CN112491558A - Data writing method, system and storage medium of multi-application chip card - Google Patents
Data writing method, system and storage medium of multi-application chip card Download PDFInfo
- Publication number
- CN112491558A CN112491558A CN202011366591.6A CN202011366591A CN112491558A CN 112491558 A CN112491558 A CN 112491558A CN 202011366591 A CN202011366591 A CN 202011366591A CN 112491558 A CN112491558 A CN 112491558A
- Authority
- CN
- China
- Prior art keywords
- chip
- card
- application
- card issuing
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000012795 verification Methods 0.000 claims abstract description 11
- 239000006185 dispersion Substances 0.000 claims description 19
- 238000009434 installation Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/10009—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
- G06K7/10257—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
The application provides a data writing method, a data writing system and a storage medium of a multi-application chip card, and relates to the technical field of chips. The method comprises the following steps: initializing a file system of a chip prepared in advance by a card issuing center so as to write a plurality of applied file systems in the chip; installing a delivery secret key of each auxiliary application in a file system of each auxiliary application in a chip by a card issuing center; writing a chip authentication certificate into the chip by the card issuing center; after the verification of the chip authentication certificate in the chip card prepared based on the chip is passed by the card manufacturing center, installing the secret key of each auxiliary application in the file system of each auxiliary application according to the factory secret key of each auxiliary application; and after the chip authentication certificate in the chip card is verified by the card issuing center, writing the application data of the main application into the file system of the main application. Compared with the prior art, the problem that user data is possibly leaked due to insufficient safety control of the user data is avoided.
Description
Technical Field
The present application relates to the field of chip technologies, and in particular, to a data writing method, system, and storage medium for a multi-application chip card.
Background
With the rapid development of information technology, Integrated Circuit cards (IC cards, also called chip cards) have been widely used in various fields of life, including finance, education, transportation, social security, etc., such as bank finance transaction cards, highway toll cards, entrance cards, social security cards, bus cards, educational cards, etc. Different application fields and scenarios, and different methods of issuing chip cards.
In the issuing process, the smart IC card performs customized issuing according to application requirements, regulatory requirements, industry requirements and the like, for example, a bank financial transaction card, a highway toll card and the like. With the development of the industry, the requirement of multi-application support of the intelligent IC card is wider, but the card issuing mode of the chip card still adopts centralized card issuing. For example, social security cards include social security applications and financial applications, but the financial and social security data of a chip card is written at the card factory at the same time.
For the chip card supporting multiple applications, the writing mode transmits all application data to a card factory for manufacturing the chip card, so that the safety control of the application data has problems, and the leakage of user data may be caused.
Disclosure of Invention
The present application aims to provide a data writing method, a system and a storage medium for a multi-application chip card, so as to solve the problem that security control of user data in the prior art is problematic and may leak.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a data writing method for a multi-application chip card, which is applied to a multi-application card issuing system, where the multi-application card issuing system includes: a card issuing center and a card manufacturing center; the method comprises the following steps:
initializing a file system of a chip prepared in advance by the card issuing center so as to write a plurality of applied file systems in the chip; wherein the plurality of applications include: the card issuing center comprises a main application corresponding to the card issuing center and at least one auxiliary application;
installing a factory key of each auxiliary application in a file system of each auxiliary application in the chip by the card issuing center;
writing a chip authentication certificate into the chip by the card issuing center;
after the verification of the chip authentication certificate in the chip card prepared based on the chip is passed by the card manufacturing center, installing the key of each auxiliary application in the file system of each auxiliary application according to the factory key of each auxiliary application so as to update the factory key of each auxiliary application;
and after the chip authentication certificate in the chip card is verified, the card issuing center writes the application data of the main application into the file system of the main application.
Optionally, the initializing, by the card issuing center, a file system of a chip prepared in advance includes:
and after the card issuing center authenticates the factory key of the chip, initializing the file system of the chip.
Optionally, the installing, by the card issuing center, a factory key of each auxiliary application in a file system of each auxiliary application in the chip includes:
generating symmetric key data and ciphertext message authentication code data of the symmetric key by the card issuing center by adopting a cipher machine according to the dispersion factor of the chip; wherein the symmetric key comprises: a factory key for the at least one auxiliary application;
and the card issuing center installs the delivery secret key of each auxiliary application in the file system of each auxiliary application according to the ciphertext message authentication code data.
Optionally, the generating, by the card issuing center, symmetric key data according to the dispersion factor of the chip by using a cryptographic engine includes:
and generating the symmetric key data by the card issuing center by adopting the cipher machine according to the random number generated by the chip and the dispersion factor of the chip.
Optionally, the writing, by the card issuing center, a chip authentication certificate into the chip includes:
calculating first external authentication data by the card issuing center by adopting the cipher machine;
after the card issuing center passes the authentication based on the first external authentication data, obtaining a private key of the chip authentication certificate and the write-in authority of the certificate file;
and after the write-in authority of the certificate file is obtained, the chip authentication certificate is written into the chip card by the card issuing center.
Optionally, before installing the key of each secondary application in the file system of each secondary application, the method further includes:
calculating second external authentication data by the card manufacturing center by adopting a first security module;
obtaining the write-in authority of the card surface information file after the card manufacturing center passes the authentication based on the second external authentication data;
and after the write-in authority of the card surface information file is acquired, writing the card surface information file into the chip of the chip card by the card manufacturing center.
Optionally, before installing the key of each app in the file system of each app according to the factory key of each app, the method further includes:
calculating, by the card-making center, third external authentication data using the first security module;
after the factory key of each auxiliary application is authenticated by the card manufacturing center based on the third external authentication data, key installation permission is obtained; the key installation permission is permission for installing the key of each auxiliary application in the file system of each auxiliary application.
Optionally, the symmetric key further comprises: a symmetric key of the master application;
before writing the application data of the primary application into the file system of the primary application, the method further includes:
calculating fourth external authentication data by the card issuing center by adopting a second security module;
after the card issuing center passes the authentication of the symmetric key of the main application based on the fourth external authentication data, the card issuing center acquires the file read-write permission corresponding to the main application;
the file read-write permission comprises the following steps: a write permission of application data of the host application.
Optionally, the method further comprises:
calculating, by the card issuing center, fifth external authentication data using the second security module;
after the card issuing center passes authentication based on the fifth external authentication data, acquiring a personal certificate private key and the write-in authority of a certificate file;
and respectively writing the personal certificate corresponding to the chip card and the personal certificate private key into the chip card by the card issuing center based on the writing authority of the personal certificate private key and the certificate file.
In a second aspect, another embodiment of the present application provides a multi-application card issuing system, a card issuing center and a card manufacturing center, wherein:
the card issuing center is used for executing the method steps executed by any card issuing center in the method of the first aspect; the card-making center is adapted to perform the method steps performed by any of the above-described methods of the first aspect.
In a third aspect, another embodiment of the present application provides a storage medium having a computer program stored thereon, where the computer program is executed by a processor to perform the steps of the method according to any one of the above first aspects.
The beneficial effect of this application is: by adopting the data writing method of the multi-application chip card, the card issuing center writes the file system of the main application in the chip and also writes at least one file system of the auxiliary application, so that the chip card made by the chip can support a plurality of applications, the card issuing center installs the factory secret key of each auxiliary application in the file system of each auxiliary application in the chip and writes the chip authentication certificate, the card manufacturing center updates the factory secret key of each auxiliary application in the file system of each auxiliary application according to the factory secret key of each auxiliary application after the authentication certificate of each chip passes, and writes the application data of the main application in the file system of the main application after the authentication certificate of the chip passes through the card issuing center, and the setting mode ensures that the chip is in the transmission process of the card manufacturing center and the card issuing center, due to the updating of the authentication certificate and the factory-leaving secret keys of the auxiliary applications, the data security and the security in the chip transmission process are ensured, and the data security of a user is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of a multi-application card issuing system according to an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a data writing method for a multi-application chip card according to an embodiment of the present application;
FIG. 3 is a schematic flow chart illustrating a data writing method for a multi-application chip card according to another embodiment of the present application;
FIG. 4 is a schematic flow chart illustrating a data writing method for a multi-application chip card according to another embodiment of the present application;
FIG. 5 is a schematic flow chart illustrating a data writing method for a multi-application chip card according to another embodiment of the present application;
fig. 6 is a schematic flow chart of a data writing method of a multi-application chip card according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments.
The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
Additionally, the flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
Fig. 1 is a schematic structural diagram of a multi-application card issuing system according to an embodiment of the present application, where the multi-application card issuing system 100 is configured to execute the method described in any one of the following fig. 2 to fig. 6, and as shown in fig. 1, the multi-application card issuing system 100 includes: a card issuing center 110 and a card manufacturing center 120, wherein: the card issuing center 110 is configured to perform method steps performed by any of the following methods performed by the card issuing center 110; the card-making center 120 is configured to perform method steps performed by any of the methods described below with respect to the card-making center 120.
The card issuing center 110 may include, for example: a first processor, a first storage medium, and a first bus. The first processor is used for storing a program, and the first processor calls the program stored in the first storage medium to execute any one of the method embodiments executed by the card issuing center 110. The card-making center 120 may include, for example: a second processor, a second storage medium, and a second bus. The second processor is used for storing a program, and the second processor calls the program stored in the second storage medium to execute any one of the method embodiments executed by the card center 120. Specific implementation manners and technical effects refer to the following detailed descriptions of fig. 2 to fig. 6, which are not repeated herein.
The data writing method of the multi-application chip card provided by the embodiment of the application is explained below by combining a plurality of specific application examples. Fig. 2 is a schematic flowchart of a data writing method for a multi-application chip card according to an embodiment of the present application, and the method is applied to a multi-application card issuing system, where the multi-application card issuing system includes: a card issuing center and a card manufacturing center; as shown in fig. 2, the method includes:
s201: and initializing a file system of a pre-prepared chip by the card issuing center so as to write the file systems of a plurality of applications in the chip.
Wherein, the chip that prepares in advance is that the chip producer produced according to the requirement in advance, and a plurality of applications include: the card issuing center comprises a main application corresponding to the card issuing center and at least one auxiliary application. The card issuing center is the card issuing center corresponding to the main application.
For example, in one embodiment of the present application, the main application may be, for example: the secondary application may be, for example, a financial application, and the secondary application may further include a plurality of applications, for example, the applications may include a financial application, a public transportation application, and the like, it should be understood that the foregoing embodiments are merely illustrative, and the content included in the specific plurality of applications may be flexibly adjusted according to the user's needs, for example, the plurality of applications may also be: social security applications, highway toll applications, access control applications, and the like, which are not limited herein.
S202: and installing the factory key of each auxiliary application in the file system of each auxiliary application in the chip by the card issuing center.
S203: and writing the chip authentication certificate into the chip by the card issuing center.
For example, in an embodiment of the present application, the authentication certificate may be obtained and written into the chip after the card issuing center uses the cryptographic computer to calculate the external authentication data, for example.
S204: and after the verification of the chip authentication certificate in the chip card prepared based on the chip is passed by the card manufacturing center, installing the key of each auxiliary application in the file system of each auxiliary application according to the factory key of each auxiliary application.
In an embodiment of the present application, the card manufacturing center only determines several auxiliary applications corresponding to the current card manufacturing center as target auxiliary applications, and installs the key of each target auxiliary application in a file system of the target auxiliary applications according to the factory key of the target auxiliary applications, where the target auxiliary applications may be, for example, one or more or all of the auxiliary applications in each auxiliary application, and the number of specific target auxiliary applications may be flexibly adjusted according to user needs, which is not limited herein.
The verification of the chip authentication certificate in each chip card ensures the validity of each chip card in the issuing process of the chip card by installing the key of each auxiliary application, namely, the chip card which passes the verification of the chip authentication certificate has the validity.
By adopting the method to update the factory keys of the auxiliary applications, the keys of the auxiliary applications in each chip are different, so that the safety of the applications in each chip is improved, the safety of user data is further ensured, and the problem of safety of the chip applications caused by the fact that the same and fixed factory keys are used by the applications is solved.
S205: and after the chip authentication certificate in the chip card is verified by the card issuing center, writing the application data of the main application into the file system of the main application.
After the application data of the main application is written, the data writing of the chip card is completed, and the chip card with the data written can be sent to a corresponding user for use; still taking the main application as an example of the education application, the application data of the main application written into the file system of the main application at this time may be, for example, student information or teacher information, for example, information such as student's title written into a student card, qualification information of a teacher and responsible class information written into a teacher card, and the content included in the specific application data is flexibly adjusted according to the user's needs, and is not limited to the above embodiment.
The verification of the chip authentication certificate in the chip card is used for verifying the validity of the chip card, for example, the validity of the chip card may be described according to the type of each chip card when issuing the card, and still by taking education application as an example, at this time, the type of each chip card may be, for example, a student card, a teacher card, an education card, or the like, if it is detected that the type of a certain chip card is a traffic card, the chip card is illegal, that is, the verification of the chip authentication certificate is not passed, if the type of a certain chip card is a student card, the current chip card is legal, that is, the verification of the chip authentication certificate is passed, and the verification mode of the specific chip authentication certificate may be flexibly adjusted according to the needs of the user, and.
By adopting the data writing method of the multi-application chip card, the card issuing center writes the file system of the main application in the chip and also writes at least one file system of the auxiliary application, so that the chip card made by the chip can support a plurality of applications, the card issuing center installs the factory secret key of each auxiliary application in the file system of each auxiliary application in the chip and writes the chip authentication certificate, the card manufacturing center updates the factory secret key of each auxiliary application in the file system of each auxiliary application according to the factory secret key of each auxiliary application after the authentication certificate of each chip passes, and writes the application data of the main application in the file system of the main application after the authentication certificate of the chip passes through the card issuing center, and the setting mode ensures that the chip is in the transmission process of the card manufacturing center and the card issuing center, due to the updating of the authentication certificate and the factory-leaving secret keys of the auxiliary applications, the data security and the security in the chip transmission process are ensured, and the data security of a user is ensured.
Optionally, on the basis of the above embodiments, the embodiments of the present application may further provide a data writing method for a multi-application chip card, and an implementation process of the method is described as follows with reference to the accompanying drawings. Fig. 3 is a schematic flow chart of a data writing method for a multi-application chip card according to another embodiment of the present application, as shown in fig. 3, before S201, the method further includes:
s206: and authenticating the factory key of the chip by the card issuing center.
After the authentication is passed, the card issuing center initializes the file system of the chip.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a data writing method for a multi-application chip card, and an implementation process of installing a factory key of each auxiliary application in the foregoing method is described as follows with reference to the accompanying drawings. Fig. 4 is a schematic flow chart of a data writing method for a multi-application chip card according to another embodiment of the present application, and as shown in fig. 4, S202 may include:
s207: the card issuing center adopts a cipher machine to generate symmetric key data according to the dispersion factors of the chip and generate ciphertext message authentication code data of the symmetric key.
Wherein the symmetric key comprises: a factory key for the at least one secondary application.
Illustratively, in one embodiment of the present application, the symmetric key comprises: at least one factory secret key of the auxiliary application and an application secret key of the main application; the symmetric key may be generated, for example, by a card issuing center, by using a cryptographic engine, according to the random number generated by the chip and the dispersion factor of the chip, the symmetric key data is generated.
For example, the following steps are carried out: for example, the card issuing center may send an instruction to generate a random number to the chip, generate a random number 1, send an instruction to obtain a dispersion factor of the chip to the chip, obtain a dispersion factor 1, then use a crypto engine to perform key dispersion on the key 1, encrypt the dispersion factor 1 using the key 1 of the crypto engine, use the encryption result as a new key 2, encrypt the key 2 and the random number 1 using the key 3 by the crypto engine, generate ciphertext Message Authentication Code data (Mac) of the key 2, and send ciphertext Mac data to the chip, so that the chip installs a symmetric key according to the Mac data, that is, installs the key 2. The cipher text Mac data is used for encrypting the secret key 2, the chip checks the data according to the acquired Mac data after acquiring the Mac data, the integrity of the secret key 2 is checked, and the secret key 2 is installed after the check is passed.
The generation of the random number can be randomly generated according to a random number state register of the chip card, and the generated random number accords with the national password standard and is not influenced by the outside; the chip card generates a random number for MAC data verification, and the cipher machine generates MAC data by using the random number generated by the chip card; the installation of each key corresponds to one MAC check, and the random number is invalid after one MAC check (the installation of each key and the random number is generated again before the cipher computer calculates the cipher text MAC data); the specific symmetric key value is only influenced by the dispersion factor, the dispersion factor is generated by a certain rule by using a certain unique identity of the chip card, the dispersion factor of each chip is different, and the random number generated by each chip is different.
Since the random number and the dispersion factor of each chip are not necessarily the same, the symmetric key data corresponding to each chip may be different, and such a manner of generating the symmetric key data further improves the security of the data.
S208: and the card issuing center installs the delivery secret key of each auxiliary application in the file system of each auxiliary application according to the ciphertext message authentication code data.
For example, in some possible embodiments, the implementation manner of S103 may be, for example: calculating first external authentication data by a card issuing center by adopting a cipher machine; after the card issuing center passes authentication based on the first external authentication data, obtaining a private key of a chip authentication certificate and the write-in authority of a certificate file; and after the write-in authority of the certificate file is obtained, the card issuing center writes the chip authentication certificate into the chip card.
Optionally, on the basis of the above embodiments, the embodiments of the present application may further provide a data writing method for a multi-application chip card, and an implementation process of the method is described as follows with reference to the accompanying drawings. Fig. 5 is a schematic flow chart of a data writing method for a multi-application chip card according to another embodiment of the present application, as shown in fig. 5, before S204, the method further includes:
s209: and calculating the second external authentication data by the card manufacturing center by adopting the first security module.
S210: and obtaining the write-in authority of the card surface information file after the card manufacturing center passes the authentication based on the second external authentication data.
S211: and after the writing authority of the card surface information file is acquired, writing the card surface information file into a chip of the chip card by the card manufacturing center.
For example, in some possible embodiments, the card manufacturing center may further manufacture the chip into a chip card according to card surface information in the chip, and print the card surface information in the chip of the chip card on the surface of the chip card, where the card surface information may include, for example, number information of the chip card, appearance information of the chip card, and the like, and the content included in the specific card surface information may be flexibly adjusted according to a user requirement, and is not limited to the content provided in the foregoing embodiments.
Optionally, on the basis of the above embodiments, the embodiments of the present application may further provide a data writing method for a multi-application chip card, and an implementation process in the above method is described as follows with reference to the accompanying drawings. Fig. 6 is a schematic flow chart of a data writing method for a multi-application chip card according to another embodiment of the present application, as shown in fig. 6, before S204, the method further includes:
s212: and calculating third external authentication data by the card manufacturing center by adopting the first security module.
S213: and the card manufacturing center authenticates the factory-leaving secret key of each auxiliary application based on the third external authentication data, and then obtains the secret key installation authority.
And the key installation permission is the permission for installing the key of each auxiliary application in the file system of each auxiliary application.
Illustratively, in some possible embodiments, the symmetric key further comprises: a symmetric key of the master application; before S205, the method further includes: calculating fourth external authentication data by the card issuing center by adopting a second security module; after the card issuing center passes the authentication of the symmetric key of the main application based on the fourth external authentication data, the card issuing center acquires the file read-write permission corresponding to the main application; the file read-write permission comprises the following steps: write permission of application data of the host application.
Optionally, in some possible embodiments, the method further comprises: calculating fifth external authentication data by the card issuing center by adopting a second security module; after the card issuing center passes authentication based on the fifth external authentication data, acquiring a personal certificate private key and the write-in authority of a certificate file; and respectively writing the personal certificate corresponding to the chip card and the personal certificate private key into the chip card by the card issuing center based on the writing authority of the personal certificate private key and the certificate file.
For example, in an embodiment of the present application, the manner of calculating the external authentication data by using the security module may be, for example: the card making center sends an instruction for generating a random number to the chip to generate a random number 1, sends an instruction for acquiring a dispersion factor of the chip to acquire the dispersion factor 1, then uses the security module to disperse a key, the key 1 of the security module encrypts the dispersion factor 1 of the chip card, the result is used as a key 2, then the security module encrypts the random number 1 and the terminal random number 2 by using the key 2, calculates external authentication data, and sends an instruction for external authentication to the chip, so that the external authentication is completed; the external authentication can also be performed by the card issuing center by adopting a safety module, the authentication process is the same as that of the card manufacturing center, and the details are not repeated herein; the security module may be, for example, the first security module or the second security module mentioned in any of the embodiments, and the external authentication data may be, for example, the second external authentication data, the third external authentication data, the fourth external authentication data, or the fifth external authentication data mentioned in any of the embodiments.
The mode that the security module is required to assist in calculating the external authentication data ensures the application security of the chip and further improves the security of the chip.
By adopting the data writing method of the multi-application chip card, the chip authentication certificate is required to be verified before the application data of the main application is written into each chip card, so that the validity of each chip card is ensured, the chip card which passes the verification has the validity only, and then each safety module is required to be assisted to calculate external data in the card writing process, so that the application safety of each chip card is further ensured.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Optionally, the present application also provides a program product, such as a storage medium, on which a computer program is stored, including a program, which, when executed by a processor, performs embodiments corresponding to the above-described method.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to perform some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Claims (10)
1. A data writing method of a multi-application chip card is characterized in that the method is applied to a multi-application card issuing system, and the multi-application card issuing system comprises the following steps: a card issuing center and a card manufacturing center; the method comprises the following steps:
initializing a file system of a chip prepared in advance by the card issuing center so as to write a plurality of applied file systems in the chip; wherein the plurality of applications include: the card issuing center comprises a main application corresponding to the card issuing center and at least one auxiliary application;
installing a factory key of each auxiliary application in a file system of each auxiliary application in the chip by the card issuing center;
writing a chip authentication certificate into the chip by the card issuing center;
after the verification of the chip authentication certificate in the chip card prepared based on the chip is passed by the card manufacturing center, installing the key of each auxiliary application in the file system of each auxiliary application according to the factory key of each auxiliary application so as to update the factory key of each auxiliary application;
and after the chip authentication certificate in the chip card is verified, the card issuing center writes the application data of the main application into the file system of the main application.
2. The method of claim 1, wherein initializing, by the card issuer, a file system for a pre-prepared chip comprises:
and after the card issuing center authenticates the factory key of the chip, initializing the file system of the chip.
3. The method of claim 1, wherein installing, by the card issuer, a factory key for each secondary application in a file system of each secondary application in the chip comprises:
generating symmetric key data and ciphertext message authentication code data of the symmetric key by the card issuing center by adopting a cipher machine according to the dispersion factor of the chip; wherein the symmetric key comprises: a factory key for the at least one auxiliary application;
and the card issuing center installs the delivery secret key of each auxiliary application in the file system of each auxiliary application according to the ciphertext message authentication code data.
4. The method of claim 3, wherein generating, by the card issuing center, symmetric key data from the dispersion factor of the chip using a cryptographic engine, comprises:
and generating the symmetric key data by the card issuing center by adopting the cipher machine according to the random number generated by the chip and the dispersion factor of the chip.
5. The method of claim 3, wherein said writing, by said card issuer, a chip authentication certificate into said chip comprises:
calculating first external authentication data by the card issuing center by adopting the cipher machine;
after the card issuing center passes the authentication based on the first external authentication data, obtaining a private key of the chip authentication certificate and the write-in authority of the certificate file;
and after the write-in authority of the certificate file is obtained, the chip authentication certificate is written into the chip card by the card issuing center.
6. The method of claim 1, wherein prior to installing the key for each secondary application in the file system of each secondary application, the method further comprises:
calculating second external authentication data by the card manufacturing center by adopting a first security module;
obtaining the write-in authority of the card surface information file after the card manufacturing center passes the authentication based on the second external authentication data;
and after the write-in authority of the card surface information file is acquired, writing the card surface information file into the chip of the chip card by the card manufacturing center.
7. The method of claim 6, wherein prior to installing the key for each secondary application in the file system of each secondary application according to the factory key for each secondary application, the method further comprises:
calculating, by the card-making center, third external authentication data using the first security module;
after the factory key of each auxiliary application is authenticated by the card manufacturing center based on the third external authentication data, key installation permission is obtained; the key installation permission is permission for installing the key of each auxiliary application in the file system of each auxiliary application.
8. The method of claim 3, wherein the symmetric key further comprises: a symmetric key of the master application;
before writing the application data of the primary application into the file system of the primary application, the method further includes:
calculating fourth external authentication data by the card issuing center by adopting a second security module;
after the card issuing center passes the authentication of the symmetric key of the main application based on the fourth external authentication data, the card issuing center acquires the file read-write permission corresponding to the main application;
the file read-write permission comprises the following steps: a write permission of application data of the host application.
9. The method of claim 8, wherein the method further comprises:
calculating, by the card issuing center, fifth external authentication data using the second security module;
after the card issuing center passes authentication based on the fifth external authentication data, acquiring a personal certificate private key and the write-in authority of a certificate file;
and respectively writing the personal certificate corresponding to the chip card and the personal certificate private key into the chip card by the card issuing center based on the writing authority of the personal certificate private key and the certificate file.
10. A multi-application card issuing system, comprising: card issuing center and system card center, wherein:
-the card issuing centre is adapted to perform the method steps performed by the card issuing centre according to any of the preceding claims 1-9; the card-making center is adapted to perform the method steps performed by the card-making center of any of the preceding claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011366591.6A CN112491558A (en) | 2020-11-26 | 2020-11-26 | Data writing method, system and storage medium of multi-application chip card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011366591.6A CN112491558A (en) | 2020-11-26 | 2020-11-26 | Data writing method, system and storage medium of multi-application chip card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112491558A true CN112491558A (en) | 2021-03-12 |
Family
ID=74936799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011366591.6A Pending CN112491558A (en) | 2020-11-26 | 2020-11-26 | Data writing method, system and storage medium of multi-application chip card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112491558A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6308268B1 (en) * | 1997-08-21 | 2001-10-23 | Activcard | Portable electronic device for safe communication system, and method for initializing its parameters |
| WO2010051716A1 (en) * | 2008-11-10 | 2010-05-14 | 中兴通讯股份有限公司 | Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card |
| CN106603532A (en) * | 2016-12-16 | 2017-04-26 | 南方城墙信息安全科技有限公司 | Composite education finance card authentication method and system |
| CN107093078A (en) * | 2017-03-14 | 2017-08-25 | 南方城墙信息安全科技有限公司 | Chip card card sending system and method |
| CN108574572A (en) * | 2017-03-13 | 2018-09-25 | 杭州海康威视数字技术股份有限公司 | A kind of card washes the method and device of card distribution |
-
2020
- 2020-11-26 CN CN202011366591.6A patent/CN112491558A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6308268B1 (en) * | 1997-08-21 | 2001-10-23 | Activcard | Portable electronic device for safe communication system, and method for initializing its parameters |
| WO2010051716A1 (en) * | 2008-11-10 | 2010-05-14 | 中兴通讯股份有限公司 | Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card |
| CN106603532A (en) * | 2016-12-16 | 2017-04-26 | 南方城墙信息安全科技有限公司 | Composite education finance card authentication method and system |
| CN108574572A (en) * | 2017-03-13 | 2018-09-25 | 杭州海康威视数字技术股份有限公司 | A kind of card washes the method and device of card distribution |
| CN107093078A (en) * | 2017-03-14 | 2017-08-25 | 南方城墙信息安全科技有限公司 | Chip card card sending system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10891384B2 (en) | Blockchain transaction device and method | |
| CN108898389B (en) | Content verification method and device based on block chain and electronic equipment | |
| CN108111314B (en) | Method and equipment for generating and verifying digital certificate | |
| CN110046996B (en) | Data processing method and device | |
| ES2599985T3 (en) | Validation at any time for verification tokens | |
| CN110493039B (en) | Block chain-based equipment management method and equipment management system | |
| US7752445B2 (en) | System and method for authentication of a hardware token | |
| CN117579281A (en) | Method and system for ownership verification using blockchain | |
| US20160048460A1 (en) | Remote load and update card emulation support | |
| CN112491843B (en) | Database multiple authentication method, system, terminal and storage medium | |
| CN106067205B (en) | A kind of gate inhibition's method for authenticating and device | |
| CN113472720B (en) | Digital certificate key processing method, device, terminal equipment and storage medium | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN113704775B (en) | Service processing method and related device based on distributed digital identity | |
| CN111460525A (en) | Data processing method and device based on block chain and storage medium | |
| CN111770199A (en) | Information sharing method, device and equipment | |
| CN106953732A (en) | The key management system and method for chip card | |
| CN111092719A (en) | Label data refreshing method and system, payment method and system | |
| CN115633338A (en) | Data updating processing method of NFC label | |
| CN108540447A (en) | A kind of certification authentication method and system based on block chain | |
| CN110855441B (en) | Method, device and equipment for authenticating electronic identity and storage medium | |
| Ahmed et al. | A self-sovereign identity architecture based on blockchain and the utilization of customer’s banking cards: The case of bank scam calls prevention | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN105871840A (en) | Certificate management method and system | |
| CN112491558A (en) | Data writing method, system and storage medium of multi-application chip card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |
|
| RJ01 | Rejection of invention patent application after publication |