WO2017076277A1 - Clé de banque en ligne pour carte de communication et son procédé de fonctionnement - Google Patents

Clé de banque en ligne pour carte de communication et son procédé de fonctionnement Download PDF

Info

Publication number
WO2017076277A1
WO2017076277A1 PCT/CN2016/104244 CN2016104244W WO2017076277A1 WO 2017076277 A1 WO2017076277 A1 WO 2017076277A1 CN 2016104244 W CN2016104244 W CN 2016104244W WO 2017076277 A1 WO2017076277 A1 WO 2017076277A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
communication
key
communication card
bluetooth
Prior art date
Application number
PCT/CN2016/104244
Other languages
English (en)
Chinese (zh)
Inventor
肖德银
刘义
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Priority to CN201680003522.4A priority Critical patent/CN107111729A/zh
Publication of WO2017076277A1 publication Critical patent/WO2017076277A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the invention relates to the field of online banking security technology, in particular to a communication card network silver KEY and a working method thereof.
  • the traditional communication card is installed in a device such as a mobile phone, and communicates with a device such as a mobile phone through the 7816 contact interface to meet the needs of the telecommunication application.
  • the communication card may be a communication card of various sizes and types such as a standard SIM (Subscriber Identity Module) card, a USIM card, a UIM card, a MicroSIM card, a NanoSIM card, and the like.
  • SIM Subscriber Identity Module
  • the present invention provides a communication card network silver KEY.
  • the online banking KEY can support a public password system, and is installed in a mobile phone and the like, through Bluetooth wireless communication and a mobile phone.
  • the device communication completes the encryption, decryption, signature, verification, and key exchange required for online banking, and solves the requirements of identity authentication and data encryption to meet the needs of online banking applications.
  • the invention provides a communication card network silver KEY, which comprises: an ISO7816 interface and a power management module, a communication card telecommunication application module, a security chip module supporting a public password system, and a Bluetooth communication module;
  • ISO7816 interface and power management module is connected with communication card slot of communication device such as mobile phone, and obtains electric energy from communication device;
  • the communication card telecom application module communicates with the communication device through the ISO7816 interface and the ISO7816 interface provided by the power management module to complete the telecommunication application;
  • the security chip module supporting the public password system is connected with the Bluetooth communication module, and can perform wireless, wireless communication with the communication device to complete operations such as encryption, decryption, signature, verification, and key exchange;
  • a Bluetooth communication module is used to implement Bluetooth communication between the communication card and the communication device.
  • the ISO7816 and the power management module include: an ISO7816 contact interface and a power management unit;
  • the ISO7816 contact interface includes: a power source and a ground input subunit;
  • the power management unit includes: a short circuit protection subunit.
  • the communication card telecommunication application module comprises: a system level chip (SOC chip) and a storage unit;
  • SOC chip system level chip
  • storage unit a storage unit
  • SOC chip for completing application logic processing, such as telecommunication user identification, telecom loading application processing, etc.;
  • the storage unit is used to store user data, such as user address book, telecom load application data, and the like.
  • the security module supporting the public cryptosystem includes: a security SOC chip unit, a public cryptosystem encryption and decryption unit, and a secure storage unit;
  • the secure SOC chip unit is used to perform security detection and protection. It can protect against active intrusive attacks and passive detection attacks, such as light detection, temperature detection, frequency detection, voltage detection, protection layer design, and tamper-proof design.
  • Public cryptosystem encryption and decryption unit for performing asymmetric cryptographic algorithms and symmetric cryptographic algorithms Row encryption, decryption, signature, verification, key exchange and other operations;
  • a secure storage unit that performs encryption and storage protection of user data.
  • the Bluetooth communication module includes: a Bluetooth communication chip unit and a radio frequency management unit; wherein
  • Bluetooth communication chip for controlling Bluetooth wireless communication
  • the radio frequency management unit includes a radio frequency Bluetooth antenna for transmitting and receiving radio frequency signals.
  • the invention also provides another communication card network silver KEY, which comprises: ISO7816 interface and power management module, communication card telecommunication application module, security chip module supporting public password system, bluetooth communication module; wherein, communication card telecommunication application module And the security chip module supporting the public cryptosystem, without complete physical isolation, is only a logical functional division.
  • SIM telecom application module logic function can be integrated in a security chip module supporting a public cryptosystem.
  • SIM telecom application module and the security module supporting the public cryptosystem can be integrated in the same physical module, and the two types of functions can be isolated by means of a software firewall.
  • a working method of a communication card network silver KEY according to the present invention comprising:
  • the communication card network KEY completes the typical telecommunication application through the ISO7816 contact interface, and the Bluetooth data channel is opened, communicates with the mobile phone through the Bluetooth wireless channel, and supports the public key encryption.
  • the security chip of the system completes the encryption, decryption, signature, verification, key exchange, etc. required for the business, completes the user identity authentication, provides business data to the mobile phone and other devices, and sends the data to the background server to complete online such as login, transfer, etc. Banking operations.
  • the present invention provides another method for working with a communication card network silver KEY, the method comprising:
  • the communication card network KEY completes the typical telecommunication application through the ISO7816 contact interface, and the Bluetooth data channel is opened, communicates with the mobile phone through the Bluetooth wireless channel, and supports the public key encryption.
  • the security chip of the system completes the encryption, decryption, signature, verification, key exchange, etc. required for the business, completes the user identity authentication, provides business data to the mobile phone and other devices, and sends the data to the background server to complete online such as login, transfer, etc.
  • Banking operations; telecommunications business processing and online banking processing are isolated by means of application firewalls, business processing The order is adjusted according to the application requirements and is not physically isolated.
  • the communication card provided by the present invention can communicate with devices such as mobile phones through Bluetooth extended wireless communication mode, and based on the built-in support public password system.
  • the communication card provided by the invention can be installed in a device such as a mobile phone, and is powered by a device such as a mobile phone, and controlled by an input/output interface provided by a device such as a mobile phone, the portability and ease of use of the device are superior to the USBKEY product of the online banking. And provide high security for online banking applications such as mobile phones.
  • FIG. 1 is a schematic structural diagram of a communication card network silver KEY according to the present invention.
  • FIG. 2 is a schematic structural diagram of another communication card network silver KEY provided by the present invention.
  • FIG. 3 is a schematic diagram showing the workflow of the communication card network silver KEY shown in FIG. 1;
  • FIG. 4 is a schematic diagram showing the workflow of the communication card network silver KEY shown in FIG. 2.
  • the communication card 10 includes: an ISO7816 interface and power management module 101, a communication card telecommunications application module 102, and a security chip supporting a public password system.
  • Module 103 Bluetooth communication module 104; wherein
  • the ISO7816 interface and power management module 101 is respectively connected with the communication card telecom application module 102, the security chip module 103 supporting the public password system, and the Bluetooth communication module 104 to provide working power for each module of the system; the ISO7816 interface and the power management module 101 and the communication card
  • the telecommunication application module 102 can be connected to a communication device such as a mobile phone through a communication card slot to complete a communication card telecommunication application;
  • the security chip module 103 supporting the public password system can be connected with the Bluetooth communication module 104, and complete the Bluetooth data communication with the communication device such as the mobile phone and the business logic function of the public password system;
  • the Bluetooth communication module 104 is configured to implement Bluetooth communication between the communication card and the communication device.
  • the ISO7816 and the power management module 101 include: an ISO7816 contact interface and a power management unit;
  • the ISO7816 contact interface includes: a power source and a ground input subunit;
  • the power management unit includes: a short circuit protection subunit.
  • the communication card telecom application module 102 includes: a system level chip (SOC chip) and a storage unit, and the user data is stored in the storage unit and processed by the system level chip (SOC chip);
  • SOC chip system level chip
  • SOC chip for completing application processing, such as telecommunication user identification, telecom loading application processing, etc.
  • a storage unit for storing user data such as a user address book, a telecom load application data, and the like.
  • the security module 103 supporting the public cryptographic system includes: a secure SOC chip unit, a public cryptographic system encryption and decryption unit, and a secure storage unit.
  • the user data is stored in a secure storage unit and processed by a public cryptographic system encryption and decryption unit. And input and output via a secure SOC chip unit;
  • the security SOC chip unit is used to perform security detection and protection. It needs to be able to protect against active intrusive attacks and passive detection attacks, such as light detection, temperature detection, frequency detection, voltage detection, protection layer design, and tamper-proof design.
  • a public cryptosystem encryption and decryption unit for performing an asymmetric cryptographic algorithm and a symmetric cryptographic algorithm, performing operations such as encryption, decryption, signature, verification, and key exchange;
  • a secure storage unit that performs encryption and storage protection of user data.
  • the Bluetooth communication module 104 includes: a Bluetooth communication chip unit and a radio frequency management unit; wherein
  • Bluetooth communication chip for controlling Bluetooth wireless communication
  • the radio frequency management unit includes a radio frequency Bluetooth antenna for transmitting and receiving radio frequency signals.
  • the communication card 20 includes: an ISO7816 interface and power management module 201, a Bluetooth communication module 204, a communication card telecommunications, and a security chip module 205.
  • the communication card telecom and security chip module 205 can be logically divided into a communication card telecommunication application module 202 and a security chip module 203 supporting a public cryptosystem; wherein the ISO7816 interface and power management module 201 and the communication card telecommunication application module 202
  • the security chip module 203 and the Bluetooth communication module 204 supporting the public password system are connected to provide working power for each module of the system.
  • the ISO7816 interface and power management module 201 is connected to the communication card telecom and security chip module 205, and can be connected with a communication device such as a mobile phone through a communication card slot to complete the communication card telecommunication application, and simultaneously connected with the Bluetooth communication module 204 to complete a communication device with the mobile phone.
  • Bluetooth data communication and business logic functions of the public password system are connected to the communication card telecom and security chip module 205, and can be connected with a communication device such as a mobile phone through a communication card slot to complete the communication card telecommunication application, and simultaneously connected with the Bluetooth communication module 204 to complete a communication device with the mobile phone.
  • the communication card telecommunication application module 202 and the security module 203 supporting the public cryptosystem can be integrated in the same physical module, and the two types of functions can be isolated by means of a software firewall.
  • the communication card network silver KEY of the invention can be installed in a communication card slot of a device such as a mobile phone, and can be controlled by input and output of a device such as a mobile phone, and has good portability and ease of use;
  • the communication card network silver KEY of the invention comprises an ISO7816 interface and power management module, a communication card telecommunications application module, a security chip module supporting a public password system, and a Bluetooth communication module;
  • the communication card network silver KEY of the invention supports a public cryptosystem, provides asymmetric cryptographic algorithms and symmetric cryptographic algorithm support, supports encryption, decryption, signature, verification, key exchange, etc., and can meet the requirements of online banking application for identity authentication. ;
  • the communication card network silver KEY of the invention provides a bluetooth wireless communication interface, which can be installed with a mobile phone. It is set up for wireless communication, which is compatible with devices such as mobile phones, and provides a high-security data communication path through the public password system.
  • FIG. 3 is a schematic diagram of the workflow of the communication card network silver KEY shown in FIG. 1.
  • the communication card network silver KEY completes the typical through the ISO7816 contact interface.
  • Telecommunications applications such as telecom user identification, telecom loading application processing, etc.
  • the Bluetooth data channel is enabled, communicates with the mobile phone through the Bluetooth wireless channel, and encrypts, decrypts, signs, and performs the business required by the security chip supporting the public key encryption system.
  • Checking, key exchange, etc., complete user identity authentication provide business data to mobile phones and other devices, and send data to the background server to complete online banking operations such as login, transfer, etc.
  • FIG. 4 is a schematic diagram of the workflow of the communication card network silver KEY shown in FIG. 2.
  • the communication card network silver KEY is completed through the ISO7816 contact interface.
  • Telecom application at the same time, the Bluetooth data channel is opened, communicates with the mobile phone through the Bluetooth wireless channel, and the user identity is completed by encrypting, decrypting, signing, verifying, key exchange, etc. required by the security chip supporting the public key encryption system to complete the business.
  • Authentication providing business data to devices such as mobile phones, and sending data to the back-end server to complete online banking operations such as login and transfer.
  • the telecom service processing and the online banking service are isolated by applying a firewall, and the service processing sequence is adjusted according to the application requirements, and is not physically isolated.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne une clé de banque en ligne pour carte de communication et son procédé de fonctionnement, ladite clé de banque en ligne comprenant : un module d'interface ISO 7816 et de gestion d'énergie, un module d'application de télécommunication pour carte de communication, un module à puce de sécurité prenant en charge la cryptographie à clé publique, et un module de communication Bluetooth. Le module d'interface ISO 7816 et de gestion d'énergie est connecté à une fente pour carte de communication d'un dispositif de communication, et également connecté au module d'application de télécommunication pour carte de communication, au module à puce de sécurité prenant en charge la cryptographie à clé publique et au module de communication Bluetooth. Le module d'application de télécommunication pour carte de communication communique avec le dispositif de communication par l'intermédiaire de l'interface ISO 7816 fournie par le module d'interface ISO 7816 et de gestion d'énergie afin de mener à bien l'opération de l'application de télécommunication. Le module à puce de sécurité prenant en charge la cryptographie à clé publique est connecté au module de communication Bluetooth pour mener à bien des opérations de chiffrement, de déchiffrement, de signature, de vérification de signature, d'échange de clé et autres.
PCT/CN2016/104244 2015-11-03 2016-11-01 Clé de banque en ligne pour carte de communication et son procédé de fonctionnement WO2017076277A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201680003522.4A CN107111729A (zh) 2015-11-03 2016-11-01 通信卡网银key及其工作方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510736829 2015-11-03
CN201510736829.2 2015-11-03

Publications (1)

Publication Number Publication Date
WO2017076277A1 true WO2017076277A1 (fr) 2017-05-11

Family

ID=58662496

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/104244 WO2017076277A1 (fr) 2015-11-03 2016-11-01 Clé de banque en ligne pour carte de communication et son procédé de fonctionnement

Country Status (3)

Country Link
CN (1) CN107111729A (fr)
TW (1) TWI650722B (fr)
WO (1) WO2017076277A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN208314834U (zh) * 2017-11-03 2019-01-01 河南芯盾网安科技发展有限公司 蓝牙贴膜卡

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798943A1 (fr) * 2005-12-13 2007-06-20 Axalto SA SIM avec client de messagerie
CN101394615A (zh) * 2007-09-20 2009-03-25 中国银联股份有限公司 一种基于pki技术的移动支付终端及支付方法
CN102693480A (zh) * 2012-05-11 2012-09-26 福建联迪商用设备有限公司 具有读卡功能的移动终端及移动终端支付方法
CN103020547A (zh) * 2012-11-13 2013-04-03 中兴通讯股份有限公司 执行命令的方法、装置、智能卡及移动终端

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2039188A2 (fr) * 2006-06-08 2009-03-25 Ciaran Bradley Procédés et appareils pour un pare-feu basé sur un module d'identification de l'abonné (sim)
TW200951756A (en) * 2008-06-12 2009-12-16 Unication Co Ltd Security and protection system of a mobile communication device
CN102137515B (zh) * 2010-01-27 2013-12-18 国民技术股份有限公司 一种ic卡装置
CN103955739B (zh) * 2014-05-20 2017-03-15 北京智联安科技有限公司 一种蓝牙薄膜sim卡和访问手机sim卡的方法
CN104504563B (zh) * 2014-12-30 2018-05-15 中孚信息股份有限公司 一种移动信息安全设备及其工作方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798943A1 (fr) * 2005-12-13 2007-06-20 Axalto SA SIM avec client de messagerie
CN101394615A (zh) * 2007-09-20 2009-03-25 中国银联股份有限公司 一种基于pki技术的移动支付终端及支付方法
CN102693480A (zh) * 2012-05-11 2012-09-26 福建联迪商用设备有限公司 具有读卡功能的移动终端及移动终端支付方法
CN103020547A (zh) * 2012-11-13 2013-04-03 中兴通讯股份有限公司 执行命令的方法、装置、智能卡及移动终端

Also Published As

Publication number Publication date
TW201717139A (zh) 2017-05-16
TWI650722B (zh) 2019-02-11
CN107111729A (zh) 2017-08-29

Similar Documents

Publication Publication Date Title
US11277394B2 (en) Managing credentials of multiple users on an electronic device
US20220245609A1 (en) Methods and arrangements for a personal point of sale device
EP2053827B1 (fr) Procédé de personnalisation sécurisé d'un chipset NFC
JP6701431B2 (ja) セキュアチャネルの確立
US20180336553A1 (en) Facilitating a fund transfer between user accounts
US20130173477A1 (en) Storing and forwarding credentials securely from one RFID device to another
US20160232523A1 (en) Method for securing over-the-air communication between a mobile application and a gateway
CN104240074B (zh) 基于身份认证的预付卡联机支付系统及其支付方法
CN105516180A (zh) 基于公钥算法的云密钥认证系统
EP4140119B1 (fr) Chiffrement secret en ligne
JP2023539633A (ja) 電話から電源カード、電話のBluethooth通信へのNFCフィールドの使用
WO2017101585A1 (fr) Dispositif de lecture de carte à puce et procédé
CN110100411B (zh) 密码系统管理
CA2539658C (fr) Securisation de lien entre dispositifs
TW201624371A (zh) 基於近場通信之支付系統及其方法
WO2017076277A1 (fr) Clé de banque en ligne pour carte de communication et son procédé de fonctionnement
TWM569453U (zh) Digital data processing system
KR102076313B1 (ko) 무선단말의 유심기반 전자서명 처리 방법
KR102149313B1 (ko) 유심기반 전자서명 처리 방법
KR102078319B1 (ko) 통신사의 유심기반 전자서명 처리 방법
Anggoro et al. Secure Smartphone-Based NFC Payment to Prevent Man-in-the-Middle Attack
KR101513435B1 (ko) 키 입력 보호 방법과 이를 위한 키 입력 보호 장치
KR102149315B1 (ko) 금융사의 유심기반 전자서명 처리 방법
KR20150023144A (ko) 유심을 이용한 전자서명 처리 방법
TWI496481B (zh) 行動電子裝置認證系統及應用其之行動電子裝置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16861545

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20.09.2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16861545

Country of ref document: EP

Kind code of ref document: A1