CN104598799A - Read-write terminal, system and method of storage medium - Google Patents
Read-write terminal, system and method of storage medium Download PDFInfo
- Publication number
- CN104598799A CN104598799A CN201510082949.5A CN201510082949A CN104598799A CN 104598799 A CN104598799 A CN 104598799A CN 201510082949 A CN201510082949 A CN 201510082949A CN 104598799 A CN104598799 A CN 104598799A
- Authority
- CN
- China
- Prior art keywords
- read
- write terminal
- encryption
- write
- storage medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a read-write terminal, system and method of a storage medium. The read-write terminal comprises a terminal identity information storage unit, a first read-only storage unit, an encryption and decryption unit and a communication interface unit, wherein the terminal identity information storage unit is used for storing identity information of the read-write terminal; the first read-only storage unit is used for storing a first encryption program and a first encryption key for secure data transmission between the read-write terminal and a system server; the encryption and decryption unit is connected with the terminal identity information storage unit and the first read-only storage unit and used for encrypting the identity information of the read-write terminal according to the first encryption program and the first encryption key; the communication interface unit is connected with the encryption and decryption unit and used for sending the encrypted read-write terminal identity information to the system server through local equipment. According to the read-write terminal, system and method, the data exchange, encryption and decryption of the storage medium, the system server and an internet bank server can be relatively independent; the encryption and decryption manner is transferred from the local equipment to the read-write terminal so that convenience is brought to the use of users.
Description
Technical field
The present invention relates to electronic information trade information security fields, particularly relate to a kind of read-write terminal of storage medium, system and method.
Background technology
Now; crowd's ratio of inhabitation urbanization is in continuous expansion, and in city, the daily routines of people also become more and more diversified, rhythmization; this just requires that the various information networks in city are more and more sound, also needs to get more and more, means of payment easily more and more flexibly simultaneously.City IC card system solves people in life to a certain extent preferably for daily payment and the problem of supplementing with money.Along with the broader applications of city IC-card, daily life also will enjoy more facility.But supplementing with money of dissimilar IC-card generally could will operate to the site of specifying in daily life, this gives and uses the possessor of IC-card to bring inconvenience, and possessor can only go to understand up-to-date relevant information to business hall, information transmission is more single, slow and delayed.
Realizing in process of the present invention, inventor recognizes that prior art exists following technical matters: have in the read-write process of valency information recording medium, ciphering process and decrypting process are all carry out on special purpose computer, thus cause the inconvenience of holder's inquiry and transaction.
Summary of the invention
(1) technical matters that will solve
For the problems referred to above, the present invention proposes a kind of read-write terminal, the system and method that have valency information recording medium, so that encryption and decryption functions is transferred to read-write terminal from special purpose computer, and user friendly inquiry and transaction.
(2) technical scheme
According to a first aspect of the invention, provide a kind of read-write terminal of storage medium, it is characterized in that, this read-write terminal is independent of local device, comprise terminal identity information storage unit, the first read-only memory unit, encryption/decryption element and communications interface unit, wherein:
Described terminal identity information storage unit, for storing the identity information of described read-write terminal;
Described first read-only memory unit, carries out the first encipheror, first encryption key of Security Data Transmission for storing described read-write terminal and system server;
Described encryption/decryption element, is connected with described first read-only memory unit with described terminal identity information storage unit, for according to described first encipheror and the first encryption key, the identity information to described read-write terminal is encrypted;
Described communications interface unit, is connected with local device with described encryption/decryption element, for the read-write terminal identity information after described encryption being sent to system server by described local device, carries out certification for system server to the identity of described read-write terminal.
According to a further aspect of the invention, provide a kind of read-write system of storage medium, it is characterized in that, comprising: the read-write terminal of storage medium as above, local device and system server;
Described read-write terminal directly carries out information interaction with described storage medium, is also communicated with described system server by described local device;
Described system server is used for carrying out authentication to described read-write terminal, also carries out authentication by described read-write terminal to described storage medium.
According to a second aspect of the present invention, provide a kind of read-write terminal authentication method of storage medium as above, it comprises:
Step 1, read-write terminal are connected to local device, and triggering system server carries out authentication to described read-write terminal;
Step 2, system server read the identity information stored in identity information storage unit in read-write terminal by local device;
Step 3, described read-write terminal return to system server after being encrypted by the identity information stored in described identity information storage unit;
Step 4, system server carry out authentication to described read-write terminal after being decrypted described identity information.
According to a third aspect of the present invention, which provide a kind of read-write terminal of storage medium as above that utilizes and carry out the method for authentication to described storage medium, it comprises:
Step 1, Request System server carry out authentication to the storage medium being connected to read-write terminal;
Step 2, system server read the identity information in described storage medium by local device and read-write terminal;
Step 3, described read-write terminal read the identity information in described storage medium and utilize described second decrypted program and the second decruption key to be decrypted it, then the identity information of the described storage medium after deciphering is encrypted by described first encipheror and the first encryption key, and is sent to system server;
After step 4, the identity information of described system server to described storage medium are decrypted, authentication is carried out to described storage medium.
(3) beneficial effect
Read-write terminal, the system and method having valency information recording medium of the present invention, achieve the relatively independent exchanges data encryption and decryption in valency information recording medium, system server and ebanking server three directions, the mode of encryption and decryption has transferred to read-write terminal by local device, thus facilitates possessor to use.In addition, because read-write terminal does not have Presentation Function and input and output keyboard, solve the safety problem of system, and this read-write terminal has the function of Net silver UKEY concurrently.
Accompanying drawing explanation
Fig. 1 is the structural representation that the present invention has the read-write terminal of valency information recording medium;
Fig. 2 is the structural representation that the present invention has the read-write system of valency information recording medium;
Fig. 3 is that read-write system of the present invention carries out the process flow diagram of certification to read-write terminal;
Fig. 4 is that read-write system of the present invention is to the process flow diagram having valency information recording medium to carry out certification;
Fig. 5 is in read-write system of the present invention, has valency information recording medium possessor to carry out the process flow diagram of payment transaction by ebanking server;
Fig. 6 is in read-write system of the present invention, to the process flow diagram having valency information recording medium to write data;
Fig. 7 is the schematic diagram that embodiment of the present invention read-write terminal and system server carry out Security Data Transmission.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
Fig. 1 is the schematic diagram that the present invention has the read-write terminal of valency information recording medium.As shown in Figure 1, in one exemplary embodiment of the present invention, there is the read-write terminal 100 of valency information recording medium independent of local device 300, comprising: terminal identity information storage unit 104, first read-only memory unit 102, encryption/decryption element 106 and communications interface unit 108.Terminal identity information storage unit 104, for storing the identity information of read-write terminal.First read-only memory unit 102, carries out the first encipheror, first encryption key of Security Data Transmission for storing read-write terminal 100 and system server.Encryption/decryption element 106, is connected with the first read-only memory unit 102 with terminal identity information storage unit 104, for according to the first encipheror and the first encryption key, the identity information to read-write terminal is encrypted.Communications interface unit 108, is connected with local device 300 with encryption/decryption element 106, for the read-write terminal identity information after encryption being sent to system server by local device 300, carries out certification for system server to the identity of read-write terminal.
In the present embodiment, the first read-only memory unit 102, also carries out the first decrypted program and first decruption key of Security Data Transmission for storing read-write terminal 100 and system server.Encryption/decryption element 106, also for being encrypted the data that read-write terminal sends to system server according to the first encipheror and the first encryption key; And according to the decrypt data that the first decrypted program and the first decruption key issue system server.Communications interface unit 108, also for the data after being encrypted being sent to system server by local device; The data through encryption that receiving system server issues.Preferably, in the present embodiment, the first encipheror and the first decrypted program are asymmetric encryption and decryption program, and the first encryption key and the first decruption key are corresponding public affairs, the private key of asymmetric encryption and decryption program.Optimally, this asymmetric encryption and decryption program is RSA enciphering and deciphering algorithm.
The present embodiment achieves the relatively independent exchanges data encryption and decryption with system server direction, the mode of encryption and decryption has transferred to read-write terminal by local device, user can carry out having the information inquiry of valency information recording medium and supplement operation with money anywhere or anytime, thus unnecessaryly to carry out on special purpose computer, convenient for users.
In addition, having in valency information recording medium read-write terminal of the present embodiment, adds for system server to the function of the certification of read-write terminal, to having before valency information recording medium reads and writes, first carries out authentication by system server to read-write terminal.Only have when this authentication by time, just can be read and write storage medium by this read-write terminal, thus enhance the security of valency information recording medium read-write terminal.
Also comprise at the valency information recording medium read-write terminal that has of the preferred embodiment of the present invention: medium read-write cell 105, random memory unit 107 and the second read-only memory unit 103.Medium read-write cell 105, is connected with there being valency information recording medium (200 and/or 200 '), for reading vehicle user information from having in valency information recording medium.Random memory unit 107, be connected with encryption/decryption element 106, for storing at random by medium read-write cell 105 from the information having the vehicle user read valency information recording medium (contact storage medium 200 and/or contactless storage medium 200 ').Second read-only memory unit 103, for storing read-write terminal 100 and having valency information recording medium (200 and/or 200 ') to carry out the second decrypted program, second decruption key of Security Data Transmission.Encryption/decryption element 106, also be connected with the second read-only memory unit 103 with medium read-write cell 105, random memory unit 107, after medium read-write cell 105 is decrypted from the information of the described vehicle user having valency information recording medium to read by the second decrypted program and the second decruption key for utilizing storage in the second read-only memory unit 103, passed through the first encipheror and the second encryption keys, the information of the vehicle user after encryption is stored in random memory unit 107 voluntarily.Communications interface unit 108, also be sent to system server for the data after being encrypted by described encryption/decryption element 106, carry out certification for system server to there being the identity of valency information recording medium (200 and/or 200 '), and store the out of Memory of valency information recording medium.
In addition, in the present embodiment, the second read-only memory unit 103, also for storing read-write terminal 100 and having valency information recording medium (200 and/or 200 ') to carry out the second encipheror, second encryption key of Security Data Transmission; Encryption/decryption element 106, also for according to the first decrypted program and the first decruption key encrypted to there being the write command of valency information recording medium (200 and/or 200 ') to be decrypted to what issue from system server; And according to the second encipheror and the second encryption key, the write command through deciphering is encrypted.Medium read-write cell 105, also for according to the write command through encryption, carries out write operation to there being valency information recording medium (200 and/or 200 ').Preferably, the second encipheror and the second decrypted program are symmetrical encryption and decryption program, and the second encryption key and the second decruption key are key corresponding to symmetrical encryption and decryption program.Optimally, the close program of symmetric cryptography is 3DES enciphering and deciphering algorithm.
In order to adapt to the Contact Type Ic Card generally used in the market, as water, electricity, gas aspect, in the present embodiment, read-write terminal and have between valency information recording medium and carry out information interaction by symmetric cryptography mode.The cipher mode of aforesaid first read-only memory unit can certainly be adopted.Symmetric cryptography mode is good with 3DES enciphering and deciphering algorithm.Relative to the rivest, shamir, adelman of system server and read-write terminal, the cipher round results of this algorithm is poor, but speed is fast, can meet read-write terminal and have the requirement carrying out information interaction between valency information recording medium.
In the further embodiment of the present invention, valency information recording medium read-write terminal is had also to comprise: the 3rd read-only memory unit 101.3rd read-only memory unit 101, also carries out the 3rd encryption and decryption program and the 3rd key of data transmission for storing read-write terminal 100 and bank server.Encryption/decryption element 106, be connected with bank server by communications interface unit 108, local device 300, for being decrypted the storage medium possessor identity information stored in described storage medium according to described 3rd decrypted program and the 3rd decruption key, and by after described first encryption key and the encryption of the first encipheror, ebanking server is sent to by described communications interface unit, certification is carried out for possessor's identity of ebanking server to described storage medium,, for bank server, certification is carried out to the identity of read-write terminal; And/or, for after the decrypt data that issues described ebanking server according to described first decrypted program and the first decruption key, and according to after described 3rd encipheror and the 3rd encryption keys, the possessor's accounts information in described storage medium is upgraded.In simple terms, read-write terminal is with the function of Net silver UKEY, and user, need not certification medium again outside retained amount when carrying out Net silver operation, thus is more convenient for user to use.
Preferably, in the present embodiment, valency information recording medium read-write terminal is had also to comprise: random memory unit 107.This random memory unit, is connected with described encryption/decryption element 106, for storing described read-write terminal at random, having the shared data after the Encrypt and Decrypt of valency information recording medium and described system server.
By arranging random memory unit, can Storage sharing data, thus accelerate the processing speed of read-write terminal, optimize the treatment scheme of whole system.
Corresponding with said apparatus embodiment, present invention also offers a kind of read-write system having valency information recording medium.Fig. 2 is the schematic diagram that the present invention has the read-write system of valency information recording medium.As shown in Figure 2, there is provided a kind of network electronic information including the compositions such as valency storage medium 200, read-write terminal 100, local device 300, system server 400 and ebanking server 500 to store and reading system in the present embodiment, make financial field have valency storage medium possessor can carry out message exchange to medium voluntarily.
In the present embodiment, read-write terminal is the read-write terminal of above-described embodiment.Wherein communications interface unit is USB, RS232, audio interface, WIFI, bluetooth, NFC communication interface; Encryption/decryption element is a microprocessor; Read-only memory unit comprises ROM (read-only memory) (as EEPROM, Flash Memory etc.) module that more than can be carried out separately electric erazable programmable, stores encryption and decryption program, encryption and decryption key etc. respectively.Local device is conventional PC, comprises desktop computer, portable machine etc., can be even the embedded system device with function of surfing the Net.System server stores the relevant information of valency storage medium and possessor thereof, and in addition, this system can also comprise ebanking server, for the Internet bank's information stored and have valency storage medium possessor to be associated, carries out internet bank trade.
Hereinafter, all technical characteristics are applicable to device embodiment, system embodiment all simultaneously, and illustrate no longer separately.Realization flow of the present invention comprises four flow processs: identifying procedure, payment transaction flow process, writes card flow process, read-write terminal upgrading flow process and encryption flow.
One, identifying procedure
(1) read-write terminal identifies the type of storage medium automatically; Described read-write terminal is undertaken alternately by contact or RF interface and described storage medium; Described storage medium can be contact storage medium and contactless storage medium;
(2) storage medium possessor is by local device login system browser, carries out associating of system server and read-write terminal and storage medium, and completes the certification of read-write terminal and storage medium.Read-write terminal and storage medium are not man-to-man, and a read-write terminal can identify multiple storage medium, but must pass through legitimate verification.
Fig. 3 is that read-write system of the present invention carries out the process flow diagram of certification to read-write terminal.As shown in Figure 3, the identifying procedure of system server to read-write terminal comprises:
Step S302: storage medium possessor is by local device 300 login system server 400, and input the user name and password, determines the uniqueness of lander's identity;
Step S304: read-write terminal 100 is connected with local device 300 by serial ports or other corresponding port;
Step S306: system server 400 sends the instruction of the unique sequence numbers read in read-write terminal 100 identity information storage unit 104 by local device 300;
Step S308: sequence number is sent to system server 400 by described read-write terminal 100 after the first encipheror encryption;
Step S310: system server 400 uses its key to be decrypted;
Step S312: carry out contrast certification with the data stored in system server database.
Fig. 4 is that read-write system of the present invention is to the process flow diagram having valency information recording medium to carry out certification.As shown in Figure 4, system server comprises there being the identifying procedure of valency information recording medium:
Step S402: storage medium possessor is by local device 300 login system server 400, and input the user name and password, determines the uniqueness of lander's identity;
Step S404: read-write terminal 100 is connected with local device 300 by serial ports or other the corresponding interface;
Step S406: have valency information recording medium 200 to be connected with read-write terminal 100;
Step S408: have valency information recording medium 200 possessor Request System server 400 to verify there is valency information recording medium 200 legitimacy;
Step S410: system server 400 reads by local device 300 and read-write terminal 100 unique sequence numbers had in valency information recording medium 200;
Step S412: read-write terminal 100 utilizes the second decrypted program in the second read-only memory unit 103 and the second decruption key to be decrypted after being read by the unique sequence numbers in described storage medium 200;
Step S414: by first encipheror of unique sequence numbers in the first read-only memory unit 102 in the described storage medium 200 after deciphering and the first secret key encryption;
Step S416: described read-write terminal 100 sends the unique sequence numbers after encryption to system server 400;
Step S418: system server 400 uses its decrypted program and key to be decrypted;
Step S420: carry out contrast certification with the data stored in system server 400 database.
Specifically,
1) system server carries out certification to read-write terminal by the first encryption and decryption program in the first read-only memory unit and key.
2) by the second encryption and decryption program in the second read-only memory unit and double secret key, it carries out certification to read-write terminal.Finally, to storage medium, by the first encryption and decryption program in read-write terminal first read-only memory unit and double secret key, it carries out certification to system server.
In sum, system server combines the second encryption and decryption program in the second ROM (read-only memory) by the first encryption and decryption program in read-write terminal first ROM (read-only memory) and key and double secret key has valency information storage medium to carry out certification.
Two, payment transaction flow process
(1) there is valency information recording medium possessor to be associated with ebanking server by local device, read-write terminal, and complete the unique corresponding relation of possessor and ebanking server;
(2) valency information recording medium possessor is had to complete the payment by the transfer of accounts between its Net silver account and the possessory Net silver account of system server by ebanking server.
Fig. 5 is in read-write system of the present invention, has valency information recording medium possessor to carry out the process flow diagram of payment transaction by ebanking server.As shown in Figure 5, this flow process comprises:
Step S502: have valency information recording medium 200 possessor by local device 300 debarkation net syndication server 500, input the user name and password, determines the uniqueness of lander's identity;
Step S504: read-write terminal 100 is connected with local device 300 by serial ports or other corresponding port;
Step S506: have valency information recording medium 200 possessor to ask ebanking server 500 to verify read-write terminal 100 legitimacy;
Step S508: ebanking server 500 sends the instruction of the unique sequence numbers read in read-write terminal 100 by local device 300;
Step S510: three encipheror of sequence number in read-write terminal 100 the 3rd read-only memory unit 101 and the 3rd secret key encryption;
Step S512: read-write terminal 100 sends the unique sequence numbers after encryption to ebanking server 500 by local device 300;
Step S514: ebanking server 500 uses its decrypted program and key to be decrypted;
Step S516: carry out contrast certification with the data stored in ebanking server 500 database;
Step S518: after certification is passed through, has valency information recording medium 200 possessor by local device 300 and read-write terminal 100, and request ebanking server 500 is paid to the possessory Net silver account transfer of system server by its Net silver account;
Step S520: three encipheror and the secret key encryption of request instruction in read-write terminal 100 the 3rd read-only memory unit 101 comprising payment by the transfer of accounts amount of money number;
Step S522: send the instruction after encryption to ebanking server 500;
Step S524: ebanking server 500 uses corresponding decrypted program and key to be decrypted;
Step S526: ebanking server 500 performs request instruction and pays to the possessory Net silver account transfer of system server from there being the Net silver account of valency information recording medium 200 possessor.
Step S528: ebanking server 500 sends transfer information to local device 300.Transfer accounts unsuccessfully, repeat payment transaction flow process.Transfer accounts successfully, ebanking server 500 sends to system server 400 and writes several instruction.
Three, data flow is write
(1), after having concluded the business, system server sends the instruction to there being valency information recording medium to write data;
(2) read-write terminal is sent by local device and writes the successful feedback information of data.
Fig. 6 is in read-write system of the present invention, to the process flow diagram having valency information recording medium to write data.As shown in Figure 6, this flow process comprises:
Step S602; System server 400 receives after ebanking server 500 supplements instruction with money, uses its encipheror and key to be encrypted;
Step S604; Instruction is supplemented with money, through local device 300 to read-write terminal 100 after system server 400 sends encryption;
Step S606; Encryption supplement first decrypted program of instruction in read-write terminal 100 first read-only memory unit 102 and secret key decryption with money;
Step S608; Second encipheror of instruction in read-write terminal 100 second read-only memory unit 103 and secret key encryption is supplemented with money after deciphering;
Step S610; Medium read-write cell 105 is used to write the load value data after encryption to storage medium 200;
Step S612; Read-write terminal 100 sends the return message of write operation to local device 300.If write data failure, read-write terminal 100 repeats to write data flow to system server 400 transmission by local device 300.Write data success, write data flow and terminate, transfer accounts successfully.
Four, read-write terminal software function upgrading flow process
(1) there is valency information recording medium possessor to open system server browser by local device and send the application for upgrading of read-write terminal software function to system server;
(2) system server completes the certification (legitimacy of checking read-write terminal) of read-write terminal;
(3) system server sends upgrade software program to electric erazable programmable memory module corresponding to read-write terminal by local device;
(4) read-write terminal is upgraded according to the software of this upgrade software program to self;
(5) read-write terminal stores successful information to local device feedback information.
Five, ciphering process
In the present invention, the feature of read-write terminal independently stores system server in ROM (read-only memory) (ROM), has valency information recording medium and ebanking server to carry out data encrypting and deciphering, relatively independent encryption and decryption program and encryption and decryption key.The data of tripartite only carry out data sharing in the random access memory (RAM) of read-write terminal.
Fig. 7 is the schematic diagram that embodiment of the present invention read-write terminal and system server carry out Security Data Transmission.According to Fig. 7, the present embodiment read-write terminal and system server carry out Security Data Transmission and comprise the following steps:
Step S702: read-write terminal first carries out computing with hash algorithm to transmission information (expressly), forms data summarization, and encrypts it with the private cipher key of oneself, thus forms digital signature;
Step S704: read-write terminal is attached to digital signature and the digital certificate of oneself expressly again;
Step S706: the symmetric key that read-write terminal produces at random, to being expressly encrypted, forms ciphertext;
Step S78: in order to the symmetric-key security that read-write terminal is produced at random sends to system server, uses the public-key cryptography of read-write terminal and system server to be encrypted it, forms digital envelope;
Step S710: read-write terminal finally issues system server ciphertext together with digital envelope;
Step S712: system server is first decrypted digital envelope with the private cipher key of oneself after receiving the ciphertext and digital envelope that read-write terminal transmits, thus obtains the symmetric key of read-write terminal;
Step S714: be decrypted by this double secret key ciphertext again, obtains plaintext, the digital signature of read-write terminal and the digital signature of user then.
From above-mentioned flow process, in view of the feature of symmetric key and public key encryption technology, native system adopts two kinds of encryption technologies to combine, namely DES (symmetric key) and RSA (public-key cryptography) is combined, to the data des encryption transmitted in network, the key encrypted then uses rsa encryption transmission, and the method both ensure that the safety of data turn improved the speed of encryption and decryption.
Specifically, encryption process of the present invention has following features:
(1) having valency information recording medium and read-write terminal to encrypt is realized by the encrypting module in read-write terminal, storing encryption program and encryption key in the storer of encrypting module.Message exchange data encryption generally adopts symmetric cryptography mode (as 3DES etc., can on the basis ensureing certain safe class, processing speed is faster provided), be stored in respectively independently in EEPROM (Electrically Erasable Programmable Read Only Memo) block for the key of encryption and decryption and encryption and decryption program.
(2) read-write terminal and system server message exchange data encryption generally adopt asymmetric encryption mode (as RSA etc., processing speed is slow, but security is higher), be stored in respectively independently in EEPROM (Electrically Erasable Programmable Read Only Memo) module for the public affairs of encryption and decryption, private key spoon and encryption and decryption program.
(3) between ebanking server and local device, the data encryption rule of bank is followed in message exchange data encryption, is stored in respectively in the independently EEPROM (Electrically Erasable Programmable Read Only Memo) module in read-write terminal for the key of encryption and decryption and encryption and decryption program.
(4) in read-write terminal, by being stored separately in the decrypted program in electric erazable programmable storer and the data after secret key decryption control by built-in running program, (decrypted program in ROM (read-only memory) and the data after secret key decryption all can be temporary in random access memory voluntarily, can be eliminated after using or after power down, there will not be leakage), can be used for homologous ray server, ebanking server and have the data sharing between valency information recording medium.
Above-described specific embodiment, further describes object of the present invention, technical scheme and beneficial effect.Institute it should be understood that and the foregoing is only specific embodiments of the invention, is not limited to the present invention, within the spirit and principles in the present invention all, and any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a read-write terminal for storage medium, is characterized in that, this read-write terminal, independent of local device, comprises terminal identity information storage unit, the first read-only memory unit, encryption/decryption element and communications interface unit, wherein:
Described terminal identity information storage unit, for storing the identity information of described read-write terminal;
Described first read-only memory unit, carries out the first encipheror, first encryption key of Security Data Transmission for storing described read-write terminal and system server;
Described encryption/decryption element, is connected with described first read-only memory unit with described terminal identity information storage unit, for according to described first encipheror and the first encryption key, the identity information to described read-write terminal is encrypted;
Described communications interface unit, is connected with local device with described encryption/decryption element, for the read-write terminal identity information after described encryption being sent to system server by described local device, carries out certification for system server to the identity of described read-write terminal.
2. read-write terminal according to claim 1, is characterized in that,
Described first read-only memory unit, also carries out the first decrypted program and first decruption key of Security Data Transmission for storing described read-write terminal and system server;
Described encryption/decryption element, also for being encrypted the data that described read-write terminal sends to system server according to described first encipheror and the first encryption key; And according to the decrypt data that the first decrypted program and the first decruption key issue described system server;
Described communications interface unit, also for the described data that are encrypted being sent to system server by local device; And receive the data of the process encryption that described system server issues.
3. read-write terminal according to claim 2, is characterized in that, also comprises medium read-write cell and the second read-only memory unit, wherein:
Described medium read-write cell, is connected with described storage medium, for reading medium holder information from described storage medium;
Described second read-only memory unit, carries out the second decrypted program, second decruption key of Security Data Transmission for storing described read-write terminal and described storage medium;
Described encryption/decryption element, also be connected with described second read-only memory unit with described medium read-write cell, for being decrypted described storage medium holder information according to described second decrypted program and the second decruption key, and described first encipheror and the first encryption key is utilized to be encrypted the storage medium holder information after described deciphering;
Described communications interface unit, also for the storage medium holder information after described encryption is sent to described system server, carries out certification for described system server to the identity of described storage medium.
4. read-write terminal according to claim 3, is characterized in that,
Described second read-only memory unit, also carries out the second encipheror, second encryption key of Security Data Transmission for storing described read-write terminal and described storage medium;
Described encryption/decryption element, also for being decrypted the encrypted write command to described storage medium issued from described system server according to described first decrypted program and the first decruption key; And according to described second encipheror and the second encryption key, the write command through deciphering is encrypted;
Described medium read-write cell, also for according to the write command through described encryption, carries out write operation to described storage medium;
Described first encipheror and the first decrypted program are asymmetric encryption and decryption program, and described first encryption key and described first decruption key are corresponding public affairs, the private key of described asymmetric encryption and decryption program;
Described asymmetric encryption and decryption program is RSA enciphering and deciphering algorithm;
Second encipheror and the second decrypted program are symmetrical encryption and decryption program, and described second encryption key and described second decruption key are key corresponding to described symmetrical encryption and decryption program; The close program of described symmetric cryptography is 3DES enciphering and deciphering algorithm.
5. read-write terminal according to claim 1, is characterized in that, also comprises the 3rd read-only memory unit, wherein:
Described 3rd read-only memory unit, carries out the 3rd encipheror of data transmission, the 3rd encryption key, the 3rd decrypted program and the 3rd decruption key for storing described read-write terminal and ebanking server;
Described encryption/decryption element, also by described communications interface unit, local device is connected with ebanking server, for being decrypted the storage medium possessor identity information stored in described storage medium according to described 3rd decrypted program and the 3rd decruption key, and by after described first encryption key and the encryption of the first encipheror, ebanking server is sent to by described communications interface unit, certification is carried out for possessor's identity of ebanking server to described storage medium, and/or, for after the decrypt data that issues described ebanking server according to described first decrypted program and the first decruption key, and according to after described 3rd encipheror and the 3rd encryption keys, the possessor's accounts information in described storage medium is upgraded.
6. the read-write terminal according to any one of Claims 1 to 5, is characterized in that, also comprises:
Random memory unit, is connected with described encryption/decryption element, for storing described read-write terminal, have valency information recording medium, data after the Encrypt and Decrypt of system server and described ebanking server;
Described medium read-write cell is contact medium read-write cell or contactless medium read-write cell; Described communications interface unit is USB, RS232, audio interface, WIFI, bluetooth, NFC interface unit; Valency information recording medium is had described in a described read-write terminal is corresponding one or more.
7. a read-write system for storage medium, is characterized in that, comprising: the read-write terminal of the storage medium according to any one of claim 1 ~ 9, local device and system server;
Described read-write terminal directly carries out information interaction with described storage medium, is also communicated with described system server by described local device;
Described system server is used for carrying out authentication to described read-write terminal, also carries out authentication by described read-write terminal to described storage medium.
8. read-write system according to claim 7, is characterized in that: described local device is to be connected to the desktop computer of described system server, portable machine or embedded equipment;
Described read-write system also comprises ebanking server, wherein:
Described read-write terminal is also communicated with described ebanking server by described local device;
Described ebanking server, be connected with described local device, for carrying out authentication to described read-write terminal and storage medium, and after completing the authentication to described read-write terminal and storage medium, according to the online payment function of possessor's account of having asked to store in described storage medium.
9. a read-write terminal authentication method for the storage medium as described in any one of claim 1-6, it comprises:
Step 1, read-write terminal are connected to local device, and triggering system server carries out authentication to described read-write terminal;
Step 2, system server read the identity information stored in identity information storage unit in read-write terminal by local device;
Step 3, described read-write terminal return to system server after being encrypted by the identity information stored in described identity information storage unit;
Step 4, system server carry out authentication to described read-write terminal after being decrypted described identity information.
10. utilize the read-write terminal of storage medium as described in any one of claim 1-6 to as described in storage medium carry out the method for authentication, it comprises:
Step 1, Request System server carry out authentication to the storage medium being connected to read-write terminal;
Step 2, system server read the identity information in described storage medium by local device and read-write terminal;
Step 3, described read-write terminal read the identity information in described storage medium and utilize described second decrypted program and the second decruption key to be decrypted it, then the identity information of the described storage medium after deciphering is encrypted by described first encipheror and the first encryption key, and is sent to system server;
After step 4, the identity information of described system server to described storage medium are decrypted, authentication is carried out to described storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510082949.5A CN104598799A (en) | 2015-02-15 | 2015-02-15 | Read-write terminal, system and method of storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510082949.5A CN104598799A (en) | 2015-02-15 | 2015-02-15 | Read-write terminal, system and method of storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104598799A true CN104598799A (en) | 2015-05-06 |
Family
ID=53124577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510082949.5A Pending CN104598799A (en) | 2015-02-15 | 2015-02-15 | Read-write terminal, system and method of storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104598799A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961411A (en) * | 2016-01-08 | 2017-07-18 | 上海木鸡网络科技有限公司 | A kind of data transmission method and system |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN117935439A (en) * | 2024-03-07 | 2024-04-26 | 广州国保科技有限公司 | Shielding cabinet and deposit control method thereof |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236773A (en) * | 2010-04-30 | 2011-11-09 | 航天信息股份有限公司 | Radio frequency identification (RFID) encryption verification system and method |
| CN102611552A (en) * | 2011-01-24 | 2012-07-25 | 廊坊百迅信息技术有限公司 | Read-write terminal and system of valuable information storage media |
-
2015
- 2015-02-15 CN CN201510082949.5A patent/CN104598799A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236773A (en) * | 2010-04-30 | 2011-11-09 | 航天信息股份有限公司 | Radio frequency identification (RFID) encryption verification system and method |
| CN102611552A (en) * | 2011-01-24 | 2012-07-25 | 廊坊百迅信息技术有限公司 | Read-write terminal and system of valuable information storage media |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961411A (en) * | 2016-01-08 | 2017-07-18 | 上海木鸡网络科技有限公司 | A kind of data transmission method and system |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN117935439A (en) * | 2024-03-07 | 2024-04-26 | 广州国保科技有限公司 | Shielding cabinet and deposit control method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI792284B (en) | Methods for validating online access to secure device functionality | |
| CN102315942B (en) | Security terminal with Bluetooth and communication method thereof of security terminal and client end | |
| EP3861538A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN102013001B (en) | Card reader with authentication function and authentication method thereof | |
| CN102801730B (en) | Information protection method and device for communication and portable devices | |
| CN102867366B (en) | Portable bank card data processing device, system and method | |
| KR20180017222A (en) | Online payments using a secure element of an electronic device | |
| CN102088349B (en) | Personalized method and system of intelligent card | |
| CN102123027A (en) | Information security processing method and mobile terminal | |
| CN203242029U (en) | An intelligent card containing an electronic signature function and an intelligent card transaction system | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| US20140289129A1 (en) | Method for secure contactless communication of a smart card and a point of sale terminal | |
| EP3861510A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN104182875A (en) | Payment method and payment system | |
| AU2019354421A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| US20120124378A1 (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN201936334U (en) | Mobile payment data secure digital card | |
| CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
| KR20180024994A (en) | Radio link authentication system and methods using Devices and automation devices | |
| CN103198401A (en) | Smart card transaction method and smart card transaction system with electronic signature function | |
| CN101587458A (en) | Operation method and device for intelligent storing card | |
| CN101571926A (en) | Safe read-write device for IC cards and method for using same | |
| JP2022502891A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
| CN104598799A (en) | Read-write terminal, system and method of storage medium | |
| US11562346B2 (en) | Contactless card with multiple rotating security keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150506 |