CN116226942A - Permission verification method and device for IC card, card reading equipment and storage medium - Google Patents

Permission verification method and device for IC card, card reading equipment and storage medium Download PDF

Info

Publication number
CN116226942A
CN116226942A CN202310232687.0A CN202310232687A CN116226942A CN 116226942 A CN116226942 A CN 116226942A CN 202310232687 A CN202310232687 A CN 202310232687A CN 116226942 A CN116226942 A CN 116226942A
Authority
CN
China
Prior art keywords
card
sector
data
password
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310232687.0A
Other languages
Chinese (zh)
Inventor
邱雪雁
官轲
张亲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qinlin Science & Technology Co ltd
Original Assignee
Shenzhen Qinlin Science & Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qinlin Science & Technology Co ltd filed Critical Shenzhen Qinlin Science & Technology Co ltd
Priority to CN202310232687.0A priority Critical patent/CN116226942A/en
Publication of CN116226942A publication Critical patent/CN116226942A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the invention discloses an authority verification method and device of an IC card, card reading equipment and a storage medium. The method comprises the following steps: reading main control sector data of an IC card, and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector; verifying whether the first card reading password is correct, if so, calculating a second card reading password according to the sector password; verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to card reading equipment from the data sector; and verifying the authority of the IC card according to the target authority data. According to the technical scheme provided by the embodiment of the invention, the main control sector and the data sector are independently arranged, so that the authority data is stored for the second time, and the two encryption modes are different, thereby improving the difficulty of the IC card in violent cracking and improving the reliability and safety of the IC card.

Description

Permission verification method and device for IC card, card reading equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of IC card encryption, in particular to an authority verification method and device for an IC card, card reading equipment and a storage medium.
Background
The IC card can be generally used for controlling the opening and closing of the access control equipment, and if the access control equipment successfully verifies the authority of the IC card, the card swiping unlocking can be realized. But the IC card itself is easily copied, and may be illegally used by non-registered persons. Therefore, the encryption of the IC card is gradually started, but the traditional encryption method is too simple, generally adopts a one-card one-secret mode, adopts a mode of reinforcing a fixed key by a card number, is easy to crack by violence, and if an algorithm and the fixed key are leaked, all the IC cards in the whole project can be easily cracked, so that a large security hole exists in access control management, and the reliability and the safety are low.
Disclosure of Invention
The embodiment of the invention provides an authority verification method and device of an IC card, card reading equipment and a storage medium, which are used for solving the problem of low reliability and safety of the traditional encryption method.
In a first aspect, an embodiment of the present invention provides a method for verifying authority of an IC card, including:
reading main control sector data of an IC card, and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
verifying whether the first card reading password is correct, if so, calculating a second card reading password according to the sector password;
verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to card reading equipment from the data sector;
and verifying the authority of the IC card according to the target authority data.
Optionally, before the calculating the second read card password according to the sector password, the method further includes:
determining a sector number of a target data sector storing the target authority data in the IC card according to the authority identification of the card reading equipment;
acquiring a target sector password from the main control sector data according to the sector number;
correspondingly, the calculating the second read card password according to the sector password comprises the following steps:
calculating the second card reading password according to the target sector password;
correspondingly, the reading the target authority data corresponding to the card reading device from the data sector includes:
and reading the target authority data from the target data sector.
Optionally, the data sector is a plurality of;
correspondingly, the determining the sector number of the target data sector storing the target authority data in the IC card according to the authority identification of the card reading device comprises the following steps:
and carrying out modular redundancy on the number of the data sectors by the authority identification to obtain the sector number.
Optionally, before the obtaining the sector number by modulo the permission identifier on the number of the data sectors, the method further includes:
and processing the permission identification by using a preset confusion number.
Optionally, the sector password is calculated by a first encryption factor, and the first encryption factor includes a random password.
Optionally, the master sector data further includes a first check bit field;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
encrypting data except the first check bit field in the main control sector data by using a first preset encryption algorithm, and comparing by using the first check bit field;
and/or the number of the groups of groups,
the sector cipher includes a second check bit field;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
and encrypting data except the second check bit field in the sector password by using a second preset encryption algorithm, and comparing by using the second check bit field.
Optionally, the card information includes a card status and/or a card validity period;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
and verifying whether the IC card is valid or not according to the card state and/or the card validity period.
In a second aspect, an embodiment of the present invention further provides an apparatus for verifying authority of an IC card, where the apparatus includes:
the first card reading password calculation module is used for reading main control sector data of the IC card and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
the second card reading password calculation module is used for verifying whether the first card reading password is correct, and if so, calculating a second card reading password according to the sector password;
the target authority data reading module is used for verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to the card reading equipment from the data sector;
and the permission verification module is used for verifying the permission of the IC card according to the target permission data.
In a third aspect, an embodiment of the present invention further provides a card reading device, where the card reading device includes:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the authority verification method of the IC card provided by any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the authority verification method of an IC card provided by any embodiment of the present invention.
The embodiment of the invention provides an authority verification method of an IC card, which comprises the steps of firstly reading main control sector data of the IC card, calculating a first read card password according to card information in the main control sector data, if the first read card password passes verification, calculating a second read card password according to the sector password of a data sector in the main control sector data, if the second read card password passes verification, reading target authority data corresponding to read card equipment from the data sector, and then verifying the authority of the IC card according to the target authority data. According to the authority verification method for the IC card, provided by the embodiment of the invention, the main control sector and the data sector are independently arranged, so that the authority data is stored for the second time, and the two encryption modes are different, thereby improving the difficulty of the IC card in violent cracking and improving the reliability and safety of the IC card.
Drawings
Fig. 1 is a flowchart of a method for verifying authority of an IC card according to a first embodiment of the present invention;
fig. 2 is a schematic structural diagram of an authority verification device for an IC card according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a card reader according to a third embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Before discussing exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts steps as a sequential process, many of the steps may be implemented in parallel, concurrently, or with other steps. Furthermore, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example 1
Fig. 1 is a flowchart of a method for verifying authority of an IC card according to a first embodiment of the present invention. The embodiment is applicable to the situation that the authority of the IC card is verified when the access control equipment is opened by using the IC card for swiping, the method can be executed by the authority verification device of the IC card provided by the embodiment of the invention, and the device can be realized by hardware and/or software and can be generally integrated in the card reading equipment (such as the access control equipment). As shown in fig. 1, the method specifically comprises the following steps:
s11, reading main control sector data of an IC card, and calculating a first card reading password according to card information in the main control sector data; the master sector data also includes a sector code for the data sector.
Specifically, there are generally 16 sectors in an IC card for storing data, and 17 sectors in a part of the IC card. One of the sectors can be used as a main control sector, one or more of the sectors can be used as data sectors, and particularly, the 17 th sector can be used as the main control sector by the IC card comprising 17 sectors, and the security of the authority data can be further improved because the general card reading equipment cannot recognize the data. The main control sector can be used for storing card information, encryption configuration information, sector passwords of the data sector and the like, and the data sector can be used for storing authority data corresponding to the card reading device. Further, the card information may include a card number, a card status, a card expiration date, and the like. The encryption configuration information can include encryption mode, version information, data confusion mode, data sector starting and the like, so that more encryption modes can be selected, and seamless adaptation can be performed after the card reading equipment is upgraded. The sector passwords can be obtained through calculation through an encryption algorithm according to a first encryption factor, and the IC card is written into through card writing equipment, and optionally, the first encryption factor comprises a random password which can be randomly generated again when each sector password is generated, so that dynamic encryption of the data sector can be realized, and the passwords of each sector of each card are ensured to be different, thereby further improving the cracking difficulty. Further, the first encryption factor may further include one or more of an IC card number, a fixed key/salt, a device private key, a sector number, and an item private key, so that due to the existence of the random password, even if these additional encryption factors are even in the case of leakage of the used encryption algorithm, the sector password of each data sector may still be calculated and deduced, and for each IC card of the whole item, it is necessary to perform brute force cracking and data writing on all data sectors, thereby greatly improving cracking difficulty and workload. For the data sectors, because of the relationship of sector capacity, each data sector can store 256 bits of data at most, 0 and 1 can be used for representing authority data, and by way of example, 0 can represent no door opening authority, 1 can represent door opening authority, each data sector can store different authorities corresponding to 256 card reading devices, 16-sector IC cards can store different authorities corresponding to 3840 card reading devices at most, and 17-sector IC cards can store different authorities corresponding to 4096 card reading devices at most, so that authority fine management in ultra-large projects can be realized.
The card reading device may preset which sector needs to be read first, and the sector is the main control sector in the IC card. When the user performs a card swiping operation, that is, the IC card is close to the card reading device, the card reading device may first read the data of the main control sector of the IC card, to obtain card information, a sector password of the data sector, and the like. The first card reading password can be calculated according to card information based on the encryption logic of one card, and specifically can be calculated through an encryption algorithm according to a second encryption factor, wherein the second encryption factor can comprise an IC card number in the card information, and can also comprise a project private key, a fixed key/salt and the like, so that the first card reading password generated by different projects and different IC card numbers is ensured to be different. The encryption algorithm can be determined according to encryption configuration information in the main control sector data, so that different IC cards can use different encryption algorithms, the specific encryption algorithm is not limited, and an asymmetric encryption mode can be selected.
S12, verifying whether the first card reading password is correct, and if so, calculating a second card reading password according to the sector password.
Specifically, after the first card reading password is obtained, the first card reading password can be compared with the corresponding correct password to verify whether the first card reading password is correct. If the first card reading password is correct, the second card reading password can be calculated according to the sector password stored in the main control sector, the second card reading password is obtained by calculating the second encryption of the sector password through an encryption algorithm according to a third encryption factor, wherein the third encryption factor can comprise the sector password, an IC card number, a sector number, an item private key, a fixed key/salt and the like, the fixed key/salt can be different from the fixed key/salt in the second encryption factor, and the used encryption algorithm can also be different. If the first card reading password is incorrect, the fact that the authority verification is not passed can be directly judged.
And S13, verifying whether the second card reading password is correct, and if so, reading the target authority data corresponding to the card reading equipment from the data sector.
Specifically, after the second read card password is obtained, the second read card password can be compared with the corresponding correct password to verify whether the second read card password is correct. If the second card reading password is correct, the target authority data corresponding to the card reading device can be read from the data sector, such as 0 or 1. If the second card reading password is incorrect, the fact that the authority verification is not passed can be directly judged.
Optionally, before the calculating the second read card password according to the sector password, the method further includes: determining a sector number of a target data sector storing the target authority data in the IC card according to the authority identification of the card reading equipment; acquiring a target sector password from the main control sector data according to the sector number; correspondingly, the calculating the second read card password according to the sector password comprises the following steps: calculating the second card reading password according to the target sector password; correspondingly, the reading the target authority data corresponding to the card reading device from the data sector includes: and reading the target authority data from the target data sector.
Specifically, the number of data sectors enabled may be one or more, and the number of sector passwords stored when a plurality of data sectors are enabled may be one or more. When a data sector is started, a unique sector password can be directly obtained to verify a second card reading password, and then corresponding target authority data is read in the data sector according to the authority identification of the card reading equipment; or the corresponding target data sector for storing the target authority data can be firstly determined according to the corresponding relation between the authority identification of the card reading equipment and the sector number of the data sector, then the corresponding target sector password is searched according to the sector number of the target data sector, or the unique sector password is directly obtained for verification, and then the corresponding target authority data is read from the target data sector according to the authority identification of the card reading equipment. When a plurality of data sectors are started, a target data sector for storing target authority data can be firstly determined according to the corresponding relation between the authority identification of the card reading equipment and the sector number of the data sector, then a corresponding target sector password can be searched in main control sector data according to the sector number of the target data sector, so that verification of a second card reading password is performed, and then the corresponding target authority data is read from the target data sector according to the authority identification of the card reading equipment.
Further optionally, the data sector is a plurality of; correspondingly, the determining the sector number of the target data sector storing the target authority data in the IC card according to the authority identification of the card reading device comprises the following steps: and carrying out modular redundancy on the number of the data sectors by the authority identification to obtain the sector number. Specifically, the permission data can be distributed in each data sector, which data sector the target permission data corresponding to the card reading device is located in can be obtained through calculation, specifically, the permission identifier (such as 1-4096) of the card reading device can be used for carrying out modulo remainder calculation on the number (minimum 1 and maximum 1) of the enabled data sectors to obtain the required sector number, so that each data sector can be ensured to have data falling.
Further optionally, before the performing modulo addition on the number of the data sectors by the permission identifier to obtain the sector number, the method further includes: and processing the permission identification by using a preset confusion number. Specifically, after the preset confusion number is added to the permission identification, the number of the data sectors is subjected to modulo remainder to obtain the required sector number, so that the calculation result is not easy to crack and calculate. For example, if the permission identifier is 257, the preset confusion number is 16, and the number of data sectors (1-16) is 16, the 257+16 modulo 16 is 1, and the target permission data representing the card reading device is stored in the 1 sector.
S14, verifying the authority of the IC card according to the target authority data.
Specifically, after the target authority data of the card reading device is obtained, the authority of the IC card can be verified according to the target authority data. Illustratively, if the read target rights data is 1, rights are represented, and if the read target rights data is 0, no rights are represented.
On the basis of the technical scheme, optionally, the main control sector data further comprises a first check bit field; correspondingly, before the calculating the second read card password according to the sector password, the method further comprises: encrypting data except the first check bit field in the main control sector data by using a first preset encryption algorithm, and comparing by using the first check bit field; and/or the sector cipher comprises a second check bit field; correspondingly, before the calculating the second read card password according to the sector password, the method further comprises: and encrypting data except the second check bit field in the sector password by using a second preset encryption algorithm, and comparing by using the second check bit field.
Specifically, a first check bit space can be reserved in the main control sector and used for storing a first check bit field, and the field can be used for checking the error detection, error correction and anti-counterfeiting of the whole main control sector data, so that the data is prevented from being counterfeited or tampered. The data except the first check bit field in the main control sector data can be encrypted by using a first preset encryption algorithm before calculating the second read card password, and if not, the main control sector data is forged or tampered. Similarly, the storage area of the sector password in the main control sector can be reserved with a second check bit space for storing a second check bit field, and the field can be used for checking the sector password for error detection, error correction and anti-counterfeiting, so that the data is prevented from being counterfeited or tampered. The data except the second check bit field in the sector password can be encrypted by using a second preset encryption algorithm before calculating the second read card password, and if the data is inconsistent with the second check bit field stored in the reserved bit, the sector password is forged or tampered. If the first check bit field or the second check bit field is inconsistent, the permission verification can be directly judged to be failed.
On the basis of the technical scheme, optionally, the card information comprises card state and/or card validity period; correspondingly, before the calculating the second read card password according to the sector password, the method further comprises: and verifying whether the IC card is valid or not according to the card state and/or the card validity period. Specifically, the card state and/or the card validity period of the IC card may be stored in the main control sector, and then before the second read card password is calculated, specifically, after the first check bit field is checked, before the target data sector is determined, whether the IC card is a valid card may be determined according to the card state and/or the card validity period, if valid, the subsequent steps may be performed normally, and if invalid, it may be determined that the authority verification is not passed directly.
According to the technical scheme provided by the embodiment of the invention, the main control sector data of the IC card is read at first, the first card reading password is calculated according to card information in the main control sector data, if the first card reading password passes verification, the second card reading password is calculated according to the sector password of the data sector in the main control sector data, if the second card reading password passes verification, the target authority data corresponding to the card reading equipment is read from the data sector, and then the authority of the IC card can be verified according to the target authority data. The main control sector and the data sector are independently arranged, so that the authority data is stored for the second time, and the two encryption modes are different, thereby improving the difficulty of the IC card in violent cracking and improving the reliability and safety of the IC card.
Example two
Fig. 2 is a schematic structural diagram of an authority verification device for an IC card according to a second embodiment of the present invention, where the device may be implemented in hardware and/or software, and may be generally integrated in a card reading device, for executing the authority verification method for an IC card according to any embodiment of the present invention. As shown in fig. 2, the apparatus includes:
a first card reading password calculation module 21, configured to read main control sector data of an IC card, and calculate a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
a second card reading password calculation module 22, configured to verify whether the first card reading password is correct, and if so, calculate a second card reading password according to the sector password;
the target authority data reading module 23 is configured to verify whether the second card reading password is correct, and if so, read target authority data corresponding to the card reading device from the data sector;
and the authority verification module 24 is used for verifying the authority of the IC card according to the target authority data.
According to the technical scheme provided by the embodiment of the invention, the main control sector data of the IC card is read at first, the first card reading password is calculated according to card information in the main control sector data, if the first card reading password passes verification, the second card reading password is calculated according to the sector password of the data sector in the main control sector data, if the second card reading password passes verification, the target authority data corresponding to the card reading equipment is read from the data sector, and then the authority of the IC card can be verified according to the target authority data. The main control sector and the data sector are independently arranged, so that the authority data is stored for the second time, and the two encryption modes are different, thereby improving the difficulty of the IC card in violent cracking and improving the reliability and safety of the IC card.
On the basis of the above technical solution, optionally, the authority verification device of the IC card further includes:
a sector number determining module, configured to determine, according to the permission identifier of the card reading device, a sector number of a target data sector in the IC card in which the target permission data is stored, before the second card reading password is calculated according to the sector password;
the target sector password acquisition module is used for acquiring a target sector password from the main control sector data according to the sector number;
correspondingly, the second card password calculation module 22 is specifically configured to:
calculating the second card reading password according to the target sector password;
accordingly, the target rights data reading module 23 is specifically configured to:
and reading the target authority data from the target data sector.
Based on the above technical solution, optionally, the data sectors are plural;
correspondingly, the sector number determining module is specifically configured to:
and carrying out modular redundancy on the number of the data sectors by the authority identification to obtain the sector number.
On the basis of the above technical solution, optionally, the sector number determining module is specifically further configured to:
and before the permission identification carries out modulo remainder on the number of the data sectors to obtain the sector number, processing the permission identification by using a preset confusion number.
On the basis of the above technical solution, optionally, the sector password is calculated by a first encryption factor, where the first encryption factor includes a random password.
On the basis of the technical scheme, optionally, the main control sector data further comprises a first check bit field;
correspondingly, the authority verification device of the IC card further comprises:
the first verification module is used for encrypting the data except the first check bit field in the main control sector data by using a first preset encryption algorithm before the second read card password is calculated according to the sector password, and comparing the data with the first check bit field;
and/or the number of the groups of groups,
the sector cipher includes a second check bit field;
correspondingly, the authority verification device of the IC card further comprises:
and the second checking module is used for encrypting data except the second checking bit field in the sector password by using a second preset encryption algorithm before the second read card password is calculated according to the sector password, and comparing by using the second checking bit field.
On the basis of the technical scheme, optionally, the card information comprises card state and/or card validity period;
correspondingly, the authority verification device of the IC card further comprises:
and the card effectiveness verification module is used for verifying whether the IC card is effective or not according to the card state and/or the card validity period before the second card reading password is calculated according to the sector password.
The permission verification device of the IC card provided by the embodiment of the invention can execute the permission verification method of the IC card provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Note that, in the above-described embodiment of the authority verification apparatus for an IC card, each unit and module included is divided only by functional logic, but is not limited to the above-described division, as long as the corresponding functions can be realized; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
Example III
Fig. 3 is a schematic structural diagram of a card reader device according to a third embodiment of the present invention, and shows a block diagram of an exemplary card reader device suitable for implementing an embodiment of the present invention. The card reader device shown in fig. 3 is only an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present invention. As shown in fig. 3, the card reading device includes a processor 31, a memory 32, an input device 33 and an output device 34; the number of processors 31 in the card reading device may be one or more, in fig. 3, one processor 31 is taken as an example, and the processors 31, the memory 32, the input device 33 and the output device 34 in the card reading device may be connected by a bus or other manners, in fig. 3, by a bus connection is taken as an example.
The memory 32 is a computer-readable storage medium, and may be used to store a software program, a computer-executable program, and modules, such as program instructions/modules corresponding to the authority verification method of an IC card in the embodiment of the present invention (for example, the first card reading password calculation module 21, the second card reading password calculation module 22, the target authority data reading module 23, and the authority verification module 24 in the authority verification device of the IC card). The processor 31 executes various functional applications of the card reading device and data processing by running software programs, instructions, and modules stored in the memory 32, that is, implements the above-described authority verification method of the IC card.
The memory 32 may mainly include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created according to the use of the card reading device, and the like. In addition, memory 32 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, memory 32 may further include memory located remotely from processor 31, which may be connected to the card reading device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 33 can be used to read data stored in the IC card, generate key signal inputs related to user settings and function control of the card reading apparatus, and the like. The output device 34 may be used to control on a switch or the like according to the authority of the IC card.
Example IV
A fourth embodiment of the present invention also provides a storage medium containing computer-executable instructions for performing a right verification method of an IC card when executed by a computer processor, the method comprising:
reading main control sector data of an IC card, and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
verifying whether the first card reading password is correct, if so, calculating a second card reading password according to the sector password;
verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to card reading equipment from the data sector;
and verifying the authority of the IC card according to the target authority data.
The storage medium may be any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, lanbus (Rambus) RAM, etc.; nonvolatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a computer system in which the program is executed, or may be located in a different second computer system connected to the computer system through a network (such as the internet). The second computer system may provide program instructions to the computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations (e.g., in different computer systems connected by a network). The storage medium may store program instructions (e.g., embodied as a computer program) executable by one or more processors.
Of course, the storage medium containing the computer executable instructions provided in the embodiments of the present invention is not limited to the method operations described above, and may also perform the related operations in the authority verification method of the IC card provided in any embodiment of the present invention.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (10)

1. A right verification method of an IC card, comprising:
reading main control sector data of an IC card, and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
verifying whether the first card reading password is correct, if so, calculating a second card reading password according to the sector password;
verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to card reading equipment from the data sector;
and verifying the authority of the IC card according to the target authority data.
2. The IC card authority verification method according to claim 1, further comprising, before said calculating a second read card password from said sector password:
determining a sector number of a target data sector storing the target authority data in the IC card according to the authority identification of the card reading equipment;
acquiring a target sector password from the main control sector data according to the sector number;
correspondingly, the calculating the second read card password according to the sector password comprises the following steps:
calculating the second card reading password according to the target sector password;
correspondingly, the reading the target authority data corresponding to the card reading device from the data sector includes:
and reading the target authority data from the target data sector.
3. The authority verification method of an IC card according to claim 2, wherein the data sector is a plurality of;
correspondingly, the determining the sector number of the target data sector storing the target authority data in the IC card according to the authority identification of the card reading device comprises the following steps:
and carrying out modular redundancy on the number of the data sectors by the authority identification to obtain the sector number.
4. The IC card authority verification method according to claim 3, further comprising, before the obtaining the sector number by modulo the authority identification the number of the data sectors:
and processing the permission identification by using a preset confusion number.
5. The authority verification method of an IC card according to claim 1, wherein the sector password is calculated from a first encryption factor including a random password.
6. The authority verification method of an IC card according to claim 1, wherein the master sector data further includes a first check bit field;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
encrypting data except the first check bit field in the main control sector data by using a first preset encryption algorithm, and comparing by using the first check bit field;
and/or the number of the groups of groups,
the sector cipher includes a second check bit field;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
and encrypting data except the second check bit field in the sector password by using a second preset encryption algorithm, and comparing by using the second check bit field.
7. The authority verification method of an IC card according to claim 1, wherein the card information includes a card status and/or a card validity period;
correspondingly, before the calculating the second read card password according to the sector password, the method further comprises:
and verifying whether the IC card is valid or not according to the card state and/or the card validity period.
8. An authority verification apparatus for an IC card, comprising:
the first card reading password calculation module is used for reading main control sector data of the IC card and calculating a first card reading password according to card information in the main control sector data; the main control sector data also comprises a sector password of a data sector;
the second card reading password calculation module is used for verifying whether the first card reading password is correct, and if so, calculating a second card reading password according to the sector password;
the target authority data reading module is used for verifying whether the second card reading password is correct, and if so, reading target authority data corresponding to the card reading equipment from the data sector;
and the permission verification module is used for verifying the permission of the IC card according to the target permission data.
9. A card reading apparatus, comprising:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the authority verification method of an IC card as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when executed by a processor, implements the authority verification method of an IC card according to any one of claims 1 to 7.
CN202310232687.0A 2023-02-28 2023-02-28 Permission verification method and device for IC card, card reading equipment and storage medium Pending CN116226942A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310232687.0A CN116226942A (en) 2023-02-28 2023-02-28 Permission verification method and device for IC card, card reading equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310232687.0A CN116226942A (en) 2023-02-28 2023-02-28 Permission verification method and device for IC card, card reading equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116226942A true CN116226942A (en) 2023-06-06

Family

ID=86587189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310232687.0A Pending CN116226942A (en) 2023-02-28 2023-02-28 Permission verification method and device for IC card, card reading equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116226942A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116522414A (en) * 2023-06-26 2023-08-01 深圳市亲邻科技有限公司 Data storage method, IC card and data storage device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116522414A (en) * 2023-06-26 2023-08-01 深圳市亲邻科技有限公司 Data storage method, IC card and data storage device
CN116522414B (en) * 2023-06-26 2023-10-13 深圳市亲邻科技有限公司 Data storage method, IC card and data storage device

Similar Documents

Publication Publication Date Title
US7752445B2 (en) System and method for authentication of a hardware token
US20190050598A1 (en) Secure data storage
CN111723383B (en) Data storage and verification method and device
JP4598857B2 (en) IC card and access control method thereof
US20090193211A1 (en) Software authentication for computer systems
US11803366B2 (en) Firmware updating system and method
US20080120726A1 (en) External storage device
WO2012097231A2 (en) System and method for tamper-resistant booting
CN107430658A (en) Fail-safe software certification and checking
US20100228991A1 (en) Using Hidden Secrets and Token Devices to Control Access to Secure Systems
CN109800605A (en) A kind of fail-safe computer
CN112084472B (en) Real-time dynamic authentication method for multi-user secure storage
CN108762782A (en) A kind of safety access control method for encrypting solid state disk and BIOS chips based on safety
CN106130730A (en) The data sharing method of a kind of smart card and smart card
JP2002502925A (en) Access control protocol between electronic key and electronic lock
CN116226942A (en) Permission verification method and device for IC card, card reading equipment and storage medium
CN114662164A (en) Identity authentication and access control system, method and equipment based on encrypted hard disk
US8151111B2 (en) Processing device constituting an authentication system, authentication system, and the operation method thereof
CN113436376A (en) Access control system, method and device and biological key card
US11693991B2 (en) Checking the integrity of an electronic device
EP2965295B1 (en) Localized pin management with reader verification and no disclosure
CN108270767B (en) Data verification method
KR20110111661A (en) Rfid tag for protecting duplication, system and method for protecting duplication using the same on epc network
CN113111336A (en) Authentication method based on security computer
US10853476B2 (en) Method for the security of an electronic operation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination