CN111292089A - PSAM card protection management method and PSAM card - Google Patents
PSAM card protection management method and PSAM card Download PDFInfo
- Publication number
- CN111292089A CN111292089A CN202010089483.2A CN202010089483A CN111292089A CN 111292089 A CN111292089 A CN 111292089A CN 202010089483 A CN202010089483 A CN 202010089483A CN 111292089 A CN111292089 A CN 111292089A
- Authority
- CN
- China
- Prior art keywords
- terminal
- psam card
- result
- instruction
- threshold value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 11
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 claims description 29
- 101150115300 MAC1 gene Proteins 0.000 claims description 29
- 230000005540 biological transmission Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 7
- 238000000034 method Methods 0.000 abstract description 22
- 230000004048 modification Effects 0.000 abstract description 4
- 238000012986 modification Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 18
- 239000006185 dispersion Substances 0.000 description 8
- 238000005265 energy consumption Methods 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000012360 testing method Methods 0.000 description 4
- 102100041003 Glutamate carboxypeptidase 2 Human genes 0.000 description 3
- 101000892862 Homo sapiens Glutamate carboxypeptidase 2 Proteins 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 229920001481 poly(stearyl methacrylate) Polymers 0.000 description 3
- 101100289995 Caenorhabditis elegans mac-1 gene Proteins 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 1
- 102100039558 Galectin-3 Human genes 0.000 description 1
- 102100040468 Guanylate kinase Human genes 0.000 description 1
- 101100453821 Homo sapiens GUK1 gene Proteins 0.000 description 1
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 1
- 101150051246 MAC2 gene Proteins 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a PSAM card protection management method and a PSAM card, wherein the PSAM card protection management method comprises the following steps: the method comprises the following steps: (1) the PSAM card receives a first instruction of the terminal; (2) the PSAM card judges whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value; (3) if the difference value is larger than a threshold value, the PSAM is locked and applied; and if the difference is smaller than or equal to the threshold value, the PSAM card calculates a first result, sends the terminal transaction serial number and the first result to the terminal, and enters a verification state of a second result. The protection management method and the PSAM card can achieve the purpose of protecting the main working key of the PSAM card from side channel attack. The invention does not influence the transaction flow of the PSAM card and has low modification cost; and the normal use of the PSAM card and the terminal which are already put on the market is not influenced.
Description
Technical Field
The invention belongs to the field of intelligent security management, and particularly relates to a PSAM card protection management method and a PSAM card.
Background
The PSAM card, namely a terminal security control module, conforms to the PSAM card specification of Chinese financial integrated circuits (IC cards) and the international standards of the series of ISO/IEC 7816-1/2/3/4; the method supports one card and multiple applications, supports multiple file types, supports multiple safe access modes and authorities, supports a multi-level key distribution mechanism, supports multiple communication protocols and the like; the method is mainly applied to equipment such as commercial POS, direct connection terminals, network point terminals, bus-mounted terminals and the like.
The PSAM card master working key, namely the consumption root key, generates a temporary key for the consumption transaction by performing multi-level dispersion on specific data and random numbers generated by the IC card in the process of executing consumption by an application, and the master working key cannot be read and cannot be used for other purposes. The consumption root key is the root key of the whole system, if the consumption root key is stolen or illegally used, a large number of false cards can be forged, all the bank IC cards or traffic IC cards and the like have to be stopped to be used, and therefore political and economic significant loss is caused.
The existing PSAM card does not protect the dispersion process of the main working key in a protection mechanism, certain risks exist, the transaction flow of the PSMA card which is put into use is fixed, and protection improvement on the PSAM card which is put into market and the terminal is extremely important on the basis of the PSAM card so as not to influence the normal use of the PSAM card and the terminal.
Disclosure of Invention
The invention aims to provide a PSAM card protection management method and a manager, which achieve the purpose of protecting a main working key of a PSAM card from side channel attack.
In order to achieve the purpose, the invention adopts the following technical scheme:
a PSAM card protection management method comprises the following steps: (1) the PSAM card receives a first instruction of the terminal; (2) the PSAM card judges whether the difference value between the number of times of receiving the first instruction and the generation number of times of the terminal transaction serial number is greater than a threshold value; (3) if the difference value is larger than a threshold value, the PSAM is locked and applied; and if the difference is smaller than or equal to the threshold value, the PSAM card calculates a first result and sends a terminal transaction serial number and the first result to the terminal.
Further, after the step (3) of sending the terminal transaction number and the first result to the terminal, the method further includes: a verification state of the second result is entered.
Preferably, the first result is MAC1 and the second result is MAC 2.
Preferably, the steps (2) and (3) specifically include: a. setting a counter, recording the number of times of receiving a first instruction of a terminal as A, wherein A is originally 0, automatically adding 1 to A every time the first instruction is received for 1 time, and setting a threshold value CxRecording the generation times of the terminal transaction serial number as C, wherein C is originally 0; the PSAM card receives a first instruction of the terminal, then A is automatically added with 1, and delta A is calculated to be A-C, if delta A is larger than a threshold value CxThen PSAM latch is applied, if Δ A is less than or equal to threshold value CxThe PSAM card calculates a first result, sends the terminal transaction serial number and the first result to the terminal, and automatically adds 1 to the terminal transaction serial number C after the second result is verified, that is, a is equal to C.
Preferably, a is reset to terminal transaction number C when unlocked after the PSAM card lock application.
Preferably, said A and CxCannot be directly modified by an external command.
A PSAM card comprising: (1) the receiving module is used for receiving a first instruction of the terminal; (2) a counter for counting the number of times the first instruction is received; (3) the judging module is used for judging whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value or not; (4) an execution module to lock the application if the difference is greater than a threshold; (5) the processing module is used for calculating a first result according to the first instruction if the difference value is smaller than a threshold value; (6) and the transmission module is used for sending the terminal transaction serial number and the first result to the terminal.
And if the judging module judges that the difference value between the times of generating the first instruction and the terminal transaction serial number is less than the threshold value, the execution module does not lock the application and enters a verification state of a second result.
Preferably, the first result is MAC1 and the second result is MAC 2.
Specifically, the counter records the number of times that the receiving module receives a first instruction of the terminal as a, where a is originally 0, and each time 1 time the first instruction is received, a automatically adds 1, records the number of times of generating a transaction serial number of the terminal as C, where C is originally 0, and the PSAM card sets a threshold value Cx(ii) a The receiving module receives a first instruction of the terminal, A is automatically added with 1, the judging module calculates delta A as A-C, and if delta A is larger than a threshold value CxIf yes, executing the module lock application, and resetting the A to be the terminal transaction serial number C when unlocking; if Δ A is less than or equal to the threshold value CxThen, the processing module calculates the first result, and the transmission module sends the terminal transaction serial number and the first result to the terminal, and after the second result is verified, the terminal transaction serial number C is automatically added with 1, that is, a is equal to C.
The invention has the following advantages:
1. the invention does not influence the transaction flow of the PSAM card, and has lower modification cost; the normal use of the PSAM card and the terminal which are already put on the market is not influenced.
2. The invention can achieve the purpose of preventing the PSAM card master working key from being attacked by a side channel.
Drawings
FIG. 1 is a flow chart of consumption involving PSAM cards;
FIG. 2 is a flow chart of a PSAM protection management method of the present invention;
FIG. 3 is a diagram of a PSAM card according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to specific examples. These embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. The description which follows is a preferred embodiment of the invention, but is made for the purpose of illustrating the general principles of the invention and not for the purpose of limiting the scope of the invention. The scope of the present invention is defined by the appended claims.
The basic idea of a power analysis attack is to obtain its key by analyzing the power consumption of a cryptographic device. Essentially, this attack exploits two types of energy consumption dependencies: data dependencies and operation dependencies, i.e. the instantaneous energy consumption of a cryptographic device, depend on the data processed by the device and the operations performed by the device.
Energy analysis attacks are classified into simple energy analysis (SPA) and differential energy analysis (DPA).
SPA: the SPA is a technology capable of directly analyzing energy consumption information collected in the execution process of cryptographic algorithms, and each algorithm in the cryptographic equipment has a certain execution sequence. The algorithmically defined operations are translated into instructions supported by the device. If an attacker has detailed knowledge on the specific implementation of the cryptographic algorithm in the attacked device, the power consumption curve corresponding to each operation instruction can be distinguished from the energy trace. Namely SPA attacks analyze the energy consumption of a device mainly along the time axis. An attacker tries to find a certain pattern in a single energy trace or to match a template. If a particular instruction is executed only if a bit of the key is 1 and another instruction is executed only if a bit of the key is 0, then the key can be inferred by looking at the sequence of instructions embodied in the energy trace.
DPA: the goal of DPA attacks is to record the energy trace of a cryptographic device when it performs an encryption or decryption operation on a large number of different data packets, and to recover the keys in the cryptographic device based on the energy trace. DPA attacks analyze the dependency between the energy consumption at fixed time instants and the processed data. There is a general attack strategy for DPA attacks. First, an intermediate value of the executed algorithm is selected, and when the device executes the cryptographic algorithm using a different data input, the energy trace collected corresponds to the energy consumption of the device. The selected intermediate value is part of the algorithm, so that during different executions of the algorithm the device has to calculate different intermediate values vck. So that at a certain position of the energy track the recorded energy track depends on these intermediate values. This position of the energy trace is denoted ctI.e. column tctContains all the dependency on the intermediate value vckThe energy consumption value of (1). Based on vckThe attacker simulates the assumed energy consumption value hckThus column hckAnd tctAre closely related.
The consumption process of the PSAM card is shown in the attached figure 1, wherein the key processes are generation of MAC1 and verification of MAC2, MAC1 plays a role in authentication of the PSAM card by a user IC card, and a master working key (root consumption key) generates MAC1 through the following dispersion process:
a) PSAM disperses the examination city mark with GMPK (national consumption master key, i.e. master working key) to obtain secondary consumption master key BMPK;
b) the PSAM disperses the member row identification by using the BMPK to obtain a member row consumption master key MPK;
c) the PSAM uses MPK to disperse the serial number of the card application in the PSAM to obtain a card consumption sub-key DPK;
d) the PSAM encrypts a pseudo-random number, an offline transaction serial number and a terminal transaction serial number transmitted by the card by using the DPK in the PSAM to obtain a process key SESPK which is stored in the card as a temporary key;
e) the PSAM encrypts the transaction amount, transaction type identifier, terminal number, transaction date (terminal) and transaction time (terminal) with SESPK to obtain MAC1, and sends MAC 1.
The existing PSAM card does not protect the dispersion process of the master working key in the protection mechanism, for example, in the dispersion of step a), the PSAM card does not determine whether the received test point city identifier really exists (the PSMA card cannot store all the test point city identifiers in the PSAM card in advance for the reason of the memory to determine the authenticity of the test point city identifier).
When we use side channel attacks in practical application scenarios, two types of conditions need to be satisfied:
1. the plaintext is known and a large number of power consumption curves can be collected;
2. the ciphertext is known and a large number of curves can be collected.
The generation of MAC1 just satisfies the side channel attack preconditions that are known in the clear and that can collect a large number of curves.
By utilizing the point, a dispersion factor of 8 bytes in a) step such as a test point city identifier (the dispersion factor is obtained by inverting 8 bytes of data and the 8 bytes of data to be used as a plaintext input in a real dispersion process) is set as a random number, and the random number is used as an input of an encryption algorithm, and power consumption collection is carried out during encryption, so that side channel attack is implemented.
The power consumption curve and data acquisition process are as follows:
1) the terminal sends an instruction to perform cold reset on the PSAM card, and the PSAM card returns ATR.
2) The terminal sends a MAC1 generation instruction, and the PSAM card returns the terminal transaction serial number + MAC 1.
Acquiring a power consumption curve in the step 2), and storing required data for side channel analysis, namely, a distributed primer used in the key distribution step a when the MAC1 is generated, and recording the distributed primer as Random _ number; assuming that the algorithm used by the PSAM card is a TDES algorithm, if a first TDES is attacked, the Random _ number is stored, and if a second TDES is attacked, the value of the Random _ number after bitwise negation is stored; assuming that the algorithm used by the PSAM card is SM4 algorithm, the stored plaintext data is the Random _ number and the value of the Random _ number after bitwise negation.
By utilizing the acquisition process, a large number of power consumption curves capable of implementing side channel attack can be acquired, and then the main working key can be cracked by utilizing the side channel attack.
The invention improves the aim of preventing the PSAM card from side channel attack.
Review two conditions for implementing a side channel attack: a large number of power consumption curves need to be collected, if the plaintext or the ciphertext is known, if the plaintext or the ciphertext is damaged, namely, the collection of the large number of power consumption curves is limited in the transaction flow, the purpose of protecting a main working key of the PSAM card from side channel attack can be achieved. The transaction flow of the currently used PSMA card is already fixed, and in order to not affect the normal use of the PSAM card and the terminal that are already put into the market, the following scheme may be adopted in consideration of reducing the change of the execution flow in the PSAM card consumption process as much as possible:
example 1
Fig. 2 is a flowchart of a PSAM card protection management method of the present invention, which includes:
(1) the PSAM card receives a first instruction of the terminal;
(2) the PSAM card judges whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value;
(3) if the difference value is larger than a threshold value, the PSAM is locked and applied; and if the difference is smaller than or equal to the threshold value, the PSAM card calculates a first result and sends the terminal transaction serial number and the first result to the terminal, and under the condition, the PSAM card is unlocked to be applied and enters a verification state of a second result.
Example 2
The embodiment of the invention further comprises a PSAM card protection management method, which comprises the following steps:
(1) the PSAM card receives an MAC1 calculation instruction of the terminal;
(2) the PSAM card judges whether the difference value between the number of times of receiving the MAC1 calculation instruction and the terminal transaction serial number is greater than a threshold value;
(3) if the difference value is larger than a threshold value, the PSAM is locked and applied; if the difference is less than or equal to the threshold value, the PSAM card calculates the MAC1 and sends the terminal transaction serial number and the first result MAC1 to the terminal, in this case, the PSAM card does not lock the application and enters the verification state of the MAC 2.
In the above specific embodiments 1 and 2 of the present invention, the steps (2) and (3) specifically include: a. setting a counter, recording the number of times of receiving a first instruction of a terminal as A, wherein A is originally 0, automatically adding 1 to A every time the first instruction is received for 1 time, and setting a threshold value CxRecording the generation times of the terminal transaction serial number as C, wherein C is originally 0; the PSAM card receives a first instruction of the terminal, then A is automatically added with 1, and delta A is calculated to be A-C, if delta A is larger than a threshold value CxThen PSAM latch is applied, if Δ A is less than or equal to threshold value CxThe PSAM card calculates the first result, sends the first result and the terminal transaction serial number to the terminal, and automatically adds 1 to the terminal transaction serial number C after the second result is verified, that is, a is equal to C.
When unlocking after the PSAM card lock application, A is reset to a terminal transaction serial number C, and A and CxCannot be directly modified by an external command.
In an actual use scenario, the PSAM card adopting the scheme executes the MAC1 generation instruction by the following process:
receiving an MAC1 calculation instruction of a terminal by a PSAM card, automatically adding 1 to A, calculating delta A to be A-C, and if delta A is larger than an upper limit CxIf so, the PSAM card lock is applied; if Δ A is less than or equal to the upper limit CxExecuting the step 2;
2. calculating MAC1 according to a normal MAC1 calculation process; then, returning a terminal transaction serial number and MAC1 to the terminal according to a normal MAC1 generation process;
the PSAM card enters the verification state of MAC 2.
As can be seen from the above process of executing the MAC1 generated instruction, the process of executing the MAC1 generated instruction has only 1 step more (a is automatically 1, and Δ a is calculated as a-C, if Δ a is greater than the threshold CxThen PSAM latch is applied, if Δ A is less than or equal to threshold value Cx) The calculation and result comparison process of (2) is automatically carried out after the PSAM card normally returns the terminal transaction serial number and the MAC1, and the interaction flow and increase of the terminal and the PSAM card are carried out in the actual use processThe interaction flow before the scheme is added has no difference.
Since the pseudo card cannot perform a complete consumption transaction, the difference ceiling CxDetermining the number of times of communication between the pseudo card and the PSAM card to generate MAC1, and further determining the number of power consumption curves which can be collected by an attacker, if CxLess than the number of power consumption curves expected by an attacker, the side channel attack risk can be effectively resisted. When C is presentxThe set value is too large, the risk of the attack of the main working key also exists, and the C can be flexibly adjusted according to the actual service requirementxSize to meet practical needs.
Example 3
Fig. 3 is a structural diagram of a PSAM card of the present invention, which includes:
(1) the receiving module is used for receiving a first instruction of the terminal;
(2) the counter is used for counting the times of the received first instruction;
(3) the judging module is used for judging whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value or not;
(4) an execution module to lock the application if the difference is greater than a threshold;
(5) the processing module is used for calculating a first result according to the first instruction if the difference value is smaller than a threshold value;
(6) and the transmission module is used for sending the terminal transaction serial number and the first result to the terminal, and the execution module enters a verification state of a second result without locking the application at the moment.
Example 4
The PSAM card of the embodiment of the invention further comprises:
A. the receiving module is used for receiving a MAC1 calculation instruction of the terminal;
B. the counter is used for counting the times of the received first instruction;
C. the judging module is used for judging whether the difference value between the number of times of generating the MAC1 and the terminal transaction serial number is larger than a threshold value or not;
D. an execution module to lock the application if the difference is greater than a threshold;
E. the processing module is used for calculating the MAC1 according to the first instruction if the difference value is smaller than a threshold value;
F. the transmission module is used for sending the terminal transaction serial number and the MAC1 to the terminal; at this point the execution module does not lock the application and enters the verification state of MAC 2.
Specifically, in the PSAM card of embodiments 3 and 4, the counter records the number of times that the receiving module receives the first instruction of the terminal as a, where a is originally 0, and each time 1 time the first instruction is received, a automatically adds 1, records the transaction serial number of the terminal as C, where C is originally 0, and the PSAM card sets the threshold value Cx(ii) a The receiving module receives a first instruction of the terminal, A is automatically added with 1, the judging module calculates delta A as A-C, and if delta A is larger than a threshold value CxExecuting the module lock application, if delta A is less than or equal to the threshold value CxThen, the processing module calculates the first result, and the transmission module sends the terminal transaction serial number and the first result to the terminal, and after the second result is verified, the terminal transaction serial number C is automatically added with 1, that is, a is equal to C.
It should be noted that when the unlocking is performed after the PSAM card lock application, A is reset to the terminal transaction serial number C, and A and C arexCannot be directly modified by an external command.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. A PSAM card protection management method is characterized by comprising the following steps: (1) the PSAM card receives a first instruction of the terminal; (2) the PSAM card judges whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value; (3) if the difference value is larger than a threshold value, the PSAM is locked and applied; and if the difference is smaller than or equal to the threshold value, the PSAM card calculates a first result and sends a terminal transaction serial number and the first result to the terminal.
2. The protection management method according to claim 1, wherein after the step (3) of sending the terminal transaction number and the first result to the terminal, further comprising: a verification state of the second result is entered.
3. The PSAM card protection management method of claim 2, wherein the first result is MAC1 and the second result is MAC 2.
4. A PSAM card protection management method according to any of claims 2 to 3, wherein said steps (2) and (3) specifically include: a. setting a counter, recording the number of times of receiving a first instruction of a terminal as A, wherein A is originally 0, automatically adding 1 to A every time the first instruction is received for 1 time, and setting a threshold value CxRecording the terminal transaction serial number as C, wherein C is originally 0; the PSAM card receives a first instruction of the terminal, then A is automatically added with 1, and delta A is calculated to be A-C, if delta A is larger than a threshold value CxThen PSAM latch is applied, if Δ A is less than or equal to threshold value CxThe PSAM card calculates a first result, sends the terminal transaction number and the first result to the terminal, and automatically adds 1 to the terminal transaction number C after the second result is verified, that is, a is equal to C.
5. The PSAM card protection management method of claim 4, wherein a is reset to terminal transaction serial number C when unlocking occurs after the PSAM card lock application.
6. The PSAM card protection management method of claim 5, wherein A and CxCannot be directly modified by an external command.
7. A PSAM card, comprising: (1) the receiving module is used for receiving a first instruction of the terminal; (2) a counter for counting the number of times the first instruction is received; (3) the judging module is used for judging whether the difference value between the number of times of receiving the first instruction and the terminal transaction serial number is greater than a threshold value or not; (4) an execution module to lock the application if the difference is greater than a threshold; (5) the processing module is used for calculating a first result according to the first instruction if the difference value is smaller than a threshold value; (6) and the transmission module is used for sending the terminal transaction serial number and the first result to the terminal.
8. The PSAM card of claim 7, wherein if the difference is less than a threshold, the transmission module sends the terminal transaction serial number and a first result, and then enters a verification state for a second result.
9. The PSAM card of claim 8, wherein the first result is MAC1 and the second result is MAC 2.
10. A PSAM card according to any of claims 8 to 9, wherein said counter records the number of times a first command is received by the receiving module at the terminal as a, where a is originally 0, and for each 1 time said first command is received, a automatically increments by 1, records the terminal transaction number as C, where C is originally 0, and said PSAM card sets a threshold value Cx(ii) a The receiving module receives a first instruction of the terminal, A is automatically added with 1, the judging module calculates delta A as A-C, and if delta A is larger than a threshold value CxIf yes, executing the module lock application, and resetting the A to be the terminal transaction serial number C when unlocking; if Δ A is less than or equal to the threshold value CxThen, the processing module calculates the first result, and the transmission module sends the terminal transaction serial number and the first result to the terminal, and after the second result is verified, the terminal transaction serial number C is automatically added with 1, that is, a is equal to C.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010089483.2A CN111292089A (en) | 2020-02-12 | 2020-02-12 | PSAM card protection management method and PSAM card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010089483.2A CN111292089A (en) | 2020-02-12 | 2020-02-12 | PSAM card protection management method and PSAM card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111292089A true CN111292089A (en) | 2020-06-16 |
Family
ID=71025386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010089483.2A Pending CN111292089A (en) | 2020-02-12 | 2020-02-12 | PSAM card protection management method and PSAM card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111292089A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113298965A (en) * | 2021-04-15 | 2021-08-24 | 北京云星宇交通科技股份有限公司 | Method and system for preventing PSAM card locking of ETC lane system |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5550919A (en) * | 1993-05-26 | 1996-08-27 | Gemplus Card International | Method and device for limiting the number of authentication operations of a chip card chip |
| WO1999064996A1 (en) * | 1998-06-05 | 1999-12-16 | Landis & Gyr Communications S.A.R.L. | Preloaded ic-card and method for authenticating the same |
| CN1333904A (en) * | 1998-11-18 | 2002-01-30 | 格姆普拉斯公司 | Method for controlling the use of smart card |
| JP2004240546A (en) * | 2003-02-04 | 2004-08-26 | Toppan Printing Co Ltd | Installation method, installation system and its program |
| CN1859734A (en) * | 2005-10-10 | 2006-11-08 | 华为技术有限公司 | Controlled key updating method |
| JP2007072777A (en) * | 2005-09-07 | 2007-03-22 | Oki Electric Ind Co Ltd | Transaction system |
| CN101572889A (en) * | 2009-06-11 | 2009-11-04 | 北京握奇数据系统有限公司 | SIM card authentication method and device thereof |
| CN101577906A (en) * | 2009-06-12 | 2009-11-11 | 大唐微电子技术有限公司 | Smart card and terminal capable of realizing machine card security authentication |
| CN101938357A (en) * | 2010-08-19 | 2011-01-05 | 北京快通高速路电子收费系统有限公司 | Method based on off-line authorization of safety access module, card tool and authentication card |
| CN104754574A (en) * | 2013-12-26 | 2015-07-01 | 中国移动通信集团公司 | SIM card, anti-cloning method thereof and device |
| CN105631670A (en) * | 2015-12-31 | 2016-06-01 | 深圳前海微众银行股份有限公司 | Method and device of cloud end payment |
| CN105787727A (en) * | 2016-02-24 | 2016-07-20 | 恒宝股份有限公司 | HCE offline payment system and realization method |
| CN109272609A (en) * | 2018-08-19 | 2019-01-25 | 天津新泰基业电子股份有限公司 | A kind of CPU safety door inhibition control method and system |
-
2020
- 2020-02-12 CN CN202010089483.2A patent/CN111292089A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5550919A (en) * | 1993-05-26 | 1996-08-27 | Gemplus Card International | Method and device for limiting the number of authentication operations of a chip card chip |
| WO1999064996A1 (en) * | 1998-06-05 | 1999-12-16 | Landis & Gyr Communications S.A.R.L. | Preloaded ic-card and method for authenticating the same |
| CN1333904A (en) * | 1998-11-18 | 2002-01-30 | 格姆普拉斯公司 | Method for controlling the use of smart card |
| JP2004240546A (en) * | 2003-02-04 | 2004-08-26 | Toppan Printing Co Ltd | Installation method, installation system and its program |
| JP2007072777A (en) * | 2005-09-07 | 2007-03-22 | Oki Electric Ind Co Ltd | Transaction system |
| CN1859734A (en) * | 2005-10-10 | 2006-11-08 | 华为技术有限公司 | Controlled key updating method |
| CN101572889A (en) * | 2009-06-11 | 2009-11-04 | 北京握奇数据系统有限公司 | SIM card authentication method and device thereof |
| CN101577906A (en) * | 2009-06-12 | 2009-11-11 | 大唐微电子技术有限公司 | Smart card and terminal capable of realizing machine card security authentication |
| CN101938357A (en) * | 2010-08-19 | 2011-01-05 | 北京快通高速路电子收费系统有限公司 | Method based on off-line authorization of safety access module, card tool and authentication card |
| CN104754574A (en) * | 2013-12-26 | 2015-07-01 | 中国移动通信集团公司 | SIM card, anti-cloning method thereof and device |
| CN105631670A (en) * | 2015-12-31 | 2016-06-01 | 深圳前海微众银行股份有限公司 | Method and device of cloud end payment |
| CN105787727A (en) * | 2016-02-24 | 2016-07-20 | 恒宝股份有限公司 | HCE offline payment system and realization method |
| CN109272609A (en) * | 2018-08-19 | 2019-01-25 | 天津新泰基业电子股份有限公司 | A kind of CPU safety door inhibition control method and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113298965A (en) * | 2021-04-15 | 2021-08-24 | 北京云星宇交通科技股份有限公司 | Method and system for preventing PSAM card locking of ETC lane system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1903469B1 (en) | Tag privacy protecting method, tag device, programs therefor and recording medium carrying such programs in storage | |
| CN101419652B (en) | Software and hardware combined program protecting method | |
| CN1889432B (en) | Long-distance password identifying method based on smart card, smart card, server and system | |
| CN109417481A (en) | Safety is improved by the temporary key of the virtual non-contact card of software in mobile phone | |
| CN102394753B (en) | RFID (Radio Frequency Identification Device) mutual authentication method based on secret key and cache mechanism | |
| Cortese et al. | Efficient and practical authentication of PUF-based RFID tags in supply chains | |
| CN112468995B (en) | Searchable encryption privacy protection method and system based on Internet of vehicles | |
| Berbain et al. | An efficient forward private RFID protocol | |
| CN107438230A (en) | Safe wireless ranging | |
| Chothia et al. | Modelling and analysis of a hierarchy of distance bounding attacks | |
| CN102081744A (en) | Path identification system and secure interaction method thereof | |
| CN109272609A (en) | A kind of CPU safety door inhibition control method and system | |
| EP2670080A1 (en) | Data protection system and method | |
| CN102255727B (en) | Improved anti-attacking intelligent card authentication method based on user defined algorithm environment | |
| CN111292089A (en) | PSAM card protection management method and PSAM card | |
| Huang et al. | A novel identity authentication for FPGA based IP designs | |
| CN105897401A (en) | Bit-based universal differential power consumption analysis method and system | |
| CN106778251A (en) | Prevent the password authentication method of Replay Attack | |
| CN107634828A (en) | A kind of method for strengthening agreement resistance desynchronization attacking ability | |
| Peng et al. | A secure RFID ticket system for public transport | |
| Weiner et al. | Security analysis of a widely deployed locking system | |
| Cervesato | Towards a notion of quantitative security analysis | |
| Song | Server impersonation attacks on RFID protocols | |
| Cai et al. | Enabling secure secret updating for unidirectional key distribution in RFID-enabled supply chains | |
| CN117850700B (en) | Method for controlling read-write of mobile storage medium file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200616 |