CN111539040B - Safety intelligent card system and its cipher service method - Google Patents

Safety intelligent card system and its cipher service method Download PDF

Info

Publication number
CN111539040B
CN111539040B CN202010231055.9A CN202010231055A CN111539040B CN 111539040 B CN111539040 B CN 111539040B CN 202010231055 A CN202010231055 A CN 202010231055A CN 111539040 B CN111539040 B CN 111539040B
Authority
CN
China
Prior art keywords
controller
data packet
sector
upper computer
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010231055.9A
Other languages
Chinese (zh)
Other versions
CN111539040A (en
Inventor
彭金辉
王阳阳
雷宗华
张永安
马骥
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202010231055.9A priority Critical patent/CN111539040B/en
Publication of CN111539040A publication Critical patent/CN111539040A/en
Application granted granted Critical
Publication of CN111539040B publication Critical patent/CN111539040B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a safe intelligent card system and a password service method thereof, wherein the system comprises: the system comprises an interface module, a controller and a plurality of functional modules; the interface module is electrically connected with the controller and is used for providing a sector read-write interface for the upper computer so as to realize data interaction between the upper computer and the controller; the controller is used for providing sectors with different functions to receive data packets with different service requirements, each sector corresponds to a designated function module, and the controller adopts the sectors with different functions to distribute the data packets with different service requirements to the designated function module; the sectors with different functions are jointly appointed by the controller and the upper computer; the plurality of functional modules comprise a security chip and a soft password module, the security chip is electrically connected to the controller and used for providing hardware encryption and decryption services, and the soft password module is installed in the controller and used for providing software password services. The safe intelligent card system of the invention realizes the high-speed password service provided for the upper computer.

Description

Safety intelligent card system and its cipher service method
Technical Field
The invention relates to the technical field of intelligent cards and security, in particular to a secure intelligent card system and a password service method thereof.
Background
The smart card includes an SD card, a TF card, and the like. Taking an SD card as an example, the SD card is mainly used for storing data, and is widely used in portable devices. The conventional SD card mainly includes an interface module, a controller, and a storage module, the interface module is connected to the controller, the controller is connected to the storage module, and an upper computer sends a read-write command to the controller through the interface module, and the controller writes corresponding data into the storage module according to the write command and reads corresponding data from the storage module according to the read command.
The traditional SD card can only simply receive and store data written by an upper computer, the data in the storage module mostly exist in a plaintext mode, once the SD card is lost, the private data in the storage module can be acquired by other people, and the safe storage of the data by a user is not facilitated.
Meanwhile, with the great increase of the data volume of the information communication service, the safety of data information is ensured, and the data transmission delay caused by encryption or decryption processing is reduced as much as possible. Therefore, how to develop a hardware product for high-speed encryption and decryption becomes a current key technical problem.
Disclosure of Invention
Based on the above, there is a need for a secure smart card system and a cryptographic service method thereof to achieve security protection of user data.
A first aspect of the present invention provides a secure smartcard system, said system comprising: the system comprises an interface module, a controller and a plurality of functional modules;
the interface module is electrically connected with the controller and is used for providing a sector read-write interface for the upper computer so as to realize data interaction between the upper computer and the controller;
the controller is used for providing sectors with different functions to receive data packets with different service requirements, each sector corresponds to a designated functional module, and the controller adopts the sectors with different functions to distribute the data packets with different service requirements to the designated functional module; the sectors with different functions are formed by jointly appointing the controller and the upper computer;
the plurality of functional modules comprise a security chip and a soft password module, wherein the security chip is electrically connected with the controller and is used for providing hardware password service, and the soft password module is arranged in the controller and is used for providing software password service.
Further, the controller is provided with a first agent program and a second agent program; the sectors with different functions respectively comprise a first sector, a second sector and a third sector;
the first sector reads and writes an upgrading data packet to the security chip through the first agent program so as to realize firmware upgrading of the security chip;
the second sector reads and writes the encryption and decryption data packet to the security chip through a second agent program so that the security chip provides hardware password service;
and the third sector and the soft cipher module directly transmit the encryption and decryption data packet so that the soft cipher module provides software cipher service.
Further, the size of a single upgrading data packet read and written between the upper computer and the first agent program is preset to be 1KB, the size of the single upgrading data packet read and written between the first agent program and the security chip is N bytes, and N is smaller than or equal to 1024;
the sizes of the read-write single encryption and decryption data packets between the upper computer and the second agent program and between the second agent program and the security chip are integral multiples of 512 bytes;
the size of a single encryption and decryption data packet read and written between the upper computer and the soft password module is 2 KB.
Further, the system further comprises a storage module, wherein the storage module is electrically connected to the controller and used for storing the data ciphertext.
Furthermore, the security chip also has an authority control function, when a user reads and writes the security smart card system through an upper computer, the security chip verifies the identity of the user, and after the identity verification is successful, the upper computer is allowed to read and write the security smart card system.
Further, the secure chip supports a key agreement algorithm, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, a hash algorithm and a hash algorithm; the soft cipher module supports a symmetric cipher algorithm and a Hash cipher algorithm.
The second aspect of the present invention further provides a password service method, which is applied to the secure smart card system, where the method includes:
the upper computer writes a data packet to be processed into a corresponding sector in the controller through an interface module;
the corresponding sector transfers the data packet to be processed to the corresponding functional module;
carrying out password operation on the data packet to be processed by the corresponding functional module, and caching the processed data packet;
the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and reading the data packet processed by the corresponding functional module by the corresponding sector according to the reading request, and returning the data packet to the upper computer.
Further, the step of transferring the data packet to be processed to the corresponding functional module by the corresponding sector specifically includes:
the corresponding sector transmits the data packet to be processed to the agent program;
and the agent program transmits the data packet to be processed to the corresponding functional module.
Further, after the corresponding sector transfers the data packet to be processed to the corresponding functional module, the method further includes:
carrying out encryption operation on the data packet to be processed by the corresponding functional module to generate a data ciphertext, and returning the data ciphertext to the controller;
and the controller transmits the data ciphertext to a storage module for ciphertext storage.
Further, the method further comprises:
the upper computer writes an upgrading data packet into a corresponding sector in the controller through an interface module;
transmitting the upgrade data packet to the security chip by the corresponding sector;
the security chip receives the upgrade data packet and carries out firmware upgrade;
the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and reading the upgrading result of the security chip firmware by the corresponding sector according to the reading request, and returning the upgrading result to the upper computer.
The safe intelligent card system can realize encryption and decryption and signature processing of data and provide passwords for an upper computer. The safety intelligent card system is provided with a plurality of sectors through the controller so as to be in butt joint with data packets with different service requirements; compared with the traditional intelligent card, the invention does not need to carry out whole packet analysis on the data packet, can realize the labor division processing of the data packets with different service requirements only according to the sector number in the data packet, reduces the time consumption of analysis and improves the processing speed. In addition, the storage module of the safe intelligent card system can realize ciphertext storage of user data, and effectively prevents other people from illegally obtaining data information of the user, so that the safety of data storage is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 shows a block diagram of a secure smartcard system of the present invention;
fig. 2 shows a flow chart of a cryptographic service method based on a secure smart card system of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Fig. 1 shows a block diagram of a secure smartcard system of the present invention.
As shown in fig. 1, a first aspect of the present invention provides a secure smart card system, including: the system comprises an interface module, a controller and a plurality of functional modules;
the interface module is electrically connected with the controller and is used for providing a sector read-write interface for the upper computer so as to realize data interaction between the upper computer and the controller;
the controller is used for providing sectors with different functions to receive data packets with different service requirements, each sector corresponds to a designated functional module, and the controller adopts the sectors with different functions to distribute the data packets with different service requirements to the designated functional module; the sectors with different functions are formed by jointly appointing the controller and the upper computer;
the plurality of functional modules comprise a security chip and a soft password module, wherein the security chip is electrically connected with the controller and is used for providing hardware password service, and the soft password module is arranged in the controller and is used for providing software password service.
Specifically, the hardware cryptographic service includes signing, signature verification, encryption and decryption, random number generation and the like; the software cryptographic service comprises signature, signature verification, encryption and decryption and the like.
Specifically, the interface module may be an EMMC interface, an SD interface, a USB interface, or the like; the controller may be an EMMC controller, an SD controller, a USB controller, or the like.
Specifically, the smart card of the present invention may be an NM card, an SD card, a TF card, etc.; the upper computer of the invention can be a mobile phone, a PC, a PAD and the like.
It should be noted that the sectors in the controller are not actual hardware structures, and the sectors are named as sectors for convenience of understanding only. The sector of the invention can be analogized to a virtual channel, and the function of the sector is mainly to facilitate the efficient and rapid distribution of different data packets sent by an upper computer to a designated functional module.
Specifically, the controller and the upper computer subscribe a plurality of sectors in advance, each sector is numbered, if the upper computer needs to provide hardware password service for the security smart card system, the upper computer can package a specific sector number when writing data to the security smart card system, and therefore, after the controller receives a data packet with the sector number, the data packet can be distributed to the security chip for hardware encryption and decryption.
Further, the controller is provided with a first agent program and a second agent program; the sectors with different functions respectively comprise a first sector, a second sector and a third sector;
the first sector reads and writes an upgrading data packet to the security chip through the first agent program so as to realize firmware upgrading of the security chip;
the second sector reads and writes the encryption and decryption data packet to the security chip through a second agent program so that the security chip provides hardware password service;
and the third sector and the soft cipher module directly transmit the encryption and decryption data packet so that the soft cipher module provides software cipher service.
Specifically, the controller provides a sector read-write channel for the upper computer, and appoints 3 specific sectors aiming at three different functions of security chip firmware updating, security chip hardware encryption and decryption functions and software encryption and decryption operation, wherein the first sector is responsible for the firmware updating of the security chip; the second sector is responsible for providing the hardware encryption and decryption functions of the security chip; the third sector is responsible for providing software encryption and decryption operations.
Further, the size of a single upgrading data packet read and written between the upper computer and the first agent program is preset to be 1KB, the size of the single upgrading data packet read and written between the first agent program and the security chip is N bytes, and N is smaller than or equal to 1024;
the sizes of the read-write single encryption and decryption data packets between the upper computer and the second agent program and between the second agent program and the security chip are integral multiples of 512 bytes;
the size of a single encryption and decryption data packet read and written between the upper computer and the soft password module is 2 KB.
Specifically, according to Boot Loader Boot loading requirements, the size of a single upgrade data packet read and written between a first agent and the security chip is fixed to 536 bytes; but the size of the single upgrading data packet read and written between the first agent program and the upper computer is 1 KB. Therefore, when the first agent receives a 1KB upgrade data packet (the first 536 bytes are valid data and the last 488 bytes are complement data) written by the upper computer, the first 536 bytes of the data packet are taken and transmitted to the security chip. When the first agent program receives the 536-byte firmware upgrading check package fed back by the security chip, the check package is filled with enough 1KB and then returned to the upper computer.
Further, the first agent and the security chip adopt a standard SPI communication protocol; the second agent program and the safety chip adopt 6-wire SPI communication protocol. But is not limited thereto.
Further, the system further comprises a storage module, wherein the storage module is electrically connected to the controller and used for storing the data ciphertext.
It is understood that the memory module includes Nand Flash memory, Nor Flash memory, DRAM memory, EPROM memory, EEPROM memory, and the like. Preferably, the storage module may be a Nand Flash memory. But is not limited thereto.
Furthermore, the security chip also has an authority control function, when a user reads and writes the security smart card system through an upper computer, the security chip verifies the identity of the user, and after the identity verification is successful, the upper computer is allowed to read and write the security smart card system.
Specifically, the security chip is preset with first identity information, when a user reads and writes the security smart card system through an upper computer, the user is prompted to input second identity information, then the security chip compares whether the second identity information is matched with the first identity information, if the second identity information is matched with the first identity information, the upper computer is allowed to read and write the security smart card system, and if the second identity information is not matched with the first identity information, the upper computer is refused to read and write the security smart card system, so that illegal persons are effectively prevented from visiting the security smart card system by falsely names, and the security and the reliability of the security smart card system are further enhanced.
It should be noted that the identity information described in the present invention may be a password, or may also be biometric information, such as a fingerprint, a human face, an iris, and the like.
Further, the secure chip supports a key agreement algorithm, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, a hash algorithm and a hash algorithm; the soft cipher module supports a symmetric cipher algorithm and a Hash cipher algorithm.
Specifically, the symmetric cryptographic algorithm includes a DES algorithm, a 3DES algorithm, an AES algorithm, a cryptographic SM4 algorithm, and the like.
Fig. 2 shows a flow chart of a cryptographic service method based on a secure smart card system of the present invention.
As shown in fig. 2, a second aspect of the present invention provides a cryptographic service method, which is applied to the secure smart card system, and the method includes the following steps:
s201, writing a data packet to be processed into a corresponding sector in the controller by the upper computer through an interface module;
s202, the corresponding sector transfers the data packet to be processed to the corresponding functional module;
s203, the corresponding functional module performs cryptographic operation on the data packet to be processed, and caches the processed data packet;
s204, the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and S205, reading the data packet processed by the corresponding functional module by the corresponding sector according to the reading request, and returning the data packet to the upper computer.
According to an embodiment of the present invention, the corresponding functional module may be a security chip or a soft cryptographic module, and the corresponding sector is a second sector or a third sector. In practical application, the upper computer generates a data packet to be processed according to service requirements, encapsulates the data packet to be processed based on a sector number agreed with the controller in advance, transmits the encapsulated data packet to the interface module, analyzes the sector number after the interface module receives data, and finally distributes the data packet according to the sector number obtained by analysis. For example, when the sector number is 2, the packet may be assigned to the second sector, and when the sector number is 3, the packet may be assigned to the third sector.
The controller on the traditional smart card is not provided with sectors with different functions, and after the controller receives a data packet, the data packet can be accurately transmitted to the corresponding functional module only after being subjected to whole packet analysis, however, the speed of the whole packet analysis is slow, and the high-speed processing performance of the smart card is influenced. The controller and the upper computer of the invention have already agreed several sectors in advance, and each sector corresponds to the corresponding function module, the upper computer is while writing the data packet to the safe intelligent card system, capsulate the sector number at the same time, when the interface module receives the data packet with sector number, can analyze and get the sector number fast, and assign the data packet to the corresponding sector accurately according to the sector number. Therefore, the safe intelligent card system can improve the efficiency of the division processing of the data packets of different services and improve the processing performance.
Further, the step of transferring the data packet to be processed to the corresponding functional module by the corresponding sector specifically includes:
the corresponding sector transmits the data packet to be processed to the agent program;
and the agent program transmits the data packet to be processed to the corresponding functional module.
In a specific embodiment, when the upper computer writes the second sector, the controller only needs to transmit the data of the integer multiple of 512 bytes to the second agent, and the second agent completely transmits the data to the security chip. Similarly, when the upper computer reads the second sector, the second agent program reads the data of the integral multiple of 512 bytes from the security chip and returns the data to the controller, and the controller only needs to completely transmit the data returned by the second agent program to the upper computer.
In a specific embodiment, when the upper computer is in the third sector, the controller only needs to transmit the 2KB data to the soft cryptographic module. Similarly, when the upper computer reads the third sector, the controller only needs to transmit the 2KB data returned by the soft cryptographic module to the upper computer.
Further, after the corresponding sector transfers the data packet to be processed to the corresponding functional module, the method further includes:
carrying out encryption operation on the data packet to be processed by the corresponding functional module to generate a data ciphertext, and returning the data ciphertext to the controller;
and the controller transmits the data ciphertext to a storage module for ciphertext storage.
Further, when the upper computer needs to read the data of the storage module, the upper computer sends a reading request to the controller. And the controller reads the data ciphertext in the storage module according to the reading request, then calls a security chip or a soft password module to decrypt the data ciphertext to obtain a data plaintext, and finally returns the data plaintext to the upper computer.
According to an embodiment of the invention, the method further comprises the steps of:
the upper computer writes an upgrading data packet into a corresponding sector in the controller through an interface module;
transmitting the upgrade data packet to the security chip by the corresponding sector;
the security chip receives the upgrade data packet and carries out firmware upgrade;
the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and reading the upgrading result of the security chip firmware by the corresponding sector according to the reading request, and returning the upgrading result to the upper computer.
According to an embodiment of the present invention, the corresponding sector is a first sector. When the upper computer writes the first sector, the controller only needs to transmit the upgrade data to the first agent program, and the first agent program transmits the first 536 bytes of the upgrade data to the security chip. Similarly, when the upper computer reads the first sector, the first agent reads the 536-byte upgrade result from the security chip, fills 1KB enough and returns the upgrade result to the controller, and the controller only needs to transmit the 1KB data returned by the first agent to the host.
Further, before the upper computer writes a data packet to be processed into a corresponding sector in the controller through the interface module, the method further includes:
prompting a user to input identity information for verification through an upper computer;
and the security chip receives second identity information input by a user, compares the second identity information with pre-stored first identity information, and allows the upper computer to write a data packet to be processed into a corresponding sector in the controller through the interface module after the second identity information is successfully compared with the pre-stored first identity information.
Specifically, the identity information may be a password, biometric information, and the like, and the biometric information may be a face, a fingerprint, an iris, and the like.
The safe intelligent card system can realize encryption and decryption and signature processing of data and provide cryptographic service for an upper computer. The safety intelligent card system is provided with a plurality of sectors through the controller so as to be in butt joint with data packets with different service requirements; compared with the traditional intelligent card, the invention does not need to carry out whole packet analysis on the data packet, can realize the labor division processing of the data packets with different service requirements only according to the sector number in the data packet, reduces the time consumption of analysis and improves the processing speed. In addition, the storage module of the safe intelligent card system can realize ciphertext storage of user data, and effectively prevents other people from illegally obtaining data information of the user, so that the safety of data storage is improved.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A secure smartcard system, characterized in that the system comprises: the system comprises an interface module, a controller and a plurality of functional modules;
the interface module is electrically connected with the controller and is used for providing a sector read-write interface for the upper computer so as to realize data interaction between the upper computer and the controller;
the controller is used for providing sectors with different functions to receive data packets with different service requirements, each sector corresponds to a designated functional module, and the controller adopts the sectors with different functions to distribute the data packets with different service requirements to the designated functional module; the sectors with different functions are formed by jointly appointing the controller and the upper computer;
the plurality of functional modules comprise a security chip and a soft password module, wherein the security chip is electrically connected to the controller and is used for providing hardware password service, and the soft password module is arranged in the controller and is used for providing software password service; the upper computer generates a data packet to be processed according to the service requirement, encapsulates the data packet to be processed based on the sector number agreed with the controller in advance, transmits the encapsulated data packet to the interface module, analyzes the sector number after the interface module receives the data, and finally distributes the data packet according to the sector number obtained by analysis.
2. A secure smartcard system according to claim 1 wherein the controller is provided with a first agent and a second agent; the sectors with different functions respectively comprise a first sector, a second sector and a third sector;
the first sector reads and writes an upgrading data packet to the security chip through the first agent program so as to realize firmware upgrading of the security chip;
the second sector reads and writes the encryption and decryption data packet to the security chip through a second agent program so that the security chip provides hardware password service;
and the third sector and the soft cipher module directly transmit the encryption and decryption data packet so that the soft cipher module provides software cipher service.
3. A secure smartcard system according to claim 2,
the size of a single upgrading data packet read and written between the upper computer and the first agent program is preset to be 1KB, the size of the single upgrading data packet read and written between the first agent program and the security chip is N bytes, and N is smaller than or equal to 1024;
the sizes of the read-write single encryption and decryption data packets between the upper computer and the second agent program and between the second agent program and the security chip are integral multiples of 512 bytes; the size of a single encryption and decryption data packet read and written between the upper computer and the soft password module is 2 KB.
4. The secure smartcard system of claim 1, further comprising a storage module, the storage module being electrically connected to the controller for storing data cryptograms.
5. The smart card system of claim 1, wherein the security chip further has an authority control function, and when the user reads and writes the smart card system through the upper computer, the security chip verifies the identity of the user, and after the identity verification succeeds, the upper computer is allowed to read and write the smart card system.
6. A secure smart card system as claimed in claim 1, wherein said secure chip supports a key agreement algorithm, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, and a hash, hash cryptographic algorithm; the soft cipher module supports a symmetric cipher algorithm and a Hash cipher algorithm.
7. A cryptographic service method applied to the secure smart card system of any one of claims 1 to 6, the method comprising:
the upper computer writes a data packet to be processed into a corresponding sector in the controller through an interface module;
the corresponding sector transfers the data packet to be processed to the corresponding functional module;
carrying out password operation on the data packet to be processed by the corresponding functional module, and caching the processed data packet;
the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and reading the data packet processed by the corresponding functional module by the corresponding sector according to the reading request, and returning the data packet to the upper computer.
8. The cryptographic service method of claim 7, wherein the forwarding of the pending data packet to the corresponding functional module by the corresponding sector specifically includes:
the corresponding sector transmits the data packet to be processed to the agent program;
and the agent program transmits the data packet to be processed to the corresponding functional module.
9. The method of claim 7, wherein after the corresponding sector forwards the pending data packet to the corresponding functional module, the method further comprises:
carrying out encryption operation on the data packet to be processed by the corresponding functional module to generate a data ciphertext, and returning the data ciphertext to the controller;
and the controller transmits the data ciphertext to a storage module for ciphertext storage.
10. The cryptographic service method of claim 7, wherein the method further comprises:
the upper computer writes an upgrading data packet into a corresponding sector in the controller through an interface module;
transmitting the upgrade data packet to the security chip by the corresponding sector;
the security chip receives the upgrade data packet and carries out firmware upgrade;
the upper computer sends a reading request to a corresponding sector in the controller through the interface module;
and reading the upgrading result of the security chip firmware by the corresponding sector according to the reading request, and returning the upgrading result to the upper computer.
CN202010231055.9A 2020-03-27 2020-03-27 Safety intelligent card system and its cipher service method Active CN111539040B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010231055.9A CN111539040B (en) 2020-03-27 2020-03-27 Safety intelligent card system and its cipher service method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010231055.9A CN111539040B (en) 2020-03-27 2020-03-27 Safety intelligent card system and its cipher service method

Publications (2)

Publication Number Publication Date
CN111539040A CN111539040A (en) 2020-08-14
CN111539040B true CN111539040B (en) 2022-03-15

Family

ID=71976921

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010231055.9A Active CN111539040B (en) 2020-03-27 2020-03-27 Safety intelligent card system and its cipher service method

Country Status (1)

Country Link
CN (1) CN111539040B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112256411B (en) * 2020-10-15 2024-02-27 上海昀层信息技术有限公司 Intelligent password scheduling system and method
CN115988464B (en) * 2022-07-29 2023-10-20 荣耀终端有限公司 Method for copying smart card

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968774A (en) * 2010-10-21 2011-02-09 中国人民解放军61938部队 Device and method for storing mobile data safely
CN102289611A (en) * 2011-06-08 2011-12-21 郑州信大捷安信息技术股份有限公司 Secure smart cryptographic chip and automatic virtual communication file building method based on same
CN109447225A (en) * 2018-11-27 2019-03-08 公安部第研究所 A kind of high-speed secure encryption Micro SD card

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101872334A (en) * 2010-05-26 2010-10-27 北京飞天诚信科技有限公司 Compound type usb equipment and implementation method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968774A (en) * 2010-10-21 2011-02-09 中国人民解放军61938部队 Device and method for storing mobile data safely
CN102289611A (en) * 2011-06-08 2011-12-21 郑州信大捷安信息技术股份有限公司 Secure smart cryptographic chip and automatic virtual communication file building method based on same
CN109447225A (en) * 2018-11-27 2019-03-08 公安部第研究所 A kind of high-speed secure encryption Micro SD card

Also Published As

Publication number Publication date
CN111539040A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
KR102254256B1 (en) Anti-rollback version upgrade in secured memory chip
CN107533621B (en) Mobile payment device and method
US7350717B2 (en) High speed smart card with flash memory
US9413535B2 (en) Critical security parameter generation and exchange system and method for smart-card memory modules
US9294279B2 (en) User authentication system
US9264426B2 (en) System and method for authentication via a proximate device
US7650503B2 (en) Memory card
AU2011343474B2 (en) Local trusted services manager for a contactless smart card
CA2847942C (en) Writing application data to a secure element
CN109558340B (en) Secure solid-state disk encryption system and method based on trusted authentication
TWI524275B (en) Storage device and method of operating a storage device
CN101551784B (en) Method and device for encrypting data in ATA memory device with USB interface
EP3355231B1 (en) Mobile data storage device with access control functionality
US20130138972A1 (en) Protection of security parameters in storage devices
US20110314288A1 (en) Circuit, system, device and method of authenticating a communication session and encrypting data thereof
US20110314296A1 (en) Host Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme
CN111539040B (en) Safety intelligent card system and its cipher service method
EP2849111B1 (en) OTP generation on portable medium
JP2022527903A (en) Secure communication when accessing the network
JP2004139242A (en) Ic card, and system and method for issuing ic card
CN108875412B (en) inSE safety module
CN103699853A (en) Smart SD (secure digital memory card) and control system and control method thereof
JP6800732B2 (en) Processing system and terminal
CN111246480A (en) Application communication method, system, equipment and storage medium based on SIM card
CN110781472A (en) Fingerprint data storage and verification method, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A secure smart card system and its password service method

Granted publication date: 20220315

Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2024980007004