CN108243402A - A kind of method and device for reading and writing smart card - Google Patents
A kind of method and device for reading and writing smart card Download PDFInfo
- Publication number
- CN108243402A CN108243402A CN201810051995.2A CN201810051995A CN108243402A CN 108243402 A CN108243402 A CN 108243402A CN 201810051995 A CN201810051995 A CN 201810051995A CN 108243402 A CN108243402 A CN 108243402A
- Authority
- CN
- China
- Prior art keywords
- smart card
- pki
- data
- digital signature
- nfc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 37
- 238000004422 calculation algorithm Methods 0.000 claims description 25
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 22
- 238000005516 engineering process Methods 0.000 description 11
- 230000003993 interaction Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
- H04B5/70—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
- H04B5/77—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention discloses it is a kind of read and write smart card method, including:By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtain the PKI application identities that the smart card returns;When the PKI application identities of the return are matched with preset value, obtain the corresponding PKI applications of the PKI application identities, digital signature is sent by the digital signature interface function that the PKI is applied to the smart card to instruct, the digital signature instruction includes data to be signed;Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.The embodiment of the present invention also accordingly discloses a kind of device for reading and writing smart card.The method and device of read-write smart card in the present invention can improve safety during smart card reader, promote user experience.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of method and devices for reading and writing smart card.
Background technology
Smart card is also CPU card, and microprocessor CPU, storage unit and chip operation are carried in the integrated circuit in card
System COS.CPU card equipped with COS is equivalent to a microcomputer, not only with data storage function, while has order
The functions such as processing and data security protecting.
NFC (Near Field Communication) i.e. near field communication (NFC)s.It is to be known by contact-free formula radio frequency
(RFID) is not developed, and backward compatible RFID, i.e. NFC are also a kind of non contact angle measurement and interconnection technique in itself, can be with
Wireless near field communication is carried out between mobile equipment, consumer electronics product, PC and smart control tool.NFC provides one kind
Simply, the solution of touch exchanges information, accesses content and service in which can allow consumer's simple, intuitive.
Existing NFC technique can be used for read-write of the mobile terminal to smart card, but for passing through read-writes of the NFC to smart card
In mode, preferable cryptographic means are not used, therefore cause when NFC technique is used to be written and read smart card, such as
In the scene of payment, safety is relatively low.
Invention content
Based on this, to solve being deposited when NFC technique is used to be written and read smart card in traditional technology mentioned above
Safety it is relatively low the technical issues of, provided it is a kind of read and write smart card method.
A kind of method for reading and writing smart card, including:
By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;
It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtain the smart card
The PKI application identities of return;
When the PKI application identities of the return are matched with preset value, obtaining the corresponding PKI of the PKI application identities should
With, digital signature is sent to the smart card by the digital signature interface function that the PKI is applied and is instructed, the digital signature
Instruction includes data to be signed;
Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.
Optionally, when the PKI application identities of the return and preset value mismatch, miscue information is returned.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
The verification digital signature interface function applied by the PKI sends verification digital signature to the smart card and refers to
It enables, the verification digital signature instruction includes signed data to be verified;
Verify corresponding with the signed data to be verified that the smart card is returned by the NFC connections is received to tie
Fruit.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve
Close instruction, the digital signature instruction include to be added/ciphertext data;
Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is non-
The data of symmetry algorithm enciphering/deciphering.
Optionally, it is further included after the step of corresponding PKI of the acquisition PKI application identities is applied:
Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to
It enables, the digital signature instruction includes to be added/ciphertext data;
The smart card is received corresponding with the to be added/ciphertext data to have been subjected to pair by what the NFC connections returned
Claim the data of algorithm enciphering/deciphering.
In addition, to solve existing when NFC technique is used to be written and read smart card in traditional technology mentioned above
Safety it is relatively low the technical issues of, provided it is a kind of read and write smart card device.
A kind of device for reading and writing smart card, including:
NFC connection establishment modules for passing through near-field communication NFC chip Intelligent Card, are built with the smart card sensed
Vertical NFC connections;
PKI application identities acquisition modules send Public Key Infrastructure for being connected by the NFC to the smart card
PKI selection requests, obtain the PKI application identities that the smart card returns;
Digital signature sending module, for when the PKI application identities of the return are matched with preset value, described in acquisition
The corresponding PKI applications of PKI application identities, number is sent by the digital signature interface function that the PKI is applied to the smart card
Word signature command, the digital signature instruction include data to be signed;
Digital signature receiving module, for receive that the smart card returned by the NFC connections with it is described to be signed
The corresponding signed data of data.
Optionally, described device further includes miscue information return module, in the PKI application identities of the return
When being mismatched with preset value, miscue information is returned.
Optionally, described device further includes digital signature authentication module, is used for:
The verification digital signature interface function applied by the PKI sends verification digital signature to the smart card and refers to
It enables, the verification digital signature instruction includes signed data to be verified;
Verify corresponding with the signed data to be verified that the smart card is returned by the NFC connections is received to tie
Fruit.
Optionally, described device further includes asymmetric encryption/decryption module, is used for:
Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve
Close instruction, the digital signature instruction include to be added/ciphertext data;
Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is non-
The data of symmetry algorithm enciphering/deciphering.
Optionally, described device further includes symmetrical encryption/decryption module, is used for:
Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to
It enables, the digital signature instruction includes to be added/ciphertext data;
The smart card is received corresponding with the to be added/ciphertext data to have been subjected to pair by what the NFC connections returned
Claim the data of algorithm enciphering/deciphering.
Implement the embodiment of the present invention, will have the advantages that:
After the method and device for employing above-mentioned read-write smart card, in the mobile terminal with NFC chip to smart card
During being written and read, it can realize that the data based on PKI mechanism are handed over by the NFC connections between mobile terminal and smart card
Mutually, that is to say, that when user is written and read smart card using mobile terminal, also to pass through encryption, improve
Mobile terminal improves user experience to the safety during the read-write of smart card.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Wherein:
Fig. 1 is a kind of flow diagram for the method for reading and writing smart card in one embodiment;
Fig. 2 is a kind of structure diagram for the device for reading and writing smart card in one embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
To solve the existing safety when NFC technique is used to be written and read smart card in traditional technology mentioned above
Property it is relatively low the technical issues of, in the present embodiment, provided it is a kind of read and write smart card method.The side of above-mentioned read-write smart card
Method is realized dependent on computer program, can run in the computer system based on von Neumann system.The computer program can
To be the application program of smartcard.The computer system can be based on von Neumann system and with near-field communication work(
The computer equipment of energy, such as smart mobile phone, tablet computer, smartwatch, Intelligent bracelet or the personal meter with NFC inductors
The equipment such as calculation machine.
Specifically, the method for the read-write smart card is as shown in Figure 1, include the following steps:
Step S102:By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect.
As previously mentioned, smart card (CPU card) is the IDE with intelligent card chip of standard, set in terminal
There is smart card reader chip, the driver of smart card reader chip is included in terminal.When smart card contact or close to terminal
When, smart card reader chip driver program can sense smart card, that is to say, that terminal can pass through near-field communication NFC cores
Piece Intelligent Card.
In the present embodiment, near-field communication (English can be installed in smart card:Near Field Communication,
Referred to as:NFC) chip, the smart card reader chip in terminal can be near field communications chip, and terminal can be communicated by inductive near field
Signal senses relevant smart card, and establish NFC with the smart card sensed and connect according to near-field-communication signal.
Smart card close to terminal and is passing through after NFC signals and terminal establish connection, it is possible to be carried out between terminal
Data interaction can will then store related data corresponding with the smart card and be sent to terminal by NFC signals in smart card, by
Terminal is received by NFC chip.
For example, when mass transit card is fitted on the mobile phone terminal based on the present embodiment by user, mobile phone terminal can then pass through NFC
It detects the contact event of mass transit card, and the connection relation with the smart card can be established by the NFC chip in mobile phone terminal.
Step S104:It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtained
The PKI application identities that the smart card returns.
In step s 102, terminal is established by the NFC chip being mounted in terminal and smart card between smart card
NFC connections, that is, institute can be communicated and/or data interaction between terminal and smart card by the NFC connections, i.e. intelligence
The data that can receive terminal transmission can be blocked, terminal can also receive the data of smart card return.
PKI (Public Key Infrastructure) is a kind of to follow the close of written standards i.e. " Public Key Infrastructure "
Key management platform, it can provide the cryptographic services such as encrypted and digitally signed and necessary key and card for all-network application
Book management system, in simple terms, PKI are exactly the infrastructure of offer security service established using public key theory and technology.PKI
Technology is the core of information security technology and the key of e-commerce and basic technology.
Public Key Infrastructure PKI selection requests, which are terminals, establishes with smart card after NFC connect, according to the NFC connections
Generation.The request is the concrete type in order to know the smart card connected, for example, mass transit card, dining room mess card or shopping
Card.Upon receipt of the request, according to the related content of request, itself corresponding PKI application identities is returned for smart card
To terminal.
In the present embodiment, in terminal after smart card sends Public Key Infrastructure PKI selection request, smart card is by intelligence
The PKI application identities for representing the corresponding application type of the smart card corresponding with the smart card that can be stored in card pass through
NFC signals are sent to terminal, are received by terminal by NFC chip.The application identities are to be stored in advance in the storage of smart card
In device, smart card reads the application identities by reading the memory of its own.
Step S106:When the PKI application identities of the return are matched with preset value, the PKI application identities pair are obtained
The PKI applications answered send digital signature to the smart card by the digital signature interface function that the PKI is applied and instruct, institute
It states digital signature instruction and includes data to be signed.
Terminal receive smart card return PKI application identities after, judge the PKI application identities whether with preset value
Matching.It should be noted that in the present embodiment, preset value can only there are one, that is to say, that on the terminal, only support
The smart card of a certain application type, without supporting other kinds of smart card;In addition, preset value can also include multiple, end
End is searched in preset value list and the above-mentioned matched preset value of PKI application identities, if finding, judges the return
PKI application identities are matched with preset value;In this case, terminal supports a plurality of types of smart cards simultaneously, i.e. user both may be used
To use A class smart cards in terminal, B class smart cards can also be used in terminal.
In the present embodiment, different PKI application identities correspond to different PKI and apply, in the PKI application marks received
When knowledge is matched with preset value, then PKI applications corresponding with the PKI application identities can be searched in the terminal, and select the PKI should
With.That is, the PKI that terminal has been successfully selected by aforesaid operations in terminal is applied, and PKI applications are and this
The corresponding PKI applications of smart card.
It should be noted that if the PKI application identities of the return are mismatched with preset value, that is, illustrate in the terminal not
It is applied in the presence of PKI corresponding with the smart card, it is impossible to realize the PKI data interactions between terminal using the terminal, then return
Corresponding miscue information, the miscue information fail for informing that user smart card is read and write.
After PKI has been selected to apply, terminal can be applied by the PKI and carry out data interaction with smart card, and
Data exchange can be carried out to realize the secure interactive of data.For example, it paid in user, swiped the card or end-to-end transmission
When business, verification is digitally signed using above-mentioned PKI applications, verification digital signature, data is encrypted or decrypted, it can
So that the security performance handled of above-mentioned business improves.
Specifically, the digital signature interface function by PKI applications needs signed data for intelligence to smart card transmission
Card is digitally signed, i.e., sends digital signature instruction to smart card, and number to be signed is contained in digital signature instruction
According to.
Step S108:Receive the smart card by the NFC connections return it is corresponding with the data to be signed
Signed data.
After the digital signature for the containing data to be signed instruction that smart card terminal in step S106 is received is sent,
It obtains data therein and is digitally signed, signed data is then returned into terminal, terminal preserves upon receipt
The signed data.
It should be noted that in the present embodiment, smart card is to make when being digitally signed to data to be signed
What public key was encrypted, and when signed data returns to terminal, together demonstrate,prove the public key of smart card itself
Book also returns to terminal, so that terminal is decrypted or verifies during subsequent according to the public key certificate.Terminal is receiving
After the data returned to smart card, the public key of smart card is obtained by public key certificate, smart card is returned by the public key
The digital signature in signed data carries out verification signature, is verified, and preserves the digital signature, otherwise output error.
Further, in the present embodiment, digital signature instruction in contain CLA (classes of instructions), INS (instruction code),
Private key, data send state, need digital signature data, Le (it is desirable that the data word joint number answered when responding).It is returned in smart card
Return data format in contain digital signature status, signature after data, CLA status words, INS status words, digital signature order
Middle data correctness status word, LC status words, data overlength status word, KEY init state words.
For example, during above-mentioned digital signature, terminal sends APDU (ApplicationProtocolDataUni
T, Application Protocol Data Unit) digital signature instructed to smart card, and specific form is as shown in table 1.
Table 1
CLA | INS | P1 | P2 | Lc | Need digital signature data | Le |
0x80 | 0x0C | XX | XX | Lc | Data to be signed |
Specifically, P1 is private key, and P1=0x03 (private key one), P1=0x04 (private key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01
Next);
Le is the data word joint number for wishing to answer when responding.
And after smart card receives digital signature instruction, it signs to data, the data that then answering mobile phone has been signed
(i.e. APDU digital signature response instruction) is as shown in table 2.
Table 2
In another embodiment, verification number can be realized between terminal and smart card by the data interaction of NFC connections
The process of signature, specifically, being further included after the step of corresponding PKI of the acquisition PKI application identities is applied:Pass through institute
The verification digital signature interface function for stating PKI applications sends verification digital signature instruction, the verification number to the smart card
Signature command includes signed data to be verified;It is being returned by the NFC connections with the signed certificate to be tested to receive the smart card
The corresponding verification result of name data.
Terminal obtains the signed data to be verified, and root when needing to be verified using smartcard word signature
According to the signed data generation verification digital signature instruction to be verified, contained in verification digital signature instruction above-mentioned to be tested
Demonstrate,prove signed data.Then verification number is sent to the smart card by the verification digital signature interface function that the PKI is applied
Signature command, smart card obtain data therein, and to signature to be verified after above-mentioned verification digital signature instruction is received
Data are verified, the result of verification then is returned to terminal by the NFC connections between terminal and smart card, so that
Terminal can receive the verification result by NFC connections.
Optionally, in the present embodiment, CLA (classes of instructions), INS (instructions are contained in the instruction of verification digital signature
Code), private key, data send state, Lc, need to verify digital signature data, Le (it is desirable that data word joint number for answering when responding).
The form that smart card returns to the verification result of terminal contains verification result, CLA status words, INS status words, verification number label
Data correctness status word, LC status words, data standard status word, KEY init states word, data overlength shape in name order
State word.
For example, during above-mentioned digital signature authentication, terminal sends APDU digital signature and instructs to smart card, tool
The form of body is as shown in table 3.
Table 3
Wherein, P1 is public key, and P1=0x01 (public key one), P1=0x02 (public key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01
Next);
Le is the data word joint number for wishing to answer when responding;
It is needing to verify that digital signature data includes signed data data format REF-VER-Sig (referring specifically to table 4)
With former Data Data form REF-VER-Data (referring specifically to table 5)
Table 4
Tag | Length | Value | Meaning | Presence |
E1 | 0xXXXX | Signature |
Table 5
Tag | Length | Value | Meaning | Presence |
E2 | 0xXXXX | Former data |
After the instruction of smart card authentication digital signature, signed data to be verified is verified, is then returned to terminal such as
APDU verifying data signatures response instruction (i.e. verification result) shown in table 6.
Table 6
In another embodiment, optionally, after the step of corresponding PKI of the acquisition PKI application identities is applied
It further includes:Asymmetric arithmetic is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to add/solve
Close instruction, the digital signature instruction include to be added/ciphertext data;Receive what the smart card was returned by the NFC connections
The data for having been subjected to asymmetric arithmetic enciphering/deciphering corresponding with the to be added/ciphertext data.
Terminal obtains to be encrypted or decryption number when needing that data are encrypted using asymmetric arithmetic either decryption
According to, and according to the to be encrypted or ciphertext data generation asymmetric arithmetic enciphering/deciphering instruction, in the asymmetric arithmetic enciphering/deciphering
Above-mentioned to be encrypted or ciphertext data is contained in instruction.Then the asymmetric enciphering/deciphering interface function applied by the PKI
The instruction of asymmetric arithmetic enciphering/deciphering is sent to the smart card, smart card is receiving above-mentioned asymmetric arithmetic enciphering/deciphering instruction
Later, data therein are obtained, and the to be encrypted or solution to getting is instructed according to the asymmetric arithmetic enciphering/deciphering received
Ciphertext data is encrypted or decrypts, then by the NFC connections between terminal and smart card will have been subjected to asymmetric arithmetic add/
The data of decryption return to terminal, have been subjected to asymmetric arithmetic so that terminal can receive this by NFC connections and add/solve
Close data.
Optionally, in the present embodiment, CLA (classes of instructions) is contained in the instruction of asymmetric arithmetic enciphering/deciphering, INS (refers to
Enable code), public and private key, LC data send state, Lc, need encrypting/decrypting data, Le (it is desirable that the data byte answered when responding
Number).Smart card return to terminal encryption or decrypted result in contain encryption/decrypted result, ciphertext/clear data, CLA
Data correctness status word, LC status words, KEY are initial in status word, INS status words, asymmetric arithmetic encryption/decryption command
Change status word, data overlength status word.
For example, during above-mentioned encryption or decryption, terminal send APDU asymmetric arithmetic enciphering/decipherings instruct to
Smart card, specific form are as shown in table 7.
Table 7
CLA | INS | P1 | P2 | Lc | Need enciphering/deciphering data | Le |
0x80 | 0x50 | 0xXX | 0xXX | Lc | Data to be encrypted |
Wherein, P1 is public key or private key, and P1=0x01 (public key one), P1=0x02 (public key two), P1=0x03 (private keys
One), P1=0x04 (private key two);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01
Next);
Le is the data word joint number for wishing to answer when responding.
After smart card receives the instruction of asymmetric arithmetic enciphering/deciphering, data in acquisition instruction and be encrypted or
Then data after encryption or decryption are returned to terminal by decryption, specific as shown in table 8.
Table 8
In another embodiment, optionally, after the step of corresponding PKI of the acquisition PKI application identities is applied
It further includes:Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to refer to
It enables, the digital signature instruction includes to be added/ciphertext data;Receive that the smart card returned by the NFC connections with institute
State the corresponding data for having been subjected to symmetry algorithm enciphering/deciphering of to be added/ciphertext data.
Specifically, terminal need that data are encrypted using symmetry algorithm either decryption when obtain it is to be encrypted or
Ciphertext data, and according to the to be encrypted or ciphertext data generation symmetry algorithm enciphering/deciphering instruction, add/solve in the symmetry algorithm
Above-mentioned to be encrypted or ciphertext data is contained in close instruction.Then the symmetrical enciphering/deciphering interface function applied by the PKI
The instruction of symmetry algorithm enciphering/deciphering is sent to the smart card, and smart card instructs it receiving above-mentioned symmetry algorithm enciphering/deciphering
Afterwards, data therein are obtained, and the to be encrypted or decryption number to getting is instructed according to the symmetry algorithm enciphering/deciphering received
According to being encrypted or decrypting, symmetry algorithm enciphering/deciphering then will be had been subjected to by the NFC connections between terminal and smart card
Data return to terminal, so that terminal can receive the number for having been subjected to symmetry algorithm enciphering/deciphering by NFC connections
According to.
Optionally, in the present embodiment, CLA (classes of instructions), INS (instructions are contained in the instruction of symmetry algorithm enciphering/deciphering
Code), key, data send state, Lc, need encrypting/decrypting data, Le (it is desirable that data word joint number for answering when responding).Intelligence
The encryption for returning to terminal can be blocked or contain encryption/decrypted result, ciphertext/clear data, CLA states in decrypted result
Data correctness status word, LC status words, KEY init states in word, INS status words, symmetry algorithm encryption/decryption command
Word, data overlength status word.
For example, during above-mentioned enciphering/deciphering, terminal sends APDU asymmetric arithmetic enciphering/decipherings and instructs to intelligence
Card, specific form are as shown in table 9.
Table 9
CLA | INS | P1 | P2 | Lc | Need enciphering/deciphering data | Le |
0x80 | 0x51 | 0xXX | 0xXX | Lc | Data to be encrypted |
Wherein, P1 is key, and P1=0x01 (key one), P1=0x02 (key two), P1=0x03 (key three);
P2 sends state for data, and (Data is not distributed, can then be sent out by P2=0x00 (Data has been distributed), P2=0x01
Next);
Le is the data word joint number for wishing to answer when responding.
After smart card receives the instruction of symmetry algorithm enciphering/deciphering, data in acquisition instruction are simultaneously encrypted or solve
It is close, the data after encryption or decryption are then returned into terminal, it is specific as shown in table 10.
Table 10
In addition, to solve existing when NFC technique is used to be written and read smart card in traditional technology mentioned above
Safety it is relatively low the technical issues of, in the present embodiment, additionally provide it is a kind of read and write smart card device.
