CN116361862A - Method and device for checking personalized data of IC card and medium - Google Patents
Method and device for checking personalized data of IC card and medium Download PDFInfo
- Publication number
- CN116361862A CN116361862A CN202310245826.3A CN202310245826A CN116361862A CN 116361862 A CN116361862 A CN 116361862A CN 202310245826 A CN202310245826 A CN 202310245826A CN 116361862 A CN116361862 A CN 116361862A
- Authority
- CN
- China
- Prior art keywords
- data
- determining
- card
- personalized
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention discloses a personalized data checking method, a device and a medium. The method is characterized in that the method is extracted from the personalized log, so that the IC card is not required to be seriously relied on, in addition, the DGI, the transaction related data and the off-line authentication data which are composed of data elements are extracted from the personalized data, whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions is judged, if the conditions are met, the personalized data are determined to be correct, and otherwise, the personalized data are determined to be incorrect. Therefore, the method does not need to carry out analog transaction on the IC card, improves the checking efficiency, and can reuse the personalized log data. In addition, some data which are not covered by the IC analog transaction can be checked, so that the checking quality is improved.
Description
The application is a divisional application of a personalized data inspection method, a personalized data inspection device and a personalized data inspection medium applied to an IC card, wherein the application date is 2019, 12, 4, 201911227530.9.
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, an apparatus, and a medium for inspecting personal data of an IC card.
Background
There are many kinds of IC cards (integrated circuit cards) that generally have personalization data to perform a specific function, for example, a bank needs to personalize an IC card using card manufacturing data before delivering the user IC card. There may be problems in the card manufacturing data, such as that the length bytes of the data elements are not matched with the actual length, the values of the data elements are not in accordance with the specification requirements, and the components of the asymmetric key are not matched, so that the personal card data is wrong and cannot be used normally.
To verify that the card making data and the personalization data are correct, it is necessary to check whether the personalization data are correct or not, so that a potential problem is found. In the prior art, the adopted testing method is to download card making data into an IC card, and then use a testing script to simulate transaction to indirectly find problems.
Therefore, the method needs to simulate the transaction on the IC card, on one hand, the IC card is seriously relied on, and on the other hand, the personalized data can be checked only through multiple simulation processes, so that the checking efficiency is greatly reduced.
Disclosure of Invention
The invention aims to provide a personalized data checking method, a device and a medium applied to an IC card, which are used for checking the personalized data of the IC card to determine whether the personalized data is correct.
In order to solve the above technical problems, the present invention provides a personalized data inspection method applied to an IC card, including:
extracting personalized data from a personalized log of the IC card;
extracting DGI, transaction related data and off-line authentication data which are composed of data elements from the personalized data;
judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions or not;
if both are satisfied, determining that the personalized data is correct, otherwise determining that the personalized data is incorrect.
Preferably, the determining whether the DGI, the transaction-related data, and the offline authentication data respectively meet preset conditions includes:
judging whether the DGI accords with a TLV structure, judging whether the transaction related data accords with the requirement of a response value corresponding to a transaction instruction, judging whether a public key certificate and a secret key in the off-line authentication data are correct, if the judgment results are yes, determining that the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions so as to enter the determination that the personalized data are correct, otherwise, determining that the DGI, the transaction related data and the off-line authentication data do not meet preset conditions at the same time so as to enter the determination that the personalized data are wrong.
Preferably, the determining whether the DGI conforms to a TLV structure includes:
reading a piece of the packet data;
judging whether each data element in the current packet data meets the TLV structure or not;
if not, determining that the DGI does not conform to the TLV structure, so as to enter the step of determining personalized data errors;
if yes, judging whether the current packet data is the last piece or not;
returning to said step of reading one of said pieces of packet data if it is not the last piece;
and if the DGI is the last, determining that the DGI accords with the TLV structure so as to enter the step of judging whether the transaction related data accords with the requirement of a response value corresponding to the transaction instruction.
Preferably, the determining whether the transaction related data meets the requirement of the response value corresponding to the transaction instruction includes:
judging whether the DGI corresponding to the response Select instruction meets the requirement, judging whether the DGI corresponding to the response GPO instruction meets the requirement, judging whether the DGI corresponding to the AFL mark meets the requirement, judging whether the DGI corresponding to the response GAC instruction meets the requirement, judging whether the internal record DGI meets the requirement and judging whether the external record DGI template meets the requirement;
if the above judging results are yes, determining that the transaction related data meets the requirement of the response value corresponding to the transaction instruction so as to enter the step of judging whether the public key certificate and the secret key in the offline authentication data are correct, otherwise, determining that the transaction related data does not meet the requirement of the response value corresponding to the transaction instruction so as to enter the step of determining that the personalized data is wrong.
Preferably, the algorithm type corresponding to the IC card is an international algorithm, and the determining whether the public key certificate and the secret key in the offline authentication data are correct includes:
judging whether the public key certificate of the issuing bank is recovered correctly;
if the issuer public key certificate is not recovered to be correct, determining that the public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not;
if the IC card public key certificate is not recovered to be correct, determining that the public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct;
judging whether an international algorithm is supported;
if the international algorithm is not supported, determining that the key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect
If so, judging whether decryption can be performed through the RSA key;
if not, determining that the key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if decryption is possible, it is determined that the key in the off-line authentication data is correct, so that the step of determining that the personalization data is correct is entered.
Preferably, the algorithm type corresponding to the IC card is a cryptographic algorithm, and the determining whether the public key certificate and the secret key in the offline authentication data are correct includes:
judging whether the public key certificate of the issuing bank is recovered correctly;
if the issuer public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not;
if the IC card public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct;
judging whether a national encryption algorithm is supported;
if the cryptographic algorithm is not supported, determining that the IC card public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if so, judging whether the national secret public and private key pair is matched;
if the IC card public key certificate in the off-line authentication data is not matched, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if so, determining that the IC card public key certificate in the off-line authentication data is correct, so as to enter the step of determining that the personalized data is correct.
Preferably, the method further comprises:
the inspection process generates test scripts for use in subsequent inspections.
In order to solve the above technical problem, the present invention further provides a personalized data inspection device applied to an IC card, including:
the extraction module is used for extracting personalized data from the personalized log of the IC card and extracting DGI, transaction related data and off-line authentication data which are composed of data elements from the personalized data;
the judging module is used for judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions;
and the determining module is used for determining that the personalized data is correct when the judging results of the judging module are all met, or determining that the personalized data is wrong.
In order to solve the technical problem, the invention also provides a personalized data inspection device applied to the IC card, which comprises a memory for storing a computer program;
a processor for implementing the steps of the personalized data inspection method applied to an IC card as described when executing the computer program.
To solve the above technical problem, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the personalized data inspection method applied to an IC card as described above.
The personalized data inspection method applied to the IC card provided by the invention is used for inspecting the personalized data by extracting the personalized data from the personalized log of the IC card. The method is characterized in that the method is extracted from the personalized log, so that the IC card is not required to be seriously relied on, in addition, the DGI, the transaction related data and the off-line authentication data which are composed of data elements are extracted from the personalized data, whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions is judged, if the conditions are met, the personalized data are determined to be correct, and otherwise, the personalized data are determined to be incorrect. Therefore, the method does not need to simulate the transaction of the IC card, improves the checking efficiency, can reuse the personalized log data, and can reproduce even if the judging process is abnormal, the method does not need to repeatedly simulate the transaction of the IC card, and further improves the checking efficiency. In addition, some data which are not covered by the IC analog transaction can be checked, so that the checking quality is improved.
Drawings
For a clearer description of embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
Fig. 1 is a flowchart of a personalized data inspection method applied to an IC card according to an embodiment of the present invention;
fig. 2 is a flowchart for determining whether DGI conforms to a TLV structure according to an embodiment of the present invention;
FIG. 3 is a flow chart for determining whether transaction related data accords with a response value corresponding to a transaction command according to the embodiment of the present invention;
FIG. 4 is a flowchart for determining whether a public key certificate and a secret key in offline authentication data are correct according to the embodiment of the present invention;
FIG. 5 is a flowchart of another method for determining whether a public key certificate and a secret key in offline authentication data are correct according to the embodiment of the present invention;
fig. 6 is a block diagram of a personalized data inspection device applied to an IC card according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present invention.
The core of the invention is to provide a personalized data checking method, a device and a medium applied to an IC card.
In order to better understand the aspects of the present invention, the present invention will be described in further detail with reference to the accompanying drawings and detailed description.
Fig. 1 is a flowchart of a personalized data inspection method applied to an IC card according to an embodiment of the present invention. As shown in fig. 1, the method includes:
s10: the personalization data is extracted from the personalization log of the IC card.
The personalized log is similar to that of other electronic products, for example, a computer-generated log, and contains data generated by the operation of the IC card. The personalized log includes data such as time corresponding to various operations in addition to personalized data. Since only the personalized data is focused on in the present invention, it is necessary to extract the personalized data from the personalized log. It should be noted that, since different types of data all have identifications, it is possible to determine which are personalized data and which are not, by means of the data identifications, by which the personalized data are extracted from the personalized log. In order to avoid omission, the extraction is usually performed in a traversal mode, but other sequences can be adopted besides the traversal mode, and the invention is not limited.
The type of the IC card mentioned in the present invention is not limited, and may be a card such as a bank card. Hereinafter, an IC card will be exemplified as a bank card.
The extracted personalized data may be loaded into memory in order to facilitate subsequent quick manipulation of the personalized data.
S11: DGI, transaction-related data and off-line authentication data, which are composed of data elements, are extracted from the personalized data.
In the personalized data, DGI (data packet composed of data elements), transaction related data and off-line authentication data are key data indicating whether the personalized data are correct or not, and these data are also data which easily affect the normal use of the IC card after an error, so in this embodiment, these three data are selected for judgment. In a specific implementation, the three data also have their data identifiers, and are also extracted by the data identifiers, which is not described in detail in this embodiment.
S12: and judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions, if so, entering S13, otherwise, entering S14.
The preset conditions can be obtained according to industry specifications or obtained through other channels, and the preset conditions are set without influencing the implementation of the scheme. It will be appreciated that the preset conditions herein include requirements for DGI, transaction related data and off-line authentication data.
As a preferred embodiment, S12 specifically includes: judging whether the DGI accords with the TLV structure, judging whether the transaction related data accords with the requirement of a response value corresponding to the transaction instruction, and judging whether the public key certificate and the secret key in the off-line authentication data are correct, if the judgment results are yes, determining that the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions so as to enter into determining that the personalized data are correct, otherwise, determining that the DGI, the transaction related data and the off-line authentication data do not meet preset conditions at the same time so as to enter into determining that the personalized data are wrong.
It can be understood that if the content according to the present embodiment is to be described, the preset conditions are: the DGI accords with the TLV structure, the transaction related data accords with the requirement of a response value corresponding to the transaction instruction, and the public key certificate and the secret key in the offline authentication data are correct.
It should be noted that, in this embodiment, the specific content about the preset condition may be determined according to the actual situation, and the embodiment of the present invention is not limited to the above content.
S13: the personalization data is determined to be correct.
S14: a personalized data error is determined.
Through judging the three data and the preset conditions, when the judging results of the three data meet the preset conditions, the personalized data are correct, otherwise, the personalized data are incorrect.
The above three data may be judged in a sequence of one or more steps, for example, the three steps may be independent of each other, and the three steps may not be affected by each other.
The personalized data inspection method applied to the IC card provided by the embodiment of the invention is used for inspecting the personalized data by extracting the personalized data from the personalized log of the IC card. The method is characterized in that the method is extracted from the personalized log, so that the IC card is not required to be seriously relied on, in addition, the DGI, the transaction related data and the off-line authentication data which are composed of data elements are extracted from the personalized data, whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions is judged, if the conditions are met, the personalized data are determined to be correct, and otherwise, the personalized data are determined to be incorrect. Therefore, the method does not need to simulate the transaction of the IC card, improves the checking efficiency, can reuse the personalized log data, and can reproduce even if the judging process is abnormal, the method does not need to repeatedly simulate the transaction of the IC card, and further improves the checking efficiency. In addition, some data which are not covered by the IC analog transaction can be checked, so that the checking quality is improved.
Through test verification, the personalized data is checked by using the scheme, so that the omission of manual check is avoided, and the accuracy is greatly improved. Meanwhile, the inspection efficiency is obviously improved, and the original time is 30 minutes, and only 1 minute is needed.
Fig. 2 is a flowchart for determining whether DGI conforms to a TLV structure according to an embodiment of the present invention. As shown in fig. 2, on the basis of the foregoing embodiment, as a preferred implementation manner, the method for determining whether the DGI conforms to the TLV structure includes:
s20: a piece of packet data is read.
S21: and judging whether each data element in the current packet data meets the TLV structure, if not, entering S22, and if so, entering S23.
S22: it is determined that DGI does not conform to the TLV structure in order to proceed to S14.
S23: it is determined whether the current packet data is the last one, and if not, the process proceeds to S20, and if so, the process proceeds to S24.
S24: determining that the DGI meets the TLV structure so as to enter the step of judging whether the transaction related data meets the requirement of a response value corresponding to the transaction instruction.
Fig. 3 is a flowchart of determining whether transaction related data accords with a response value corresponding to a transaction command according to the embodiment of the present invention. As shown in fig. 3, on the basis of the foregoing embodiment, as a preferred implementation manner, determining whether the transaction related data meets the requirement of the response value corresponding to the transaction instruction includes:
s30: and judging whether the DGI corresponding to the response Select instruction meets the requirements, if so, entering S31, otherwise, entering S37.
S31: and judging whether the DGI corresponding to the response GPO instruction meets the requirement, if so, entering S32, otherwise, entering S37.
S32: and judging whether the DGI corresponding to the AFL identification meets the requirements, if so, entering S33, otherwise, entering S37.
S33: and judging whether the DGI corresponding to the response GAC instruction meets the requirement, if so, entering S34, otherwise, entering S37.
S34: and judging whether the internal record DGI meets the requirements, if so, entering S35, otherwise, entering S37.
S35: and judging whether the external record DGI template meets the requirements, if so, entering S36, otherwise, entering S37.
S36: and determining that the transaction related data meets the requirement of a response value corresponding to the transaction instruction.
S37: and determining that the transaction related data does not meet the requirement of the response value corresponding to the transaction instruction so as to enter S14.
In this embodiment, it is checked whether the DGI associated with these responses contains the necessary data by checking the response values of the instructions (Select, GPO, readRecord, GAC) involved in different types of transactions (debit credit, quick debit credit, micropayment) and algorithm types (international algorithm, national cryptographic algorithm). Since the quick debit credit transaction does not have a GAC instruction, the checking of GAC may be skipped.
Note that, in this embodiment, the Select instruction refers to an application selection instruction, the GPO instruction refers to an acquisition processing option instruction, the AFL identifier refers to an application file locator, and the GAC instruction refers to an application ciphertext generation instruction.
Fig. 4 is a flowchart for determining whether a public key certificate and a secret key in offline authentication data are correct according to the embodiment of the present invention. As shown in fig. 4, in the above embodiment, as a preferred embodiment, the algorithm type corresponding to the IC card is an international algorithm, and determining whether the public key certificate and the secret key in the offline authentication data are correct includes:
s40: whether the issuer public key certificate is recovered correctly is judged, if the issuer public key certificate is not recovered correctly, the process goes to S43, and if the issuer public key certificate is recovered correctly, the process goes to S41.
S41: whether the IC card public key certificate is recovered correctly is judged, if the IC card public key certificate is not recovered correctly, the process proceeds to S43, and if the IC card public key certificate is recovered correctly, the process proceeds to S42.
S42: it is determined that the public key certificate in the offline authentication data is correct, and the process proceeds to S44.
S43: determining that the public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect.
S44: whether or not the international algorithm is supported is judged, and if not, the process proceeds to S47, and if so, the process proceeds to S45.
S45: it is judged whether decryption is possible by the RSA key, and if not, S47 is entered, and if decryption is possible, S46 is entered.
S46: the key in the offline authentication data is determined to be correct in order to proceed to the step of determining that the personalization data is correct.
S47: determining that the key in the offline authentication data is incorrect, so as to proceed to the step of determining that the personalization data is incorrect.
In S40, the issuer public key may be recovered from the issuer public key certificate by the CA public key, and in S41, the IC card public key may be recovered from the IC card public key certificate by the recovered issuer public key. Specifically, since the public key certificate has a specific format, whether the recovery is correct or not can be determined by the specific format, and the embodiment will not be described again.
In this embodiment, the DGI check related to the offline authentication data authentication of the transaction in the international algorithm first checks whether the public key certificate is correct, and then verifies whether the RSA key (CRT form) is correct.
FIG. 5 is a flowchart of another method for determining whether a public key certificate and a secret key in offline authentication data are correct according to the present invention. As shown in fig. 5, in the above embodiment, as a preferred embodiment, the algorithm type corresponding to the IC card is a cryptographic algorithm, and determining whether the public key certificate and the secret key in the offline authentication data are correct includes:
s50: whether the issuer public key certificate is recovered correctly is judged, if the issuer public key certificate is not recovered correctly, the process goes to S53, and if the issuer public key certificate is recovered correctly, the process goes to S51.
S51: whether the IC card public key certificate is recovered correctly is judged, if the IC card public key certificate is not recovered correctly, the process proceeds to S53, and if the IC card public key certificate is recovered correctly, the process proceeds to S52.
S52: it is determined that the IC card public key certificate in the off-line authentication data is correct, and the process advances to S54.
S53: determining that the IC card public key certificate in the off-line authentication data is incorrect so as to enter a step of determining that the personalized data is incorrect;
s54: whether the cryptographic algorithm is supported or not is judged, if not, the process proceeds to S57, and if so, the process proceeds to S55.
S55: whether the public and private key pairs of the national secret are matched or not is judged, if not, the process proceeds to S57, and if so, the process proceeds to S56.
S56: the IC card public key certificate in the off-line authentication data is determined to be correct so as to enter the step of determining that the personalized data is correct.
S57: the IC card public key certificate in the off-line authentication data is determined to be incorrect so as to enter the step of determining that the personalized data is incorrect.
In S50, the issuer public key may be recovered from the issuer public key certificate by the CA public key, and in S51, the IC card public key may be recovered from the IC card public key certificate by the recovered issuer public key. Specifically, since the public key certificate has a specific format, whether the recovery is correct or not can be determined by the specific format, and the embodiment will not be described again.
In this embodiment, the DGI related to the offline authentication data authentication of the transaction in the cryptographic algorithm is checked to first check whether the public key certificate is correct, and then to verify whether the SM2 key is correct.
On the basis of the above embodiment, the method further comprises:
the inspection process generates test scripts for use in subsequent inspections.
Because the personalized data in the personalized log is checked, the test script can be generated in the corresponding checking process, and the time for the subsequent checking is reduced. It will be appreciated that the test script may be stored in any storage medium as long as it is available at the time of use.
In the above embodiments, detailed description is made of the personalized data inspection method applied to the IC card, and the present invention also provides corresponding embodiments of the personalized data inspection device applied to the IC card. It should be noted that the present invention describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware.
Fig. 6 is a block diagram of a personalized data inspection device applied to an IC card according to an embodiment of the present invention. As shown in fig. 6, the apparatus includes:
and an extraction module 10 for extracting the personalization data from the personalization log of the IC card and extracting DGI, transaction-related data and off-line authentication data composed of data elements from the personalization data.
The judging module 11 is configured to judge whether the DGI, the transaction related data, and the offline authentication data respectively satisfy preset conditions.
And the determining module 12 is used for determining that the personalized data is correct when the judging results of the judging module are all met, otherwise determining that the personalized data is wrong.
Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein.
The personalized data inspection device applied to the IC card provided by the embodiment of the invention inspects the personalized data by extracting the personalized data from the personalized log of the IC card. The method is characterized in that the method is extracted from the personalized log, so that the IC card is not required to be seriously relied on, in addition, the DGI, the transaction related data and the off-line authentication data which are composed of data elements are extracted from the personalized data, whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions is judged, if the conditions are met, the personalized data are determined to be correct, and otherwise, the personalized data are determined to be incorrect. Therefore, the device does not need to simulate transaction on the IC card, the checking efficiency is improved, the personalized log data can be reused, and even if the judging process is abnormal, the device can be reproduced, and the checking efficiency is further improved without repeatedly simulating transaction on the IC card. In addition, some data which are not covered by the IC analog transaction can be checked, so that the checking quality is improved.
Further, the present invention provides a personalized data inspection device applied to an IC card, including a memory for storing a computer program;
a processor for implementing the steps of the personalized data inspection method applied to an IC card as provided in any one of the embodiments described above when executing a computer program.
The personalized data inspection device applied to the IC card provided by the embodiment of the invention inspects the personalized data by extracting the personalized data from the personalized log of the IC card. The method is characterized in that the method is extracted from the personalized log, so that the IC card is not required to be seriously relied on, in addition, the DGI, the transaction related data and the off-line authentication data which are composed of data elements are extracted from the personalized data, whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions is judged, if the conditions are met, the personalized data are determined to be correct, and otherwise, the personalized data are determined to be incorrect. Therefore, the device does not need to simulate transaction on the IC card, the checking efficiency is improved, the personalized log data can be reused, and even if the judging process is abnormal, the device can be reproduced, and the checking efficiency is further improved without repeatedly simulating transaction on the IC card. In addition, some data which are not covered by the IC analog transaction can be checked, so that the checking quality is improved.
Finally, the present invention also provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the personalized data inspection method for an IC card provided in any of the above embodiments.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. With such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, performing all or part of the steps of the method described in the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The personalized data checking method, device and medium applied to the IC card provided by the invention are described in detail above. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (11)
1. An IC card personalization data inspection method that does not require analog transactions to an IC card, comprising:
extracting personalized data from an IC card personalized log, wherein the IC card personalized log is computer-generated and includes data generated by operating an IC card;
extracting DGI, transaction related data and off-line authentication data which are composed of data elements from the personalized data;
judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions or not;
if both are satisfied, determining that the personalized data is correct, otherwise determining that the personalized data is incorrect.
2. The IC card personalized data inspection method according to claim 1, wherein the determining whether the DGI, the transaction-related data, and the off-line authentication data respectively satisfy preset conditions comprises:
judging whether the DGI accords with a TLV structure, judging whether the transaction related data accords with the requirement of a response value corresponding to a transaction instruction, and judging whether a public key certificate and a secret key in the offline authentication data are correct;
if both are satisfied, determining that the personalized data is correct, otherwise determining that the personalized data is incorrect.
3. The IC card personalized data inspection method according to claim 1 or 2, wherein determining whether the DGI satisfies a preset condition comprises determining whether the DGI conforms to a TLV structure, comprising:
reading a piece of grouping data;
judging whether each data element in the current packet data meets the TLV structure or not;
if not, determining that the DGI does not conform to the TLV structure, so as to enter the step of determining personalized data errors;
if yes, judging whether the current packet data is the last piece or not;
returning to said step of reading one of said pieces of packet data if it is not the last piece;
if the DGI is the last, determining that the DGI accords with the TLV structure so as to enter a step of judging whether the transaction related data meets the preset condition;
and/or, wherein determining whether the transaction related data meets a preset condition includes determining whether the transaction related data meets a requirement of a response value corresponding to a transaction instruction, which includes:
judging whether the DGI corresponding to the response Select instruction meets the requirement, judging whether the DGI corresponding to the response GPO instruction meets the requirement, judging whether the DGI corresponding to the AFL mark meets the requirement, judging whether the DGI corresponding to the response GAC instruction meets the requirement, judging whether the internal record DGI meets the requirement and judging whether the external record DGI template meets the requirement;
if the above judging results are yes, determining that the transaction related data meets the requirement of the response value corresponding to the transaction instruction so as to enter the step of judging whether the offline authentication data meets the preset condition, otherwise, determining that the transaction related data does not meet the requirement of the response value corresponding to the transaction instruction so as to enter the step of determining the personalized data error.
4. The IC card personalized data inspection method according to claim 3, wherein determining whether the off-line authentication data meets a preset condition comprises determining whether a public key certificate and a secret key in the off-line authentication data are correct,
wherein:
the algorithm type corresponding to the IC card is an international algorithm, and the judging whether the public key certificate and the secret key in the offline authentication data are correct comprises the following steps:
judging whether the public key certificate of the issuing bank is recovered correctly;
if the issuer public key certificate is not recovered to be correct, determining that the public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not;
if the IC card public key certificate is not recovered to be correct, determining that the public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct;
judging whether an international algorithm is supported;
if the international algorithm is not supported, determining that the key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect
If so, judging whether decryption can be performed through the RSA key;
if not, determining that the key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if decryption is possible, determining that the key in the off-line authentication data is correct, so as to enter the step of determining that the personalized data is correct;
or alternatively, the process may be performed,
the method for judging whether the public key certificate and the secret key in the off-line authentication data are correct or not comprises the following steps of:
judging whether the public key certificate of the issuing bank is recovered correctly;
if the issuer public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not;
if the IC card public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct;
judging whether a national encryption algorithm is supported;
if the cryptographic algorithm is not supported, determining that the IC card public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if so, judging whether the national secret public and private key pair is matched;
if the IC card public key certificate in the off-line authentication data is not matched, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect;
if so, determining that the IC card public key certificate in the off-line authentication data is correct, so as to enter the step of determining that the personalized data is correct.
5. The IC card personalized data inspection method according to any one of claims 1, 2, 4, wherein the inspection process is generated into a test script for use in subsequent inspection, and/or the personalized data inspection method does not rely on an IC card; and/or
And determining whether the data in the personalized log is personalized data or not through the data identification.
6. An IC card personalized data inspection method, comprising:
acquiring an IC card personalized log, wherein the IC card personalized log is computer-generated and includes data generated by operating an IC card;
extracting personalized data from the IC card personalized log; and
it is determined whether the personalized data is correct.
7. The IC card personalized data inspection method according to claim 6, wherein it is determined which data in the personalized log are personalized data by data identification; and/or
Extracting the personalized data from the personalized log in a traversing manner; and/or
Extracting transaction related data and off-line authentication data from the personalized data, and determining whether the transaction related data and the off-line authentication data respectively meet preset conditions; and/or
The method for checking the personalized data of the IC card does not need to carry out analog transaction on the IC card or does not depend on the IC card; and/or
Determining whether the personalized data is correct includes: and extracting transaction related data and off-line authentication data from the personalized data, and determining whether the transaction related data and the off-line authentication data respectively meet preset conditions.
8. The IC card personalized data inspection method according to claim 6 or 7, wherein determining whether the personalized data is correct comprises: extracting DGI, transaction related data and off-line authentication data composed of data elements from the personalized data, and judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions,
wherein:
judging whether the DGI meets a preset condition comprises judging whether the DGI accords with a TLV structure, and the method comprises the following steps: reading a piece of grouping data; judging whether each data element in the current packet data meets the TLV structure or not; if not, determining that the DGI does not conform to the TLV structure, so as to enter the step of determining personalized data errors; if yes, judging whether the current packet data is the last piece or not; returning to said step of reading one of said pieces of packet data if it is not the last piece; if the DGI is the last, determining that the DGI accords with the TLV structure so as to enter a step of judging whether the transaction related data meets the preset condition;
and/or, wherein determining whether the transaction related data meets a preset condition includes determining whether the transaction related data meets a requirement of a response value corresponding to a transaction instruction, which includes: judging whether the DGI corresponding to the response Select instruction meets the requirement, judging whether the DGI corresponding to the response GPO instruction meets the requirement, judging whether the DGI corresponding to the AFL mark meets the requirement, judging whether the DGI corresponding to the response GAC instruction meets the requirement, judging whether the internal record DGI meets the requirement and judging whether the external record DGI template meets the requirement; if the above judging results are yes, determining that the transaction related data meets the requirement of the response value corresponding to the transaction instruction so as to enter a step of judging whether the offline authentication data meets the preset condition, otherwise, determining that the transaction related data does not meet the requirement of the response value corresponding to the transaction instruction so as to enter a step of determining that the personalized data is wrong;
and/or, wherein determining whether the offline authentication data meets a preset condition includes determining whether a public key certificate and a secret key in the offline authentication data are correct, which includes the following case one or case two:
case one: the algorithm type corresponding to the IC card is an international algorithm, and the judging whether the public key certificate and the secret key in the offline authentication data are correct comprises the following steps:
judging whether the public key certificate of the issuing bank is recovered correctly; if the issuer public key certificate is not recovered to be correct, determining that the public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not;
if the IC card public key certificate is not recovered to be correct, determining that the public key certificate in the off-line authentication data is incorrect,
to enter the step of determining the personalized data error; if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct; and
judging whether an international algorithm is supported; if the international algorithm is not supported, determining that a key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if so, judging whether decryption can be performed through the RSA key; if not, determining that the key in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if decryption is possible, determining that the key in the off-line authentication data is correct, so as to enter the step of determining that the personalized data is correct;
and a second case: the method for judging whether the public key certificate and the secret key in the off-line authentication data are correct or not comprises the following steps of:
judging whether the public key certificate of the issuing bank is recovered correctly; if the issuer public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if the public key certificate of the card issuing party is recovered correctly, judging whether the public key certificate of the IC card is recovered correctly or not; if the IC card public key certificate is not recovered to be correct, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if the IC card public key certificate is recovered correctly, determining that the public key certificate in the offline authentication data is correct; and
judging whether a national encryption algorithm is supported; if the cryptographic algorithm is not supported, determining that the IC card public key certificate in the offline authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if so, judging whether the national secret public and private key pair is matched; if the IC card public key certificate in the off-line authentication data is not matched, determining that the IC card public key certificate in the off-line authentication data is incorrect, so as to enter the step of determining that the personalized data is incorrect; if so, determining that the IC card public key certificate in the off-line authentication data is correct, so as to enter the step of determining that the personalized data is correct.
9. A personalized data inspection device applied to an IC card without performing analog transaction on the IC card, wherein the device comprises:
the extraction module is used for extracting personalized data from the personalized log of the IC card and extracting DGI, transaction related data and off-line authentication data which are composed of data elements from the personalized data;
the judging module is used for judging whether the DGI, the transaction related data and the off-line authentication data respectively meet preset conditions;
and the determining module is used for determining that the personalized data is correct when the judging results of the judging module are all met, or determining that the personalized data is wrong.
10. A personalized data inspection device applied to an IC card, characterized by comprising a memory for storing a computer program;
a processor for implementing the steps of the IC card personalized data inspection method according to any one of claims 1 to 8 when executing the computer program.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the IC card personalized data inspection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310245826.3A CN116361862A (en) | 2019-12-04 | 2019-12-04 | Method and device for checking personalized data of IC card and medium |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911227530.9A CN111027097B (en) | 2019-12-04 | 2019-12-04 | Personalized data checking method, device and medium applied to IC card |
| CN202310245826.3A CN116361862A (en) | 2019-12-04 | 2019-12-04 | Method and device for checking personalized data of IC card and medium |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911227530.9A Division CN111027097B (en) | 2019-12-04 | 2019-12-04 | Personalized data checking method, device and medium applied to IC card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116361862A true CN116361862A (en) | 2023-06-30 |
Family
ID=70207914
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310245826.3A Pending CN116361862A (en) | 2019-12-04 | 2019-12-04 | Method and device for checking personalized data of IC card and medium |
| CN201911227530.9A Active CN111027097B (en) | 2019-12-04 | 2019-12-04 | Personalized data checking method, device and medium applied to IC card |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911227530.9A Active CN111027097B (en) | 2019-12-04 | 2019-12-04 | Personalized data checking method, device and medium applied to IC card |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN116361862A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114756440B (en) * | 2022-03-31 | 2023-04-18 | 星汉智能科技股份有限公司 | Data writing method, device and equipment of smart card and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714295B (en) * | 2013-12-27 | 2017-04-05 | 北京大唐智能卡技术有限公司 | A kind of detection method and system of financial integrated circuit card personal data |
| CN105389295A (en) * | 2015-09-30 | 2016-03-09 | 金邦达有限公司 | Data processing method and system for card personalization |
| JP2018197981A (en) * | 2017-05-24 | 2018-12-13 | 凸版印刷株式会社 | Ic card and method for controlling ic card |
| CN108229202A (en) * | 2017-12-29 | 2018-06-29 | 金邦达有限公司 | A kind of automatic full inspection method and device of smart card, computer installation, storage medium |
-
2019
- 2019-12-04 CN CN202310245826.3A patent/CN116361862A/en active Pending
- 2019-12-04 CN CN201911227530.9A patent/CN111027097B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111027097A (en) | 2020-04-17 |
| CN111027097B (en) | 2023-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103944903B (en) | Multi-party authorized APK signature method and system | |
| CN107453873B (en) | Intelligent IC card data verification method and system | |
| CN111027097B (en) | Personalized data checking method, device and medium applied to IC card | |
| CN114553444B (en) | Identity authentication method, identity authentication device and storage medium | |
| WO2017114458A1 (en) | Test method for security application in mobile terminal | |
| CN111985930A (en) | Client number generation method and device | |
| CN110738569A (en) | Transaction certificate processing method, device and system based on block chain | |
| CN110149625A (en) | Phone number verification method and system | |
| CN107294706B (en) | A kind of endorsement method, signature server and system for supporting to verify signature for a long time | |
| CN106250755A (en) | For generating the method and device of identifying code | |
| JP4215255B2 (en) | Degradation confirmation inspection method, degradation confirmation inspection system, and program therefor | |
| CN107016613A (en) | The method and apparatus of data modification | |
| CN115543816A (en) | Software regression test result verification method, device, equipment and storage medium | |
| CN112685478B (en) | Information processing method for cloud service and user portrait mining and cloud server | |
| CN106355404B (en) | Debit credit transaction system and method with security vulnerability protection mechanism | |
| US20220199092A1 (en) | Method for processing a payment transaction, and corresponding device, system and programs | |
| CN113033530A (en) | Certificate copying detection method and device, electronic equipment and readable storage medium | |
| CN113032269A (en) | Intelligent design data testing method and device, storage medium and electronic equipment | |
| CN111046236A (en) | Personalized data checking method, device and medium applied to IC card | |
| CN111967872A (en) | Bank card activation method, device and system | |
| CN111563273A (en) | Information verification method and related equipment | |
| CN104866476B (en) | A kind of information processing method and server | |
| CN111565103B (en) | Production data processing method and device | |
| CN114359798A (en) | Data auditing method and device for real person authentication, computer equipment and storage medium | |
| CN114218120A (en) | Return test certificate method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |