WO2014005534A1 - Method and system for transmitting data from data provider to smart card - Google Patents

Method and system for transmitting data from data provider to smart card Download PDF

Info

Publication number
WO2014005534A1
WO2014005534A1 PCT/CN2013/078837 CN2013078837W WO2014005534A1 WO 2014005534 A1 WO2014005534 A1 WO 2014005534A1 CN 2013078837 W CN2013078837 W CN 2013078837W WO 2014005534 A1 WO2014005534 A1 WO 2014005534A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
smart card
data
ciphertext
provider
Prior art date
Application number
PCT/CN2013/078837
Other languages
French (fr)
Chinese (zh)
Inventor
万四爽
刘国宝
何朔
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2014005534A1 publication Critical patent/WO2014005534A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to the field of information security, and more particularly to a method and system for transmitting data from a data provider to a smart card. Background technique
  • transferring application data from a provider to a smart card includes two steps of key preparation and data transmission.
  • the step of key preparation first, the application provider sets the master key KMC in the third-party personalization system; then the third-party personalization system sets the master key KMC.
  • the key Kcard is obtained and the key Kcard is set in the smart card security chip; finally, the application provider negotiates the transmission key KEK with the third party system.
  • the application provider first transmits the data to be transmitted to the third-party personalization system through KEK encryption; then the third-party personalized system receives the data and
  • the encryption machine uses KEK to decrypt, and in the encryption machine, the key Kcard distributed by the master key KMC is encrypted and transmitted to the smart card; finally, the smart card uses Kcard decryption to obtain the data transmitted by the application provider.
  • the third-party personalization device and the smart card are inside the closed system (for example, the card factory), so that it is inconvenient to update the application data for the smart card that has been issued or Download new app data.
  • the closed system for example, the card factory
  • the application provider and the smart card card are not directly established security channels, but the application provider establishes a secure channel with the third party system, the third party system and the card respectively, and therefore needs to be inside the third party system.
  • Perform a data conversion process which may present a risk of data leakage. Summary of the invention
  • a method of transmitting data from a data provider to a smart card including the following steps:
  • the key KEY is generated by the smart card, and then the ciphertext PK1 is obtained by using the public key PK1 encryption key KEY.
  • the data provider receives the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card. Then, using the public key PK2 to verify the signed ciphertext SK2 (PK1 (KEY)), and decrypting the ciphertext PK1 (KEY) with the private key SK1 to obtain the key KEY;
  • the data provider encrypts the data to be transmitted and transmits it to the smart card using the obtained key KEY.
  • the data provider is an application provider, and the data is application data, and the application data is used to personalize the smart card application.
  • the data providing direction smart card sends a key generation instruction, and the smart card generates a key KEY after receiving the key generation instruction.
  • the key KEY is randomly generated by the smart card.
  • the data provider communicates with the smart card through a third party.
  • the smart card uses the key KEY to obtain the transport key from the data provider, and
  • the application provider uses the transport key to encrypt additional data to be transmitted and transmit it to the smart card.
  • the additional data is data for personalizing the smart card.
  • the data provider establishes end-to-end security with the smart card Channels that securely transfer application data to smart cards over untrusted channels and third-party systems.
  • FIG. 1 is a schematic illustration of a method of transmitting application data from an application provider to a smart card in accordance with the prior art.
  • FIG. 2 is a schematic illustration of the steps of transmitting data from a data provider to a smart card in accordance with an embodiment of the present invention.
  • FIG. 2 is a schematic illustration of the steps of transmitting data from a data provider to a smart card in accordance with an embodiment of the present invention.
  • the method consists of two steps, the establishment of a direct secure channel and the transmission of data over the established secure channel.
  • the data provider has a public key PK1 and a private key SK1
  • the smart card has a public key PK2 and a private key SK2.
  • the data provider and the card manufacturer separately apply for a public-private key pair and a public key certificate from the CA, and the data provider and the card manufacturer can use the public key PCA to authenticate the counterpart public key certificate and obtain the counterpart public key.
  • PK1, SKI, and PK2 are provided in the data provider, and PK1, PCA, and SK2 are set in the smart card.
  • the card factory presets the public key PCA and the private key SK2 of the CA into the smart card; the data provider can verify the smart card public key PK2 by using the public key PCA after obtaining the public key certificate of the card factory; The provider transmits the public key certificate to the smart card through the network or any third party.
  • the smart card verifies the data provider's public key certificate through the CA's public key PCA, and then obtains the data provider's public key PK1.
  • only the public key certificate is transmitted on the network, and when the public key is obtained, the public key certificate is verified according to the CA public key PCA. In this step, even if the channel is not trusted, the whole process is still safe.
  • the key KEY is generated by the smart card, and then the ciphertext PK1(KEY) is obtained by encrypting the key KEY with the public key PK1, and the signature ciphertext SK2 is obtained by signing the ciphertext PK1(KEY) with SK2.
  • the PK1 ( ⁇ ) ⁇ smart card can send ciphertext PKl ( KEY ) and signed ciphertext SK2 ( PKl ( KEY ) ) to the data provider via a third party or an untrusted network.
  • the data provider receives the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card, and then verifies the signature ciphertext SK2 (PKl (KEY)) with the public key PK2, and decrypts the secret with the private key SK1.
  • the text PKl ( KEY ) gets the key KEY.
  • the key KEY Since the key KEY is encrypted by the data provider's public key PK1, and only the data provider has the corresponding decrypted private key SK1, the key KEY cannot be stolen. In addition, since the key KEY can be randomly generated by the smart card each time, it is impossible for the third party to intercept the ciphertext PKl (KEY) and the signature ciphertext SK2 (PK1 (KEY)) for the replay attack. On the other hand, since only the smart card has the private key SK2 and the encrypted key is signed by the private key SK2, the data provider can prevent the signature ciphertext SK2 (PK1(KEY)) from being impersonated according to the public key PK2 checksum. Tomb change.
  • the data provider In the step of transmitting data through the established secure channel, the data provider encrypts the data to be transmitted and transmits the data to the smart card using the obtained key KEY.
  • the data provider is an application provider, and the data is application data, and the application data is used to personalize the smart card application.
  • the data providing direction smart card sends a key generation instruction, and the smart card generates a key KEY after receiving the key generation instruction.
  • the establishment of the direct secure channel and the data transmission are performed between the application provider and the smart card by the following steps:
  • step 1 the generation key instruction GENERATE KEY is sent by the application providing direction smart card; in step 2, the smart card returns a GENERATE KEY command response to the application provider, in which, after the smart card receives the generation key instruction GENERATE KEY
  • the key KEY is generated by the smart card, and then the ciphertext PKl (KEY) is obtained by using the public key PK1 encryption key KEY, and the signature ciphertext SK2 (PKl (KEY)) is obtained by signing the ciphertext PKl (KEY) with SK2, the smart card is Should The provider returns a GENERATE KEY command response, where the GENERATE KEY command response includes the ciphertext PKl (KEY) and the signature ciphertext SK2 ( PKl ( KEY ));
  • step 3 the application provides the direction smart card to send a PUT KEY command.
  • the application provider receives the response of the GENERATE KEY command including the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1(KEY)), and then judges Whether the GEN ERATE KEY instruction is executed successfully. If the execution is successful and the signature ciphertext SK2 ( PKl ( KEY ) ) is verified by the public key PK2 and the ciphertext PKl ( KEY ) is decrypted by the private key SK1 to obtain the key KEY, the obtained key will be obtained.
  • the key KEY is used as a temporary session key for subsequent operations, and then the PUT KEY instruction is sent by the application providing direction smart card, the PUT KEY instruction includes a transport key, and is encrypted according to the temporary session key described above;
  • the smart card returns a PUT KEY command response to the application provider, in which the smart card decrypts the PUT KEY command using the temporary session key and obtains the transport key, and stores the transport key in the smart card, and Returning a PUT KEY command response to the application provider indicates that the transfer key was successfully obtained and stored.
  • the transport key is a subkey that is decentralized by the application provider's master key, whereby both the application provider and the smart card have a transport key. The transport key as a subkey is used to encrypt the transmission of data between subsequent application providers and smart cards;
  • step 5 a personalized STORE DATA command is sent by the application providing direction smart card, the STORE DATA command is encrypted with a transport key and used to write data to the smart card to personalize the smart card;
  • step 6 the smart card returns a STORE DATA command response to the application provider indicating whether the data write was successful.
  • the present invention also discloses a system for transmitting data from a data provider to a smart card, the system comprising a data provider and a smart card, wherein the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2, wherein
  • the smart card is configured to generate a key KEY, and then the ciphertext PK1 (KEY) is obtained by using the public key PK1 encryption key KEY, and the ciphertext PKl (KEY) is signed by SK2.
  • the signature ciphertext SK2 (PK1 (KEY)) is obtained, and the data provider is configured to receive the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card, and then verify the signature ciphertext SK2 with the public key PK2 ( PK1 ( KEY ) ) , and decrypt the ciphertext PK1 ( KEY ) with the private key SK1 to get the key
  • the KEY; and the data provider are further configured to use the obtained key KEY to encrypt the data to be transmitted and transmit it to the smart card.
  • the data provider is configured to send a key generation instruction to the smart card, the smart card being configured to generate a key KEY upon receipt of the key generation instruction, the data provider communicating with the smart card via a third party.
  • the data to be transmitted includes a transport key
  • the transport key is a subkey obtained by dispersing a master key of the data provider
  • the smart card is further configured to use the key KEY from the data provider
  • the transport key is obtained
  • the application provider is configured to encrypt additional data to be transmitted using the transport key and transmit to the smart card.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a method and system for transmitting data from a data provider to a smart card. The method includes: a smart card generating a key (KEY), encrypting the key (KEY) using a public key PK1 to obtain cipher text PK1 (KEY), and signing the cipher text PK1 (KEY) using an SK2 to obtain signature cipher text SK2 (PK1 (KEY)); a data provider receiving the cipher text PK1 (KEY) and signature cipher text SK2 (PK1 (KEY)) from the smart card, then verifying the signature cipher text SK2 (PK1 (KEY)) using a public key PK2, and decrypting the cipher text PK1 (KEY) using a private key SK1 to obtain the key (KEY); and the data provider encrypting data to be transmitted using the obtained key (KEY) and transmitting same to the smart card.

Description

一种从数据提供方传输数据到智能卡的方法和系统  Method and system for transmitting data from data provider to smart card
优先权要求 Priority claim
本申请要求了 2012年 7月 6 日提交的、 申请号为 201210232922.6、 发 明名称为 "一种从数据提供方传输数据到智能卡的方法和系统" 的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 The present application claims priority to Chinese Patent Application No. 20121023292, filed on Jul. 6, 2012, entitled "A method and system for transmitting data from a data provider to a smart card", the entire contents of which are incorporated by reference. Combined in this application. Technical field
本发明涉及信息安全领域, 尤其涉及一种从数据提供方传输数据到智能 卡的方法和系统。 背景技术  The present invention relates to the field of information security, and more particularly to a method and system for transmitting data from a data provider to a smart card. Background technique
随着智能卡多应用的发展,在一张智能卡上加载多个应用变得越来越普 遍,应用提供方面临的一个重要问题就是如何将应用数据(例如,账户信息) 安全地传输到由第三方管理的智能卡上。  With the development of smart card multi-applications, it is becoming more and more common to load multiple applications on one smart card. An important issue in application provisioning is how to securely transfer application data (for example, account information) to third parties. Managed on a smart card.
在现有技术中,从应用提供方将应用数据传输到智能卡包括密钥准备和 数据传输两个步骤。 如图 1中的上面部分的示意图所示, 在密钥准备的步骤 中, 首先, 应用提供方将主密钥 KMC设置在第三方个人化系统中; 然后第 三方个人化系统将主密钥 KMC分散得到密钥 Kcard , 并且将密钥 Kcard设置 在智能卡安全芯片中; 最后应用提供方与第三方系统协商传输密钥 KEK。 如 图 1中的下面部分的示意图所示, 在数据传输的步骤中, 首先应用提供方将 待传输的数据通过 KEK加密后传给第三方个人化系统; 然后第三方个人化系 统接收数据并在加密机中用 KEK解密, 同时在加密机中再用主密钥 KMC分 散得到的密钥 Kcard加密后传给智能卡; 最后智能卡用 Kcard解密得到应用 提供方传输的数据。  In the prior art, transferring application data from a provider to a smart card includes two steps of key preparation and data transmission. As shown in the schematic diagram of the upper part of FIG. 1, in the step of key preparation, first, the application provider sets the master key KMC in the third-party personalization system; then the third-party personalization system sets the master key KMC. The key Kcard is obtained and the key Kcard is set in the smart card security chip; finally, the application provider negotiates the transmission key KEK with the third party system. As shown in the schematic diagram of the lower part of FIG. 1, in the step of data transmission, the application provider first transmits the data to be transmitted to the third-party personalization system through KEK encryption; then the third-party personalized system receives the data and The encryption machine uses KEK to decrypt, and in the encryption machine, the key Kcard distributed by the master key KMC is encrypted and transmitted to the smart card; finally, the smart card uses Kcard decryption to obtain the data transmitted by the application provider.
上述现有技术存在以下缺陷, 一方面, 在数据传输过程中, 第三方的个 人化设备和智能卡在封闭的系统内部(例如, 卡厂) , 这样对于已经发出的 智能卡就不方便更新应用数据或者下载新的应用数据。 另一方面, 虽然有密 钥保护应用提供方准备的数据,但是应用提供方和智能卡卡片不是直接建立 的安全信道, 而是应用提供方与第三方系统、 第三方系统和卡片分别建立安 全信道, 因此需要在第三方系统内部进行一个数据转换的过程, 从而可能存 在数据泄露的风险。 发明内容 The above prior art has the following drawbacks. On the one hand, in the data transmission process, the third-party personalization device and the smart card are inside the closed system (for example, the card factory), so that it is inconvenient to update the application data for the smart card that has been issued or Download new app data. On the other hand, although there is a secret The key protects the data prepared by the application provider, but the application provider and the smart card card are not directly established security channels, but the application provider establishes a secure channel with the third party system, the third party system and the card respectively, and therefore needs to be inside the third party system. Perform a data conversion process, which may present a risk of data leakage. Summary of the invention
根据本发明的一个目的公开一种从数据提供方传输数据到智能卡的方 法, 其中数据提供方拥有公钥 PK1和私钥 SK1 , 智能卡拥有公钥 PK2和私钥 SK2 , 包括以下步骤:  According to one aspect of the present invention, a method of transmitting data from a data provider to a smart card is disclosed, wherein the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2, including the following steps:
由智能卡产生密钥 KEY, 然后利用公钥 PK1加密密钥 KEY得到密文 PK1 The key KEY is generated by the smart card, and then the ciphertext PK1 is obtained by using the public key PK1 encryption key KEY.
( KEY ) ,以及利用 SK2签名该密文 PK1( KEY )得到签名密文 SK2( PKl( KEY ) ) , 数据提供方从智能卡接收密文 PK1 ( KEY )和签名密文 SK2 ( PK1 ( KEY ) ) , 然后利用公钥 PK2验证签名密文 SK2 ( PK1 ( KEY ) ) , 以及利用私钥 SK1解 密密文 PK1 ( KEY )得到密钥 KEY; (KEY), and by using SK2 to sign the ciphertext PK1(KEY) to obtain the signature ciphertext SK2(PKl(KEY)), the data provider receives the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card. Then, using the public key PK2 to verify the signed ciphertext SK2 (PK1 (KEY)), and decrypting the ciphertext PK1 (KEY) with the private key SK1 to obtain the key KEY;
数据提供方利用得到的密钥 KEY将要传输的数据加密后传输到智能卡。 可选地, 所述数据提供方是应用提供方, 所述数据是应用数据, 该应用 数据用于将智能卡应用个人化。  The data provider encrypts the data to be transmitted and transmits it to the smart card using the obtained key KEY. Optionally, the data provider is an application provider, and the data is application data, and the application data is used to personalize the smart card application.
可选地, 所述数据提供方向智能卡发送密钥生成指令, 智能卡在接收到 该密钥生成指令后产生密钥 KEY。  Optionally, the data providing direction smart card sends a key generation instruction, and the smart card generates a key KEY after receiving the key generation instruction.
可选地, 密钥 KEY由智能卡随机产生。  Optionally, the key KEY is randomly generated by the smart card.
可选地, 数据提供方通过第三方与智能卡通信。  Optionally, the data provider communicates with the smart card through a third party.
可选地, 所述要传输的数据包括传输密钥, 该传输密钥由关于数据提供 方的主密钥分散得到的子密钥, 所述方法还包括以下步骤:  Optionally, the data to be transmitted includes a transport key, and the transport key is a subkey obtained by dispersing a master key of the data provider, and the method further includes the following steps:
智能卡利用密钥 KEY从数据提供方获取传输密钥, 以及  The smart card uses the key KEY to obtain the transport key from the data provider, and
应用提供方利用该传输密钥将要传输的另外的数据加密后传输到智能 卡。  The application provider uses the transport key to encrypt additional data to be transmitted and transmit it to the smart card.
可选地, 所述另外的数据是用于对智能卡进行个人化的数据。  Optionally, the additional data is data for personalizing the smart card.
根据本发明的方法和系统,数据提供方通过与智能卡建立端到端的安全 通道, 能够将应用数据通过不可信的信道和第三方系统安全地传输到智能卡 上。 According to the method and system of the present invention, the data provider establishes end-to-end security with the smart card Channels that securely transfer application data to smart cards over untrusted channels and third-party systems.
附图说明 DRAWINGS
在参照附图阅读了本发明的具体实施方式以后, 本领域技术人员将会更 清楚地了解本发明的各个方面。 本领域技术人员应当理解的是, 这些附图仅 护范围构成限制。  Various aspects of the present invention will become apparent to those skilled in the <RTIgt; Those skilled in the art will appreciate that these drawings are only intended to be limiting.
图 1是根据现有技术中从应用提供方将应用数据传输到智能卡的方法示 意图。  1 is a schematic illustration of a method of transmitting application data from an application provider to a smart card in accordance with the prior art.
图 2是根据本发明实施例的从数据提供方将数据传输到智能卡的步骤示 意图。  2 is a schematic illustration of the steps of transmitting data from a data provider to a smart card in accordance with an embodiment of the present invention.
具体实施方式 detailed description
下面参照附图, 对本发明的具体实施方式作进一步的详细描述。  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be further described in detail with reference to the accompanying drawings.
图 2是根据本发明实施例的从数据提供方将数据传输到智能卡的步骤示 意图。 该方法包括两个步骤, 即直接安全信道的建立以及通过建立的安全信 道传输数据。  2 is a schematic illustration of the steps of transmitting data from a data provider to a smart card in accordance with an embodiment of the present invention. The method consists of two steps, the establishment of a direct secure channel and the transmission of data over the established secure channel.
在本发明中,数据提供方拥有公钥 PK1和私钥 SK1 ,智能卡拥有公钥 PK2 和私钥 SK2。 例如, 数据提供方和卡厂分别从 CA申请公私钥对和公钥证书, 并且数据提供方和卡厂可以利用公钥 PCA验证对方公钥证书,并获得对方公 钥。 在一个实施例中, 在数据提供方中设置有 PK1、 SKI和 PK2 , 在智能卡 中设置有 PK1、 PCA和 SK2。 在该实施例中, 卡厂将 CA的公钥 PCA和私钥 SK2预置到智能卡中; 数据提供方可以在获得卡厂的公钥证书后用公钥 PCA 验证得到智能卡公钥 PK2 ; 而数据提供方将公钥证书通过网络或者任意第三 方传输到智能卡, 智能卡通过 CA的公钥 PCA验证数据提供方的公钥证书, 然后得到数据提供方的公钥 PK1。 在上述数据准备过程中, 只有公钥证书在 网络上传输, 而且在获取公钥的时候会根据 CA公钥 PCA验证公钥证书, 所 以这一步即使信道不可信, 整个过程仍然是安全的。 In the present invention, the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2. For example, the data provider and the card manufacturer separately apply for a public-private key pair and a public key certificate from the CA, and the data provider and the card manufacturer can use the public key PCA to authenticate the counterpart public key certificate and obtain the counterpart public key. In one embodiment, PK1, SKI, and PK2 are provided in the data provider, and PK1, PCA, and SK2 are set in the smart card. In this embodiment, the card factory presets the public key PCA and the private key SK2 of the CA into the smart card; the data provider can verify the smart card public key PK2 by using the public key PCA after obtaining the public key certificate of the card factory; The provider transmits the public key certificate to the smart card through the network or any third party. The smart card verifies the data provider's public key certificate through the CA's public key PCA, and then obtains the data provider's public key PK1. In the above data preparation process, only the public key certificate is transmitted on the network, and when the public key is obtained, the public key certificate is verified according to the CA public key PCA. In this step, even if the channel is not trusted, the whole process is still safe.
在直接安全信道的建立的步骤中, 由智能卡产生密钥 KEY, 然后利用公 钥 PK1加密密钥 KEY得到密文 PK1( KEY ),以及利用 SK2签名该密文 PK1( KEY ) 得到签名密文 SK2 ( PK1 ( ΚΕΥ ) λ 智能卡能够通过第三方或者不可信的网络 将密文 PKl ( KEY )和签名密文 SK2 ( PKl ( KEY ) )发送给数据提供方。  In the step of establishing the direct security channel, the key KEY is generated by the smart card, and then the ciphertext PK1(KEY) is obtained by encrypting the key KEY with the public key PK1, and the signature ciphertext SK2 is obtained by signing the ciphertext PK1(KEY) with SK2. (The PK1 ( ΚΕΥ ) λ smart card can send ciphertext PKl ( KEY ) and signed ciphertext SK2 ( PKl ( KEY ) ) to the data provider via a third party or an untrusted network.
接着, 数据提供方从智能卡接收密文 PKl ( KEY )和签名密文 SK2 ( PK1 ( KEY ) ) , 然后利用公钥 PK2验证签名密文 SK2 ( PKl ( KEY ) ) , 以及利 用私钥 SK1解密密文 PKl ( KEY )得到密钥 KEY。 由此, 数据提供方和智能卡 同时拥有同一密钥 KEY, 数据提供方到智能卡的直接安全信道得到建立。  Next, the data provider receives the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card, and then verifies the signature ciphertext SK2 (PKl (KEY)) with the public key PK2, and decrypts the secret with the private key SK1. The text PKl ( KEY ) gets the key KEY. Thus, the data provider and the smart card have the same key KEY at the same time, and the direct secure channel of the data provider to the smart card is established.
由于密钥 KEY是被数据提供方的公钥 PK1加密的, 而只有数据提供方具 有对应的解密私钥 SK1 , 所以密钥 KEY不可能被窃取。 另外, 由于密钥 KEY 每次都可以由智能卡随机产生, 所以第三方不可能截取密文 PKl(KEY)和签名 密文 SK2(PK1(KEY))进行重放攻击。 另一方面, 由于只有智能卡具有私钥 SK2 , 并且利用该私钥 SK2对加密的密钥签名,所以数据提供方根据公钥 PK2验签 能够避免签名密文 SK2(PK1(KEY))被冒充和墓改。  Since the key KEY is encrypted by the data provider's public key PK1, and only the data provider has the corresponding decrypted private key SK1, the key KEY cannot be stolen. In addition, since the key KEY can be randomly generated by the smart card each time, it is impossible for the third party to intercept the ciphertext PKl (KEY) and the signature ciphertext SK2 (PK1 (KEY)) for the replay attack. On the other hand, since only the smart card has the private key SK2 and the encrypted key is signed by the private key SK2, the data provider can prevent the signature ciphertext SK2 (PK1(KEY)) from being impersonated according to the public key PK2 checksum. Tomb change.
在通过建立的安全信道传输数据的步骤中,数据提供方利用得到的密钥 KEY将要传输的数据加密后传输到智能卡。  In the step of transmitting data through the established secure channel, the data provider encrypts the data to be transmitted and transmits the data to the smart card using the obtained key KEY.
可选地, 所述数据提供方是应用提供方, 所述数据是应用数据, 该应用 数据用于将智能卡应用个人化。  Optionally, the data provider is an application provider, and the data is application data, and the application data is used to personalize the smart card application.
可选地, 所述数据提供方向智能卡发送密钥生成指令, 智能卡在接收到 该密钥生成指令后产生密钥 KEY。  Optionally, the data providing direction smart card sends a key generation instruction, and the smart card generates a key KEY after receiving the key generation instruction.
在一个实施例中,应用提供方和智能卡之间通过下述步骤完成直接安全 信道的建立以及数据传输:  In one embodiment, the establishment of the direct secure channel and the data transmission are performed between the application provider and the smart card by the following steps:
在步骤 1中, 由应用提供方向智能卡发送生成密钥指令 GENERATE KEY; 在步骤 2中, 智能卡向应用提供方返回 GENERATE KEY指令响应, 在该 步骤中, 当智能卡接收到生成密钥指令 GENERATE KEY之后, 由智能卡产生 密钥 KEY, 然后利用公钥 PK1加密密钥 KEY得到密文 PKl ( KEY ) , 以及利用 SK2签名该密文 PKl ( KEY )得到签名密文 SK2 ( PKl ( KEY ) ) , 智能卡向应 用提供方返回 GENERATE KEY指令响应,其中 GENERATE KEY指令响应包括密 文 PKl ( KEY )和签名密文 SK2 ( PKl ( KEY ) ) ; In step 1, the generation key instruction GENERATE KEY is sent by the application providing direction smart card; in step 2, the smart card returns a GENERATE KEY command response to the application provider, in which, after the smart card receives the generation key instruction GENERATE KEY The key KEY is generated by the smart card, and then the ciphertext PKl (KEY) is obtained by using the public key PK1 encryption key KEY, and the signature ciphertext SK2 (PKl (KEY)) is obtained by signing the ciphertext PKl (KEY) with SK2, the smart card is Should The provider returns a GENERATE KEY command response, where the GENERATE KEY command response includes the ciphertext PKl (KEY) and the signature ciphertext SK2 ( PKl ( KEY ));
在步骤 3中, 由应用提供方向智能卡发送 PUT KEY指令, 在该步骤中, 应用提供方接收包括密文 PK1( KEY )和签名密文 SK2( PK1( KEY ) )的 GENERATE KEY指令响应之后, 判断 GEN ERATE KEY指令指令是否执行成功, 如果执行 成功则以及利用公钥 PK2验证签名密文 SK2 ( PKl ( KEY ) ) , 以及利用私钥 SK1解密密文 PKl ( KEY )得到密钥 KEY, 将得到的密钥 KEY作为后续操作的 临时会话密钥, 然后由应用提供方向智能卡发送 PUT KEY指令, 该 PUT KEY 指令包括传输密钥, 并且根据上述的临时会话密钥被加密;  In step 3, the application provides the direction smart card to send a PUT KEY command. In this step, the application provider receives the response of the GENERATE KEY command including the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1(KEY)), and then judges Whether the GEN ERATE KEY instruction is executed successfully. If the execution is successful and the signature ciphertext SK2 ( PKl ( KEY ) ) is verified by the public key PK2 and the ciphertext PKl ( KEY ) is decrypted by the private key SK1 to obtain the key KEY, the obtained key will be obtained. The key KEY is used as a temporary session key for subsequent operations, and then the PUT KEY instruction is sent by the application providing direction smart card, the PUT KEY instruction includes a transport key, and is encrypted according to the temporary session key described above;
在步骤 4中,智能卡向应用提供方返回 PUT KEY指令响应,在该步骤中, 智能卡利用上述临时会话密钥解密 PUT KEY指令并且获取传输密钥, 并将该 传输密钥存储在智能卡中, 以及向应用提供方返回 PUT KEY指令响应指示获 取并存储传输密钥是否成功。 在一个实施例中, 传输密钥是由关于应用提供 方的主密钥分散得到的子密钥,由此,应用提供方和智能卡都具有传输密钥。 作为子密钥的传输密钥被用于加密后续的应用提供方和智能卡之间的数据 的传输;  In step 4, the smart card returns a PUT KEY command response to the application provider, in which the smart card decrypts the PUT KEY command using the temporary session key and obtains the transport key, and stores the transport key in the smart card, and Returning a PUT KEY command response to the application provider indicates that the transfer key was successfully obtained and stored. In one embodiment, the transport key is a subkey that is decentralized by the application provider's master key, whereby both the application provider and the smart card have a transport key. The transport key as a subkey is used to encrypt the transmission of data between subsequent application providers and smart cards;
在步骤 5中, 由应用提供方向智能卡发送个人化 STORE DATA指令, 该 STORE DATA指令利用传输密钥加密并且用于向智能卡写入数据以对智能卡 进行个人化;  In step 5, a personalized STORE DATA command is sent by the application providing direction smart card, the STORE DATA command is encrypted with a transport key and used to write data to the smart card to personalize the smart card;
在步骤 6中, 智能卡向应用提供方返回 STORE DATA指令响应, 指示数 据写入是否成功。  In step 6, the smart card returns a STORE DATA command response to the application provider indicating whether the data write was successful.
本领域的技术人员可以理解的是, 上述描述的 6个步骤可以分别独立地 与本发明的其它实施例组合, 或者该 6个步骤可以互相结合而得到用于实现 本发明的目的的其它技术方案。  It will be understood by those skilled in the art that the six steps described above may be independently combined with other embodiments of the present invention, or the six steps may be combined with each other to obtain other technical solutions for achieving the object of the present invention. .
本发明还公开从数据提供方传输数据到智能卡的系统, 该系统包括数据 提供方传和智能卡, 其中数据提供方拥有公钥 PK1和私钥 SK1 , 智能卡拥有 公钥 PK2和私钥 SK2 , 其中, 智能卡被配置成产生密钥 KEY , 然后利用公钥 PK1加密密钥 KEY得到密文 PK1 ( KEY ) , 以及利用 SK2签名该密文 PKl ( KEY ) 得到签名密文 SK2 ( PK1 ( KEY ) ) , 数据提供方被配置成从智能卡接收密文 PK1 ( KEY )和签名密文 SK2 ( PK1 ( KEY ) ) , 然后利用公钥 PK2验证签名密 文 SK2 ( PK1 ( KEY ) ) , 以及利用私钥 SK1解密密文 PK1 ( KEY )得到密钥The present invention also discloses a system for transmitting data from a data provider to a smart card, the system comprising a data provider and a smart card, wherein the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2, wherein The smart card is configured to generate a key KEY, and then the ciphertext PK1 (KEY) is obtained by using the public key PK1 encryption key KEY, and the ciphertext PKl (KEY) is signed by SK2. The signature ciphertext SK2 (PK1 (KEY)) is obtained, and the data provider is configured to receive the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card, and then verify the signature ciphertext SK2 with the public key PK2 ( PK1 ( KEY ) ) , and decrypt the ciphertext PK1 ( KEY ) with the private key SK1 to get the key
KEY; 以及数据提供方被进一步配置成利用得到的密钥 KEY将要传输的数据 加密后传输到智能卡。 The KEY; and the data provider are further configured to use the obtained key KEY to encrypt the data to be transmitted and transmit it to the smart card.
可选地, 数据提供方被配置成向智能卡发送密钥生成指令, 智能卡被配 置成在接收到该密钥生成指令后产生密钥 KEY, 数据提供方通过第三方与智 能卡通信。  Optionally, the data provider is configured to send a key generation instruction to the smart card, the smart card being configured to generate a key KEY upon receipt of the key generation instruction, the data provider communicating with the smart card via a third party.
可选地, 所述要传输的数据包括传输密钥, 该传输密钥由关于数据提供 方的主密钥分散得到的子密钥, 其中: 智能卡还被配置成利用密钥 KEY从数 据提供方获取传输密钥, 以及应用提供方被配置成利用该传输密钥将要传输 的另外的数据加密后传输到智能卡。  Optionally, the data to be transmitted includes a transport key, and the transport key is a subkey obtained by dispersing a master key of the data provider, where: the smart card is further configured to use the key KEY from the data provider The transport key is obtained, and the application provider is configured to encrypt additional data to be transmitted using the transport key and transmit to the smart card.
通过以上实施方式的描述, 本领域中的普通技术人员能够理解, 在不偏 离本发明的精神和范围的情况下, 还可以对本发明的具体实施方式作各种变 更和替换。 这些变更和替换都落在本发明权利要求书所限定的范围内。  It will be apparent to those skilled in the art that <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; Such changes and substitutions are intended to fall within the scope of the appended claims.

Claims

权 利 要 求 Rights request
1. 一种从数据提供方传输数据到智能卡的方法,其中数据提供方拥有公 钥 PK1和私钥 SK1 , 智能卡拥有公钥 PK2和私钥 SK2 , 其特征在于, 包括以 下步骤: A method for transmitting data from a data provider to a smart card, wherein the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2, and is characterized by the following steps:
由智能卡产生密钥 KEY, 然后利用公钥 PK1加密密钥 KEY得到密文 PK1 ( KEY ) ,以及利用 SK2签名该密文 PK1( KEY )得到签名密文 SK2( PKl( KEY ) ) , 数据提供方从智能卡接收密文 PK1 ( KEY )和签名密文 SK2 ( PK1 ( KEY ) ) , 然后利用公钥 PK2验证签名密文 SK2 ( PK1 ( KEY ) ) , 以及利用私钥 SK1解 密密文 PK1 ( KEY )得到密钥 KEY;  The key KEY is generated by the smart card, and then the ciphertext PK1 (KEY) is obtained by using the public key PK1 encryption key KEY, and the signature ciphertext SK2(PKl(KEY)) is obtained by signing the ciphertext PK1(KEY) with SK2, the data provider Receiving ciphertext PK1 (KEY) and signature ciphertext SK2 (PK1 (KEY)) from the smart card, then verifying the signature ciphertext SK2 (PK1 (KEY)) with the public key PK2, and decrypting the ciphertext PK1 (KEY) with the private key SK1 Get the key KEY;
数据提供方利用得到的密钥 KEY将要传输的数据加密后传输到智能卡。  The data provider encrypts the data to be transmitted and transmits it to the smart card using the obtained key KEY.
2. 如权利要求 1所述的方法, 其特征在于, 2. The method of claim 1 wherein
所述数据提供方向智能卡发送密钥生成指令, 智能卡在接收到该密钥生 成指令后产生密钥 KEY。  The data providing direction smart card sends a key generation instruction, and the smart card generates a key KEY after receiving the key generation instruction.
3. 如权利要求 2所述的方法,其特征在于,密钥 KEY由智能卡随机产生。 3. The method of claim 2 wherein the key KEY is randomly generated by the smart card.
4. 如权利要求 1所述的方法,其特征在于,所述要传输的数据包括传输 密钥, 该传输密钥由关于数据提供方的主密钥分散得到的子密钥, 所述方法 还包括以下步骤: 4. The method of claim 1, wherein the data to be transmitted comprises a transport key, the transport key being sub-keys obtained by dispersing a master key with respect to a data provider, the method further Includes the following steps:
智能卡利用密钥 KEY从数据提供方获取传输密钥, 以及  The smart card uses the key KEY to obtain the transport key from the data provider, and
应用提供方利用该传输密钥将要传输的另外的数据加密后传输到智能 卡。  The application provider uses the transport key to encrypt additional data to be transmitted and transmit it to the smart card.
5. 如权利要求 4所述的方法,其特征在于,所述另外的数据是用于对智 能卡进行个人化的数据。 5. The method of claim 4 wherein the additional data is data for personalizing the smart card.
6. 一种从数据提供方传输数据到智能卡的系统,该系统包括数据提供方 传和智能卡,其中数据提供方拥有公钥 PK1和私钥 SK1 ,智能卡拥有公钥 PK2 和私钥 SK2 , 其特征在于, 6. A system for transmitting data from a data provider to a smart card, the system comprising a data provider and a smart card, wherein the data provider has a public key PK1 and a private key SK1, and the smart card has a public key PK2 and a private key SK2, the characteristics of which are Yes,
智能卡被配置成产生密钥 KEY , 然后利用公钥 PK1加密密钥 KEY得到密 文 PKl ( KEY ) , 以及利用 SK2签名该密文 PKl ( KEY )得到签名密文 SK2 ( PK1 ( KEY ) ) ,  The smart card is configured to generate a key KEY, and then obtains the ciphertext PKl ( KEY ) by using the public key PK1 encryption key KEY , and obtains the signature ciphertext SK2 ( PK1 ( KEY ) ) by signing the ciphertext PKl ( KEY ) with SK2 .
数据提供方被配置成从智能卡接收密文 PKl ( KEY )和签名密文 SK2 ( PK1 ( KEY ) ) , 然后利用公钥 PK2验证签名密文 SK2 ( PKl ( KEY ) ) , 以及利 用私钥 SK1解密密文 PKl ( KEY )得到密钥 KEY; 以及  The data provider is configured to receive the ciphertext PK1 (KEY) and the signature ciphertext SK2 (PK1 (KEY)) from the smart card, and then verify the signature ciphertext SK2 (PKl (KEY)) with the public key PK2, and decrypt the private key SK1 The ciphertext PKl (KEY) gets the key KEY;
数据提供方被进一步配置成利用得到的密钥 KEY将要传输的数据加密后 传输到智能卡。  The data provider is further configured to encrypt the data to be transmitted using the obtained key KEY and transmit it to the smart card.
7. 如权利要求 6所述的系统, 其特征在于, 7. The system of claim 6 wherein:
数据提供方被配置成向智能卡发送密钥生成指令,  The data provider is configured to send a key generation instruction to the smart card,
智能卡被配置成在接收到该密钥生成指令后产生密钥 KEY。  The smart card is configured to generate a key KEY upon receipt of the key generation instruction.
8. 如权利要求 7所述的系统,其特征在于,密钥 KEY由智能卡随机产生。 8. The system of claim 7 wherein the key KEY is randomly generated by the smart card.
9. 如权利要求 6所述的系统,其特征在于,所述要传输的数据包括传输 密钥, 该传输密钥由关于数据提供方的主密钥分散得到的子密钥, 其中: 智能卡还被配置成利用密钥 KEY从数据提供方获取传输密钥, 以及 应用提供方被配置成利用该传输密钥将要传输的另外的数据加密后传 输到智能卡。 10. 如权利要求 9所述的系统, 其特征在于, 所述另外的数据是用于对 智能卡进行个人化的数据。 9. The system according to claim 6, wherein the data to be transmitted comprises a transmission key, and the transmission key is obtained by a subkey obtained by dispersing a master key of the data provider, wherein: the smart card further The transport key is configured to obtain the transport key from the data provider using the key KEY, and the application provider is configured to encrypt additional data to be transmitted using the transport key and transmit to the smart card. 10. The system of claim 9, wherein the additional data is data for personalizing the smart card.
PCT/CN2013/078837 2012-07-06 2013-07-04 Method and system for transmitting data from data provider to smart card WO2014005534A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210232922.6A CN103532714A (en) 2012-07-06 2012-07-06 Method and system for transmitting data from data provider to intelligent card
CN201210232922.6 2012-07-06

Publications (1)

Publication Number Publication Date
WO2014005534A1 true WO2014005534A1 (en) 2014-01-09

Family

ID=49881352

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/078837 WO2014005534A1 (en) 2012-07-06 2013-07-04 Method and system for transmitting data from data provider to smart card

Country Status (2)

Country Link
CN (1) CN103532714A (en)
WO (1) WO2014005534A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712932B (en) * 2016-07-20 2019-03-19 腾讯科技(深圳)有限公司 Key management method, apparatus and system
CN111314062B (en) * 2020-01-14 2022-10-18 支付宝(杭州)信息技术有限公司 Smart card data issuing method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894235A (en) * 2010-07-27 2010-11-24 公安部第三研究所 Smart card security session system
CN102075802A (en) * 2011-03-08 2011-05-25 广东爱科数字科技有限公司 Method for realizing secure communication between set-top box and intelligent card
CN102394749A (en) * 2011-09-26 2012-03-28 深圳市文鼎创数据科技有限公司 Line protection method, system, information safety equipment and application equipment for data transmission

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7751559B2 (en) * 2006-09-07 2010-07-06 International Business Machines Corporation Secure transmission of cryptographic key
CN101656960A (en) * 2009-09-16 2010-02-24 中兴通讯股份有限公司 Point-to-point communication method based on near field communication and near field communication device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894235A (en) * 2010-07-27 2010-11-24 公安部第三研究所 Smart card security session system
CN102075802A (en) * 2011-03-08 2011-05-25 广东爱科数字科技有限公司 Method for realizing secure communication between set-top box and intelligent card
CN102394749A (en) * 2011-09-26 2012-03-28 深圳市文鼎创数据科技有限公司 Line protection method, system, information safety equipment and application equipment for data transmission

Also Published As

Publication number Publication date
CN103532714A (en) 2014-01-22

Similar Documents

Publication Publication Date Title
US10951423B2 (en) System and method for distribution of identity based key material and certificate
JP4814339B2 (en) Constrained encryption key
CN104094267B (en) Method, apparatus and system for secure sharing of media content from a source device
EP3082356A1 (en) Method to check and prove the authenticity of an ephemeral public key
EP2461564A1 (en) Key transport protocol
JP6471112B2 (en) COMMUNICATION SYSTEM, TERMINAL DEVICE, COMMUNICATION METHOD, AND PROGRAM
KR20170139570A (en) Method, apparatus and system for cloud-based encryption machine key injection
EP3695561B1 (en) Secure provisioning of data to client device
WO2017167771A1 (en) Handshake protocols for identity-based key material and certificates
JP2013502782A (en) Method, device, and network system for negotiating encryption information
CN101170413B (en) A digital certificate and private key acquisition, distribution method and device
WO2018202109A1 (en) Certificate request message sending method and receiving method and apparatus
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
WO2017069155A1 (en) Communication device, communication method and computer program
CN110268675B (en) Programmable hardware security module and method on programmable hardware security module
JP6666517B2 (en) Method of provisioning a first communication device using a second communication device
CA2561644C (en) A method to leverage a secure device to grant trust and identity to a second device
CN102377758B (en) A kind of authentication method and system of personal network equipment being carried out to certification
WO2018119852A1 (en) Method for mutual authentication between device and secure element
WO2014005534A1 (en) Method and system for transmitting data from data provider to smart card
US20160330025A1 (en) Method to independently complete the personalization of a token
WO2008004174A2 (en) Establishing a secure authenticated channel
CN107276755B (en) Security association method, device and system
US20090147956A1 (en) Sharing a Secret Element
JP6609212B2 (en) Encrypted communication channel establishment system, method, program, and computer-readable program recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13813297

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08.06.15)

122 Ep: pct application non-entry in european phase

Ref document number: 13813297

Country of ref document: EP

Kind code of ref document: A1