TWI596547B - Card application service anti-counterfeiting writing system and method based on multi-card combination - Google Patents

Description

Anti-counterfeiting writing system and method for card application service based on multi-card

The invention belongs to a card application service anti-counterfeiting writing system and method based on multi-card combination, in particular to a card application service anti-counterfeiting writing system and method based on multi-card combination, so as to reduce the forged multi-card smart card. The amount of circulation in the market.

A smart card is a chip card in which an integrated circuit chip is embedded in a portable plastic card. The card contains a microprocessor, I/O interface and memory. It can store all kinds of card information and can be divided into identity card, health insurance card, driver's license, credit card, electronic ticket, transportation ticket, etc. according to the purpose of storing the information. . Due to the variety of cards, it is inconvenient to carry, so multi-card combination came into being.

For example, Taiwan's publication number TW 200502840 "Data processing method between smart card and terminal with multi-application", the smart card has multiple applications, which is a prototype of multi-card integration, in which parameters are transmitted to the application through a terminal. And get the status response message, but this method has not been verified for security; for example, Taiwan's public number TW 201610858 "multi-card device, system and card information loading method", through the multi-card unit The input unit receives an instruction from the user and reads the corresponding card information through the memory. This method only provides security verification during card reading, and is not performed during the card issuance phase. Fully processed; as in US 20080005567 A1 "Method and system for personalizing smart cards using asymmetric key cryptography", which uses a plurality of keys to encrypt personalized instructions and sign with the application provider private key. It is transmitted to the card and verified and decrypted by the application to achieve security processing at the time of card issuance. The card application service cannot be protected from being owned by the same user only when the application provider private key is signed.

In addition, the US Patent Publication No. 7380125 B2 "Smart card data transaction system and methods for providing high levels of storage and transmission security" discloses a smart card storage and transmission security method, but it does not describe the behavior of verification, and It does not extend this security mechanism to multi-card integration.

In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, finally successfully developed and completed the anti-counterfeiting writing system and method for the card application service based on multi-card.

In order to achieve the above object, the present invention provides a card application service anti-counterfeiting writing system and method based on a multi-card combination. In the multi-card combination architecture, if a multi-card wafer card issuing process is to be performed, it is required to include A user's request, a bid acceptance module, a card management module, a multi-card integration management platform, a card component module, various card service providers that provide the card information, and a gold Key management module; wherein the card management system provides user information and requirements to the multi-card integration management platform, but if the process is manually manipulated by the card management system, the user of any card application service is tampered with If the information is for others and the request is made, the malicious attacker can obtain the card application service that is not authorized to write, so that the card application service in the same entity certificate is not affiliated with the same user. Therefore, the existing multi-card architecture has security concerns.

The invention relates to a multi-card-based card application service anti-counterfeiting writing system and method, the main purpose of which is to design a multi-card-integrated architecture, even if the card-making management system is manipulated in the card-making process, tampering with any card application The user information of the service is also unable to write the unauthorised card application service to the card during the card writing phase.

A card application service anti-counterfeiting writing system based on multi-card combination, which mainly comprises: a card-making management module, which is to start a card-making process, and transmits user information and one or more requirements to one-card-one issuance. Management platform; multi-card integration release management platform, is to transfer user information and needs to the designated card service provider, and then transfer the returned personalized data and signature to the card component module; write card component module The group transmits the personalized data and the signature to the specified application in the card; a key management module has the unique key pair of the card, and can store the private key and write the public key to the smart card, It is possible to record the matching of user information with its key pair and to produce the signature value of the personalized data.

The application specified in the card is able to verify the signature and determine whether to write personalized data.

An anti-counterfeiting writing method for a card application service based on multi-card integration, comprising: obtaining user information or requirements; The multi-card integration management platform proposes personalized data requirements; the card service provider completes the personalized data production system; the card service provider proposes the signature requirements; the key management module completes the signature action; the key management module returns The signature information; the card service provider returns the personalized data and the corresponding signature; the multi-card integration management platform proposes the writing card; the writing card component module performs the card writing action.

The process of writing the card action includes: the card component module receives the personalized data and signature of the multi-card integration management platform; the card component module inputs the personalized data and the signature into the card of the smart card module. The application to which the service provider belongs; the smart card module card public key storage area verifies the personalized information and signature of the application to which the card service provider belongs.

The verification process includes: the personalization data signature verification unit of the application execution code module receives the public key from the card public key storage area; the unit of the application execution code module receives the verification successfully. Personalized data; the application area of the card application module receives personalized data that is successfully verified by the unit in the normal application.

The invention provides a multi-card-based card application service anti-counterfeiting writing system and method, and has the following advantages when compared with other conventional technologies:

1. The invention provides a card application service test under a multi-card combination architecture The technology of the card prevents the writing of the forged card application service. When the person or the hacker obtains the authority of the card management system, even if the user data is deliberately falsified, the unauthorised card application service cannot be written into the card.

110‧‧‧Users

120‧‧‧Application Acceptance Module

130‧‧‧Card Management Module

131‧‧‧Operators

140‧‧‧Doka One Distribution Management Platform

150‧‧‧Card Service Provider

160‧‧‧Key Management Module

161‧‧‧Production Key

170‧‧‧Write Card Component Module

180‧‧‧Smart Card Module

181‧‧‧Write public key

S301~S309‧‧‧ card issuance process

S401~S405‧‧‧Write card action flow

S501~S505‧‧‧ verification process

Please refer to the detailed description of the present invention and its accompanying drawings, which will further understand the technical contents of the present invention and the functions of the present invention. FIG. 1 is a multi-card integrated card application service anti-counterfeiting writing system according to the present invention. Schematic diagram of the architecture and method of the present invention; FIG. 2 is an initial diagram of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination; FIG. FIG. 4 is a flow chart of the card writing operation of the card application service anti-counterfeiting writing system and method based on the multi-card combination; FIG. 5 is a card application service anti-counterfeiting writing system based on the multi-card combination Verification flowchart with method.

The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The present invention is further described with reference to the accompanying drawings. Please refer to FIG. 1 , which is a schematic structural diagram of a multi-card integrated card application service anti-counterfeiting writing system and method according to the present invention, which includes: The card-making management module 130 is a startup card-making program that transmits user information and one or more requirements to a multi-card integration management platform 140; the multi-card integration management platform 140 is a user information And the demand is transmitted to the designated card service provider 150, and the returned personalized data and signature are transmitted to the card writing component module 170; the writing card component module 170 transmits the personalized information and the signature to the card. The specified application; a key management module 160 has a unique key pair of the card, and can store the private key, and write the public key to the smart card, and at the same time record the pairing of the user information and its key pair. Yes, and produce the signature value of the personalized information.

It can be known from the above steps that before entering the card issuance process, the card needs to go through the key management module to complete the initialization action; after the card issuance process starts, the user 110 requests the bidding acceptance module 120 to make a card, and the application accepts the module. 120 transmits the request to the card management module 130, the card management module 130 operator 131 operates the module, sequentially transmits the user information and requirements 1 to n to the multi-card integration management platform 140, and the multi-card is integrated The distribution management platform 140 transmits the corresponding user information and requirements to the corresponding card service provider 140. After the card service provider 150 to the key management module 160 obtains the signature, the personalized information and the corresponding signature are returned. At most the card-to-one-issue management platform 140, the card-in-one component management system 140 requires the card-carrying component module 170 to perform a card-writing operation. When the card is written, the card-based application will apply personalized information and corresponding services for each card application service. The signature is verified. If the verification is successful, the write operation can be performed, and if not, the write is refused.

Through the above-mentioned processes and methods, even if the card management module operator 131 tampers with the user information of any card application service, it cannot be manufactured. The card application service is not affiliated with the entity certificate of the same user, which improves the security of the card-making process under the multi-card integration architecture.

Please refer to FIG. 2 , which is an initialization diagram of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination. Before entering the card issuing process, all cards must undergo an initialization action, and the initialization process mainly includes Plan card data space, applet preloading, and production key 161. As can be seen from FIG. 2, the key management module 160 will generate a unique key pair unique to each card in the initialization process, and store the private key in the key management module 160 and write it publicly. The key 181 is pre-planned in the public key storage area of the smart card module 180; wherein the production process of the key pair can also be assisted by using a hardware security device, and the private key can be directly stored in the hardware security. Among the devices.

When the purpose of producing the key pair is to perform a subsequent card write operation, the card itself will use the public key to perform the verification action of the signature to determine whether the data to be written determines the private key of the same key pair. Signing; because when the user applies for the multi-card ID, the matching relationship between the user information and the issued card key will be recorded in the key management module, so according to the result of the card verification signature, It can be judged whether the information to be written is the personalized product data of the user, and the card writing action can only be performed when the verification signature is correct. The key production method is produced by the key management module, and the public key is written to the card from the outside. This is different from the method of directly producing the key from the inside of the card. The purpose of the key is to use the private key in the card to sign, and the above mentioned key generation by the key management module, and the public key is written into the card, the purpose of this It is to use the public key on the card to verify the signature, that is, to use the public key on the card to verify that the information to be written is determined to be signed by the user's private key. It is equivalent to using the card itself to verify the legitimacy of the data to be written. For the personalized data, as with the effect of “identity recognition”, this purpose is different from the application scenario in which the card was directly used for signing in the past. A multi-card smart card with different user data is issued to reduce the number of fake cards.

Please refer to FIG. 3, which is a flow chart of card issuance system and method for card application service based on multi-card integration, including: S310 obtains user information or demand; and multi-card integration management platform S320 proposes individual The data service requirement; the card service provider S303 completes the personalized data production system; the card service provider S304 proposes the signature requirement; the key management module S305 completes the signature action; the key management module S306 returns the signature information; The service provider S307 returns the personalized data and the corresponding signature; the multi-card integration management platform S308 proposes the writing card; and the writing card component module S309 performs the writing operation.

It is known from the above that the multi-card integration management platform must request the personalized information of the user from the corresponding card service provider according to the received user information and the card application service requested by the user. At this time, the multi-card integration management platform must inform the card service provider of the user information required, for example, the user's unique identification code (eg, account number, identification code, etc.). When the card service provider obtains the user's identification information, the user first conducts personalized information production for the user. After the production is completed, the signature management request is submitted to the key management module according to the user identification information, and the signature is signed. The necessary information required to be provided to the key management module in the request must contain at least two main pieces of information, such as user identification information and personalized data hash value. After the key management module receives the signature request, it uses the user identification information in the signature request for the use. The private key of the user, signing the user's personalized data hash value, and then returning to the card service provider after completing the signature. After receiving the signature information returned by the key management module, the card service provider will return the personalized data and the signature to the multi-card integration management platform. The multi-card integration management platform will be the individual. The data and the signature are transmitted to the writing card component module, and the writing card component module starts the writing operation.

Please refer to FIG. 4 , which is a flow chart of the card writing operation of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination, which comprises: S401 personalized data and corresponding signature; the writing card component module S402 Receiving the personalized information and signature of the multi-card integration management platform; the writing component module S403 inputs the personalized data and the signature into the application of the S404 card service provider of the smart card module; the smart card module S405 The card public key storage area verifies the personalized information and signature of the application to which the card service provider belongs.

It is known from the above that the write card component module communicates with the smart card module and selects an application to which the specific card service provider belongs to attempt to write the personalized data. The card component module establishes a connection channel for the smart card module, and transmits the received personalized data and the signature to the smart card module, and in the embodiment, the card service provider in the smart card module belongs to The application is in the form of an applet, and the write card component module is an international standard ISO 7816, and then the personalized data and signature to be written are transmitted to the corresponding card service provider's application, card service. The application to which the supplier belongs will be obtained by the key storage area to obtain the public key for signature verification, and determine whether to write the received personalized data according to the verification result.

Please refer to FIG. 5, which is a card based on multi-card in accordance with the present invention. The verification flow chart of the application service anti-counterfeiting writing system and method is: S501 personalized data and signature input application execution code module application execution code module S502 personalized data signature verification unit to S503 card public gold The key storage area receives the public key; the S504 normal application unit of the application execution code module receives the personalized data that is successfully verified; the S505 application area of the card application module is received by the unit in the normal application unit. Verify successful personalization.

It is known from the above that during the card initialization process, a unique key pair unique to each card is generated, and the private key is stored in the key management module, and the corresponding public key is written in the public key storage area of the card. After the application in the card obtains the personalized data and signature, the verification signature program will be executed via the application executable code. The application executable code obtains the card public key from the Java Card application program for the card public key storage area, and uses the public key to verify the signature corresponding to the personalized data. If the personalized data has been tampered with and replaced with the data of the non-origin card user, the key management module will use the private key signature of the non-origin card user, the verification procedure will fail, and the application can be executed. The code will reply to the failed access and refuse to write. If the verification procedure is successful, the personalized data is authenticated by the key management module as the personalized data corresponding to the original card user, and the application executable code will write the verified personalized data into the application data. Area. Thus, a system and method for anti-counterfeiting writing of a card application service based on multi-card is completed.

The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.

110‧‧‧Users

120‧‧‧Application Acceptance Module

130‧‧‧Card Management Module

131‧‧‧Operators

140‧‧‧Doka One Distribution Management Platform

150‧‧‧Card Service Provider

160‧‧‧Key Management Module

170‧‧‧Write Card Component Module

180‧‧‧Smart Card Module

Claims (4)

A card application service anti-counterfeiting writing system based on multi-card combination, which mainly comprises: a card-making management module, which is used to start a card-making program, and transmits user information and one or more requirements to one-to-many card issuance. Management platform; the multi-card integration management platform transmits user information and requirements to a designated card service provider, and then transmits the signature value of the customized personal data to the write card component module; the write card The component module transmits the personalized data and the signature to the specified application in the card; a key management module has a unique key pair of the card, and can store the private key and write the public key to the smart card. At the same time, it is possible to record the pairing relationship between the user information and the key pair, and to produce the signature value of the personalized data. The multi-card-based card application service anti-counterfeiting writing system described in claim 1, wherein the application specified in the card is capable of verifying the signature and determining whether to write personalized data. A multi-card-based card application service anti-counterfeiting writing method, comprising: obtaining user information or demand; multi-card integration management platform to propose personalized data requirements; card service provider completing personalized data production; card service The supplier proposes the signature requirement; the key management module completes the signature action; the key management module returns the signature information; the card service provider returns the personalized data and the corresponding signature; the multi-card integration management platform proposes Write card requirements; The card component module performs a card writing action. The anti-counterfeiting writing method of the card application service based on the multi-card combination as described in claim 3, wherein the process of writing the card operation comprises: the card component module receiving the multi-card integration management platform The data component and the signature; the card component module inputs the personalized data and the signature into the application of the card service provider of the smart card module; the smart card module card public key storage area verification card service provider belongs to The personalization data and signature of the application, wherein the card public key storage area verification process includes: the personalization data signature verification unit of the application execution code module receives the public key from the card public key storage area. The unit in the normal application of the application execution code module receives the personalized data that is successfully verified; the application area of the card application module receives the personalized data that is successfully verified by the unit in the normal application unit.