Specifically, as shown in Fig. 2, the device of the read-write smart card includes NFC connection establishment modules 102, PKI application identities
Acquisition module 104, digital signature sending module 106 and digital signature receiving module 108, wherein:
NFC connection establishment modules 102, for passing through near-field communication NFC chip Intelligent Card, with the smart card sensed
Establish NFC connections;
PKI application identities acquisition module 104, for pass through the NFC connect to the smart card send public base set
PKI selection requests are applied, obtain the PKI application identities that the smart card returns;
Digital signature sending module 106, for when the PKI application identities of the return are matched with preset value, obtaining institute
The corresponding PKI applications of PKI application identities are stated, are sent by the digital signature interface function that the PKI is applied to the smart card
Digital signature instructs, and the digital signature instruction includes data to be signed;
Digital signature receiving module 108 is waited to sign by what the NFC connections returned for receiving the smart card with described
The corresponding signed data of name data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes miscue information return module 110,
For when the PKI application identities of the return and preset value mismatch, returning to miscue information.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes digital signature authentication module 112, is used for:
Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, it is described to test
It demonstrate,proves digital signature instruction and includes signed data to be verified;The smart card is received to treat with described by what the NFC connections returned
Verify the corresponding verification result of signed data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes asymmetric encryption/decryption module 114, is used for:
Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to instruct,
The digital signature instruction includes to be added/ciphertext data;The smart card is received to treat with described by what the NFC connections returned
The corresponding data for having been subjected to asymmetric arithmetic enciphering/deciphering of enciphering/deciphering data.
Optionally, as shown in Fig. 2, in the present embodiment, described device further includes symmetrical encryption/decryption module 116, is used for:It is logical
The symmetrical enciphering/deciphering interface function for crossing the PKI applications sends the instruction of symmetry algorithm enciphering/deciphering, the number to the smart card
Word signature command includes to be added/ciphertext data;It receives that the smart card returned by the NFC connections with the to be added/solution
The corresponding data for having been subjected to symmetry algorithm enciphering/deciphering of ciphertext data.
Implement the embodiment of the present invention, will have the advantages that:
After the method and device for employing above-mentioned read-write smart card, in the mobile terminal with NFC chip to smart card
During being written and read, it can realize that the data based on PKI mechanism are handed over by the NFC connections between mobile terminal and smart card
Mutually, that is to say, that when user is written and read smart card using mobile terminal, also to pass through encryption, improve
Mobile terminal improves user experience to the safety during the read-write of smart card.
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent variations made according to the claims of the present invention, is still within the scope of the present invention.
Claims (10)
- A kind of 1. method for reading and writing smart card, which is characterized in that including:By near-field communication NFC chip Intelligent Card, establish NFC with the smart card sensed and connect;It is connected by the NFC to the smart card and sends Public Key Infrastructure PKI selection requests, obtained the smart card and return PKI application identities;When the PKI application identities of the return are matched with preset value, the corresponding PKI applications of the PKI application identities are obtained, are led to The digital signature interface function for crossing the PKI applications sends digital signature instruction, the digital signature instruction to the smart card Include data to be signed;Receive the signed data corresponding with the data to be signed that the smart card is returned by the NFC connections.
- 2. the method for read-write smart card according to claim 1, which is characterized in that in the PKI application identities of the return When being mismatched with preset value, miscue information is returned.
- 3. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, institute It states verification digital signature instruction and includes signed data to be verified;The verification result corresponding with the signed data to be verified for receiving that the smart card returned by the NFC connections.
- 4. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is asymmetric The data of algorithm enciphering/deciphering.
- 5. the method for read-write smart card according to claim 1 or 2, which is characterized in that described to obtain the PKI applications mark It is further included after the step of knowing corresponding PKI applications:Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to instruct, The digital signature instruction includes to be added/ciphertext data;It receives the smart card and corresponding with the to be added/ciphertext data has been subjected to symmetrical calculation by what the NFC connections returned The data of method enciphering/deciphering.
- 6. a kind of device for reading and writing smart card, which is characterized in that including:For passing through near-field communication NFC chip Intelligent Card, NFC is established with the smart card sensed for NFC connection establishment modules Connection;PKI application identities acquisition modules send Public Key Infrastructure PKI choosings for being connected by the NFC to the smart card Request is selected, obtains the PKI application identities that the smart card returns;Digital signature sending module, should for when the PKI application identities of the return are matched with preset value, obtaining the PKI With corresponding PKI applications are identified, digital signature is sent to the smart card by the digital signature interface function that the PKI is applied Instruction, the digital signature instruction include data to be signed;Digital signature receiving module is returning with the data to be signed by the NFC connections for receiving the smart card Corresponding signed data.
- 7. the device of read-write smart card according to claim 6, which is characterized in that described device further includes miscue letter Breath returns to module, for when the PKI application identities of the return and preset value mismatch, returning to miscue information.
- 8. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes digital label Name authentication module, is used for:Verification digital signature is sent by the verification digital signature interface function that the PKI is applied to the smart card to instruct, institute It states verification digital signature instruction and includes signed data to be verified;The verification result corresponding with the signed data to be verified for receiving that the smart card returned by the NFC connections.
- 9. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes asymmetric Encryption/decryption module is used for:Asymmetric arithmetic enciphering/deciphering is sent by the asymmetric enciphering/deciphering interface function that the PKI is applied to the smart card to refer to It enables, the digital signature instruction includes to be added/ciphertext data;Receive the smart card by the NFC connections return it is corresponding with the to be added/ciphertext data have been subjected to it is asymmetric The data of algorithm enciphering/deciphering.
- 10. the device of the read-write smart card described according to claim 6 or 7, which is characterized in that described device further includes symmetrical add Deciphering module is used for:Symmetry algorithm enciphering/deciphering is sent by the symmetrical enciphering/deciphering interface function that the PKI is applied to the smart card to instruct, The digital signature instruction includes to be added/ciphertext data;It receives the smart card and corresponding with the to be added/ciphertext data has been subjected to symmetrical calculation by what the NFC connections returned The data of method enciphering/deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810051995.2A CN108243402B (en) | 2015-12-09 | 2015-12-09 | Method and device for reading and writing smart card |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810051995.2A CN108243402B (en) | 2015-12-09 | 2015-12-09 | Method and device for reading and writing smart card |
CN201510909083.0A CN105490708B (en) | 2015-12-09 | 2015-12-09 | A kind of method and device for reading and writing smart card |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510909083.0A Division CN105490708B (en) | 2015-12-09 | 2015-12-09 | A kind of method and device for reading and writing smart card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108243402A true CN108243402A (en) | 2018-07-03 |
CN108243402B CN108243402B (en) | 2021-06-01 |
Family
ID=55677474
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510909083.0A Active CN105490708B (en) | 2015-12-09 | 2015-12-09 | A kind of method and device for reading and writing smart card |
CN201810051995.2A Active CN108243402B (en) | 2015-12-09 | 2015-12-09 | Method and device for reading and writing smart card |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510909083.0A Active CN105490708B (en) | 2015-12-09 | 2015-12-09 | A kind of method and device for reading and writing smart card |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN105490708B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105490708B (en) * | 2015-12-09 | 2018-01-23 | 广东欧珀移动通信有限公司 | A kind of method and device for reading and writing smart card |
CN105872955B (en) * | 2016-04-29 | 2019-01-18 | 昆山维信诺科技有限公司 | Integrate the touch-control integrated circuit and its near field communication method of near-field communication |
CN109257071B (en) * | 2017-07-12 | 2021-10-22 | 深圳如一探索科技有限公司 | Equipment control method, device and equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070118736A1 (en) * | 2005-11-23 | 2007-05-24 | Proton World International N.V. | Customization of a bank card for other applications |
CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
CN103138925A (en) * | 2011-11-25 | 2013-06-05 | ***通信集团公司 | Card issuing operation method, integrated circuit (IC) card and card issuing device |
CN203243339U (en) * | 2013-05-06 | 2013-10-16 | 天地融科技股份有限公司 | Data transmission system |
CN103489028A (en) * | 2013-09-23 | 2014-01-01 | 深圳前海君浩银通科技发展有限公司 | Financial IC card and multi-protocol communication system and method |
CN104021473A (en) * | 2014-05-30 | 2014-09-03 | 刘劲彤 | Safe payment method of visual financial card |
CN104184892A (en) * | 2014-08-12 | 2014-12-03 | 桂林微网半导体有限责任公司 | Mobile terminal intelligent card based data transmission method and mobile terminal |
CN104820807A (en) * | 2015-04-15 | 2015-08-05 | 四川量迅科技有限公司 | Smart card data processing method |
CN105490708B (en) * | 2015-12-09 | 2018-01-23 | 广东欧珀移动通信有限公司 | A kind of method and device for reading and writing smart card |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101808092B (en) * | 2010-03-12 | 2013-03-20 | 中国电信股份有限公司 | Multi-certificate sharing method and system as well as intelligent card |
EP2509275A1 (en) * | 2011-04-04 | 2012-10-10 | Buntinx | Method and system for authenticating entities by means of mobile terminals |
CN103164738B (en) * | 2013-02-06 | 2015-09-30 | 厦门盛华电子科技有限公司 | A kind of cellphone subscriber's identification card based on the certification of mobile payment multi-channel digital |
CN103746802B (en) * | 2014-01-27 | 2017-07-25 | 天地融科技股份有限公司 | A kind of data processing method and mobile phone based on arranging key |
CN105024824B (en) * | 2014-11-05 | 2018-12-21 | 浙江码博士防伪科技有限公司 | The generation and verification method and system of credible label based on rivest, shamir, adelman |
-
2015
- 2015-12-09 CN CN201510909083.0A patent/CN105490708B/en active Active
- 2015-12-09 CN CN201810051995.2A patent/CN108243402B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070118736A1 (en) * | 2005-11-23 | 2007-05-24 | Proton World International N.V. | Customization of a bank card for other applications |
CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
CN103138925A (en) * | 2011-11-25 | 2013-06-05 | ***通信集团公司 | Card issuing operation method, integrated circuit (IC) card and card issuing device |
CN203243339U (en) * | 2013-05-06 | 2013-10-16 | 天地融科技股份有限公司 | Data transmission system |
CN103489028A (en) * | 2013-09-23 | 2014-01-01 | 深圳前海君浩银通科技发展有限公司 | Financial IC card and multi-protocol communication system and method |
CN104021473A (en) * | 2014-05-30 | 2014-09-03 | 刘劲彤 | Safe payment method of visual financial card |
CN104184892A (en) * | 2014-08-12 | 2014-12-03 | 桂林微网半导体有限责任公司 | Mobile terminal intelligent card based data transmission method and mobile terminal |
CN104820807A (en) * | 2015-04-15 | 2015-08-05 | 四川量迅科技有限公司 | Smart card data processing method |
CN105490708B (en) * | 2015-12-09 | 2018-01-23 | 广东欧珀移动通信有限公司 | A kind of method and device for reading and writing smart card |
Also Published As
Publication number | Publication date |
---|---|
CN105490708A (en) | 2016-04-13 |
CN105490708B (en) | 2018-01-23 |
CN108243402B (en) | 2021-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8789146B2 (en) | Dual interface device for access control and a method therefor | |
US7380125B2 (en) | Smart card data transaction system and methods for providing high levels of storage and transmission security | |
CN102737308B (en) | The method and system of a kind of mobile terminal and inquiry smart card information thereof | |
CN102404025B (en) | A kind of terminal and the method processing payment transaction | |
WO2015001468A1 (en) | Payment card including user interface for use with payment card acceptance terminal | |
CN103793815A (en) | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards | |
JP2010539813A (en) | Updating mobile devices with additional elements | |
CN102790676B (en) | A kind of with the identification of NFC functional mobile phone remote identity or false proof method | |
JP2015537476A (en) | Fingerprint authentication system and fingerprint authentication method based on NFC | |
US20150278798A1 (en) | Method for protecting sensitive data transmitted in an nfc system | |
CN103366140A (en) | Card writing method and card writing device based on NFC (Near Field Communication) | |
CN104182875A (en) | Payment method and payment system | |
CN105138892A (en) | Data interaction method and apparatus applied to composite smart card device | |
CN105490708B (en) | A kind of method and device for reading and writing smart card | |
CN102542697A (en) | POS (Point of Sale) terminal based on electronic equipment having network access function | |
CN107005575A (en) | A kind of smart card and its method of work with dynamic token OTP functions | |
CN106203556B (en) | A kind of method and device reading electronic labeling information | |
CN102034307A (en) | Electronic wallet-based dynamic password authentication system and method | |
CN102823191B (en) | For application to be sent to the method and system fetch equipment unit from server security | |
CN106980977A (en) | Payment system and its Payment Card based on Internet of Things | |
CN112383914B (en) | Password management method based on secure hardware | |
Alimi et al. | Post-distribution provisioning and personalization of a payment application on a UICC-based Secure Element | |
CN207070088U (en) | A kind of identity card cloud identifies Verification System | |
CN106779711A (en) | Safe payment method and device based on eID | |
CN106779672A (en) | The method and device that mobile terminal safety pays |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18 Applicant after: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd. Address before: 523860 No. 18 Wusha Haibin Road, Chang'an Town, Dongguan City, Guangdong Province Applicant before: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |