CN115102737B - ESAM remote issuing method and system for traffic all-purpose card - Google Patents

ESAM remote issuing method and system for traffic all-purpose card Download PDF

Info

Publication number
CN115102737B
CN115102737B CN202210676310.XA CN202210676310A CN115102737B CN 115102737 B CN115102737 B CN 115102737B CN 202210676310 A CN202210676310 A CN 202210676310A CN 115102737 B CN115102737 B CN 115102737B
Authority
CN
China
Prior art keywords
esam
key
remote issuing
card swiping
issuing server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210676310.XA
Other languages
Chinese (zh)
Other versions
CN115102737A (en
Inventor
张延铭
李岚
王孝广
李四洋
张宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Marine Communication Navigation Co
Original Assignee
Beijing Marine Communication Navigation Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Marine Communication Navigation Co filed Critical Beijing Marine Communication Navigation Co
Priority to CN202210676310.XA priority Critical patent/CN115102737B/en
Publication of CN115102737A publication Critical patent/CN115102737A/en
Application granted granted Critical
Publication of CN115102737B publication Critical patent/CN115102737B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an ESAM remote issuing method and system for a traffic all-purpose card, and relates to the field of passwords. The method comprises the following steps: the traffic card swiping terminal establishes communication connection with the ESAM remote issuing server; when ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created, and a shared secret key is generated; judging the data content which is required to be updated by the ESAM, generating an update instruction according to the data content, encrypting the update instruction through a shared key, and sending the encrypted update instruction to the ESAM; and after the ESAM updates the update instruction by using the shared secret key, the update of the corresponding data content is completed. The invention realizes the remote monitoring of the key, the certificate and the application of the traffic one-card, improves the convenience, the safety and the intellectualization of the traffic one-card terminal, can integrate the domestic cryptographic algorithm into the ESAM, is compatible with the international key algorithm, provides technical support for remote issuing and provides guarantee for the consumption safety of the traffic one-card.

Description

ESAM remote issuing method and system for traffic all-purpose card
Technical Field
The invention relates to the field of passwords, in particular to an ESAM remote issuing method and system for a traffic all-purpose card.
Background
At present, with the development of the national traffic all-purpose card interconnection project, the traffic all-purpose card forms a complete safety system, and the information safety of the processes of card making, recharging, consumption and the like is ensured. In the all-purpose traffic card consumption stage, a PSAM (Purchase Secure Access Module, terminal safety control module) based on an international algorithm is built in a vehicle-mounted consumption terminal or a subway gate to establish a safety strategy, so that the validity of the transaction is ensured.
However, the PSAM is used as an industry-level key security module for storing the traffic all-purpose card, and is connected in a manner of inserting a consumption terminal, so that the PSAM is easy to detach and has no physical security protection mechanism, the risk of key leakage or decoding exists, and in addition, the PSAM card does not have a remote monitoring operation function, and after a problem occurs, iteration or update cannot be quickly positioned.
Disclosure of Invention
The invention aims to solve the problems of poor flexibility and usability of a PSAM card, and provides an ESAM (Embedded Secure Access Module, embedded security module) remote issuing method and system for a traffic all-purpose card.
In a first aspect, there is provided a method for remotely issuing an ESAM for a one-card traffic service, including:
The traffic card swiping terminal establishes communication connection with an ESAM remote issuing server and reads ATR information of the ESAM, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information;
When the ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created through a key negotiation mode in a preset cryptographic algorithm, and a shared key is generated between the ESAM remote issuing server and the ESAM respectively;
The ESAM remote issuing server judges the data content which needs to be updated of the ESAM according to the ATR information, generates an update instruction according to the data content, encrypts the update instruction through the shared key and sends the update instruction to the ESAM;
and after the ESAM updates the update instruction by using the shared secret key, the update of the corresponding data content is completed.
In one possible implementation of the first aspect, the method further includes:
And when the traffic card swiping terminal receives that the information content of the update instruction sent by the ESAM remote issuing server is empty, sending an ending key negotiation instruction to the ESAM, clearing the shared key of the ESAM, and disconnecting the communication connection with the ESAM remote issuing server.
In one possible implementation manner of the first aspect, the traffic card swiping terminal establishes a communication connection with an ESAM remote issuing server, and reads ATR information of the ESAM, and the ESAM remote issuing server determines whether the ESAM needs to be updated according to the ATR information, which specifically includes:
the traffic card swiping terminal is powered on to reset the ESAM, and the ESAM returns ATR information to the traffic card swiping terminal;
The traffic card swiping terminal sends an application selection instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
The traffic card swiping terminal sends a request for selecting and reading a target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
The traffic card swiping terminal generates a personalized instruction message according to the ATR information and the target file;
The traffic card swiping terminal sends the personalized instruction message to the ESAM;
The ESAM encrypts the personalized instruction message by using a pre-agreed transmission key, and returns the encrypted first ciphertext to the traffic card swiping terminal;
The traffic card swiping terminal sends the first ciphertext to the ESAM remote issuing server;
And the ESAM remote issuing server calls an encryption machine to decrypt the first ciphertext, analyzes the personalized instruction message after decrypting, checks whether ATR information of the ESAM is in a database which needs to be updated, and judges whether the ESAM needs to be updated.
In one possible implementation manner of the first aspect, when the ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created through a key negotiation mode in a preset cryptographic algorithm, and a shared key is generated between the ESAM remote issuing server and the ESAM respectively, which specifically includes:
the ESAM remote issuing server sends a temporary public key R A calculated by an encryption machine to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the temporary public key R A to the ESAM;
The ESAM verifies whether the temporary public key R A meets a curve equation or not, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
The traffic card swiping terminal encrypts the ESAM by forming a message by the temporary public key R B and the temporary key check value S B, and sends a second ciphertext obtained by the ESAM encryption to the ESAM remote issuing server;
the ESAM remote issuing server calls the encryptor to decrypt the second ciphertext, and the encryptor returns the plaintext obtained by decryption to the ESAM remote issuing server;
The ESAM remote issuing server sends a temporary public key R B and a temporary key check value S B in the returned clear text to the encryptor;
The encryptor verifies the temporary public key R B and the temporary key verification value S B, and when verification passes, generates a shared key and returns the temporary key verification value S A to the ESAM remote issuing server;
the ESAM remote issuing server sends the temporary key check value S A to the ESAM through the traffic card swiping terminal;
and the ESAM verifies the temporary key verification value S A, and when the verification is passed, a success code is generated and returned to the ESAM remote issuing server through the traffic card swiping terminal, and a shared key is generated.
In one possible implementation manner of the first aspect, the ESAM remote issuing server determines, according to the ATR information, a data content that the ESAM needs to be updated, generates an update instruction according to the data content, encrypts the update instruction with the shared key, and sends the update instruction to the ESAM, and specifically includes:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using the shared key through an encryptor, generates a third ciphertext, and sends the third ciphertext to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the third ciphertext to the ESAM for decryption and sends the ESAM update file instruction obtained after decryption to the ESAM;
When the key is updated, the ESAM remote issuing server calls a key in an encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using a shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
When multiple applications are created, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all personalized instruction messages to an encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the personalized instruction messages obtained after decryption are personalized.
In a second aspect, there is provided an ESAM remote issuing system for a traffic one card, comprising: ESAM, traffic card terminal and ESAM remote issuing server, wherein:
the traffic card swiping terminal is used for establishing communication connection with the ESAM remote issuing server and reading ATR information of the ESAM, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information;
the ESAM is used for creating a secure channel between the ESAM remote issuing servers through a key negotiation mode in a preset cryptographic algorithm when updating is needed, and generating a shared key between the ESAM remote issuing servers and the ESAM respectively;
The ESAM remote issuing server is used for judging the data content which needs to be updated of the ESAM according to the ATR information, generating an update instruction according to the data content, encrypting the update instruction through the shared key and sending the encrypted update instruction to the ESAM;
The ESAM is also used for completing the updating of the corresponding data content after the updating instruction is updated by using the shared secret key.
In one possible implementation of the second aspect, the traffic card swiping terminal is further configured to send an end key negotiation instruction to the ESAM when the information content of the update instruction sent by the ESAM remote issuing server is received to be empty, clear the shared key of the ESAM, and disconnect the communication connection with the ESAM remote issuing server.
In one possible implementation of the second aspect, the traffic card swiping terminal is specifically configured to power on reset ESAM, and the ESAM returns ATR information to the traffic card swiping terminal;
the traffic card swiping terminal is also used for sending a selection application instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending a request for selecting and reading the target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
the traffic card swiping terminal is also used for generating a personalized instruction message according to the ATR information and the target file;
The traffic card swiping terminal is also used for sending the personalized instruction message to the ESAM;
The ESAM is also used for encrypting the personalized instruction message by using a pre-agreed transmission key and returning the encrypted first ciphertext to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending the first ciphertext to the ESAM remote issuing server;
the ESAM remote issuing server is also used for calling an encryption machine to decrypt the first ciphertext, analyzing the personalized instruction message after decrypting, checking whether ATR information of the ESAM is in a database which needs to be updated, and judging whether the ESAM needs to be updated.
In one possible implementation manner of the second aspect, the ESAM remote issuing server is specifically configured to send a temporary public key R A calculated by an encryptor to the traffic card swiping terminal in a message, where the traffic card swiping terminal sends the temporary public key R A to the ESAM;
The ESAM is also used for verifying whether the temporary public key R A meets a curve equation, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
the traffic card swiping terminal is further configured to encrypt the ESAM with a message composed of the temporary public key R B and the temporary key verification value S B, and send a second ciphertext obtained by encrypting the ESAM to the ESAM remote issuing server;
the ESAM remote issuing server is also used for calling the encryption machine to decrypt the second ciphertext, and the encryption machine returns the plaintext obtained by decryption to the ESAM remote issuing server;
the ESAM remote issuing server is further configured to send a temporary public key R B and a temporary key verification value S B in the returned plaintext to the encryptor;
the encryptor is further configured to verify the temporary public key R B and the temporary key verification value S B, and when verification passes, generate a shared key and return the temporary key verification value S A to the ESAM remote issuing server;
the ESAM remote issuing server is further used for sending the temporary key check value S A to the ESAM through the traffic card swiping terminal;
and the ESAM is also used for verifying the temporary key verification value S A, generating a success code and returning the success code to the ESAM remote issuing server through the traffic card swiping terminal when the verification is passed, and generating a shared key.
In one possible implementation of the second aspect, the ESAM is specifically configured to:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using the shared key through an encryptor, generates a third ciphertext, and sends the third ciphertext to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the third ciphertext to the ESAM for decryption and sends the ESAM update file instruction obtained after decryption to the ESAM;
When the key is updated, the ESAM remote issuing server calls a key in an encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using a shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
When multiple applications are created, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all personalized instruction messages to an encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the personalized instruction messages obtained after decryption are personalized.
The ESAM provided by the invention can be connected with the ESAM remote issuing server through the traffic card swiping terminals such as the bus-mounted consumption terminal or the subway gate, the remote issuing system encrypts related data such as the traffic one-card key and the update of the traffic one-card certificate through the security protection and the traffic one-card key negotiation mode, and transmits the encrypted data to the traffic card swiping terminal through a message mode, and the traffic card swiping terminal updates the ESAM and creates multiple applications through a command sending mode, so that the remote monitoring of the key, the certificate and the application of the traffic one-card is realized, the convenience, the security and the intelligence of the traffic card swiping terminal are improved, the domestic cryptographic algorithm can be fused into the ESAM, the international cryptographic key algorithm is compatible, the technical support is provided for remote issuing, and the security of the traffic one-card consumption is ensured.
Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a schematic flow chart of an ESAM remote issuing method according to the present invention;
FIG. 2 is a schematic flow chart of another embodiment of the ESAM remote issuing method according to the present invention;
FIG. 3 is a schematic illustration of an ESAM architecture provided by an embodiment of the ESAM remote issuing method of the present invention;
FIG. 4 is a block diagram of an ESAM remote distribution system according to an embodiment of the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the illustrated embodiments are provided for illustration only and are not intended to limit the scope of the present invention.
At present, the PSAM security module only supports a symmetric algorithm DES (Data Encryption Standard ) of an international key algorithm and an asymmetric algorithm RSA (short for asymmetric key algorithm proposed by Rivest, sharmir and Adleman), and the issuing process is to purchase a card to a key security laboratory for card making and then deliver the card to each public transport company for use. The PSAM has no communication module, the strategy of remote updating the PSAM is not supported technically, the PSAM supports multiple writing applications, but the PSAM needs to be written once during manufacturing, after the PSAM is used, if the application in the PSAM card needs to be updated, deleted and modified, only the new PSAM card can be updated, and the flexibility and the usability are poor. In addition, the key system based on the international cryptographic algorithm in the traffic all-purpose card field is difficult to realize quick iteration and update of PSAM keys once the keys are revealed or cracked, and transaction security risks of the traffic all-purpose card and stable operation of public transportation are easily caused.
With the frequent destruction of the international general cryptographic algorithm, the national cryptographic algorithm is mature gradually under the background that the security is widely questioned, and the security system based on the national cryptographic algorithm is established in the field of the all-purpose traffic cards, so that the system has the condition of practical application. The domestic cryptographic algorithm has certain advantages in terms of algorithm security and encryption strength. Firstly, the security aspect analysis of the domestic cryptographic algorithm is that the domestic cryptographic algorithm is independently researched and developed by a relevant institution of the national cryptographic research, the commercial cryptographic algorithm with relevant intellectual property rights and a series of cryptographic standards are formulated, and the security and the computational performance of the domestic cryptographic algorithm are superior to those of the international cryptographic algorithm, including a block cryptographic algorithm, an SM2 elliptic curve public key cryptographic algorithm, a cryptographic hash algorithm, a ancestral cryptographic algorithm and the like. With the gradual maturation, popularization and application of the domestic cryptographic algorithm, the domestic cryptographic algorithm has the capability of supporting the domestic cryptographic algorithm from a chip, a card, a bus-mounted consumer terminal or a subway gate and the like in the field of the traffic one-card, and the domestic cryptographic algorithm is far faster than the international algorithm in the processing speed of the traffic one-card private key and has higher encryption efficiency when the same calculation complexity is achieved.
Therefore, the invention provides the ESAM card based on the domestic cryptographic algorithm, the ESAM card is compatible with the international cryptographic algorithm when carrying out key calculation by adopting the domestic cryptographic algorithm, and the international cryptographic algorithm is used as an auxiliary material, so that the compatibility of the old card of the traffic one-card can be flexibly realized, the development of the traffic one-card of the domestic cryptographic algorithm can be realized, and the safety support is provided for the iterative updating of the traffic one-card.
In addition, the ESAM welding access technology physically improves the applicability and the anti-attack performance of the traffic all-purpose card security module environment, and is described below with reference to examples.
As shown in fig. 1, a flow chart provided for an embodiment of an ESAM remote issuing method of the present invention, where the ESAM remote issuing method includes:
S1, a traffic card swiping terminal is in communication connection with an ESAM remote issuing server, ATR information of the ESAM is read, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information;
It should be noted that, the traffic card swiping terminal may be a bus-mounted consumption terminal or a subway gate, and the connection between the traffic card swiping terminal and the ESAM remote issuing server may be established through Socket communication, after the connection is established, a key preset by ESAM may be used as a transmission key and a session key generated by using the transmission key, so as to encrypt the message body, so as to protect transmission security.
Alternatively, an exemplary session key generation scheme is given below: and the traffic card swiping terminal calls the ESAM to generate 16-byte random numbers, and then uses the transmission key to carry out encryption operation on the dispersion factor, and the result is the session key value. Before the traffic card swiping terminal initiates the personalized request, the random number is uploaded to generate a session key. After the session key is generated, the remote issuing system sets a timeout period, and after the timeout period, the current personalized process ends with failure. When the traffic card swiping terminal fails, the traffic card swiping terminal needs to negotiate a session key with the server again and initiate request personalization again.
S2, when the ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created through a key negotiation mode in a preset cryptographic algorithm, and a shared key is respectively generated between the ESAM remote issuing server and the ESAM;
It should be noted that, the shared key exists in the ESAM, and in the encryptor of the ESAM remote issuing server, respectively, the shared key is used for encrypting the key negotiation process, and the private key only known to the private key and the public key of the counterpart are agreed by using the respective private key and the public key of the counterpart, and is usually used in a symmetric cryptographic algorithm.
S3, the ESAM remote issuing server judges the data content which is required to be updated by the ESAM according to the ATR information, generates an update instruction according to the data content, encrypts the update instruction through a shared key and sends the update instruction to the ESAM;
It should be understood that the ESAM remote issuing server may query the database for the data content that needs to be updated by ATR information, create a corresponding personalized instruction script, and encrypt all update instructions by using the shared key generated by ESAM and the encryptor, so as to ensure the security of the data. After the encrypted data is returned to the traffic card swiping terminal through the ESAM remote issuing server, the encrypted data is decrypted by using the ESAM, and after the encrypted data is decrypted successfully, the traffic card swiping terminal issues an instruction to update the ESAM or create an application operation.
S4, after the ESAM updates the update instruction by using the shared secret key, the update of the corresponding data content is completed.
The ESAM provided by the embodiment can be connected with the ESAM remote issuing server through the bus-mounted consumption terminal or the traffic card swiping terminal such as the subway gate, the remote issuing system encrypts relevant data such as the traffic one-card key and the update of the traffic one-card certificate through the security protection and the traffic one-card key negotiation mode, the data is transmitted to the traffic card swiping terminal through the message mode, the traffic card swiping terminal updates the ESAM and creates multiple applications through the instruction sending mode, remote monitoring of the key, the certificate and the application of the traffic one-card is realized, the convenience, the safety and the intelligence of the traffic card swiping terminal are improved, the domestic cryptographic algorithm can be fused into the ESAM, the international cryptographic key algorithm is compatible, the technical support is provided for remote issuing, and the security of the traffic one-card consumption is guaranteed.
As shown in FIG. 2, another possible example is provided, and some alternative embodiments of the present invention are further described below in conjunction with FIG. 2.
Optionally, in some possible embodiments, the method further includes:
when the traffic card swiping terminal receives that the information content of the update instruction sent by the ESAM remote issuing server is empty, sending a key negotiation ending instruction to the ESAM, clearing the shared key of the ESAM, and disconnecting the communication connection with the ESAM remote issuing server.
Optionally, in some possible embodiments, the traffic card swiping terminal establishes a communication connection with an ESAM remote issuing server, reads ATR information of the ESAM, and the ESAM remote issuing server determines whether the ESAM needs to be updated according to the ATR information, which specifically includes:
the traffic card swiping terminal is powered on to reset the ESAM, and the ESAM returns ATR information to the traffic card swiping terminal;
The traffic card swiping terminal sends a selection application instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
The traffic card swiping terminal sends a request for selecting and reading the target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
It should be appreciated that the target file may be determined according to an architecture of the ESAM, for example, as shown in fig. 3, an exemplary architecture diagram is provided, where the file and the key may be configured as a card public information file, a terminal information file, a traffic interworking application, and the like, where the traffic interworking application may include an application public information file, a private key public key file, and the like, and then the target file may be a file containing ESAM card information, such as a card public information file, a terminal information file, and an application public information file.
The chip and the firmware layer realize the support of various international encryption and decryption algorithms and domestic cryptographic algorithms. The method comprises the design and realization of functions such as a hardware security module, an algorithm coprocessor, an algorithm interface and the like.
The COS layer internally realizes the calculation mode of the domestic cryptographic algorithm, adds the key negotiation realization in ESAM remote release, and customizes commands such as encryption and decryption of the domestic cryptographic algorithm, MAC calculation, transaction security authentication and the like, and comprises general calculation initialization (INIT FOR DESCRYPT), MAC1 calculation (INIT SAM FOR PURCHASE), verification MAC2 (CREDIT SAM FOR PURCHASE) and the like.
And a key planning layer is used for designing and adding a domestic password related key. And (3) agreeing each key identification, planning key file structures of the dual-algorithm PSAM and ESAM, and defining consumption key index numbers in application public information files so as to guide the floor implementation of schemes such as a follow-up key management system, a terminal transaction system and the like.
The traffic card swiping terminal generates a personalized instruction message according to the ATR information and the target file;
the traffic card swiping terminal sends the personalized instruction message to the ESAM;
The ESAM encrypts the personalized instruction message by using a pre-agreed transmission key, and returns the encrypted first ciphertext to the traffic card swiping terminal;
the traffic card swiping terminal sends the first ciphertext to the ESAM remote issuing server;
The ESAM remote issuing server calls the encryption machine to decrypt the first ciphertext, analyzes the personalized instruction message after decrypting, checks whether the ATR information of the ESAM is in a database which needs to be updated, and judges whether the ESAM needs to be updated.
Optionally, in some possible embodiments, when the ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created through a key negotiation mode in a preset cryptographic algorithm, and a shared key is generated between the ESAM remote issuing server and the ESAM respectively, which specifically includes:
the ESAM remote issuing server sends the temporary public key R A calculated by the encryption machine to the traffic card swiping terminal in the form of a message, and the traffic card swiping terminal sends the temporary public key R A to the ESAM;
ESAM verifies whether the temporary public key R A meets the curve equation, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
the traffic card swiping terminal encrypts an ESAM by forming a message by the temporary public key R B and the temporary key check value S B, and sends a second ciphertext obtained by ESAM encryption to an ESAM remote issuing server;
The ESAM remote issuing server calls an encryption machine to decrypt the second ciphertext, and the encryption machine returns a plaintext obtained by decryption to the ESAM remote issuing server;
the ESAM remote issuing server sends the returned temporary public key R B and the temporary key check value S B in the clear text to the encryptor;
The encryptor verifies the temporary public key R B and the temporary key verification value S B, and when verification passes, a shared key is generated and the temporary key verification value S A is returned to the ESAM remote issuing server;
The ESAM remote issuing server sends the temporary key check value S A to the ESAM through the traffic card swiping terminal;
The ESAM verifies the temporary key verification value S A, and when the verification is passed, a success code is generated and returned to the ESAM remote issuing server through the traffic card swiping terminal, and a shared key is generated.
Optionally, in some possible embodiments, the ESAM remote issuing server determines, according to ATR information, data content that the ESAM needs to be updated, generates an update instruction according to the data content, encrypts the update instruction by using a shared key, and sends the update instruction to the ESAM, and specifically includes:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using a shared key through an encryptor, generates a third ciphertext, sends the third ciphertext to the traffic card swiping terminal in a message form, sends the third ciphertext to the ESAM for decryption, and sends the ESAM update file instruction obtained after decryption to the ESAM;
It should be appreciated that after the instruction transmission is completed, the traffic swipe terminal may continue to request the personalized instruction message from the ESAM remote issuing server.
When the key is updated, the ESAM remote issuing server calls the key in the encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using the shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
It should be appreciated that after the instruction transmission is completed, the traffic swipe terminal may continue to request the personalized instruction message from the ESAM remote issuing server.
When the multi-application creation is carried out, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all the personalized instruction messages to the encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the decrypted personalized instruction messages are personalized.
It should be appreciated that personalization may include creating a master catalog, application, file, key file, and writing data and international and domestic cryptographic keys to the file.
It should be appreciated that after the instruction transmission is completed, the traffic swipe terminal may continue to request the personalized instruction message from the ESAM remote issuing server.
As shown in fig. 4, a structural framework diagram is provided for an ESAM remote issuing system embodiment of the present invention. The ESAM remote issuing system comprises: ESAM, traffic card terminal and ESAM remote issuing server, wherein:
The traffic card swiping terminal is used for establishing communication connection with the ESAM remote issuing server, reading ATR information of the ESAM, and judging whether the ESAM needs to be updated or not by the ESAM remote issuing server according to the ATR information;
The ESAM is used for creating a secure channel between ESAM remote issuing servers through a key negotiation mode in a preset cryptographic algorithm when updating is needed, and generating a shared key between the ESAM remote issuing servers and the ESAM respectively;
the ESAM remote issuing server is used for judging the data content which is required to be updated by the ESAM according to the ATR information, generating an update instruction according to the data content, encrypting the update instruction through a shared key and sending the update instruction to the ESAM;
The ESAM is further configured to complete updating of the corresponding data content after updating the update instruction using the shared key.
Optionally, the system further comprises an encryptor and a CA server, wherein the encryptor is used for encrypting and decrypting the message and the update request, and the CA server is used for EASM updating in the remote issuing process.
The ESAM card which is personalized and loaded with the domestic algorithm key and the international algorithm key can be loaded into a bus-mounted consumption terminal or a subway gate through a welding technology, socket and ESAM remote system are communicated by means of a 5G network, and the EASM remote issuing system can call an encryption machine and a CA server to acquire data, encrypt, decrypt and calculate check codes in a remote issuing stage.
The ESAM provided by the embodiment can be connected with the ESAM remote issuing server through the bus-mounted consumption terminal or the traffic card swiping terminal such as the subway gate, the remote issuing system encrypts relevant data such as the traffic one-card key and the update of the traffic one-card certificate through the security protection and the traffic one-card key negotiation mode, the data is transmitted to the traffic card swiping terminal through the message mode, the traffic card swiping terminal updates the ESAM and creates multiple applications through the instruction sending mode, remote monitoring of the key, the certificate and the application of the traffic one-card is realized, the convenience, the safety and the intelligence of the traffic card swiping terminal are improved, the domestic cryptographic algorithm can be fused into the ESAM, the international cryptographic key algorithm is compatible, the technical support is provided for remote issuing, and the security of the traffic one-card consumption is guaranteed.
Optionally, in some possible embodiments, the traffic card swiping terminal is further configured to send an end key negotiation instruction to the ESAM when the information content of the update instruction sent by the ESAM remote issuing server is received to be empty, clear the shared key of the ESAM, and disconnect the communication connection with the ESAM remote issuing server.
Optionally, in some possible embodiments, the traffic card swiping terminal is specifically configured to power on reset ESAM, which returns ATR information to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending a selection application instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
the traffic card swiping terminal is also used for sending a request for selecting and reading the target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
The traffic card swiping terminal is also used for generating a personalized instruction message according to the ATR information and the target file;
The traffic card swiping terminal is also used for sending the personalized instruction message to the ESAM;
The ESAM is also used for encrypting the personalized instruction message by using a pre-agreed transmission key, and returning the encrypted first ciphertext to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending the first ciphertext to the ESAM remote issuing server;
The ESAM remote issuing server is also used for calling the encryption machine to decrypt the first ciphertext, analyzing the personalized instruction message after decrypting, checking whether the ATR information of the ESAM is in a database which needs to be updated, and judging whether the ESAM needs to be updated.
Optionally, in some possible embodiments, the ESAM remote issuing server is specifically configured to send the temporary public key R A calculated by the encryptor to the traffic card swiping terminal in a message, and the traffic card swiping terminal sends the temporary public key R A to the ESAM;
The ESAM is also used for verifying whether the temporary public key R A meets the curve equation, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
The traffic card swiping terminal is also used for encrypting the ESAM by forming a message by the temporary public key R B and the temporary key check value S B, and transmitting a second ciphertext obtained by ESAM encryption to the ESAM remote issuing server;
The ESAM remote issuing server is also used for calling the encryption machine to decrypt the second ciphertext, and the encryption machine returns the plaintext obtained by decryption to the ESAM remote issuing server;
The ESAM remote issuing server is further configured to send the returned temporary public key R B and the temporary key verification value S B in the plaintext to the encryptor;
The encryptor is further used for verifying the temporary public key R B and the temporary key verification value S B, and when verification passes, generating a shared key and returning the temporary key verification value S A to the ESAM remote issuing server;
The ESAM remote issuing server is also used for sending the temporary key check value S A to the ESAM through the traffic card swiping terminal;
The ESAM is also used for verifying the temporary key verification value S A, generating a success code and returning the success code to the ESAM remote issuing server through the traffic card swiping terminal when the verification is passed, and generating a shared key.
Alternatively, in some possible embodiments, ESAM is specifically used to:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using a shared key through an encryptor, generates a third ciphertext, sends the third ciphertext to the traffic card swiping terminal in a message form, sends the third ciphertext to the ESAM for decryption, and sends the ESAM update file instruction obtained after decryption to the ESAM;
When the key is updated, the ESAM remote issuing server calls the key in the encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using the shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
when the multi-application creation is carried out, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all the personalized instruction messages to the encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the decrypted personalized instruction messages are personalized.
It should be understood that the foregoing embodiments are product embodiments corresponding to the previous method embodiments, and the description of the product embodiments may refer to the description of the previous method embodiments, and will not be repeated herein.
It is understood that any combination of the above embodiments can be made by a person skilled in the art without departing from the concept of the invention, and the combination is within the scope of the invention.
The reader will appreciate that in the description of this specification, a description of terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the method embodiments described above are merely illustrative, e.g., the division of steps is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple steps may be combined or integrated into another step, or some features may be omitted or not performed.
The above-described method, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RAM, randomAccessMemory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present invention is not limited to the above embodiments, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the present invention, and these modifications and substitutions are intended to be included in the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (8)

1. The ESAM remote issuing method for the traffic all-purpose card is characterized by comprising the following steps of:
The traffic card swiping terminal establishes communication connection with an ESAM remote issuing server and reads ATR information of the ESAM, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information;
When the ESAM needs to be updated, a secure channel between the ESAM remote issuing server and the ESAM is created through a key negotiation mode in a preset cryptographic algorithm, and a shared key is generated between the ESAM remote issuing server and the ESAM respectively;
The ESAM remote issuing server judges the data content which needs to be updated of the ESAM according to the ATR information, generates an update instruction according to the data content, encrypts the update instruction through the shared key and sends the update instruction to the ESAM;
after the ESAM updates the update instruction by using the shared secret key, the update of the corresponding data content is completed;
The traffic card swiping terminal establishes communication connection with an ESAM remote issuing server and reads ATR information of the ESAM, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information or not, and specifically comprises the following steps:
the traffic card swiping terminal is powered on to reset the ESAM, and the ESAM returns ATR information to the traffic card swiping terminal;
The traffic card swiping terminal sends an application selection instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
The traffic card swiping terminal sends a request for selecting and reading a target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
The traffic card swiping terminal generates a personalized instruction message according to the ATR information and the target file;
The traffic card swiping terminal sends the personalized instruction message to the ESAM;
The ESAM encrypts the personalized instruction message by using a pre-agreed transmission key, and returns the encrypted first ciphertext to the traffic card swiping terminal;
The traffic card swiping terminal sends the first ciphertext to the ESAM remote issuing server;
And the ESAM remote issuing server calls an encryption machine to decrypt the first ciphertext, analyzes the personalized instruction message after decrypting, checks whether ATR information of the ESAM is in a database which needs to be updated, and judges whether the ESAM needs to be updated.
2. The one-card-oriented ESAM remote issuing method of claim 1, further comprising:
And when the traffic card swiping terminal receives that the information content of the update instruction sent by the ESAM remote issuing server is empty, sending an ending key negotiation instruction to the ESAM, clearing the shared key of the ESAM, and disconnecting the communication connection with the ESAM remote issuing server.
3. The method for remotely issuing the ESAM to the one-card traffic-oriented ESAM according to claim 1, wherein when the ESAM needs to be updated, creating a secure channel between the ESAM remote issuing server and the ESAM through a key negotiation mode in a preset cryptographic algorithm, and generating a shared key between the ESAM remote issuing server and the ESAM respectively, specifically comprising:
the ESAM remote issuing server sends a temporary public key R A calculated by an encryption machine to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the temporary public key R A to the ESAM;
The ESAM verifies whether the temporary public key R A meets a curve equation or not, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
The traffic card swiping terminal encrypts the ESAM by forming a message by the temporary public key R B and the temporary key check value S B, and sends a second ciphertext obtained by the ESAM encryption to the ESAM remote issuing server;
the ESAM remote issuing server calls the encryptor to decrypt the second ciphertext, and the encryptor returns the plaintext obtained by decryption to the ESAM remote issuing server;
The ESAM remote issuing server sends a temporary public key R B and a temporary key check value S B in the returned clear text to the encryptor;
The encryptor verifies the temporary public key R B and the temporary key verification value S B, and when verification passes, generates a shared key and returns the temporary key verification value S A to the ESAM remote issuing server;
the ESAM remote issuing server sends the temporary key check value S A to the ESAM through the traffic card swiping terminal;
and the ESAM verifies the temporary key verification value S A, and when the verification is passed, a success code is generated and returned to the ESAM remote issuing server through the traffic card swiping terminal, and a shared key is generated.
4. A method for remotely issuing an ESAM to a one-card traffic-oriented ESAM according to any one of claims 1 to 3, wherein the ESAM remote issuing server determines, according to the ATR information, a data content that the ESAM needs to be updated, generates an update instruction according to the data content, encrypts the update instruction by using the shared key, and sends the update instruction to the ESAM, and specifically includes:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using the shared key through an encryptor, generates a third ciphertext, and sends the third ciphertext to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the third ciphertext to the ESAM for decryption and sends the ESAM update file instruction obtained after decryption to the ESAM;
When the key is updated, the ESAM remote issuing server calls a key in an encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using a shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
When multiple applications are created, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all personalized instruction messages to an encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the personalized instruction messages obtained after decryption are personalized.
5. An ESAM remote issuing system for a traffic one-card, comprising: ESAM, traffic card terminal and ESAM remote issuing server, wherein:
the traffic card swiping terminal is used for establishing communication connection with the ESAM remote issuing server and reading ATR information of the ESAM, and the ESAM remote issuing server judges whether the ESAM needs to be updated according to the ATR information;
the ESAM is used for creating a secure channel between the ESAM remote issuing servers through a key negotiation mode in a preset cryptographic algorithm when updating is needed, and generating a shared key between the ESAM remote issuing servers and the ESAM respectively;
The ESAM remote issuing server is used for judging the data content which needs to be updated of the ESAM according to the ATR information, generating an update instruction according to the data content, encrypting the update instruction through the shared key and sending the encrypted update instruction to the ESAM;
The ESAM is also used for completing the updating of the corresponding data content after the updating instruction is updated by using the shared secret key;
the traffic card swiping terminal is particularly used for powering on and resetting an ESAM, and the ESAM returns ATR information to the traffic card swiping terminal;
the traffic card swiping terminal is also used for sending a selection application instruction to the ESAM, and the ESAM returns a success code to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending a request for selecting and reading the target file to the ESAM, and the ESAM returns the target file to the traffic card swiping terminal;
the traffic card swiping terminal is also used for generating a personalized instruction message according to the ATR information and the target file;
The traffic card swiping terminal is also used for sending the personalized instruction message to the ESAM;
The ESAM is also used for encrypting the personalized instruction message by using a pre-agreed transmission key and returning the encrypted first ciphertext to the traffic card swiping terminal;
The traffic card swiping terminal is also used for sending the first ciphertext to the ESAM remote issuing server;
the ESAM remote issuing server is also used for calling an encryption machine to decrypt the first ciphertext, analyzing the personalized instruction message after decrypting, checking whether ATR information of the ESAM is in a database which needs to be updated, and judging whether the ESAM needs to be updated.
6. The system for remote issuing of ESAM according to claim 5, wherein said traffic swipe terminal is further configured to send an end key negotiation command to said ESAM when the information content of the update command sent by said ESAM remote issuing server is received to be empty, clear the shared key of said ESAM, and disconnect the communication connection with said ESAM remote issuing server.
7. The system for remotely issuing the ESAM facing the one-card traffic according to claim 5, wherein the ESAM remote issuing server is specifically configured to send a temporary public key R A calculated by an encryption machine to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the temporary public key R A to the ESAM;
The ESAM is also used for verifying whether the temporary public key R A meets a curve equation, and when the temporary public key R A meets the curve equation, a temporary public key R B and a temporary key check value S B are generated and sent to the traffic card swiping terminal;
the traffic card swiping terminal is further configured to encrypt the ESAM with a message composed of the temporary public key R B and the temporary key verification value S B, and send a second ciphertext obtained by encrypting the ESAM to the ESAM remote issuing server;
the ESAM remote issuing server is also used for calling the encryption machine to decrypt the second ciphertext, and the encryption machine returns the plaintext obtained by decryption to the ESAM remote issuing server;
the ESAM remote issuing server is further configured to send a temporary public key R B and a temporary key verification value S B in the returned plaintext to the encryptor;
the encryptor is further configured to verify the temporary public key R B and the temporary key verification value S B, and when verification passes, generate a shared key and return the temporary key verification value S A to the ESAM remote issuing server;
the ESAM remote issuing server is further used for sending the temporary key check value S A to the ESAM through the traffic card swiping terminal;
and the ESAM is also used for verifying the temporary key verification value S A, generating a success code and returning the success code to the ESAM remote issuing server through the traffic card swiping terminal when the verification is passed, and generating a shared key.
8. The one-card traffic-oriented ESAM remote issuing system according to any of claims 5 to 7, wherein said ESAM is specifically configured to:
When the certificate is updated, the ESAM remote issuing server applies the certificate to the CA server, generates an ESAM update file instruction after receiving the returned certificate information, encrypts the ESAM update file instruction by using the shared key through an encryptor, generates a third ciphertext, and sends the third ciphertext to the traffic card swiping terminal in a message form, and the traffic card swiping terminal sends the third ciphertext to the ESAM for decryption and sends the ESAM update file instruction obtained after decryption to the ESAM;
When the key is updated, the ESAM remote issuing server calls a key in an encryption machine and calculates a key updating instruction, the key updating instruction is encrypted by using a shared key, a fourth ciphertext is generated and is sent to the traffic card swiping terminal in a message form, the traffic card swiping terminal sends the fourth ciphertext to the ESAM for decryption, and the key updating instruction obtained after decryption is sent to the ESAM;
When multiple applications are created, the ESAM remote issuing server carries out external authentication on the ESAM, after the authentication is passed, the ESAM remote issuing server sends all personalized instruction messages to an encryption machine for encryption, a fifth ciphertext is generated and sent to the traffic card swiping terminal in a message mode, the traffic card swiping terminal sends the fifth ciphertext to the ESAM for decryption, and the personalized instruction messages obtained after decryption are personalized.
CN202210676310.XA 2022-06-15 2022-06-15 ESAM remote issuing method and system for traffic all-purpose card Active CN115102737B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210676310.XA CN115102737B (en) 2022-06-15 2022-06-15 ESAM remote issuing method and system for traffic all-purpose card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210676310.XA CN115102737B (en) 2022-06-15 2022-06-15 ESAM remote issuing method and system for traffic all-purpose card

Publications (2)

Publication Number Publication Date
CN115102737A CN115102737A (en) 2022-09-23
CN115102737B true CN115102737B (en) 2024-05-14

Family

ID=83290779

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210676310.XA Active CN115102737B (en) 2022-06-15 2022-06-15 ESAM remote issuing method and system for traffic all-purpose card

Country Status (1)

Country Link
CN (1) CN115102737B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012097489A1 (en) * 2011-01-19 2012-07-26 四川电力科学研究院 Intelligent electric meter centralized recharging terminal and control method thereof
CN103903026A (en) * 2012-12-29 2014-07-02 北京握奇数据系统有限公司 Method and system for interaction between card readers and smart cards in multiple applications of contactless smart cards
CN105160242A (en) * 2015-08-07 2015-12-16 北京亿速码数据处理有限责任公司 Certificate loading method and certificate updating method of card reader and card reader
WO2016198350A1 (en) * 2015-06-11 2016-12-15 Bundesdruckerei Gmbh Method for updating personalization data
CN106961326A (en) * 2016-12-22 2017-07-18 中国银联股份有限公司 POS terminal remote cipher key more new system and update method
CN107733647A (en) * 2017-12-08 2018-02-23 前海联大(深圳)技术有限公司 A kind of key updating method based on PKI security systems
CN109743176A (en) * 2018-12-28 2019-05-10 百富计算机技术(深圳)有限公司 A kind of certificate update method, server and the POS terminal of POS terminal
CN110119942A (en) * 2018-02-07 2019-08-13 上海复旦微电子集团股份有限公司 Bus IC card on-line transaction method and device, computer readable storage medium
CN111010277A (en) * 2019-12-27 2020-04-14 北京海泰方圆科技股份有限公司 Key exchange method, device, storage medium and computing device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012097489A1 (en) * 2011-01-19 2012-07-26 四川电力科学研究院 Intelligent electric meter centralized recharging terminal and control method thereof
CN103903026A (en) * 2012-12-29 2014-07-02 北京握奇数据系统有限公司 Method and system for interaction between card readers and smart cards in multiple applications of contactless smart cards
WO2016198350A1 (en) * 2015-06-11 2016-12-15 Bundesdruckerei Gmbh Method for updating personalization data
CN105160242A (en) * 2015-08-07 2015-12-16 北京亿速码数据处理有限责任公司 Certificate loading method and certificate updating method of card reader and card reader
CN106961326A (en) * 2016-12-22 2017-07-18 中国银联股份有限公司 POS terminal remote cipher key more new system and update method
CN107733647A (en) * 2017-12-08 2018-02-23 前海联大(深圳)技术有限公司 A kind of key updating method based on PKI security systems
CN110119942A (en) * 2018-02-07 2019-08-13 上海复旦微电子集团股份有限公司 Bus IC card on-line transaction method and device, computer readable storage medium
CN109743176A (en) * 2018-12-28 2019-05-10 百富计算机技术(深圳)有限公司 A kind of certificate update method, server and the POS terminal of POS terminal
CN111010277A (en) * 2019-12-27 2020-04-14 北京海泰方圆科技股份有限公司 Key exchange method, device, storage medium and computing device

Also Published As

Publication number Publication date
CN115102737A (en) 2022-09-23

Similar Documents

Publication Publication Date Title
KR100951142B1 (en) Methods, system and mobile device capable of enabling credit card personalization using a wireless network
CN101098225B (en) Safety data transmission method and paying method, paying terminal and paying server
CN1985466B (en) Method of delivering direct proof private keys in signed groups to devices using a distribution CD
CN101131756B (en) Security authentication system, device and method for electric cash charge of mobile paying device
EP0715242B1 (en) Method and system for digital information protection
TWI418198B (en) Method and system for personalizing smart cards using asymmetric key cryptography
CN108924147B (en) Communication terminal digital certificate issuing method, server and communication terminal
CN101019368B (en) Method of delivering direct proof private keys to devices using a distribution CD
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
CN105684346A (en) Method for securing over-the-air communication between a mobile application and a gateway
EP3345337A1 (en) Secure binding of software application to a communication device
AU2016228544A1 (en) Mutual authentication of software layers
CN104283687A (en) Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
CN102801730B (en) Information protection method and device for communication and portable devices
CN103914913B (en) A kind of application of IC cards scene recognition method and system
CN105160242A (en) Certificate loading method and certificate updating method of card reader and card reader
JP2004013748A (en) Autonomous ic card
CN114465726A (en) Digital wallet security framework system based on security unit and trusted execution environment
CN104835038A (en) Networking payment device and networking payment method
CN103138925B (en) Hair fastener method of operation, IC-card sheet and card-issuing equipment
US20210342819A1 (en) Contactless card with multiple rotating security keys
WO2024017256A1 (en) Vehicle communication method and terminal, and vehicle and computer-readable storage medium
CN115102737B (en) ESAM remote issuing method and system for traffic all-purpose card
CN108924822B (en) Card-contained secure communication method based on trusted environment and mobile terminal
KR20130082845A (en) Automatic teller machine for generating a master key and method employing the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant