CN1337803A - Enciphering method and circuit for safe communication of IC card data - Google Patents

Enciphering method and circuit for safe communication of IC card data Download PDF

Info

Publication number
CN1337803A
CN1337803A CN 01113234 CN01113234A CN1337803A CN 1337803 A CN1337803 A CN 1337803A CN 01113234 CN01113234 CN 01113234 CN 01113234 A CN01113234 A CN 01113234A CN 1337803 A CN1337803 A CN 1337803A
Authority
CN
China
Prior art keywords
card
data
card reader
communication
circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 01113234
Other languages
Chinese (zh)
Inventor
钱晓州
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Fudan Microelectronics Co Ltd
Original Assignee
Shanghai Fudan Microelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Fudan Microelectronics Co Ltd filed Critical Shanghai Fudan Microelectronics Co Ltd
Priority to CN 01113234 priority Critical patent/CN1337803A/en
Publication of CN1337803A publication Critical patent/CN1337803A/en
Pending legal-status Critical Current

Links

Images

Abstract

The present invention provides a simple and practical algorism to implement an encrypted circuit, and said encrypted circuit can be used in the data communication with higher safety requirement between IC card and card-reading device. Said circuit adopts linear feedback shift register group to form pseudo-random number generator and encryption logic unit, in which the output of encryption logic unit and exclusive-or result of plain code can be formed into encrypsted data. The random number generator can ensure that every encryption process can obtain different data, so that it can prevent intruder from making operation by using imitated authority card-reading device.

Description

The encryption method and the circuit that are used for the data security communication of IC-card
Technical field
The present invention is a kind of be used to have very the data communication encryption method and circuit of the IC-card of high security.
Background technology
Along with widening of development of Communication Technique and application thereof, the application of IC-card more and more widely, but the application of IC-card is very high to the data security requirement, so in the data communication of IC-card, used various cryptographic algorithm in the prior art, because these algorithm routine complexity, so the hardware to chip has proposed very high requirement, the cost of manufacture of IC-card is improved.
Summary of the invention
The objective of the invention is to develop the encryption method and the circuit of the IC-card data security communication that a kind of method is simple, safe, the hardware technology of chip realizes easily.
The present invention has studied a kind of simple and practical algorithm and has realized encrypted circuit.The present invention need carry out card reader to the authentication of card and the mutual authentication of card reading card device before carrying out data communication, we are referred to as three second phases and recognize each other card.The key of authentication is the ciphering unit and randomizer consistent that will keep in card reader and the card, as seen Fig. 1.It is as follows that three second phases are recognized each other the specific operation process of card and subsequently encrypt/decrypt:
1. the loading key promptly is loaded into the key K (48 bits, card reader is known) in the card in the ciphering unit.Here the width of ciphering unit (hereinafter to be referred as E) is 48 bits, and the width of randomizer (R) is 32 bits.
2. produce Rb, the randomizer of card produces the random number R b of 32 bits, delivers to E behind Rb and the UID XOR.Rb is sent to card reader simultaneously, supposed before authentication, card is notified card reader with identification number 32 bits of oneself, and key is both sides' agreement, therefore after receiving Rb, can duplicate E fully, card reader is predisposed to Rb to the random number of the randomizer of oneself simultaneously, and at this moment the E of card reader and R are in full accord with the E and the R of card.Data in the ciphering unit are that (UID), the content of randomizer is Rb to E for Rb, K now.
3. authentication card reader.Card reader will be beamed back 64 Bit datas to card, preceding 32 bit Ra are by the generation at random of card reader, card receives that this 32 bit will directly deliver among the E, same card reader is also delivered to this 32 bit in the own ciphering unit to keep consistent with the E in the card, and in current cryptographic calculation, the data of sending into ciphering unit are actually the XOR of the data of exporting and sending into of ciphering unit own, at this moment card is E (Rb with the encrypted content of card reader, Ra, K, UID).Random number R b wherein, Ra makes that each ciphering process is uncertain, prevents that communication data is analyzed; K is the key of both sides' agreement, and whether can authenticate the other side legal.Card reader carries out the output of the output of E and R to send 32 Bit datas behind the XOR afterwards, and the input of E at this moment is ' 0 '.Card obtains the value of card reader Ra to the data of back 32 bits with data (with the data consistent of the E of the card reader) XOR of the E of card, again with own R in instant value relatively, if consistent, then card reader passes through to authenticate.
4. the card reader card authentication blocks the data (XOR of E and R output) of sending 32 bits and arrives card reader.Card reader verifies that the output XOR of these data and ciphering unit of self and random number compares, if identical then whole safety certification is finished.
After above-mentioned safety certification was finished, the communication between card reader and the card was all encrypted.Method of encrypting be the output of data and ciphering unit mutually XOR obtain ciphertext, deciphering then be the output of ciphertext and ciphering unit mutually XOR must arrive plaintext.
Whole encrypted circuit is to be made of ciphering unit and pseudorandom number generator, and two circuit have all utilized linear feedback shift register group (LFSR) to data displacement and chaotic effect.For the LFSR that specific polynomial of degree n generates, the pseudo random number that can produce is combined as 2 n-1.
Wherein the generation multinomial of 48 bit linear feedback shift register groups is x 48+ x 43+ x 39+ x 38+ x 36+ x 34+ x 33+ x 31+ x 29+ x 24+ x 23+ x 19+ x 13+ x 9+ x 7+ x 6+ x 5+ 11. pseudorandom number generators
The generation multinomial of 16 bit linear feedback shift register groups in the randomizer is x 16+ x 14+ x 13+ x 11+ 1, reset values is 5555h.Under clock control, random number result exports from the delivery outlet serial.The present invention can just can access 32 pseudo random numbers from the 32 continuous bit data streams of delivery outlet intercepting of pseudorandom number generator.2. ciphering unit
Because circuit is very complicated, but those skilled in the art can both realize.The invention provides the circuit block diagram, see Fig. 7, LFSR and combinational circuit content are provided by the logical expression that produces multinomial and combinational circuit.The internal feedback loop that signal en cuts off LFSR when low, LFSR is working properly when high.Clk is the clock signal of ciphering unit, and data is the data input of ciphering unit.Dataout is the data outputs, carries out XOR by it with the plaintext ciphertext and can finish encryption and decryption.
The logical expression of combinational circuit of the present invention is! (! BE)+(! D)+(AD! E)+(BCE)+(ABC)+(BD! E) } wherein A=! (! Q23)+(! Q19)+(Q23Q21) } B=! (! Q37Q33Q35)+(Q37Q35Q39)+(! Q35Q39)+(Q37! Q39)+(Q33Q35Q39) } C=! (Q7! Q3Q1)+(Q7Q5)+(! Q7)+(Q5! Q3Q1) } D=! (Q29! Q27Q25)+(! Q29)+(Q29Q31)+(Q25! Q27Q31) } E=! (Q9Q15Q11)+(! Q11)+(Q13! Q11)+(! Q13Q11Q9)+(Q13Q15Q11) the XOR result of all feedback signals and input signal delivers to first order register in the LFSR registers group, and all registers all do not have reset terminal, sends into 48 keys by displacement and carry out initialization in ciphering process.The output of the combinational circuit generation ciphering unit of a complexity is delivered in the register output of all odd-numbereds in the internal register data.Whole encrypted circuit has following three kinds of mode of operations: 1. the input data signal at ciphering unit is 0 o'clock, realizes the pseudorandom permutation processing procedure of internal data by self feedback.This pattern is operated in after the authentication of card and card reader finishes, in plain text encryption and the process to decrypt ciphertext.2. the feedback function that can turn off LFSR, then LFSR is equal to one 48 shift register group.All input data can be passed through shifting process, give the internal register assignment.This process is used for loading key to ciphering unit.3. carry out the feedback action of data input and LFSR internal signal simultaneously.After this process finished, the content of ciphering unit was the original content and the function of list entries.This pattern is used in the process that card and card reader authenticate mutually.
Algorithm of the present invention realizes that encrypted circuit is simple and practical, circuit adopts the linear feedback shift register group to constitute a pseudorandom number generator encryption logic unit, wherein the XOR result of the output of encryption logic unit and plain code is a data encrypted, can obtain following good result thus: 1. the data in mutual communication process have only transmission random number and ciphertext, can prevent information-leakage effectively; 2. only compare ciphered data, directly do not transmit key and compare, improved the fail safe of system; 3. the reading card device also authenticates before the data communication, prevents to palm off card reader to sticking into row access; 4. system is simple relatively, and hardware is realized easily; 5. enciphering rate is fast;
Description of drawings
Fig. 1 is a verification process block diagram of the present invention.
Fig. 2 is that the present invention loads the key block diagram.
Fig. 3 is that randomizer of the present invention produces block diagram.
Fig. 4 is the block diagram that the present invention verifies card reader.
Fig. 5 is the card reader of the present invention block diagram of card authentication once more.
Fig. 6 is a communication encryption block diagram of the present invention.
Fig. 7 is a combinational circuit block diagram of the present invention.
Fig. 8 is the embodiment circuit block diagram.
The specific embodiment
Embodiment
Fig. 8 has provided the mutually physical circuit frame diagram of authentication and ciphering process three times, we Just adopted this scheme in the 1K bytes non-contact card chip design of Microtronic A/S of Fudan University. Figure In ciphering unit and randomizer all be the generation multinomial that uses us to provide in front Generate with the logical expression of combinational circuit. By increase control module and three selector switches, We just can consist of a complete encrypting and deciphering system. We can see, at switch S1, S2, under the control of S3, circuit has been realized the loading key, sends into random number, the authentication card reader, The process of card reader certification card and encrypt/decrypt. The input data represent from Card Reader in verification process The data that machine is sent, and can be expressly in the encryption and decryption process, also can be ciphertext. Input The output data were corresponding ciphertext when data were plaintext, were output as when being input as ciphertext expressly. UID among the figure and the key of 32bits all are one serial input datas. Control circuit comprises The state control of ciphering process, we export different selection signals under different states S1, S2, S3.
The process of signal value and state is corresponding to following table.
Process     S1     S2     S3
Load key
    0     0     2
Send into random number/UID     0     0     3
Authentication card reader (1)     1     0     1
Authentication card reader (2)     0     1     0
Certification card     0     2     0
The encryption and decryption process     0     1     0
For the design chips of our reality, the function of control circuit not merely is limited in adding Close control has also comprised acceptance and the encoded control of order, the transmission control of response data, Control etc. with the interface of internal memory, the logic very complex, but concerning our encrypted circuit, We only need to provide above several state and control signal.

Claims (5)

1, a kind of encryption method that is used for the communication of IC-card data security, the authentication that it is characterized in that secure communication is to be finished by encrypted circuit, its process is:
1) loads key,, be loaded among the ciphering unit E want operating area key;
2) produce random number R b, the randomizer R of card produces Rb, Rb be dealt into card reader and with the sequence UID XOR of card after deliver to E;
3) checking card reader, card reader is beamed back data to card, and card is delivered to these data among the E, and card reader is also delivered to these data among the E of self, and card reader is again sending behind the dateout XOR of E and R;
4) card reader card authentication once more, the xor data that card sends E and R is to card reader, and card reader is verified these data, finishes verification process.
2, the encryption method that is used for IC-card data security communication according to claim 1 is characterized in that communication encrypting method between card reader and the card is the output of data and E XOR mutually, deciphering be ciphertext again with the output of the E of this locality XOR mutually.
3, the encryption method that is used for the communication of IC-card data security according to claim 1, it is characterized in that encrypted circuit is made up of ciphering unit and pseudorandom number generator, two circuit have all utilized displacement and the confusion of linear feedback shift register group to data, and the multinomial that wherein is used for the 48 bit linear feedback shift register groups generation of ciphering unit is: x 48+ x 43+ x 39+ x 38+ x 36+ x 34+ x 33+ x 31+ x 29+ x 24+ x 23+ x 19+ x 13+ x 9+ x 7+ x 6+ x 5+ 1
4, the encryption method that is used for the communication of IC-card data security according to claim 1 is characterized in that the logical expression of combinational circuit is:! (! BE)+(! D)+(AD! E)+(BCE)+(ABC)+(BD! E) } wherein A=! (! Q23)+(! Q19)+(Q23Q21) } B=! (! Q37Q33Q35)+(Q37Q35Q39)+(! Q35Q39)+(Q37! Q
39)+(Q33·Q35·Q39)}C=!{(Q7·!Q3·Q1)+(Q7·Q5)+(!Q5·Q3·!Q7)+(Q5·!Q3·Q1)}D=!{(Q29·!Q27·Q25)+(!Q31·Q27·!Q29)+(Q29·Q3?1)+(Q25·!Q27·Q31)}E=!{(Q9·Q15·Q11)+(!Q9·Q15·!Q11)+(Q13·!Q15·!Q11)+(!Q13·Q11·Q9)+(Q13·Q15·Q11)
5, the encryption method that is used for the communication of IC-card data security according to claim 3, the mode of operation that it is characterized in that encrypted circuit is: when the input signal of ciphering unit is zero, realize that by self feedback the pseudorandom permutation of internal data handles, the feedback function of turning off the linear feedback shift register group, then it is equal to one 48 shift register group; It is the registers group that to carry out data input and linear feedback shift simultaneously.
CN 01113234 2001-07-03 2001-07-03 Enciphering method and circuit for safe communication of IC card data Pending CN1337803A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 01113234 CN1337803A (en) 2001-07-03 2001-07-03 Enciphering method and circuit for safe communication of IC card data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 01113234 CN1337803A (en) 2001-07-03 2001-07-03 Enciphering method and circuit for safe communication of IC card data

Publications (1)

Publication Number Publication Date
CN1337803A true CN1337803A (en) 2002-02-27

Family

ID=4659970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 01113234 Pending CN1337803A (en) 2001-07-03 2001-07-03 Enciphering method and circuit for safe communication of IC card data

Country Status (1)

Country Link
CN (1) CN1337803A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1309179C (en) * 2002-04-17 2007-04-04 盛群半导体股份有限公司 Recognition code transmission method and circuit arrangement
CN100364261C (en) * 2004-03-31 2008-01-23 刘学明 Status authentication system based on double dynamic passwords
WO2010051710A1 (en) * 2008-11-10 2010-05-14 中兴通讯股份有限公司 Method for generating smart card secret key
WO2010149041A1 (en) * 2009-06-23 2010-12-29 北京易恒信认证科技有限公司 Radio frequency system, radio frequency device and security processing method
CN101937516A (en) * 2010-09-07 2011-01-05 北京智捷通科技发展有限公司 Authentication method and system in passive ultrahigh frequency radio frequency identification system
CN101587614B (en) * 2008-04-29 2012-05-30 郭建国 Dual-purpose settlement terminal of networked home-bank IC cards and ATM credit cards
CN101771533B (en) * 2008-12-30 2012-10-31 上海华虹集成电路有限责任公司 Hardware realization method of sequence stream cipher arithmetic based on linear feedback shift register
CN101789068B (en) * 2009-01-22 2012-11-07 深圳市景丰汇达科技有限公司 Card reader safety certification device and method
CN103136798A (en) * 2012-12-16 2013-06-05 四川久远新方向智能科技有限公司 One-way ticket card security control method of rail transit automatic ticket selling and checking system
CN105959110A (en) * 2016-06-30 2016-09-21 苏州众天力信息科技有限公司 Multi-combination dynamic encryption communication authentication method and system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1309179C (en) * 2002-04-17 2007-04-04 盛群半导体股份有限公司 Recognition code transmission method and circuit arrangement
CN100364261C (en) * 2004-03-31 2008-01-23 刘学明 Status authentication system based on double dynamic passwords
CN101587614B (en) * 2008-04-29 2012-05-30 郭建国 Dual-purpose settlement terminal of networked home-bank IC cards and ATM credit cards
WO2010051710A1 (en) * 2008-11-10 2010-05-14 中兴通讯股份有限公司 Method for generating smart card secret key
CN101771533B (en) * 2008-12-30 2012-10-31 上海华虹集成电路有限责任公司 Hardware realization method of sequence stream cipher arithmetic based on linear feedback shift register
CN101789068B (en) * 2009-01-22 2012-11-07 深圳市景丰汇达科技有限公司 Card reader safety certification device and method
WO2010149041A1 (en) * 2009-06-23 2010-12-29 北京易恒信认证科技有限公司 Radio frequency system, radio frequency device and security processing method
CN101582123B (en) * 2009-06-23 2012-08-15 北京易恒信认证科技有限公司 Radio frequency system, device and safe processing method
CN101937516A (en) * 2010-09-07 2011-01-05 北京智捷通科技发展有限公司 Authentication method and system in passive ultrahigh frequency radio frequency identification system
CN101937516B (en) * 2010-09-07 2013-10-30 北京智捷通科技发展有限公司 Authentication method and system in passive ultrahigh frequency radio frequency identification system
CN103136798A (en) * 2012-12-16 2013-06-05 四川久远新方向智能科技有限公司 One-way ticket card security control method of rail transit automatic ticket selling and checking system
CN105959110A (en) * 2016-06-30 2016-09-21 苏州众天力信息科技有限公司 Multi-combination dynamic encryption communication authentication method and system

Similar Documents

Publication Publication Date Title
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
US7659837B2 (en) Operation processing apparatus, operation processing control method, and computer program
CN108073353B (en) Data processing method and device
EP2907067B1 (en) Method and system for smart card chip personalization
US20200106600A1 (en) Progressive key encryption algorithm
CN101582109A (en) Data encryption method and device, data decryption method and device and solid state disk
CN104468089A (en) Data protecting apparatus and method thereof
JPH1075240A (en) Method for protecting data transmission and device for ciphering or deciphering data
CN102640448A (en) System and method for securely identifying and authenticating devices in a symmetric encryption system
US20110085663A1 (en) Method for the access-related or communication-related random encryption and decryption of data
WO2018141378A1 (en) Methods and devices for protecting data
CN1337803A (en) Enciphering method and circuit for safe communication of IC card data
US10218500B2 (en) Authentication of a card by contactless reading
KR100456599B1 (en) Cryptographic apparatus with parallel des structure
Brier et al. Fast primitives for internal data scrambling in tamper resistant hardware
US10237071B2 (en) Authentication of a card by contactless reading
Karri et al. Parity-based concurrent error detection in symmetric block ciphers
CN107766725B (en) Template attack resistant data transmission method and system
Tezcan Brute force cryptanalysis of MIFARE classic cards on GPU
Liu et al. Legitimate-reader-only attack on MIFARE Classic
CN117411727B (en) Encryption method, device and storage medium for symmetric encryption of communication transmission
Samra et al. PUF Based Cryptographic Key Generation
CN112906070B (en) Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods
EP4307155A1 (en) Method and circuit for protecting an electronic device from a side-channel attack
US20220417012A1 (en) Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication