CN103839324B - Smart card and verification data output method, operation requests response method and system - Google Patents
Smart card and verification data output method, operation requests response method and system Download PDFInfo
- Publication number
- CN103839324B CN103839324B CN201310289234.8A CN201310289234A CN103839324B CN 103839324 B CN103839324 B CN 103839324B CN 201310289234 A CN201310289234 A CN 201310289234A CN 103839324 B CN103839324 B CN 103839324B
- Authority
- CN
- China
- Prior art keywords
- smart card
- verification data
- verification
- operation information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a kind of smart card and verification data output method, operation requests response method and system, wherein, verification data output method includes: smart card sets up communication connection, the operation requests of terminal is obtained by communication connection, obtaining smart card operation information, smart card operation information at least includes the mode of operation of smart card;Smart card obtains the verification data generation strategy that smart card operation information is corresponding from the verification data generation strategy prestored, and smart card operation information is at least processed by the verification data generation strategy utilizing smart card operation information corresponding, obtain verifying data, obtain the output policy that verification data are corresponding, output verification data.Owing to smart card generates verification data according to the smart card operation information obtaining smart card, background system server responds the flow process of operation requests in verification verification data by rear execution, thus prevent user profile to be stolen, improve the safety of smart card, it is ensured that user profile and the safety of property.
Description
Technical field
The present invention relates to a kind of field of information security technology, particularly relate to a kind of smart card and verification data output side
Method, operation requests response method and system.
Background technology
Existing bank is issued to the card of user and is mostly magnetic stripe card, however magnetic stripe card itself there are the following problems:
Once account and the trading password of user is acquired, then can replicate a magnetic stripe card, thus steal user's letter
Breath, causes user's property loss.
Therefore, it is more likely to now use IC-card (smart card) to replace magnetic stripe card to guarantee user profile and wealth
The safety produced.Existing smartcard internal is provided with chip, and this chip includes the pattern of two kinds of card operations: connect
Touch operator scheme and contactless operation pattern, which kind of chip uses when determining and carry out information transmission with the external world
Operator scheme, which kind of agreement of intrinsic call participates in information transmission, and chip, when the information of carrying out is transmitted, can be treated
The information of output processes, including encryption or the operation such as signature, and, encrypt or sign and used
Key can not be read and be replicated, and thus, uses smart card to replace magnetic stripe card to be possible to prevent card to be replicated, i.e.
Just obtain account and the trading password of user, same card can not be copied, therefore can be from certain journey
User profile and the safety of property is ensured on degree.
But, if existing smart card has been acquired account and the trading password of user, safety still can be there is
Hidden danger, Fig. 1 illustrates the existing smart card of employing and carries out the structure chart that user profile is stolen, sees Fig. 1, ATM
Machine 101 is connected to the server 102 of bank by wired or wireless mode, such that it is able to it is corresponding to realize bank
Business.Under normal circumstances, the smart card 106 that user holds is inserted directly into ATM 101 thus realizes turning
The business such as account, enchashment.But, if stealer is provided with an imitated card 103, this imitated card 103 is inserted
Enter ATM, be only used for imitating the smart card 106 held of user and insert ATM 101, receive ATM
101 information sent and send information to ATM 101, now, this imitated card 103 is led to by stealer
Cross information transmission that the ATM 101 that wireless mode received sends first to steal to what stealer was arranged
In terminal 104, this first steals terminal 104 for receiving the information of imitated card 103 transmission and to imitated card
103 send information, can copy card 103 by the imitated card 103 of wired connection or wireless connections, and first steals
Taking terminal 104 and steal terminal 105 by the connection such as the Internet or wireless network second, second steals terminal
105 is mobile terminal, can carry with stolen taker, and its connection has power radio frequency antenna 106, and
The smart card 107 held by the user of antenna 106 scanning antenna periphery, due to existing smart card 107
Can passively receive information, therefore, second steals the intelligence that terminal 105 is easy to be held with user by antenna 106
Can block 107 and set up wireless connections, now, second steals the smart card 107 that terminal 105 can be held from user
Middle acquisition smart card information, and the smart card information got is sent extremely by the Internet or wireless network etc.
First steals terminal 104, thus is sent the smart card information got to ATM by imitated card 103
101, now, after ATM has got the real information of the smart card 107 that user holds, at ATM
After 101 trading passwords inputting these smart cards 107, then can directly carry out transferring accounts or the business such as enchashment.By
This is visible, is revealed by this kind of mode, existing smart card once accounts information and trading password, can cause use
The massive losses of family property, and cannot avoid, owing to the mobility of stealer more cannot inquire about stealer's identity.
Summary of the invention
Present invention seek to address that the security hidden trouble that existing smart card exists.
Offer one verification data output method is provided;
Another object of the present invention is to provide a kind of smart card;
It is still another object of the present invention to provide a kind of operation requests response method;
A further object of the present invention is to provide a kind of operation requests response system.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
One aspect of the present invention provides a kind of verification data output method, including: smart card sets up communication connection;
After described communication connection foundation completes, described smart card obtains the operation requests of terminal by described communication connection;
Described smart card, after obtaining described operation requests, obtains described smart card and smart card during described terminal interaction
Operation information, described smart card operation information at least includes the mode of operation of described smart card;Described smart card from
The verification data generation strategy prestored obtains the verification data genaration that described smart card operation information is corresponding
Strategy, and described smart card at least grasped by the verification data generation strategy utilizing described smart card operation information corresponding
Process as information, obtain verifying data;Described smart card, after obtaining described verification data, obtains described
The output policy that verification data are corresponding, and according to the output policy of described verification data, export described verification data.
Additionally, the verification data generation strategy that described smart card utilizes described smart card operation information corresponding is the most right
Described smart card operation information processes, and the step obtaining verifying data includes: described smart card is to described intelligence
Operation information can be blocked process, obtain the first verification data, and to electronic bankbook remaining sum, electronic bankbook connection
Machine transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour are carried out
Processing, obtain the second verification data, the combination of wherein said first verification data and the second verification data is as institute
State verification data.
Additionally, the verification data generation strategy that described smart card utilizes described smart card operation information corresponding is the most right
Described smart card operation information processes, and the step obtaining verifying data includes: described smart card is to described intelligence
Operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark can be blocked
Knowledge, terminating machine numbering, trade date and exchange hour process, and obtain described verification data.
Additionally, after described smart card obtains the operation requests of described terminal by described communication connection, utilizing
Described smart card operation information is at least carried out by verification data generation strategy corresponding to described smart card operation information
Before process, the method also includes: judge whether described operation requests is the destination request prestored;If
Described operation requests is described destination request, then utilize the verification data genaration that described smart card operation information is corresponding
Described smart card operation information is at least processed by strategy.
Additionally, the step of described process includes: encryption.
Additionally, the step of described encryption includes: if the verification data that described smart card operation information is corresponding
Generation strategy is MAC calculative strategy, and the most described smart card at least carries out MAC to described smart card operation information
Calculate;If verification data generation strategy corresponding to described smart card operation information is HASH calculative strategy,
The most described smart card at least carries out HASH calculating to described smart card operation information;If described smart card is grasped
Verification data generation strategy corresponding to information of making is Sign Policies, and described smart card is at least grasped by the most described smart card
Signature calculation is carried out as information.
Additionally, described smart card operation information also includes: random number and/or transaction counter.
Additionally, the mode of operation of described smart card includes the communication connection patterns of smart card.
Additionally, the communication connection patterns of described smart card includes contactless communication connection mode and/or contact
Communication connection patterns.
Additionally, described contact communication connection patterns is included the pattern connected by chip communication and/or passes through magnetic
The pattern that bar is communicatively coupled.
Additionally, the mode of operation of described smart card includes: the object type being connected with described smart card.
Another aspect of the present invention provides a kind of operation requests response method, including: smart card uses said method
At least output verification data;Terminal obtains described verification data, and to operation requests described in major general and described verification
Data send to background system server;Described background system server is receiving described verification data and described
After operation requests, described verification data are verified, and in verification by rear, performing to respond described operation please
The flow process asked.
Additionally, the step that described verification data are verified by described background system server includes: described backstage
System server obtains the communication mode of described terminal;And, obtain the verification data obtained with described smart card
The target strategy that generation strategy is identical;Described background system server utilizes described target strategy to described terminal
Communication mode verifies, and generates the first check information;Described background system server is by described first verification letter
Cease the verification data corresponding with smart card pattern factor in described verification data to compare, described smart card pattern
The factor is for the communication connection patterns of indicating intelligent card;If in described first check information and described verification data
Verification data corresponding to smart card pattern factor are identical, then verification is passed through;Otherwise, verification is not passed through.
Additionally, described verification data also include the number after processing the object type being connected with described smart card
According to;Wherein: the step that described verification data are verified by described background system server also includes: backstage is
System server obtains the object type of described terminal;Described background system server utilizes described target strategy to institute
The object type stating terminal verifies, and generates the second check information;Described background system server is by described
The verification data that two check informations are corresponding with the object type that described smart card is connected with described verification data are entered
Row comparison;If the object type pair that described second check information is connected with smart card described in described verification data
The verification data answered are identical, then verification is passed through;Otherwise, verification is not passed through.
Additionally, the step that described verification data are verified by described background system server includes: background system
Server obtains the object type of described terminal;And, obtain the verification data genaration obtained with described smart card
The target strategy that strategy is identical;Described background system server utilizes the described target strategy object to described terminal
Type verifies, and generates the second check information;Described background system server by described second check information with
Verification data corresponding with the object type that smart card connects in described verification data are compared;If described
Verification data corresponding to object type that two check informations connect with smart card described in described verification data are identical,
Then verification is passed through;Otherwise, verification is not passed through.
Further aspect of the present invention provides a kind of smart card, including: communication module, acquisition module and process mould
Block;Described communication module is used for setting up communication connection, according to the output policy of verification data, output verification data;
Described acquisition module, for after the communication connection of described communication module has been set up, is obtained by described communication link
Take the operation requests of terminal, after obtaining described operation requests, when obtaining described smart card with described terminal interaction
Smart card operation information, described smart card operation information at least includes the mode of operation of described smart card, from advance
The verification data generation strategy first stored obtains the verification data genaration plan that described smart card operation information is corresponding
Slightly, after described processing module obtains verification data, the output policy that described verification data are corresponding is obtained;Described
The verification data generation strategy that processing module is used for utilizing described smart card operation information corresponding is at least to described intelligence
Operation information can be blocked process, obtain verifying data.
Additionally, described processing module is for processing described smart card operation information, obtain the first check number
According to, and to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark,
Terminating machine numbering, trade date and exchange hour process, and obtain the second verification data, and wherein said first
The combination of verification data and the second verification data is as described verification data.
Additionally, described processing module is for described smart card operation information, electronic bankbook remaining sum, electronic bankbook
On-line transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour enter
Row processes, and obtains described verification data.
Additionally, also include: judge module;Described judge module gets described operation at described acquisition module please
After asking, it is judged that whether described operation requests is the destination request prestored, if it is determined that described operation requests is
Described destination request, it indicates that described processing module utilizes described verification data generation strategy at least to described intelligence
Card operation information processes.
Additionally, described processing module is additionally operable to utilize described verification data generation strategy at least to grasp described smart card
It is encrypted as information.
Additionally, if described verification data generation strategy is MAC calculative strategy, the most described processing module is used for
At least described smart card operation information is carried out MAC calculating;If described verification data generation strategy is
HASH calculative strategy, the most described processing module is by least carrying out based on HASH described smart card operation information
Calculate;If described verification data generation strategy is Sign Policies, the most described processing module is at least to described intelligence
Operation information can be blocked and carry out signature calculation.
Additionally, described smart card operation information also includes: random number and/or transaction counter.
Additionally, the mode of operation of described smart card includes the communication connection patterns of smart card.
Additionally, the communication connection patterns of described smart card includes contactless communication connection mode and/or contact
Communication connection patterns.
Additionally, described contact communication connection patterns is included the pattern connected by chip communication and/or passes through magnetic
The pattern that bar is communicatively coupled.
Additionally, the mode of operation of described smart card includes: the object type being connected with described smart card.
Another aspect of the invention provides a kind of operation requests response system, including: terminal, background system service
Device and above-mentioned smart card;Described terminal obtains described verification data, and to operation requests described in major general and institute
State verification data to send to described background system server;Described background system server includes receiver module, school
Test module and perform module;Described receiver module is for receiving described verification data and the institute of the transmission of described terminal
State operation requests;Described correction verification module is for receiving described verification data and described operation at described receiver module
After request, described verification data are verified;Described execution module is for passing through in the verification of described correction verification module
After, perform to respond the flow process of described operation requests.
Additionally, described background system server also includes that acquisition module, described acquisition module are used for obtaining described end
The communication mode of end;And, obtain the target plan identical with the verification data generation strategy that described smart card obtains
Slightly;Described correction verification module is additionally operable to utilize described target strategy to verify the communication mode of described terminal, raw
Become the first check information, described first check information is corresponding with smart card pattern factor in described verification data
Verification data are compared, and described smart card pattern factor is used for the communication connection patterns of indicating intelligent card, if
The verification data that described first check information is corresponding with smart card pattern factor in described verification data are identical, then school
Test and pass through;Otherwise, verification is not passed through.
Additionally, described verification data also include the number after processing the object type being connected with described smart card
According to;Wherein: described acquisition module is additionally operable to obtain the object type of described terminal;Described correction verification module is additionally operable to
Utilize described target strategy that the object type of described terminal is verified, generate the second check information, by described
The verification data that second check information is corresponding with the object type that described smart card is connected with described verification data
Compare, if the object type that described second check information is connected with smart card described in described verification data
Corresponding verification data are identical, then verification is passed through;Otherwise, verification is not passed through.
Additionally, described background system server also includes that acquisition module, described acquisition module are used for obtaining described end
The object type of end;And, obtain the target plan identical with the verification data generation strategy that described smart card obtains
Slightly;Described correction verification module is additionally operable to utilize described target strategy to verify the object type of described terminal, raw
Become the second check information, by described second check information and the object class being connected with smart card in described verification data
The verification data that type is corresponding are compared, if described second check information and intelligence described in described verification data
The verification data that the object type of card connection is corresponding are identical, then verification is passed through;Otherwise, verification is not passed through.
As seen from the above technical solution provided by the invention, due to the fact that smart card is according to obtaining smart card
Smart card operation information generate verification data, background system server performs sound in verification verification data by rear
Answer the flow process of operation requests, thus prevent user profile to be stolen, improve the safety of smart card, it is ensured that user
Information and the safety of property.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, required in embodiment being described below
The accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only some of the present invention
Embodiment, from the point of view of those of ordinary skill in the art, on the premise of not paying creative work, also may be used
To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the structure chart that in existing application of IC cards, user profile is stolen;
The flow chart of the verification data output method that Fig. 2 provides for the present invention;
The structural representation of the smart card that Fig. 3 provides for the present invention;
The flow chart of the operation requests response method that Fig. 4 provides for the present invention;
The structural representation of the operation requests response system that Fig. 5 provides for the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear,
It is fully described by, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole
Embodiment.Based on embodiments of the invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, broadly falls into protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ",
D score, "front", "rear", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " etc. refer to
The orientation shown or position relationship, for based on orientation shown in the drawings or position relationship, are for only for ease of and describe this
Bright and simplification describes rather than indicates or imply that the device of indication or element must have specific orientation, Yi Te
Fixed azimuth configuration and operation, be therefore not considered as limiting the invention.Additionally, term " first ", " the
Two " it is only used for describing purpose, and it is not intended that indicate or imply relative importance or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " peace
Dress ", should be interpreted broadly " being connected ", " connection ", for example, it may be fix connection, it is also possible to be detachably to connect
Connect, or be integrally connected;Can be to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is possible to
To be indirectly connected to by intermediary, it can be the connection of two element internals.Ordinary skill for this area
For personnel, above-mentioned term concrete meaning in the present invention can be understood with concrete condition.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Fig. 2 illustrates the flow chart of the verification data output method of the present invention, sees Fig. 2, the verification of the present invention
Data output method, comprises the steps:
Step S201, smart card sets up communication connection;
Concrete, smart card can set up communication connection with terminal, and smart card can be by contact mode and end
End sets up communication connection, it is also possible to set up communication connection by contact mode with terminal.
Certainly, if the user profile created in the application of IC cards as occurred in background technology is stolen, this
The smart card of invention is to steal terminal by antenna from second shown in Fig. 1 to set up communication connection.
Step S202, after communication connection foundation completes, smart card obtains the operation of terminal by communication connection
Request;
Concrete, smart card obtains operation requests by communication connection, and the operation requests of acquisition can transfer accounts, take
The arbitrarily operation requests such as money, inquiry.
It addition, after the smart card of step S202 passes through the operation requests that communication connection obtains terminal, in step
Smart card operation information is at least entered by the verification data generation strategy utilizing smart card operation information corresponding of S204
Before row processes, smart card can also carry out following operation: judges whether operation requests is the target prestored
Request;If operation requests is destination request, then perform to utilize verification data generation strategy at least smart card to be grasped
The operation processed is carried out as information.Judge whether operation requests is the destination request prestored, this destination request
The operation requests of user's property safety can be related to, such as: transfer accounts, the operation requests such as enchashment, if intelligence
Can judge that this operation requests is destination request by card, then perform to utilize verification data generation strategy at least to smart card
Operation information carries out the operation processed;Otherwise, if it is judged that this operation requests is not destination request, such as:
The operation requests such as inquiry, owing to being not related to the property safety of user, do not perform to utilize verification data generation strategy extremely
Few operation that smart card operation information is processed, thus improve the processing speed of this type of business.
Additionally, the smart card operation information of the present invention is in addition to including smart card pattern factor, it is also possible to including:
Random number, this random number can be to arrange randomizer within a smart card, in order to the most all generates one not
With random number, it is ensured that the follow-up verification data obtained when processing smart card operation information are the most different,
Thus prevent verifying data and be cracked.Certainly, so that background system server verification verification data time energy
Enough obtaining this random number, this random number can together be exported by smart card when the information of output;Can also be rear
Platform system server arranges the algorithm identical with the randomizer employing arranged in smart card and generates random number,
The former makes verification be more prone to, and the latter makes to verify safer.
The smart card operation information processing of the present invention includes outside smart card pattern factor, it is also possible to include transaction count
Value, the count value that the enumerator that this transaction counter can be provided in smart card produces, at each smart card
During output data, this enumerator performs counting operation according to predetermined manner, and exports transaction counter, thus protects
Demonstrate,prove the follow-up verification data obtained time smart card operation information is processed the most different, thus prevent check number
According to being cracked.Certainly, so that background system server obtains this transaction counter when verification verification data,
This transaction counter can be that smart card together exports when the information of output, it is also possible to is background system server
The method of counting identical with this smart card is used to count when often completing once with the business that this smart card is relevant
Number, it is thus achieved that this transaction counter, the former makes verification be more prone to, and the latter makes to verify safer.
Certainly, the smart card operation information of the present invention can also include smart card pattern factor, random number and friendship
Easily count value, so that safety is higher.
Step S203, smart card, after obtaining operation requests, obtains smart card and smart card during terminal interaction
Operation information, smart card operation information at least includes the mode of operation of smart card;
Concrete, the mode of operation of smart card can include the communication connection patterns of smart card, the communication of smart card
Connection mode can include contactless communication connection mode and/or contact communication connection patterns, intelligence snap gauge
The formula factor can be used to indicating intelligent card for the mode of operation of indicating intelligent card, i.e. this smart card pattern factor and adopts
With contactless communication connection mode, or indicating intelligent card have employed contact communication connection patterns.Certainly,
Contact communication connection patterns can be included the pattern connected by chip communication and/or be communicated by magnetic stripe
The pattern connected, this smart card pattern factor can be used to indicating intelligent card and have employed contact communication connection patterns
In the pattern that connected by chip communication, or indicating intelligent card have employed in contact communication connection patterns and passes through
Pattern that magnetic stripe is communicatively coupled etc..The communication connection patterns of indicating intelligent card can ensure that smart card exports
Information include the communication connection patterns of smart card, even if the mode as described in background technology steals user's letter
Breath, owing to the information of smart card output including the communication connection patterns of smart card, i.e. the letter of smart card output
Breath includes and the second communication connection mode stealing terminal, now, owing to smart card and second steals terminal
Communication connection mode is contactless, and the communication connection mode of imitated card and ATM is contact,
In the judgement of follow-up background system server, may determine that the communication connection patterns that smart card uses is and it
The communication connection mode of reception information is different, thus not performs the flow process of response operation requests, it is ensured that
The safety of smart card user information.
It addition, smart card can also obtain, from its end obtaining operation information, the object class being connected with smart card
Type, thus obtain smart card pattern factor, the object type being connected with the smart card i.e. type of terminal, terminal can
To include: POS, ATM, card reader/writer or brushing card device etc. arbitrarily can obtain the letter of smart card
The terminal of breath.This smart card pattern factor may indicate that the type of terminal.Instruction terminal type can ensure that intelligence
The information of card output includes the type of connected terminal, even if the mode as described in background technology is stolen
User profile, owing to including the type of connected terminal in the information of smart card output, i.e. smart card is defeated
The information gone out includes the second type stealing terminal, now, due to second steal the type of terminal often with
The terminal types such as ATM are different, may determine that smart card is defeated in the judgement of follow-up background system server
The approach going out information is different from usual channel, thus not performs the flow process of response operation requests, it is ensured that intelligence
The safety of card user information.
Step S204, smart card obtains smart card operation information from the verification data generation strategy prestored
Corresponding verification data generation strategy, and utilize verification data generation strategy corresponding to smart card operation information at least
Smart card operation information is processed, obtains verifying data;
Concrete, smart card operation information can directly be processed by smart card, obtains verifying data, it is possible to
So that smart card operation information to be encrypted, obtain verifying data.Directly processing simple, processing speed is high;
Encryption safety is more preferable.
Such as: can one of in the following way obtain verifying data:
Mode one: smart card operation information is processed by smart card, obtains the first verification data, and to electricity
Sub-passbook balance, electronic bankbook on-line transaction sequence number, dealing money, type of transaction identify, terminating machine is numbered,
Trade date and exchange hour process, and obtain the second verification data, wherein the first verification data and second
The combination of verification data is as verification data.Now, smart card operation information is processed and deposits electronics
Depreciated volume, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, transaction
Date and exchange hour carry out process and identical processing mode can be used can also to use different processing modes,
Use identical processing mode processing speed high, use different processing mode safeties more preferable.
Mode two: smart card to smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number,
Dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour process, and obtain school
Test data.
Mode three: smart card operation information is encrypted by smart card, obtains the first verification data, and
Electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine are compiled
Number, trade date and exchange hour be encrypted, obtain the second verification data, wherein the first verification data
Combination with the second verification data is as verification data.Now, smart card operation information is encrypted with
And to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine
Numbering, trade date are encrypted with exchange hour can also be able to be adopted to use identical encryption mode
By different encryption modes, use identical encryption mode processing speed high, use different encryptions
Processing mode safety is more preferable.Certainly, smart card operation information can be encrypted, to electronic bankbook
Remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, the day of trade
Phase and exchange hour are not encrypted, or are not encrypted smart card operation information, to electronics
Passbook balance, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, friendship
Easily date and exchange hour are encrypted, as long as follow-up can realization carries out verification i.e. to the data after processing
Can.
Mode four: smart card to smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number,
Dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour are encrypted,
To verification data.
Certainly, the encryption of aforesaid way three or mode four can be following any one:
If verification data generation strategy corresponding to smart card operation information is MAC calculative strategy, then smart card
At least smart card operation information is carried out MAC calculating;At this point it is possible to using calculated MAC value as
Verification data, it is also possible to using the part of calculated MAC value as verification data, use MAC to calculate
Strategy, calculation is simple, and processing speed is high.
If verification data generation strategy corresponding to smart card operation information is HASH calculative strategy, then intelligence
Card at least carries out HASH calculating to smart card operation information;At this point it is possible to by calculated HASH value
As verification data, it is also possible to using the part of calculated HASH value as verification data, use HASH
Calculative strategy, safety is higher.
If verification data generation strategy corresponding to smart card operation information is Sign Policies, then smart card is the most right
Smart card operation information carries out signature calculation;At this point it is possible to using calculated signed data as verification data,
Sign Policies can also be used using the part of calculated signed data as verification data, safety high and
It is possible to prevent to deny.
Step S205, smart card, after obtaining verification data, obtains the output policy that verification data are corresponding, and presses
According to the output policy of verification data, output verification data.
Concrete, smart card, after obtaining verification data, can communicate with contactless communication pattern, also
Can communicate with contact communication pattern, these verification data directly can be exported, it is also possible to should
Verification data export to terminal after processing, in order to terminal is by defeated for the verification data after verification data or process
Go out and verify to background system server, only verify and just perform relevant operation by rear, it is ensured that intelligence
Card user information and the safety of property.
As can be seen here, use the verification data output method of the present invention, owing to smart card is according to obtaining smart card
Smart card operation information generates verification data, thus prevents user profile to be stolen, and improves the safety of smart card,
Ensure user profile and the safety of property.
Fig. 3 illustrates the structural representation of smart card based on above-mentioned verification data output method, due to the present invention
Smart card have employed above-mentioned verification data output method, therefore the most too much repeat at this, only to its structure
It is briefly described:
Seeing Fig. 3, the smart card 30 of the present invention includes: communication module 301, acquisition module 302 and process
Module 303;Wherein:
Communication module 301 is used for setting up communication connection, according to the output policy of verification data, output verification data;
Acquisition module 302, for after the communication connection of communication module 301 has been set up, is obtained by communication link
Take the operation requests of terminal, after obtaining operation requests, obtain smart card and smart card operation during terminal interaction
Information, smart card operation information at least includes the mode of operation of smart card, from the verification data genaration prestored
Strategy obtains the verification data generation strategy that smart card operation information is corresponding, obtains verification data in processing module
After, obtain the output policy that verification data are corresponding;
The verification data generation strategy that processing module 303 is used for utilizing smart card operation information corresponding is at least to intelligence
Operation information can be blocked process, obtain verifying data.
Certainly, smart card operation information can directly be processed by the processing module 303 of smart card 30,
To verification data, it is also possible to smart card operation information is encrypted, obtain verifying data.Directly process
Simply, processing speed is high;Encryption safety is more preferable.
Such as: processing module 303 can one of in the following way obtain verifying data:
Mode one: processing module 303, for processing smart card operation information, obtains the first verification data,
And to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminal
Machine numbering, trade date and exchange hour process, and obtain the second verification data, wherein the first verification data
Combination with the second verification data is as verification data.
Mode two: processing module 303 is for smart card operation information, electronic bankbook remaining sum, electronic bankbook connection
Machine transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour are carried out
Process, obtain verifying data.
Mode three: processing module 303, for being encrypted smart card operation information, obtains the first verification
Data, and to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark,
Terminating machine numbering, trade date and exchange hour are encrypted, and obtain the second verification data, and wherein first
The combination of verification data and the second verification data is as verification data.Certainly, smart card operation information can be entered
Row encryption, to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark
Knowledge, terminating machine numbering, trade date and exchange hour are not encrypted, or to smart card operation information
It is not encrypted, to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, transaction class
Type mark, terminating machine numbering, trade date and exchange hour are encrypted, if follow-up can realize right
Data after process carry out verifying.
Mode four: processing module 303 is for smart card operation information, electronic bankbook remaining sum, electronic bankbook connection
Machine transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour are carried out
Encryption, obtains verifying data.
Certainly, the encryption during above-mentioned processing module 303 obtains the verification mode three of data or mode four is permissible
It is following any one:
If verification data generation strategy corresponding to smart card operation information is MAC calculative strategy, then process mould
Block 303 is at least carrying out MAC calculating to smart card operation information;
If verification data generation strategy corresponding to smart card operation information is HASH calculative strategy, then process
Module 303 is at least carrying out HASH calculating to smart card operation information;
If verification data generation strategy corresponding to smart card operation information is Sign Policies, then processing module 303
For at least smart card operation information being carried out signature calculation.
As can be seen here, use the smart card of the present invention, owing to smart card is according to the smart card operation obtaining smart card
Information generates verification data, thus prevents user profile to be stolen, and improves the safety of smart card, it is ensured that user
Information and the safety of property.
It addition, the smart card 30 of the present invention can also include judge module 304, it is judged that module 304 is obtaining
After module 302 gets operation requests, it is judged that whether operation requests is the destination request prestored, if sentenced
Disconnected operation requests is destination request, it indicates that processing module 303 utilizes verification data generation strategy at least to intelligence
Card operation information processes.Thus improve the processing speed of the business using smart card.
The mode of operation of the smart card of the present invention can include the communication connection patterns of smart card, the communication of smart card
Connection mode includes contactless communication connection mode and/or contact communication connection patterns, contact communication link
The pattern of connecing includes the pattern connected by chip communication and/or the pattern being communicatively coupled by magnetic stripe.
Certainly, the present invention is only to the simple division of functional module in smart card, but is not limited to above-mentioned division,
Such as: the function that the modules of smart card of the present invention performs can also be divided into some submodules and perform correlation function,
Such as: processing module can be divided into the process of the first process submodule executive mode one, second processes submodule holds
The process etc. of line mode two;Perform it addition, the modules of smart card of the present invention can also be integrated into a module
Correlation function etc..All should be within the scope of the present invention as long as have employed the solution of the present invention.
Fig. 4 is the flow chart illustrating operation requests response method, sees Fig. 4, and the operation requests of the present invention is rung
Induction method, including:
Smart card uses above-mentioned steps S201 to the method at least output verification of step S205 output verification data
Data;Do not repeat them here.
Step S206, terminal obtains verification data, and sends to backstage to major general's operation requests and verification data
System server;
Concrete, terminal can be ATM, POS, the smart mobile phone of connection card reader or panel computer
Or PC, the smart mobile phone of connection antenna or any form of terminal such as panel computer or PC.
Step S207, background system server is after receiving verification data and operation requests, to verification data
Verify, and in verification by rear, perform the flow process of response operation requests.
Concrete, background system server can be the server of bank, to realize the related service of bank, also
Can be third-party server, such as mass transit card server.As long as can realize being closely related with user profile
The server that used of all kinds of business can be all the background system server of the present invention.
Background system server, can be according to smart card pattern factor after receiving verification data and operation requests
The communication connection patterns of smart card of instruction, or being connected with smart card according to smart card pattern factor instruction
Verification data are verified by object type two kinds of situations the most in the following way:
Background system server obtains the communication mode of terminal;And, obtain the verification data obtained with smart card
The target strategy that generation strategy is identical, utilizes target strategy to verify the communication mode of terminal, generates first
The verification data that first check information is corresponding with smart card pattern factor in verification data are compared by check information
Right;If the verification data that the first check information is corresponding with smart card pattern factor in verification data are identical, then school
Test and pass through;Otherwise, verification is not passed through.Now, if stealing user profile in creating such as background technology
Scene, then steal terminal due to smart card be connected antenna second and be connected, the verification data of smart card output
In include contactless communication pattern, but the terminal that imitated card connects is ATM, now background system
The communication mode of the terminal that server obtains is contact communication pattern, therefore, and background system server verification school
Test data can not pass through, it is ensured that the safety of user profile.
If verification data also include the data after processing the object type being connected with smart card, then,
Background system server obtains the object type of terminal, utilizes target strategy to verify the object type of terminal,
Generate the second check information;Second check information is corresponding with the object type being connected with smart card in verification data
Verification data compare;If the object type pair that the second check information is connected with smart card in verification data
The verification data answered are identical, then verification is passed through;Otherwise, verification is not passed through.The object type of terminal is that terminal is
ATM, terminal be POS, terminal be the type of the terminal such as smart mobile phone connecting card reader.Now,
If the scene stealing user profile in creating such as background technology, then due to smart card be connected antenna
Second steals terminal is connected, and includes this second type stealing terminal in the verification data of smart card output, but
Be the terminal that imitated card connects be ATM, the object type of the terminal now got due to background server
It is ATM, thus verification can not be passed through, it is ensured that the safety of user profile.
As can be seen here, owing to smart card generates verification data according to the smart card operation information obtaining smart card, after
Platform system server responds the flow process of operation requests in verification verification data by rear execution, thus prevents user from believing
Breath is stolen, and improves the safety of smart card, it is ensured that user profile and the safety of property.
Fig. 5 illustrates the structural representation of operation requests response system, sees Fig. 5, the operation requests of the present invention
Response system, including: terminal 40, background system server 50 and above-mentioned smart card 30 as shown in Figure 3,
Owing to smart card 30 is above-mentioned smart card 30, therefore, do not repeat them here.The most only to terminal 40 and
Background system server 50 illustrates.
Terminal 40 obtains the verification data of smart card 30 output, and sends to major general's operation requests and verification data
To background system server 50;
Background system server 50 includes receiver module 501, correction verification module 502 and performs module 503;
Receiver module 501 is for receiving verification data and the operation requests of terminal 40 transmission;
Correction verification module 502 is after receiving verification data and operation requests at receiver module 501, to check number
According to verifying;
Perform module 503 to be used for verifying by rear at correction verification module, perform the flow process of response operation requests.
It addition, background system server 50 is after receiving verification data and operation requests, can be according to intelligence
The communication connection patterns of smart card of mode card factor instruction, or according to the instruction of smart card pattern factor and intelligence
The two kinds of situations of object type connected can be blocked, the most in the following way verification data are verified, now,
Background system server 50 can also include acquisition module 504:
Acquisition module 504 is for obtaining the communication mode of terminal 40;And, obtain the school obtained with smart card
Test the target strategy that data genaration strategy is identical;Correction verification module 502 is additionally operable to utilize target strategy to lead to terminal
Letter mode verifies, and generates the first check information, by the first check information and smart card pattern in verification data
The verification data that factor pair is answered are compared, if the first check information and smart card pattern factor in verification data
Corresponding verification data are identical, then verification is passed through;Otherwise, verification is not passed through.
If verification data also include the data after processing the object type being connected with smart card, then,
The acquisition module 504 of background system server 50 is for obtaining the object type of terminal, and correction verification module 502 is also
For utilizing target strategy that the object type of terminal is verified, generate the second check information, verify second
Information is compared with verifying verification data corresponding with the object type that smart card is connected in data, if second
The verification data that check information is corresponding with the object type of smart card connection in verification data are identical, then verification is passed through;
Otherwise, verification is not passed through.
As can be seen here, owing to smart card generates verification data according to the smart card operation information obtaining smart card, after
Platform system server responds the flow process of operation requests in verification verification data by rear execution, thus prevents user from believing
Breath is stolen, and improves the safety of smart card, it is ensured that user profile and the safety of property.
Certainly, the present invention is only to the simple division of functional module in smart card and background system server, but also
It is not limited to above-mentioned division, such as: the merit that the modules of smart card of the present invention and background system server performs
Can also be divided into some submodules and perform correlation function, such as: the processing module of smart card can be divided into first
Processing the process of submodule executive mode one, second processes the process etc. of submodule executive mode two;Background system
The correction verification module of server is segmented into the first syndrome module to smart card pattern factor at the smart card indicated
Communication connection patterns time verify, the second syndrome module to smart card pattern factor instruction and smart card
Verify during the object type connected;It addition, smart card of the present invention and the modules of background system server
A module can also be integrated into and perform correlation function etc..All should be in the present invention as long as have employed the solution of the present invention
Protection domain in.
Present invention also offers a kind of smart card system, this smart card system and the above-mentioned verification data output side of employing
Method, illustrates the most one by one at this, is only briefly described this smart card system, and this smart card system includes:
Communication interface and intelligent card chip, wherein,
Communication interface is used for setting up communication connection, after the communication connection of communication interface has been set up, by communication
Connect the operation requests obtaining terminal, and according to the output policy of verification data, output verification data;
Intelligent card chip, for after obtaining operation requests, obtains smart card and smart card operation during terminal interaction
Information, smart card operation information at least includes the mode of operation of smart card, from the verification data genaration prestored
Strategy obtains the verification data generation strategy that smart card operation information is corresponding, after obtaining verification data, obtains
The output policy that verification data are corresponding, the verification data generation strategy utilizing smart card operation information corresponding is the most right
Smart card operation information processes, and obtains verifying data.
Wherein, intelligent card chip can one of in the following way obtain verification data:
Mode one: smart card operation information is processed by intelligent card chip, obtains the first verification data, and
Electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminating machine are compiled
Number, trade date and exchange hour process, obtain the second verification data, wherein the first verification data and the
The combination of two verification data is as verification data.
Mode two: intelligent card chip is to smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction
Sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour process,
Obtain verifying data.
Mode three: smart card operation information is encrypted by intelligent card chip, obtains the first verification data,
And to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark, terminal
Machine numbering, trade date and exchange hour are encrypted, and obtain the second verification data, wherein the first verification
The combination of data and the second verification data is as verification data.Certainly, smart card operation information can be added
Close process, to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark,
Terminating machine numbering, trade date and exchange hour are not encrypted, or do not enter smart card operation information
Row encryption, to electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, type of transaction mark
Knowledge, terminating machine numbering, trade date and exchange hour are encrypted, and can realize process as long as follow-up
After data carry out verifying.
Mode four: intelligent card chip is to smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction
Sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour are encrypted place
Reason, obtains verifying data.
Certainly, the encryption during above-mentioned intelligent card chip obtains the verification mode three of data or mode four can be
Following any one:
If verification data generation strategy is MAC calculative strategy, then intelligent card chip is at least to smart card operation
Information carries out MAC calculating;
If verification data generation strategy is HASH calculative strategy, then smart card is at least grasped by intelligent card chip
HASH calculating is carried out as information;
If verification data generation strategy is Sign Policies, then smart card operation information is at least entered by intelligent card chip
Row signature calculation.
As can be seen here, use the smart card of the present invention, owing to smart card system is according to the smart card obtaining smart card
Operation information generates verification data, thus prevents user profile to be stolen, and improves the safety of smart card, it is ensured that
User profile and the safety of property.
It addition, the intelligent card chip of the present invention is after communication interface gets operation requests, also judge operation requests
Whether it is the destination request prestored, if it is determined that operation requests is destination request, then utilizes verification data raw
Strategy is become at least smart card operation information to be processed.Thus improve the processing speed of the business using smart card.
The mode of operation of the smart card of the present invention can include the communication connection patterns of smart card, the communication of smart card
Connection mode includes contactless communication connection mode and/or contact communication connection patterns, contact communication link
The pattern of connecing includes the pattern connected by chip communication and/or the pattern being communicatively coupled by magnetic stripe.
It addition, described smart card operation information can also include: random number and/or transaction counter.
Present invention also offers a kind of operation requests response computer system, including: terminal, background system service
Device and above-mentioned smart card system, owing to smart card system is above-mentioned smart card system, therefore, at this no longer
Repeat.The most only terminal and background system server are illustrated.
Terminal obtains the verification data of above-mentioned smart card system output, and sends out to major general's operation requests and verification data
Deliver to background system server;
Background system server includes connecting interface and background system server CPU;
Connect verification data and operation requests that interface terminal sends;
Background system server CPU is after connection interface to verification data and operation requests, to check number
According to verifying, verify by rear at correction verification module, perform the flow process of response operation requests.
It addition, background system server CPU is after receiving verification data and operation requests, can be according to intelligence
Can the communication connection patterns of smart card of mode card factor instruction, or according to the instruction of smart card pattern factor with
Verification data are verified by two kinds of situations of object type that smart card connects the most in the following way, now,
Background system server CPU also obtains the communication mode of terminal;And, obtain and smart card system acquisition
The target strategy that verification data generation strategy is identical, and utilize target strategy that the communication mode of terminal is verified,
Generate the first check information, the check number corresponding with smart card pattern factor in verification data by the first check information
According to comparing, if the verification data phase that the first check information is corresponding with smart card pattern factor in verification data
With, then verification is passed through;Otherwise, verification is not passed through.
If verification data also include the data after processing the object type being connected with smart card, then,
Background system server CPU also obtains the object type of terminal, utilizes the target strategy object type to terminal
Verify, generate the second check information, the second check information is right be connected with smart card in verification data
The verification data corresponding as type are compared, if what the second check information was connected with smart card in verification data
Verification data corresponding to object type are identical, then verification is passed through;Otherwise, verification is not passed through.
As can be seen here, owing to smart card system generates verification data according to the smart card operation information obtaining smart card,
Background system server responds the flow process of operation requests in verification verification data by rear execution, thus prevents user
Information is stolen, and improves the safety of smart card, it is ensured that user profile and the safety of property.
In flow chart or at this, any process described otherwise above or method description are construed as, and represent
Including one or more for realizing the code of the executable instruction of the step of specific logical function or process
Module, fragment or part, and the scope of the preferred embodiment of the present invention includes other realization, Qi Zhongke
With not by order that is shown or that discuss, including according to involved function by basic mode simultaneously or by the contrary
Order, perform function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.
In the above-described embodiment, multiple steps or method can be with storing in memory and by suitably instructing execution
Software or firmware that system performs realize.Such as, if realized with hardware, with in another embodiment
Equally, can realize by any one in following technology well known in the art or their combination: have for right
Data signal realizes the discrete logic of the logic gates of logic function, has suitable combinational logic gate electricity
The special IC on road, programmable gate array (PGA), field programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that and realize the whole or portion that above-described embodiment method is carried
The program that can be by step by step completes to instruct relevant hardware, and described program can be stored in a kind of calculating
In machine readable storage medium storing program for executing, this program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, also
Can be that unit is individually physically present, it is also possible to two or more unit are integrated in a module.
Above-mentioned integrated module both can realize to use the form of hardware, it would however also be possible to employ the form of software function module is real
Existing.If described integrated module realizes using the form of software function module and as independent production marketing or make
Used time, it is also possible to be stored in a computer read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " tool
Body example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, knot
Structure, material or feature are contained at least one embodiment or the example of the present invention.In this manual, right
The schematic representation of above-mentioned term is not necessarily referring to identical embodiment or example.And, the concrete spy of description
Levy, structure, material or feature can in any one or more embodiments or example in an appropriate manner
In conjunction with.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is
Exemplary, it is impossible to being interpreted as limitation of the present invention, those of ordinary skill in the art is without departing from the present invention
Principle and objective in the case of above-described embodiment can be changed within the scope of the invention, revise, replace
Change and modification.The scope of the present invention is limited by claims and equivalent thereof.
Claims (29)
1. the method for output verification data, it is characterised in that including:
Smart card sets up communication connection;
After described communication connection foundation completes, described smart card obtains the operation of terminal by described communication connection
Request;
Described smart card, after obtaining described operation requests, obtains described smart card and intelligence during described terminal interaction
Can block operation information, described smart card operation information at least includes the mode of operation of smart card, wherein, described intelligence
The mode of operation that can block includes the communication connection patterns of smart card;
Described smart card obtains described smart card operation information pair from the verification data generation strategy prestored
The verification data generation strategy answered, and utilize verification data generation strategy corresponding to described smart card operation information extremely
Less described smart card operation information is processed, obtain verifying data;
Described smart card, after obtaining described verification data, obtains the output policy that described verification data are corresponding, and
According to the output policy of described verification data, export described verification data.
Method the most according to claim 1, it is characterised in that described smart card utilizes described smart card
Described smart card operation information is at least processed by verification data generation strategy corresponding to operation information, obtains school
The step testing data includes:
Described smart card operation information is processed by described smart card, obtains the first verification data, and to electricity
Sub-passbook balance, electronic bankbook on-line transaction sequence number, dealing money, type of transaction identify, terminating machine is numbered,
Trade date and exchange hour process, and obtain the second verification data, wherein said first verification data and the
The combination of two verification data is as described verification data.
Method the most according to claim 1, it is characterised in that described smart card utilizes described smart card
Described smart card operation information is at least processed by verification data generation strategy corresponding to operation information, obtains school
The step testing data includes:
Described smart card to described smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number,
Dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour process, and obtain institute
State verification data.
Method the most according to claim 1, it is characterised in that at described smart card by described communication
After connecting the operation requests of the described terminal of acquisition, raw in the verification data utilizing described smart card operation information corresponding
Before becoming strategy at least described smart card operation information to be processed, also include:
Judge whether described operation requests is the destination request prestored;
If described operation requests is described destination request, then utilize the verification that described smart card operation information is corresponding
Described smart card operation information is at least processed by data genaration strategy.
5. according to the method described in any one of Claims 1-4, it is characterised in that the step of described process
Including: encryption.
Method the most according to claim 5, it is characterised in that the step of described encryption includes:
If verification data generation strategy corresponding to described smart card operation information is MAC calculative strategy, then institute
State smart card and at least described smart card operation information is carried out MAC calculating;
If verification data generation strategy corresponding to described smart card operation information is HASH calculative strategy, then
Described smart card at least carries out HASH calculating to described smart card operation information;
If verification data generation strategy corresponding to described smart card operation information is Sign Policies, the most described intelligence
Card at least carries out signature calculation to described smart card operation information.
7. according to the method described in any one of Claims 1-4, it is characterised in that described smart card operation
Information also includes: random number and/or transaction counter.
Method the most according to claim 1, it is characterised in that the communication connection patterns of described smart card
Including contactless communication connection mode and/or contact communication connection patterns.
Method the most according to claim 8, it is characterised in that described contact communication connection patterns bag
Include the pattern connected by chip communication and/or the pattern being communicatively coupled by magnetic stripe.
10. according to the method described in Claims 1-4,6,8,9 any one, it is characterised in that described
The mode of operation of smart card includes: the object type being connected with described smart card.
11. 1 kinds of operation requests response methods, it is characterised in that including:
Smart card uses the method at least output verification data as described in any one of claim 1 to 10;
Terminal obtains described verification data, and sends to backstage to operation requests described in major general and described verification data
System server;
Described background system server is after receiving described verification data and described operation requests, to described verification
Data verify, and in verification by rear, perform to respond the flow process of described operation requests.
12. methods according to claim 11, it is characterised in that
The step that described verification data are verified by described background system server includes:
Described background system server obtains the communication mode of described terminal;And, obtain and obtain with described smart card
The target strategy that the verification data generation strategy that takes is identical;
Described background system server utilizes described target strategy to verify the communication mode of described terminal, raw
Become the first check information;
Described background system server by smart card pattern in described first check information and described verification data because of
The verification data that son is corresponding are compared, and described smart card pattern factor is for the communication connection mould of indicating intelligent card
Formula;
If the verification data that described first check information is corresponding with smart card pattern factor in described verification data
Identical, then verification is passed through;Otherwise, verification is not passed through.
13. methods according to claim 12, it is characterised in that described verification data also include to
Described smart card connect object type process after data;Wherein:
The step that described verification data are verified by described background system server also includes:
Background system server obtains the object type of described terminal;
Described background system server utilizes described target strategy to verify the object type of described terminal, raw
Become the second check information;
Described background system server by described second check information and described verification data with described smart card
The verification data that the object type of connection is corresponding are compared;
If the object type that described second check information connects with smart card described in described verification data is corresponding
Verification data identical, then verification pass through;Otherwise, verification is not passed through.
14. methods according to claim 11, it is characterised in that
The step that described verification data are verified by described background system server includes:
Background system server obtains the object type of described terminal;And, obtain and the acquisition of described smart card
The target strategy that verification data generation strategy is identical;
Described background system server utilizes described target strategy to verify the object type of described terminal, raw
Become the second check information;
Described second check information is connected in described verification data by described background system server with smart card
Verification data corresponding to object type compare;
If the object type that described second check information connects with smart card described in described verification data is corresponding
Verification data identical, then verification pass through;Otherwise, verification is not passed through.
15. 1 kinds of smart cards, it is characterised in that including: communication module, acquisition module and processing module;
Described communication module is used for setting up communication connection, according to the output policy of verification data, output verification data;
Described acquisition module is for after the communication connection of described communication module has been set up, by described communication link
Obtain the operation requests taking terminal, after obtaining described operation requests, obtain described smart card and hand over described terminal
Smart card operation information time mutually, described smart card operation information at least includes the mode of operation of described smart card,
Verification data corresponding to described smart card operation information are obtained raw from the verification data generation strategy prestored
Become strategy, after described processing module obtains verification data, obtain the output policy that described verification data are corresponding;
Described processing module is for utilizing verification data generation strategy corresponding to described smart card operation information at least
Described smart card operation information is processed, obtains verifying data.
16. smart cards according to claim 15, it is characterised in that described processing module is for institute
State smart card operation information to process, obtain the first verification data, and electronic bankbook remaining sum, electronics are deposited
Folding on-line transaction sequence number, dealing money, type of transaction mark, terminating machine numbering, trade date and exchange hour
Processing, obtain the second verification data, the combination of wherein said first verification data and the second verification data is made
For described verification data.
17. smart cards according to claim 15, it is characterised in that described processing module is for institute
State smart card operation information, electronic bankbook remaining sum, electronic bankbook on-line transaction sequence number, dealing money, transaction class
Type mark, terminating machine numbering, trade date and exchange hour process, and obtain described verification data.
18. smart cards according to claim 15, it is characterised in that also include: judge module;
Described judge module is after described acquisition module gets described operation requests, it is judged that described operation requests is
The no destination request for prestoring, if it is determined that described operation requests is described destination request, it indicates that described
Processing module utilizes described verification data generation strategy at least to process described smart card operation information.
19. according to the smart card described in any one of claim 15 to 18, it is characterised in that described process mould
Block is additionally operable to utilize described verification data generation strategy to be at least encrypted described smart card operation information.
20. smart cards according to claim 19, it is characterised in that
If verification data generation strategy corresponding to described smart card operation information is MAC calculative strategy, then institute
State processing module at least described smart card operation information being carried out MAC calculating;
If verification data generation strategy corresponding to described smart card operation information is HASH calculative strategy, then
Described processing module is at least carrying out HASH calculating to described smart card operation information;
If verification data generation strategy corresponding to described smart card operation information is Sign Policies, the most described process
Module is at least carrying out signature calculation to described smart card operation information.
21. according to the smart card described in any one of claim 15 to 18, it is characterised in that described smart card
Operation information also includes: random number and/or transaction counter.
22. smart cards according to claim 15, it is characterised in that the mode of operation of described smart card
Communication connection patterns including smart card.
23. smart cards according to claim 22, it is characterised in that the communication connection of described smart card
Pattern includes contactless communication connection mode and/or contact communication connection patterns.
24. smart cards according to claim 23, it is characterised in that described contact communication connection mould
Formula includes the pattern connected by chip communication and/or the pattern being communicatively coupled by magnetic stripe.
25. according to the smart card described in claim 15 to 18,20,22 to 24 any one, and its feature exists
In, the mode of operation of described smart card includes: the object type being connected with described smart card.
26. 1 kinds of operation requests response systems, it is characterised in that including: terminal, background system server with
And the smart card as described in any one of claim 15 to 25;
Described terminal obtains described verification data, and sends extremely to operation requests described in major general and described verification data
Described background system server;
Described background system server includes receiver module, correction verification module and performs module;
Described receiver module is for receiving the described verification data of described terminal transmission and described operation requests;
Described correction verification module is used for after described receiver module receives described verification data and described operation requests,
Described verification data are verified;
Described execution module, for verifying by rear at described correction verification module, performs to respond the stream of described operation requests
Journey.
27. systems according to claim 26, it is characterised in that
Described background system server also includes acquisition module, and described acquisition module is for obtaining the logical of described terminal
Letter mode;And, obtain the target strategy identical with the verification data generation strategy that described smart card obtains;
Described correction verification module is additionally operable to utilize described target strategy to verify the communication mode of described terminal, raw
Become the first check information, described first check information is corresponding with smart card pattern factor in described verification data
Verification data are compared, and described smart card pattern factor is used for the communication connection patterns of indicating intelligent card, if
The verification data that described first check information is corresponding with smart card pattern factor in described verification data are identical, then school
Test and pass through;Otherwise, verification is not passed through.
28. systems according to claim 27, it is characterised in that described verification data also include to
Described smart card connect object type process after data;Wherein:
Described acquisition module is additionally operable to obtain the object type of described terminal;
Described correction verification module is additionally operable to utilize described target strategy to verify the object type of described terminal, raw
Become the second check information, described second check information is right with what described smart card was connected with described verification data
The verification data corresponding as type are compared, if described in described second check information and described verification data
The verification data that the object type of smart card connection is corresponding are identical, then verification is passed through;Otherwise, verification is not passed through.
29. systems according to claim 26, it is characterised in that
Described background system server also includes acquisition module, and described acquisition module is for obtaining the right of described terminal
As type;And, obtain the target strategy identical with the verification data generation strategy that described smart card obtains;
Described correction verification module is additionally operable to utilize described target strategy to verify the object type of described terminal, raw
Become the second check information, by described second check information and the object class being connected with smart card in described verification data
The verification data that type is corresponding are compared, if described second check information and intelligence described in described verification data
The verification data that the object type of card connection is corresponding are identical, then verification is passed through;Otherwise, verification is not passed through.
Priority Applications (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310289234.8A CN103839324B (en) | 2013-07-10 | 2013-07-10 | Smart card and verification data output method, operation requests response method and system |
| PCT/CN2014/081700 WO2015003585A1 (en) | 2013-07-10 | 2014-07-04 | Smart card, operation request outputting method, operation request responding method and system |
| US14/903,159 US20160328712A1 (en) | 2013-07-10 | 2014-07-04 | Smart card method for outputting validation data and method for responding to operation request |
| JP2016524667A JP6236151B2 (en) | 2013-07-10 | 2014-07-04 | Smart card, verification data output method, operation request response method and system |
| PCT/CN2014/081705 WO2015003587A1 (en) | 2013-07-10 | 2014-07-04 | Smart card, verification data outputting method, and operation request responding method and system |
| EP14823389.3A EP3021296A4 (en) | 2013-07-10 | 2014-07-04 | Smart card, verification data outputting method, and operation request responding method and system |
| US16/444,250 US11151574B2 (en) | 2013-07-10 | 2019-06-18 | Smart card, method for outputting validation data, and method for responding to operation request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310289234.8A CN103839324B (en) | 2013-07-10 | 2013-07-10 | Smart card and verification data output method, operation requests response method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103839324A CN103839324A (en) | 2014-06-04 |
| CN103839324B true CN103839324B (en) | 2016-08-10 |
Family
ID=50802785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310289234.8A Active CN103839324B (en) | 2013-07-10 | 2013-07-10 | Smart card and verification data output method, operation requests response method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103839324B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160328712A1 (en) * | 2013-07-10 | 2016-11-10 | Tendyron Corporation | Smart card method for outputting validation data and method for responding to operation request |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1205818A (en) * | 1995-10-31 | 1999-01-20 | 托达斯数据***公司 | Method and device for data communication |
| EP1014318B1 (en) * | 1998-12-18 | 2004-05-19 | Kabushiki Kaisha Toshiba | Ticket issuing method, ticket issuing system and ticket collating method |
| CN1968085A (en) * | 2005-11-17 | 2007-05-23 | 北京握奇数据***有限公司 | Method for high-speed safety communication of intelligent card |
| CN101281610A (en) * | 2008-05-23 | 2008-10-08 | 北京握奇数据***有限公司 | Double-interface smart card and method for starting non-contact application |
| CN102184317A (en) * | 2011-04-14 | 2011-09-14 | 中山爱科数字科技有限公司 | Resident medical data mobile storage device and implementation method thereof |
-
2013
- 2013-07-10 CN CN201310289234.8A patent/CN103839324B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1205818A (en) * | 1995-10-31 | 1999-01-20 | 托达斯数据***公司 | Method and device for data communication |
| EP1014318B1 (en) * | 1998-12-18 | 2004-05-19 | Kabushiki Kaisha Toshiba | Ticket issuing method, ticket issuing system and ticket collating method |
| CN1968085A (en) * | 2005-11-17 | 2007-05-23 | 北京握奇数据***有限公司 | Method for high-speed safety communication of intelligent card |
| CN101281610A (en) * | 2008-05-23 | 2008-10-08 | 北京握奇数据***有限公司 | Double-interface smart card and method for starting non-contact application |
| CN102184317A (en) * | 2011-04-14 | 2011-09-14 | 中山爱科数字科技有限公司 | Resident medical data mobile storage device and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103839324A (en) | 2014-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230155812A1 (en) | Systems and methods for trustworthy electronic authentication using a computing device | |
| US10366378B1 (en) | Processing transactions in offline mode | |
| CN105612543B (en) | Method and system for provisioning payment credentials for mobile devices | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN109257342A (en) | Authentication method, system, server and readable storage medium storing program for executing of the block chain across chain | |
| CN106375326B (en) | A kind of mobile phone bi-directional verification terminal and method | |
| CN101923660B (en) | Dynamic password identity authorization system and method based on RFID | |
| CN102576397B (en) | The checking of token and data integrity protection | |
| CN106576044A (en) | Authentication in ubiquitous environment | |
| CN103152174B (en) | It is applied to the data processing method in parking lot, device and managing system of car parking | |
| CN110378695A (en) | Bank card payment method, device, equipment and computer storage medium | |
| CN106033571A (en) | Trading method of electronic signature devices, electronic signature devices and trading system | |
| CN103516517A (en) | Production method, RFID transponder, authentication method, and reader device | |
| CN106709534A (en) | Anti-counterfeit verification system of electronic certificate | |
| CN108537536A (en) | A kind of method for secure transactions and system based on strategy mark | |
| CN106682905B (en) | Application unlocking method | |
| CN107392001A (en) | A kind of authorization method, system and card | |
| CN109389396A (en) | Transportation card account automatic charging method, device, equipment and computer storage medium | |
| CN103198401A (en) | Smart card transaction method and smart card transaction system with electronic signature function | |
| CN103839322B (en) | Intelligent card, verification data output method, operation request response method and system | |
| CN205015906U (en) | Anti -fake verification system of electron certificate | |
| CN109547554A (en) | No card interactive system and simulation card apparatus | |
| CN101425901A (en) | Control method and device for customer identity verification in processing terminals | |
| CN103839324B (en) | Smart card and verification data output method, operation requests response method and system | |
| KR101691540B1 (en) | System for reading electric power amount |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |