CN105592033B - trusted service management system and method - Google Patents

Abstract

This application discloses a kind of trusted service management system, the system comprises judging unit, for safety barrier initiate application it is individualized when, judge the individualized mode using affiliated service provider；First execution unit is sent to the safety barrier for when the individualized mode is DP file mode, obtaining APDU instruction from database, and by APDU instruction to execute individualized operation；And second execution unit, for when the individualized mode is APDU instruction mode, online message is sent to the service provider, and receives the response to the online message from the service provider and executes individualized operation to be transmitted to the safety barrier.Present invention also provides a kind of methods that trusted service management system executes.

Description

Trusted service management system and method

Technical field

The present invention relates to trusted service management (TSM) system and method.

Background technique

Active computer, which does not have, executes personalized function by TSM platform, member mechanism in hair fastener, open card, card During personalized, traditional hair fastener mode can only be selected, DP file mode or APDU can not be selected according to their needs to refer to Enable the mode of collection；Meanwhile the security level needed can not be also selected according to their needs；In addition, existing individualized technology is only Support the application of PBOC 2.0 individualized, the function of not having the support of multi version CAP packet also therefore individualizes open-minded after not supporting 3.0 new features of the PBOC such as expanded application and national secret algorithm.

Summary of the invention

To solve the above-mentioned problems, according to the one aspect of the application, a kind of trusted service management system is provided, it is described System includes: judging unit, for judging using affiliated service provider when safety barrier is initiated using individualizing Peopleization mode；First execution unit, for obtaining APDU from database and referring to when the individualized mode is DP file mode It enables, and APDU instruction is sent to the safety barrier to execute individualized operation；And second execution unit, it is used for When the individualized mode is APDU instruction mode, online message is sent to the service provider, and mention from the service The response to the online message, which is received, for quotient executes individualized operation to be transmitted to the safety barrier.

Above system may also include that resolution unit, and being used for will be received comprising personal data from the service provider DP document analysis instructed at APDU, and be persisted to the database.

In above system, the response to the online message include directly generated by the service provider it is executable Individualized instruction set.

Above system may also include that control unit, still be held by described second for controlling by first execution unit Row unit executes current operation.

In above system, the CAP of system configuration finance PBOC application different editions in pairs executes individualized.

In above system, when user opens expanded application, the system configuration sends extension to service provider Using opening online message, and the response that the service provider opens online message to the expanded application is transmitted to safety Carrier executes individualized operation, to open expanded application, wherein the response for opening online message to the expanded application includes Instruction set is individualized by executable " expanded application is open-minded " that the service provider directly generates afterwards.

Above system may also include that Network File System, including one or more catalogues corresponding with service provider, institute Catalogue is stated for for using the personalized service provider of DP mode to upload DP file.

Above system may also include that scanning element, for regularly executing scan task to Network File System.

Above system may also include that two or more trusted service managing main frames, for according to pre-set scheduling plan Slightly concomitantly dispatch deal DP file.

In above system, described two or more trusted service managing main frames are configured to be numbered according to application node, appoint Business flowing water and document time stamp are to determine whether by this host schedules DP document analysis task.

In above system, second execution unit is configured to send dynamic key before sending the online message Request.

Above system may also include that encryption equipment, the encryption equipment are used to receive transmission key TK from service provider, according to The transmission key TK decrypts dynamic key, and carries out cryptographic operation to sensitive data according to the dynamic key.

In above system, the dynamic key includes KEK key and MAC key.

In above system, the resolution unit is configured to solve DP file according to the analysis mode being put in storage in batches Analysis, wherein the analysis mode being put in storage in batches includes the following steps: the personal data quantity for a) pre-defining each batch The upper limit；B) batch size needed for calculating all personal data storages；And personal data c) is parsed in batches: every batch of Peopleization data are persisted to database after being parsed, then execute the parsing and persistence of next batch, until all batches Personal data complete parsing and persistence.

Above system may also include that notification unit, for notifying the specific instruction execution result of service provider.

According to further aspect of the application, a kind of method that trusted service management system executes, the method are provided It include: to judge the individualized mode using affiliated service provider when safety barrier is initiated using individualizing；At described When peopleization mode is DP file mode, APDU instruction is obtained from database, and APDU instruction is sent to the safety Carrier is to execute individualized operation；And when the individualized mode is APDU instruction mode, to the service provider Online message is sent, and receives the response to the online message from the service provider to be transmitted to the safety barrier Execute individualized operation.

Detailed description of the invention

After having read a specific embodiment of the invention referring to attached drawing, those skilled in the art will be more clearly Solve various aspects of the invention.Skilled person would appreciate that: these attached drawings are used only for cooperation specific embodiment party Formula illustrates technical solution of the present invention, and is not intended to limit the scope of protection of the present invention.

Fig. 1 is the method flow diagram according to one embodiment of the application, individualized model selection；

Fig. 2 is according to individualizing the schematic diagram for opening expanded application after one embodiment of the application, PBOC 3.0；

Fig. 3 is the flow chart of one embodiment according to the application, TSM system multi-machine Scheduling strategy；

Fig. 4 is one embodiment, the NFS system structure diagram according to the application；

Fig. 5 is according to one embodiment of the application, comprising static transmission cipher key mode and dynamic transmission cipher key mode Individualized flow diagram；

Fig. 6 is the flow chart being put in storage according to one embodiment of the application, DP file fragmentation.

Specific embodiment

What is be described below is some in multiple possible embodiments of the invention, it is desirable to provide to of the invention basic Solution, it is no intended to confirm crucial or conclusive element of the invention or limit scope of the claimed.It is readily appreciated that, according to this The technical solution of invention, in the case where not changing connotation of the invention, those of ordinary skill in the art can propose can be mutual Other implementations of replacement.Therefore, following specific embodiments and attached drawing are only the examples to technical solution of the present invention Property explanation, and be not to be construed as whole of the invention or be considered as to define or limit technical solution of the present invention.

The traditional hair fastener mode of card sending mechanism uses the DP file mode under line, and the same user opens card to multiple bank cards (and individualized) needs longer process.In order to reach the target of instant hair fastener and card Content Management, TSM system has been built by Unionpay System.TSM is the abbreviation of Trusted Service Management, and the TSM of the application is built based on " card is applied more " technology " the aerial hair fastener " and application management system of vertical complete set.By TSM platform, card sending mechanism can safe and efficiently will be more It opens on financial smart card Information personalization to mobile phone or IC card, had not only facilitated user to carry, use, but also be convenient for itself hair fastener and pipe Reason.

It may include following several main operating processes: 1, a according to trusted service management (TSM) system of the application Peopleization instruction obtains；2, instruction secure parsing is individualized；3, instruction execution and implementing result notice are individualized.

Individualized instruction is obtained, the TSM of the application guides industry while supporting traditional off line DP file mode Each side, which is transitioned into, uses online APDU instruction mode.Meanwhile the TSM of the application had both supported the individualized finger of 2.0 version of PBOC It enables, also supports the individualized instruction of 3.0 version of PBOC, and the individualized instruction of more highest version can be extended on demand.

To the security solution of individualized instruction, the TSM of the application guarantees high availability by the way of multi-machine Scheduling.Separately Outside, to realize distributed file management, NFS Network File System is introduced to manage individualized command file.In addition, to all The member mechanism of access, provides maltilevel security mechanism, it is ensured that the confidentiality and reliability of individualized instruction.For security solution institute Instruction must be individualized, the TSM of the application reduces system load, guarantee system even running in such a way that segmentation batch is put in storage And its high availability.

Individualized instruction to completing to execute, the TSM of the application will notify member mechanism to individualize instruction execution result, with For the business information of synchronous both sides.

Fig. 1 is the method flow diagram according to one embodiment of the application, individualized model selection.Pass through the application's Two kinds of individualized tupes: DP file mode and APDU instruction mode can be achieved in TSM system, service provider (SP).

DP file mode, i.e. SP send the personal data document (DP file) of generation to the TSM system of the application System.It may include several pieces personal data in one DP file.The timing scan task of TSM system is swept according to the time of configuration The catalogue that SP uploads DP file is retouched, is persisted to database after being parsed into APDU instruction.It is individualized that application is initiated in safety barrier When, the individualized mode of the affiliated SP of TSM system judgement application obtains APDU instruction from database if it is DP file mode, It is sent to safety barrier and executes individualized operation；

When safety barrier is initiated using individualizing, the individualized mode of the affiliated SP of TSM system judgement application, if it is APDU instruction mode, TSM system send online message to SP, are directly generated executable individualized instruction set by SP and be assembled into Online message response executes individualized operation to safety barrier by the TSM system forwards of the application to the TSM system of the application.

TSM system supports above two individualized mode simultaneously, meanwhile, it, can be at any time at this by modifying configuration parameter Switch between both of which.

According to one embodiment of the application, a kind of trusted service management (TSM) system is provided comprising: judgement is single Member, for judging the individualized mode using affiliated service provider when safety barrier is initiated using individualizing；First holds Row unit, for obtaining APDU instruction from database, and by the APDU when the individualized mode is DP file mode Instruction is sent to the safety barrier to execute individualized operation；And second execution unit, in the individualized mould When formula is APDU instruction mode, online message is sent to the service provider, and receive to described from the service provider The response of online message executes individualized operation to be transmitted to the safety barrier.

It should be pointed out that hardware, software can be used in above-mentioned judging unit, the first execution unit and the second execution unit Or the mode of software and hardware combining is realized.

According to one embodiment of the application, the trusted service management system of the application can apply different versions to financial PBOC This CAP packet executes individualized.Compatible CAP packet version includes PBOC 2.0 and PBOC 3.0 at present, while being supported two-way simultaneous Hold (upward-compatible, backward compatible).According to the difference of configuration parameter, what the SP of commission TSM system management applications can be as needed Application characteristic selects the PBOC CAP packet of different editions.To the SP of selection PBOC 3.0CAP packet, TSM system is provided to the close calculation of state The support of method and expanded application.

As shown in Fig. 2, TSM sends expanded application to SP and opens online message, direct by SP when user opens expanded application Executable " expanded application is open-minded " is generated to individualize instruction set afterwards and be assembled into online message response to the TSM system of the application System, individualized operation after being executed by TSM system forwards to safety barrier, opens expanded application.

In one embodiment, to the personalized SP of DP mode is used, TSM system provides specified Network File System (NFS) path uploads DP file for SP and uses, and network structure is as shown in Figure 4.

In one embodiment, to the selection personalized DP of DP mode, TSM system is distributed specific path in NFS and is supplied SP uploads DP file (if it is dynamic key mode, while need to upload dynamic key cryptograph files).When user is in cell phone customer When application downloading application is initiated at end, TSM system forwards application message to SP, and SP generates executable individualized instruction set and assembles It is uploaded at DP file (may include the corresponding individualized instruction set of downloading application of multiple users in a DP file), then by SP Into NFS.

When SP logs on to NFS using SFTP mode, only has the permission for accessing corresponding DP file storage path.Such as Fig. 4 institute Show, two TSM applied host machines can access the file in NFS as access local file.After completing DP document analysis, DP Another path that file will be transferred in NFS retains as historical data.

In one embodiment, more TSM applied host machines are extended if necessary, and access NFS can also be configured by host.

In one embodiment, TSM system may include Network File System.Network File System further comprise one or Multiple catalogues corresponding with service provider, the catalogue are used for for using the personalized service provider of DP mode to upload DP text Part.

Due to the use of NFS system, the problem of introducing more TSM host concurrent processing same DP file.For this The TSM system of the problem of sample, the application evade this problem using configurable scheduling strategy.Scheduling strategy judges such as Fig. 3 institute Show.

In conjunction with Fig. 3 and Fig. 4, the scanning element in TSM system periodically executes scan task to NFS.When scanning is to be resolved DP file when, TSM host according to preconfigured scheduling strategy (including application node number, task flowing water, document time stamp Equal scheduling strategies judgment basis) judge whether by this host schedules DP document analysis task.If taking turns to the parsing of this host schedules Task then continues to execute；Otherwise the DP file is skipped, other DP files under NFS are continued to scan on, until all untreated in NFS DP file it is processed.It can reduce database to avoid more TSM hosts to the concurrent operations of same DP file in this way and generate The potential risk of dirty data improves TSM application reliability.

Fig. 5 has been shown in particular one embodiment according to the application, is included in the complete individualized of security key model selection Process.

In one embodiment, TSM system supports following two cipher key mode: static transmission cipher key mode and dynamic pass Defeated cipher key mode.In one embodiment, transmission key KEK and MAC key are generated by SP, are passed to the transmission mode of safety TSM system.

1) static transmission cipher key mode

Before transmission DP file or APDU instruction set, SP passes through static transmission key KEK and MAC key formally (under line) key exchange process passes to hardware encryption equipment, and TSM is called in encryption equipment when individualized to carrier application execution every time The every batch data of transmission key KEK and MAC key pair carry out sensitive data and turn encryption and MAC verification operation.

2) dynamic transmission cipher key mode

SP generates a dynamic set of KEK and MAC key, in a manner of ciphertext and DP while transmission DP file every time File passes to TSM system together.Before transmitting personal data, SP will protect the transmission key TK of KEK and MAC key to pass through It crosses formal key exchange process and passes to encryption equipment.The transmission key TK in encryption equipment is called to solve KEK when each hair fastener of TSM With MAC key, then sensitive data being carried out to every batch data and turns encryption and MAC verification operation, this operation must complete by encryption equipment, The plaintext of KEK and MAC key must not be exported.

If the individualized mode of SP is APDU mode, TSM needs before sending the online message for obtaining APDU instruction set The online message for obtaining dynamic key is first sent, triggering SP is generated a dynamic set of KEK and MAC key, answered in a manner of ciphertext It answers to Unionpay.

It in one embodiment, may include more parts of personal datas in DP file.In view of the robustness of TSM system, Resolution unit in system is to the DP file comprising batch personal data using the analysis mode being put in storage in batches, it may be assumed that fixed in advance The upper limit of the personal data quantity of the good each batch of justice, when parsing DP file, calculates the quantity of wherein all personal datas Personal data is put in storage in batches with after the relationship of batch, calculation formula is as follows:

Personal data batch size=personal data quantity/every batch of personal data the upper limit of the number.

Fig. 6 specifically illustrates the flow chart of DP file fragmentation storage.When starting to parse DP file, TSM calculates all Batch size needed for peopleization data loading then begins to parse personal data in batches, and every batch of personal data is parsed After be persisted to database, then the parsing and persistence of next batch are executed, until the personal data of all batches is complete At parsing and persistence.By using the analysis mode of segmentation storage, the robustness of TSM system can be greatly enhanced.This aspect It avoids because personal data is excessive in DP file, leads to that connection exception, memory is caused to overflow when submitting db transaction.It is another Aspect avoids because of certain a personal data parsing storage failure by being divided into multiple issued transaction batch datas, causes institute There is individualized instruction parsing storage failure.

In one embodiment, after completing individualized instruction execution, TSM system will inform the specific instruction execution knot of SP Fruit.In one embodiment, if instruction execution fails, TSM will inform the reason of SP instruction execution fails simultaneously, and SP is promoted to repair Change personal data, guarantees the smooth of follow-up business.In one embodiment, if parsing this son in individualized instruction secure It malfunctions in process, then will inform the information such as the specific location of SP error.

It is easily understood that the TSM system in the application can be realized in several ways, including but not limited to software, The combination of hardware and software and hardware.By providing the compatibility off-line file mode and online-order mode of the application Personalized TSM system and method realize the parsing of the individualized instruction to the versions such as PBOC 2.0 and PBOC 3.0 and execute While support.The characteristics of TSM system and method for the application, is the individualized instruction support of the multi version of Highly Scalable and net The segmentation of network file system, configurable multi-machine Scheduling strategy, highly reliable maltilevel security mechanism and High Availabitity is put in storage in batches.It is logical These features are crossed, the system resource of TSM can be saved, guarantee even running of the system when facing Large Volume Data, and are ensured a It is not tampered when the parsing of peopleization data, execution.

To sum up, the technical solution of the application provides the individualized of a kind of compatible off-line file mode and online-order mode TSM system and method, which mainly has the following advantages: 1) flexibly, SP can choose using two kinds of individuals for configuration One kind of change mode, if it is desired, another individualized mode can also be switched at any time and do not need to restart application；2) multimachine Scheduling, can lateral dilatation arrive the mainframe cluster of required scale, guarantee the high availability serviced；3) big data segmentation batch is put in storage, It guarantees data integrity；4) security mechanism is complete, using the security mechanism of dynamic bind static state, guarantees data confidentiality.

Above, a specific embodiment of the invention is described with reference to the accompanying drawings.But those skilled in the art It is understood that without departing from the spirit and scope of the present invention, can also make to a specific embodiment of the invention each Kind change and replacement.These changes and replacement are all fallen within the scope of the invention as defined in the claims.

Claims (30)

1. a kind of trusted service management system, which is characterized in that the system comprises:

Judging unit, for judging using the individualized of affiliated service provider when safety barrier is initiated using individualizing Mode；

First execution unit, for when the individualized mode is DP file mode, obtaining APDU instruction from database, and APDU instruction is sent to the safety barrier to execute individualized operation；And

Second execution unit, for sending and joining to the service provider when the individualized mode is APDU instruction mode Machine message, and the response to the online message is received from the service provider to be transmitted to the safety barrier execution Peopleization operation.

2. the system as claimed in claim 1, further includes:

Resolution unit, for will refer to from the received DP document analysis comprising personal data of the service provider at APDU It enables, and is persisted to the database.

3. the system as claimed in claim 1, wherein the response to the online message includes direct by the service provider The executable individualized instruction set generated.

4. the system as claimed in claim 1, further includes:

Control unit still executes current behaviour by second execution unit by first execution unit for controlling Make.

5. the system as claimed in claim 1, wherein the CAP of system configuration finance PBOC application different editions in pairs is held Row is individualized.

6. system as claimed in claim 5, wherein when user opens expanded application, the system configuration is mentioned to service Expanded application is sent for quotient and opens online message, and the service provider is opened into online message to the expanded application and is answered It answers and is transmitted to safety barrier execution individualized operation, to open expanded application, wherein open online report to the expanded application The response of text includes that executable " expanded application is open-minded " directly generated by the service provider individualizes instruction set afterwards.

7. the system as claimed in claim 1, further includes:

Network File System, including one or more catalogues corresponding with service provider, the catalogue are used for for using DP mould The personalized service provider of formula uploads DP file.

8. system as claimed in claim 1 or 7, further includes:

Scanning element, for regularly executing scan task to Network File System.

9. the system as claimed in claim 1, further includes:

Two or more trusted service managing main frames, for concomitantly dispatch deal DP to be literary according to pre-set scheduling strategy Part.

10. system as claimed in claim 9, wherein described two or more trusted service managing main frames are configured to basis and answer With node serial number, task flowing water and document time stamp to determine whether by this host schedules DP document analysis task.

11. the system as claimed in claim 1, wherein second execution unit is configured to before sending the online message Send the request of dynamic key.

12. the system as claimed in claim 1, further includes:

Encryption equipment, the encryption equipment are used to receive transmission key TK from service provider, be decrypted according to the transmission key TK Dynamic key, and cryptographic operation is carried out to sensitive data according to the dynamic key.

13. system as claimed in claim 12, wherein the dynamic key includes KEK key and MAC key.

14. system as claimed in claim 2, wherein the resolution unit is configured to according to the analysis mode pair being put in storage in batches DP file is parsed, wherein the analysis mode being put in storage in batches includes the following steps:

A) upper limit of the personal data quantity of each batch is pre-defined；

B) batch size needed for calculating all personal data storages；And

C) parse personal data in batches: every batch of personal data is persisted to database after being parsed, then executes next The parsing and persistence of batch, until the personal data of all batches completes parsing and persistence.

15. the system as claimed in claim 1, further includes:

Notification unit, for notifying the specific instruction execution result of service provider.

16. a kind of method that trusted service management system executes, which is characterized in that the described method includes:

When safety barrier is initiated using individualizing, the individualized mode using affiliated service provider is judged；

When the individualized mode is DP file mode, APDU instruction is obtained from database, and the APDU is instructed and is sent out The safety barrier is given to execute individualized operation；And

When the individualized mode is APDU instruction mode, online message is sent to the service provider, and from the clothes Business provider receives the response to the online message and executes individualized operation to be transmitted to the safety barrier.

17. the method described in claim 16, further includes:

It will be instructed from the received DP document analysis comprising personal data of the service provider at APDU, and be persisted to institute State database.

18. the method described in claim 16, wherein the response to the online message includes straight by the service provider The executable individualized instruction set delivered a child.

19. the method described in claim 16, further includes:

By modifying configuration parameter, switched between DP file mode and APDU instruction mode.

20. the method described in claim 16, further includes: executed to the CAP packet of financial PBOC application different editions individualized.

21. method as claimed in claim 20, wherein when user opens expanded application, send and extend to service provider Using opening online message, and the response that the service provider opens online message to the expanded application is transmitted to safety Carrier executes individualized operation, to open expanded application, wherein the response for opening online message to the expanded application includes Instruction set is individualized by executable " expanded application is open-minded " that the service provider directly generates afterwards.

22. the method described in claim 16, further includes:

Specified Network File System is provided for using the personalized service provider of DP mode to upload DP file.

23. the method described in claim 16, further includes:

Scan task regularly is executed to Network File System.

24. the method described in claim 16, further includes:

According to pre-set scheduling strategy concomitantly dispatch deal DP file.

25. method as claimed in claim 24, wherein pre-set scheduling strategy includes application node number, task flow Water and document time stamp.

26. the method described in claim 16, wherein before sending the online message, first send the request of dynamic key.

27. the method described in claim 16, further includes:

Transmission key TK is received from service provider, dynamic key is decrypted according to the transmission key TK, and according to described Dynamic key carries out cryptographic operation to sensitive data.

28. method as claimed in claim 27, wherein the dynamic key includes KEK key and MAC key.

29. method as claimed in claim 17, wherein DP file is parsed according to the analysis mode being put in storage in batches, In, the analysis mode being put in storage in batches includes the following steps:

A) upper limit of the personal data quantity of each batch is pre-defined；

B) batch size needed for calculating all personal data storages；And

C) parse personal data in batches: every batch of personal data is persisted to database after being parsed, then executes next The parsing and persistence of batch, until the personal data of all batches completes parsing and persistence.

30. the method described in claim 16, further includes:

Notify the specific instruction execution result of service provider.