CN111510416A - Data information transmission method, electronic device and readable storage medium - Google Patents
Data information transmission method, electronic device and readable storage medium Download PDFInfo
- Publication number
- CN111510416A CN111510416A CN201910098813.1A CN201910098813A CN111510416A CN 111510416 A CN111510416 A CN 111510416A CN 201910098813 A CN201910098813 A CN 201910098813A CN 111510416 A CN111510416 A CN 111510416A
- Authority
- CN
- China
- Prior art keywords
- gateway
- certificate
- verification terminal
- request
- card reading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 105
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 391
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 22
- 238000004590 computer program Methods 0.000 claims description 15
- 230000004044 response Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 6
- 231100000279 safety data Toxicity 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method for transmitting data information includes sending request for establishing secure channel in response to received magnetic card feedback information, forwarding request for authenticating bidirectional certificate sent by authentication terminal, forwarding gateway certificate sent by gateway, sending request for obtaining authentication terminal certificate in response to passing of authentication of gateway certificate, receiving authentication terminal certificate, sending request for generating session key, receiving session key, sending authentication terminal certificate and session key, forwarding gateway authentication end information sent by gateway and sending authentication end notice sent by authentication terminal. The embodiment of the invention can realize the bidirectional authentication of the verification terminal certificate and the gateway certificate, establish a safe data transmission channel and improve the safety of subsequent data information transmission.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a data information transmission method, electronic equipment and a readable storage medium.
Background
The existing process of identifying data information in a magnetic card chip generally has two methods, wherein the first method comprises the following steps: a decryption module is embedded in the local recognizer, the local recognizer is communicated with a node (a host computer) through a USB, the local recognizer is used for locally recognizing the information in the magnetic card chip, and the recognized information is directly displayed on a computer screen. The second method comprises the following steps: and a decryption module is embedded in the cloud server, and the information in the magnetic card chip is remotely identified through the cloud server. The local identification method can only carry out effective identification by storing corresponding information in the decryption module, the price of the decryption module is higher, the cost of one decryption module arranged in each host is higher, and meanwhile, the decryption module can not update the stored information in real time, so that the identification has limitation. The existing remote identification is to transmit data through an open internet environment, and the data is not encrypted and protected in the transmission process and is easily replaced or tampered by a host end, so that the result after data identification is not credible.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data information transmission method, an electronic device, and a readable storage medium, which can ensure confidentiality of data in a data transmission process and improve validity of data identification.
In a first aspect, an embodiment of the present invention provides a data information transmission method, including:
responding to the received magnetic card feedback information, and sending a request for establishing a secure channel;
forwarding a bidirectional certificate authentication request sent by a verification terminal;
forwarding a gateway certificate sent by a gateway;
responding to the gateway certificate verification, and sending a request for acquiring a verification terminal certificate;
receiving a verification terminal certificate;
sending a request for generating a session key;
receiving a session key;
sending a verification terminal certificate and the session key;
forwarding gateway authentication end information sent by a gateway, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and forwarding the verification terminal authentication ending notice sent by the verification terminal.
Preferably, the method further comprises:
generating a card reading request;
sending the card reading request;
receiving a card reading request ciphertext generated according to the session key encryption;
and sending the card reading request ciphertext.
Preferably, the method further comprises:
forwarding a card reading instruction ciphertext sent by a gateway, wherein the card reading instruction ciphertext is generated by encrypting a card reading instruction according to the session key, and the card reading instruction is obtained according to the card reading request;
and forwarding a data information ciphertext sent by the verification terminal, wherein the data information ciphertext is generated by encrypting data information according to the session key, and the data information is obtained according to the card reading instruction.
In a second aspect, an embodiment of the present invention further provides a data information transmission method, including:
receiving a request for establishing a secure channel;
sending a bidirectional certificate authentication request according to the request for establishing the secure channel;
receiving a gateway certificate, wherein the gateway certificate is obtained according to the two-way certificate authentication request;
responding to the gateway certificate verification, and receiving a request for acquiring a verification terminal certificate;
sending a verification terminal certificate according to the request for obtaining the verification terminal certificate;
receiving a request for generating a session key;
generating and transmitting a session key;
receiving gateway authentication end information, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and generating and sending a verification terminal authentication end notice, wherein the verification terminal authentication end notice is generated according to the gateway authentication end notice.
Preferably, the method further comprises:
receiving a card reading request;
and generating and sending a card reading request ciphertext, wherein the card reading request ciphertext is generated by encrypting the card reading request according to the session key.
Preferably, the method further comprises:
receiving a card reading command ciphertext;
decrypting the card reading command ciphertext according to the session key;
sending a card reading command plaintext;
acquiring data information;
encrypting the data information according to the session key;
and transmitting the data information ciphertext.
In a third aspect, an embodiment of the present invention further provides a data information transmission method, including:
receiving a two-way certificate authentication request;
sending a gateway certificate according to the bidirectional certificate authentication request;
receiving a verification terminal certificate and a session key;
sending gateway authentication end information, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and receiving a verification terminal authentication end notification.
Preferably, the method further comprises:
receiving a card reading request ciphertext;
decrypting the card reading request ciphertext;
receiving a card reading instruction generated according to a card reading request plaintext;
encrypting the card reading instruction;
sending a card reading command ciphertext;
receiving a data information ciphertext;
decrypting the data information ciphertext;
and sending the plaintext of the data information.
In a fourth aspect, the present invention also provides an electronic device, including a memory and a processor, where the memory is configured to store one or more computer program instructions, where the one or more computer program instructions are executed by the processor to implement the method according to the first aspect, the second aspect, or the third aspect.
In a fifth aspect, the present invention also provides a computer-readable storage medium on which computer program instructions are stored, wherein the computer program instructions, when executed by a processor, implement the method according to the first, second or third aspect.
According to the embodiment of the invention, the two-way authentication of the verification terminal certificate and the gateway certificate is realized, and the safety data transmission channel between the verification terminal certificate and the gateway certificate is established, so that the data transmission safety in the process of identifying the internet remote data information can be effectively protected, and the problems of data information leakage, replacement, tampering and the like are prevented.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
fig. 1 is a flowchart of a data information transmission method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a data information transmission method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a data information transmission method according to a third embodiment of the present invention;
fig. 4 is a flowchart of a data information transmission method according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data information transmission system according to a fifth embodiment of the present invention;
fig. 6 is a schematic view of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Further, those of ordinary skill in the art will appreciate that the drawings provided herein are for illustrative purposes and are not necessarily drawn to scale.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
Fig. 1 is a flowchart of a data information transmission method according to a first embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
step S110, in response to receiving the magnetic card feedback information, sending a request for establishing a secure channel.
The user pastes the magnetic card on the verification terminal, and the verification terminal generates feedback information and sends the feedback information to the node so as to prompt that the node has a new magnetic card to perform data identification. The magnetic card can be a card with a chip, such as an identity card, a bank card, a social security card and the like. In this embodiment, the magnetic card is an identification card. The method for identifying the data in the identity card can be applied to security check of railway stations, bus stops and the like so as to improve travel safety records.
The node sends a request for establishing a secure channel to the verification terminal after receiving the magnetic card feedback information, so that a secure transmission channel can be formed between the verification terminal and the gateway, and the security of data information transmission is improved.
And step S120, forwarding the two-way certificate authentication request sent by the verification terminal.
And after receiving a request for establishing a secure channel sent by the node, the verification terminal sends a bidirectional certificate authentication request to the node. And the node forwards the received two-way certificate authentication request to the gateway so as to prompt the gateway to carry out two-way certificate authentication.
And step S130, forwarding the gateway certificate sent by the gateway.
In this embodiment, each verification terminal is preset with a CA root certificate and its own device certificate, i.e., a verification terminal certificate, and a gateway is preset with a CA root certificate and its own gateway certificate. After the gateway receives the two-way certificate authentication request, the gateway certificate of the gateway stored in the gateway is forwarded to the verification terminal initiating the authentication request through the node, and the authenticity of the received gateway certificate is verified through a CA root certificate in the verification terminal.
Step S140, responding to the gateway certificate passing verification, and sending a request for obtaining the verification terminal certificate.
And after the verification terminal verifies the gateway certificate, sending a verification result to the node. And when the verification result is that the gateway certificate passes verification, the node sends a request for obtaining the verification terminal certificate to the verification terminal so as to obtain the verification terminal certificate, and then the verification is carried out on the verification terminal through the gateway. And when the verification result is that the gateway certificate fails to be verified, stopping continuing the bidirectional certificate authentication, namely failing to establish the data transmission security channel.
And step S150, receiving the verification terminal certificate.
And the verification terminal sends the stored verification terminal certificate to the node according to the acquired verification terminal certificate request.
Step S160, sending a request for generating a session key.
After receiving the verification terminal certificate, the node sends a request for generating a session key to the verification terminal, so that the verification terminal can generate the session key for subsequent data transmission.
Step S170, receiving a session key.
And the verification terminal generates and stores the session key according to the session key generation request, and simultaneously sends the generated session key to the node so that the node can send the session key to the gateway.
And step S180, sending the verification terminal certificate and the session key.
After receiving the session key, the node sends the received session key and the verified terminal certificate received in step S150 to the gateway. After receiving the verification terminal certificate, the gateway can verify the authenticity of the verification terminal certificate according to the preset CA root certificate and return the verification result to the node. After receiving the session key, the gateway can realize the secure transmission of data with the verification terminal.
And step S190, forwarding the gateway authentication end information sent by the gateway.
And after the gateway completes the verification of the verification terminal certificate, sending gateway authentication end information to the node. In this embodiment, the gateway authentication end information includes a verification result of the verification terminal certificate and a gateway authentication end notification. The verification result can be sent to the node, and the gateway authentication end notification can also be sent to the node, so that the gateway can be prevented from repeatedly verifying the verification terminal certificate. And after receiving the gateway authentication ending information, the node forwards the gateway authentication ending information to the verification terminal so as to inform the verification terminal that the gateway verifies the certificate of the verification terminal.
And step S195, forwarding the verification terminal authentication end notice sent by the verification terminal.
And after receiving the gateway authentication ending information, the verification terminal generates a verification terminal authentication ending notice and sends the verification terminal authentication ending notice to the node. The node may forward the received verification terminal authentication completion notification to the gateway to prompt the gateway to verify the completion of the terminal authentication. At this time, the establishment of the secure channel for data transmission is completed, and data transmission can be performed.
In another optional implementation manner, after receiving the verification terminal certificate in step S150, the node may immediately send the verification terminal certificate to the gateway for authentication, and after receiving the verification terminal certificate, the gateway verifies whether the verification terminal certificate is true or false through the CA root certificate stored in the gateway, and returns the verification result of the verification terminal certificate and the notification of the end of gateway authentication to the node. And the node sends the verification result to the verification terminal after receiving the verification result, and the verification terminal generates a verification terminal authentication end notice according to the received verification terminal certificate verification result and the gateway authentication end notice and sends the verification terminal authentication end notice to the node. At this moment, the node sends a request for generating the session key to the verification terminal, and the verification terminal generates the session key according to the received request for generating the session key and then sends the session key to the gateway through the node, so that the verification terminal and the gateway have the same session key at the same time, and at this moment, the establishment of a secure channel for data transmission is completed, and data transmission can be carried out. When the verification terminal and the gateway perform data transmission, encryption and decryption can be performed through the session key so as to realize safe data transmission.
After the data transmission security channel between the verification terminal and the gateway is established, the node generates a card reading request and sends the generated card reading request to the verification terminal, and the verification terminal encrypts the received card reading request through the generated session secret key to generate a card reading request ciphertext, so that the card reading request is prevented from being replaced or tampered in the process of sending the card reading request to the cloud server. The verification terminal sends the card reading request ciphertext to the node, the node uploads the received card reading request ciphertext to the gateway, and the gateway decrypts the card reading request ciphertext according to the stored session key after receiving the card reading request ciphertext to generate a card reading request plaintext, so that the cloud server can directly read the card reading request when the gateway sends the card reading request to the cloud server. After reading the card reading request plaintext, the cloud server generates a card reading instruction according to the information of the card reading request plaintext and sends the card reading instruction to the gateway so as to read the information in the magnetic card. The gateway encrypts the received card reading instruction according to the session key to generate a card reading instruction ciphertext and sends the card reading instruction ciphertext to the verification terminal through the node, so that the situation that the card reading instruction is intercepted in the transmission process and then leaked secret to influence the verification terminal to read the information of the magnetic card can be avoided.
And after receiving the card reading command ciphertext, the verification terminal decrypts the card reading command ciphertext according to the generated session key to generate a card reading command plaintext, and sends the card reading command plaintext to the magnetic card to read and obtain data information in the magnetic card. And after reading the data information in the magnetic card, the verification terminal encrypts the read data information according to the generated session key to generate a data information ciphertext. And then sending the data information ciphertext to the gateway through the node. And the gateway decrypts the received data information ciphertext according to the session key and sends the data information ciphertext to the cloud server for identification. Because a plurality of data information exist in each magnetic card at the same time, and the data information read by the verification terminal each time is limited, when the cloud server identifies a certain data information of the magnetic card, a card reading instruction is generated again and sent to the gateway, the gateway encrypts the data information through the session key and sends the encrypted data information to the verification terminal to decrypt the encrypted data information, then other data information in the magnetic card is obtained again to be transmitted, and the generation of the card reading instruction is stopped until all data information in the magnetic card is transmitted, so that the reading is continued.
And after all data information in the magnetic card is transmitted, destroying the session secret key in the verification terminal and the gateway, and closing the security data transmission channel at this time. When a new magnetic card is attached to the verification terminal again, a new session secret key is established between the verification terminal and the gateway again to form a new safety data transmission channel for transmitting data information in the new magnetic card.
In this embodiment, the certificate in the verification terminal and the certificate in the gateway are subjected to mutual authentication, a session key for this data transmission is generated, and a secure data transmission channel is established. The verification terminal encrypts the transmitted data information through the session key and then sends the encrypted data information to the gateway, and the gateway decrypts the encrypted data information through the session key and then sends the decrypted data information to the cloud server for remote identification. According to the embodiment, the problems of leakage, replacement, tampering and the like of data information in the transmission process can be prevented through the secure data transmission channel.
Fig. 2 is a flowchart of a data information transmission method according to a second embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
step S210, receiving a request for establishing a secure channel.
The user pastes the magnetic card on the verification terminal, and the verification terminal generates feedback information and sends the feedback information to the node so as to prompt that the node has a new magnetic card to perform data identification. The magnetic card can be a card with a chip, such as an identity card, a bank card, a social security card and the like. In this embodiment, the magnetic card is an identification card. The method for identifying the data in the identity card can be applied to security check of railway stations, bus stops and the like so as to improve travel safety records.
After receiving the magnetic card feedback information, the node sends a request for establishing a secure channel to the verification terminal, so that a secure transmission channel can be formed between the verification terminal and the gateway, and the security of data information transmission is improved.
And step S220, sending a two-way certificate authentication request according to the request for establishing the secure channel.
After receiving a request for establishing a secure channel sent by a node, the verification terminal sends a two-way certificate authentication request to the node, so that the node forwards the received two-way certificate authentication request to the gateway, and the two-way certificate authentication of the verification terminal and the gateway is realized.
Step S230, receiving a gateway certificate.
In this embodiment, each verification terminal is preset with a CA root certificate and its own verification terminal certificate, and a gateway is preset with a CA root certificate and its own gateway certificate. And after receiving the two-way certificate authentication request, the gateway forwards the gateway certificate of the gateway to the verification terminal through the node for authentication. And after receiving the gateway certificate sent by the gateway, the verification terminal verifies the gateway certificate according to the preset CA root certificate.
Step S240, responding to the gateway certificate passing verification, and receiving a request for obtaining a certificate of the verification terminal.
And after the verification terminal verifies the gateway certificate, sending a verification result to the node. And when the verification result is that the gateway certificate passes verification, the node sends a request for obtaining the verification terminal certificate to the verification terminal so as to obtain the verification terminal certificate, and then the verification terminal certificate is forwarded to the gateway to be verified so as to realize bidirectional authentication. And when the verification result is that the gateway certificate fails to be verified, stopping continuing the bidirectional certificate authentication, namely failing to establish the data transmission security channel.
And step S250, sending the verification terminal certificate according to the request for obtaining the verification terminal certificate.
And after receiving the request for acquiring the certificate of the verification terminal, the verification terminal sends the self certificate of the verification terminal to the node.
Step S260, receiving a request for generating a session key.
After receiving the verification terminal certificate, the node sends a request for generating a session key to the verification terminal, so that the verification terminal can generate the session key for subsequent data transmission.
Step S270, generating and transmitting a session key.
And the verification terminal generates the session key of the data transmission according to the received session key generation request. And sending the generated session key to the node so that the node can forward the session key to the gateway. The data information may then be encrypted by the session key to enable secure transmission between the verification terminal and the gateway.
Step S280, receiving gateway authentication end information.
When the gateway receives the verification terminal certificate and the session key, the gateway verifies the received verification terminal certificate according to the CA root certificate of the gateway, and simultaneously sends a verification result of the verification terminal certificate and a notification of the completion of gateway authentication to the node. And the verification terminal receives the gateway authentication end information forwarded by the node. The gateway authentication end information is used for informing the verification terminal gateway that the verification terminal certificate of the gateway is authenticated.
Step S290 generates and transmits a verification terminal authentication end notification.
And the verification terminal generates a verification terminal authentication end notice according to the received gateway authentication end information and sends the verification terminal authentication end notice to the node, and the verification terminal is forwarded to the gateway through the node. And the verification terminal authentication ending notice is used for informing the gateway verification terminal that the gateway certificate authentication is finished.
In another optional implementation manner, after the verification terminal sends the verification terminal certificate to the node in step S250, the node may immediately send the verification terminal certificate to the gateway for authentication, and after receiving the verification terminal certificate, the gateway verifies whether the verification terminal certificate is true or false through the CA root certificate stored in the gateway itself, and returns the verification result of the verification terminal certificate and the notification of the end of gateway authentication to the node. And the node sends the verification result to the verification terminal after receiving the verification result, and the verification terminal generates a verification terminal authentication end notice according to the received verification terminal certificate verification result and the gateway authentication end notice and sends the verification terminal authentication end notice to the node. At this moment, the node sends a request for generating the session key to the verification terminal, and the verification terminal generates the session key according to the received request for generating the session key and then sends the session key to the gateway through the node, so that the verification terminal and the gateway have the same session key at the same time, and at this moment, the establishment of a secure channel for data transmission is completed, and data transmission can be carried out. When the verification terminal and the gateway perform data transmission, encryption and decryption can be performed through the session key so as to realize safe data transmission.
After the data transmission security channel between the verification terminal and the gateway is established, the node generates a card reading request and sends the generated card reading request to the verification terminal, and the verification terminal encrypts the received card reading request through the generated session secret key to generate a card reading request ciphertext, so that the card reading request is prevented from being replaced or tampered in the process of sending the card reading request to the cloud server. The verification terminal sends the card reading request ciphertext to the node, the node uploads the received card reading request ciphertext to the gateway, and the gateway decrypts the card reading request ciphertext according to the stored session key after receiving the card reading request ciphertext to generate a card reading request plaintext, so that the cloud server can directly read the card reading request when the gateway sends the card reading request to the cloud server. After reading the card reading request plaintext, the cloud server generates a card reading instruction according to the information of the card reading request plaintext and sends the card reading instruction to the gateway so as to read the information in the magnetic card. The gateway encrypts the received card reading instruction according to the session key to generate a card reading instruction ciphertext and sends the card reading instruction ciphertext to the verification terminal through the node, so that the situation that the card reading instruction is intercepted in the transmission process and then leaked secret to influence the verification terminal to read the information of the magnetic card can be avoided.
And after receiving the card reading command ciphertext, the verification terminal decrypts the card reading command ciphertext according to the generated session key to generate a card reading command plaintext, and sends the card reading command plaintext to the magnetic card to read and obtain data information in the magnetic card. And after reading the data information in the magnetic card, the verification terminal encrypts the read data information according to the generated session key to generate a data information ciphertext. And then sending the data information ciphertext to the gateway through the node. And the gateway decrypts the received data information ciphertext according to the session key and sends the data information ciphertext to the cloud server for identification. Because a plurality of data information exist in each magnetic card at the same time, and the data information read by the verification terminal each time is limited, when the cloud server identifies a certain data information of the magnetic card, a card reading instruction is generated again and sent to the gateway, the gateway encrypts the data information through the session key and sends the encrypted data information to the verification terminal to decrypt the encrypted data information, then other data information in the magnetic card is obtained again to be transmitted, and the generation of the card reading instruction is stopped until all data information in the magnetic card is transmitted, so that the reading is continued.
And after all data information in the magnetic card is transmitted, destroying the session secret key in the verification terminal and the gateway, and closing the security data transmission channel at this time. When a new magnetic card is attached to the verification terminal again, a new session secret key is established between the verification terminal and the gateway again to form a new safety data transmission channel for transmitting data information in the new magnetic card.
In this embodiment, the certificate in the verification terminal and the certificate in the gateway are subjected to mutual authentication, a session key for this data transmission is generated, and a secure data transmission channel is established. The verification terminal encrypts the transmitted data information through the session key and then sends the encrypted data information to the gateway, and the gateway decrypts the encrypted data information through the session key and then sends the decrypted data information to the cloud server for remote identification. According to the embodiment, the problems of leakage, replacement, tampering and the like of data information in the transmission process can be prevented through the secure data transmission channel.
Fig. 3 is a flowchart of a data information transmission method according to a third embodiment of the present invention. As shown in fig. 3, the method comprises the steps of:
step S310, receiving a two-way certificate authentication request.
And the gateway receives a bidirectional certificate authentication request forwarded by the verification terminal through the node. In this embodiment, the user attaches the magnetic card to the verification terminal, and the verification terminal generates feedback information and sends the feedback information to the node to prompt the node that a new magnetic card needs to perform data identification. After receiving the magnetic card feedback information, the node sends a request for establishing a secure channel to the verification terminal, and the verification terminal sends a bidirectional certificate authentication request to the gateway through the node according to the received request for establishing the secure channel, so that a secure transmission channel can be formed between the verification terminal and the gateway, and the security of data information transmission is improved.
The magnetic card can be a card with a chip, such as an identity card, a bank card, a social security card and the like. In this embodiment, the magnetic card is an identification card. The method for identifying the data in the identity card can be applied to security check of railway stations, bus stops and the like so as to improve travel safety records.
Step S320, sending a gateway certificate according to the two-way certificate authentication request.
After receiving the two-way certificate authentication request, the gateway sends the gateway certificate of the gateway to the node, so that the verification terminal authenticates the gateway certificate through the CA root certificate of the verification terminal after forwarding the gateway certificate to the verification terminal through the node.
And step S330, receiving the verification terminal certificate and the session key.
And the gateway receives the verification terminal certificate and the session key forwarded by the verification terminal through the node, and authenticates the verification terminal certificate according to the CA root certificate of the gateway.
And step S340, sending gateway authentication end information.
And after the gateway completes the authentication of the received verification terminal certificate, sending a verification result of the verification terminal certificate and a notification of the completion of the gateway authentication to the verification terminal through the node. The gateway authentication end notification is used for informing the verification terminal that the gateway has completed the authentication of the verification terminal certificate.
And step S350, receiving a verification terminal authentication end notice.
And after receiving the gateway authentication ending information, the verification terminal generates a verification terminal authentication ending notice and sends the verification terminal authentication ending notice to the gateway through the node for informing the gateway that the verification terminal completes the gateway certificate authentication. At this time, the establishment of the secure channel for data transmission is completed.
In another optional implementation manner, the gateway may forward, receive, and acquire the verification terminal certificate through the node after the verification terminal sends the verification terminal certificate to the node, and after receiving the verification terminal certificate, the gateway verifies whether the verification terminal certificate is true or false through the CA root certificate stored in the gateway itself, and returns the verification result of the verification terminal certificate and the notification of the end of gateway authentication to the node. And the node sends the verification result to the verification terminal after receiving the verification result, and the verification terminal generates a verification terminal authentication end notice according to the received verification terminal certificate verification result and the gateway authentication end notice and sends the verification terminal authentication end notice to the node. At this time, after the verification terminal and the gateway complete mutual authentication, the node sends a request for generating a session key to the verification terminal, and the verification terminal generates the session key according to the received request for generating the session key and then sends the session key to the gateway through the node. When the verification terminal and the gateway perform data transmission, encryption and decryption can be performed through the session key so as to realize safe data transmission.
After the data transmission security channel between the verification terminal and the gateway is established, the node generates a card reading request and sends the generated card reading request to the verification terminal, and the verification terminal encrypts the received card reading request through the generated session secret key to generate a card reading request ciphertext, so that the card reading request is prevented from being replaced or tampered in the process of sending the card reading request to the cloud server. The verification terminal sends the card reading request ciphertext to the node, the node uploads the received card reading request ciphertext to the gateway, and the gateway decrypts the card reading request ciphertext according to the stored session key after receiving the card reading request ciphertext to generate a card reading request plaintext, so that the cloud server can directly read the card reading request when the gateway sends the card reading request to the cloud server. After reading the card reading request plaintext, the cloud server generates a card reading instruction according to the information of the card reading request plaintext and sends the card reading instruction to the gateway so as to read the information in the magnetic card. The gateway encrypts the received card reading instruction according to the session key to generate a card reading instruction ciphertext and sends the card reading instruction ciphertext to the verification terminal through the node, so that the situation that the card reading instruction is intercepted in the transmission process and then leaked secret to influence the verification terminal to read the information of the magnetic card can be avoided.
And after receiving the card reading command ciphertext, the verification terminal decrypts the card reading command ciphertext according to the generated session key to generate a card reading command plaintext, and sends the card reading command plaintext to the magnetic card to read and obtain data information in the magnetic card. And after reading the data information in the magnetic card, the verification terminal encrypts the read data information according to the generated session key to generate a data information ciphertext. And then sending the data information ciphertext to the gateway through the node. And the gateway decrypts the received data information ciphertext according to the session key and sends the data information ciphertext to the cloud server for identification. Because a plurality of data information exist in each magnetic card at the same time, and the data information read by the verification terminal each time is limited, when the cloud server identifies a certain data information of the magnetic card, a card reading instruction is generated again and sent to the gateway, the gateway encrypts the data information through the session key and sends the encrypted data information to the verification terminal to decrypt the encrypted data information, then other data information in the magnetic card is obtained again to be transmitted, and the generation of the card reading instruction is stopped until all data information in the magnetic card is transmitted, so that the reading is continued.
And after all data information in the magnetic card is transmitted, destroying the session secret key in the verification terminal and the gateway, and closing the security data transmission channel at this time. When a new magnetic card is attached to the verification terminal again, a new session secret key is established between the verification terminal and the gateway again to form a new safety data transmission channel for transmitting data information in the new magnetic card.
In this embodiment, the certificate in the verification terminal and the certificate in the gateway are subjected to mutual authentication, a session key for this data transmission is generated, and a secure data transmission channel is established. The verification terminal encrypts the transmitted data information through the session key and then sends the encrypted data information to the gateway, and the gateway decrypts the encrypted data information through the session key and then sends the decrypted data information to the cloud server for remote identification. According to the embodiment, the problems of leakage, replacement, tampering and the like of data information in the transmission process can be prevented through the secure data transmission channel.
Fig. 4 is a flowchart of a data information transmission method according to a fourth embodiment of the present invention. As shown in fig. 4, the method comprises the steps of:
and step S1, responding to the received magnetic card feedback information, the node sends a request for establishing the secure channel to the verification terminal.
The user pastes the magnetic card on the verification terminal, and the verification terminal generates feedback information and sends the feedback information to the node so as to prompt that the node has a new magnetic card to perform data identification. The node sends a request for establishing a secure channel to the verification terminal after receiving the magnetic card feedback information, so that a secure transmission channel can be formed between the verification terminal and the gateway, and the security of data information transmission is improved.
The magnetic card can be a card with a chip, such as an identity card, a bank card, a social security card and the like. In this embodiment, the magnetic card is an identification card. The method for identifying the data in the identity card can be applied to security check of railway stations, bus stops and the like so as to improve travel safety records.
Step S2, the node receives the two-way certificate authentication request.
And the verification terminal sends a bidirectional certificate authentication request to the node according to the received request for establishing the secure channel.
Step S2', the node sends a two-way certificate authentication request.
And the node forwards the received two-way certificate authentication request to the gateway so as to prompt the gateway to carry out two-way certificate authentication.
Step S3, the node receives the gateway certificate.
In this embodiment, each verification terminal is preset with a CA root certificate and its own device certificate, i.e., a verification terminal certificate, and a gateway is preset with a CA root certificate and its own gateway certificate. And after receiving the two-way certificate authentication request, the gateway sends the gateway certificate stored in the gateway to the node.
Step S3', the node sends a gateway certificate.
The node forwards the received gateway certificate to the verification terminal which initiates the two-way certificate authentication request, so that the verification terminal can verify the authenticity of the received gateway certificate through a preset CA root certificate.
And step S4, the verification terminal sends a gateway certificate verification result.
And after verifying the authenticity of the gateway certificate, the verification terminal sends the verification result to the node.
And step S5, sending a request for acquiring the certificate of the verification terminal.
And when the verification result of the gateway certificate is that the verification is passed, the node sends a request for obtaining the verification terminal certificate to the verification terminal so as to obtain the verification terminal certificate, and then the verification is carried out on the verification terminal through the gateway. And when the verification result is that the gateway certificate fails to be verified, stopping continuing the bidirectional certificate authentication, namely failing to establish the data transmission security channel.
And step S6, the verification terminal sends a verification terminal certificate to the node.
The verification terminal sends the stored verification terminal certificate to the node according to the received request for acquiring the verification terminal certificate, so that the node can conveniently forward the verification terminal certificate to the gateway for authentication to finish bidirectional certificate authentication.
Step S7, the node sends a request for generating a session key to the verification terminal.
Step S8, the verification terminal generates and sends the session key.
The verification terminal generates a pair of session keys according to the received session key generation request, and simultaneously sends the generated session keys to the node, so that the node can send the session keys to the gateway. And in the later data information transmission process, encryption and encryption can be performed through the session key, so that the safe transmission of data is realized, and the confidentiality of data transmission is improved.
Step S9, the node sends the verification terminal certificate and the session key to the gateway.
After receiving the session key, the node sends the received session key and the verified terminal certificate received in step S6 to the gateway. After receiving the verification terminal certificate, the gateway can verify the authenticity of the verification terminal certificate according to the preset CA root certificate. After receiving the session key, the gateway can realize the secure transmission of data with the verification terminal.
Step S10, the node receives the gateway authentication end information.
And after the gateway completes the verification of the verification terminal certificate, sending gateway authentication end information to the node. In this embodiment, the gateway authentication end information includes a verification result of the verification terminal certificate and a gateway authentication end notification. The verification result can be sent to the node, and the gateway authentication end notification can also be sent to the node, so that the gateway can be prevented from repeatedly verifying the verification terminal certificate.
Step S10', the node sends gateway authentication end information.
And after receiving the gateway authentication ending information, the node forwards the gateway authentication ending information to the verification terminal so as to inform the verification terminal that the gateway verifies the certificate of the verification terminal.
In step S11, the node receives the verification terminal authentication completion notification.
And after receiving the gateway authentication ending information, the verification terminal generates a verification terminal authentication ending notice and sends the verification terminal authentication ending notice to the node.
In step S11', the node transmits a verification terminal authentication end notification.
The node may forward the received verification terminal authentication completion notification to the gateway to prompt the gateway to verify the completion of the terminal authentication. At this time, the establishment of the secure channel for data transmission is completed, and the secure transmission of data can be performed.
In another alternative implementation manner, the contents implemented in steps S7-S11 can be implemented according to the following operation procedures: after the verification terminal sends the verification terminal certificate to the node in step S6, the node may immediately send the verification terminal certificate to the gateway for authentication, and after receiving the verification terminal certificate, the gateway verifies whether the verification terminal certificate is true or false through the CA root certificate stored in the gateway itself, and returns the verification result of the verification terminal certificate and the notification of the end of gateway authentication to the node. And the node sends the verification result to the verification terminal after receiving the verification result, and the verification terminal generates a verification terminal authentication end notice according to the received verification terminal certificate verification result and the gateway authentication end notice and sends the verification terminal authentication end notice to the node. At this moment, the node sends a request for generating the session key to the verification terminal, and the verification terminal generates the session key according to the received request for generating the session key and then sends the session key to the gateway through the node, so that the verification terminal and the gateway have the same session key at the same time, and at this moment, the establishment of a secure channel for data transmission is completed, and data transmission can be carried out. When the verification terminal and the gateway perform data transmission, encryption and decryption can be performed through the session key so as to realize safe data transmission.
And step S12, the node generates a card reading request.
And when the data transmission safety channel between the verification terminal and the gateway is established, the node generates a card reading request.
Step S12', the node sends a card reading request.
And the node sends the generated card reading request to the verification terminal.
And step S13, the verification terminal encrypts the card reading request.
And after receiving the card reading request sent by the node, the verification terminal encrypts the received card reading request through the generated session key to generate a card reading request ciphertext.
And step S14, the node receives the card reading request ciphertext.
And after the verification terminal completes the encryption of the card reading request, sending the generated card reading request ciphertext to the node.
And step S14', the node sends the card reading request ciphertext.
After receiving the card reading request ciphertext, the node sends the card reading request ciphertext to the gateway, so that the card reading request ciphertext can be prevented from being replaced or tampered in the process of sending the card reading request to the cloud server, and the acquisition and transmission of subsequent data information are influenced.
And step S15, the gateway decrypts the card reading request ciphertext.
After receiving the card reading request ciphertext, the gateway decrypts the card reading request ciphertext according to the stored session key to generate a card reading request plaintext, so that when the gateway sends the card reading request to the cloud server, the cloud server can directly read the card reading request.
And step S16, the gateway sends a card reading request plaintext to the cloud server.
And step S17, the gateway receives the card reading instruction.
And the cloud server generates a corresponding card reading instruction according to the received card reading request plaintext and sends the card reading instruction to the gateway so as to send the reading instruction to the verification terminal to acquire the information attached to the magnetic card on the verification terminal.
And step S18, the gateway encrypts the card reading instruction.
And after receiving the card reading instruction, the gateway encrypts the card reading instruction according to the stored generated session key to generate a card reading instruction ciphertext.
And step S18', the gateway sends the card reading command ciphertext.
The node sends the received card reading instruction ciphertext to the verification terminal, so that the condition that the card reading instruction is intercepted in the transmission process and then leaked secret to influence the verification terminal to read the information of the magnetic card can be avoided.
And step S19, the verification terminal receives the card reading command ciphertext.
And after receiving the card reading command ciphertext, the node forwards the card reading command ciphertext to the verification terminal to complete the transmission of the card reading command.
And step S20, the verification terminal decrypts the card reading command ciphertext.
After receiving the card reading command ciphertext, the verification terminal decrypts the card reading command ciphertext according to the generated session key to generate a card reading command plaintext, so that the card reading command can be sent to the magnetic card and then data information in the magnetic card can be read and obtained.
And step S21, the verification terminal sends a card reading command plaintext.
The verification terminal sends the card reading command plaintext to the magnetic card, and the magnetic card can send the data information in the magnetic card to the verification terminal according to the received card reading command plaintext. In this embodiment, the magnetic card may be attached to the verification terminal device, or may be placed in a data communication range of the verification terminal.
And step S22, the verification terminal receives the data information.
And after receiving the card reading command plaintext, the magnetic card sends the corresponding data information in the magnetic card to the verification terminal according to the received card reading command plaintext so as to carry out data transmission and remote identification.
And step S23, verifying the encrypted data information of the terminal.
After the verification terminal reads the data information in the magnetic card, the read data information is encrypted according to the generated session key to generate a data information ciphertext, so that the data confidentiality can be improved during subsequent transmission.
And step S24, the node receives the data information ciphertext.
Step S24', the node sends the data information ciphertext.
And the verification terminal encrypts the data information and forwards the data information to the gateway through the node to finish the transmission of the data information.
And step S25, the gateway decrypts the data information ciphertext.
And after receiving the data information ciphertext forwarded by the node, the gateway decrypts the data information ciphertext according to the received session key to generate a data information plaintext.
And step S26, the gateway sends the data information plaintext.
And after the gateway finishes decrypting the data information ciphertext, sending the data information plaintext generated by decryption to the cloud server for identification.
Because a plurality of data information exist in each magnetic card at the same time, and the data information read by the verification terminal each time is limited, after the cloud server identifies a certain data information of the magnetic card, the process from step S17 to step S26 can be repeated for a plurality of times, that is, the card reading instruction is generated and sent to the gateway repeatedly, the gateway encrypts the data information through the session key and sends the encrypted data information to the verification terminal for decryption, then other data information in the magnetic card is acquired again for transmission, and until all data information in the magnetic card is transmitted, the generation of the card reading instruction is stopped, and the security channel of data transmission is closed.
And after all data information in the magnetic card is transmitted, destroying the session secret key in the verification terminal and the gateway, and closing the security data transmission channel at this time. When a new magnetic card is attached to the verification terminal again, a new session secret key is established between the verification terminal and the gateway again to form a new safety data transmission channel for transmitting data information in the new magnetic card.
In this embodiment, the certificate in the verification terminal and the certificate in the gateway are subjected to mutual authentication, a session key for this data transmission is generated, and a secure data transmission channel is established. The verification terminal encrypts the transmitted data information through the session key and then sends the encrypted data information to the gateway, and the gateway decrypts the encrypted data information through the session key and then sends the decrypted data information to the cloud server for remote identification. According to the embodiment, the problems of leakage, replacement, tampering and the like of data information in the transmission process can be prevented through the secure data transmission channel.
Fig. 5 is a schematic structural diagram of a data information transmission system according to a fifth embodiment of the present invention. As shown in fig. 5, the data information transmission system includes a verification terminal 51, a node 52, and a gateway 53. The verification terminal 51 is configured to receive a request for establishing a secure channel, send a bidirectional certificate authentication request according to the request for establishing the secure channel, receive a gateway certificate, respond to the gateway certificate verification passing, receive a request for obtaining a verification terminal certificate, send the verification terminal certificate according to the request for obtaining the verification terminal certificate, receive a request for generating a session key, generate and send a session key, receive gateway authentication end information, generate and send a verification terminal authentication end notification, where the gateway certificate is obtained according to the bidirectional certificate authentication request, the gateway authentication end information includes a verification terminal certificate verification result and a gateway authentication end notification, and the verification terminal authentication end notification is generated according to the gateway authentication end notification. The node 52 is configured to send a request for establishing a secure channel in response to receiving magnetic card feedback information, forward a bidirectional certificate authentication request sent by a verification terminal, forward a gateway certificate sent by a gateway, send a request for obtaining a verification terminal certificate in response to passing verification of the gateway certificate, receive the verification terminal certificate, send a request for generating a session key, receive the session key, send the verification terminal certificate and the session key, forward gateway authentication end information sent by the gateway, where the gateway authentication end information includes a verification result of the verification terminal certificate and a gateway authentication end notification, and forward the verification terminal authentication end notification sent by the verification terminal. The gateway 53 is configured to receive a bidirectional certificate authentication request, send a gateway certificate according to the bidirectional certificate authentication request, receive a verification terminal certificate and a session key, send gateway authentication end information, and receive a verification terminal authentication end notification, where the gateway authentication end information includes a verification result of the verification terminal certificate and a gateway authentication end notification.
In this embodiment, the verification terminal 51 is further configured to receive a card reading request, generate and send a card reading request ciphertext, receive a card reading instruction ciphertext, decrypt the card reading instruction ciphertext according to the session key to generate and send a card reading instruction plaintext, acquire data information, encrypt the data information according to the session key to generate and send a data information ciphertext, and encrypt the card reading request ciphertext according to the session key to generate the card reading request. The node 52 is further configured to generate and send a card reading request, receive a card reading request ciphertext generated according to the session key encryption, send the card reading request ciphertext, forward a card reading instruction ciphertext sent by the gateway, and forward a data information ciphertext sent by the verification terminal, where the card reading instruction ciphertext is generated according to the session key encryption card reading instruction, the card reading instruction is obtained according to the card reading request, the data information ciphertext is generated according to the session key encryption data information, and the data information is obtained according to the card reading instruction. The gateway 53 is further configured to receive and decrypt the card reading request ciphertext to generate a card reading request plaintext, receive a card reading instruction generated according to the card reading request plaintext, encrypt the card reading instruction to generate and send a card reading instruction ciphertext, receive and decrypt the data information ciphertext to generate a data information plaintext, and send the data information plaintext.
Fig. 6 is a schematic view of an electronic device according to a fifth embodiment of the present invention. The electronic device shown in fig. 6 is a general-purpose data processing apparatus comprising a general-purpose computer hardware structure including at least a processor 61 and a memory 62. The processor 61 and the memory 62 are connected by a bus 63. The memory 62 is adapted to store instructions or programs executable by the processor 61. The processor 61 may be a stand-alone microprocessor or a collection of one or more microprocessors. Thus, the processor 61 implements the processing of data and the control of other devices by executing instructions stored by the memory 62 to perform the method flows of embodiments of the present invention as described above. The bus 63 connects the above components together, and also connects the above components to a display controller 64 and a display device and an input/output (I/O) device 65. Input/output (I/O) devices 65 may be a mouse, keyboard, modem, network interface, touch input device, motion sensing input device, printer, and other devices known in the art. Typically, the input/output device 65 is connected to the system through an input/output (I/O) controller 66. Preferably, the electronic device of the present embodiment is a server.
Also, as will be appreciated by one skilled in the art, aspects of embodiments of the present invention may be embodied as a system, method or computer program product. Accordingly, various aspects of embodiments of the invention may take the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," module "or" system. Further, aspects of the invention may take the form of: a computer program product embodied in one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer-readable media may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to: electromagnetic, optical, or any suitable combination thereof. The computer readable signal medium may be any of the following computer readable media: is not a computer readable storage medium and may communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including AN object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages.
The flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention described above describe various aspects of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of data information transmission, comprising:
responding to the received magnetic card feedback information, and sending a request for establishing a secure channel;
forwarding a bidirectional certificate authentication request sent by a verification terminal;
forwarding a gateway certificate sent by a gateway;
responding to the gateway certificate verification, and sending a request for acquiring a verification terminal certificate;
receiving a verification terminal certificate;
sending a request for generating a session key;
receiving a session key;
sending a verification terminal certificate and the session key;
forwarding gateway authentication end information sent by a gateway, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and forwarding the verification terminal authentication ending notice sent by the verification terminal.
2. The method for transmitting data information according to claim 1, wherein the method further comprises:
generating a card reading request;
sending the card reading request;
receiving a card reading request ciphertext generated according to the session key encryption;
and sending the card reading request ciphertext.
3. The method of claim 2, wherein the method further comprises:
forwarding a card reading instruction ciphertext sent by a gateway, wherein the card reading instruction ciphertext is generated by encrypting a card reading instruction according to the session key, and the card reading instruction is obtained according to the card reading request;
and forwarding a data information ciphertext sent by the verification terminal, wherein the data information ciphertext is generated by encrypting data information according to the session key, and the data information is obtained according to the card reading instruction.
4. A method of data information transmission, comprising:
receiving a request for establishing a secure channel;
sending a bidirectional certificate authentication request according to the request for establishing the secure channel;
receiving a gateway certificate, wherein the gateway certificate is obtained according to the two-way certificate authentication request;
responding to the gateway certificate verification, and receiving a request for acquiring a verification terminal certificate;
sending a verification terminal certificate according to the request for obtaining the verification terminal certificate;
receiving a request for generating a session key;
generating and transmitting a session key;
receiving gateway authentication end information, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and generating and sending a verification terminal authentication end notice, wherein the verification terminal authentication end notice is generated according to the gateway authentication end notice.
5. The method of claim 4, wherein the method further comprises:
receiving a card reading request;
and generating and sending a card reading request ciphertext, wherein the card reading request ciphertext is generated by encrypting the card reading request according to the session key.
6. The method for transmitting data information according to claim 5, wherein the method further comprises:
receiving a card reading command ciphertext;
decrypting the card reading command ciphertext according to the session key;
sending a card reading command plaintext;
acquiring data information;
encrypting the data information according to the session key;
and transmitting the data information ciphertext.
7. A method of data information transmission, comprising:
receiving a two-way certificate authentication request;
sending a gateway certificate according to the bidirectional certificate authentication request;
receiving a verification terminal certificate and a session key;
sending gateway authentication end information, wherein the gateway authentication end information comprises a verification result of a verification terminal certificate and a gateway authentication end notification;
and receiving a verification terminal authentication end notification.
8. The method for transmitting data information according to claim 7, wherein the method further comprises:
receiving a card reading request ciphertext;
decrypting the card reading request ciphertext;
receiving a card reading instruction generated according to the card reading request plaintext;
encrypting the card reading instruction;
sending a card reading command ciphertext;
receiving a data information ciphertext;
decrypting the data information ciphertext;
and sending the plaintext of the data information.
9. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method of any of claims 1-8.
10. A computer-readable storage medium on which computer program instructions are stored, which, when executed by a processor, implement the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910098813.1A CN111510416A (en) | 2019-01-31 | 2019-01-31 | Data information transmission method, electronic device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910098813.1A CN111510416A (en) | 2019-01-31 | 2019-01-31 | Data information transmission method, electronic device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111510416A true CN111510416A (en) | 2020-08-07 |
Family
ID=71870842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910098813.1A Pending CN111510416A (en) | 2019-01-31 | 2019-01-31 | Data information transmission method, electronic device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111510416A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112102092A (en) * | 2020-11-12 | 2020-12-18 | 深圳市深圳通有限公司 | Transaction clearing method, transaction clearing device and readable storage medium of traffic card |
| CN112702733A (en) * | 2020-12-30 | 2021-04-23 | 飞天诚信科技股份有限公司 | Card reading terminal and working method thereof |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003152710A (en) * | 2001-11-14 | 2003-05-23 | Hitachi Ltd | Biologic information registration system for automobile |
| US20090103725A1 (en) * | 2007-10-18 | 2009-04-23 | Weiming Tang | System and method for secure communication in a retail environment |
| CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
| EP2874421A1 (en) * | 2013-11-13 | 2015-05-20 | Gemalto SA | System and method for securing communications between a card reader device and a remote server |
| WO2015171939A1 (en) * | 2014-05-08 | 2015-11-12 | Square, Inc. | Establishment of a secure session between a card reader and a mobile device |
| CN106027251A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Identity card reading terminal and cloud authentication platform data transmission method and system |
| CN106027473A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Identity card reading terminal and cloud authentication platform data transmission method and system |
| US20170064554A1 (en) * | 2014-04-25 | 2017-03-02 | Tendyron Corporation | Secure data interaction method and system |
-
2019
- 2019-01-31 CN CN201910098813.1A patent/CN111510416A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003152710A (en) * | 2001-11-14 | 2003-05-23 | Hitachi Ltd | Biologic information registration system for automobile |
| US20090103725A1 (en) * | 2007-10-18 | 2009-04-23 | Weiming Tang | System and method for secure communication in a retail environment |
| EP2874421A1 (en) * | 2013-11-13 | 2015-05-20 | Gemalto SA | System and method for securing communications between a card reader device and a remote server |
| CN105850098A (en) * | 2013-11-13 | 2016-08-10 | 金雅拓股份有限公司 | System and method for securing communications between card reader device and remote server |
| US20170064554A1 (en) * | 2014-04-25 | 2017-03-02 | Tendyron Corporation | Secure data interaction method and system |
| WO2015171939A1 (en) * | 2014-05-08 | 2015-11-12 | Square, Inc. | Establishment of a secure session between a card reader and a mobile device |
| CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
| CN106027251A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Identity card reading terminal and cloud authentication platform data transmission method and system |
| CN106027473A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Identity card reading terminal and cloud authentication platform data transmission method and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112102092A (en) * | 2020-11-12 | 2020-12-18 | 深圳市深圳通有限公司 | Transaction clearing method, transaction clearing device and readable storage medium of traffic card |
| CN112702733A (en) * | 2020-12-30 | 2021-04-23 | 飞天诚信科技股份有限公司 | Card reading terminal and working method thereof |
| CN112702733B (en) * | 2020-12-30 | 2022-10-04 | 飞天诚信科技股份有限公司 | Card reading terminal and working method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102328725B1 (en) | Method of using one device to unlock another device | |
| CN110519260B (en) | Information processing method and information processing device | |
| KR101666374B1 (en) | Method, apparatus and computer program for issuing user certificate and verifying user | |
| US9218473B2 (en) | Creation and authentication of biometric information | |
| JP6814147B2 (en) | Terminals, methods, non-volatile storage media | |
| JP6911122B2 (en) | Permission method and system to acquire terminal attack warning message log | |
| JP2004304751A5 (en) | ||
| KR20170042549A (en) | Method for the authentication of a first electronic entity by a second electronic entity, and electronic entity implementing such a method | |
| JP2015130633A (en) | authentication system | |
| CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
| CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
| CN103701757A (en) | Identity authentication method and system for service access | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN113242238A (en) | Secure communication method, device and system | |
| EP2215553A1 (en) | System and method for authenticating one-time virtual secret information | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| CN111510416A (en) | Data information transmission method, electronic device and readable storage medium | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| US11308190B2 (en) | Biometric template handling | |
| CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server | |
| JP2017108237A (en) | System, terminal device, control method and program | |
| CN112887983B (en) | Equipment identity authentication method, device, equipment and medium | |
| CN109740321B (en) | Method for revoking manager lock of encryption machine, encryption machine and manufacturer server | |
| CN116248280B (en) | Anti-theft method for security module without key issue, security module and device | |
| TWI633231B (en) | Smart lock and smart lock control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200807 |
|
| RJ01 | Rejection of invention patent application after publication |