CN108243402A - A kind of method and device for reading and writing smart card - Google Patents

A kind of method and device for reading and writing smart card Download PDF

Info

Publication number
CN108243402A
CN108243402A CN201810051995.2A CN201810051995A CN108243402A CN 108243402 A CN108243402 A CN 108243402A CN 201810051995 A CN201810051995 A CN 201810051995A CN 108243402 A CN108243402 A CN 108243402A
Authority
CN
China
Prior art keywords
smart card
pki
data
digital signature
nfc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810051995.2A
Other languages
Chinese (zh)
Other versions
CN108243402B (en
Inventor
焦易飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201810051995.2A priority Critical patent/CN108243402B/en
Publication of CN108243402A publication Critical patent/CN108243402A/en
Application granted granted Critical
Publication of CN108243402B publication Critical patent/CN108243402B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/77Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The embodiment of the invention discloses it is a kind of read and write smart card method, including:By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtain the PKI application identities that the smart card returns;When the PKI application identities of the return are matched with preset value, obtain the corresponding PKI applications of the PKI application identities, digital signature is sent by the digital signature interface function that the PKI is applied to the smart card to instruct, the digital signature instruction includes data to be signed;Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.The embodiment of the present invention also accordingly discloses a kind of device for reading and writing smart card.The method and device of read-write smart card in the present invention can improve safety during smart card reader, promote user experience.

Description

A kind of method and device for reading and writing smart card
Technical field
The present invention relates to field of computer technology more particularly to a kind of method and devices for reading and writing smart card.
Background technology
Smart card is also CPU card, and microprocessor CPU, storage unit and chip operation are carried in the integrated circuit in card System COS.CPU card equipped with COS is equivalent to a microcomputer, not only with data storage function, while has order The functions such as processing and data security protecting.
NFC (Near Field Communication) i.e. near field communication (NFC)s.It is to be known by contact-free formula radio frequency (RFID) is not developed, and backward compatible RFID, i.e. NFC are also a kind of non contact angle measurement and interconnection technique in itself, can be with Wireless near field communication is carried out between mobile equipment, consumer electronics product, PC and smart control tool.NFC provides one kind Simply, the solution of touch exchanges information, accesses content and service in which can allow consumer's simple, intuitive.
Existing NFC technique can be used for read-write of the mobile terminal to smart card, but for passing through read-writes of the NFC to smart card In mode, preferable cryptographic means are not used, therefore cause when NFC technique is used to be written and read smart card, such as In the scene of payment, safety is relatively low.
Invention content
Based on this, to solve being deposited when NFC technique is used to be written and read smart card in traditional technology mentioned above Safety it is relatively low the technical issues of, provided it is a kind of read and write smart card method.
A kind of method for reading and writing smart card, including:
By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;
It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtain the smart card The PKI application identities of return;
When the PKI application identities of the return are matched with preset value, obtaining the corresponding PKI of the PKI application identities should With, digital signature is sent to the smart card by the digital signature interface function that the PKI is applied and is instructed, the digital signature Instruction includes data to be signed;
Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.
Optionally, when the PKI application identities of the return and preset value mismatch, miscue information is returned.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
The verification digital signature interface function applied by the PKI sends verification digital signature to the smart card and refers to It enables, the verification digital signature instruction includes signed data to be verified;
Verify corresponding with the signed data to be verified that the smart card is returned by the NFC connections is received to tie Fruit.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve Close instruction, the digital signature instruction include to be added/ciphertext data;
Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is non- The data of symmetry algorithm enciphering/deciphering.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;
The smart card is received corresponding with the to be added/ciphertext data to have been subjected to pair by what the NFC connections returned Claim the data of algorithm enciphering/deciphering.
In addition, to solve existing when NFC technique is used to be written and read smart card in traditional technology mentioned above Safety it is relatively low the technical issues of, provided it is a kind of read and write smart card device.
A kind of device for reading and writing smart card, including:
NFC connection establishment modules for passing through near-field communication NFC chip Intelligent Card, are built with the smart card sensed Vertical NFC connections;
PKI application identities acquisition modules send Public Key Infrastructure for being connected by the NFC to the smart card PKI selection requests, obtain the PKI application identities that the smart card returns;
Digital signature sending module, for when the PKI application identities of the return are matched with preset value, described in acquisition The corresponding PKI applications of PKI application identities, number is sent by the digital signature interface function that the PKI is applied to the smart card Word signature command, the digital signature instruction include data to be signed;
Digital signature receiving module, for receive that the smart card returned by the NFC connections with it is described to be signed The corresponding signed data of data.
Optionally, described device further includes miscue information return module, in the PKI application identities of the return When being mismatched with preset value, miscue information is returned.
Optionally, described device further includes digital signature authentication module, is used for:
The verification digital signature interface function applied by the PKI sends verification digital signature to the smart card and refers to It enables, the verification digital signature instruction includes signed data to be verified;
Verify corresponding with the signed data to be verified that the smart card is returned by the NFC connections is received to tie Fruit.
Optionally, described device further includes asymmetric encryption/decryption module, is used for:
Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve Close instruction, the digital signature instruction include to be added/ciphertext data;
Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is non- The data of symmetry algorithm enciphering/deciphering.
Optionally, described device further includes symmetrical encryption/decryption module, is used for:
Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;
The smart card is received corresponding with the to be added/ciphertext data to have been subjected to pair by what the NFC connections returned Claim the data of algorithm enciphering/deciphering.
Implement the embodiment of the present invention, will have the advantages that:
After the method and device for employing above-mentioned read-write smart card, in the mobile terminal with NFC chip to smart card During being written and read, it can realize that the data based on PKI mechanism are handed over by the NFC connections between mobile terminal and smart card Mutually, that is to say, that when user is written and read smart card using mobile terminal, also to pass through encryption, improve Mobile terminal improves user experience to the safety during the read-write of smart card.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Wherein:
Fig. 1 is a kind of flow diagram for the method for reading and writing smart card in one embodiment;
Fig. 2 is a kind of structure diagram for the device for reading and writing smart card in one embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
To solve the existing safety when NFC technique is used to be written and read smart card in traditional technology mentioned above Property it is relatively low the technical issues of, in the present embodiment, provided it is a kind of read and write smart card method.The side of above-mentioned read-write smart card Method is realized dependent on computer program, can run in the computer system based on von Neumann system.The computer program can To be the application program of smartcard.The computer system can be based on von Neumann system and with near-field communication work( The computer equipment of energy, such as smart mobile phone, tablet computer, smartwatch, Intelligent bracelet or the personal meter with NFC inductors The equipment such as calculation machine.
Specifically, the method for the read-write smart card is as shown in Figure 1, include the following steps:
Step S102:By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect.
As previously mentioned, smart card (CPU card) is the IDE with intelligent card chip of standard, set in terminal There is smart card reader chip, the driver of smart card reader chip is included in terminal.When smart card contact or close to terminal When, smart card reader chip driver program can sense smart card, that is to say, that terminal can pass through near-field communication NFC cores Piece Intelligent Card.
In the present embodiment, near-field communication (English can be installed in smart card:Near Field Communication, Referred to as:NFC) chip, the smart card reader chip in terminal can be near field communications chip, and terminal can be communicated by inductive near field Signal senses relevant smart card, and establish NFC with the smart card sensed and connect according to near-field-communication signal.
Smart card close to terminal and is passing through after NFC signals and terminal establish connection, it is possible to be carried out between terminal Data interaction can will then store related data corresponding with the smart card and be sent to terminal by NFC signals in smart card, by Terminal is received by NFC chip.
For example, when mass transit card is fitted on the mobile phone terminal based on the present embodiment by user, mobile phone terminal can then pass through NFC It detects the contact event of mass transit card, and the connection relation with the smart card can be established by the NFC chip in mobile phone terminal.
Step S104:It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtained The PKI application identities that the smart card returns.
In step s 102, terminal is established by the NFC chip being mounted in terminal and smart card between smart card NFC connections, that is, institute can be communicated and/or data interaction between terminal and smart card by the NFC connections, i.e. intelligence The data that can receive terminal transmission can be blocked, terminal can also receive the data of smart card return.
PKI (Public Key Infrastructure) is a kind of to follow the close of written standards i.e. " Public Key Infrastructure " Key management platform, it can provide the cryptographic services such as encrypted and digitally signed and necessary key and card for all-network application Book management system, in simple terms, PKI are exactly the infrastructure of offer security service established using public key theory and technology.PKI Technology is the core of information security technology and the key of e-commerce and basic technology.
Public Key Infrastructure PKI selection requests, which are terminals, establishes with smart card after NFC connect, according to the NFC connections Generation.The request is the concrete type in order to know the smart card connected, for example, mass transit card, dining room mess card or shopping Card.Upon receipt of the request, according to the related content of request, itself corresponding PKI application identities is returned for smart card To terminal.
In the present embodiment, in terminal after smart card sends Public Key Infrastructure PKI selection request, smart card is by intelligence The PKI application identities for representing the corresponding application type of the smart card corresponding with the smart card that can be stored in card pass through NFC signals are sent to terminal, are received by terminal by NFC chip.The application identities are to be stored in advance in the storage of smart card In device, smart card reads the application identities by reading the memory of its own.
Step S106:When the PKI application identities of the return are matched with preset value, the PKI application identities pair are obtained The PKI applications answered send digital signature to the smart card by the digital signature interface function that the PKI is applied and instruct, institute It states digital signature instruction and includes data to be signed.
Terminal receive smart card return PKI application identities after, judge the PKI application identities whether with preset value Matching.It should be noted that in the present embodiment, preset value can only there are one, that is to say, that on the terminal, only support The smart card of a certain application type, without supporting other kinds of smart card;In addition, preset value can also include multiple, end End is searched in preset value list and the above-mentioned matched preset value of PKI application identities, if finding, judges the return PKI application identities are matched with preset value;In this case, terminal supports a plurality of types of smart cards simultaneously, i.e. user both may be used To use A class smart cards in terminal, B class smart cards can also be used in terminal.
In the present embodiment, different PKI application identities correspond to different PKI and apply, in the PKI application marks received When knowledge is matched with preset value, then PKI applications corresponding with the PKI application identities can be searched in the terminal, and select the PKI should With.That is, the PKI that terminal has been successfully selected by aforesaid operations in terminal is applied, and PKI applications are and this The corresponding PKI applications of smart card.
It should be noted that if the PKI application identities of the return are mismatched with preset value, that is, illustrate in the terminal not It is applied in the presence of PKI corresponding with the smart card, it is impossible to realize the PKI data interactions between terminal using the terminal, then return Corresponding miscue information, the miscue information fail for informing that user smart card is read and write.
After PKI has been selected to apply, terminal can be applied by the PKI and carry out data interaction with smart card, and Data exchange can be carried out to realize the secure interactive of data.For example, it paid in user, swiped the card or end-to-end transmission When business, verification is digitally signed using above-mentioned PKI applications, verification digital signature, data is encrypted or decrypted, it can So that the security performance handled of above-mentioned business improves.
Specifically, the digital signature interface function by PKI applications needs signed data for intelligence to smart card transmission Card is digitally signed, i.e., sends digital signature instruction to smart card, and number to be signed is contained in digital signature instruction According to.
Step S108:Receive the smart card by the NFC connections return it is corresponding with the data to be signed Signed data.
After the digital signature for the containing data to be signed instruction that smart card terminal in step S106 is received is sent, It obtains data therein and is digitally signed, signed data is then returned into terminal, terminal preserves upon receipt The signed data.
It should be noted that in the present embodiment, smart card is to make when being digitally signed to data to be signed What public key was encrypted, and when signed data returns to terminal, together demonstrate,prove the public key of smart card itself Book also returns to terminal, so that terminal is decrypted or verifies during subsequent according to the public key certificate.Terminal is receiving After the data returned to smart card, the public key of smart card is obtained by public key certificate, smart card is returned by the public key The digital signature in signed data carries out verification signature, is verified, and preserves the digital signature, otherwise output error.
Further, in the present embodiment, digital signature instruction in contain CLA (classes of instructions), INS (instruction code), Private key, data send state, need digital signature data, Le (it is desirable that the data word joint number answered when responding).It is returned in smart card Return data format in contain digital signature status, signature after data, CLA status words, INS status words, digital signature order Middle data correctness status word, LC status words, data overlength status word, KEY init state words.
For example, during above-mentioned digital signature, terminal sends APDU (ApplicationProtocolDataUni T, Application Protocol Data Unit) digital signature instructed to smart card, and specific form is as shown in table 1.
Table 1
CLA INS P1 P2 Lc Need digital signature data Le
0x80 0x0C XX XX Lc Data to be signed
Specifically, P1 is private key, and P1=0x03 (private key one), P1=0x04 (private key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01 Next);
Le is the data word joint number for wishing to answer when responding.
And after smart card receives digital signature instruction, it signs to data, the data that then answering mobile phone has been signed (i.e. APDU digital signature response instruction) is as shown in table 2.
Table 2
In another embodiment, verification number can be realized between terminal and smart card by the data interaction of NFC connections The process of signature, specifically, being further included after the step of corresponding PKI of the acquisition PKI application identities is applied:Pass through institute The verification digital signature interface function for stating PKI applications sends verification digital signature instruction, the verification number to the smart card Signature command includes signed data to be verified;It is being returned by the NFC connections with the signed certificate to be tested to receive the smart card The corresponding verification result of name data.
Terminal obtains the signed data to be verified, and root when needing to be verified using smartcard word signature According to the signed data generation verification digital signature instruction to be verified, contained in verification digital signature instruction above-mentioned to be tested Demonstrate,prove signed data.Then verification number is sent to the smart card by the verification digital signature interface function that the PKI is applied Signature command, smart card obtain data therein, and to signature to be verified after above-mentioned verification digital signature instruction is received Data are verified, the result of verification then is returned to terminal by the NFC connections between terminal and smart card, so that Terminal can receive the verification result by NFC connections.
Optionally, in the present embodiment, CLA (classes of instructions), INS (instructions are contained in the instruction of verification digital signature Code), private key, data send state, Lc, need to verify digital signature data, Le (it is desirable that data word joint number for answering when responding). The form that smart card returns to the verification result of terminal contains verification result, CLA status words, INS status words, verification number label Data correctness status word, LC status words, data standard status word, KEY init states word, data overlength shape in name order State word.
For example, during above-mentioned digital signature authentication, terminal sends APDU digital signature and instructs to smart card, tool The form of body is as shown in table 3.
Table 3
Wherein, P1 is public key, and P1=0x01 (public key one), P1=0x02 (public key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01 Next);
Le is the data word joint number for wishing to answer when responding;
It is needing to verify that digital signature data includes signed data data format REF-VER-Sig (referring specifically to table 4) With former Data Data form REF-VER-Data (referring specifically to table 5)
Table 4
Tag Length Value Meaning Presence
E1 0xXXXX Signature
Table 5
Tag Length Value Meaning Presence
E2 0xXXXX Former data
After the instruction of smart card authentication digital signature, signed data to be verified is verified, is then returned to terminal such as APDU verifying data signatures response instruction (i.e. verification result) shown in table 6.
Table 6
In another embodiment, optionally, after the step of corresponding PKI of the acquisition PKI application identities is applied It further includes:Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve Close instruction, the digital signature instruction include to be added/ciphertext data;Receive what the smart card was returned by the NFC connections The data for having been subjected to asymmetric arithmetic enciphering/deciphering corresponding with the to be added/ciphertext data.
Terminal obtains to be encrypted or decryption number when needing that data are encrypted using asymmetric arithmetic either decryption According to, and according to the to be encrypted or ciphertext data generation asymmetric arithmetic enciphering/deciphering instruction, in the asymmetric arithmetic enciphering/deciphering Above-mentioned to be encrypted or ciphertext data is contained in instruction.Then the asymmetric enciphering/deciphering interface function applied by the PKI The instruction of asymmetric arithmetic enciphering/deciphering is sent to the smart card, smart card is receiving above-mentioned asymmetric arithmetic enciphering/deciphering instruction Later, data therein are obtained, and the to be encrypted or solution to getting is instructed according to the asymmetric arithmetic enciphering/deciphering received Ciphertext data is encrypted or decrypts, then by the NFC connections between terminal and smart card will have been subjected to asymmetric arithmetic add/ The data of decryption return to terminal, have been subjected to asymmetric arithmetic so that terminal can receive this by NFC connections and add/solve Close data.
Optionally, in the present embodiment, CLA (classes of instructions) is contained in the instruction of asymmetric arithmetic enciphering/deciphering, INS (refers to Enable code), public and private key, LC data send state, Lc, need encrypting/decrypting data, Le (it is desirable that the data byte answered when responding Number).Smart card return to terminal encryption or decrypted result in contain encryption/decrypted result, ciphertext/clear data, CLA Data correctness status word, LC status words, KEY are initial in status word, INS status words, asymmetric arithmetic encryption/decryption command Change status word, data overlength status word.
For example, during above-mentioned encryption or decryption, terminal send APDU asymmetric arithmetic enciphering/decipherings instruct to Smart card, specific form are as shown in table 7.
Table 7
CLA INS P1 P2 Lc Need enciphering/deciphering data Le
0x80 0x50 0xXX 0xXX Lc Data to be encrypted
Wherein, P1 is public key or private key, and P1=0x01 (public key one), P1=0x02 (public key two), P1=0x03 (private keys One), P1=0x04 (private key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01 Next);
Le is the data word joint number for wishing to answer when responding.
After smart card receives the instruction of asymmetric arithmetic enciphering/deciphering, data in acquisition instruction and be encrypted or Then data after encryption or decryption are returned to terminal by decryption, specific as shown in table 8.
Table 8
In another embodiment, optionally, after the step of corresponding PKI of the acquisition PKI application identities is applied It further includes:Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;Receive that the smart card returned by the NFC connections with institute State the corresponding data for having been subjected to symmetry algorithm enciphering/deciphering of to be added/ciphertext data.
Specifically, terminal need that data are encrypted using symmetry algorithm either decryption when obtain it is to be encrypted or Ciphertext data, and according to the to be encrypted or ciphertext data generation symmetry algorithm enciphering/deciphering instruction, add/solve in the symmetry algorithm Above-mentioned to be encrypted or ciphertext data is contained in close instruction.Then the symmetrical enciphering/deciphering interface function applied by the PKI The instruction of symmetry algorithm enciphering/deciphering is sent to the smart card, and smart card instructs it receiving above-mentioned symmetry algorithm enciphering/deciphering Afterwards, data therein are obtained, and the to be encrypted or decryption number to getting is instructed according to the symmetry algorithm enciphering/deciphering received According to being encrypted or decrypting, symmetry algorithm enciphering/deciphering then will be had been subjected to by the NFC connections between terminal and smart card Data return to terminal, so that terminal can receive the number for having been subjected to symmetry algorithm enciphering/deciphering by NFC connections According to.
Optionally, in the present embodiment, CLA (classes of instructions), INS (instructions are contained in the instruction of symmetry algorithm enciphering/deciphering Code), key, data send state, Lc, need encrypting/decrypting data, Le (it is desirable that data word joint number for answering when responding).Intelligence The encryption for returning to terminal can be blocked or contain encryption/decrypted result, ciphertext/clear data, CLA states in decrypted result Data correctness status word, LC status words, KEY init states in word, INS status words, symmetry algorithm encryption/decryption command Word, data overlength status word.
For example, during above-mentioned enciphering/deciphering, terminal sends APDU asymmetric arithmetic enciphering/decipherings and instructs to intelligence Card, specific form are as shown in table 9.
Table 9
CLA INS P1 P2 Lc Need enciphering/deciphering data Le
0x80 0x51 0xXX 0xXX Lc Data to be encrypted
Wherein, P1 is key, and P1=0x01 (key one), P1=0x02 (key two), P1=0x03 (key three);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01 Next);
Le is the data word joint number for wishing to answer when responding.
After smart card receives the instruction of symmetry algorithm enciphering/deciphering, data in acquisition instruction are simultaneously encrypted or solve It is close, the data after encryption or decryption are then returned into terminal, it is specific as shown in table 10.
Table 10
In addition, to solve existing when NFC technique is used to be written and read smart card in traditional technology mentioned above Safety it is relatively low the technical issues of, in the present embodiment, additionally provide it is a kind of read and write smart card device.
Specifically, as shown in Fig. 2, the device of the read-write smart card includes NFC connection establishment modules 102, PKI application identities Acquisition module 104, digital signature sending module 106 and digital signature receiving module 108, wherein:
NFC connection establishment modules 102, for passing through near-field communication NFC chip Intelligent Card, with the smart card sensed Establish NFC connections;
PKI application identities acquisition module 104, for pass through the NFC connect to the smart card send public base set PKI selection requests are applied, obtain the PKI application identities that the smart card returns;
Digital signature sending module 106, for when the PKI application identities of the return are matched with preset value, obtaining institute The corresponding PKI applications of PKI application identities are stated, are sent by the digital signature interface function that the PKI is applied to the smart card Digital signature instructs, and the digital signature instruction includes data to be signed;
Digital signature receiving module 108 is waited to sign by what the NFC connections returned for receiving the smart card with described The corresponding signed data of name data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes miscue information return module 110, For when the PKI application identities of the return and preset value mismatch, returning to miscue information.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes digital signature authentication module 112, is used for: Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, it is described to test It demonstrate,proves digital signature instruction and includes signed data to be verified;The smart card is received to treat with described by what the NFC connections returned Verify the corresponding verification result of signed data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes asymmetric encryption/decryption module 114, is used for: Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to instruct, The digital signature instruction includes to be added/ciphertext data;The smart card is received to treat with described by what the NFC connections returned The corresponding data for having been subjected to asymmetric arithmetic enciphering/deciphering of enciphering/deciphering data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes symmetrical encryption/decryption module 116, is used for:It is logical The symmetrical enciphering/deciphering interface function for crossing the PKI applications sends the instruction of symmetry algorithm enciphering/deciphering, the number to the smart card Word signature command includes to be added/ciphertext data;It receives that the smart card returned by the NFC connections with the to be added/solution The corresponding data for having been subjected to symmetry algorithm enciphering/deciphering of ciphertext data.
Implement the embodiment of the present invention, will have the advantages that:
After the method and device for employing above-mentioned read-write smart card, in the mobile terminal with NFC chip to smart card During being written and read, it can realize that the data based on PKI mechanism are handed over by the NFC connections between mobile terminal and smart card Mutually, that is to say, that when user is written and read smart card using mobile terminal, also to pass through encryption, improve Mobile terminal improves user experience to the safety during the read-write of smart card.
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent variations made according to the claims of the present invention, is still within the scope of the present invention.

Claims (10)

  1. A kind of 1. method for reading and writing smart card, which is characterized in that including:
    By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;
    It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtained the smart card and return PKI application identities;
    When the PKI application identities of the return are matched with preset value, the corresponding PKI applications of the PKI application identities are obtained, are led to The digital signature interface function for crossing the PKI applications sends digital signature instruction, the digital signature instruction to the smart card Include data to be signed;
    Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.
  2. 2. the method for read-write smart card according to claim 1, which is characterized in that in the PKI application identities of the return When being mismatched with preset value, miscue information is returned.
  3. 3. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:
    Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, institute It states verification digital signature instruction and includes signed data to be verified;
    The verification result corresponding with the signed data to be verified for receiving that the smart card returned by the NFC connections.
  4. 4. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:
    Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;
    Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is asymmetric The data of algorithm enciphering/deciphering.
  5. 5. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:
    Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to instruct, The digital signature instruction includes to be added/ciphertext data;
    It receives the smart card and corresponding with the to be added/ciphertext data has been subjected to symmetrical calculation by what the NFC connections returned The data of method enciphering/deciphering.
  6. 6. a kind of device for reading and writing smart card, which is characterized in that including:
    For passing through near-field communication NFC chip Intelligent Card, NFC is established with the smart card sensed for NFC connection establishment modules Connection;
    PKI application identities acquisition modules send Public Key Infrastructure PKI choosings for being connected by the NFC to the smart card Request is selected, obtains the PKI application identities that the smart card returns;
    Digital signature sending module, should for when the PKI application identities of the return are matched with preset value, obtaining the PKI With corresponding PKI applications are identified, digital signature is sent to the smart card by the digital signature interface function that the PKI is applied Instruction, the digital signature instruction include data to be signed;
    Digital signature receiving module is returning with the data to be signed by the NFC connections for receiving the smart card Corresponding signed data.
  7. 7. the device of read-write smart card according to claim 6, which is characterized in that described device further includes miscue letter Breath returns to module, for when the PKI application identities of the return and preset value mismatch, returning to miscue information.
  8. 8. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes digital label Name authentication module, is used for:
    Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, institute It states verification digital signature instruction and includes signed data to be verified;
    The verification result corresponding with the signed data to be verified for receiving that the smart card returned by the NFC connections.
  9. 9. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes asymmetric Encryption/decryption module is used for:
    Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;
    Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is asymmetric The data of algorithm enciphering/deciphering.
  10. 10. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes symmetrical add Deciphering module is used for:
    Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to instruct, The digital signature instruction includes to be added/ciphertext data;
    It receives the smart card and corresponding with the to be added/ciphertext data has been subjected to symmetrical calculation by what the NFC connections returned The data of method enciphering/deciphering.
CN201810051995.2A 2015-12-09 2015-12-09 Method and device for reading and writing smart card Active CN108243402B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810051995.2A CN108243402B (en) 2015-12-09 2015-12-09 Method and device for reading and writing smart card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810051995.2A CN108243402B (en) 2015-12-09 2015-12-09 Method and device for reading and writing smart card
CN201510909083.0A CN105490708B (en) 2015-12-09 2015-12-09 A kind of method and device for reading and writing smart card

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201510909083.0A Division CN105490708B (en) 2015-12-09 2015-12-09 A kind of method and device for reading and writing smart card

Publications (2)

Publication Number Publication Date
CN108243402A true CN108243402A (en) 2018-07-03
CN108243402B CN108243402B (en) 2021-06-01

Family

ID=55677474

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510909083.0A Active CN105490708B (en) 2015-12-09 2015-12-09 A kind of method and device for reading and writing smart card
CN201810051995.2A Active CN108243402B (en) 2015-12-09 2015-12-09 Method and device for reading and writing smart card

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201510909083.0A Active CN105490708B (en) 2015-12-09 2015-12-09 A kind of method and device for reading and writing smart card

Country Status (1)

Country Link
CN (2) CN105490708B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105490708B (en) * 2015-12-09 2018-01-23 广东欧珀移动通信有限公司 A kind of method and device for reading and writing smart card
CN105872955B (en) * 2016-04-29 2019-01-18 昆山维信诺科技有限公司 Integrate the touch-control integrated circuit and its near field communication method of near-field communication
CN109257071B (en) * 2017-07-12 2021-10-22 深圳如一探索科技有限公司 Equipment control method, device and equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118736A1 (en) * 2005-11-23 2007-05-24 Proton World International N.V. Customization of a bank card for other applications
CN101916388A (en) * 2010-07-27 2010-12-15 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
CN103138925A (en) * 2011-11-25 2013-06-05 ***通信集团公司 Card issuing operation method, integrated circuit (IC) card and card issuing device
CN203243339U (en) * 2013-05-06 2013-10-16 天地融科技股份有限公司 Data transmission system
CN103489028A (en) * 2013-09-23 2014-01-01 深圳前海君浩银通科技发展有限公司 Financial IC card and multi-protocol communication system and method
CN104021473A (en) * 2014-05-30 2014-09-03 刘劲彤 Safe payment method of visual financial card
CN104184892A (en) * 2014-08-12 2014-12-03 桂林微网半导体有限责任公司 Mobile terminal intelligent card based data transmission method and mobile terminal
CN104820807A (en) * 2015-04-15 2015-08-05 四川量迅科技有限公司 Smart card data processing method
CN105490708B (en) * 2015-12-09 2018-01-23 广东欧珀移动通信有限公司 A kind of method and device for reading and writing smart card

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808092B (en) * 2010-03-12 2013-03-20 中国电信股份有限公司 Multi-certificate sharing method and system as well as intelligent card
EP2509275A1 (en) * 2011-04-04 2012-10-10 Buntinx Method and system for authenticating entities by means of mobile terminals
CN103164738B (en) * 2013-02-06 2015-09-30 厦门盛华电子科技有限公司 A kind of cellphone subscriber's identification card based on the certification of mobile payment multi-channel digital
CN103746802B (en) * 2014-01-27 2017-07-25 天地融科技股份有限公司 A kind of data processing method and mobile phone based on arranging key
CN105024824B (en) * 2014-11-05 2018-12-21 浙江码博士防伪科技有限公司 The generation and verification method and system of credible label based on rivest, shamir, adelman

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118736A1 (en) * 2005-11-23 2007-05-24 Proton World International N.V. Customization of a bank card for other applications
CN101916388A (en) * 2010-07-27 2010-12-15 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
CN103138925A (en) * 2011-11-25 2013-06-05 ***通信集团公司 Card issuing operation method, integrated circuit (IC) card and card issuing device
CN203243339U (en) * 2013-05-06 2013-10-16 天地融科技股份有限公司 Data transmission system
CN103489028A (en) * 2013-09-23 2014-01-01 深圳前海君浩银通科技发展有限公司 Financial IC card and multi-protocol communication system and method
CN104021473A (en) * 2014-05-30 2014-09-03 刘劲彤 Safe payment method of visual financial card
CN104184892A (en) * 2014-08-12 2014-12-03 桂林微网半导体有限责任公司 Mobile terminal intelligent card based data transmission method and mobile terminal
CN104820807A (en) * 2015-04-15 2015-08-05 四川量迅科技有限公司 Smart card data processing method
CN105490708B (en) * 2015-12-09 2018-01-23 广东欧珀移动通信有限公司 A kind of method and device for reading and writing smart card

Also Published As

Publication number Publication date
CN105490708A (en) 2016-04-13
CN105490708B (en) 2018-01-23
CN108243402B (en) 2021-06-01

Similar Documents

Publication Publication Date Title
US8789146B2 (en) Dual interface device for access control and a method therefor
US7380125B2 (en) Smart card data transaction system and methods for providing high levels of storage and transmission security
CN102737308B (en) The method and system of a kind of mobile terminal and inquiry smart card information thereof
CN102404025B (en) A kind of terminal and the method processing payment transaction
WO2015001468A1 (en) Payment card including user interface for use with payment card acceptance terminal
CN103793815A (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
JP2010539813A (en) Updating mobile devices with additional elements
CN102790676B (en) A kind of with the identification of NFC functional mobile phone remote identity or false proof method
JP2015537476A (en) Fingerprint authentication system and fingerprint authentication method based on NFC
US20150278798A1 (en) Method for protecting sensitive data transmitted in an nfc system
CN103366140A (en) Card writing method and card writing device based on NFC (Near Field Communication)
CN104182875A (en) Payment method and payment system
CN105138892A (en) Data interaction method and apparatus applied to composite smart card device
CN105490708B (en) A kind of method and device for reading and writing smart card
CN102542697A (en) POS (Point of Sale) terminal based on electronic equipment having network access function
CN107005575A (en) A kind of smart card and its method of work with dynamic token OTP functions
CN106203556B (en) A kind of method and device reading electronic labeling information
CN102034307A (en) Electronic wallet-based dynamic password authentication system and method
CN102823191B (en) For application to be sent to the method and system fetch equipment unit from server security
CN106980977A (en) Payment system and its Payment Card based on Internet of Things
CN112383914B (en) Password management method based on secure hardware
Alimi et al. Post-distribution provisioning and personalization of a payment application on a UICC-based Secure Element
CN207070088U (en) A kind of identity card cloud identifies Verification System
CN106779711A (en) Safe payment method and device based on eID
CN106779672A (en) The method and device that mobile terminal safety pays

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant after: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

Address before: 523860 No. 18 Wusha Haibin Road, Chang'an Town, Dongguan City, Guangdong Province

Applicant before: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant