CN102710412A - Method and device for compatible management of encryption algorithm - Google Patents
Method and device for compatible management of encryption algorithm Download PDFInfo
- Publication number
- CN102710412A CN102710412A CN2012101394497A CN201210139449A CN102710412A CN 102710412 A CN102710412 A CN 102710412A CN 2012101394497 A CN2012101394497 A CN 2012101394497A CN 201210139449 A CN201210139449 A CN 201210139449A CN 102710412 A CN102710412 A CN 102710412A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- application
- aes
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a computer electronic account managing technology and discloses a method and a device for compatible management of an encryption algorithm. The method comprises the following steps of: setting AID menus of different encryption algorithms in a PSAM (Purchase Secure Access Module) card and a user card; saving application data needed by an executing payment flow into each AID menu, so that no matter which encryption algorithm is supported by the user card, the PSAM card can be matched and the corresponding encryption algorithm is called to finish the payment flow; the different AID menus can be conveniently utilized and the compatible management of the different encryption algorithms under the same application flow is realized; on the premise that the payment flow is not changed, any other instruction is not added and terminal equipment is not modified, the user card and the PASM card can be guaranteed to be smoothly transited to a standard encryption algorithm formulated by National Password Bureau through a DES (Data Encryption Standard) algorithm; and the working performance of a payment system is guaranteed and the cost is minimized.
Description
Technical field
The present invention relates to the electronic account administrative skill, particularly to compatible method and the device of managing of AES.
Background technology
At present domestic electronic account carrier (as; IC-card, SIM); Basically all be to use DES (Data Encryption Standard, data encryption standard) algorithm as AES, wherein; So-called electronic account is meant EDEP (Electronic Purse Electronic Deposit, stored value card electronic bankbook) or the like virtualized currency application mode.
With the IC-card is example; The concrete application flow of electronic account carrier is as shown in Figure 1, wherein, after selecting different types of transaction, will carry out different transaction operations; For example: circle is deposited, consumes, is enclosed and carry or the like; These operations all relate to the proof procedure between the inner PSAM of electronic account carrier, point-of-sale terminal and point-of-sale terminal (Purchase Secure Access Module, consumption safety access module), and the proof procedure of this type will relate to and use the DES algorithm to carry out mutual authentication.
Because the limitation of DES algorithm, and the DES algorithm is not State Commercial Cryptography Administration's specified standard algorithm, therefore; In technical development from now on; The DES algorithm is bound to replaced by other encryption standard algorithms of State Commercial Cryptography Administration's regulation, and for example, (ShangMi 1 for SM1; Discuss secret No. 1) algorithm, so just relate to a transition process using different AESs.
Under the prior art; With being applied in when moving between different AESs, can relate to point-of-sale terminal (like, POS machine), inner PSAM (the Purchase Secure Access Module of point-of-sale terminal; The consumption safety access module), and the electronic account carrier revise.Accordingly; Can engender electronic account carrier and the point-of-sale terminal that to use the national standard AES on the market; Yet; Only can use the electronic account carrier and the point-of-sale terminal of DES algorithm also can not withdraw from the market at once, therefore, DES algorithm and the new simultaneously applied scene of national standard AES will occur.
In such cases, in case the AES that employed AES of electronic account carrier and point-of-sale terminal use is inconsistent, will occur can't compatible situation, and this will have a strong impact on the normal use of stored value card.
Summary of the invention
The embodiment of the invention provides the method and the device of the compatible management of AES, and is compatible in order to the application that realizes DES algorithm and new national standard AES.
The concrete technical scheme that the embodiment of the invention provides is following:
The method of the compatible management of a kind of AES comprises:
Corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in consumption safety access module PSAM card and/or subscriber card;
The PSAM card is known when subscriber card triggers payment flow, to subscriber card transmission selection instruction, carries the AES application identifier in this selection instruction;
If corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in the said subscriber card; Then said subscriber card sticks into the row response to said PSAM; To the AES application identifier of PSAM cartoon knowledge capital ground support use, and adopt the application data and the PSAM that preserve under the corresponding catalogue of this AES application identifier to stick into row payment negotiation;
If corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in the said PSAM card; Then the PSAM card is according to the response of subscriber card; Confirm the AES application identifier that the subscriber card support is used, and adopt the negotiation of paying of the application data of preserving under the corresponding catalogue of this encryption algorithm identifiers and subscriber card.
The device of the compatible management of a kind of AES comprises:
Memory module is used for setting up catalogue respectively and preserving the application corresponding data in the local corresponding multiple second AES application identifier;
Communication module is used for when knowing that subscriber card triggers payment flow, sending selection instruction to subscriber card, carries the AES application identifier in this selection instruction,
Processing module is used for the response according to subscriber card, when confirming AES algorithm application identifier that the subscriber card support uses, and adopts the negotiation of paying of the application data of preserving under the corresponding catalogue of this AES application identifier and subscriber card.
The device of the compatible management of a kind of AES comprises:
Memory module is used for setting up catalogue respectively and preserving the application corresponding data in the corresponding multiple encryption algorithms application identifier of subscriber card;
Communication module is used for after triggering payment flow, receives the selection instruction that consumption safety access module PSAM card sends, and carries the AES application identifier in this selection instruction;
Control module is used for sticking into the row response to PSAM, to the AES application identifier of PSAM cartoon knowledge capital ground support use, and adopts the application data and the PSAM that preserve under the corresponding catalogue of this AES application identifier to stick into row payment negotiation.
In the embodiment of the invention, in PSAM card and subscriber card, all be provided with the AID catalogue of different AESs, and under each AID catalogue, preserve and carry out the required application data of payment flow; Like this; No matter subscriber card is supported any AES, and the PSAM card all can cooperate and calls corresponding AES and accomplish payment flow, correspondingly; No matter the PSAM card is supported any AES; Subscriber card also all can cooperate and calls corresponding AES and accomplish payment flow, convenient for different AID catalogues, realized the same application flow process under different AESs compatibility manage; Do not changing payment flow, do not adding under the prerequisite any other instruction, that do not revise terminal equipment; Guaranteed the transition that can be well on by the Standard Encryption algorithm that the DES algorithm is formulated to State Commercial Cryptography Administration of subscriber card and PSAM card, when having guaranteed the payment system service behaviour, will realize that also cost reduces to minimum.
Description of drawings
Fig. 1 is an electronic account application flow sketch map under the prior art;
Fig. 2 is PSAM card and a subscriber card illustrative view of functional configuration in the embodiment of the invention;
The file content sketch map of Fig. 3 for writing down in the PSAM card in the embodiment of the invention;
The file content sketch map of Fig. 4 for writing down in the subscriber card in the embodiment of the invention;
Fig. 5 carries out compatible management flow chart for PSAM card in the embodiment of the invention and subscriber card to AES;
Fig. 6 encrypts sketch map to message in the embodiment of the invention in payment flow;
Fig. 7 encrypts sketch map to clear data in the embodiment of the invention in data updating process;
Fig. 8 deciphers sketch map to encrypt data in the embodiment of the invention in data updating process.
Embodiment
For realize multiple encryption algorithms application compatible, have following several kinds of modes available:
1, the national standard AES of DES algorithm and redetermination is set in the electronic account carrier simultaneously; Can support to use the point-of-sale terminal of two kinds of AESs can pass through different AID (Application Identifer; Application identifier), select to use any algorithm to the electronic account carrier.
2, the point-of-sale terminal that can support to use two kinds of AESs has only instruction to verify successfully and could use corresponding AES to electronic account carrier transmission algorithm selection instruction.
3, can support to use the point-of-sale terminal of two kinds of AESs to send instruction to electronic account, which kind of AES this instruction uses, and which kind of AES is follow-up acquiescence use.
4, can support to use between point-of-sale terminal and the electronic account carrier of two kinds of AESs and adopt the noncontact agreement to utilize ATQA (Answer To request Type A; The request-reply of category-A) and REQA (REQuest command Type A; The request command of category-A) RFU (Reserved for Future Use uses after being reserved as) byte is carried out the negotiation of AES.
5, can support to use the point-of-sale terminal of two kinds of AESs to adopt ciphertext+MAC (Message Authentication Code; The message authentication code) mode sends instructions under the electronic account carrier, and the electronic account carrier is judged which kind of AES of use according to the content after deciphering.
In theory, several kinds of top modes can both realize the migration of AES, and still, but there is following defective in 2-5 kind mode:
When adopting the 2nd kind of mode,, therefore can revise transaction flow, thereby improve implementation complexity owing to increased a selection instruction;
When adopting the 3rd kind of mode, be used to indicate the instruction of adopting which kind of AES, therefore also can revise transaction flow, thereby improve implementation complexity owing to also increased by one;
When adopting the 4th kind of mode,, can influence the compatibility of point-of-sale terminal owing to relate to noncontact agreement and the modification that contacts agreement;
When adopting the 5th kind of mode, owing to be to confirm to adopt which kind of AES through decrypted message, so the fail safe of algorithm is not high.
This shows, adopt the 1st kind of mode to realize that the compatibility of AES is more satisfactory selection.Be specially: corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in PSAM card and/or subscriber card; The PSAM card is known when subscriber card triggers payment flow; Send selection instruction to subscriber card; Carry the AES application identifier in this selection instruction, if corresponding multiple encryption algorithms application identifier is set up catalogue respectively and preserved the application corresponding data in the subscriber card, then subscriber card sticks into the row response to PSAM; Support the AES application identifier of use to PSAM cartoon knowledge capital ground; And adopt the application data and the PSAM that preserve under the corresponding catalogue of this AES application identifier to stick into row payment negotiation, if corresponding multiple encryption algorithms application identifier is set up catalogue respectively and preserved the application corresponding data in the PSAM card, then the PSAM card is according to the response of subscriber card; Confirm the AES application identifier that the subscriber card support is used, and adopt the negotiation of paying of the application data of preserving under the corresponding catalogue of this encryption algorithm identifiers and subscriber card.Pay when consulting at PSAM card and subscriber card; The PSAM card promptly is the opposite end of subscriber card, and corresponding, subscriber card also is the opposite end of PSAM card; PSAM card and subscriber card all can adopt the negotiation of paying of AES and the opposite end of mutual correspondence, and detailed process describes in the subsequent implementation example.
In the practical application, the AES that can preserve in PSAM card and the subscriber card has multiple, in following examples, is that example describes with DES algorithm and these two kinds of AESs of SM1 algorithm only.
Below in conjunction with accompanying drawing the preferred embodiment of the present invention is elaborated.
Consult shown in Figure 2ly, in the embodiment of the invention, comprise memory module 20, communication module 21 and processing module 22 at the PSAM card of terminal equipment (like, POS machine) set inside, wherein,
Memory module 20 is used for the AID of corresponding respectively DES algorithm and the AID of SM1 algorithm and sets up catalogue and preserve the application corresponding data; Wherein, the AID of DES algorithm continues to use the AID that is using at present, like AID
(DES)=A00001, and the AID of SM1 algorithm then used the AID of redetermination, like AID
(SM1)=A00002, follow-up all so settings will be repeated no more.
For example, consult shown in Figure 3ly, under DES catalogue that memory module 20 is preserved and SM1 catalogue, record respectively based on DES algorithm application data with based on SM1 algorithm application data.Wherein, Can be included under the DES algorithm application master control key data element that uses (like, KEY file), applicating maintenance key data unit, use main worker's key data unit, use public information file and terminal applies transaction sequence number data element based on DES algorithm application data; Equally; Can be included under the SM1 algorithm application master control key data element that uses (like, Key file), applicating maintenance key data unit, use main worker's key data unit, use public information file and terminal applies transaction sequence number data element based on SM1 algorithm application data;
Further; Also record the card management related data in the memory module 20; As, DIR (Directory, catalogue) catalogue data file, card master control key data element, card maintenance key data element, card public information file, end message file or the like; Can also preserve other application class data, give an example no longer one by one at this.
In the embodiment of the invention, in order to save memory space, in memory module 20, can adopt following mode to preserve the required application data of payment flow (being merely for example): at first, the AID of corresponding SM1 algorithm sets up the SM1 catalogue; Secondly, the AID of corresponding DES algorithm sets up the DES catalogue; At last; SM1 catalogue and DES catalogue are pointed to the identical file folder; And in this document folder, preserve the required application data of execution payment flow, wherein, record in this application data the Key file (be called Key1) related with the SM1 algorithm and with the related Key file (being called Key2) of DES algorithm.
As shown in Figure 3, the meaning that so is provided with is, the DES catalogue has been mapped to the SM1 catalogue; Two kinds of catalogues are pointed to the identical file folder, in this document folder, have preserved the required common application data of payment flow, as; Applicating maintenance key data unit, the main worker's key data of application unit, application public information file and terminal applies transaction sequence number data element or the like in order to distinguish DES algorithm and SM1 algorithm, can adopt the Key file to discern; Both corresponding DES catalogue is provided with the Key1 related with the DES algorithm in file, and corresponding SM1 catalogue is provided with the Key2 related with the SM1 algorithm in file, like this; In flow,, then get into file through the DES catalogue if the PSAM card uses the DES algorithm to carry out payment flow; And adopt Key1 that the application data of read/write file is carried out encryption and decryption; And, then get into file, and adopt Key2 that the application data of read/write file is carried out encryption and decryption through the SM1 catalogue if the PSAM card uses the SIM1 algorithm to carry out payment flow.Like this, effective utilization be can guarantee, production and maintenance cost reduced by DES algorithm PSAM card in SM1 algorithm transition process to PSAM card memory space
Communication module 20 is used for when knowing that through terminal equipment subscriber card triggers payment flow, sending selection instruction to subscriber card, carries the AID of SM1 algorithm or DES algorithm in this selection instruction;
Processing module 22 is used for the feedback according to subscriber card, when confirming that the SM1 algorithm is used in the subscriber card support, adopts AID
(SM1)Negotiations of paying of the application data of preserving under the corresponding catalogue and subscriber card, when confirming subscriber card support use DES algorithm, employing AID
(DES)The negotiation of paying of application data of preserving under the corresponding catalogue and subscriber card.
Consult shown in Figure 2ly, in the embodiment of the invention, subscriber card (be the electronic account carrier, as, IC-card, SIM or the like) comprises memory module 200, communication module 201 and control module 202, wherein,
Memory module 200 is used for the AID of corresponding respectively SM1 algorithm and the AID of DES algorithm and sets up catalogue and preserve the application corresponding data;
For example, consult shown in Figure 4ly, in the master file of memory module 200, record simultaneously based on DES algorithm application data with based on SM1 algorithm application data.Wherein, can be included in Key file, common application constituent instruments, holder's constituent instruments, transaction details file, storage file and the wallet file that uses under the DES algorithm based on DES algorithm application data; Equally, can be included in Key file, common application constituent instruments, holder's constituent instruments, transaction details file, storage file and the wallet file that uses under the SM1 algorithm based on SM1 algorithm application data;
Further, also record the card management related data in the memory module 200, as, the Key file of card, catalogue file or the like can also be preserved other application class data, give an example no longer one by one at this.
With the PSAM card in like manner, in the embodiment of the invention, in order to save memory space, in memory module 200, can adopt following mode to preserve the required application data of payment flow (be merely for example): at first, the AID of corresponding SM1 algorithm sets up the SM1 catalogue; Secondly, the AID of corresponding DES algorithm sets up the DES catalogue; At last; SM1 catalogue and DES catalogue are pointed to the identical file folder; And in this document folder, preserve and carry out the required application data of payment flow, wherein, record the Key file related in this application data and (be called Key1 with the SM1 algorithm; Corresponding with the PSAM card) and with the related Key file (being called Key2, corresponding) of DES algorithm with the PSAM card.
As shown in Figure 4, the meaning that so is provided with is, the DES catalogue has been mapped to the SM1 catalogue; Two kinds of catalogues are pointed to the identical file folder, in this document folder, have preserved the required common application data of payment flow, as; Common application constituent instruments, holder's constituent instruments, transaction details file, storage file and wallet file or the like in order to distinguish DES algorithm and SM1 algorithm, can adopt the Key file to discern; Both corresponding DES catalogue is provided with the Key1 related with the DES algorithm in file, and corresponding SM1 catalogue is provided with the Key2 related with the SM1 algorithm in file, like this; In flow,, then get into file through the DES catalogue if the PSAM card uses the DES algorithm to carry out payment flow; And adopt Key1 that the application data of read/write file is carried out encryption and decryption; And, then get into file, and adopt Key2 that the application data of read/write file is carried out encryption and decryption through the SM1 catalogue if the PSAM card uses the SIM1 algorithm to carry out payment flow.Like this, effective utilization be can guarantee, production and maintenance cost reduced by DES algorithm subscriber card in SM1 algorithm transition process to the subscriber card memory space
Communication module 201 is used for after triggering payment flow, receiving the selection instruction that the PSAM card sends, and carries the AID of SM1 algorithm in this selection instruction; Certainly, AID that also can the DES algorithm is an example with the AID of SM1 algorithm only here.
Control module 202 is used for sticking into the row feedback according to the encryption algorithm type of this locality support to PSAM, when supporting to use the SM1 algorithm as if definite this locality, then adopts AID
(SM1)Application data of preserving under the corresponding catalogue and PSAM stick into the row payment and consult, and use the DES algorithm if confirm local the support, then adopt AID
(DES)Application data of preserving under the corresponding catalogue and PSAM stick into the row payment and consult.
In the present embodiment; The Key file of in PSAM card and subscriber card, preserving separately based on the SM1 algorithm (as; Key1) and based on the Key file of SM1 algorithm (as; Key2) be that the requirement correspondence according to operator writes in the card production phase, therefore, PSAM card and subscriber card can use the negotiation of paying smoothly of separately Key file and opposite end.
Based on technique scheme, to consult shown in Figure 5ly, in the embodiment of the invention, PSAM card and subscriber card are following to the detailed process that AES carries out compatible management:
Step 500: subscriber card triggers payment flow.
For example, the user uses subscriber card on the POS machine, to swipe the card, thereby triggers payment flow; Be provided with the PSAM card in the POS machine; The PSAM cartoon is crossed the POS machine can accomplish the information interaction with subscriber card, follow-up for the ease of describing, and directly introduces the interaction flow between PSAM card and the subscriber card.
Step 510:PSAM card sends selection instruction to subscriber card after knowing that subscriber card triggers payment flow, carries the AID of SM1 algorithm in this selection instruction, i.e. A00002.
In the embodiment of the invention, all record the AID of DES algorithm and the AID of SM1 algorithm in PSAM card and the subscriber card, preferable, DES algorithm AID continues to use existing AID, is designated as AID
(DES)=A00001, the AID of SM1 algorithm then uses the AID of redetermination, is designated as AID
(SM1)=A00002.
In step 510, the PSAM card also can carry the AID of DES algorithm in selection instruction, and promptly A00001 in the present embodiment, is that example is introduced to carry A00002 only.
Step 520: after subscriber card receives the selection instruction of PSAM card transmission, stick into the row feedback to PSAM according to the encryption algorithm type of supporting to use.
For example, subscriber card receives after AID that the PSAM card sends is A00002, judges whether this locality supports to use the SM1 algorithm; If; Then feed back correct response message, further, can also together feed back clear data required in some payment flows with correct response message to the PSAM card; As, subscriber card numbering or the like; Otherwise, to PSAM card feedback error response message.
Is step 530:PSAM card supported the SM1 algorithm according to the feedback judges card of subscriber card? If then carry out step 540; Otherwise, carry out step 560.
In the present embodiment, when the correct response message of subscriber card feedback is received in the PSAM clamping, confirm that the subscriber card support uses the SM1 algorithm, the PSAM card prepares to adopt the SM1 algorithm to carry out follow-up payment flow according to the clear data that obtains simultaneously; If the error response message of subscriber card feedback is received in the PSAM clamping; Then the PSAM card is confirmed subscriber card payment use SM1 algorithm, and is at this moment, preferable; Can initiatively feed back the clear data that in follow-up payment flow, uses by subscriber card to the PSAM card; Also can be sent the AID of DES algorithm by the PSAM card once more to subscriber card, i.e. A00001 is when subscriber card receives A00001 and confirms that the DES algorithm is used in local payment; The clear data that in the payment flow that the PSAM card returns, uses again, PSAM card then prepare to adopt the DES algorithm to carry out follow-up payment flow according to the clear data that obtains.
The SM1 algorithm related application data that step 540:PSAM card and subscriber card are all preserved under this locality selection SM1 catalogue.
Be specially: the PSAM cartoon is crossed local SM1 catalogue and is imported the file of preserving application data, reads Key1 and other application datas; Subscriber card also imports the file of preserving application data through local SM1 catalogue, reads Key1T and other application datas.
Step 550:PSAM card and subscriber card adopt obtain based on the negotiation of paying of SM1 algorithm application data; To accomplish payment flow between the two; Wherein, The carrying out according to existing mode of concrete steps that payment is consulted gets final product, and difference is to use the SM1 algorithm to carry out the encryption and decryption of associative operation by using the DES algorithm to change into.
In the process of execution in step 550, the PSAM calorie requirement uses Key1 that the message that mails to subscriber card is encrypted.
In like manner, subscriber card also need adopt Key1 that the message that returns back to the PSAM card is encrypted.
The DES algorithm related application data that step 560:PSAM card and subscriber card are all preserved under this locality selection DES catalogue.
Be specially: the PSAM cartoon is crossed local DES catalogue and is imported the file (identical with the file that imports through the SM1 catalogue) of preserving application data, reads Key2 and other application datas; Subscriber card also imports the file (identical with the file that imports through the SM1 catalogue) of preserving application data through local DES catalogue, reads Key2 and other application datas.
Step 570:PSAM card and subscriber card adopt obtain based on negotiations of paying of DES algorithm application data, to accomplish payment flow between the two, wherein, the concrete steps of payment negotiation are carried out according to existing mode and are got final product.
In the process of execution in step 570, the PSAM calorie requirement uses Key2 that the message that mails to subscriber card is encrypted.
In like manner, subscriber card also need adopt Key2 that the message that returns back to the PSAM card is encrypted.
So far, the payment flow between PSAM card and the subscriber card is finished, and subscriber card completes successfully one-time-consumption.
In the above-described embodiments, pay between PSAM card and the subscriber card when consulting, in order to guarantee safety of user data, both sides all need adopt Key1 or Key2 that mutual message is encrypted.
Preferable, in the present embodiment, PSAM card and subscriber card adopt Key1, and the mode that promptly adopts the SM1 algorithm that message is encrypted is specific as follows:
A, obtain the random number that subscriber card generates, and this random number is adjusted into the initial value of 16 bytes.
For example, then send a Get Challenge order,,, then directly obtain the random number of generation in this locality if subscriber card is carried out encryption flow from the random number that the subscriber card acquisition generates to subscriber card if the PSAM card is carried out encryption flow.
In the practical application, the random number that subscriber card generates possibly be 4 bytes, 8 bytes or 16 bytes, and according to different situations, the mode of initial value that random number is adjusted into 16 bytes is also different, is specially:
If the random number length that obtains is 4 bytes; Then adopt 4 bytes " 0 " to carry out cover and form 8 byte datas in the position, end of 4 byte random numbers; I.e. " 4 byte random numbers+4 bytes ' 0 '=8 byte DATA " then, adopt this 8 byte data inverted value after cover is carried out in the position, end of this 8 byte data to form 16 byte datas; I.e. " ' 8 byte DATA+8 byte DATA ' inverted value=16 byte datas ", this 16 byte data are both as the initial value of follow-up cryptographic calculation.For example, 4 byte random number numbers are " 11111111 ", and then adjusted initial value is " 1111111100000000EEEEEEEEFFFFFFFF ".
If the random number length that obtains is 8 bytes; Then adopt this 8 byte random number inverted value after cover is carried out in the position, end of this 8 byte random number to form 16 byte datas; I.e. " ' 8 byte random numbers+8 byte random numbers ' inverted value=16 byte datas ", this 16 byte data are both as the initial value of follow-up cryptographic calculation.For example, 8 byte random numbers are " 1111111111111111 ", and then adjusted initial value is " 1111111111111111EEEEEEEEEEEEEEEE ".
If the random number length that obtains is 16 bytes, then directly with the initial value of this 16 byte random number as follow-up cryptographic calculation.
B, data to be transmitted is formed primary data based on specified format.
For example, adopt the form of " command message head+command message body " that data to be transmitted is formed primary data, wherein, the command message head can comprise CLA, INS; P1, P2, Lc+4, preferable; Need the back nibble of CLA be changed to hexadecimal " 4 ", then need carry data waiting for transmission in the command message body, be designated as DATA, this DATA can be the plaintext form; Also can be the ciphertext form, as, if need carry out the link encryption protection, then need DATA be transmitted with the ciphertext form.
C, be that unit is divided into the plurality of data piece with 16 bytes, and last data block carried out cover according to setting means with primary data.
For example, with each data block after dividing be designated as respectively BLOCK1, BLOCK2 ... BLOCKn, wherein; The data length of BLOCKn might be a 1-16 byte, therefore, need carry out cover to it; As; Whether the length of judging BLOCKn is 16 bytes, if then adopt 16 systems numerals " 8000000000000000 " to carry out cover in position, BLOCKn end; Otherwise; Adopt 16 systems numerals " 80 " to carry out cover earlier in the position, end of BLOCKn; If reach 16 byte lengths, then carry out subsequent operation, if do not reach 16 byte lengths; Then the position, end behind cover continues to adopt 16 systems numerals " 00 " to carry out cover, till the length of BLOCKn reaches 16 bytes.
D, be initial,, carry out XOR successively and encrypt and iterate computing, obtain the result of calculation of 16 bytes according to order from first data block to last data block with said initial value.
Consult shown in Figure 6; With initial value and BLOCK1, BLOCK2 is example, and so-called XOR encryption iterates computing and promptly is meant: initial value and BLOCK1 are carried out XOR, after operation result adopts Key1 to encrypt; Encrypted result (data length also is 16 bytes) is carried out XOR with BLOCK2; After adopting Key1 to encrypt operation result again, prepare to carry out cryptographic calculation with BLOCK3 again ... By that analogy, till the XOR cryptographic calculation of accomplishing last data block.
E, the result of calculation that step D is obtained are that unit is divided into a plurality of sub-blocks with 4 bytes; And according to order from first data block to last sub-block; Carry out XOR successively and iterate computing; And the operation result of 4 bytes that will finally obtain is as MAC (Message Authentication Code, message authentication code), and this MAC promptly is the message after encrypting.
With first sub-block, second sub-block and the 3rd sub-block is example; So-called XOR iterates computing and promptly is meant: first sub-block and second sub-block are carried out XOR; Again operation result and the 3rd sub-block are carried out XOR ... By that analogy, till the XOR cryptographic calculation of accomplishing last sub-block.
The executive agent of above-mentioned steps A-step e both can be the PSAM card, also can be subscriber card (like, IC-card), and both all can adopt aforesaid way and opposite end to carry out message interaction.
Based on the foregoing description, in the practical application, need upgrade the application data of preserving in PSAM card and the subscriber card sometimes; For example; Application public information file to preserving in the PSAM card upgrades, and again for example, holder's constituent instruments of preserving in the subscriber card is upgraded.Updating device possibly be other back-stage management terminals outside the POS machine; In renewal process; In order to guarantee safety of user data; The PSAM calorie requirement adopts Key1 or Key2 pair to carry out encryption and decryption with the mutual data of updating device, and in like manner, subscriber card also need adopt Key1 or Key2 pair to carry out encryption and decryption with the mutual data of updating device.
Preferable, in the present embodiment, encryption and decryption is calculated and is adopted ECB (Electronic Code Book, code book) as block mode of operation.
PSAM card and subscriber card adopt Key1, and the idiographic flow that promptly adopts the SM1 algorithm that data mutual in the renewal process are encrypted is following:
(1) confirms the length of clear data to be encrypted, generate be-encrypted data;
Preferable, can in the data head of clear data, adopt the length of LD (Length of Data, data length) expression clear data, thereby generate be-encrypted data;
The data to be sent that (2) will obtain are divided into some block of plaintext data with 16 bytes, and according to setting means last block of plaintext data are carried out cover.
For example, with each block of plaintext data after dividing be designated as PLAIN1, PLAIN2 ... PLAINn, wherein, the data length of PLAINn might be 1 ~ 16 byte, therefore, need carry out cover to it.As; When the data length of confirming PLAINn is not 16 bytes, adopt 16 systems numerals " 80 " to carry out cover, if reach 16 byte lengths in the position, end of PLAINn; Then carry out subsequent operation; If do not reach 16 byte lengths, then the end position behind cover continues to adopt 16 systems numerals " 00 " to carry out cover, reaches 16 bytes up to the length of PLAINn.
(3) adopt Key1 respectively each block of plaintext data to be encrypted, obtain corresponding ciphertext block data.
Consult shown in Figure 7; PSAM card and subscriber card all can adopt the local Key1 that preserves that the block of plaintext data of dividing each 16 byte that obtains is encrypted; Thereby obtain the ciphertext block data of respective number; For example, each ciphertext block data is designated as CIPHER1, CIPHER2 successively ... CIPHERn.
Each ciphertext block data that (4) will obtain connects according to the stripe sequence of corresponding block of plaintext data successively, to obtain final enciphered data.
At this moment, the executed of data encryption flow process finishes, and can enciphered data be inserted into the order data territory, is ready for sending.
Accordingly, PSAM card and subscriber card adopt Key1, and the idiographic flow that promptly adopts the SM1 algorithm that data mutual in the renewal process are deciphered is following:
(1) obtains and treat data decryption.As, in the order data territory, obtain to treat data decryption.
(2) will treat that data decryption is that unit is divided into some ciphertext block datas with 16 bytes.
For example, each ciphertext block data after dividing is designated as CIPHER1, CIPHER2 ... CIPHERn.
(3) adopt a Key file respectively each ciphertext block data to be deciphered, obtain corresponding block of plaintext data.
Consult shown in Figure 8; PSAM card and subscriber card all can adopt the local Key1 that preserves that the ciphertext block data of dividing each 16 byte that obtains is deciphered; Thereby obtain the block of plaintext data of respective number, for example, each block of plaintext data is designated as PLAIN1, PLAIN2 successively ... PLAINn.
Each block of plaintext data that (4) will obtain connects according to the stripe sequence of corresponding ciphertext block data successively, obtains final data decryption.
At this moment, data decryption by LD, clear data, fill character and form because LD representes clear data length, therefore, it can be used to recover clear data, judges promptly whether clear data complete.
Certainly, in the above-described embodiments, 16 bytes are merely for example, and in the practical application, according to different application environments, also replaceable is other setting byte length, repeats no more at this.
On the other hand; The foregoing description is that example has been carried out related description with the application scenarios of having preserved two kinds of AESs in PSAM card and the subscriber card only; For the application scenarios of having preserved the AES more than three kinds and three kinds in PSAM card and the subscriber card; The technical scheme that the foregoing description provides stands good after corresponding adjustment, repeats no more at this.
In sum, in the embodiment of the invention, the AID catalogue of different AESs can be set all in PSAM card and subscriber card; And under each AID catalogue, preserve and carry out the required application data of payment flow, like this, no matter subscriber card is supported any AES; The PSAM card all can cooperate and calls corresponding AES and accomplish payment flow; Correspondingly, no matter the PSAM card is supported any AES, and subscriber card also all can cooperate and calls corresponding AES and accomplish payment flow; Convenient for different AID catalogues; Realized the same application flow process under different AESs the compatibility management, do not changing payment flow, do not adding under the prerequisite any other instruction, that do not revise terminal equipment, guaranteed the transition that can be well on by the Standard Encryption algorithm that the DES algorithm is formulated to State Commercial Cryptography Administration of subscriber card and PSAM card; When having guaranteed the payment system service behaviour, will realize that also cost reduces to minimum.
On the other hand, in the embodiment of the invention, also utilize the method for mapping that different AID catalogues are mapped to the identical file folder, and adopt different Key files to distinguish, thereby realize effective utilization, avoided the waste of memory space the card memory space.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (18)
1. the method for the compatible management of AES is characterized in that, comprising:
Corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in consumption safety access module PSAM card and/or subscriber card;
The PSAM card is known when subscriber card triggers payment flow, to subscriber card transmission selection instruction, carries the AES application identifier in this selection instruction;
If corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in the said subscriber card; Then said subscriber card sticks into the row response to said PSAM; To the AES application identifier of PSAM cartoon knowledge capital ground support use, and adopt the application data and the PSAM that preserve under the corresponding catalogue of this AES application identifier to stick into row payment negotiation;
If corresponding multiple encryption algorithms application identifier is set up catalogue respectively and is preserved the application corresponding data in the said PSAM card; Then the PSAM card is according to the response of subscriber card; Confirm the AES application identifier that the subscriber card support is used, and adopt the negotiation of paying of the application data of preserving under the corresponding catalogue of this encryption algorithm identifiers and subscriber card.
2. the method for claim 1 is characterized in that, the PSAM card with or subscriber card in corresponding multiple encryption algorithms application identifier set up catalogue respectively and preserve the application corresponding data, comprising:
Corresponding each AES application identifier is set up corresponding catalogue respectively;
A plurality of catalogues of setting up are pointed to the identical file folder, in this document folder, preserve and carry out the required application data of payment flow, wherein, record the Key file related in the said application data respectively with each AES.
3. method as claimed in claim 2; It is characterized in that; Said PSAM card is or/and subscriber card adopts the application data and the opposite end of preserving under the corresponding catalogue of any AES application identifier to pay when consulting; In negotiations process, import said file from the corresponding catalogue of said any encryption algorithm identifiers and read or write required application data, and adopt corresponding Key file that the message that mails to the opposite end is encrypted.
4. method as claimed in claim 3 is characterized in that, said PSAM card comprises or/and subscriber card adopts the corresponding Key file of any AES application identifier that the message that mails to the opposite end is encrypted:
Obtain the random number that subscriber card generates, and this random number is adjusted into the initial value of setting byte length;
Based on specified format data to be transmitted is formed primary data;
To set byte length is that unit is divided into the plurality of data piece with said primary data, and according to setting means last data block is carried out cover;
With said initial value is initial, according to the order from first data block to last data block, adopts said Key file to carry out the XOR encryption successively and iterates computing, obtains first result of calculation;
With 4 bytes is that unit is divided into a plurality of sub-blocks with said first result of calculation; And according to order from first data block to last sub-block; Carry out XOR successively and iterate computing, obtain second result of calculation, and with second result of calculation as message authentication code MAC.
5. like each described method of claim 1-4; It is characterized in that; Said PSAM card is or/and the corresponding application data of any encryption algorithm identifiers that subscriber card is preserved this locality when upgrading, adopts following mode that data mutual in the renewal process are encrypted:
Confirm the length of clear data to be sent, generate data to be sent;
To set byte length is that unit is divided into some block of plaintext data with said data to be sent, and according to setting means last block of plaintext data is carried out cover;
Adopt the corresponding Key file of said any encryption algorithm identifiers respectively each block of plaintext data to be encrypted, obtain corresponding ciphertext block data;
The stripe sequence of each ciphertext block data that obtains according to corresponding block of plaintext data connected successively, obtain final enciphered data.
6. like each described method of claim 1-4; It is characterized in that; Said PSAM card is or/and the corresponding application data of any encryption algorithm identifiers that subscriber card is preserved this locality when upgrading, adopts following mode that data mutual in the renewal process are deciphered:
Obtain and treat data decryption;
To set byte length is that unit is divided into some ciphertext block datas with the said data decryption of treating;
Adopt the corresponding Key file of said any AES respectively each ciphertext block data to be deciphered, obtain corresponding block of plaintext data;
The stripe sequence of each block of plaintext data that obtains according to corresponding ciphertext block data connected successively, obtain final data decryption.
7. the device of the compatible management of AES is characterized in that, comprising:
Memory module is used for setting up catalogue respectively and preserving the application corresponding data in the local corresponding multiple second AES application identifier;
Communication module is used for when knowing that subscriber card triggers payment flow, sending selection instruction to subscriber card, carries the AES application identifier in this selection instruction,
Processing module is used for the response according to subscriber card, when confirming AES algorithm application identifier that the subscriber card support uses, and adopts the negotiation of paying of the application data of preserving under the corresponding catalogue of this AES application identifier and subscriber card.
8. device as claimed in claim 7; It is characterized in that; Said memory module is when corresponding multiple encryption algorithms application identifier is set up catalogue respectively and preserved the application corresponding data in this locality; Corresponding each AES application identifier is set up corresponding first catalogue respectively, and a plurality of catalogues sensing identical file folders that will set up, in this document folder, preserves and carries out the required application data of payment flow; Wherein, record the Key file related in the said application data respectively with each AES.
9. device as claimed in claim 8; It is characterized in that; Said processing module adopts application data and the subscriber card preserved under the corresponding catalogue of any AES application identifier to pay when consulting; In negotiations process, import said file from the corresponding catalogue of said any encryption algorithm identifiers and read or write required application data, and adopt corresponding Key file that the message that mails to subscriber card is encrypted.
10. device as claimed in claim 9 is characterized in that, when said processing module adopts the corresponding Key file of any AES application identifier that the message that mails to subscriber card is encrypted, comprising:
Obtain the random number that subscriber card generates, and this random number is adjusted into the initial value of setting byte length;
Based on specified format data to be transmitted is formed primary data,
To set byte length is that unit is divided into the plurality of data piece with said primary data, and according to setting means last data block is carried out cover;
With said initial value is initial, according to the order from first data block to last data block, adopts said Key file to carry out the XOR encryption successively and iterates computing, obtains first result of calculation;
With 4 bytes is that unit is divided into a plurality of sub-blocks with said first result of calculation; And according to order from first data block to last sub-block; Carry out XOR successively and iterate computing, obtain second result of calculation, and with second result of calculation as final message authentication code MAC.
11. like each described device of claim 7-10; It is characterized in that; When said processing module is upgraded the corresponding application data of any encryption algorithm identifiers of preserving in the local memory module, adopt following mode that data mutual in the renewal process are encrypted:
Confirm the length of clear data to be sent, generate data to be sent;
To set byte length is that unit is divided into some block of plaintext data with said data to be sent, and according to setting means last block of plaintext data is carried out cover;
Adopt the corresponding Key file of said any encryption algorithm identifiers respectively each block of plaintext data to be encrypted, obtain corresponding ciphertext block data;
The stripe sequence of each ciphertext block data that obtains according to corresponding block of plaintext data connected successively, obtain final enciphered data.
12. like each described device of claim 7-10; It is characterized in that; When the corresponding application data of any encryption algorithm identifiers that said processing module is preserved local memory module is upgraded, adopt following mode that data mutual in the renewal process are deciphered:
Obtain and treat data decryption;
To set byte length is that unit is divided into some ciphertext block datas with the said data decryption of treating;
Adopt the corresponding Key file of said any AES respectively each ciphertext block data to be deciphered, obtain corresponding block of plaintext data;
The stripe sequence of each block of plaintext data that obtains according to corresponding ciphertext block data connected successively, obtain final data decryption.
13. the device of the compatible management of AES is characterized in that, comprising:
Memory module is used for setting up catalogue respectively and preserving the application corresponding data in the corresponding multiple encryption algorithms application identifier of subscriber card;
Communication module is used for after triggering payment flow, receives the selection instruction that consumption safety access module PSAM card sends, and carries the AES application identifier in this selection instruction;
Control module is used for sticking into the row response to PSAM, to the AES application identifier of PSAM cartoon knowledge capital ground support use, and adopts the application data and the PSAM that preserve under the corresponding catalogue of this AES application identifier to stick into row payment negotiation.
14. device as claimed in claim 13; It is characterized in that said memory module is when corresponding multiple encryption algorithms application identifier is set up catalogue respectively and preserved the application corresponding data in this locality, corresponding each AES application identifier is set up corresponding catalogue respectively; A plurality of catalogues of setting up are pointed to the identical file folder; In this document folder, preserve and carry out the required application data of payment flow, wherein, record the Key file related in the said application data respectively with each AES.
15. device as claimed in claim 14; It is characterized in that; Said control module adopts the application data and the PSAM that preserve under the corresponding catalogue of any AES application identifier to stick into when going the payment negotiation; In negotiations process, import said file from the corresponding catalogue of said any encryption algorithm identifiers and read or write required application data, and adopt corresponding Key file that the message that mails to the PSAM card is encrypted.
16. device as claimed in claim 15 is characterized in that, said control module adopts the corresponding Key file of any AES application identifier that the message that mails to the PSAM card is encrypted, and comprising:
Obtain the local random number that generates, and this random number is adjusted into the initial value of setting byte length;
Based on specified format data to be transmitted is formed primary data;
To set byte length is that unit is divided into the plurality of data piece with said primary data, and according to setting means last data block is carried out cover;
With said initial value is initial, according to the order from first data block to last data block, adopts said Key file to carry out the XOR encryption successively and iterates computing, obtains first result of calculation;
With 4 bytes is that unit is divided into a plurality of sub-blocks with said first result of calculation; And according to order from first data block to last sub-block; Carry out XOR successively and iterate computing, obtain second result of calculation, and with second result of calculation as final message authentication code MAC.
17. like each described device of claim 13-16; It is characterized in that; When the corresponding application data of any AES application identifier that said control module is preserved local memory module is upgraded, adopt following mode that data mutual in the renewal process are encrypted:
Confirm the length of clear data to be sent, generate data to be sent;
To set byte length is that unit is divided into some block of plaintext data with said data to be sent, and according to setting means last block of plaintext data is carried out cover;
Adopt the corresponding Key file of said any encryption algorithm identifiers respectively each block of plaintext data to be encrypted, obtain corresponding ciphertext block data;
The stripe sequence of each ciphertext block data that obtains according to corresponding block of plaintext data connected successively, obtain final enciphered data.
18. like each described device of claim 13-16; It is characterized in that; When the corresponding application data of any encryption algorithm identifiers that said control module is preserved local memory module is upgraded, adopt following mode that data mutual in the renewal process are deciphered:
Obtain and treat data decryption;
To set byte length is that unit is divided into some ciphertext block datas with the said data decryption of treating;
Adopt the corresponding Key file of said any encryption algorithm identifiers respectively each ciphertext block data to be deciphered, obtain corresponding block of plaintext data;
The stripe sequence of each block of plaintext data that obtains according to corresponding ciphertext block data connected successively, obtain final data decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139449.7A CN102710412B (en) | 2012-05-07 | 2012-05-07 | Method and device for compatible management of encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139449.7A CN102710412B (en) | 2012-05-07 | 2012-05-07 | Method and device for compatible management of encryption algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102710412A true CN102710412A (en) | 2012-10-03 |
| CN102710412B CN102710412B (en) | 2015-07-01 |
Family
ID=46902984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210139449.7A Expired - Fee Related CN102710412B (en) | 2012-05-07 | 2012-05-07 | Method and device for compatible management of encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102710412B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103150771A (en) * | 2013-02-01 | 2013-06-12 | 武汉市城市路桥收费管理中心 | Lane purchase secure access module (PSAM) for city road bridge free stream toll collection and use method thereof |
| CN103150770A (en) * | 2013-02-01 | 2013-06-12 | 华中科技大学 | On board unit embedded secure access module (ESAM) for free stream toll collection and use method thereof |
| CN103593592A (en) * | 2013-11-08 | 2014-02-19 | 上海新储集成电路有限公司 | User data encryption and decryption method |
| CN103780376A (en) * | 2012-10-26 | 2014-05-07 | ***股份有限公司 | Method, terminal and safety carrier for realizing cryptographic algorithm system adaptive switching |
| CN106559218A (en) * | 2015-09-29 | 2017-04-05 | 中国电力科学研究院 | A kind of safe acquisition method of intelligent substation continuous data |
| CN107994986A (en) * | 2017-12-22 | 2018-05-04 | 记忆科技(深圳)有限公司 | A kind of renewable TF card of Encryption Algorithm and method |
| CN110249334A (en) * | 2017-02-01 | 2019-09-17 | 华为国际有限公司 | The system and method for equipment room highly effective and safe communication |
| CN111127015A (en) * | 2019-12-25 | 2020-05-08 | ***股份有限公司 | Transaction data processing method and device, trusted application and electronic device |
| CN114697094A (en) * | 2022-03-21 | 2022-07-01 | 北京交大微联科技有限公司 | Encryption method and encryption device compatible with multiple encryption algorithms and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5764762A (en) * | 1995-06-08 | 1998-06-09 | Wave System Corp. | Encrypted data package record for use in remote transaction metered data system |
| CN1666544A (en) * | 2002-07-01 | 2005-09-07 | 3柯姆公司 | System and method for a universal wireless acces gateaway |
| CN101141250A (en) * | 2007-10-10 | 2008-03-12 | 北京握奇数据***有限公司 | Instrument equipment, data safety access method, device and system |
| CN101599130A (en) * | 2008-06-06 | 2009-12-09 | 索尼株式会社 | Signal conditioning package, information processing method, program and communication system |
| CN102377566A (en) * | 2010-08-11 | 2012-03-14 | 北京融通高科科技发展有限公司 | Security processing device and system for electric meter data |
-
2012
- 2012-05-07 CN CN201210139449.7A patent/CN102710412B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5764762A (en) * | 1995-06-08 | 1998-06-09 | Wave System Corp. | Encrypted data package record for use in remote transaction metered data system |
| CN1666544A (en) * | 2002-07-01 | 2005-09-07 | 3柯姆公司 | System and method for a universal wireless acces gateaway |
| CN101141250A (en) * | 2007-10-10 | 2008-03-12 | 北京握奇数据***有限公司 | Instrument equipment, data safety access method, device and system |
| CN101599130A (en) * | 2008-06-06 | 2009-12-09 | 索尼株式会社 | Signal conditioning package, information processing method, program and communication system |
| CN102377566A (en) * | 2010-08-11 | 2012-03-14 | 北京融通高科科技发展有限公司 | Security processing device and system for electric meter data |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780376B (en) * | 2012-10-26 | 2017-06-23 | ***股份有限公司 | Method, terminal and safety barrier that cryptographic algorithm system self adaptation switches |
| CN103780376A (en) * | 2012-10-26 | 2014-05-07 | ***股份有限公司 | Method, terminal and safety carrier for realizing cryptographic algorithm system adaptive switching |
| CN103150770A (en) * | 2013-02-01 | 2013-06-12 | 华中科技大学 | On board unit embedded secure access module (ESAM) for free stream toll collection and use method thereof |
| CN103150771B (en) * | 2013-02-01 | 2015-12-23 | 武汉市城市路桥收费管理中心 | Track PSAM card and the using method thereof of charge is freely flowed for city road and bridge |
| CN103150771A (en) * | 2013-02-01 | 2013-06-12 | 武汉市城市路桥收费管理中心 | Lane purchase secure access module (PSAM) for city road bridge free stream toll collection and use method thereof |
| CN103593592A (en) * | 2013-11-08 | 2014-02-19 | 上海新储集成电路有限公司 | User data encryption and decryption method |
| CN103593592B (en) * | 2013-11-08 | 2017-01-18 | 上海新储集成电路有限公司 | User data encryption and decryption method |
| CN106559218A (en) * | 2015-09-29 | 2017-04-05 | 中国电力科学研究院 | A kind of safe acquisition method of intelligent substation continuous data |
| CN110249334A (en) * | 2017-02-01 | 2019-09-17 | 华为国际有限公司 | The system and method for equipment room highly effective and safe communication |
| CN110249334B (en) * | 2017-02-01 | 2023-07-18 | 华为国际有限公司 | System and method for efficient secure communication between devices |
| CN107994986A (en) * | 2017-12-22 | 2018-05-04 | 记忆科技(深圳)有限公司 | A kind of renewable TF card of Encryption Algorithm and method |
| CN111127015A (en) * | 2019-12-25 | 2020-05-08 | ***股份有限公司 | Transaction data processing method and device, trusted application and electronic device |
| CN111127015B (en) * | 2019-12-25 | 2023-09-19 | ***股份有限公司 | Transaction data processing method and device, trusted application and electronic device |
| CN114697094A (en) * | 2022-03-21 | 2022-07-01 | 北京交大微联科技有限公司 | Encryption method and encryption device compatible with multiple encryption algorithms and storage medium |
| CN114697094B (en) * | 2022-03-21 | 2024-03-26 | 北京交大微联科技有限公司 | Encryption method and encryption device compatible with multiple encryption algorithms and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102710412B (en) | 2015-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102710412B (en) | Method and device for compatible management of encryption algorithm | |
| CA2865148C (en) | Multi-issuer secure element partition architecture for nfc enabled devices | |
| JP5005811B2 (en) | Method, system and trusted service manager for securely transmitting an application to a mobile phone | |
| WO2020072551A1 (en) | Contactless card emulation system and method | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| EP2696531B1 (en) | Initialization of embedded secure elements | |
| EP3324322A1 (en) | Secure mobile device transactions | |
| CN112347453A (en) | Data safety writing method and system of automobile electronic identification embedded NFC chip | |
| CN102866960A (en) | Method for realizing encryption in storage card, decrypting method and device | |
| CN111404706B (en) | Application downloading method, secure element, client device and service management device | |
| CN102457842A (en) | Method, device and system for transaction by mobile phone | |
| CN105376059A (en) | Method and system for performing application signature based on electronic key | |
| CN108460597B (en) | Key management system and method | |
| US11922428B2 (en) | Security for contactless transactions | |
| CN101917700B (en) | Method for using service application and user identification module | |
| CN101557588B (en) | User certificate management and use method and mobile terminal thereof | |
| EP3340094B1 (en) | Method for renewal of cryptographic whiteboxes under binding of new public key and old identifier | |
| CN102799540A (en) | Method, system and terminal for encrypting/decrypting storage card by secret key of subscriber identity module | |
| CN101841806A (en) | Service card information processing method, device and system and communication terminal | |
| EP3326399A1 (en) | Method to secure an applicative function in a cloud-based virtual secure element implementation | |
| CN103841552A (en) | Method and system for carrying out aerial card writing through mobile terminal and card reader | |
| CN103905624A (en) | Digital signature generation method and mobile phone terminal | |
| CN101877835A (en) | STK (SIM (Subscriber Identity Module) Tool Kit) business processing method and system as well as mobile terminal | |
| CN108989032A (en) | Key reading/writing method, device, block catenary system and terminal device | |
| CN115278644A (en) | eUICC downloading method suitable for off-line production |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150701 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |