WO2014173280A1 - 一种ic卡脱机pin验证方法以及ic卡脱机验证*** - Google Patents
一种ic卡脱机pin验证方法以及ic卡脱机验证*** Download PDFInfo
- Publication number
- WO2014173280A1 WO2014173280A1 PCT/CN2014/075903 CN2014075903W WO2014173280A1 WO 2014173280 A1 WO2014173280 A1 WO 2014173280A1 CN 2014075903 W CN2014075903 W CN 2014075903W WO 2014173280 A1 WO2014173280 A1 WO 2014173280A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- offline
- card
- pos terminal
- verification
- pin1
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the present invention relates to information security technologies, and in particular, to a verification method and a verification system for improving the security of an IC card offline transaction.
- FIG. 1 is a flow chart showing offline PIN authentication in the prior art. As shown in Figure 1, the current offline PIN authentication process includes the following steps:
- Step 1 The cardholder enters a PIN on the POS terminal
- Step 2 The POS terminal organizes the authentication PIN command and sends it to the IC card payment application for verification.
- Step 3 After the IC card is verified, the verification status code is returned to the POS terminal to inform whether the verification is passed, wherein if the verification status code is 9000 , indicating success, if the verification status is non-9000, it means that the verification is wrong;
- Step 4 The POS terminal judges the legality of the cardholder identity by judging whether the returned verification status code is 9000, and executes a subsequent transaction process.
- the POS terminal judges the legality of the cardholder identity only by whether the status code is 9000 or not, and is plaintext. This can easily lead to an incorrect return status code being modified to a mid-person attack of 9000, which causes the POS terminal to consider that the cardholder currently entering the PIN is a legitimate illusion.
- a typical process for attacking an offline cardholder authentication process is as follows.
- contact electronic cash is taken as an example.
- 2 is a flow chart showing contact electronic cash authentication in the prior art.
- the terminal initiates card authentication to the contact PBOC electronic cash, and obtains the number of PIN attempts.
- the terminal arbitrarily inputs a PIN code, and the middleman who maliciously attacks returns the status code "9000" to the terminal according to the status code. 9000" judged that the authentication was successful and agreed to the follow-up transaction process.
- the present invention is directed to a secure and reliable IC card offline PIN verification method and verification system capable of effectively preventing an attack against an offline PIN authentication process.
- the IC card offline PIN verification method of the present invention includes the following steps: Step a: The POS terminal obtains a first offline PIN1, and the POS terminal generates a dynamic challenge code, and the dynamic challenge code and The first offline PIN1 performs an exclusive OR operation to obtain a card value application in which the first XOR value and the dynamic challenge code are sent to the IC card, wherein the first offline PIN1 is a password input by the cardholder to the POS terminal. ;
- Step b The card application performs an exclusive-OR operation on the dynamic challenge code and the second offline PIN2 to obtain a second exclusive OR value, and verifies whether the first exclusive value and the second exclusive value are consistent, where
- the second offline PIN2 is a real password of the IC card pre-stored in the IC card;
- Step c In the case that the determination in step b is consistent, the card application signs the second exclusive OR value, and returns the signature data of the second exclusive value and the success status code to the POS terminal: When the judgment of b is inconsistent, an error status code is returned to the POS terminal;
- Step d The POS terminal checks the signature data of the second XOR value when the success status code is received. And, in the case where the verification of the signature data of the second exclusive value is successful, the subsequent transaction processing is started, and in the case where the verification of the signature data of the second exclusive OR value fails, the exception processing is performed; on the other hand, the POS terminal receives In the case of an error status code, exception handling is performed.
- the POS terminal Preferably, in the step a, the POS terminal generates a random number as a dynamic challenge code and generates a first exclusive OR value.
- the second XOR value is data-signed with a private key to generate a signature data of a second XOR value
- the POS terminal receives
- the signature data of the second XOR value is verified as follows: signature verification of the signature data of the second XOR value is performed by using the public key; comparing whether the first XOR value and the second XOR value are compared Consistent.
- the IC card offline authentication method of the present invention by using the digital signature technology and the dynamic challenge code, not only the verification of the offline PIN by the IC card but also the verification of the offline PIN by the terminal can be realized.
- the clear PIN of the plaintext does not occur during the interaction between the card and the terminal, so that the security can be further improved.
- An IC card offline PIN verification method includes the following steps:
- Step a The POS terminal obtains the first offline PIN1, and the POS terminal generates a dynamic challenge code, and sends the dynamic challenge code and the offline PIN1 to the card application of the IC card, where the first offline PIN1 is a password that the cardholder inputs to the POS terminal;
- Step b The card application verifies whether the first offline PIN1 and the second offline PIN2 are consistent, wherein the second offline PIN2 is pre-stored in the IC card The real password of the IC card;
- Step c In the case that the determination of the step b is consistent, the card application performs a prescribed calculation on the first offline PIN1 and the second offline PIN2 to obtain the first signature data, and Returning the first signature data and the success status code to the POS terminal; if the determination in step b is inconsistent, returning an error status code to the POS terminal;
- Step d the POS terminal receives the success status code A signature data is verified, and the subsequent transaction processing is started in the case where the first signature data verification
- the POS terminal Preferably, in the step a, the POS terminal generates a random number as a dynamic challenge code. [0017] Preferably, in the step a, the POS terminal sends the first offline PIN1 and the dynamic challenge code composition verification instruction together to the card application.
- the POS terminal first sends the dynamic challenge code to the card application, and then sends the first offline PIN1 to the card application.
- the POS terminal Preferably, in the step a, the POS terminal generates a dynamic challenge code and stores it in the POS terminal together with the first offline PIN1.
- the card application performs the following calculation on the dynamic challenge code and the second offline PIN to obtain first signature data: calculating a dynamic challenge code and a second offline PI The first difference or value of 2; the first XOR value is data-signed with the private key to generate the first signature data, and in the step d, the POS terminal receives the success status code to the first signature data.
- the card application performs the following verification: calculating a dynamic challenge code and a second exclusive OR value of the first offline PIN1; performing data signature on the second exclusive OR value with the public key to generate second signature data; comparing the first signature data with Whether the second signature data is consistent.
- the IC card offline PIN verification system of the present invention is characterized in that it comprises a card application module of a POS terminal and an IC card, wherein the POS terminal comprises: a password acquisition module, configured to acquire a password input by the cardholder a first offline PIN1; a dynamic challenge code generating module, configured to randomly generate a dynamic challenge code; a first storage module, configured to store the first offline PIN1 and the dynamic challenge code; a first receiving/transmitting module, a data transmission and reception between a card application module for executing a POS terminal and an IC card; a dynamic challenge code verification module, configured to: when receiving the following success status code from the first receiving/transmitting module, to the first signature The data is verified, and in the case where the first signature data verification is successful, the subsequent transaction processing is started and the exception processing is performed in the case where the first signature data verification fails; the first receiving/transmitting module is configured to execute the POS terminal and the IC card Card application module sends and receives data between modules
- the card application module of the IC card includes: a password verification module, configured to verify whether the first offline PIN1 received from the POS terminal and the second offline PIN2 pre-stored in the IC card are consistent and inspected Outputting an error status code in case of inconsistency, wherein the second offline PIN2 is a 3 ⁇ 4 password of the IC card; a digital signature module, configured to verify the first offline PIN1 and the first in the password verification module In the case where the offline ⁇ 2 is consistent, the first offline PIN 1 and the second offline ⁇ 2 are subjected to a prescribed calculation to obtain first signature data; and the second receiving/transmitting module is configured to execute the POS terminal and the IC card's Data transmission and reception between the card application modules, and returning the first signature data and the success status code to the first receiving/transmitting module if the password verification module is successfully verified, and if the password verification module fails to verify An error status code is sent to the first receiving/transmitting module.
- a password verification module configured to verify whether the
- the first receiving/transmitting module sends the generated dynamic challenge code generated by the dynamic challenge code generating module and stored in the first storage module, the first offline PIN1 to the The second receiving/transmitting module.
- the first receiving/transmitting module sends the generated dynamic challenge code generated by the dynamic challenge code generating module and stored in the first storage module to the second receiving/transmitting module, and then The first offline PIN1 is sent to the second receiving/transmitting module.
- the digital signature module is configured to calculate a first XOR value of the dynamic challenge code and the second offline PIN2, and perform data signature on the first XOR value with a private key to generate first signature data.
- the dynamic challenge code verification module is configured to calculate a second XOR value of the dynamic challenge code and the first offline PIN1, and perform data signature on the second XOR value with the public key to generate second signature data. Comparing whether the first signature data and the second signature data are consistent.
- the IC card offline authentication method and the authentication system of the present invention by using the digital signature technology and the dynamic challenge code, not only the verification of the offline PIN by the IC card but also the offline PI of the terminal can be realized. verification.
- the method is simple, practical, safe and reliable, and can effectively prevent attacks against the offline PIN authentication process and ensure the security in the IC card payment process.
- 1 is a flow chart showing offline PIN authentication in the prior art.
- FIG. 3 is a flow chart showing offline PIN authentication of the present invention.
- FIG. 4 is a flow diagram of applying the offline PIN authentication method of the present invention to contact PBOC electronic cash.
- FIG. 5 is a block diagram showing the configuration of an offline PIN authentication system of the present invention.
- the offline PIN authentication method of the present invention includes the following steps:
- Step 1 The cardholder enters the offline PINI to the POS terminal.
- Step 2 The POS terminal generates a random number Rnd as a dynamic challenge code, and stores the dynamic challenge code and the offline PIN1 together in the encryption chip in the POS.
- a random number Rnd is generated by the hardware of the terminal in the POS, and the random number can be any number of bits, for example, an 8-bit random number.
- Step 3 The POS terminal attaches the dynamic challenge code Rnd to the offline PIN1 and sends a composition verification command to the card application.
- card application specifically refers to an application that is loaded and runs on an ic card chip.
- Step 4 The card application verifies whether the offline PIN1 and the real password PIN2 of the IC card stored in the IC card are consistent. If they are inconsistent, return the error status code directly to the POS terminal. If - cause the following steps:
- Step 5 After receiving the response from the card application, the POS terminal determines whether the returned status code is a success status code or an error status code, and if it is an error status code, performs a corresponding exception processing logic. If the status code is 9000, the following verification action is performed:
- the POS terminals together with the dynamic challenges sent to the application after the card is attached to the offline Rnd PIN1 code may be dynamically Rnd and offline PIN1 ⁇ ⁇
- the POS terminal should first send the combat code to the card application, and then send the offline PIN1 to the card application.
- a pair of private key Sk and a public key Pk are used for verification, that is, in the present invention, such an asymmetric key system can be used for authentication, for example, an RSA algorithm or the like can be specifically used.
- an asymmetric key system can be used for authentication, for example, an RSA algorithm or the like can be specifically used.
- the advantages of an asymmetric key system are mainly reflected in better security and scalability. In addition to this, it is of course also possible to perform authentication using the symmetric key system in the above steps 4 and 5 in the present invention.
- the IC card offline authentication method of the present invention by using the digital signature technology and the dynamic challenge code, not only the verification of the offline PIN by the IC card but also the verification of the offline PIN by the terminal can be realized.
- the method is simple, practical, safe and reliable, and can effectively prevent attacks against the offline PIN authentication process and ensure the security in the IC card payment process.
- FIG. 4 is a flow chart showing the application of the offline PIN authentication method of the present invention to contact PBOC electronic cash.
- the authentication process includes the following steps:
- Step 1 Launch card authentication from the terminal to the contact PBOC electronic cash (not in the scope of the present invention).
- Step 2 The terminal obtains the number of PIN attempts (not in the scope of the present invention).
- Step 3 The terminal generates a random number
- Step 4 The terminal sends the random number and PIN code to the contact PBOC electronic cash.
- Step 5 The contact PBOC electronic cash authenticates the input PIN code, and performs data signature on the PIN code and the random number.
- Step 6 The contact PBOC electronic cash returns a status code and a digital signature to the terminal, and then, in the case that the PIN code authentication is successful, the success status code and the digital signature are returned, and the PIN code authentication fails. Only the error status code is returned.
- Step 7 The terminal verifies the digital code signature in the case of obtaining the success status code by verifying the status code and the digital signature, and performing exception processing in the case of obtaining the error status code;
- Step 8 In the case where the terminal successfully verifies both the status code and the digital signature, the subsequent transaction is started. Process flow.
- the dynamic challenge code and the second offline PIN2 are XORed to generate a second exclusive OR value, and then the first exclusive OR value and the second exclusive OR value are compared to determine whether the card PIN verification is passed, and then privately
- the key returns to the POS terminal, and the POS terminal verifies the signature data of the second XOR value with the public key, and then compares the first XOR value with the second XOR value. Consistently determine whether the cardholder PIN verification is passed.
- the IC card offline PI verification method of this embodiment specifically includes the following steps: Step a: The POS terminal obtains the first offline PIN1, and the POS terminal generates a dynamic challenge code, and the dynamic challenge code and The first offline PIN1 performs an exclusive OR operation to obtain a first exclusive value and a card application sent by the dynamic challenge code to the IC card, wherein the first offline PIN1 is a password input by the cardholder to the POS terminal. ;
- Step b the card application performs an exclusive-OR operation on the dynamic challenge code and the second offline PIN2 to obtain a second exclusive OR value, and verifies whether the first exclusive value and the second exclusive value are consistent, where
- the second offline PIN2 is a real password of the IC card pre-stored in the IC card;
- Step c In the case that the determination in step b is consistent, the card application signs the second XOR value, and returns the signature data of the second XOR value and the success status code to the POS terminal; When the judgment of step b is inconsistent, an error status code is returned to the POS terminal;
- Step d The POS terminal verifies the signature data of the second XOR value when the success status code is received, and starts the subsequent transaction processing if the verification of the signature data of the second XOR value is successful. If the verification of the signature data of the second XOR value fails, the exception processing is performed; on the other hand, the POS terminal is receiving In the case of an error status code, exception handling is performed.
- the POS terminal In the step a, the POS terminal generates a random number as a dynamic challenge code and generates an exclusive OR value.
- the second XOR value is data-signed with a private key to generate signature data of the second XOR value.
- the POS terminal receives the success status code.
- the signature data of the second XOR value is verified as follows: signature verification of the signature data of the second XOR value is performed by using the public key; and whether the first XOR value and the second XOR value are consistent.
- the IC card offline authentication method of the embodiment by using the digital signature technology and the dynamic challenge code, not only the verification of the offline PI by the IC card but also the verification of the offline PIN by the terminal can be realized.
- the clear PIN of the plaintext does not occur during the interaction between the card and the terminal, so that the security can be further improved.
- the IC card offline PIN verification system of the present invention includes a POS terminal 100 and a card application module 200 of an IC card.
- the POS terminal 100 includes: a password acquisition module 101, a dynamic challenge code generation module 102, a first storage module 103, a first reception/transmission module 104, and a dynamic challenge code verification module 105.
- the card application module 200 of the IC card includes: a password verification module 201, a digital signature module 202, and a second receiving/transmitting module 203.
- the password acquisition module 101 is configured to acquire the password input by the cardholder as the first offline PIN1.
- the dynamic challenge code generating module 102 is configured to randomly generate a dynamic challenge code, and the randomly generated dynamic challenge code may be any byte of data, for example, a random number of 8 bits.
- the first storage module 103 is configured to store the first offline PIN1 and the dynamic challenge code.
- the first receiving/transmitting module 104 is configured to perform data transmission and reception of the I'HJ of the card application module of the POS terminal and the IC card.
- the dynamic challenge code verification module 105 is configured to verify the first signature data in the case that the following success status code is received from the first receiving/transmitting module, and in the case that the first signature data verification is successful, The subsequent transaction processing is started and the exception processing is executed in the case where the first signature data verification fails.
- the first receiving/transmitting module 104 is configured to execute the I'nJ of the POS terminal and the card application module of the IC card. Data transmission and reception, that is, the dynamic challenge code stored in the first storage module 103, the first offline PIN1 is transmitted to the second receiving/transmitting module 203 of the card application module 200 of the following IC card, and correspondingly also from the following The second receiving/transmitting module 203 of the card application module 200 of the IC card receives the data. The first receiving/transmitting module 104 sends the generated dynamic challenge code and the first offline PIN1 generated by the dynamic challenge code generating module 102 and stored in the first storage module 103 to the second receiving/transmitting module 203.
- the first receiving/transmitting module 104 first sends the generated dynamic challenge code generated by the dynamic challenge code generating module 102 and stored in the first storage module 103 to the second receiving/transmitting module 203, and then the first The offline PIN1 is sent to the second receiving/transmitting module 203.
- the password verification module 201 is configured to verify the first offline PIN1 received from the POS terminal and the second offline PIN2 pre-stored in the IC card (the second offline PIN2 is the real password of the IC card) Whether it is consistent and outputs an error status code if the verification is inconsistent, and outputs a success status code 9000 if the verification is successful.
- the digital signature module 202 is configured to perform a prescribed calculation on the first offline PIN1 and the second offline PIN2 when the password verification module 201 verifies that the first offline PIN 1 and the second offline PIN2 are consistent. A signature data.
- the second receiving/transmitting module 203 is configured to perform data transmission and reception between the POS terminal 100 and the card application module 200 of the IC card, and the first signature data and the success status in the case that the password verification module 201 is successfully verified.
- the code returns to the first receiving/transmitting module 105 and transmits an error status code to the first receiving/transmitting module 104 in the event that the verification by the password verification module 201 fails.
- the digital signature module 202 is configured to calculate a first XOR value of the dynamic challenge code and the second offline PIN2, and perform data signature on the first XOR value with a private key to generate a first Signature data.
- the dynamic challenge code verification module 105 calculates the second XOR value of the dynamic challenge code and the first offline PIN1, performs data signature on the second XOR value with the public key, generates second signature data, and compares Whether the first signature data and the second signature data are consistent, and if the comparison result is the same, the card application acknowledges that the PIN1 verification command sent by the POS terminal is executed; The middleman attacked.
- the IC card offline authentication system of the present invention by utilizing digital signature technology and dynamic challenge code, Not only can the IC card verify the offline PIN, but also the terminal can verify the offline PI.
- the method is simple, practical, safe and reliable, and can effectively prevent attacks against the offline PIN authentication process and ensure the security in the IC card payment process.
- the offline PIN authentication and offline PIN authentication system of the present invention have the following features: not only the card is authenticated to the cardholder, but also the terminal authenticates the cardholder. Further improving the security of the handover; the terminal no longer knows whether the cardholder authentication is successful only by the returned status code, but further validates whether the card actually performs the offline PIN authentication on the basis of the above idea; Improve the security of the acceptance environment.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016508002A JP6200068B2 (ja) | 2013-04-22 | 2014-04-22 | Icカードのオフラインpinの検証方法及びicカードのオフライン検証システム |
KR1020157032359A KR20150145238A (ko) | 2013-04-22 | 2014-04-22 | Ic 카드의 오프라인 핀 인증 방법 및 ic 카드 오프라인 인증 시스템 |
US14/785,193 US10839362B2 (en) | 2013-04-22 | 2014-04-22 | Offline pin authentication method and system for IC card |
EP14787517.3A EP2991263B1 (en) | 2013-04-22 | 2014-04-22 | Offline pin authentication method and system for ic card |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310139644.4A CN104113411B (zh) | 2013-04-22 | 2013-04-22 | 一种ic卡脱机pin验证方法以及ic卡脱机验证*** |
CN201310139644.4 | 2013-04-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014173280A1 true WO2014173280A1 (zh) | 2014-10-30 |
Family
ID=51710050
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/075903 WO2014173280A1 (zh) | 2013-04-22 | 2014-04-22 | 一种ic卡脱机pin验证方法以及ic卡脱机验证*** |
Country Status (6)
Country | Link |
---|---|
US (1) | US10839362B2 (zh) |
EP (1) | EP2991263B1 (zh) |
JP (1) | JP6200068B2 (zh) |
KR (1) | KR20150145238A (zh) |
CN (1) | CN104113411B (zh) |
WO (1) | WO2014173280A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2636694C2 (ru) * | 2016-01-25 | 2017-11-27 | Акционерное общество "Национальная система платежных карт" | Способ организации защищённого обмена сообщениями |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102453705B1 (ko) | 2015-09-25 | 2022-10-11 | 삼성전자주식회사 | 호스트의 정당성 여부에 따라 선택적으로 결제 기능을 온(on)하는 결제 장치의 동작 방법 |
SE540544C2 (sv) * | 2015-10-30 | 2018-09-25 | Id Loop Ab | Förfarande för betalning med kontantkort |
CN105678547B (zh) * | 2015-12-28 | 2019-07-26 | 飞天诚信科技股份有限公司 | 一种检查持卡人身份的终端及其工作方法 |
KR101830339B1 (ko) | 2016-05-20 | 2018-03-29 | 한국전자통신연구원 | 양자 네트워크상에서의 양자키 분배 장치 및 방법 |
US10645577B2 (en) * | 2016-07-15 | 2020-05-05 | Avago Technologies International Sales Pte. Limited | Enhanced secure provisioning for hotspots |
CN106789086B (zh) * | 2017-01-25 | 2019-11-29 | 中钞***产业发展有限公司杭州区块链技术研究院 | 一种用于移动终端的数字签名方法及其装置 |
CN109508995A (zh) * | 2018-12-12 | 2019-03-22 | 福建新大陆支付技术有限公司 | 一种基于支付终端的脱机授权方法及支付终端 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8095113B2 (en) * | 2007-10-17 | 2012-01-10 | First Data Corporation | Onetime passwords for smart chip cards |
CN102377570A (zh) * | 2011-11-07 | 2012-03-14 | 飞天诚信科技股份有限公司 | 一种生成动态口令的方法和装置 |
WO2012106757A1 (en) * | 2011-02-07 | 2012-08-16 | David Ball | A smart card with verification means |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6327578B1 (en) * | 1998-12-29 | 2001-12-04 | International Business Machines Corporation | Four-party credit/debit payment protocol |
EP1225534A4 (en) * | 1999-10-07 | 2006-04-19 | Fujitsu Ltd | INTEGRATED CIRCUIT EXCHANGE SYSTEM |
CA2459726C (en) * | 2001-10-05 | 2013-09-03 | Mastercard International Incorporated | System and method for integrated circuit card data storage |
US7363494B2 (en) * | 2001-12-04 | 2008-04-22 | Rsa Security Inc. | Method and apparatus for performing enhanced time-based authentication |
US7784684B2 (en) * | 2002-08-08 | 2010-08-31 | Fujitsu Limited | Wireless computer wallet for physical point of sale (POS) transactions |
JP2004178338A (ja) | 2002-11-28 | 2004-06-24 | Hitachi Ltd | 認証システム、および決済システム |
KR20030047910A (ko) | 2003-03-03 | 2003-06-18 | 주식회사 드림시큐리티 | 무선단말기를 이용한 전자결제방법 |
US7761374B2 (en) * | 2003-08-18 | 2010-07-20 | Visa International Service Association | Method and system for generating a dynamic verification value |
US8966276B2 (en) * | 2003-09-12 | 2015-02-24 | Emc Corporation | System and method providing disconnected authentication |
JP4616611B2 (ja) * | 2004-10-08 | 2011-01-19 | 富士通株式会社 | 生体認証装置 |
JP2009510955A (ja) * | 2005-10-05 | 2009-03-12 | プリヴァスヒア アーゲー | ユーザ認証の方法およびデバイス |
US8041030B2 (en) * | 2007-01-09 | 2011-10-18 | Mastercard International Incorporated | Techniques for evaluating live payment terminals in a payment system |
US8152074B1 (en) * | 2008-03-28 | 2012-04-10 | Oracle America, Inc. | Method for preparing by a smart card issuer an anonymous smart card and resulting structure |
KR20100043799A (ko) | 2008-10-21 | 2010-04-29 | 순천향대학교 산학협력단 | Mtm 기반 모바일 단말기 간의 비밀 데이터 이전 방법 |
FR2946445B1 (fr) * | 2009-06-05 | 2015-10-30 | Jade I | Procede d'acquisition d'une donnee en provenance d'un utilisateur lors d'un paiement par carte avec un terminal de paiement |
KR20120053398A (ko) * | 2010-11-17 | 2012-05-25 | 삼성전자주식회사 | 컨텐츠를 검증하기 위한 서명 장치와 검증 장치를 포함하는 검증 시스템 및 검증 방법 |
-
2013
- 2013-04-22 CN CN201310139644.4A patent/CN104113411B/zh active Active
-
2014
- 2014-04-22 WO PCT/CN2014/075903 patent/WO2014173280A1/zh active Application Filing
- 2014-04-22 EP EP14787517.3A patent/EP2991263B1/en active Active
- 2014-04-22 KR KR1020157032359A patent/KR20150145238A/ko not_active Application Discontinuation
- 2014-04-22 JP JP2016508002A patent/JP6200068B2/ja active Active
- 2014-04-22 US US14/785,193 patent/US10839362B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8095113B2 (en) * | 2007-10-17 | 2012-01-10 | First Data Corporation | Onetime passwords for smart chip cards |
WO2012106757A1 (en) * | 2011-02-07 | 2012-08-16 | David Ball | A smart card with verification means |
CN102377570A (zh) * | 2011-11-07 | 2012-03-14 | 飞天诚信科技股份有限公司 | 一种生成动态口令的方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2991263A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2636694C2 (ru) * | 2016-01-25 | 2017-11-27 | Акционерное общество "Национальная система платежных карт" | Способ организации защищённого обмена сообщениями |
Also Published As
Publication number | Publication date |
---|---|
JP6200068B2 (ja) | 2017-09-20 |
KR20150145238A (ko) | 2015-12-29 |
CN104113411B (zh) | 2017-09-29 |
EP2991263A4 (en) | 2016-12-14 |
US20160071081A1 (en) | 2016-03-10 |
CN104113411A (zh) | 2014-10-22 |
EP2991263A1 (en) | 2016-03-02 |
JP2016518661A (ja) | 2016-06-23 |
US10839362B2 (en) | 2020-11-17 |
EP2991263B1 (en) | 2020-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021203815B2 (en) | Methods for secure cryptogram generation | |
CN106664208B (zh) | 使用安全传输协议建立信任的***和方法 | |
CN106575326B (zh) | 利用非对称加密实施一次性密码的***和方法 | |
WO2014173280A1 (zh) | 一种ic卡脱机pin验证方法以及ic卡脱机验证*** | |
CN101350723B (zh) | 一种USB Key设备及其实现验证的方法 | |
TWI512524B (zh) | 身份驗證系統及方法 | |
JP2014524218A (ja) | 証明書の検証 | |
CN116629871B (zh) | 一种订单线上支付***及支付方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14787517 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016508002 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14785193 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014787517 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20157032359 Country of ref document: KR Kind code of ref document: A |