss in case of loss to user, therefore, while issuing card, need Key is written to card, to ensure the safety of card.Card manufacturer when card dispatches from the factory, can to card it is filling general or Default key, it is Bai Ka or empty calorie to be commonly referred to as filled with general or default key card, and then, card operator is by washing card Mode to blocking in vain filling or issue new key to empty calorie.

Existing to wash in chucking method, card operator utilizes key after the card for receiving the offer of card manufacturer Device or authorization machine are issued, it is filling to the disposable key of card progress, the initial generic key blocked in vain is replaced with into new key. It is this disposably to wash card mode, if operation error, such as when filling key and card mismatch, can cause filling close Key mistake, and under the premise of knowing the initial generic key of white card, anyone can be by disposably washing card mode pair Card key progress is filling, and safety is extremely low.

Invention content

A kind of method and device for being designed to provide card and washing card distribution of the embodiment of the present invention, is being washed with improving card The safety of key during card distribution.Specific technical solution is as follows：

In a first aspect, an embodiment of the present invention provides a kind of method that card washes card distribution, the method includes：

The key for comparing at least one manufacture key stored in key master card and being stored in card card to be washed, wherein institute It states and is stored in key master card：At least one manufacture key and each manufacture key corresponding first wash card key；

When the manufacture key for being stored in the key master card, being consistent with the key stored in the card card to be washed, First corresponding to the manufacture key being consistent with the key stored in the card card to be washed is washed into card key as the first matching Key, and the first matching key is sent to the card card to be washed, to update the key stored in the card card to be washed For the first matching key, generates and wash card card for the first time；

Compare that at least one second for washing and being stored in card key card washes card key and the first time washes in card card and stores First matching key, wherein described wash in card key card is stored with：At least one second washes card key and each second washes card The corresponding first user-association key of key；

When it is described wash in card key card be stored with, be consistent with the first matching key second wash card key when, will be with The second the first user-association key washed corresponding to card key that the first matching key is consistent matches key as second, and Send it is described second matching key to the first time wash card card, wash stored in card card first to update the first time Matching key is the second matching key, generates and wash card card for the second time；

Compare the second user associated key stored in work main card and described washes second stored in card card for the second time Match key, wherein be stored in the work main card：Second user associated key and the second user associated key correspond to Exclusive key to be written；

When the second user associated key is consistent with the second matching key, the exclusive key to be written is sent out It send to described and washes card card for the second time, be described to be written to update stored in card card the second matching key of washing for the second time Enter exclusive key, generate card to be issued.

Optionally, it is stored at least one manufacture key and card card to be washed that are stored in the relatively key master card close After key, the method further includes：

When the key stored in the card card to be washed is not consistent with any manufacture key, the card card to be washed is determined Piece is illegal card, and stops washing card operation；

The comparison washes that at least one second stored in card key card washes card key and the first time washes in card card After first matching key of storage, the method further includes：

When the first time, which washes the first matching key stored in card card, washes card key with any second and be not consistent, It is illegal card to determine that the first time washes card card, and stops washing card operation；

The second user associated key that stores and described wash for the second time store in card card in the relatively work main card After second matching key, the method further includes：

The second matching key and any second user associated key for being stored in card card not phase is washed for the second time when described Fu Shi determines that the card card of washing for the second time is illegal card, and stops washing card operation.

Optionally, the comparison washes that at least one second stored in card key card washes card key and the first time washes card Before the first matching key stored in card, the method further includes：

Obtain the first key factor；

Card key is washed according to each manufacture key corresponding first and the first key factor is obtained by cryptographic operation The corresponding first user-association key of card key is washed to each first；

Card key is washed using first and washes card key as second, and washes card key and all first users pass according to all second Card key card is washed in connection key generation.

Optionally, it the second user associated key that stores and described is washed for the second time in card card in the relatively work main card Before second matching key of storage, the method further includes：

Obtain the second cryptographic key factor；

According to second cryptographic key factor, by cryptographic operation, obtain using with specified in all first user-association keys The relevant second user associated key in family and the corresponding exclusive key to be written of the second user associated key；

According to the second user associated key and the exclusive key to be written, work main card is generated.

Optionally, the quantity for washing card key card is n, wherein n is greater than or equal to 1；

The comparison washes that at least one second stored in card key card washes card key and the first time washes in card card First matching key of storage, including：

Card key card is washed for every, is obtained at least one second and is washed card key and each second wash card key corresponding the One user-association key；

Obtain the first time wash stored in card card first matching key and through i-th wash card key card update described in After washing card card for the first time, the first time wash the key stored in card card, wherein described i-th is washed card key card as n Wash any in card key card；

More each second wash card key and the first time washes the key stored in card card successively；

It is described to make the second the first user-association key washed corresponding to card key being consistent with the first matching key For second matching key, and send it is described second matching key to the first time wash card card, washed with updating the first time The the first matching key stored in card card is the second matching key, generates and wash card card for the second time, including：

When through (i-1)-th wash card key card update first time wash card card after, the first time washes in card card and deposits When the key of storage washes any second stored in card key card with i-th and washes card key and be consistent, card key card is washed by described i-th In, wash with the first time key stored in card card is consistent second and wash the corresponding first user-association key hair of card key It send to the first time and washes card card, be n-th until the first time to be washed to the key updating that is stored in card card to wash card close The key stored in card card is consistent second is washed in key card, with the first time, and to wash corresponding first user-association of card key close Card card is washed in key, generation for the second time.

Second aspect, an embodiment of the present invention provides the device that a kind of card washes card distribution, described device includes：

First comparison module, for comparing at least one manufacture key stored in key master card and being deposited in card card to be washed The key of storage, wherein be stored in the key master card：At least one manufacture key and each manufacture key corresponding first are washed Card key；

For the first time wash card card production module, for work as in the key master card be stored with, with the card card to be washed in When the manufacture key that the key of storage is consistent, corresponding to the manufacture key being consistent with the key stored in the card card to be washed First wash card key as the first matching key, and send the first matching key to the card card to be washed, with update The key stored in the card card to be washed is the first matching key, generates and wash card card for the first time；

Second comparison module washes card key and described first for comparing wash and stored in card key card at least one second It is secondary to wash the first matching key stored in card card, wherein described wash in card key card is stored with：At least one second to wash card close Key and each second wash the corresponding first user-association key of card key；

Wash card card production module for the second time, for when it is described wash in card key card be stored with, matched with described first it is close Key be consistent second when washing card key, be consistent with the first matching key second is washed the first user corresponding to card key Associated key as second matching key, and send it is described second matching key to the first time wash card card, to update The the first matching key washed store in card card for the first time is stated to be the second matching key, generate and wash card card for the second time；

Third comparison module, for comparing the second user associated key stored in work main card and described washing card for the second time The the second matching key stored in card, wherein be stored in the work main card：Second user associated key and described second The corresponding exclusive key to be written of user-association key；

Card to be issued produces module, is consistent with the second matching key for working as the second user associated key When, by the exclusive key to be written be sent to it is described wash card card for the second time, deposited with updating described wash for the second time in card card Second matching key of storage is the exclusive key to be written, generates card to be issued.

Optionally, described device further includes：

Illegal card determining module, for when the key stored in the card card to be washed and any manufacture key not phase Fu Shi determines that the card card to be washed is illegal card, and stops washing card operation；It is stored in card card when the first time washes When first matching key washes card key with any second and is not consistent, determine that the first time washes card card as illegal card, and Card operation is washed in stopping；When it is described wash for the second time stored in card card second matching key and any second user associated key it is equal When not being consistent, determine that the card card of washing for the second time is illegal card, and stop washing card operation.

Optionally, described device further includes：

First acquisition module, for obtaining the first key factor；

First encrypting module, for according to each manufacture key corresponding first wash card key and the first key because Son obtains each first and washes the corresponding first user-association key of card key by cryptographic operation；

Card key card generation module is washed, washes card key as second for washing card key using first, and according to all second It washes card key and card key card is washed in the generation of all first user-association keys.

Optionally, described device further includes：

Second acquisition module, for obtaining the second cryptographic key factor；

Second encrypting module, for obtaining all first users by cryptographic operation according to second cryptographic key factor and closing Join corresponding with the relevant second user associated key of designated user and the second user associated key to be written special in key Belong to key；

Work main card generation module, for according to the second user associated key and the exclusive key to be written, life At work main card.

Second comparison module, is specifically used for：

It is described to wash card card production module for the second time, it is specifically used for：

The method and device that card provided in an embodiment of the present invention washes card distribution passes through the manufacture in key master card first Manufacture key in key pair card card to be washed carries out key authentication, and certification success then carries out washing card operation for the first time；Then, lead to It crosses second washed in card key card and washes card key to the key progress key authentication stored in card, certification is successful then to carry out second It is secondary to wash card operation；Finally, key is carried out to the key stored in card by the second user associated key in the main card that works to recognize Card, then to read transmission exclusive key to be written, that completes card washes card, obtains card to be issued for certification success.Different washes The card stage can be completed by different station, and only in key authentication success, can just carry out this stage washes card operation, centre Operation error occurs for any one stage, subsequent to wash the card stage and stop executing, to be effectively blocked error accumulation, and The station in each stage only knows the association key in this stage, and can not intervene other stages washes card operation, effectively increases The safety of card key.

Description of the drawings

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.

Fig. 1 is a kind of flow diagram that the card of the embodiment of the present invention washes the method for card distribution；

Fig. 2 is another flow diagram that the card of the embodiment of the present invention washes the method for card distribution；

Fig. 3 is a kind of structural schematic diagram that the card of the embodiment of the present invention washes the device of card distribution；

Fig. 4 is another structural schematic diagram that the card of the embodiment of the present invention washes the device of card distribution.

Specific implementation mode

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

In order to improve the safety of card key, an embodiment of the present invention provides methods and dress that a kind of card washes card distribution It sets.

A kind of method that card washes card distribution is provided for the embodiments of the invention first below to be introduced.

It should be noted that the executive agent that a kind of card that the embodiment of the present invention is provided washes the method for card distribution can be with There is the equipment for washing card function for one or more, DSP (Digital Signal Processor, digital signal can be passed through Processor), ARM (Advanced Reduced Instruction Set Computer Machines, reduced instruction set computing Machine microprocessor) or the chips such as FPGA (Field-Programmable Gate Array, field programmable gate array) patrol Processing is collected, card is carried out through output port to wash card operation.Wherein, realize that a kind of card that the embodiment of the present invention is provided washes card The mode of the method for distribution can be the software, hardware circuit and/or logic circuit being set in executive agent.It requires emphasis It is that the executive agent that a kind of card that the embodiment of the present invention is provided washes the method for card distribution can also be computer, the calculating Machine can read card image by card reader interface.The card that the embodiment of the present invention is applicable in can include but be not limited only to： (Triple Data Encryption Algorithm Central Processing Unit, application are triple for 3DES CPU cards The central processing card of data encryption algorithm), 3DES PSAM cards (Triple Data Encryption Algorithm Purchase Secure Access Module, using the point of sales terminal secure access card of triple data encryption algorithm), The close PSAM cards of the close CPU card of state and state.

As shown in Figure 1, the method that a kind of card that the embodiment of the present invention is provided washes card distribution, may include walking as follows Suddenly：

S101, the key for comparing at least one manufacture key stored in key master card and being stored in card card to be washed.

Wherein, it is stored in key master card：It is close that at least one manufacture key and each manufacture key corresponding first wash card Key.It should be noted that built-in manufacture key and first washes card key in key master card, it is generally the case that manufacture key is Be arranged when card dispatches from the factory by card producer, first wash card key be by key manufacturer be directed to different manufacture key pairs It should be arranged.Card card to be washed, that is, the manufacture produced by card producer block in vain, under normal circumstances, are deposited in card card to be washed Contain the filling manufacture key of card producer.After key manufacturer takes the card card to be washed of card producer, grasped at one Make station, by key master card and card card to be washed be inserted in jointly it is same wash in card apparatus, by key master card pass through card reading interface Manufacture key is transmitted, card comparison is carried out to card card to be washed, that is, carry out card certification.

It is emphasized that in order to ensure the higher safety of key in the present embodiment, it is close that manufacture key and first wash card Key is arranged by two different producers, but in practical situations, and dispatch from the factory key and first to wash card key can also be same The different operation station setting of a producer.It can also achieve the effect that improve the safety that card washes card, therefore, also belong to this The protection domain of inventive embodiments.The method that existing external authentication may be used in cipher key match certification, which is not described herein again.

S102 will be with when the manufacture key for being stored in key master card, being consistent with the key stored in card card to be washed First corresponding to manufacture key that the key stored in card card to be washed is consistent washes card key as the first matching key, concurrently It gives the first matching key to card card to be washed, is the first matching key, generation to update the key stored in card card to be washed Wash card card for the first time.

It should be noted that under normal conditions, there are one the keys corresponding with its one that dispatches from the factory for storage in a key master card A first washes card key, that is, a key master card can only carry out washing card behaviour to the card card to be washed with identical manufacture key Make；But it since card card to be washed and key master card are all batch productions, may be provided with not with batch of card card to be washed Same manufacture key can produce same a collection of key master card, include in this batch of key master card to save the production cost of card The manufacture key of all card cards to be washed and each manufacture key corresponding first wash card key, as long as being stored in key master card There is manufacture key identical with the manufacture key stored in card card to be washed, then sends the manufacture key stored in key master card Corresponding first washes card key to card card to be washed, what this also can be achieved in embodiments of the present invention, belongs to of the invention real Apply the protection domain of example.It is emphasized that when being compared, key master card and card card to be washed are inserted in the same card of washing and set In standby.

It is understood that for the process of cipher key match certification, if card card to be washed has been stored with manufacture key, And wash on card apparatus and be also fitted with a key master card, which is also stored with corresponding manufacture key, it is necessary to match This manufacture key of certification.Specifically, the process of matching certification can be：First, it sends and asks to card card to be washed, application one String random number；Secondly, it sends random number in key master card and encrypts；Then, key authentication order is called, result is given to be washed Card card, then after card card to be washed receives, inside can be gone to decrypt with corresponding manufacture key, if obtained result is equal to above-mentioned Random number, then return " matching certification success ".If matching certification success, sends in key master card and answered with manufacture key pair First wash card key to card card to be washed, update the key in card card to be washed, the key stored in card card to be washed at this time Only first washes card key, and updated card card to be washed is determined as to wash card card for the first time.It obtains washing card card for the first time This stage be properly termed as the first time wash card, the card washed for the first time after card possesses key manufacturer distinctive first and washes card Key, rather than the manufacture key that card producer is arranged when card dispatches from the factory.The process that key is replaced may be used existing close Key exports and newer method, and which is not described herein again.

S103 compares at least one second for washing and being stored in card key card and washes card key and wash in card card and store for the first time First matching key.

Wherein, it washes in card key card and is stored with：At least one second washes card key and each second to wash card key corresponding First user-association key.It should be noted that having washed in card key card built-in and second having washed card key and the first user-association is close Key, it is generally the case that second washes card key washes identical card key or correspondence and key production with first in key master card Producer is distinctive, and the attribute of the first user-association key and user or feature is related and to wash card key with second corresponding.By Card key, which is washed, in second washes with first in key master card that card key is identical or corresponding, then it can be based on to wash card key card What key master card generated, can also be to correspond to generate when generating key master card, and it can includes that key is female to wash in card key card All first wash card key in card, can not also include that first wash card key in key master card entirely.

Specifically, for the embodiment for washing card key card is generated based on key master card, before S103, card washes card hair Capable method can also include：

First, the first key factor is obtained.

Secondly, card key is washed according to each manufacture key corresponding first and the first key factor is obtained by cryptographic operation The corresponding first user-association key of card key is washed to each first.

It should be noted that there is different root keys during cipher key operation, these root keys when in use, waiting for Some parameters used are encrypted as data, and obtained content is just as the key of card.Wherein, some above-mentioned parameters The as first key factor, the first key factor can be the special parameters inputted by key manufacturer, these parameters are general It is related with the attribute that key manufacturer distributes to user, encrypted process is referred to as key and disperses operation.Wherein, user can be with For the operator of card issuing, then different operators has different attributes, for example, different banks, different communication fortune Seek quotient, market etc..The first user-association key corresponding to different users is different.In the present embodiment, it first washes Card key is equivalent to root key, is based on the root key, is encrypted using the first key factor as data, obtains the first user Associated key.

Finally, it washes card key using first and washes card key as second, and card key and all first are washed according to all second Card key card is washed in the generation of user-association key.

It should be noted that in the present embodiment, washing second stored in card key card and washing in card key and key master card First wash that card key is identical, i.e., all first in key master card are washed into card key and corresponding first user-association are close Key is written a neocaine generation and washes card key card.That is, after key manufacturer takes key master card, operated at one Station, by key master card and wash card key card be inserted in jointly it is same wash in card apparatus, by key master card by card reading interface biography It passs first and washes card key and the first user-association key to washing card key card.

It is emphasized that if only there are one manufacture keys and corresponding first to wash card key for storage in key master card, It washes in card key card to be only stored with and washes card key identical second with first and wash card key, multiple second can also be stored and washed Card key, wherein being contained in first washes the identical key of card key, this is all reasonable.

S104, when wash in card key card be stored with, with first matching key be consistent second wash card key when, will be with first What matching key was consistent second washes the first user-association key corresponding to card key as the second matching key, and send this For two matching keys to card card is washed for the first time, it is the second matching to wash the stored in card card first matching key for the first time with update Card card is washed in key, generation for the second time.

It should be noted that under normal conditions, one is washed that storage washes card key there are one second in card key card and its is right The first user-association key answered, that is to say, that wash card key card for one can only be to washing card key with identical second Card card is washed for the first time to carry out washing card operation；But be also batch production due to washing card key card, and passing through the above process can Card card is washed to obtain the first time that multiple are stored with different keys, in order to save the production cost of card, can be produced same It criticizes and washes card key card, this batch is washed in card key card and wash the key stored in card card and each key pair comprising all first times The the first user-association key answered, as long as it is identical to wash the key for being stored in card key card and washing with first time and being stored in card card Second washes card key, then sends and wash this stored in card key card and second wash the corresponding first user-association key of card key to the Card card once is washed, what this also can be achieved in embodiments of the present invention, belong to the protection domain of the embodiment of the present invention.It needs , it is emphasized that when being compared, washes card key card and washing card card is inserted in same wash in card apparatus for the first time.Pass through key Update, this stage for being washed card card for the second time are properly termed as washing card for the second time, and the card washed for the second time after card possesses close Distinctive first user key of key manufacturer.

It is understood that for the process for the cipher key match certification for washing card for the second time, the close of card is washed with above-mentioned first time The process that key matches certification is identical, no longer repeats one by one here.It is emphasized that under normal circumstances, being snapped past to improve to wash The safety of journey, the operation for washing card for the second time and the operation for washing card for the first time can be washed on different stations by different Card apparatus is completed.Certainly, the operation for washing card for the first time and the operation for washing card for the second time are completed if it is on the same station, Belong to the protection domain of the embodiment of the present invention.

The safety for snapping past journey is washed in order to further increase, card key can be washed comprising multiple by washing the process of card for the second time Card, that is, different operation positions is set, card operation is washed by multiple so that only adjacent stations are known wanted matched Key, other stations can not skip operations.

Specifically, the quantity for washing card key card is n, wherein n is greater than or equal to 1.

Optionally, S103 may include：

First, it washes card key card for every, obtains at least one second and wash card key and each second wash card key pair The the first user-association key answered；

Secondly, it obtains and washes the first matching key stored in card card for the first time and wash card key card update the through i-th It is primary wash card card after, wash the key stored in card card for the first time.

Wherein, it is n any washed in card key card that i-th, which is washed card key card,.It should be noted that more for having The case where washing card key card is opened, on each operation position, obtains the first time obtained after a upper operation position operates Card card is washed, this, which is washed for the first time in card card, is stored with operation position using washing card key card to washing card card for the first time It carries out washing newer key after card operates, if it is first operation position, then what is obtained is obtained through washing card operation for the first time The first time for being stored with the first matching key wash card card.

Finally, it more each second washes card key successively and washes the key stored in card card for the first time.

It should be noted that if washing card card to i-th of operation position for the first time, need according to as shown in S103 Step washes this card card for the first time and the card key card of washing of i-th of operation position is compared, specific comparison procedure with S103 is identical, and which is not described herein again.

Optionally, S104 may include：

When through (i-1)-th wash card key card update for the first time wash card card after, wash the key stored in card card for the first time When washing any second stored in card key card with i-th and washing card key and be consistent, i-th is washed in card key card, with for the first time Wash the key stored in card card is consistent second wash the corresponding first user-association key of card key be sent to for the first time wash card Card is washed in card key card until will wash the key updating stored in card card for the first time and be n-th, washes card card with first time The key of middle storage be consistent second wash the corresponding first user-association key of card key, generate wash card card for the second time.

It should be noted that if washing card card to i-th of operation position for the first time, need according to as shown in S104 Step washes the first time obtained after card to washing card card for the first time and washes card card to the card key card of washing of (i-1)-th operation position Piece wash card operation i-th of operation position, specifically washes card and operates identical as S104, which is not described herein again.The operation one It is straight to execute, until n-th of operation position carries out washing card to washing card card for the first time, card card is washed for the second time.

S105 compares the second user associated key stored in work main card and washes second stored in card card for the second time Match key.

Wherein, it is stored in work main card：Second user associated key and second user associated key are corresponding to be written Exclusive key.It should be noted that built-in second user associated key and exclusive key to be written, usual feelings in work main card Under condition, second user associated key is identical as the first user-association key washed in card key card or corresponding and key is given birth to It is distinctive to produce producer, and exclusive key to be written is related with the attribute of specific client and corresponding with second user associated key. Since second user associated key and the first user-association key washed in card key card are identical or corresponding, and wash card key The first user-association key in card is first to wash what card key obtained based on key master card, then the main card that works can also be base It is generated in key master card, or corresponds to generation when generating key master card.It is emphasized that since a Zhang Gong decides Card is just for a particular customer, and therefore, only storage there are one second user associated key and its corresponding waits in the main card that works Exclusive key is written.

Specifically, for the embodiment for generating work main card based on key master card, before S105, card washes card distribution Method can also include：

First, the second cryptographic key factor is obtained.

Secondly, it according to the second cryptographic key factor, by cryptographic operation, obtains using with specified in all first user-association keys The relevant second user associated key in family and the corresponding exclusive key to be written of second user associated key.

It should be noted that there is different root keys during cipher key operation, these root keys when in use, waiting for Some parameters used are encrypted as data, and obtained content is just as the key of card.Wherein, some above-mentioned parameters As the second cryptographic key factor, the second cryptographic key factor can be special parameters input by user, these parameters are generally given with user The attribute of specific client distribution is related, and encrypted process, which is referred to as key, disperses operation.Wherein, user can be card issuing Operator, the specific client that specific client can be faced by operator.For different users, each user has different tools Body client, for the safety of key, the key of each specific client is different.In the present embodiment, the first user-association key It is equivalent to root key, the root key is based on, is encrypted, obtains to be written exclusive close using the second cryptographic key factor as data Key.

Finally, according to second user associated key and exclusive key to be written, work main card is generated.

It should be noted that in the present embodiment, the second user associated key stored in the main card that works is key master card In the first user-association key in one.Key manufacturer can invite user to be given birth to key after taking key master card Produce producer an operation position, by key master card and work main card be inserted in jointly it is same wash in card apparatus, by key master card Any of first user-association key and corresponding exclusive key to be written are transmitted to the main card that works by card reading interface.

S106 is written into exclusive key and is sent to the when second user associated key is consistent with the second matching key It is secondary to wash card card, the stored in card card second matching key is washed with update for the second time and is exclusive key to be written, generates and wait for Issue card.

It should be noted that since a Zhang Gong makees a storage in main card, there are one second user associated key is corresponding with its One exclusive key to be written a, that is to say, that Zhang Gong makees main card can only be to second with identical second user associated key Secondary card card of washing carries out washing card operation.It is emphasized that when being compared, works and main card and wash card card for the second time and be inserted in It is same to wash in card apparatus.By key updating, card to be issued is obtained, card to be issued, which possesses the distinctive of user setting, to be waited for Exclusive key is written.User can will card issuing be issued to specific client.

It is understood that obtaining the process of the cipher key match certification in the stage of card to be issued, washed with above-mentioned first time The process of the cipher key match certification of card and wash for the second time card cipher key match certification process it is identical, no longer repeat one by one here. It is emphasized that under normal circumstances, the safety for snapping past journey is washed in order to improve, obtains the operation, for the second time of card issue It washes the operation of card and washes operating for card for the first time and can be completed by different card apparatus of washing on different stations.Certainly, Once the operation of card is washed, wash the operation of card for the second time and obtains the operation of card to be issued if it is complete on the same station At also belonging to the protection domain of the embodiment of the present invention.

Using the present embodiment, first, by the manufacture key in the manufacture key pair card card to be washed in key master card into Row key authentication, certification success then carry out washing card operation for the first time；Then, card key pair is washed by washing second in card key card The key stored in card carries out key authentication, and card operation is then washed in certification success for the second time；Finally, by the main card that works Second user associated key key authentication is carried out to the key that is stored in card, certification success is then to be written specially to read transmission Belong to key, that completes card washes card, obtains card to be issued.The different card stages of washing can be completed by different station, only be existed When key authentication success, can just carry out this stage washes card operation, and operation error occurs for any one intermediate stage, subsequent to wash The card stage can stop executing, and to be effectively blocked error accumulation, and the station in each stage only knows this stage Association key, can not intervene other stages washes card operation, effectively increases the safety of card key.It is each to wash the card stage only There is the operation position in the stage to have permission card is carried out to wash card operation, had not only maintained the equity of key manufacturer in this way, but also The equity of user operator is maintained, any operation position can not privately operate the card in other stage, effectively carry High safety.And by key master card, wash card key card, work main card wash card and operates, hardware cost is very low.

As shown in Fig. 2, being based on embodiment illustrated in fig. 1, a kind of card that the embodiment of the present invention is provided washes the side of card distribution Method can also include after S101：

S201 determines card card to be washed when the key stored in card card to be washed is not consistent with any manufacture key For illegal card, and stops washing card and operate.

After S103, can also include：

S202 washes card key with any second and is not consistent when washing the first matching key stored in card card for the first time When, determine that it is illegal card to wash card card for the first time, and stop washing card operation.

After S105, can also include：

S203, when washing the second matching key and any second user associated key for being stored in card card not phase for the second time Fu Shi determines that it is illegal card to wash card card for the second time, and stops washing card operation.

It should be noted that washing card for the first time, washing for the second time in the generating process of card and card to be issued, if key It is not consistent, explanation can not carry out card to wash card operation, and card is defined as illegal card, if carrying out washing card behaviour at this time again Make, illustrate for illegal operation, it is therefore desirable to which card operation is washed in stopping.

Using the present embodiment, first, by the manufacture key in the manufacture key pair card card to be washed in key master card into Row key authentication, certification success then carry out washing card operation for the first time；Then, card key pair is washed by washing second in card key card The key stored in card carries out key authentication, and card operation is then washed in certification success for the second time；Finally, by the main card that works Second user associated key key authentication is carried out to the key that is stored in card, certification success is then to be written specially to read transmission Belong to key, that completes card washes card, obtains card to be issued.The different card stages of washing can be completed by different station, only be existed When key authentication success, can just carry out this stage washes card operation, and operation error occurs for any one intermediate stage, subsequent to wash The card stage can stop executing, and to be effectively blocked error accumulation, and the station in each stage only knows this stage Association key, can not intervene other stages washes card operation, effectively increases the safety of card key.It is each to wash the card stage only There is the operation position in the stage to have permission card is carried out to wash card operation, had not only maintained the equity of key manufacturer in this way, but also The equity of user operator is maintained, any operation position can not privately operate the card in other stage, effectively carry High safety.And by key master card, wash card key card, work main card wash card and operates, hardware cost is very low.And lead to It crosses and the card that in comparison procedure, key is not consistent is determined as illegal card, and stop washing card operation in time, further increase and wash The safety of card.

With reference to specific application example, it is provided for the embodiments of the invention the method that card washes card distribution and is situated between It continues.

This application example is using PSAM master cards, PSAM generic cards, CPU generic cards, the key authentication and key of these cards Replacing programmed method can obtain from card manufacturer.It is APDU (Application Protocol Data as shown in table 1 Unit, Application Protocol Data Unit) format key authentication order；It loads and updates for the key of APDU modes 1 as shown in table 2 Order；It is the key load command of APDU modes 2 as shown in table 3；As shown in table 4 life is replaced for the key updating of APDU modes 2 It enables.

Table 1

CLA

INS

P1

P2

Lc

DATA

Le

00

82

00

External authentication key serial number

DATA length

Encrypted random number

Nothing

In table, CLA is classes of instructions；INS is instruction code；P1, P2 are parameter；Lc is the length of data；DATA is specific Data；Le is the maximal possible length for the data word joint number answered when wishing corresponding.

Table 2

CLA

INS

P1

P2

Lc

DATA

Le

80/84

D4

00

DATA length

Key plain or key ciphertext+MAC

Nothing

In table, MAC is the Media Access Control address that key loads.

Table 3

CLA

INS

P1

P2

Lc

DATA

Le

80/84

D4

01

Key Sequence Number

DATA length

Key plain or key ciphertext+MAC

Nothing

Table 4

The manufacture key MK0 of card card to be washed have card producer offer, wash card key MK1 and user-association key MK2 by The first key factor of key manufacturer input generates, and exclusive key MK3 to be written is by target user to key manufacturer The second cryptographic key factor of middle input generates, and the MK3 of different target user is different.

Card, which washes card distribution, can make following several versions：

Wash card version for the first time：The card of washing that the version may only complete first time operates, and card producer is produced to be washed The manufacture key MK0 stored in card card, is substituted for and washes card key MK1.

Main card makes version：The version only completes the making for washing card key card and the main card that works.According to key shown in table 2 Order is replaced in key updating shown in key load command and table 4 shown in loading and more newer command and table 3, will wash card key MK1 is loaded to washing card key card, according to key shown in table 2 load and more newer command and table 3 shown in key load command and Order is replaced in key updating shown in table 4, and user-association key MK2 is loaded to work main card；When making every time, mesh is invited It marks user and inputs exclusive key MK3 to be written.And made wash card key card and work main card are distributed to target user.

Client washes card version：The version may only receive to meet wash washed in card key card card key MK1, wash card for the first time Card.

Client's release version：The version only receives client and washes the card after card for the second time, and issues final key.

Specifically, if card card to be washed has had manufacture key MK0, its Key Sequence Number is 01, and equipment is also installed There are one key master cards, it also has corresponding manufacture key MK0.Matching certification process be specially：

The first step sends to card card to be washed and asks, and applies for a string of random number R d1；

Random number R d1 is sent to key master card and goes to encrypt, obtains En_Rd1, the length of Len1 by second step

Third walks, and calls key authentication order as shown in Table 1：00 82 00 01 Len1 En_Rd1, give card to be washed Card, then after card card to be washed receives, inside can be gone to decrypt this En_Rd1 with its No. 01 key MK0, and obtained result is such as Fruit is equal to the random number R d1 just sent, then returns " certification success ".If the MK0 of the MK0 of card card to be washed and key master card not phases Together, then En_Rd1 can not just decrypt to obtain Rd1, then card returns to " authentification failure ".

If " certification success ", loaded according to key shown in key loading shown in table 2 and more newer command and table 3 Key updating shown in order and table 4 replaces order and loads the card key MK1 that washes in key master card to card card to be washed, generates Wash card card for the first time.

Using above-mentioned steps, card operation and the generation of card to be issued behaviour can be washed for the second time to card card to be washed Make, detailed process is same or similar, and which is not described herein again.

In management, it is desirable that the card of different editions wash card distribution operating personnel separate, personal management.Card washes card distribution The password logon mode bound using computer condition code.Even if the personnel of other operation positions copy the distributed software of other stations And can not log in.

Compared with prior art, in the present solution, first, by the manufacture key pair card card to be washed in key master card The key that dispatches from the factory carries out key authentication, and certification success then carries out washing card operation for the first time；Then, by washing second in card key card It washes card key and key authentication is carried out to the key stored in card, card operation is then washed in certification success for the second time；Finally, pass through Second user associated key in work main card carries out key authentication to the key stored in card, and certification success is then passed to card Defeated exclusive key to be written, that completes card washes card, obtains card to be issued.The different card stages of washing can be complete by different station At only in key authentication success, can just carry out this stage washes card operation, any one intermediate stage occurs operation and loses Accidentally, subsequent to wash the card stage and stop executing, to be effectively blocked error accumulation, and the station in each stage is only known The association key in this stage of road, can not intervene other stages washes card operation, effectively increases the safety of card key.Each The card stage is washed to only have the operation position in the stage to have permission wash card operation to card, both maintained key manufacturer in this way Equity, and maintain the equity of user operator, any operation position can not privately operate the card in other stage, Effectively raise safety.And by key master card, wash card key card, work main card wash card and operates, hardware cost It is very low.

The embodiment of the method that card distribution is washed corresponding to above-mentioned card, as shown in figure 3, the embodiment of the present invention additionally provides one kind Card washes the device of card distribution, and described device may include：

First comparison module 310, for comparing at least one manufacture key stored in key master card and card card to be washed The key of middle storage, wherein be stored in the key master card：At least one manufacture key and each manufacture key corresponding the One washes card key；

For the first time wash card card production module 320, for work as in the key master card be stored with, with the card card to be washed It is when the manufacture key that the key of middle storage is consistent, the manufacture key institute being consistent with the key stored in the card card to be washed is right First answered washes card key as the first matching key, and sends the first matching key to the card card to be washed, with more The key stored in the new card card to be washed is the first matching key, generates and wash card card for the first time；

Second comparison module 330 washes card key and described for comparing wash and stored in card key card at least one second The the first matching key stored in card card is washed for the first time, wherein described wash in card key card is stored with：At least one second washes Card key and each second wash the corresponding first user-association key of card key；

Card card production module 340 is washed for the second time, for being stored with, being matched with described first when described wash in card key card Key be consistent second when washing card key, wash first using corresponding to card key by be consistent with the first matching key second Family associated key as second matching key, and send it is described second matching key to the first time wash card card, with update The first time washes the first matching key stored in card card and is the second matching key, generates and wash card card for the second time；

Third comparison module 350, for comparing the second user associated key stored in work main card and described second Wash the second matching key stored in card card, wherein be stored in the work main card：Second user associated key and described The corresponding exclusive key to be written of second user associated key；

Card to be issued produces module 360, for matching key phase with described second when the second user associated key Fu Shi, by the exclusive key to be written be sent to it is described wash card card for the second time, to update described wash for the second time in card card Second matching key of storage is the exclusive key to be written, generates card to be issued.

Optionally, described device can also include：

First acquisition module, for obtaining the first key factor；

Optionally, described device can also include：

Second acquisition module, for obtaining the second cryptographic key factor；

Second comparison module 330, specifically can be used for：

It is described to wash card card production module 340 for the second time, specifically it can be used for：

Further, comprising the first comparison module 310, wash card card production module 320 for the first time, second compare mould Block 330 washes the basis that card card production module 340, third comparison module 350, card to be issued produce module 360 for the second time On, as shown in figure 4, the device that a kind of card that the embodiment of the present invention is provided washes card distribution can also include：

Illegal card determining module 410, for when the key stored in the card card to be washed and any manufacture key it is equal It when not being consistent, determines that the card card to be washed is illegal card, and stops washing card operation；It is deposited when the first time washes in card card When first matching key of storage washes card key with any second and is not consistent, it is illegally to block to determine that the first time washes card card Piece, and stop washing card operation；When the second matching key stored in card card of washing for the second time is associated with any second user When key is not consistent, determine that the card card of washing for the second time is illegal card, and stop washing card operation.

It should be noted that the device that the card of the embodiment of the present invention washes card distribution is to wash what card was issued using above-mentioned card The device of method, then above-mentioned card wash all embodiments of the method for card distribution and be suitable for the device, and can reach identical Or similar advantageous effect.

It is understood that in another embodiment of the embodiment of the present invention, the device that card washes card distribution can wrap simultaneously It includes：First comparison module 310 washes the production of card card module 320, the second comparison module 330, washes the life of card card for the second time for the first time Production module 340, card to be issued production module 360, the first acquisition module, the first encrypting module, is washed third comparison module 350 Card key card generation module, the second acquisition module, the second encrypting module, work main card generation module and illegal card determining module 410。

It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.

Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so description is fairly simple, related place is referring to embodiment of the method Part explanation.

The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims

1. a kind of method that card washes card distribution, which is characterized in that the method includes：

The key for comparing at least one manufacture key stored in key master card and being stored in card card to be washed, wherein described close It is stored in key master card：At least one manufacture key and each manufacture key corresponding first wash card key；

It, will be with when the manufacture key for being stored in the key master card, being consistent with the key stored in the card card to be washed First corresponding to manufacture key that the key stored in the card card to be washed is consistent washes card key and matches key as first, And the first matching key is sent to the card card to be washed, it is described to update the key stored in the card card to be washed First matching key generates and washes card card for the first time；

Compare that at least one second for washing and being stored in card key card washes card key and the first time washes stored in card card One matching key, wherein described wash in card key card is stored with：At least one second washes card key and each second washes card key Corresponding first user-association key；

When it is described wash in card key card be stored with, with it is described first matching key be consistent second wash card key when, will with it is described The second the first user-association key washed corresponding to card key that first matching key is consistent matches key as second, and sends Second matching key to the first time washes card card, and the stored in card card first matching is washed to update the first time Key is the second matching key, generates and wash card card for the second time；

Compare the second user associated key stored in work main card and it is described wash for the second time stored in card card second matching Key, wherein be stored in the work main card：The second user associated key and second user associated key is corresponding waits for Exclusive key is written；

When the second user associated key is consistent with the second matching key, the exclusive key to be written is sent to It is described to wash card card for the second time, it is described to be written special to update stored in card card the second matching key of washing for the second time Belong to key, generate card to be issued.

2. the method that card according to claim 1 washes card distribution, which is characterized in that stored in the relatively key master card At least one manufacture key and card card to be washed in after the key that stores, the method further includes：

When the key stored in the card card to be washed is not consistent with any manufacture key, determine that the card card to be washed is Illegal card, and stop washing card operation；

The comparison washes that at least one second stored in card key card washes card key and the first time washes in card card and stores First matching key after, the method further includes：

When the first time, which washes the first matching key stored in card card, washes card key with any second and be not consistent, determination It is illegal card that the first time, which washes card card, and stops washing card operation；

In the relatively work main card second user associated key that stores and described second stored in card card is washed for the second time After matching key, the method further includes：

When it is described wash for the second time stored in card card second matching key be not consistent with any second user associated key when, It determines that the card card of washing for the second time is illegal card, and stops washing card operation.

3. the method that card according to claim 1 washes card distribution, which is characterized in that the comparison is washed in card key card and deposited At least one the second of storage washes card key and the first time washes before the first matching key stored in card card, the method Further include：

Obtain the first key factor；

Card key and the first key factor are washed according to each manufacture key corresponding first, by cryptographic operation, is obtained every A first washes the corresponding first user-association key of card key；

Card key is washed using first and washes card key as second, and washes card key according to all second and all first user-associations are close Card key card is washed in key generation.

4. the method that card according to claim 1 washes card distribution, which is characterized in that stored in the relatively work main card Second user associated key and it is described wash for the second time stored in card card second matching key before, the method is also wrapped It includes：

Obtain the second cryptographic key factor；

According to second cryptographic key factor, by cryptographic operation, obtain in all first user-association keys with designated user's phase The second user associated key of pass and the corresponding exclusive key to be written of the second user associated key；

5. the method that card according to claim 1 washes card distribution, which is characterized in that the quantity for washing card key card is N, wherein n is greater than or equal to 1；

The comparison washes that at least one second stored in card key card washes card key and the first time washes in card card and stores First matching key, including：

Card key card is washed for every, is obtained at least one second and is washed card key and each second wash card key corresponding first and use Family associated key；

Obtain the first time wash stored in card card first matching key and through i-th wash card key card update described first It is secondary wash card card after, the first time wash the key stored in card card, wherein wash card key card and be n for described i-th and wash card Any in key card；

It is described to wash the first user-association key corresponding to card key as the using be consistent with the first matching key second Two matching keys, and send it is described second matching key to the first time wash card card, wash card card to update the first time The the first matching key stored in piece is the second matching key, generates and wash card card for the second time, including：

When through (i-1)-th wash card key card update the first time wash card card after, the first time washes and stores in card card When key washes any second stored in card key card with i-th and washes card key and be consistent, described i-th is washed in card key card, With the first time washes that the key stored in card card is consistent second washes the corresponding first user-association key of card key and send Card card is washed to the first time, card key is washed until the first time to be washed to the key updating stored in card card and is n-th The key stored in card card is consistent second is washed in card, with the first time, and to wash corresponding first user-association of card key close Card card is washed in key, generation for the second time.

6. a kind of card washes the device of card distribution, which is characterized in that described device includes：

First comparison module, for comparing at least one manufacture key stored in key master card and being stored in card card to be washed Key, wherein be stored in the key master card：It is close that at least one manufacture key and each manufacture key corresponding first wash card Key；

Card card production module is washed for the first time, is stored with, is stored with the card card to be washed for working as in the key master card Key be consistent manufacture key when, by the corresponding to the manufacture key being consistent with the key stored in the card card to be washed One washes card key as the first matching key, and sends the first matching key to the card card to be washed, described in update The key stored in card card to be washed is the first matching key, generates and wash card card for the first time；

Second comparison module washes card key and the first time washes for comparing wash and stored in card key card at least one second The the first matching key stored in card card, wherein described wash in card key card is stored with：At least one second wash card key and Each second washes the corresponding first user-association key of card key；

Card card production module is washed for the second time, for being stored with when described wash in card key card, matching key phase with described first When the second of symbol washes card key, be consistent with the first matching key second is washed the first user-association corresponding to card key Key sends second matching key to the first time and washes card card as the second matching key, to update described the Primary the first matching key stored in card card of washing is the second matching key, generates and wash card card for the second time；

Third comparison module, for comparing the second user associated key stored in work main card and described washing card card for the second time Second matching key of middle storage, wherein be stored in the work main card：Second user associated key and the second user The corresponding exclusive key to be written of associated key；

Card to be issued produces module, for when the second user associated key is consistent with the second matching key, inciting somebody to action The exclusive key to be written be sent to it is described wash card card for the second time, described wash stored in card card for the second time to update Two matching keys are the exclusive key to be written, generate card to be issued.

7. card according to claim 6 washes the device of card distribution, which is characterized in that described device further includes：

Illegal card determining module, for not being consistent with any manufacture key when the key stored in the card card to be washed When, determine that the card card to be washed is illegal card, and stop washing card operation；Stored in card card is washed when the first time When one matching key washes card key with any second and is not consistent, determine that the first time washes card card as illegal card, and stop Only wash card operation；The the second matching key stored in card card and any second user associated key are washed for the second time not when described When being consistent, determine that the card card of washing for the second time is illegal card, and stop washing card operation.

8. card according to claim 6 washes the device of card distribution, which is characterized in that described device further includes：

First acquisition module, for obtaining the first key factor；

First encrypting module is passed through for washing card key and the first key factor according to each manufacture key corresponding first Cryptographic operation is crossed, each first is obtained and washes the corresponding first user-association key of card key；

Card key card generation module is washed, washes card key as second for washing card key using first, and card is washed according to all second Card key card is washed in key and the generation of all first user-association keys.

9. card according to claim 6 washes the device of card distribution, which is characterized in that described device further includes：

Second acquisition module, for obtaining the second cryptographic key factor；

Second encrypting module, for it is close to obtain all first user-associations by cryptographic operation according to second cryptographic key factor It is corresponding with the relevant second user associated key of designated user and the second user associated key to be written exclusive close in key Key；

Work main card generation module, for according to the second user associated key and the exclusive key to be written, generating work Make main card.

10. card according to claim 6 washes the device of card distribution, which is characterized in that the quantity for washing card key card For n, wherein n is greater than or equal to 1；

Second comparison module, is specifically used for：