WO2015158172A1 - Carte d'identification de l'identité d'un utilisateur - Google Patents

Carte d'identification de l'identité d'un utilisateur Download PDF

Info

Publication number
WO2015158172A1
WO2015158172A1 PCT/CN2015/070906 CN2015070906W WO2015158172A1 WO 2015158172 A1 WO2015158172 A1 WO 2015158172A1 CN 2015070906 W CN2015070906 W CN 2015070906W WO 2015158172 A1 WO2015158172 A1 WO 2015158172A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
information
calculation
public key
perform
Prior art date
Application number
PCT/CN2015/070906
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2015158172A1 publication Critical patent/WO2015158172A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Definitions

  • the present invention relates to the field of electronic technologies, and in particular, to a user identity card.
  • the present invention is directed to solving one of the above problems.
  • the main object of the present invention is to provide a user identification card.
  • An aspect of the present invention provides a user identification card, including: a processing module, a communication module, a security authentication module, a permission control module, a security protection module, a security storage module, a public key algorithm module, a symmetric algorithm module, a random number module, and Hash module
  • the communication module is configured to perform information reception and output
  • the security authentication module is configured to perform security authentication on user identity information and user operation information
  • the permission control module is configured to perform authority control on the call of the processing module to each module;
  • the security protection module is configured to perform at least protection operations on the operations of the public key algorithm module, the symmetric algorithm module, the random number module, and/or the hash module;
  • the secure storage module is configured to store at least a private key for performing signature calculation, a negotiation key for performing encryption and decryption calculation, and/or a check calculation;
  • the public key algorithm module is configured to perform signature calculation
  • the symmetric algorithm module is configured to perform an encryption and decryption calculation and/or a verification calculation
  • a random number module set to generate a random factor
  • a hash module set to perform hash calculations
  • the processing module is configured to invoke the information receiving and outputting of the communication module, invoke the authentication result after the authentication of the security authentication module, and invoke the protection operation of the security protection module, where the security is invoked.
  • the hash calculation is called, and the calling of each module is performed according to the authority of the permission control module.
  • the communication module is further configured to receive the first authentication information and the to-be-processed information, and output the second authentication information, the second ciphertext information, and the processing information, where the first authentication information includes at least: first ciphertext information, The ciphertext signature information and the certificate to be authenticated, the first ciphertext information includes at least a first random factor and a second random factor, and the ciphertext signature information is a signature of the first ciphertext information;
  • the second authentication information includes at least: a first random factor and a user identification card certificate, where the second ciphertext information includes at least the second random factor and a third random factor;
  • the secure storage module is further configured to store a private key of the user identification card, a certificate of the user identification card, and a public key of the certificate to be authenticated;
  • the public key algorithm module is further configured to perform the verification calculation of the ciphertext signature information by using the public key of the certificate to be authenticated, and calculate the certificate authentication to be authenticated;
  • the symmetric algorithm module is further configured to perform decryption calculation on the first ciphertext information, and at least perform encryption calculation on the second random factor and the third random factor to obtain second ciphertext information;
  • a random number module further configured to generate the first random factor and the third random factor
  • the processing module is further configured to: after calling the public key algorithm module to authenticate the to-be-certified certificate, invoking the public key algorithm module to perform verification of the ciphertext signature information, and verifying After the symmetry algorithm module is invoked, the first ciphertext information is decrypted, the second random factor is obtained, and the third random factor generated by the random number module is invoked, and the symmetric algorithm module pair is invoked. The second random factor and the third random factor perform an encryption calculation to obtain the second ciphertext information.
  • the communication module is further configured to receive the first verification information and the to-be-processed information, and output the second verification information and the processing information; wherein the first verification information is calculated by using a first random factor, The second check information is calculated by the second random factor;
  • the secure storage module is further configured to store a private key of the user identity card, a first key and a second key for performing verification;
  • the symmetric algorithm module is further configured to perform a check calculation on the first check information by using the first key, Performing a check calculation on the second random factor by using the second key to obtain the second verification information;
  • a random number module further configured to generate at least the second random factor
  • the processing module is further configured to: check the first key stored by the security storage module and the symmetric algorithm module to verify the first verification information, and after the verification is passed, invoke the And the second random factor generated by the random number module, and calling the symmetric algorithm module to perform a check calculation on the second random factor to obtain the second verification information.
  • the communication module is further configured to receive the first ciphertext information and the to-be-processed information, and output the second ciphertext information and the processing information; wherein the first ciphertext information is the first public key pair of the user identity card
  • the random factor is obtained by performing encryption calculation, and the second ciphertext information is obtained by encrypting the second random factor by using a public key of the module to be interacted;
  • the secure storage module is further configured to store a private key of the user identification card and a public key calculation algorithm for generating a public key of the module to be interacted with;
  • the public key algorithm module is further configured to generate a public key of the module to be interacted according to the public key calculation algorithm and the identifier information to be exchanged;
  • the symmetric algorithm module is further configured to perform decryption calculation on the first ciphertext information by using a private key of the user identity card, and perform encryption calculation on the second random factor by using a public key of the module to be interacted;
  • a random number module further configured to generate at least the second random factor
  • the processing module is further configured to invoke the symmetric algorithm module to decrypt the first ciphertext information according to the private key of the user identity card to obtain a first random factor, and invoke the public storage module
  • the key calculation algorithm and the public key algorithm module generate the public key of the module to be interacted, and invoke the second random factor generated by the random number module, and invoke the symmetric algorithm module according to the module to be interacted
  • the public key performs encryption calculation on the second random factor to obtain the second ciphertext information.
  • the processing information includes: the encrypted information obtained by the symmetric algorithm module encrypting the signature information according to the negotiation key, wherein the signature information is the private key algorithm module according to the private identity of the user identification card.
  • the key is calculated by signing the information to be processed; or
  • the processing information includes: verification information obtained by performing verification on the signature information by the symmetric algorithm module according to the negotiation key, and the signature information, where the signature information is the public key algorithm module according to the Calculating the signature of the to-be-processed information by the private key of the user identification card; or
  • the processing information includes: the encrypted information obtained by encrypting the signature information by the symmetric algorithm module according to the negotiation key, and the verification information obtained by performing verification on the signature information, where the signature information is The public key algorithm module performs a signature calculation on the to-be-processed information according to the private key of the user identity card; or
  • the processing information includes: the encrypted information obtained by encrypting the signature information by the symmetric algorithm module according to the negotiation key, and the verification information obtained by performing verification on the encrypted information, wherein the signature information is
  • the public key algorithm module calculates the signature of the to-be-processed information according to the private key of the user identity card.
  • processing module is further configured to invoke a hash calculation of the hash module to obtain the signature when the public key algorithm module performs signature calculation on the to-be-processed information according to a private key of the user identity card. information.
  • the symmetric algorithm module is further configured to perform decryption calculation and/or verification calculation on the to-be-processed information.
  • the communication module includes: a serial port, a USB interface, an NFC interface, a Bluetooth interface, an infrared interface, a button or an audio interface.
  • protection operations include: frequency scrambling, power consumption scrambling, computational scrambling, or balance calculation.
  • the rights control module is further arranged to control the execution of the code and/or the application.
  • the user identification card of the present invention is used in conjunction with the secure portion of the mobile phone to implement secure online banking and/or confidential information transmission.
  • FIG. 1 is a schematic structural diagram of a user identity card provided by the present invention.
  • connection In the description of the present invention, it should be noted that the terms “installation”, “connected”, and “connected” are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • Connected, or integrally connected can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • first and second are used for descriptive purposes only, and not It is understood to indicate or imply relative importance or quantity or location.
  • the user identification card of the present invention may be any of the following cards: a SIM (Subscriber Identity Module) card, a UIM (User Identity Module) card, a USIM card, a PIM card, etc., and the above cards are all existing. Based on the functions, the security function is expanded, so that the mobile phone can be safely implemented to perform online banking and/or confidential information transmission.
  • SIM Subscriber Identity Module
  • UIM User Identity Module
  • USIM User Identity Module
  • the user identification card of the present invention needs to be matched with a mobile phone having a security function to ensure that the mobile phone with security function can perform the function of online banking service and/or confidential information transmission together with the user identification card of the present invention.
  • the user identity card of the embodiment 1 of the present invention includes: a communication module 101, a security authentication module 102, an authority control module 103, and security.
  • the communication module 101 is configured to perform information reception and output. Specifically, the communication module 101 can accept the call of the processing module 110 to receive the information sent by the secure part of the mobile phone with the security function matched with the user identity card, and can also generate various types of the user identity card. The information is output to the secure part of the phone.
  • the communication module 101 can be any interface such as a serial port, a USB interface, an NFC interface, a Bluetooth interface, an infrared interface, a button or an audio interface.
  • the security authentication module 102 is configured to perform security authentication on the user identity information and the user operation information. Specifically, the security authentication module 102 can accept the call of the processing module 110, perform security authentication on the identity information input by the user through the mobile phone input or other manners, and perform security authentication, such as a read operation, on the operation information of the user. The security authentication module 102 can set different security levels according to different users to complete the security authentication function according to the identity and/or operation of different users.
  • the permission control module 103 is configured to perform authority control on the call of the processing module 110 to each module. Specifically, the rights control module 103 can accept the call of the processing module 110 and cooperate with the processing module 110 to complete the call of the processing module 110 to each module, thereby controlling the call of the processing module 110. Of course, the rights control module 103 can also control the execution rights of the code and/or the application to ensure the security of the information, functions and applications.
  • the security protection module 104 is configured to at least perform operations on the operations of the public key algorithm module 106, the symmetric algorithm module 107, the random number module 108, and/or the hash module 109. Specifically, when the public key algorithm module 106 performs signature calculation, and when the symmetric algorithm module 107 performs encryption and decryption calculation and/or verification calculation, the processing module 110 invokes Protect in the calculations. Therefore, it can resist attack analysis such as energy analysis or electromagnetic analysis, and improve the difficulty of calculation and cracking, thereby improving the security of various information calculations.
  • the protection operation may include any scrambling operation such as frequency scrambling, power consumption scrambling or computational scrambling.
  • the protection operation may also be an operation such as balancing calculation, as long as the security protection purpose can be achieved, and operations such as attack prevention can belong to the protection scope of the present invention.
  • the security protection module 104 performs at least a protection operation on the calculation operations of the public key algorithm module 106 and/or the symmetric algorithm module 107.
  • the secure storage module 105 is configured to store at least a private key for performing signature calculation, a negotiation key for performing encryption and decryption calculation and/or verification calculation.
  • the security storage module 105 can store at least security information such as a security key and a negotiation key, and accept the call of the processing module 110 to complete the security function of the user identity card with other modules.
  • the private key for signature calculation can not be taken out at all, which improves the security of private key storage.
  • the public key algorithm module 106 is configured to perform signature calculations. Specifically, in the invocation of the processing module 110, the public key algorithm module 106 performs signature calculation according to the private key (which may be the private key of the user identification card in the present invention) that is set for the signature calculation stored in the secure storage module 105. Therefore, the security function of the user identification card can be realized.
  • the private key which may be the private key of the user identification card in the present invention
  • the symmetric algorithm module 107 is arranged to perform an encryption and decryption calculation and/or a verification calculation. Specifically, in the present invention, the processing module 110 may invoke the symmetric algorithm module 107 to perform encryption and decryption calculation and/or verification on the security part of the user identification card output to the mobile phone and the information sent to the user identification card of the security part of the mobile phone. The calculation ensures that the transmission of information transmitted between the secure part of the mobile phone and the user identification card is not tampered with, thereby improving security.
  • the random number module 108 is arranged to generate a random factor. Specifically, the random number module 108 can be invoked by the processing module 110 to generate a random factor, so that the random factor can be sent to the secure part of the mobile phone while receiving the random factor sent by the secure part of the mobile phone, so that the processing module 110 can be based on one or both sides.
  • the random factor generates a negotiation key for information interaction between the secure portion of the mobile phone and the user identification card, thereby improving the security of information interaction between the security module of the mobile phone and the user identification card.
  • the random factor can be added each time information is transmitted to prevent replay attacks.
  • the hash module 109 is set to perform hash calculations. Specifically, the hash module 109 can accept the call of the processing module 110. When the processing module 110 invokes the public key algorithm module 106 to perform signature calculation on the information according to the private key of the user identification card, the hash calculation is performed to obtain the signature information to complete. The security feature of the user identification card.
  • the processing module 110 is configured to invoke the information receiving and outputting of the communication module 101, invoke the authentication result after the security authentication module 102 is authenticated, invoke the protection operation of the security protection module 104, and store the information stored in the security storage module 105.
  • the call is made, the calculation of the public key algorithm module 106 is invoked, the calculation of the symmetric algorithm module 107 is invoked, the random factor generated by the random number module 108 is invoked, the hash calculation of the hash module 109 is invoked, and the permissions are controlled.
  • the authority of the module 103 is called by each module.
  • the processing module 110 can implement a call for each of the above modules to cooperate with the security function of the user identification card.
  • the user identification card of the present invention is used together with the security part of the mobile phone to implement safe execution of the mobile phone. Online banking and/or confidential information transmission.
  • the structure of the user identity card is as shown in FIG. 1.
  • a negotiation key is generated between the user identity card and the security part of the mobile phone by means of a mutual authentication certificate, so that the user identity card is used.
  • the secure part of the mobile phone uses the generated negotiation key for secure transmission of information.
  • the communication module 101 is configured to receive the first authentication information and the to-be-processed information, and output the second authentication information, the second ciphertext information, and the processing information, where the first authentication information includes at least: the first ciphertext information and the secret information. And the first ciphertext information includes at least a first random factor and a second random factor, the ciphertext signature information is a signature of the first ciphertext information, and the second authentication information includes at least: the first random identifier The factor and the user identification card certificate, the second ciphertext information including at least a second random factor and a third random factor.
  • the communication module 101 accepts the call of the processing module 110, and is configured to receive the first authentication information and the to-be-processed information, and output the second authentication information, the second ciphertext information, and the processing information.
  • the first authentication information is the authentication information sent by the security part of the mobile phone to the user identification card, and is used for authenticating the security part of the mobile phone;
  • the information to be processed is the information sent by the security part of the mobile phone to the user identification card,
  • the information may be confidential information that needs to be transmitted securely, or may be any information such as transaction information to be traded in the online banking. If the present invention is applied to secure transmission of confidential information, the information may be confidential information that the mobile phone needs to output. For example: confidential information obtained by the mobile phone from the secure storage area of the mobile phone. If the present invention is applied to online banking, the information may be transaction information of the transaction to be executed. For example, the transaction information, transaction amount and other transaction information obtained by the mobile phone through the online banking client.
  • the second authentication information is the authentication information sent by the user identification card to the secure part of the mobile phone, and is used for authenticating the user identification card of the secure part of the mobile phone.
  • the first ciphertext information may carry a part of the factor of the negotiation key generated by the security part of the mobile phone for generating the user identity card and the security part of the mobile phone to negotiate with each other.
  • the second ciphertext information may also carry the negotiation secrets generated by the user identification card and/or generated by the security part of the mobile phone and sent to the user identification card for generating the user identification card and the security part of the mobile phone. Part of the key in the key.
  • the processing information is information that the user identification card sends to the secure portion of the mobile phone in response to the pending information. If the present invention is applied to the secure transmission of confidential information, the processing information may be the signed confidential information or the like. If the present invention is applied to online banking, the processing information may be signed transaction information or the like.
  • processing information may further include: the encrypted information obtained by the symmetric algorithm module 107 performing the encryption calculation on the signature information according to the negotiation key, wherein the signature information is performed by the public key algorithm module 106 according to the private key of the user identification card. Calculated by signature; or
  • the processing information includes: verification information obtained by the symmetric algorithm module 107 for verifying the signature information according to the negotiation key, and signature information, wherein the signature information is treated by the public key algorithm module 106 according to the private key of the user identification card. Processing information for signature calculation; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 by performing encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing verification on the signature information, wherein the signature information is identified by the public key algorithm module 106 according to the user identity.
  • the private key of the card is calculated by signing the processed information; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 performing the encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing the check calculation on the encryption information, wherein the signature information is the public key algorithm module 106, which is identified according to the user identity.
  • the card's private key is calculated by signing the processed information.
  • the user identification card can ensure the security of the transmission of the signature information while transmitting the processing information.
  • the communication module 101 can be any interface such as a serial port, a USB interface, an NFC interface, a Bluetooth interface, an infrared interface, a button or an audio interface.
  • the security authentication module 102 is configured to perform security authentication on the user identity information and the user operation information. Specifically, the security authentication module 102 can accept the call of the processing module 110, perform security authentication on the identity information input by the user through the mobile phone input or other manners, and perform security authentication, such as a read operation, on the operation information of the user. The security authentication module 102 can set different security levels according to different users to complete the security authentication function according to the identity and/or operation of different users.
  • the permission control module 103 is configured to perform authority control on the call of the processing module 110 to each module. Specifically, the rights control module 103 can accept the call of the processing module 110 and cooperate with the processing module 110 to complete the call of the processing module 110 to each module, thereby controlling the call of the processing module 110. Of course, the rights control module 103 can also control the execution rights of the code and/or the application to ensure the security of the information, functions and applications.
  • the security protection module 104 is configured to at least perform operations on the operations of the public key algorithm module 106, the symmetric algorithm module 107, the random number module 108, and/or the hash module 109. Specifically, the security protection module 104 performs protection in the calculation by the call of the processing module 110 when the public key algorithm module 106 performs signature calculation and when the symmetric algorithm module 107 performs encryption and decryption calculation and/or verification calculation. Therefore, it can resist attack analysis such as energy analysis or electromagnetic analysis, and improve the difficulty of calculation and cracking, thereby improving the security of various information calculations.
  • the protection operation may include any scrambling operation such as frequency scrambling, power consumption scrambling or computational scrambling.
  • the protection operation may also be an operation such as balancing calculation, as long as the security protection purpose can be achieved, and operations such as attack prevention can belong to the protection scope of the present invention.
  • the security protection module 104 performs at least a protection operation on the calculation operations of the public key algorithm module 106 and/or the symmetric algorithm module 107.
  • the secure storage module 105 is further configured to store a private key of the user identification card, a certificate of the user identification card, and a public key of the certificate to be authenticated.
  • the secure storage module 105 stores, in addition to the private key for performing signature calculation, the negotiation key for performing encryption and decryption calculation and/or the verification calculation, the private key of the user identification card, so as to be accepted by the processing module 110. Call, perform signature operations in confidential information transmission, and/or online banking signature operations.
  • the secure storage module 105 stores the certificate of the user identification card to accept the call of the processing module 110 to send the certificate of the user identification card to The security part of the mobile phone authenticates the legality of the user identification card to improve security.
  • the security storage module 105 stores the public key of the certificate to be authenticated, so as to accept the call of the processing module 110, so that the user identification card authenticates the security part of the mobile phone, and the security is improved.
  • the certificate to be authenticated can be the certificate of the security part of the mobile phone. .
  • the public key algorithm module 106 performs the verification calculation of the ciphertext signature information through the public key of the certificate to be authenticated, and calculates the authentication certificate to be authenticated.
  • the public key algorithm module 106 is configured to receive the signature calculation, and is specifically configured to accept the call of the processing module 110, and perform the verification calculation on the ciphertext signature information sent by the security part of the mobile phone by using the public key of the certificate to be authenticated. In order to verify the correctness of the ciphertext signature information. At the same time, it also accepts the call of the processing module 110, and performs authentication calculation on the authentication certificate in order to authenticate the legality of the security part of the mobile phone.
  • the symmetric algorithm module 107 is further configured to perform decryption calculation on the first ciphertext information, and perform encryption calculation on at least the second random factor and the third random factor to obtain second ciphertext information.
  • the symmetric algorithm module 107 is specifically configured to accept the call of the processing module 110, decrypt the first ciphertext information, so as to obtain a factor for generating the negotiation key, and further set to accept the call of the processing module 110, and generate a negotiation key.
  • the factor is cryptographically calculated to safely send the factor that generated the negotiated key to the secure portion of the handset.
  • the symmetric algorithm module 107 of this embodiment may also be configured to perform decryption calculation and/or verification calculation on the information to be processed, and perform encryption calculation and/or verification calculation on the information to be processed in the security part of the mobile phone, in order to verify
  • the symmetric algorithm module 107 also performs a decryption calculation and/or a check calculation on the processed information.
  • the symmetric algorithm module 107 of the present embodiment can also accept the call of the processing module 110 to perform processing information. Encryption calculations and/or check calculations to ensure the authenticity and integrity of the processed information.
  • the random number module 108 is further configured to generate a first random factor and a third random factor.
  • the random number module 108 is specifically configured to generate a first random factor for preventing a replay attack, and generate a third random factor for generating the negotiation key, and accept the call of the processing module 110.
  • the hash module 109 is set to perform hash calculations. Specifically, the hash module 109 can accept the call of the processing module 110. When the processing module 110 invokes the public key algorithm module 106 to perform signature calculation on the information according to the private key of the user identification card, the hash calculation is performed to obtain the signature information to complete. The security feature of the user identification card.
  • the processing module 110 is further configured to: after the public key algorithm module 106 is invoked to authenticate the authentication certificate, the public key algorithm module 106 is invoked to perform the verification of the ciphertext signature information, and after the verification is passed, the symmetric algorithm module 107 is invoked. Decrypting the first ciphertext information, obtaining a second random factor, and calling the third random factor generated by the random number module 108, and calling the symmetric algorithm module 107 to encrypt the second random factor and the third random factor to obtain the second ciphertext. information. Specifically, the processing module 110 invokes each module to authenticate the certificate sent by the secure part of the mobile phone, check the signature sent by the secure part of the mobile phone, and decrypt the ciphertext sent by the secure part of the mobile phone.
  • the negotiation key of the card end enables the security part of the mobile phone and the user identification card to exchange information through the negotiation key, thereby improving the security of information interaction.
  • the user identification card of the present invention is used in conjunction with the secure portion of the mobile phone to implement secure online banking and/or confidential information transmission.
  • the structure of the user identity card is as shown in FIG. 1.
  • the user identity card and the security part of the mobile phone calculate the factors of the negotiation key through symmetric key calculation and send and verify each other.
  • the method generates a negotiation key, so that the user identification card and the mobile phone security part use the generated negotiation key to securely transmit information.
  • the communication module 101 is further configured to receive the first verification information and the to-be-processed information, and output the second verification information and the processing information; wherein the first verification information is calculated by using the first random factor.
  • the second verification information is calculated by the second random factor.
  • the communication module 101 accepts the call of the processing module 110, and is configured to receive the first verification information and the to-be-processed information, and output the second verification information and the processing information.
  • the first verification information is obtained by verifying the first random factor by using the first key by the security part of the mobile phone, and obtaining the first verification information by the user identification card and verifying the authenticity after obtaining the tampering
  • the first random factor may be generated by the secure part of the mobile phone, or may be generated by the user identity card to be sent securely to the secure part of the mobile phone.
  • the information to be processed is the information sent by the security part of the mobile phone to the user identification card, and the information may be confidential information that needs to be transmitted securely, or may be any information such as transaction information to be traded in the online banking.
  • the information may be confidential information that the mobile phone needs to output, for example, confidential information obtained by the mobile phone from a secure storage area of the mobile phone.
  • the information may be transaction information of the transaction to be executed, for example, transaction information such as a transaction account number and a transaction amount obtained by the mobile phone through the online banking client.
  • the second verification information is obtained by verifying the second random factor by the second identification key of the user identification card, so that the security part of the mobile phone obtains the second verification information and obtains the authenticity of the tampering after the verification is passed. Two random factors.
  • the user identification card and the secure part of the mobile phone generate a negotiation key of both parties according to the first random factor and the second random factor respectively obtained.
  • the processing information is information that the user identification card sends to the secure part of the mobile phone in response to the pending information. If the present invention is applied to secure transmission of confidential information, the processing information may be signed confidential information, etc.; if the present invention is applied to the Internet In the banking business, the processing information may be the signed transaction information and the like.
  • processing information may further include: the symmetric algorithm module 107 encrypts the signature information according to the negotiation key. Calculating the obtained encrypted information, wherein the signature information is obtained by the public key algorithm module 106 performing signature calculation according to the private key of the user identification card; or
  • the processing information includes: verification information obtained by the symmetric algorithm module 107 for verifying the signature information according to the negotiation key, and signature information, wherein the signature information is performed by the public key algorithm module 106 according to the private key of the user identification card. Calculated by signature; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 by performing encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing verification on the signature information, wherein the signature information is identified by the public key algorithm module 106 according to the user identity.
  • the private key of the card is calculated by signing the processed information; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 performing the encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing the check calculation on the encryption information, wherein the signature information is the public key algorithm module 106, which is identified according to the user identity.
  • the card's private key is calculated by signing the processed information.
  • the user identification card can ensure the security of the transmission of the signature information while transmitting the processing information.
  • the communication module 101 can be any interface such as a serial port, a USB interface, an NFC interface, a Bluetooth interface, an infrared interface, a button or an audio interface.
  • the security authentication module 102 is configured to perform security authentication on the user identity information and the user operation information. Specifically, the security authentication module 102 can accept the call of the processing module 110, perform security authentication on the identity information input by the user through the mobile phone input or other manners, and perform security authentication, such as a read operation, on the operation information of the user. The security authentication module 102 can set different security levels according to different users to complete the security authentication function according to the identity and/or operation of different users.
  • the permission control module 103 is configured to perform authority control on the call of the processing module 110 to each module. Specifically, the rights control module 103 can accept the call of the processing module 110 and cooperate with the processing module 110 to complete the call of the processing module 110 to each module, thereby controlling the call of the processing module 110. Of course, the rights control module 103 can also control the execution rights of the code and/or the application to ensure the security of the information, functions and applications.
  • the security protection module 104 is configured to at least perform operations on the operations of the public key algorithm module 106, the symmetric algorithm module 107, the random number module 108, and/or the hash module 109. Specifically, the security protection module 104 performs protection in the calculation by the call of the processing module 110 when the public key algorithm module 106 performs signature calculation and when the symmetric algorithm module 107 performs encryption and decryption calculation and/or verification calculation. Therefore, it can resist attack analysis such as energy analysis or electromagnetic analysis, and improve the difficulty of calculation and cracking, thereby improving the security of various information calculations.
  • the protection operation may include any scrambling operation such as frequency scrambling, power consumption scrambling or computational scrambling.
  • the protection operation may also be an operation such as balancing calculation, as long as the security protection purpose can be achieved, and operations such as attack prevention can belong to the protection scope of the present invention.
  • the security protection module 104 performs at least a protection operation on the calculation operations of the public key algorithm module 106 and/or the symmetric algorithm module 107.
  • the secure storage module 105 is further configured to store a private key of the user identification card, a first key for verification, and a second key.
  • the secure storage module 105 stores, in addition to the private key for performing signature calculation, the negotiation key for performing encryption and decryption calculation and/or the verification calculation, the private key of the user identification card, so as to be accepted by the processing module 110. Call, perform signature operations in confidential information transmission, and/or online banking signature operations.
  • the secure storage module 105 stores the first key and the second key for verification to accept the call of the processing module 110 to verify that the first check information obtains a true first random factor and to use the second random factor Perform a check calculation so that the secure part of the phone gets a true second random factor and improves security.
  • the first key and the second key may be the same key or different keys, as long as the user identification card and the security part of the mobile phone store the same verification calculation key. It should fall within the scope of protection of the present invention.
  • the public key algorithm module 106 is configured to perform signature calculations. Specifically, in the invocation of the processing module 110, the public key algorithm module 106 performs signature calculation according to the private key (which may be the private key of the user identification card in the present invention) that is set for the signature calculation stored in the secure storage module 105. Therefore, the security function of the user identification card can be realized.
  • the private key which may be the private key of the user identification card in the present invention
  • the symmetric algorithm module 107 is further configured to perform a check calculation on the first check information by using the first key, and perform a check calculation on the second random factor by using the second key to obtain the second check information.
  • the symmetric algorithm module 107 is specifically configured to accept the call of the processing module 110, and perform a check calculation on the first check information by using the first key, so that the processing module 110 obtains the true first random factor after the check is passed. .
  • the symmetric algorithm module 107 is further configured to accept the call of the processing module 110, and perform a check calculation on the second random factor by using the second key to obtain second check information, so as to securely transmit the second random factor, and ensure that the second random factor is transmitted.
  • the process is not tampered with, or even if it is tampered with, it can be verified in the security part of the mobile phone, so that the safe part of the mobile phone can obtain a true untamed second random factor.
  • the symmetric algorithm module 107 of this embodiment may also be configured to perform decryption calculation and/or verification calculation on the information to be processed, and perform encryption calculation and/or verification calculation on the information to be processed in the security part of the mobile phone, in order to verify The symmetric algorithm module 107 also performs a decryption calculation and/or a check calculation on the processed information.
  • the symmetric algorithm module 107 of the present embodiment can also accept the call of the processing module 110 to perform processing information. Encryption calculations and/or check calculations to ensure the authenticity and integrity of the processed information.
  • the random number module 108 is further configured to generate at least a second random factor.
  • the random number module 108 is specifically configured to generate a second random factor for generating a negotiation key, and accept the call of the processing module 110.
  • the hash module 109 is set to perform hash calculations. Specifically, the hash module 109 can accept the call of the processing module 110. When the processing module 110 invokes the public key algorithm module 106 to perform signature calculation on the information according to the private key of the user identification card, the hash calculation is performed to obtain the signature information to complete. The security feature of the user identification card.
  • the processing module 110 is further configured to check the first verification information by calling the first key stored by the security storage module 105 and the symmetric algorithm module 107, and after the verification is passed, calling the second generated by the random number module 108. A random factor is obtained, and the symmetric algorithm module 107 is called to perform a check calculation on the second random factor to obtain second verification information. specific, The processing module 110 is configured to invoke each module to verify the verification information sent by the security part of the mobile phone, and obtain a negotiation key generation factor to generate a negotiation key of the user identification card end, thereby making the security part of the mobile phone The user identification cards exchange information through negotiation keys to improve the security of information interaction.
  • the user identification card of the present invention is used in conjunction with the secure portion of the mobile phone to implement secure online banking and/or confidential information transmission.
  • the structure of the user identity card is as shown in FIG. 1.
  • the user identity card and the security part of the mobile phone generate a mutual public key to generate a negotiation by using the public key of the other party.
  • the key factor is sent and decrypted to obtain a negotiation key, and the negotiation key is generated, so that the user identity card and the mobile phone security part use the generated negotiation key to securely transmit the information.
  • the communication module 101 is further configured to receive the first ciphertext information and the to-be-processed information, and output the second ciphertext information and the processing information; wherein the first ciphertext information is a public key of the user identification card.
  • the second random cipher information is obtained by encrypting the first random factor
  • the second ciphertext information is obtained by encrypting the second random factor by the public key of the module to be interacted.
  • the communication module 101 accepts the call of the processing module 110, and is configured to receive the first ciphertext information and the to-be-processed information, and output the second ciphertext information and the processing information.
  • the first ciphertext information is obtained by encrypting the first random factor by using the generated public key of the user identification card, and the user identification card obtains the first encrypted information and identifies the private card of the user identity card.
  • the real first random factor obtained after the key is decrypted, the first random factor may be generated by the security part of the mobile phone, or may be generated by the user identity card to be sent securely to the secure part of the mobile phone.
  • the information to be processed is the information sent by the security part of the mobile phone to the user identification card, and the information may be confidential information that needs to be transmitted securely, or may be any information such as transaction information to be traded in the online banking.
  • the information may be confidential information that the mobile phone needs to output, for example, confidential information obtained by the mobile phone from a secure storage area of the mobile phone.
  • the information may be transaction information of a transaction to be executed, for example, transaction information such as a transaction account number and a transaction amount obtained by the mobile phone through an online banking client.
  • the second ciphertext information is obtained by encrypting the second random factor by the public key of the module to be interacted by the user identification card generated by the user identification card, so that the secure part of the mobile phone obtains the second ciphertext information and decrypts the real information.
  • the second random factor is obtained by encrypting the second random factor by the public key of the module to be interacted by the user identification card generated by the user identification card, so that the secure part of the mobile phone obtains the second ciphertext information and decrypts the real information.
  • the second random factor is obtained by encrypting the second random factor by the public key of the module to be interacted by the user identification card generated by the user identification card
  • the user identification card and the secure part of the mobile phone generate a negotiation key of both parties according to the first random factor and the second random factor respectively obtained.
  • Processing information that is, information sent by the user identification card to the secure part of the mobile phone in response to the pending information, if
  • the processing information may be confidential information after signature or the like. If the present invention is applied to online banking, the processing information may be signed transaction information or the like.
  • processing information may further include: the encrypted information obtained by the symmetric algorithm module 107 performing the encryption calculation on the signature information according to the negotiation key, wherein the signature information is performed by the public key algorithm module 106 according to the private key of the user identification card. Calculated by signature; or
  • the processing information includes: verification information obtained by the symmetric algorithm module 107 for verifying the signature information according to the negotiation key, and signature information, wherein the signature information is performed by the public key algorithm module 106 according to the private key of the user identification card. Calculated by signature; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 by performing encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing verification on the signature information, wherein the signature information is identified by the public key algorithm module 106 according to the user identity.
  • the private key of the card is calculated by signing the processed information; or
  • the processing information includes: the encryption information obtained by the symmetric algorithm module 107 performing the encryption calculation on the signature information according to the negotiation key, and the verification information obtained by performing the check calculation on the encryption information, wherein the signature information is the public key algorithm module 106, which is identified according to the user identity.
  • the card's private key is calculated by signing the processed information.
  • the user identification card can ensure the security of the transmission of the signature information while transmitting the processing information.
  • the communication module 101 can be any interface such as a serial port, a USB interface, an NFC interface, a Bluetooth interface, an infrared interface, a button or an audio interface.
  • the security authentication module 102 is configured to perform security authentication on the user identity information and the user operation information. Specifically, the security authentication module 102 can accept the call of the processing module 110, perform security authentication on the identity information input by the user through the mobile phone input or other manners, and perform security authentication, such as a read operation, on the operation information of the user. The security authentication module 102 can set different security levels according to different users to complete the security authentication function according to the identity and/or operation of different users.
  • the permission control module 103 is configured to perform authority control on the call of the processing module 110 to each module. Specifically, the rights control module 103 can accept the call of the processing module 110 and cooperate with the processing module 110 to complete the call of the processing module 110 to each module, thereby controlling the call of the processing module 110. Of course, the rights control module 103 can also control the execution rights of the code and/or the application to ensure the security of the information, functions and applications.
  • the security protection module 104 is configured to at least perform operations on the operations of the public key algorithm module 106, the symmetric algorithm module 107, the random number module 108, and/or the hash module 109. Specifically, the security protection module 104 performs protection in the calculation by the call of the processing module 110 when the public key algorithm module 106 performs signature calculation and when the symmetric algorithm module 107 performs encryption and decryption calculation and/or verification calculation. Therefore, it can resist attack analysis such as energy analysis or electromagnetic analysis, and improve the difficulty of calculation and cracking, thereby improving the security of various information calculations.
  • the protection operation may include any scrambling operation such as frequency scrambling, power consumption scrambling or computational scrambling.
  • the protection operation may also be an operation such as balancing calculation, as long as the security protection purpose can be achieved, and operations such as attack prevention can belong to the protection scope of the present invention.
  • the safety protection mode Block 104 performs at least a guard operation on the computational operations of public key algorithm module 106 and/or symmetric algorithm module 107.
  • the secure storage module 105 is further configured to store a private key of the user identification card and a public key calculation algorithm for generating a public key of the module to be interacted.
  • the secure storage module 105 stores, in addition to the private key for performing signature calculation, the negotiation key for performing encryption and decryption calculation and/or the verification calculation, the private key of the user identification card, so as to be accepted by the processing module 110.
  • the calling, performing the signature operation in the transmission of the confidential information and/or the signature operation of the online banking, etc. can also accept the call of the processing module 110, and decrypt the information to be encrypted and transmitted by the interactive module to be encrypted by the public key of the user identification card.
  • the security storage module 105 stores a public key calculation algorithm for performing public key generation of the module to be interacted, so as to accept the call of the processing module 110, and together with the public key algorithm module 106, generate a public key of the module to be interacted according to the identification information of the security part of the mobile phone (That is, the public key of the secure part of the mobile phone), so that the information that needs to be sent to the secure part of the mobile phone can be encrypted by the public key of the secure part of the mobile phone to ensure transmission security.
  • the public key algorithm module 106 is further configured to generate a public key of the module to be interacted according to the public key calculation algorithm and the identification information of the module to be interacted with.
  • the public key algorithm module 106 is configured to accept the call calculation, and is specifically configured to accept the call of the processing module 110, and generate the to-be-interactive module according to the public key calculation algorithm and the identification information of the module to be interacted (ie, the security part of the mobile phone).
  • Public key The identification information of the interaction module may include, but is not limited to, a serial number of the mobile phone CPU, a MAC address of the mobile phone CPU, and the like.
  • the symmetric algorithm module 107 is further configured to decrypt the first ciphertext information by using the private key of the user identity card, and perform encryption calculation on the second random factor by using the public key of the module to be interacted.
  • the symmetric algorithm module 107 is specifically configured to accept the call of the processing module 110, and decrypt the first ciphertext information by using the private key of the user identity card to obtain a factor for generating the negotiation key, and is further configured to receive the processing module 110.
  • the call, the factor for generating the negotiation key is encrypted and calculated by the public key of the module to be exchanged, so that the factor for generating the negotiation key is securely transmitted to the secure part of the mobile phone.
  • the symmetric algorithm module 107 of this embodiment may also be configured to perform decryption calculation and/or verification calculation on the information to be processed, and perform encryption calculation and/or verification calculation on the information to be processed in the security part of the mobile phone, in order to verify Processing the integrity and authenticity of the information, the symmetric algorithm module 107 also performs decryption calculations and/or check calculations on the processed information.
  • the symmetric algorithm module 107 of the present embodiment can also accept the call of the processing module 110, and perform encryption calculation and/or check calculation on the processing information to ensure the authenticity and integrity of the processed information.
  • the random number module 108 is further configured to generate at least a second random factor.
  • the random number module 108 is specifically configured to generate a second random factor for generating a negotiation key, and accept the call of the processing module 110.
  • the hash module 109 is set to perform hash calculations. Specifically, the hash module 109 can accept the call of the processing module 110, and the processing module 110 invokes the public key algorithm module 106 to sign the information according to the private key of the user identity card. In the calculation of the name, the hash calculation is performed to obtain the signature information to complete the security function of the user identification card.
  • the processing module 110 is further configured to invoke the symmetric algorithm module 107 to decrypt the first ciphertext information according to the private key of the user identity card to obtain the first random factor, and invoke the public key calculation algorithm and the public key algorithm module 106 stored by the secure storage module 105.
  • the public key of the module to be interacted is generated, and the second random factor generated by the random number module 108 is invoked, and the symmetric algorithm module 107 is invoked to perform encryption calculation on the second random factor according to the public key of the module to be interacted to obtain the second ciphertext information.
  • the processing module 110 is configured to invoke each module to decrypt the encrypted information sent by the secure part of the mobile phone to obtain a generation factor of the negotiation key, and generate a public key of the security part of the mobile phone according to the identification information of the security part of the mobile phone. Therefore, the negotiation key generation factor generated by the user identification card end can be securely transmitted to the security part of the mobile phone, and the negotiation key of the identification card is generated according to the negotiation key, so that the security part and the user identity of the mobile phone are obtained.
  • the identification cards exchange information through negotiation keys to improve the security of information interaction.
  • the user identification card of the present invention is used in conjunction with the secure portion of the mobile phone to implement secure online banking and/or confidential information transmission.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Abstract

La présente invention concerne une carte d'identification de l'identité d'un utilisateur qui comprend : un module de communication, conçu pour exécuter la réception et l'émission d'informations ; un module d'authentification de sécurité, conçu pour exécuter une authentification de sécurité sur des informations d'identité d'utilisateur et des informations d'opération d'utilisateur ; un module de commande d'autorisation, conçu pour exécuter une commande d'autorisation sur un appel exécuté par un module de traitement sur divers modules ; un module de protection de sécurité, conçu pour au moins exécuter une opération de protection sur des opérations d'un module d'algorithme à clé publique, un module d'algorithme symétrique, un module de nombres aléatoires et/ou un module de hachage ; un module de stockage de sécurité, conçu pour au moins stocker une clé privée afin d'exécuter un calcul de signature, ainsi qu'une clé d'accord afin d'exécuter un calcul de chiffrement et de déchiffrement et/ou un calcul de vérification ; le module d'algorithme de clé publique, conçu pour exécuter un calcul de signature ; le module d'algorithme symétrique, conçu pour exécuter un calcul de chiffrement et de déchiffrement et/ou un calcul de vérification ; le module de nombres aléatoires, conçu pour générer un facteur aléatoire ; le module de hachage, conçu pour exécuter un calcul de hachage ; le module de traitement, conçu pour exécuter un appel sur divers modules. La présente carte d'identification de l'identité d'un utilisateur effectue de manière sécurisée une transmission de données.
PCT/CN2015/070906 2014-04-18 2015-01-16 Carte d'identification de l'identité d'un utilisateur WO2015158172A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410156521.6A CN103944724B (zh) 2014-04-18 2014-04-18 一种用户身份识别卡
CN201410156521.6 2014-04-18

Publications (1)

Publication Number Publication Date
WO2015158172A1 true WO2015158172A1 (fr) 2015-10-22

Family

ID=51192224

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/070906 WO2015158172A1 (fr) 2014-04-18 2015-01-16 Carte d'identification de l'identité d'un utilisateur

Country Status (3)

Country Link
CN (1) CN103944724B (fr)
HK (1) HK1199984A1 (fr)
WO (1) WO2015158172A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106652665A (zh) * 2016-12-09 2017-05-10 西安电子科技大学 一种计算机组成原理的实验装置
CN107451647A (zh) * 2016-06-01 2017-12-08 北京军地联合网络技术中心 一种内置安全机制的营区专用sim卡
CN112885434A (zh) * 2021-03-23 2021-06-01 中国人民解放军联勤保障部队第九六〇医院 无网络环境下便携性信息采集与心理测试综合系统及方法
CN114615046A (zh) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 一种基于国密证书的管理员双因子认证方法

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944724B (zh) * 2014-04-18 2017-10-03 天地融科技股份有限公司 一种用户身份识别卡
CN104158567B (zh) * 2014-07-25 2016-05-18 天地融科技股份有限公司 蓝牙设备间的配对方法和系统、数据交互方法和系统
CN105812334B (zh) * 2014-12-31 2019-02-05 北京华虹集成电路设计有限责任公司 一种网络认证方法
CN106982214A (zh) * 2017-03-31 2017-07-25 山东超越数控电子有限公司 一种采用nfc技术的云桌面安全登录身份卡及云桌面安全登录方法
CN108985046A (zh) * 2018-06-07 2018-12-11 国民技术股份有限公司 一种安全停靠控制方法、系统及计算机可读存储介质
CN110728347A (zh) * 2019-09-16 2020-01-24 中云信安(深圳)科技有限公司 一种实体电子卡及实体电子卡卡面显示信息的更新方法
CN115022093B (zh) * 2022-08-05 2022-12-02 确信信息股份有限公司 基于多级密钥的可信cpu密钥计算方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938520A (zh) * 2010-09-07 2011-01-05 中兴通讯股份有限公司 一种基于移动终端签名的远程支付系统及方法
CN103164738A (zh) * 2013-02-06 2013-06-19 厦门盛华电子科技有限公司 一种基于移动支付多通道数字认证的手机用户识别卡
US20140032898A1 (en) * 2012-07-26 2014-01-30 Shenzhen Skyworth-RGB electronics Co. Ltd. Authentication system and method for digital televisions
CN103944724A (zh) * 2014-04-18 2014-07-23 天地融科技股份有限公司 一种用户身份识别卡

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7076062B1 (en) * 2000-09-14 2006-07-11 Microsoft Corporation Methods and arrangements for using a signature generating device for encryption-based authentication
CN100586065C (zh) * 2006-04-24 2010-01-27 北京易恒信认证科技有限公司 Cpk可信认证系统
CN100555936C (zh) * 2007-01-08 2009-10-28 中国信息安全产品测评认证中心 一种在智能卡与u盘复合设备中提高访问安全性的方法
CN101106455B (zh) * 2007-08-20 2010-10-13 北京飞天诚信科技有限公司 身份认证的方法和智能密钥装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938520A (zh) * 2010-09-07 2011-01-05 中兴通讯股份有限公司 一种基于移动终端签名的远程支付系统及方法
US20140032898A1 (en) * 2012-07-26 2014-01-30 Shenzhen Skyworth-RGB electronics Co. Ltd. Authentication system and method for digital televisions
CN103164738A (zh) * 2013-02-06 2013-06-19 厦门盛华电子科技有限公司 一种基于移动支付多通道数字认证的手机用户识别卡
CN103944724A (zh) * 2014-04-18 2014-07-23 天地融科技股份有限公司 一种用户身份识别卡

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XUAN, LEI ET AL.: "Smart Card Design Based on CPK Authentication Technology", PROCEEDINGS OF 2009 CONFERENCE ON COMMUNICATION FACULTY, 31 December 2009 (2009-12-31), pages 177 - 180 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107451647A (zh) * 2016-06-01 2017-12-08 北京军地联合网络技术中心 一种内置安全机制的营区专用sim卡
CN107451647B (zh) * 2016-06-01 2023-08-29 北京军地联合网络技术中心 一种内置安全机制的营区专用sim卡
CN106652665A (zh) * 2016-12-09 2017-05-10 西安电子科技大学 一种计算机组成原理的实验装置
CN112885434A (zh) * 2021-03-23 2021-06-01 中国人民解放军联勤保障部队第九六〇医院 无网络环境下便携性信息采集与心理测试综合系统及方法
CN114615046A (zh) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 一种基于国密证书的管理员双因子认证方法
CN114615046B (zh) * 2022-03-07 2024-04-30 中国大唐集团科学技术研究总院有限公司 一种基于国密证书的管理员双因子认证方法

Also Published As

Publication number Publication date
CN103944724A (zh) 2014-07-23
CN103944724B (zh) 2017-10-03
HK1199984A1 (en) 2015-07-24

Similar Documents

Publication Publication Date Title
US11757662B2 (en) Confidential authentication and provisioning
WO2015158172A1 (fr) Carte d'identification de l'identité d'un utilisateur
CN109309565B (zh) 一种安全认证的方法及装置
US9467430B2 (en) Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
USH2270H1 (en) Open protocol for authentication and key establishment with privacy
US20190364032A1 (en) Method for carrying out a two-factor authentication
US10142107B2 (en) Token binding using trust module protected keys
US8689290B2 (en) System and method for securing a credential via user and server verification
EP2639997B1 (fr) Procédé et système pour accès sécurisé d'un premier ordinateur à un second ordinateur
AU2011305477B2 (en) Shared secret establishment and distribution
KR101634158B1 (ko) 일종의 신분 인증 및 공유키 생성방법
WO2015161689A1 (fr) Procédé de traitement de données basé sur une clé de négociation
WO2016054905A1 (fr) Procédé de traitement de données
WO2015135398A1 (fr) Procédé de traitement de données basé sur des clés de négociation
CN113507372A (zh) 一种接口请求的双向认证方法
WO2015109958A1 (fr) Procédé de traitement de données basé sur une clé de négociation, et téléphone mobile
CN102999710A (zh) 一种安全共享数字内容的方法、设备及系统
KR102128244B1 (ko) Ssl/tls 기반의 네트워크 보안 장치 및 방법
WO2015158173A1 (fr) Procédé de traitement de données à base de clé d'accord
CN117081736A (zh) 密钥分发方法、密钥分发装置、通信方法及通信装置
WO2023284691A1 (fr) Procédé, système et appareil d'ouverture de compte
Nishimura et al. Secure authentication key sharing between personal mobile devices based on owner identity
KR101271464B1 (ko) 이중 인증 시스템의 비밀키 암호화 방법
Chen et al. Building general-purpose security services on EMV payment cards
KR101298216B1 (ko) 복수 카테고리 인증 시스템 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15780370

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15780370

Country of ref document: EP

Kind code of ref document: A1