CN110278214A - The method for realizing the distant processing of getting killed of safety for smart chip card - Google Patents
The method for realizing the distant processing of getting killed of safety for smart chip card Download PDFInfo
- Publication number
- CN110278214A CN110278214A CN201910620824.1A CN201910620824A CN110278214A CN 110278214 A CN110278214 A CN 110278214A CN 201910620824 A CN201910620824 A CN 201910620824A CN 110278214 A CN110278214 A CN 110278214A
- Authority
- CN
- China
- Prior art keywords
- chip card
- smart chip
- session key
- verifying
- special
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012545 processing Methods 0.000 title claims abstract description 47
- 238000012795 verification Methods 0.000 claims abstract description 153
- 238000004891 communication Methods 0.000 claims description 33
- 239000006185 dispersion Substances 0.000 claims description 29
- SKZKKFZAGNVIMN-UHFFFAOYSA-N Salicilamide Chemical compound NC(=O)C1=CC=CC=C1O SKZKKFZAGNVIMN-UHFFFAOYSA-N 0.000 claims description 25
- 230000005540 biological transmission Effects 0.000 claims description 24
- 230000015572 biosynthetic process Effects 0.000 claims description 6
- 238000003786 synthesis reaction Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of methods for realizing the distant processing of getting killed of safety for smart chip card, read to write authentication mechanism, smart chip card reset data and veritification mechanism between authentication mechanism, smart chip card and Verification System between reading authentication mechanism, Verification System and special-purpose machines and tools between special-purpose machines and tools and smart chip card including realizing.Using the method for realizing the distant processing of getting killed of safety for smart chip card of the invention, smart chip card authentication can be realized under the conditions of no special-purpose machines and tools, identify canceled smart chip card and establish distant exit passageway of getting killed, high safety, highly reliable canceled smart chip card is distant gets killed to realizing, and effectively reduces the security risk of smart chip card offline authentication inaccuracy.
Description
Technical field
The present invention relates to field of identity authentication more particularly to smart chip card identity identifying technology fields, in particular to one
The method that kind realizes the distant processing of getting killed of safety for smart chip card.
Background technique
Currently, intelligent chip is stuck in the multiple fields such as finance, social security, traffic, public security, such as financial IC card, social security card, traffic
It is all widely used in the service applications such as all-purpose card, Residents ID, chip seal.Existing smart chip card identity is recognized
Card is generally included to authenticate online and be realized with offline authentication two ways, on-line authentication mode by the identification service system of server-side
The authentication of smart chip card, and offline authentication mode realizes the identity of smart chip card by the special-purpose machines and tools of client
Certification;Smart chip card cancellation method is usually that service application data in smart chip card are nullified and issued in Verification System
Exit state information, nullifying when being lost due to smart chip card without card, the service application data of smart chip card are still
It resides in card, there is a problem of that smart chip card is actually canceled and offline authentication is still effective.
Summary of the invention
The purpose of the present invention is overcoming the above-mentioned prior art, provides and a kind of meet accuracy, validity, behaviour
Make the easy method for realizing the distant processing of getting killed of safety for smart chip card.
To achieve the goals above, the method for the distant processing of getting killed of smart chip card realization safety of the invention is as follows:
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method includes
The step of smart chip card authentication and distant exit passageway of getting killed are established is realized under the conditions of special-purpose machines and tools, specifically includes following step
It is rapid:
(1-1) special-purpose machines and tools and smart chip card are completed two-way reading and are authenticated, and it is unique that verifying client reads smart chip card
Coding and preceding 255 byte service application data;
(1-2) Verification System and special-purpose machines and tools negotiate verifying session key, and the verifying client is sent out to Verification System
Send on-line authentication solicited message;
Verification System described in (1-3) returns data to client is verified, and it is complete to carry out data by verifying session key
Property protection;
Verifying client described in (1-4) sends resetting request of data, and removes smart chip card safe condition and intelligence
Chip card access limit.
Preferably, the step (1-1) specifically includes the following steps:
(1-1.1) special-purpose machines and tools and smart chip card are authenticated by reading the two-way reading of authentication mechanism completion;
(1-1.2) verifies the unique encodings and preceding 255 byte service application number that client reads the smart chip card
According to whether the preceding 255 byte service application data of judgement are resetting data, if it is, prompting canceled and exit step;Otherwise
Continue step (1-2).
Preferably, the step (1-2) specifically includes the following steps:
Verification System described in (1-2.1) and special-purpose machines and tools are completed to read two-way authentication and negotiate to verify session key;
Verifying client described in (1-2.2) sends online certification request information to Verification System, close using verifying session
Key makees data integrity protection.
Preferably, the on-line authentication solicited message is that smart chip card unique encodings UID and special-purpose machines and tools are uniquely compiled
Code SAMID.
Preferably, the step (1-3) specifically includes the following steps:
Verification System described in (1-3.1) returns data to client is verified, and it is complete to carry out data by verifying session key
Whole property protection;
Whether the state of (1-3.2) judgement smart chip card is normal, if it is, returning intelligent chip card business
Application data information and exit step;Otherwise, the Verification System and smart chip card are completed by writing authentication mechanism between the two
It writes two-way authentication and negotiates distant session key of getting killed.
Preferably, the step (1-4) specifically includes the following steps:
Verifying client described in (1-4.1) sends resetting request of data to Verification System, is made by distant session key of getting killed
Data integrity protection;
Verification System described in (1-4.2) returns data to client is verified, and it is complete to make data using distant session key of getting killed
Property protection;
Resetting data are written to smart chip card in verifying client described in (1-4.3);
Verifying client described in (1-4.4) removes smart chip card safe condition, carries out smart chip card access limit
It removes.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
Have and realizes the step of reading authentication mechanism between Verification System and special-purpose machines and tools under the conditions of special-purpose machines and tools, specifically includes the following steps:
(2-1) verifying client and special-purpose machines and tools transmission special-purpose machines and tools card unique encodings take random number to instruct and take certification
Code instruction, special-purpose machines and tools carry out encryption to random number R c and obtain authentication code Token1, and are returned to verifying client;
(2-2) Verification System protects master key, is obtained by certification communications protection master key to random number R s and decryption
The dispersion factor of Rc' synthesis is encrypted, and authentication code Token2 is obtained;
(2-3) special-purpose machines and tools obtain session key SK to certification communications protection master key PMENC2, and use session key
SK encrypts special-purpose machines and tools unique encodings SAMID and obtains verifying session key;
Verification System described in (2-4) generates certification communications protection master key PMENC2, is tested by session key SK
It demonstrate,proves session key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list.
Preferably, the step (2-1) specifically includes the following steps:
(2-1.1) verifies the special-purpose machines and tools card unique encodings that client reads special-purpose machines and tools;
Verifying client described in (2-1.2) takes random number to instruct to the special-purpose machines and tools transmission, and special-purpose machines and tools are returned
Random number R c is to verifying client;
Verifying client described in (2-1.3) takes certification code instruction to special-purpose machines and tools transmission, and special-purpose machines and tools use disperses
To certification communications protection master key encryption carried out to random number R c obtain authentication code Token1, and be returned to verifying client.
Preferably, the step (2-2) specifically includes the following steps:
(2-2.1) verifies client and sends special-purpose machines and tools unique encodings SAMID and authentication code Token1 to Verification System;
Verification System described in (2-2.2) disperses to generate certification communications protection master key according to special-purpose machines and tools unique encodings,
Decrypted authentication code Token1 obtains random number R c' and generates random number R s, by certification communications protection master key to random number R s
It is encrypted with the dispersion factor of Rc' synthesis, obtains authentication code Token2;
Verification System described in (2-2.3) returns special-purpose machines and tools unique encodings and authentication code Token2 to verifying client,
It verifies client and sends authentication code Token2 to special-purpose machines and tools.
Preferably, the step (2-3) specifically includes the following steps:
Special-purpose machines and tools decrypted authentication code Token2 described in (2-3.1) obtains Rc' and Rs', and is returned to verifying client;
Whether verifying client described in (2-3.2) compares Rc consistent with Rc', if it is, sending meter to special-purpose machines and tools
Calculate verifying session key instruction;Otherwise exit step;
Special-purpose machines and tools described in (2-3.3) use random number R c and Rs' as dispersion factor, close to certification communications protection master
Key PMENC2 dispersion obtains session key SK, and is verified using session key SK encryption special-purpose machines and tools unique encodings SAMID
Session key, and return verifying client.
Preferably, the step (2-4) specifically includes the following steps:
Verification System described in (2-4.1) disperses to generate certification communications protection master key according to special-purpose machines and tools unique encodings
PMENC2, and random number R c' and Rs is used to generate session to certification communications protection master key PMENC2 dispersion as dispersion factor
Key SK;
Verification System described in (2-4.2) encrypts special-purpose machines and tools unique encodings SAMID by session key SK and is verified
Session key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
The step of smart chip card authentication and distant exit passageway of getting killed are established is realized under the conditions of no special-purpose machines and tools, specifically includes following step
It is rapid:
(3-1) Verification System and smart chip card negotiate verifying session key, and the verifying client is to Verification System
Send online certification request information;
(3-2) Verification System returns data to client is verified, and makees data integrity protection using verifying session key, sentences
Whether disconnected smart chip card state is normal, if it is, returning smart chip card service application data information and exit step;
Otherwise, Verification System and smart chip card be by writing authentication mechanism between the two, and two-way authentication is write in completion and to negotiate distant session of getting killed close
Key;
(3-3) verifies client and sends acquisition resetting request of data to Verification System, makees data by distant session key of getting killed
Integrity protection, and remove smart chip card safe condition.
Preferably, the step (3-1) specifically includes the following steps:
Verification System described in (3-1.1) and smart chip card are completed to read two-way authentication simultaneously by reading authentication mechanism between the two
Negotiate verifying session key;
Verifying client described in (3-1.2) sends online certification request information to Verification System, close using verifying session
Key makees data integrity protection.
Preferably, the on-line authentication solicited message includes that smart chip card unique encodings and special-purpose machines and tools are uniquely compiled
Code.
Preferably, the step (3-3) specifically includes the following steps:
Verifying client described in (3-3.1) is sent to Verification System obtains resetting request of data, close by distant session of getting killed
Key makees data integrity protection;
Verification System described in (3-3.2) returns resetting data to client is verified, and makees data by distant session key of getting killed
Integrity protection;
Resetting data are written to smart chip card in verifying client described in (3-3.3);
Verifying client described in (3-3.4) removes smart chip card safe condition, completes smart chip card access limit
It removes.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
The step of authentication mechanism is read between Verification System and special-purpose machines and tools is realized under the conditions of no special-purpose machines and tools, specifically includes the following steps:
(4-1) verifies client and reads smart chip card unique encodings, and smart chip card sends random number R c to verifying visitor
Family end;
The generated data of (4-2) Verification System encrypted random number Rc and Rr obtain session key, and encryption smart chip card is only
One coding obtains verifying session key, addition smart chip card unique encodings and verifying session key to memory list;
Verifying client described in (4-3) and smart chip card are obtained by reading external authentication instruction and reading internal authentication instruction
Session key must be verified.
Preferably, the step (4-1) specifically includes the following steps:
Verifying client described in (4-1.1) read smart chip card unique encodings, and to smart chip card transmission take with
The instruction of machine number;
Smart chip card described in (4-1.2) returns random number R c to verifying client;
Verifying client described in (4-1.3) sends smart chip card unique encodings and random number R c to Verification System.
Preferably, the step (4-2) specifically includes the following steps:
Verification System described in (4-2.1) disperses to generate according to smart chip card unique encodings reads certification master key, encryption
Random number R c obtains authentication code Token1, and Verification System generates random number R r, and returns authentication code Token1 and random number R r extremely
Verify client;
Verification System described in (4-2.2) is understood using the generated data for reading certification master key encryption random number R c and Rr
Key is talked about, and obtains verifying session key using session key encryption smart chip card unique encodings, addition smart chip card is only
One coding and verifying session key are to memory list, and timing removing keeps verifying session key time-out invalid.
Preferably, the step (4-3) specifically includes the following steps:
Verifying client described in (4-3.1) sends the reading external authentication comprising authentication code Token1 to smart chip card and refers to
It enables;
Smart chip card described in (4-3.2) carries out the certification of authentication code Token1, and returns and read external authentication result extremely
Verify client;
Verifying client described in (4-3.3) is sent to smart chip card reads internal authentication instruction;
Smart chip card described in (4-3.4) is obtained using the generated data for reading certification master key encryption random number R c and Rr
Session key, and verifying session key is obtained using session key encryption smart chip card unique encodings, and return verifying session
Key is to verifying client.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
Realize the step of writing authentication mechanism between smart chip card and Verification System, specifically includes the following steps:
(5-1) verifies client and reads smart chip card unique encodings, and smart chip card sends smart chip card and uniquely compiles
Code and authentication code Token1 are to verifying client;
Verification System session key described in (5-2) encrypts smart chip card unique encodings and obtains distant session key of getting killed, and
Addition smart chip card unique encodings and distant session key binding information of getting killed are to memory list;
Verifying client described in (5-3) and smart chip card are obtained by writing external authentication instruction and writing internal authentication instruction
Obtain distant session key of getting killed.
Preferably, the step (5-1) specifically includes the following steps:
Verifying client described in (5-1.1) reads smart chip card unique encodings UID;
Verifying client described in (5-1.2) takes certification code instruction to smart chip card transmission, smart chip card generate with
Machine number Rc, and authentication code Token1 is obtained by verifying session key encrypted random number Rc, and return authentication code Token1 to testing
Demonstrate,prove client;
Verifying client described in (5-1.3) sends smart chip card unique encodings and authentication code to Verification System
Token1。
Preferably, the step (5-2) specifically includes the following steps:
Verification System described in (5-2.1) obtains Rc' by verifying session key decrypted authentication code Token1, according to intelligence
The dispersion of chip card unique encodings, which generates, writes certification master key, and use writes certification master key encryption Rc' and obtains authentication code Token2;
Verification System described in (5-2.2) generates random number R r, obtains authentication code by writing certification master key encryption Rr
Token3, disperses to obtain session key according to Rc and Rr generated data, encrypts smart chip card unique encodings by session key
Distant session key of getting killed is obtained, and adds smart chip card unique encodings and distant session key binding information of getting killed to memory list, and
Timing, which is removed, keeps distant session key time-out of getting killed invalid;
Verification System described in (5-2.3) returns authentication code Token2 and Token3 to verifying client.
Preferably, the step (5-3) specifically includes the following steps:
Verifying client described in (5-3.1) sends to smart chip card and writes external authentication instruction comprising Token2;
The certification Token2 of smart chip card described in (5-3.2) is simultaneously returned and is write external authentication result to verifying client, if
Token2 failure is authenticated, then is exited, otherwise, verifying client writes internal authentication instruction to smart chip card transmission;
Smart chip card decrypted authentication code Token3 described in (5-3.3) obtains Rr', by writing certification master key to Rr'
It is encrypted with Rc generated data and obtains session key, it is close to encrypt the distant session of getting killed of smart chip card unique encodings acquisition by session key
Key, and distant session key of getting killed is returned to verifying client.
Using the method for realizing the distant processing of getting killed of safety for smart chip card of the invention, there can be special-purpose machines and tools item
Smart chip card authentication is realized under part, canceled smart chip card is identified and establishes distant exit passageway of getting killed, including is realized
Authentication mechanism, intelligent core are read between reading authentication mechanism, Verification System and special-purpose machines and tools between special-purpose machines and tools and smart chip card
Authentication mechanism, smart chip card reset data and veritification mechanism are write between piece card and Verification System;And it can be in no special-purpose machines and tools
Under the conditions of realize smart chip card authentication, identify canceled smart chip card and establish distant exit passageway of getting killed, including intelligence
Read/write authentication mechanism, smart chip card reset data and veritification mechanism between energy chip card and Verification System, to realize height
Safely, highly reliable canceled smart chip card is distant gets killed, and effectively reduces the safety wind of smart chip card offline authentication inaccuracy
Danger.
Detailed description of the invention
Fig. 1 be the of the invention method that the distant processing of getting killed of safety is realized for smart chip card have a special-purpose machines and tools under the conditions of
The schematic diagram that smart chip card authentication and distant exit passageway of getting killed create a mechanism.
Fig. 2 be the of the invention method that the distant processing of getting killed of safety is realized for smart chip card have a special-purpose machines and tools under the conditions of
The schematic diagram of authentication mechanism is read between Verification System and special-purpose machines and tools.
Fig. 3 be the of the invention method that the distant processing of getting killed of safety is realized for smart chip card without special-purpose machines and tools under the conditions of
The schematic diagram that smart chip card authentication and distant exit passageway of getting killed create a mechanism.
Fig. 4 be the of the invention method that the distant processing of getting killed of safety is realized for smart chip card without special-purpose machines and tools under the conditions of
The schematic diagram of authentication mechanism is read between the smart chip card and Verification System.
Fig. 5 is the smart chip card of the method for the distant processing of getting killed of smart chip card realization safety of the invention and certification is
The schematic diagram of authentication mechanism is write between system.
Specific embodiment
It is further to carry out combined with specific embodiments below in order to more clearly describe technology contents of the invention
Description.
The method that should realize the distant processing of getting killed of safety for smart chip card of the invention, including following steps:
The method includes to realize that smart chip card authentication is built with distant exit passageway of getting killed under the conditions of special-purpose machines and tools
Vertical step, specifically includes the following steps:
(1-1) special-purpose machines and tools and smart chip card are completed two-way reading and are authenticated, and it is unique that verifying client reads smart chip card
Coding and preceding 255 byte service application data;
(1-1.1) special-purpose machines and tools and smart chip card are authenticated by reading the two-way reading of authentication mechanism completion;
(1-1.2) verifies the unique encodings and preceding 255 byte service application number that client reads the smart chip card
According to whether the preceding 255 byte service application data of judgement are resetting data, if it is, prompting canceled and exit step;Otherwise
Continue step (1-2);
(1-2) Verification System and special-purpose machines and tools negotiate verifying session key, and the verifying client is sent out to Verification System
Send on-line authentication solicited message;
Verification System described in (1-2.1) and special-purpose machines and tools are completed to read two-way authentication and negotiate to verify session key;
Verifying client described in (1-2.2) sends online certification request information to Verification System, close using verifying session
Key makees data integrity protection;
Verification System described in (1-3) returns data to client is verified, and it is complete to carry out data by verifying session key
Property protection;
Verification System described in (1-3.1) returns data to client is verified, and it is complete to carry out data by verifying session key
Whole property protection;
Whether the state of (1-3.2) judgement smart chip card is normal, if it is, returning intelligent chip card business
Application data information and exit step;Otherwise, the Verification System and smart chip card are completed by writing authentication mechanism between the two
It writes two-way authentication and negotiates distant session key of getting killed;
Verifying client described in (1-4) sends resetting request of data, and removes smart chip card safe condition and intelligence
Chip card access limit;
Verifying client described in (1-4.1) sends resetting request of data to Verification System, is made by distant session key of getting killed
Data integrity protection;
Verification System described in (1-4.2) returns data to client is verified, and it is complete to make data using distant session key of getting killed
Property protection;
Resetting data are written to smart chip card in verifying client described in (1-4.3);
Verifying client described in (1-4.4) removes smart chip card safe condition, carries out smart chip card access limit
It removes.
Preferably, the on-line authentication solicited message is that smart chip card unique encodings UID and special-purpose machines and tools are uniquely compiled
Code SAMID.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
Have and realizes the step of reading authentication mechanism between Verification System and special-purpose machines and tools under the conditions of special-purpose machines and tools, specifically includes the following steps:
(2-1) verifying client and special-purpose machines and tools transmission special-purpose machines and tools card unique encodings take random number to instruct and take certification
Code instruction, special-purpose machines and tools carry out encryption to random number R c and obtain authentication code Token1, and are returned to verifying client;
(2-1.1) verifies the special-purpose machines and tools card unique encodings that client reads special-purpose machines and tools;
Verifying client described in (2-1.2) takes random number to instruct to the special-purpose machines and tools transmission, and special-purpose machines and tools are returned
Random number R c is to verifying client;
Verifying client described in (2-1.3) takes certification code instruction to special-purpose machines and tools transmission, and special-purpose machines and tools use disperses
To certification communications protection master key encryption carried out to random number R c obtain authentication code Token1, and be returned to verifying client;
(2-2) Verification System protects master key, is obtained by certification communications protection master key to random number R s and decryption
The dispersion factor of Rc' synthesis is encrypted, and authentication code Token2 is obtained;
(2-2.1) verifies client and sends special-purpose machines and tools unique encodings SAMID and authentication code Token1 to Verification System;
Verification System described in (2-2.2) disperses to generate certification communications protection master key according to special-purpose machines and tools unique encodings,
Decrypted authentication code Token1 obtains random number R c' and generates random number R s, by certification communications protection master key to random number R s
It is encrypted with the dispersion factor of Rc' synthesis, obtains authentication code Token2;
Verification System described in (2-2.3) returns special-purpose machines and tools unique encodings and authentication code Token2 to verifying client,
It verifies client and sends authentication code Token2 to special-purpose machines and tools;
(2-3) special-purpose machines and tools obtain session key SK to certification communications protection master key PMENC2, and use session key
SK encrypts special-purpose machines and tools unique encodings SAMID and obtains verifying session key;
Special-purpose machines and tools decrypted authentication code Token2 described in (2-3.1) obtains Rc' and Rs', and is returned to verifying client;
Whether verifying client described in (2-3.2) compares Rc consistent with Rc', if it is, sending meter to special-purpose machines and tools
Calculate verifying session key instruction;Otherwise exit step;
Special-purpose machines and tools described in (2-3.3) use random number R c and Rs' as dispersion factor, close to certification communications protection master
Key PMENC2 dispersion obtains session key SK, and is verified using session key SK encryption special-purpose machines and tools unique encodings SAMID
Session key, and return verifying client;
Verification System described in (2-4) generates certification communications protection master key PMENC2, is tested by session key SK
It demonstrate,proves session key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list;
Verification System described in (2-4.1) disperses to generate certification communications protection master key according to special-purpose machines and tools unique encodings
PMENC2, and random number R c' and Rs is used to generate session to certification communications protection master key PMENC2 dispersion as dispersion factor
Key SK;
Verification System described in (2-4.2) encrypts special-purpose machines and tools unique encodings SAMID by session key SK and is verified
Session key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
The step of smart chip card authentication and distant exit passageway of getting killed are established is realized under the conditions of no special-purpose machines and tools, specifically includes following step
It is rapid:
(3-1) Verification System and smart chip card negotiate verifying session key, and the verifying client is to Verification System
Send online certification request information;
Verification System described in (3-1.1) and smart chip card are completed to read two-way authentication simultaneously by reading authentication mechanism between the two
Negotiate verifying session key;
Verifying client described in (3-1.2) sends online certification request information to Verification System, close using verifying session
Key makees data integrity protection;
(3-2) Verification System returns data to client is verified, and makees data integrity protection using verifying session key, sentences
Whether disconnected smart chip card state is normal, if it is, returning smart chip card service application data information and exit step;
Otherwise, Verification System and smart chip card be by writing authentication mechanism between the two, and two-way authentication is write in completion and to negotiate distant session of getting killed close
Key;
(3-3) verifies client and sends acquisition resetting request of data to Verification System, makees data by distant session key of getting killed
Integrity protection, and remove smart chip card safe condition;
Verifying client described in (3-3.1) is sent to Verification System obtains resetting request of data, close by distant session of getting killed
Key makees data integrity protection;
Verification System described in (3-3.2) returns resetting data to client is verified, and makees data by distant session key of getting killed
Integrity protection;
Resetting data are written to smart chip card in verifying client described in (3-3.3);
Verifying client described in (3-3.4) removes smart chip card safe condition, completes smart chip card access limit
It removes.
Preferably, the on-line authentication solicited message includes that smart chip card unique encodings and special-purpose machines and tools are uniquely compiled
Code.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
The step of authentication mechanism is read between Verification System and special-purpose machines and tools is realized under the conditions of no special-purpose machines and tools, specifically includes the following steps:
(4-1) verifies client and reads smart chip card unique encodings, and smart chip card sends random number R c to verifying visitor
Family end;
Verifying client described in (4-1.1) read smart chip card unique encodings, and to smart chip card transmission take with
The instruction of machine number;
Smart chip card described in (4-1.2) returns random number R c to verifying client;
Verifying client described in (4-1.3) sends smart chip card unique encodings and random number R c to Verification System;
The generated data of (4-2) Verification System encrypted random number Rc and Rr obtain session key, and encryption smart chip card is only
One coding obtains verifying session key, addition smart chip card unique encodings and verifying session key to memory list;
Verification System described in (4-2.1) disperses to generate according to smart chip card unique encodings reads certification master key, encryption
Random number R c obtains authentication code Token1, and Verification System generates random number R r, and returns authentication code Token1 and random number R r extremely
Verify client;
Verification System described in (4-2.2) is understood using the generated data for reading certification master key encryption random number R c and Rr
Key is talked about, and obtains verifying session key using session key encryption smart chip card unique encodings, addition smart chip card is only
One coding and verifying session key are to memory list, and timing removing keeps verifying session key time-out invalid;
Verifying client described in (4-3) and smart chip card are obtained by reading external authentication instruction and reading internal authentication instruction
Session key must be verified.
Verifying client described in (4-3.1) sends the reading external authentication comprising authentication code Token1 to smart chip card and refers to
It enables;
Smart chip card described in (4-3.2) carries out the certification of authentication code Token1, and returns and read external authentication result extremely
Verify client;
Verifying client described in (4-3.3) is sent to smart chip card reads internal authentication instruction;
Smart chip card described in (4-3.4) is obtained using the generated data for reading certification master key encryption random number R c and Rr
Session key, and verifying session key is obtained using session key encryption smart chip card unique encodings, and return verifying session
Key is to verifying client.
The method for realizing the distant processing of getting killed of safety for smart chip card, is mainly characterized by, the method further includes
Realize the step of writing authentication mechanism between smart chip card and Verification System, specifically includes the following steps:
(5-1) verifies client and reads smart chip card unique encodings, and smart chip card sends smart chip card and uniquely compiles
Code and authentication code Token1 are to verifying client;
Verifying client described in (5-1.1) reads smart chip card unique encodings UID;
Verifying client described in (5-1.2) takes certification code instruction to smart chip card transmission, smart chip card generate with
Machine number Rc, and authentication code Token1 is obtained by verifying session key encrypted random number Rc, and return authentication code Token1 to testing
Demonstrate,prove client;
Verifying client described in (5-1.3) sends smart chip card unique encodings and authentication code to Verification System
Token1;
Verification System session key described in (5-2) encrypts smart chip card unique encodings and obtains distant session key of getting killed, and
Addition smart chip card unique encodings and distant session key binding information of getting killed are to memory list;
Verification System described in (5-2.1) obtains Rc' by verifying session key decrypted authentication code Token1, according to intelligence
The dispersion of chip card unique encodings, which generates, writes certification master key, and use writes certification master key encryption Rc' and obtains authentication code Token2;
Verification System described in (5-2.2) generates random number R r, obtains authentication code by writing certification master key encryption Rr
Token3, disperses to obtain session key according to Rc and Rr generated data, encrypts smart chip card unique encodings by session key
Distant session key of getting killed is obtained, and adds smart chip card unique encodings and distant session key binding information of getting killed to memory list, and
Timing, which is removed, keeps distant session key time-out of getting killed invalid;
Verification System described in (5-2.3) returns authentication code Token2 and Token3 to verifying client;
Verifying client described in (5-3) and smart chip card are obtained by writing external authentication instruction and writing internal authentication instruction
Obtain distant session key of getting killed.
Verifying client described in (5-3.1) sends to smart chip card and writes external authentication instruction comprising Token2;
The certification Token2 of smart chip card described in (5-3.2) is simultaneously returned and is write external authentication result to verifying client, if
Token2 failure is authenticated, then is exited, otherwise, verifying client writes internal authentication instruction to smart chip card transmission;
Smart chip card decrypted authentication code Token3 described in (5-3.3) obtains Rr', by writing certification master key to Rr'
It is encrypted with Rc generated data and obtains session key, it is close to encrypt the distant session of getting killed of smart chip card unique encodings acquisition by session key
Key, and distant session key of getting killed is returned to verifying client.
In a specific embodiment of the invention, it is therefore an objective to a kind of smart chip card distant method of getting killed safely be provided, can had
Special-purpose machines and tools or without realizing smart chip card authentication under the conditions of special-purpose machines and tools, identify canceled smart chip card and establish
Distant exit passageway of getting killed realizes that reset data is distant to complete safety with veritifying in the card of canceled smart chip card on this basis
It gets killed, to solve the problems, such as the accurate and effective of smart chip card offline authentication.
To achieve the goals above, distant method of getting killed, composition are as follows safely for a kind of smart chip card of the invention:
The smart chip card distant method of getting killed safely, is mainly characterized by, includes the intelligent chip under the conditions of special-purpose machines and tools
Card authentication and distant exit passageway of getting killed create a mechanism, without the smart chip card authentication and distant peace of getting killed under the conditions of special-purpose machines and tools
Full tunnel mechanism and smart chip card reset data and veritification mechanism, wherein
1, the smart chip card authentication under the conditions of special-purpose machines and tools creates a mechanism with distant exit passageway of getting killed, such as Fig. 1 institute
Show:
Special-purpose machines and tools and smart chip card complete two-way reading certification by reading authentication mechanism between the two;
It verifies client and reads smart chip card unique encodings and preceding 255 byte service application data, if preceding 255 byte industry
Business is resetting data using data, then prompts canceled and exit, otherwise continue;
Verification System is close by reading authentication mechanism completion reading two-way authentication between the two and negotiating verifying session with special-purpose machines and tools
Key;
It verifies client and sends online certification request to Verification System, make data integrity guarantor using verifying session key
Shield;
Solicited message includes smart chip card unique encodings UID and special-purpose machines and tools unique encodings SAMID;
Verification System returns data to client is verified, and makees data integrity protection using verifying session key, if intelligence
Chip card state be it is normal, then return smart chip card service application data information and exit;
If smart chip card state be it is canceled, Verification System and smart chip card are complete by writing authentication mechanism between the two
At writing two-way authentication and negotiate distant session key of getting killed;
It verifies client and sends resetting request of data to Verification System, make data integrity guarantor using distant session key of getting killed
Shield;
Verification System returns data to client is verified, and makees data integrity protection using distant session key of getting killed;
It verifies client and resetting data is written to smart chip card;
It verifies client and removes smart chip card safe condition, complete smart chip card access limit and remove.
2, authentication mechanism is read between Verification System and special-purpose machines and tools, as shown in Figure 2:
Verify the special-purpose machines and tools card unique encodings that client reads special-purpose machines and tools;
Verifying client takes random number to instruct to special-purpose machines and tools transmission, and special-purpose machines and tools return random number R c to verifying client
End;
Verifying client takes certification code instruction to special-purpose machines and tools transmission, and the certification communication that special-purpose machines and tools are obtained using dispersion is protected
Shield master key carries out encryption to random number R c and obtains authentication code Token1, and returns to verifying client;
It verifies client and sends special-purpose machines and tools unique encodings and authentication code Token1 to Verification System;
Verification System disperses to generate certification communications protection master key, decrypted authentication code according to special-purpose machines and tools unique encodings
Token1 obtains random number R c', and Verification System generates random number R s, and using certification communications protection master key to random number R s and
The dispersion factor of Rc' synthesis is encrypted, and authentication code Token2 is obtained;
Verification System returns special-purpose machines and tools unique encodings and authentication code Token2 to verifying client, and verifying client is sent
Authentication code Token2 is to special-purpose machines and tools;
Special-purpose machines and tools decrypted authentication code Token2 obtains Rc' and Rs', and is returned to verifying client;
It is whether consistent with Rc' to verify client comparison Rc, if unanimously, sending to special-purpose machines and tools and calculating verifying session key
Instruction, is otherwise exited;
Special-purpose machines and tools use random number R c and Rs' as dispersion factor, to certification communications protection master key PMENC2 dispersion
It obtains session key SK and obtains verifying session key using session key SK encryption special-purpose machines and tools unique encodings SAMID, and return
Also verify client;
Verification System according to special-purpose machines and tools unique encodings disperse generate certification communications protection master key PMENC2, and use with
Machine number Rc' and Rs generates session key SK to certification communications protection master key PMENC2 dispersion as dispersion factor;
Verification System obtains verifying session key, addition using session key SK encryption special-purpose machines and tools unique encodings SAMID
The binding information of special-purpose machines and tools unique encodings SAMID and verifying session key is to memory list, and timing removing makes to verify session
Key-timeout is invalid.
3, authentication mechanism is write between smart chip card and Verification System, as shown in Figure 5:
It verifies client and reads smart chip card unique encodings UID;
Verifying client takes certification code instruction to smart chip card transmission, and smart chip card generates random number R c, and passes through
It verifies session key encrypted random number Rc and obtains authentication code Token1, and return authentication code Token1 to verifying client;
It verifies client and sends smart chip card unique encodings and authentication code Token1 to Verification System;
Verification System obtains Rc' using verifying session key decrypted authentication code Token1, and unique according to smart chip card
Coding dispersion, which generates, writes certification master key, and use writes certification master key encryption Rc' and obtains authentication code Token2;
Verification System generates random number R r, and use writes certification master key encryption Rr and obtains authentication code Token3, according to Rc
Disperse to obtain session key with Rr generated data, it is close to obtain distant session of getting killed using session key encryption smart chip card unique encodings
Key, and smart chip card unique encodings and distant session key binding information of getting killed are added to memory list, and timing removing makes distant get killed
Session key time-out is invalid;
Verification System returns authentication code Token2 and Token3 to verifying client;
Verifying client sends to smart chip card and writes external authentication instruction comprising Token2;
Smart chip card certification Token2 and return write external authentication result to client is verified, if certification Token2 loses
It loses, then exits, otherwise, verifying client writes internal authentication instruction to smart chip card transmission;
Smart chip card decrypted authentication code Token3 obtains Rr', and use writes certification master key to Rr' and Rc generated data
Encryption obtains session key, and obtains distant session key of getting killed using session key encryption smart chip card unique encodings, and return
Distant session key of getting killed is to verifying client.
4, it creates a mechanism without the smart chip card authentication under the conditions of special-purpose machines and tools with distant exit passageway of getting killed, such as Fig. 4 institute
Show:
Verification System and smart chip card are by reading authentication mechanism completion reading two-way authentication between the two and negotiating to verify session
Key;
It verifies client and sends online certification request to Verification System, make data integrity guarantor using verifying session key
Shield;
Solicited message includes smart chip card unique encodings and special-purpose machines and tools unique encodings.
Verification System returns data to client is verified, and makees data integrity protection using verifying session key, if intelligence
Chip card state be it is normal, then return smart chip card service application data information and exit;If state be it is canceled, authenticate
System and smart chip card write two-way authentication and negotiate distant session key of getting killed by writing authentication mechanism, completion between the two;
It verifies client and sends acquisition resetting request of data to Verification System, make data integrity using distant session key of getting killed
Protection;And Verification System returns resetting data to client is verified, and makees data integrity protection using distant session key of getting killed;
It verifies client and resetting data is written to smart chip card;And verifying client removes the safe shape of smart chip card
State is completed smart chip card access limit and is removed.
5, authentication mechanism is read between smart chip card and Verification System, as shown in Figure 5:
It verifies client and reads smart chip card unique encodings, and take random number to instruct to smart chip card transmission;
Smart chip card generates and returns random number R c to verifying client;
It verifies client and sends smart chip card unique encodings and random number R c to Verification System;
Verification System disperses to generate according to smart chip card unique encodings reads certification master key, and encrypted random number Rc is obtained
Authentication code Token1, Verification System generate random number R r, and return authentication code Token1 and random number R r to verifying client;Together
When,
Verification System obtains session key using the generated data for reading certification master key encryption random number R c and Rr, and uses
Session key encrypts smart chip card unique encodings and obtains verifying session key, addition smart chip card unique encodings and verifying meeting
Key is talked about to memory list, and timing removing keeps verifying session key time-out invalid;
It verifies client and sends the reading external authentication instruction comprising authentication code Token1 to smart chip card;
Smart chip card completes certification authentication code Token1 and returns to read external authentication result to verifying client;
It verifies client and sends reading internal authentication instruction to smart chip card;
Smart chip card obtains session key using the generated data for reading certification master key encryption random number R c and Rr, and makes
Verifying session key is obtained with session key encryption smart chip card unique encodings, and returns verifying session key to verifying client
End.
Smart chip card authentication and distant exit passageway of getting killed under the conditions of no special-purpose machines and tools reset data in creating a mechanism
Content is 255 byte full 0 xFF data informations, and is respectively written into corresponding service application data text in smart chip card file system
Preceding 255 byte of part;Service application data file includes text information file and image information file;It is dedicated when offline authentication
Equipment passes through preceding 255 byte for reading corresponding service application data file in smart chip card file system, if full 0 xFF, then
Smart chip card is canceled state.
Using the method for realizing the distant processing of getting killed of safety for smart chip card of the invention, there can be special-purpose machines and tools item
Smart chip card authentication is realized under part, canceled smart chip card is identified and establishes distant exit passageway of getting killed, including is realized
Authentication mechanism, intelligent core are read between reading authentication mechanism, Verification System and special-purpose machines and tools between special-purpose machines and tools and smart chip card
Authentication mechanism, smart chip card reset data and veritification mechanism are write between piece card and Verification System;And it can be in no special-purpose machines and tools
Under the conditions of realize smart chip card authentication, identify canceled smart chip card and establish distant exit passageway of getting killed, including intelligence
Read/write authentication mechanism, smart chip card reset data and veritification mechanism between energy chip card and Verification System, to realize height
Safely, highly reliable canceled smart chip card is distant gets killed, and effectively reduces the safety wind of smart chip card offline authentication inaccuracy
Danger.
In this description, the present invention is described with reference to its specific embodiment.But it is clear that can still make
Various modifications and alterations are without departing from the spirit and scope of the invention.Therefore, the description and the appended drawings should be considered as illustrative
And not restrictive.
Claims (23)
1. a kind of method for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that the method includes special
With realizing the step of smart chip card authentication and distant exit passageway of getting killed are established under the conditions of equipment, specifically includes the following steps:
(1-1) special-purpose machines and tools and smart chip card are completed two-way reading and are authenticated, and verifying client reads smart chip card unique encodings
With preceding 255 byte service application data;
(1-2) Verification System and special-purpose machines and tools negotiate verifying session key, and the verifying client is sent in Verification System
Line certification request information;
Verification System described in (1-3) returns data to client is verified, and carries out data integrity guarantor by verifying session key
Shield;
Verifying client described in (1-4) sends resetting request of data, and removes smart chip card safe condition and intelligent chip
Card access limit.
2. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (1-1) specifically includes the following steps:
(1-1.1) special-purpose machines and tools and smart chip card are authenticated by reading the two-way reading of authentication mechanism completion;
The unique encodings of (1-1.2) verifying client reading smart chip card and preceding 255 byte service application data, sentence
Whether disconnected preceding 255 byte service application data are resetting data, if it is, prompting canceled and exit step;Otherwise continue
Step (1-2).
3. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (1-2) specifically includes the following steps:
Verification System described in (1-2.1) and special-purpose machines and tools are completed to read two-way authentication and negotiate to verify session key;
Verifying client described in (1-2.2) sends online certification request information to Verification System, is made using verifying session key
Data integrity protection.
4. the method according to claim 3 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
On-line authentication solicited message be smart chip card unique encodings UID and special-purpose machines and tools unique encodings SAMID.
5. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (1-3) specifically includes the following steps:
Verification System described in (1-3.1) returns data to client is verified, and carries out data integrity by verifying session key
Protection;
Whether the state of (1-3.2) judgement smart chip card is normal, if it is, returning smart chip card service application
Data information and exit step;Otherwise, the Verification System and smart chip card are write double by writing authentication mechanism, completion between the two
To authenticating and negotiate distant session key of getting killed.
6. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (1-4) specifically includes the following steps:
Verifying client described in (1-4.1) sends resetting request of data to Verification System, makees data by distant session key of getting killed
Integrity protection;
Verification System described in (1-4.2) returns data to client is verified, and makees data integrity guarantor using distant session key of getting killed
Shield;
Resetting data are written to smart chip card in verifying client described in (1-4.3);
Verifying client described in (1-4.4) removes smart chip card safe condition, carries out the removing of smart chip card access limit.
7. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
Method further include the steps that having and realize under the conditions of special-purpose machines and tools and read authentication mechanism between Verification System and special-purpose machines and tools, it is specific to wrap
Include following steps:
(2-1) verifying client and special-purpose machines and tools transmission special-purpose machines and tools card unique encodings take random number to instruct and authentication code are taken to refer to
It enables, special-purpose machines and tools carry out encryption to random number R c and obtain authentication code Token1, and are returned to verifying client;
(2-2) Verification System protects master key, is closed by certification communications protection master key to random number R s and the decryption Rc' obtained
At dispersion factor encrypted, obtain authentication code Token2;
(2-3) special-purpose machines and tools obtain session key SK to certification communications protection master key PMENC2, and are added using session key SK
Close special-purpose machines and tools unique encodings SAMID obtains verifying session key;
Verification System described in (2-4) generates certification communications protection master key PMENC2, obtains verifying meeting by session key SK
It talks about key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list.
8. the method according to claim 7 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (2-1) specifically includes the following steps:
(2-1.1) verifies the special-purpose machines and tools card unique encodings that client reads special-purpose machines and tools;
Verifying client described in (2-1.2) takes random number to instruct to the special-purpose machines and tools transmission, and special-purpose machines and tools are returned random
Number Rc are to verifying client;
Verifying client described in (2-1.3) takes certification code instruction to special-purpose machines and tools transmission, and special-purpose machines and tools are obtained using dispersion
Certification communications protection master key carries out encryption to random number R c and obtains authentication code Token1, and is returned to verifying client.
9. the method according to claim 7 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that described
The step of (2-2) specifically includes the following steps:
(2-2.1) verifies client and sends special-purpose machines and tools unique encodings SAMID and authentication code Token1 to Verification System;
Verification System described in (2-2.2) disperses to generate certification communications protection master key, decryption according to special-purpose machines and tools unique encodings
Authentication code Token1 obtains random number R c' and generates random number R s, by certification communications protection master key to random number R s and Rc'
The dispersion factor of synthesis is encrypted, and authentication code Token2 is obtained;
Verification System described in (2-2.3) returns special-purpose machines and tools unique encodings and authentication code Token2, verifying to verifying client
Client sends authentication code Token2 to special-purpose machines and tools.
10. the method according to claim 7 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (2-3) specifically includes the following steps:
Special-purpose machines and tools decrypted authentication code Token2 described in (2-3.1) obtains Rc' and Rs', and is returned to verifying client;
Whether verifying client described in (2-3.2) compares Rc consistent with Rc', if it is, testing to special-purpose machines and tools transmission calculating
Demonstrate,prove session key instruction;Otherwise exit step;
Special-purpose machines and tools described in (2-3.3) use random number R c and Rs' as dispersion factor, to certification communications protection master key
PMENC2 dispersion obtains session key SK, and obtains verifying meeting using session key SK encryption special-purpose machines and tools unique encodings SAMID
Key is talked about, and returns verifying client.
11. the method according to claim 7 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (2-4) specifically includes the following steps:
Verification System described in (2-4.1) disperses to generate certification communications protection master key according to special-purpose machines and tools unique encodings
PMENC2, and random number R c' and Rs is used to generate session to certification communications protection master key PMENC2 dispersion as dispersion factor
Key SK;
Verification System described in (2-4.2) encrypts special-purpose machines and tools unique encodings SAMID by session key SK and obtains verifying session
Key, addition special-purpose machines and tools unique encodings SAMID and verifies the binding information of session key to memory list.
12. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
Realization smart chip card authentication is established with distant exit passageway of getting killed under the conditions of the method stated further includes the steps that no special-purpose machines and tools,
Specifically includes the following steps:
(3-1) Verification System and smart chip card negotiate verifying session key, and the verifying client is sent to Verification System
On-line authentication solicited message;
(3-2) Verification System returns data to client is verified, and makees data integrity protection using verifying session key, judges intelligence
Whether energy chip card state is normal, if it is, returning smart chip card service application data information and exit step;It is no
Then, Verification System and smart chip card write two-way authentication and negotiate distant session key of getting killed by writing authentication mechanism, completion between the two;
(3-3) verifies client and sends acquisition resetting request of data to Verification System, and it is complete to make data by distant session key of getting killed
Property protection, and remove smart chip card safe condition.
13. the method according to claim 12 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (3-1) specifically includes the following steps:
Verification System described in (3-1.1) is with smart chip card by reading authentication mechanism completion reading two-way authentication between the two and negotiating
Verify session key;
Verifying client described in (3-1.2) sends online certification request information to Verification System, is made using verifying session key
Data integrity protection.
14. the method according to claim 13 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The on-line authentication solicited message stated includes smart chip card unique encodings and special-purpose machines and tools unique encodings.
15. the method according to claim 12 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (3-3) specifically includes the following steps:
Verifying client described in (3-3.1) is sent to Verification System obtains resetting request of data, is made by distant session key of getting killed
Data integrity protection;
Verification System described in (3-3.2) returns resetting data to client is verified, and it is complete to make data by distant session key of getting killed
Property protection;
Resetting data are written to smart chip card in verifying client described in (3-3.3);
Verifying client described in (3-3.4) removes smart chip card safe condition, completes smart chip card access limit and removes.
16. the method according to claim 12 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The method stated, which further includes the steps that realizing under the conditions of no special-purpose machines and tools, reads authentication mechanism between Verification System and special-purpose machines and tools, specifically
The following steps are included:
(4-1) verifies client and reads smart chip card unique encodings, and smart chip card sends random number R c to verifying client;
The generated data of (4-2) Verification System encrypted random number Rc and Rr obtain session key, and encryption smart chip card is uniquely compiled
Code obtains verifying session key, addition smart chip card unique encodings and verifying session key to memory list;
Verifying client described in (4-3) and smart chip card are tested by reading external authentication instruction and reading internal authentication instruction
Demonstrate,prove session key.
17. the method according to claim 16 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (4-1) specifically includes the following steps:
Verifying client described in (4-1.1) reads smart chip card unique encodings, and takes random number to smart chip card transmission
Instruction;
Smart chip card described in (4-1.2) returns random number R c to verifying client;
Verifying client described in (4-1.3) sends smart chip card unique encodings and random number R c to Verification System.
18. the method according to claim 16 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (4-2) specifically includes the following steps:
Verification System described in (4-2.1) disperses to generate according to smart chip card unique encodings reads certification master key, and encryption is random
Number Rc obtains authentication code Token1, and Verification System generates random number R r, and returns authentication code Token1 and random number R r to verifying
Client;
Verification System described in (4-2.2) is close using the generated data acquisition session for reading certification master key encryption random number R c and Rr
Key, and verifying session key is obtained using session key encryption smart chip card unique encodings, addition smart chip card is uniquely compiled
Code and verifying session key arrive memory list, and timing remove make verify session key time-out in vain.
19. the method according to claim 16 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (4-3) specifically includes the following steps:
Verifying client described in (4-3.1) sends the reading external authentication comprising authentication code Token1 to smart chip card and instructs;
Smart chip card described in (4-3.2) carries out the certification of authentication code Token1, and returns and read external authentication result to verifying
Client;
Verifying client described in (4-3.3) is sent to smart chip card reads internal authentication instruction;
Smart chip card described in (4-3.4) obtains session using the generated data for reading certification master key encryption random number R c and Rr
Key, and verifying session key is obtained using session key encryption smart chip card unique encodings, and return verifying session key
To verifying client.
20. the method according to claim 1 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The method stated, which further includes the steps that realizing, writes authentication mechanism between smart chip card and Verification System, specifically includes the following steps:
(5-1) verify client read smart chip card unique encodings, smart chip card send smart chip card unique encodings and
Authentication code Token1 is to verifying client;
Verification System session key described in (5-2) encrypts smart chip card unique encodings and obtains distant session key of getting killed, and adds
Smart chip card unique encodings and distant session key binding information of getting killed are to memory list;
Verifying client described in (5-3) and smart chip card are distant by writing external authentication instruction and writing internal authentication instruction acquisition
It gets killed session key.
21. the method according to claim 20 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (5-1) specifically includes the following steps:
Verifying client described in (5-1.1) reads smart chip card unique encodings UID;
Verifying client described in (5-1.2) takes certification code instruction to smart chip card transmission, and smart chip card generates random number
Rc, and authentication code Token1 is obtained by verifying session key encrypted random number Rc, and return authentication code Token1 to verifying visitor
Family end;
Verifying client described in (5-1.3) sends smart chip card unique encodings and authentication code Token1 to Verification System.
22. the method according to claim 20 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (5-2) specifically includes the following steps:
Verification System described in (5-2.1) obtains Rc' by verifying session key decrypted authentication code Token1, according to intelligent chip
The dispersion of card unique encodings, which generates, writes certification master key, and use writes certification master key encryption Rc' and obtains authentication code Token2;
Verification System described in (5-2.2) generates random number R r, obtains authentication code Token3 by writing certification master key encryption Rr,
Dispersed to obtain session key according to Rc and Rr generated data, smart chip card unique encodings are encrypted by session key and obtain distant get killed
Session key, and smart chip card unique encodings and distant session key binding information of getting killed are added to memory list, and timing is removed
Keep distant session key time-out of getting killed invalid;
Verification System described in (5-2.3) returns authentication code Token2 and Token3 to verifying client.
23. the method according to claim 20 for realizing the distant processing of getting killed of safety for smart chip card, which is characterized in that institute
The step of stating (5-3) specifically includes the following steps:
Verifying client described in (5-3.1) sends to smart chip card and writes external authentication instruction comprising Token2;
The certification Token2 of smart chip card described in (5-3.2) and return write external authentication result to client is verified, if certification
Token2 failure, then exit, and otherwise, verifying client writes internal authentication instruction to smart chip card transmission;
Smart chip card decrypted authentication code Token3 described in (5-3.3) obtains Rr', by writing certification master key to Rr' and Rc
Generated data encryption obtains session key, encrypts smart chip card unique encodings by session key and obtains distant session key of getting killed,
And distant session key of getting killed is returned to verifying client.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910261847.8A CN110049025A (en) | 2019-04-02 | 2019-04-02 | The method for realizing the distant processing of getting killed of safety for smart chip card |
CN2019102618478 | 2019-04-02 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110278214A true CN110278214A (en) | 2019-09-24 |
CN110278214B CN110278214B (en) | 2020-05-01 |
Family
ID=67275889
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910261847.8A Pending CN110049025A (en) | 2019-04-02 | 2019-04-02 | The method for realizing the distant processing of getting killed of safety for smart chip card |
CN201910620824.1A Active CN110278214B (en) | 2019-04-02 | 2019-07-10 | Method for realizing safe remote killing processing aiming at intelligent chip card |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910261847.8A Pending CN110049025A (en) | 2019-04-02 | 2019-04-02 | The method for realizing the distant processing of getting killed of safety for smart chip card |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN110049025A (en) |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771680A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | Method for writing data to smart card, system and remote writing-card terminal |
CN202548899U (en) * | 2012-03-12 | 2012-11-21 | 上海电信科技发展有限公司 | Mobile one-card platform |
CN102945379A (en) * | 2012-06-27 | 2013-02-27 | 无锡北邮感知技术产业研究院有限公司 | Offline type bidirectional authentication method for card reader and label in RFID (radio frequency identification device) system |
US20130119128A1 (en) * | 2011-11-16 | 2013-05-16 | Hugo Straumann | Method and system for authenticating a user by means of an application |
CN103279775A (en) * | 2013-05-03 | 2013-09-04 | 无锡昶达信息技术有限公司 | RFID (Radio Frequency Identification) system capable of ensuring confidentiality and data integrity and implementation method thereof |
WO2013134536A1 (en) * | 2012-03-07 | 2013-09-12 | Frequency, Inc. | Systems, methods, apparatuses, and computer program products for facilitating interaction and interconnectivity in a live entertainment setting |
CN104579673A (en) * | 2014-03-06 | 2015-04-29 | 上海励识电子科技有限公司 | Interactive authentication method between RFID card and card reader |
CN105190638A (en) * | 2013-03-14 | 2015-12-23 | 柯惠有限合伙公司 | Rfid secure authentication |
CN105636012A (en) * | 2014-10-27 | 2016-06-01 | 中国移动通信集团公司 | Writing card method, smart card, and writing card platform and system |
CN106411522A (en) * | 2015-08-03 | 2017-02-15 | 中兴通讯股份有限公司 | Online authentication method based on intelligent card, the intelligent card and authentication server |
CN108075894A (en) * | 2016-11-17 | 2018-05-25 | 广州大白互联网科技有限公司 | A kind of authentication on-line processing method and system |
CN109413648A (en) * | 2018-10-26 | 2019-03-01 | 国民技术股份有限公司 | Access control method, terminal, smart card, background server and storage medium |
-
2019
- 2019-04-02 CN CN201910261847.8A patent/CN110049025A/en active Pending
- 2019-07-10 CN CN201910620824.1A patent/CN110278214B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771680A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | Method for writing data to smart card, system and remote writing-card terminal |
US20130119128A1 (en) * | 2011-11-16 | 2013-05-16 | Hugo Straumann | Method and system for authenticating a user by means of an application |
WO2013134536A1 (en) * | 2012-03-07 | 2013-09-12 | Frequency, Inc. | Systems, methods, apparatuses, and computer program products for facilitating interaction and interconnectivity in a live entertainment setting |
CN202548899U (en) * | 2012-03-12 | 2012-11-21 | 上海电信科技发展有限公司 | Mobile one-card platform |
CN102945379A (en) * | 2012-06-27 | 2013-02-27 | 无锡北邮感知技术产业研究院有限公司 | Offline type bidirectional authentication method for card reader and label in RFID (radio frequency identification device) system |
CN105190638A (en) * | 2013-03-14 | 2015-12-23 | 柯惠有限合伙公司 | Rfid secure authentication |
CN103279775A (en) * | 2013-05-03 | 2013-09-04 | 无锡昶达信息技术有限公司 | RFID (Radio Frequency Identification) system capable of ensuring confidentiality and data integrity and implementation method thereof |
CN104579673A (en) * | 2014-03-06 | 2015-04-29 | 上海励识电子科技有限公司 | Interactive authentication method between RFID card and card reader |
CN105636012A (en) * | 2014-10-27 | 2016-06-01 | 中国移动通信集团公司 | Writing card method, smart card, and writing card platform and system |
CN106411522A (en) * | 2015-08-03 | 2017-02-15 | 中兴通讯股份有限公司 | Online authentication method based on intelligent card, the intelligent card and authentication server |
CN108075894A (en) * | 2016-11-17 | 2018-05-25 | 广州大白互联网科技有限公司 | A kind of authentication on-line processing method and system |
CN109413648A (en) * | 2018-10-26 | 2019-03-01 | 国民技术股份有限公司 | Access control method, terminal, smart card, background server and storage medium |
Non-Patent Citations (1)
Title |
---|
陈嘉懿,: ""RFID通用数据交换平台建设研究"", 《图书情报工作》 * |
Also Published As
Publication number | Publication date |
---|---|
CN110278214B (en) | 2020-05-01 |
CN110049025A (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
CN105160242B (en) | Certificate loading method, certificate update method and the card reader of a kind of card reader | |
EP3120593A2 (en) | Systems and methods for creating fingerprints of encryption devices | |
CN105391695A (en) | Terminal registration method and verification method | |
CN106899551A (en) | Authentication method, certification terminal and system | |
CN109768983A (en) | Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain | |
CN108768963A (en) | The communication means and system of trusted application and safety element | |
CN107967605B (en) | Rail transit automatic fare collection two-dimensional code credit payment encryption method | |
CN102238193A (en) | Data authentication method and system using same | |
CN106572082A (en) | Approval signature verifying method, mobile device, terminal device and system | |
CN109741800A (en) | The method for security protection of medical data intranet and extranet interaction based on block chain technology | |
CN103345703A (en) | Banking transaction authentication method and system based on image authentication | |
CN106067205A (en) | A kind of gate inhibition's method for authenticating and device | |
CN106296177A (en) | Data processing method based on bank's Mobile solution and equipment | |
CN105978855A (en) | System and method for protecting personal information security in real-name system | |
CN105608775B (en) | A kind of method of authentication, terminal, access card and SAM card | |
CN109711174A (en) | Data capture method, device, equipment and storage medium | |
CN108460597A (en) | A kind of key management system and method | |
CN108599932A (en) | A kind of identity identifying method for electric system | |
CN107196973A (en) | A kind of data encryption, decryption method and device | |
CN106557682B (en) | The authority checking method and device of softdog | |
CN105516210A (en) | System and method for terminal security access authentication | |
CN107294988A (en) | A kind of auth method and its system based on bank's identity information and eID | |
CN105844723B (en) | PSAM card safeguard management method and system | |
CN106599626A (en) | Application program authorization authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |