CN206195801U - A cloud platform, subscriber equipment and system for CPU card encryption authentication - Google Patents
A cloud platform, subscriber equipment and system for CPU card encryption authentication Download PDFInfo
- Publication number
- CN206195801U CN206195801U CN201621242788.8U CN201621242788U CN206195801U CN 206195801 U CN206195801 U CN 206195801U CN 201621242788 U CN201621242788 U CN 201621242788U CN 206195801 U CN206195801 U CN 206195801U
- Authority
- CN
- China
- Prior art keywords
- mac
- cloud platform
- information
- module
- cpu card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a cloud platform, subscriber equipment and system for CPU card encryption authentication relates to communication security domain. This cloud platform is including electric first information encryption unit, first encryption information transmitting section, the MAC who connects reads the command generation unit in proper order, MAC reads order transmitting element and encrypt data information deciphering unit, the utility model discloses the CPU card can be improved and the security of authentication is encrypted. In addition, the utility model discloses directly adopting the cloud platform to accomplish and encrypting the authentication, the user need not to carry the PSAM card, has saved the PSAM card and has damaged and the risk such as lose.
Description
Technical field
The utility model is related to field of communication security, more particularly to a kind of cloud platform, user that certification is encrypted for CPU card
Equipment and system.
Background technology
CPU card improves many because of its security relative to common IC-card, be widely used in finance, insurance, traffic,
The multiple fields such as government industry, with user's space is big, reading speed fast, the features such as support one card for multiple uses, and have passed through
The People's Bank of state and the certification of the national secret committee of business;CPU card is contained within randomizer, hardware DES (Data Encryption
Standard, data encryption standards), 3DES (Triple DES, triple DEAs) etc., OS in engagement tabs
(Operating System, operating system), can reach the safe class of financial rank.CPU card is especially in financial transaction
Conventional method is progressively instead of with the application in identification, becomes the application technology of main flow.
Traditional CPU card complete authentication mode be mainly by the catalogue to encryption information carry out external authentication come
The reading or modification of the encryption information of completion, so as to realize authentication and identification.Traditional CPU card encryption authentication mode is as schemed
Shown in 1, CPU card certification is necessarily required to use PSAM cards, and PSAM cards are a kind of CPU cards with property, are mainly used in depositing
Key and AES are put, the password authentification in transaction can be completed and encrypted, be mutually authenticated, decrypting computing, be mainly used as identity
Mark.PSAM can be used in the equipment of various end ends, be responsible for safety control.
CPU card AES and randomizer are with the key authentication card (PSAM cards) being arranged in read-write equipment mutually
Send the random number of certification, it is possible to achieve following functions:
(1) certification to card is realized by PSAM cards on terminal device.
(2) the PSAM cards on contactless CPU card and terminal device are mutually authenticated, and realize the certification to card terminal.
(3) data read operation is carried out to contactless CPU card by PSAM cards, realizes the security of digital independent.
(4) data transmitted in terminal device and contactless CPU card are encrypted transmissions.
(5) by contactless CPU card is sent to random number MAC1, the PSAM card of SAM cards be sent to contactless CPU with
The machine number MAC2 and random number TAC returned by contactless CPU card, it is possible to achieve the calculating of data transmission validation.And MAC1, MAC2
Be exactly that same contactless CPU card is all every time different during transmission with TAC, thus cannot using it is aerial receive doing
Method cracks the key of contactless CPU card.
But prior art there are many drawbacks, for example, hardware medium PSAM cards are depended on, it is necessary to properly be protected to PSAM cards
Pipe, PSAM cards and card reader are it is possible that lose or stolen situation, and hardware medium has possibility of damage etc., this nothing
Doubt the risk that increased in safety certification.
Utility model content
A technical problem to be solved in the utility model is to provide a kind of cloud platform, use for CPU card encryption certification
Family equipment and system can improve the security that CPU card encrypts certification.
, there is provided a kind of cloud platform of for CPU card encrypting certification, including it is sequentially connected electrically according to the utility model on the one hand
First information ciphering unit, the first encryption information transmitting element, MAC reading orders generation unit, MAC reading orders send single
Unit and ciphered data information decryption unit, wherein:The first information generation the of the CPU card that first information ciphering unit will be received
One encryption information, is sent to user equipment the first encryption information by the first encryption information transmitting element, so as to user equipment
Associative directory to CPU card carries out external authentication, the second information life of the CPU card that MAC reading orders generation unit will be received
Into safe packet authentication code MAC reading orders, MAC reading orders are sent to user by MAC reading orders transmitting element is set
It is standby, the ciphered data information under CPU card associative directory, ciphered data information are read according to MAC reading orders so as to user equipment
Decryption unit is solved after receiving the ciphered data information that user equipment sends according to MAC certification key pair encryption data messages
It is close.
Further, also including the first information receiving unit electrically connected with the first ciphering unit, wherein:The first information connects
Receive associative directory external authentication random number and ID that unit receives the CPU card that user equipment sends, first information encryption
Unit generates external authentication key according to ID, and encrypts external authentication random number by external authentication key, and first adds
Confidential information transmitting element sends to user equipment the external authentication random number after encryption.
Further, also including the second information receiving unit electrically connected with MAC reading order generation units, wherein:The
Two information receiving units receive user equipment send CPU card MAC data random number, MAC reading orders generation unit according to
MAC data generating random number MAC certifications key and MAC reading orders.
Further, also including the user equipment authentication unit electrically connected with first information receiving unit, wherein:User sets
User equipment is authenticated after the MAC Address and authorization data of standby authentication unit reception user equipment.
According to another aspect of the present utility model, it is also proposed that a kind of user equipment that certification is encrypted for CPU card, including the
One module and the second module, the first module are electrically connected with the second module;Wherein:First module passes through the first information of CPU card
Second module is sent to cloud platform, so that cloud platform generates the first encryption information according to the first information;Cloud platform is also received to pass through
The first encryption information that second module sends, external authentication is carried out according to the first encryption information to the associative directory of CPU card;To also
Second information of CPU card is sent to cloud platform by the second module, and life is read so that cloud platform generates MAC according to the second information
Order;The MAC reading orders that cloud platform is sent by the second module are also received, CPU card associative directory is read according to MAC reading orders
Under ciphered data information;Also ciphered data information is sent to cloud platform by the second module, so that cloud platform is recognized according to MAC
Card key pair encryption data message is decrypted.
Further, the associative directory external authentication random number and ID of CPU card are also passed through second by the first module
Module is sent to cloud platform, so that cloud platform generates external authentication key according to ID, and is added by external authentication key
Close external authentication random number;It is random by the external authentication after the encryption that the second module sends that first module also receives cloud platform
Number, so that the associative directory to CPU card carries out external authentication.
Further, the first module is also sent to cloud platform the MAC data random number of CPU card by the second module, with
Just cloud platform is according to MAC data generating random number MAC certifications key and MAC reading orders;First module also receives cloud platform and leads to
The MAC reading orders of the second module transmission are crossed, the ciphered data information under CPU card associative directory is read according to MAC reading orders.
Further, the first module is also sent to cloud platform itself MAC Address and authorization data by the second module,
So that cloud platform is authenticated to the first module.
Further, the first module is reader device, and the second module is mobile terminal.
According to another aspect of the present utility model, it is also proposed that a kind of system that certification is encrypted for CPU card, its feature exists
In, including above-mentioned cloud platform and above-mentioned user equipment.
Compared with prior art, the first information generation first of the CPU card that the utility model cloud platform will be received is encrypted
Information, and the first encryption information is sent to user equipment, recognize so that user equipment carries out outside to the associative directory of CPU card
Card;The second information generation safe packet authentication code MAC reading orders of the CPU card that will be received, and MAC reading orders are sent
To user equipment, the ciphered data information under CPU card associative directory is read according to MAC reading orders so as to user equipment;Receive
It is decrypted according to MAC certification key pair encryption data messages after the ciphered data information sent to user equipment, it is possible to increase
CPU card encrypts the security of certification, in addition, the embodiment eliminates PSAM cards for doing the encryption authentication mode of master card, directly
Complete to encrypt certification using cloud platform, user need not carry PSAM cards, eliminate PSAM cards and damage and lose equivalent risk.
By referring to the drawings to the detailed description of exemplary embodiment of the present utility model, it is of the present utility model other
Feature and its advantage will be made apparent from.
Brief description of the drawings
The Description of Drawings embodiment of the present utility model of a part for specification is constituted, and is used together with the description
In explanation principle of the present utility model.
Referring to the drawings, according to following detailed description, the utility model can be more clearly understood from, wherein:
Fig. 1 is the schematic flow sheet that CPU card encrypts certification in the prior art.
Fig. 2 is the structural representation of the one embodiment for the cloud platform that the utility model is used for CPU card encryption certification.
Fig. 3 is the structural representation of the further embodiment of the cloud platform that the utility model is used for CPU card encryption certification.
Fig. 4 is the structural representation of the one embodiment for the user equipment that the utility model is used for CPU card encryption certification.
Fig. 5 is the structural representation of the one embodiment for the system that the utility model is used for CPU card encryption certification.
Fig. 6 is the structural representation of the one embodiment for the system that the utility model is used for CPU card encryption certification.
Specific embodiment
Describe various exemplary embodiments of the present utility model in detail now with reference to accompanying drawing.It should be noted that:Unless another
Illustrate outward, the part and the positioned opposite of step, numerical expression and numerical value for otherwise illustrating in these embodiments are not limited
Make scope of the present utility model.
Simultaneously, it should be appreciated that for the ease of description, the size of the various pieces shown in accompanying drawing is not according to reality
Proportionate relationship draw.
The description only actually at least one exemplary embodiment is illustrative below, never as to this practicality
New and its application or any limitation for using.
May be not discussed in detail for technology, method and apparatus known to person of ordinary skill in the relevant, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing a part for specification.
In all examples shown here and discussion, any occurrence should be construed as merely exemplary, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined in individual accompanying drawing, then it need not be further discussed in subsequent accompanying drawing.
To make the purpose of this utility model, technical scheme and advantage become more apparent, below in conjunction with specific embodiment, and
Referring to the drawings, the utility model is further described.
Fig. 2 is the structural representation of the one embodiment for the cloud platform that the utility model is used for CPU card encryption certification.The cloud
Platform include first information ciphering unit 210, the first encryption information transmitting element 220, MAC reading orders generation unit 230,
MAC reading orders transmitting element 240 and ciphered data information decryption unit 250, first information ciphering unit 210, first are encrypted
Information transmitting unit 220, MAC reading orders generation unit 230, MAC reading orders transmitting element 240 and ciphered data information solution
Close unit 250 can be realized by circuit and combination and other hardware devices, can be PLC, integrated circuit, associated components etc.
The specific hardware unit of composition.Wherein:
First information ciphering unit 210 is electrically connected with the first encryption information transmitting element 220, and the first encryption information sends single
Unit 220 electrically connects with MAC reading orders generation unit 230, and MAC reading orders generation unit 230 sends single with MAC reading orders
Unit 240 is electrically connected, and MAC reading orders transmitting element 240 is electrically connected with ciphered data information decryption unit 250.
The first information of the CPU card that first information ciphering unit 210 will be received generates the first encryption information.For example, cloud
Platform receives the associative directory external authentication random number and UID (User of the CPU card of user equipment transmission
Identification, ID) after, first information ciphering unit 210 generates external authentication key according to ID, and
External authentication random number is encrypted by external authentication key, the wherein user equipment can be with NFC (Near Field
Communication, the short distance wireless communication technology) function mobile terminal, or reader device and mobile terminal.
First encryption information transmitting element 220 sends to user equipment the first encryption information, so that user equipment is to CPU
The associative directory of card carries out external authentication.For example, the external authentication random number after encryption is sent to user equipment, set by user
The standby external authentication random number using after the encryption completes the associative directory external authentication of CPU card.
The second information generation MAC (Message of the CPU card that MAC reading orders generation unit 230 will be received
Authentication Code, safe packet authentication code) reading order.For example receive the CPU card of user equipment transmission
After MAC data random number, MAC reading orders generation unit 230 is read according to MAC data generating random number MAC certifications key and MAC
Take order.
MAC reading orders transmitting element 240 sends to user equipment MAC reading orders, so that user equipment is according to MAC
Reading order reads the ciphered data information under CPU card associative directory.
Ciphered data information decryption unit 250 receive user equipment transmission ciphered data information after according to MAC certifications
Key pair encryption data message is decrypted.Ciphered data information under CPU card associative directory is sent to cloud and put down by user equipment
Platform, after cloud platform is decrypted according to MAC certification key pair encryptions data message, the actual content just to data is asymmetric by RSA
Decryption, cloud platform can be shown the data is activation after decryption to user equipment.
In this embodiment, the first information of the CPU card that cloud platform will be received generates the first encryption information, and by first
Encryption information is sent to user equipment, so that user equipment carries out external authentication to the associative directory of CPU card;By what is received
The second information generation safe packet authentication code MAC reading orders of CPU card, and MAC reading orders are sent to user equipment, with
Just user equipment reads the ciphered data information under CPU card associative directory according to MAC reading orders;Receive user equipment transmission
Ciphered data information after be decrypted according to MAC certification key pair encryption data messages, it is possible to increase CPU card encryption certification
Security, in addition, the embodiment eliminates PSAM cards for doing the encryption authentication mode of master card, is directly completed using cloud platform
Encryption certification, user need not carry PSAM cards, eliminate PSAM cards and damage and lose equivalent risk.
Fig. 3 is the structural representation of the further embodiment of the cloud platform that the utility model is used for CPU card encryption certification.Should
Cloud platform includes that user equipment authentication unit 310, first information receiving unit 320, first information ciphering unit 330, first add
Confidential information transmitting element 340, the second information receiving unit 350, MAC reading orders generation unit 360, MAC reading orders send
Unit 370 and ciphered data information decryption unit 380, user equipment authentication unit 310, first information receiving unit 320, first
Information ciphering unit 330, the first encryption information transmitting element 340, the second information receiving unit 350, the generation of MAC reading orders are single
Unit 360, MAC reading orders transmitting element 370 and ciphered data information decryption unit 380 can by circuit and combination and its
Its hardware device is realized, can be the specific hardware unit of the compositions such as PLC, integrated circuit, associated components.Wherein:
User equipment authentication unit 310 is electrically connected with first information receiving unit 320, first information receiving unit 320 with
First information ciphering unit 330 is electrically connected, and first information ciphering unit 330 is electrically connected with the first encryption information transmitting element 340,
First encryption information transmitting element 340 is electrically connected with the second information receiving unit 350, and the second information receiving unit 350 is read with MAC
Take order generation unit 360 to electrically connect, MAC reading orders generation unit 360 is electrically connected with MAC reading orders transmitting element 370,
MAC reading orders transmitting element 370 is electrically connected with ciphered data information decryption unit 380.
User equipment is recognized after the MAC Address and authorization data of the reception user equipment of user equipment authentication unit 310
Card.The user equipment can include reader device and mobile terminal, after user is in mobile terminal login account and password, Yun Ping
Platform can be to mobile terminal authentication;After mobile terminal is matched with reader device, mobile terminal can read the MAC ground of reader device
Location and authorization data, and the MAC Address and authorization data are sent to cloud platform, cloud platform can authenticate the legal of reader device
Property.If the user equipment is the mobile terminal with NFC function, only mobile terminal can be authenticated.
First information receiving unit 320 receive user equipment send CPU card associative directory external authentication random number and
ID.First information ciphering unit 330 generates external authentication key according to ID, and is added by external authentication key
Close external authentication random number.External authentication random number after first encryption information transmitting element 340 is just encrypted is sent to user
Equipment, so that user equipment carries out external authentication to the associative directory of CPU card.Second information receiving unit 350 receives user and sets
The MAC data random number of the CPU card that preparation is sent.MAC reading orders generation unit 360 is recognized according to MAC data generating random number MAC
Card key and MAC reading orders.MAC reading orders transmitting element 370 sends to user equipment MAC reading orders, so as to
Family equipment reads the ciphered data information under CPU card associative directory according to MAC reading orders.Ciphered data information decryption unit
It is decrypted according to MAC certification key pair encryption data messages after the ciphered data information that 380 reception user equipmenies send.Yun Ping
After platform is decrypted according to MAC certification key pair encryptions data message, just actual data content, Yun Ping are decrypted by the way that RSA is asymmetric
Platform can be shown the data is activation after decryption to user equipment.
In this embodiment, PSAM cards are eliminated for doing the encryption authentication mode of master card, directly using cloud platform come complete
Into encryption certification, user need not carry PSAM cards, eliminate PSAM cards and damage and lose equivalent risk;Further, since using cloud platform
Carry out certification CPU card, cloud platform data space is big, and actual content that can be to card catalogue when hair fastener uses RSA
Asymmetric encryption, can be obtained key data content is decrypted using RSA asymmetric decryption during certification from platform database,
Asymmetric encryption and decryption, the security of data is higher;Furthermore, key is directly managed by cloud platform, can at any time be updated and be cancelled
Issued CPU card, safeguards more convenient safety.
Fig. 4 is the structural representation of the one embodiment for the user equipment that the utility model is used for CPU card encryption certification.Should
User equipment includes the first module 410 and the second module 420, and the first module 410 and the second module 420 are electrically connected, the first module
410 and second module 420 can be integrated in the mobile terminal with NFC function, or respectively reader device and it is mobile eventually
End.
First module 410 sends to cloud platform the first information of CPU card by the second module 420, so as to cloud platform root
The first encryption information is generated according to the first information, for example, the associative directory external authentication random number and ID of CPU card are passed through
Second module 420 is sent to cloud platform, and cloud platform generates external authentication key according to ID, and by external authentication key
Encryption external authentication random number.
First module 410 also receives the first encryption information that cloud platform is sent by the second module 420, according to the first encryption
Information carries out external authentication to the associative directory of CPU card;For example, after the second module 420 receives the encryption that cloud platform sends
External authentication random number, the associative directory to CPU card carries out external authentication.
First module 410 is also sent to cloud platform the second information of CPU card by the second module 420, so as to cloud platform
MAC reading orders are generated according to the second information;For example, by the MAC data random number of CPU card by the second module 420 send to
Cloud platform, cloud platform is according to MAC data generating random number MAC certifications key and MAC reading orders.
First module 410 also receives the MAC reading orders that cloud platform is sent by the second module 420, is read according to MAC and ordered
The ciphered data information under CPU card associative directory is read in order.
First module 410 is also sent to cloud platform ciphered data information by the second module 420, so as to cloud platform according to
MAC certification key pair encryption data messages are decrypted;After cloud platform is decrypted according to MAC certification key pair encryptions data message,
Actual data content just is decrypted by the way that RSA is asymmetric, cloud platform can be carried out the data is activation after decryption to user equipment
Display.
Information and display ciphered data information content that forwarding the first module 410 of second module 420 sends.
In this embodiment, user equipment sends to cloud platform the first information of CPU card, so that cloud platform is according to first
Information generates the first encryption information;The first encryption information that cloud platform sends is received, according to the first encryption information to the phase of CPU card
Closing catalogue carries out external authentication;Second information of CPU card is sent to cloud platform, so that cloud platform is generated according to the second information
MAC reading orders;The MAC reading orders that cloud platform sends are received, is read under CPU card associative directory according to MAC reading orders
Ciphered data information;Ciphered data information is sent to cloud platform, so that cloud platform is believed according to MAC certification key pair encryptions data
Breath is decrypted, and can lift the security that CPU card encrypts certification;In addition, directly completing to encrypt certification, nothing using cloud platform
PSAM cards need to be carried, PSAM cards is eliminated and is damaged and lose equivalent risk;Combined with intelligent terminal is used, and to increase PC etc. aobvious without extra
Show terminal, additionally it is possible to reduce equipment volume, using more convenient.
In another embodiment of the present utility model, the first module 410 is additionally operable to the MAC Address of itself and authorizes number
Sent to cloud platform according to by the second module 420, to be authenticated in cloud platform.The user equipment can include reader device
And mobile terminal, after user is in mobile terminal login account and password, cloud platform can be to mobile terminal authentication;Mobile terminal
After reader device pairing, mobile terminal can read the MAC Address and authorization data of reader device, and by the MAC Address and
Authorization data is sent to cloud platform, and cloud platform can be assumed that the legitimacy of reader device.If the user equipment is with NFC work(
The mobile terminal of energy, then only can be authenticated to mobile terminal.
In this embodiment, under the wide variety of background of the fast-developing and smart mobile phone of current mobile Internet,
Using user equipmenies such as smart mobile phones as medium, by key management, the mode of hardware is transferred to cloud with traditional PSAM cards
Platform virtual medium completes key management and certification, can effectively eliminate the weak point that traditional approach brings.
In the above-described embodiments, by the agency of user equipment can include reader device and mobile terminal, it is also possible to will read
Card device is integrated into mobile terminal, wherein including above-mentioned user equipment 510 and above-mentioned cloud for the system of CPU card encryption certification
Platform 520, Fig. 5 adds so that user equipment 510 includes reader device 511 and mobile terminal 512 as an example to CPU card of the present utility model
The system of close certification is introduced device 511 can include the Card Reader chip of 13.56MHA, and with bluetooth mode.
User opens mobile terminal administration software and 3G, 4G, WIFI function of surfing the Net, input management account number and password, system
Automatically prompting bluetooth BLE functions can be opened, opens the power switch of reader device 511, management software can automatically search reader device
511, the reader device 511 that selection system finds is matched, and after completing pairing, can directly use the Card Reader of reader device 511, i.e.,
The interaction between CPU card, reader device 511, mobile terminal 512 and cloud platform 520 can be automatically performed.
User is authenticated in the login account of mobile terminal 512, password by cloud platform 520.Mobile terminal 512 and Card Reader
Device 511 is matched, and reads the MAC Address and authorization data of reader device 511, and by the MAC Address of reader device 511 and mandate
Data is activation to cloud platform 520, by the legitimacy of the certification reader device 511 of cloud platform 520.Reader device 511 reads CPU card
Associative directory external authentication random number R 1 and ID UID, and (Bluetooth Low Energy, low-power consumption is blue by BLE
Tooth) send to mobile terminal 512, mobile terminal 512 sends information to cloud platform 520.Cloud platform 520 is according to ID
UID, generates external authentication key k1, and add by the generation of external authentication key k1 encryption external authentications random number R 1 from cipher key store
Close external authentication random number k 1 (R1).Reader device 511 is after mobile terminal 512 receives the encryption that cloud platform 520 sends
External authentication random number k 1 (R1).Reader device 511 carries out external authentication using this k1 (R1) to the associative directory of CPU card.
Reader device 511 obtains the MAC data random number R 2 of CPU card, and is sent to cloud platform 520 by mobile terminal 512.Cloud platform
520 generate MAC certification key k2 and MAC reading orders C according to MAC data random number R 2.Cloud platform 520 passes through mobile terminal
512 send MAC reading orders C to reader device 511.Reader device 511 reads CPU card associative directory by MAC reading orders C
Under ciphered data information E (data).Reader device 511 is sent extremely ciphered data information E (data) by mobile terminal 512
Cloud platform 520.Cloud platform 520 is decrypted according to MAC certification key k2 to ciphered data information E (data).Cloud platform 520
After being decrypted according to MAC certification key pair encryptions data message, just the actual content to data decrypts actual number by the way that RSA is asymmetric
According to content data.Information data after cloud platform 520 decrypts CPU card sends to mobile terminal 512 and is shown.
In the above-described embodiments, exchanged by mobile networks such as WIFI between reader device 511 and CPU card, it is main to use
DES and 3DES are authenticated, i.e., the cipher mode that the CPU card of standard is supported;Reader device 511 interacts master with mobile terminal 512
Use AES encryption and bluetooth BLE link layer encryptions;Pass through 3G, 4G, WIFI wide area between mobile terminal 512 and cloud platform 520
The network interactions such as net, data interaction uses AES encryption algorithm for encryption;Cloud platform 520 is non-right using RSA to CPU card directory content
The mode of encryption and decryption is claimed to carry out encryption and decryption actual data content.
For the mobile terminal for supporting NFC function, the embodiment can also directly save reader device part, such as Fig. 6 institutes
Show, be changed to mobile terminal 610 directly with CPU card operate, then with cloud platform 620 complete encryption certification, this kind of mode with it is above-mentioned
The verification process for being distinguished as eliminating reader device of description, is directly replaced by the NFC function of mobile terminal 610, realizes card --
Mobile phone -- directly interacted between platform.Flow is exchanged the step of reduce reader device certification, other the step of as will be mobile
The Card Reader operation of the data transfer and reader device of terminal is merged on intelligent terminal to complete, and flow is easier.
In the above-described embodiments, the encryption certification mode of CPU card is revised as directly passing through cloud platform by traditional PASM cards
To complete certification, eliminate PSAM cards and damage and lose equivalent risk.Traditional reader device Card Reader certification is revised as combined with intelligent
The mode more convenient and quicker of mobile terminal;Using cloud platform memory data output it is big the characteristics of can support RSA asymmetric encryption pair
The actual content of card catalogue carries out RSA asymmetric encryption, it is ensured that data authentication security higher, and key is directly by cloud
Platform is managed, and can at any time update and cancel issued CPU card, safeguards more convenient safety.
So far, the utility model is described in detail.In order to avoid covering design of the present utility model, without description originally
Some details well known to field.Those skilled in the art can be appreciated how to implement public here as described above, completely
The technical scheme opened.
Although being described in detail to some specific embodiments of the present utility model by example, this area
It is to be understood by the skilled artisans that above example is merely to illustrate, rather than in order to limit scope of the present utility model.This
Field it is to be understood by the skilled artisans that can be in the case where scope and spirit of the present utility model not be departed from, to above example
Modify.Scope of the present utility model is defined by the following claims.
Claims (10)
1. a kind of cloud platform that certification is encrypted for CPU card, it is characterised in that encrypted including the first information that is sequentially connected electrically single
Unit, the first encryption information transmitting element, MAC reading orders generation unit, MAC reading orders transmitting element and ciphered data information
Decryption unit, wherein:
The first information of the CPU card that the first information ciphering unit will be received generates the first encryption information, by described the
One encryption information transmitting element sends to user equipment first encryption information, so that the user equipment is to the CPU
The associative directory of card carries out external authentication, the second information of the CPU card that the MAC reading orders generation unit will be received
Generation safe packet authentication code MAC reading orders, are sent out the MAC reading orders by the MAC reading orders transmitting element
The user equipment is delivered to, so that the user equipment is read under the CPU card associative directory according to the MAC reading orders
Ciphered data information, the ciphered data information decryption unit receives the ciphered data information that the user equipment sends
The ciphered data information is decrypted according to MAC certifications key afterwards.
2. cloud platform according to claim 1, it is characterised in that also including electrically connected with first ciphering unit
One information receiving unit, wherein:
The associative directory external authentication that the first information receiving unit receives the CPU card that the user equipment sends is random
Number and ID, the first information ciphering unit generate external authentication key according to the ID, and by described
External authentication key encrypts the external authentication random number, and the first encryption information transmitting element is by the external authentication after encryption
Random number is sent to the user equipment.
3. cloud platform according to claim 1, it is characterised in that also including with MAC reading orders generation unit electricity
Second information receiving unit of connection, wherein:
Second information receiving unit receives the MAC data random number of the CPU card that the user equipment sends, described
MAC reading orders generation unit is according to the MAC data generating random number MAC certifications key and MAC reading orders.
4. according to any described cloud platforms of claim 1-3, it is characterised in that also including with the first information receiving unit
The user equipment authentication unit of electrical connection, wherein:
The user equipment is entered after the MAC Address and authorization data of the user equipment authentication unit reception user equipment
Row certification.
5. it is a kind of for CPU card encrypt certification user equipment, it is characterised in that it is described including the first module and the second module
First module is electrically connected with second module;Wherein:
First module sends to cloud platform the first information of CPU card by second module, so as to the cloud platform
First encryption information is generated according to the first information;Also receive the cloud platform is sent by second module described
One encryption information, external authentication is carried out according to first encryption information to the associative directory of the CPU card;Also by the CPU
Second information of card is sent to the cloud platform by second module, so that the cloud platform is generated according to the second information
MAC reading orders;The MAC reading orders that the cloud platform is sent by second module are also received, is read according to the MAC
The ciphered data information under the CPU card associative directory is read in order;The ciphered data information is also passed through into second mould
Block is sent to the cloud platform, so that the cloud platform is decrypted according to MAC certifications key to the ciphered data information.
6. user equipment according to claim 5, it is characterised in that first module is also by the correlation of the CPU card
Catalogue external authentication random number and ID are sent to the cloud platform by second module, so as to the cloud platform root
External authentication key is generated according to the ID, and the external authentication random number is encrypted by the external authentication key;
First module also receives the cloud platform by the external authentication random number after the encryption that second module sends, so as to
Associative directory to the CPU card carries out external authentication.
7. user equipment according to claim 5, it is characterised in that first module is also by the MAC number of the CPU card
Sent to the cloud platform by second module according to random number, so that the cloud platform is according to the MAC data random number
Generation MAC certifications key and MAC reading orders;First module is also received the cloud platform and is sent by second module
MAC reading orders, the ciphered data information under the CPU card associative directory is read according to the MAC reading orders.
8. according to any described user equipmenies of claim 5-7, it is characterised in that first module is also by the MAC of itself
Address and authorization data are sent to the cloud platform by second module, so that the cloud platform is entered to first module
Row certification.
9. according to any described user equipmenies of claim 5-7, it is characterised in that first module is reader device, institute
The second module is stated for mobile terminal.
10. a kind of system that certification is encrypted for CPU card, it is characterised in that including any described cloud platforms of claim 1-4
Described user equipment any with claim 5-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201621242788.8U CN206195801U (en) | 2016-11-15 | 2016-11-15 | A cloud platform, subscriber equipment and system for CPU card encryption authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201621242788.8U CN206195801U (en) | 2016-11-15 | 2016-11-15 | A cloud platform, subscriber equipment and system for CPU card encryption authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN206195801U true CN206195801U (en) | 2017-05-24 |
Family
ID=58726710
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201621242788.8U Active CN206195801U (en) | 2016-11-15 | 2016-11-15 | A cloud platform, subscriber equipment and system for CPU card encryption authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN206195801U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108075887A (en) * | 2016-11-15 | 2018-05-25 | 北京维森科技有限公司 | For method, cloud platform, user equipment and the system of CPU card encryption certification |
-
2016
- 2016-11-15 CN CN201621242788.8U patent/CN206195801U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108075887A (en) * | 2016-11-15 | 2018-05-25 | 北京维森科技有限公司 | For method, cloud platform, user equipment and the system of CPU card encryption certification |
| CN108075887B (en) * | 2016-11-15 | 2024-07-02 | 北京维森科技有限公司 | Method, cloud platform, user equipment and system for encryption authentication of CPU card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6531092B2 (en) | How to secure wireless communication between a mobile application and a gateway | |
| CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
| Chen et al. | NFC mobile transactions and authentication based on GSM network | |
| CN101938520B (en) | Mobile terminal signature-based remote payment system and method | |
| CN103747443B (en) | One kind is based on cellphone subscriber's identification card Multi-security domain device and its method for authenticating | |
| CN102867366B (en) | Portable bank card data processing device, system and method | |
| CN102625294B (en) | Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card | |
| CN101729244B (en) | Method and system for distributing key | |
| CN106527673A (en) | Method and apparatus for binding wearable device, and electronic payment method and apparatus | |
| US9445269B2 (en) | Terminal identity verification and service authentication method, system and terminal | |
| CN103259667A (en) | Method and system for eID authentication on mobile terminal | |
| CN101641976A (en) | An authentication method | |
| CN106327723B (en) | A kind of mPOS transaction systems based on intelligent platform | |
| CN103237305B (en) | Password protection method for smart card on facing moving terminal | |
| CN106096947A (en) | Half off-line anonymous method of payment based on NFC | |
| CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
| CN103268511A (en) | Integrated circuit card, safety information processing system and operating method of safety information processing system | |
| CN102118385A (en) | Security domain management method and device | |
| CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
| CN103329589A (en) | System and method for issuing an authentication key for authenticating a user in a cpns environment | |
| CN103077460A (en) | System and method for financial certificate transaction by mobile device | |
| CN103560890A (en) | Networked transaction system and method based on mobile terminal | |
| CN103916834A (en) | Short message encryption method and system allowing user to have exclusive secret key | |
| CN106789000A (en) | A kind of secret phone system and method based on TEE technologies and wearable device | |
| CN206195801U (en) | A cloud platform, subscriber equipment and system for CPU card encryption authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |