CN102710412B - Method and device for compatible management of encryption algorithm - Google Patents

Method and device for compatible management of encryption algorithm Download PDF

Info

Publication number
CN102710412B
CN102710412B CN201210139449.7A CN201210139449A CN102710412B CN 102710412 B CN102710412 B CN 102710412B CN 201210139449 A CN201210139449 A CN 201210139449A CN 102710412 B CN102710412 B CN 102710412B
Authority
CN
China
Prior art keywords
data
block
cryptographic algorithm
card
application identities
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210139449.7A
Other languages
Chinese (zh)
Other versions
CN102710412A (en
Inventor
代红维
张楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN201210139449.7A priority Critical patent/CN102710412B/en
Publication of CN102710412A publication Critical patent/CN102710412A/en
Application granted granted Critical
Publication of CN102710412B publication Critical patent/CN102710412B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a computer electronic account managing technology and discloses a method and a device for compatible management of an encryption algorithm. The method comprises the following steps of: setting AID menus of different encryption algorithms in a PSAM (Purchase Secure Access Module) card and a user card; saving application data needed by an executing payment flow into each AID menu, so that no matter which encryption algorithm is supported by the user card, the PSAM card can be matched and the corresponding encryption algorithm is called to finish the payment flow; the different AID menus can be conveniently utilized and the compatible management of the different encryption algorithms under the same application flow is realized; on the premise that the payment flow is not changed, any other instruction is not added and terminal equipment is not modified, the user card and the PASM card can be guaranteed to be smoothly transited to a standard encryption algorithm formulated by National Password Bureau through a DES (Data Encryption Standard) algorithm; and the working performance of a payment system is guaranteed and the cost is minimized.

Description

The method of cryptographic algorithm compatibility management and device
Technical field
The present invention relates to electronic account administrative skill, particularly to method and the device of the management of cryptographic algorithm compatibility.
Background technology
Domestic at present electronic account carrier (as, IC-card, SIM card), substantially be all use DES(DataEncryption Standard, data encryption standard) algorithm is as cryptographic algorithm, wherein, so-called electronic account refers to EDEP(Electronic Purse Electronic Deposit, stored value card electronic bankbook) etc. virtualized currency application mode.
For IC-card, the embody rule flow process of electronic account carrier as shown in Figure 1, wherein, different transactional operation will be carried out after selecting different types of transaction, such as: circle is deposited, consumes, enclosed and carry etc., these operations all relate to electronic account carrier, point-of-sale terminal and point-of-sale terminal inner PSAM(PurchaseSecure Access Module, consumption safety access module) between proof procedure, this kind of proof procedure will relate to and use DES algorithm to carry out mutual certification.
Due to the limitation of DES algorithm, and DES algorithm Bu Shi State Commercial Cryptography Administration specified standard algorithm, therefore, in technical development from now on, DES algorithm be bound to other Encryption Standard algorithm of being specified by State Commercial Cryptography Administration replace, such as, SM1(ShangMi 1, secret No. 1 of business) algorithm, so just relate to a transition process with the different cryptographic algorithm of application.
Under prior art, with be applied in move between different cryptographic algorithm time, point-of-sale terminal (e.g., POS), point-of-sale terminal inner PSAM(Purchase Secure Access Module can be related to, consumption safety access module), and electronic account carrier amendment.Accordingly, market can engender the electronic account carrier and point-of-sale terminal that can apply national standard cryptographic algorithm, but, the electronic account carrier of DES algorithm and point-of-sale terminal only can be used also can not to withdraw from the market at once, therefore, just there will be the scene that DES algorithm and new national standard cryptographic algorithm are applied simultaneously.
In such cases, once the cryptographic algorithm that the cryptographic algorithm that uses of electronic account carrier and point-of-sale terminal use is inconsistent, just there will be cannot be compatible situation, this will have a strong impact on the normal use of stored value card.
Summary of the invention
Embodiments provide method and the device of the management of cryptographic algorithm compatibility, compatible in order to the application realizing DES algorithm and new national standard cryptographic algorithm.
The concrete technical scheme that the embodiment of the present invention provides is as follows:
A method for cryptographic algorithm compatibility management, comprising:
In consumption safety access module PSAM card and/or subscriber card, corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data;
When PSAM card knows that subscriber card triggers payment flow, send selection instruction to subscriber card, in this selection instruction, carry cryptographic algorithm application identities symbol;
If corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in described subscriber card, then described subscriber card responds to described PSAM card, know the local cryptographic algorithm application identities symbol supporting to use to PSAM cartoon, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and PSAM card carry out payment consults;
If corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in described PSAM card, then PSAM card is according to the response of subscriber card, determine the cryptographic algorithm application identities symbol that subscriber card support uses, and the application data of preserving under adopting catalogue corresponding to this encryption algorithm identifiers and subscriber card carry out payment consults.
A device for cryptographic algorithm compatibility management, comprising:
Memory module, for setting up catalogue respectively at local corresponding multiple second cryptographic algorithm application identities symbol and preserve corresponding application data;
Communication module, for when knowing that subscriber card triggers payment flow, sends selection instruction to subscriber card, carries cryptographic algorithm application identities symbol in this selection instruction,
Processing module, for the response according to subscriber card, when determining the cryptographic algorithm algorithm application identifier that subscriber card support uses, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and subscriber card carry out payment consults.
A device for cryptographic algorithm compatibility management, comprising:
Memory module, sets up catalogue respectively for multiple encryption algorithms application identities symbol corresponding in subscriber card and preserves corresponding application data;
Communication module, for after triggering payment flow, receives the selection instruction that consumption safety access module PSAM card sends, carries cryptographic algorithm application identities symbol in this selection instruction;
Control module, for responding to PSAM card, knows the local cryptographic algorithm application identities symbol supporting to use to PSAM cartoon, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and PSAM card carry out payment consults.
In the embodiment of the present invention, the AID catalogue of different cryptographic algorithm is all provided with in PSAM card and subscriber card, and under each AID catalogue, preserve the application data performed needed for payment flow, like this, no matter any cryptographic algorithm supported by subscriber card, PSAM card all can coordinate and calls corresponding cryptographic algorithm and complete payment flow, correspondingly, no matter any cryptographic algorithm supported by PSAM card, subscriber card also all can coordinate and calls corresponding cryptographic algorithm and complete payment flow, convenient for different AID catalogues, achieve same application flow process under different cryptographic algorithm compatibility management, do not changing payment flow, not add any other instruction, under not revising the prerequisite of terminal equipment, ensure that subscriber card and PSAM card can be well on transition to the standard encryption algorithms that State Commercial Cryptography Administration formulates by DES algorithm, while ensure that payment system service behaviour, also reduce to minimum by realizing cost.
Accompanying drawing explanation
Fig. 1 is electronic account application flow schematic diagram under prior art;
Fig. 2 is PSAM card and subscriber card illustrative view of functional configuration in the embodiment of the present invention;
Fig. 3 is the file content schematic diagram of record in PSAM card in the embodiment of the present invention;
Fig. 4 is the file content schematic diagram recorded in subscriber card in the embodiment of the present invention;
Fig. 5 is that in the embodiment of the present invention, PSAM card and subscriber card carry out compatible management flow chart to cryptographic algorithm;
Fig. 6 is encrypted schematic diagram to message in the embodiment of the present invention in payment flow;
Fig. 7 is encrypted schematic diagram to clear data in the embodiment of the present invention in data updating process;
Fig. 8 is decrypted schematic diagram to encrypt data in the embodiment of the present invention in data updating process.
Embodiment
In order to realize multiple encryption algorithms application compatible, have following several mode available:
1, the national standard cryptographic algorithm of DES algorithm and new definition is set in electronic account carrier simultaneously, can support that the point-of-sale terminal of use two kinds of cryptographic algorithm can by different AID(ApplicationIdentifer, application identities accords with), select to use any algorithm for electronic account carrier.
2, can support that the point-of-sale terminal of use two kinds of cryptographic algorithm is to electronic account carrier transmission algorithm selection instruction, only have command verification success could use corresponding cryptographic algorithm.
3, can support that the point-of-sale terminal of use two kinds of cryptographic algorithm sends instruction to electronic account, which kind of cryptographic algorithm this instruction uses, and which kind of cryptographic algorithm is follow-up acquiescence use.
4, can support between the point-of-sale terminal of use two kinds of cryptographic algorithm and electronic account carrier, to adopt noncontact agreement to utilize ATQA(Answer To request Type A, the request-reply of category-A) and REQA(REQuest command Type A, the request command of category-A) RFU(Reserved for Future Use, use after being reserved as) byte is encrypted the negotiation of algorithm.
5, can support that the point-of-sale terminal of use two kinds of cryptographic algorithm adopts ciphertext+MAC(MessageAuthentication Code, message-authentication code) mode send instructions under electronic account carrier, electronic account carrier according to deciphering after content judge to use which kind of cryptographic algorithm.
In theory, several modes above can realize the migration of cryptographic algorithm, but 2-5 kind mode but exists following defect:
When adopting the 2nd kind of mode, owing to adding a selection instruction, therefore can revise transaction flow, thus improve implementation complexity;
When adopting the 3rd kind of mode, be used to indicate owing to too increasing one the instruction adopting which kind of cryptographic algorithm, therefore also can revise transaction flow, thus improve implementation complexity;
When adopting the 4th kind of mode, owing to relating to noncontact agreement and the amendment contacting agreement, the compatibility of point-of-sale terminal can be affected;
When adopting the 5th kind of mode, owing to being determine to adopt which kind of cryptographic algorithm by decrypted message, therefore the fail safe of algorithm is not high.
As can be seen here, the compatibility adopting the 1st kind of mode to realize cryptographic algorithm is more satisfactory selection.Be specially: in PSAM card and/or subscriber card, corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data, when PSAM card knows that subscriber card triggers payment flow, selection instruction is sent to subscriber card, cryptographic algorithm application identities symbol is carried in this selection instruction, if corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in subscriber card, then subscriber card responds to PSAM card, the local cryptographic algorithm application identities symbol supporting to use is known to PSAM cartoon, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and PSAM card carry out payment consults, if corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in PSAM card, then PSAM card is according to the response of subscriber card, determine the cryptographic algorithm application identities symbol that subscriber card support uses, and the application data of preserving under adopting catalogue corresponding to this encryption algorithm identifiers and subscriber card carry out payment consults.When PSAM card and subscriber card carry out payment negotiation, namely PSAM card is the opposite end of subscriber card, and accordingly, subscriber card is also the opposite end of PSAM card, PSAM card and subscriber card all can adopt mutually corresponding cryptographic algorithm and opposite end to carry out payment and consult, and detailed process is described in subsequent embodiment.
In practical application, the cryptographic algorithm can preserved in PSAM card and subscriber card has multiple, in following examples, is only described for DES algorithm and these two kinds of cryptographic algorithm of SM1 algorithm.
Below in conjunction with accompanying drawing, the preferred embodiment of the present invention is described in detail.
Consult shown in Fig. 2, in the embodiment of the present invention, the PSAM card arranged in terminal equipment (e.g., POS) inside comprises memory module 20, communication module 21 and processing module 22, wherein,
Memory module 20, the AID for AID and the SM1 algorithm of corresponding DES algorithm respectively sets up catalogue and preserves corresponding application data; Wherein, the AID of DES algorithm continues to use the AID used at present, as AID (DES)=A00001, and the AID AID of SM1 algorithm then being used new definition, as AID (SM1)=A00002, is follow-uply all so arranged, and will repeat no more.
Such as, consult shown in Fig. 3, record respectively based on the application data of DES algorithm and the application data based on SM1 algorithm under the DES catalogue and SM1 catalogue of memory module 20 preservation.Wherein, the application master control key data element (e.g., KEY file) used under can being included in DES algorithm based on the application data of DES algorithm, applicating maintenance key data unit, apply main work key data unit, application public information file and terminal applies transaction sequence number unit; Equally, the application master control key data element (e.g., Key file) used under can being included in SM1 algorithm based on the application data of SM1 algorithm, applicating maintenance key data unit, apply main work key data unit, application public information file and terminal applies transaction sequence number unit;
Further, card management related data is also recorded in memory module 20, as, DIR(Directory, catalogue) catalogue data file, card master control key data element, card maintenance key data element, card public information file, end message file etc., other application class data can also be preserved, illustrate no longer one by one at this.
In the embodiment of the present invention, in order to save memory space, can preserve the application data (being only citing) needed for payment flow in the following ways in memory module 20: first, the AID of corresponding SM1 algorithm sets up SM1 catalogue; Secondly, the AID of corresponding DES algorithm sets up DES catalogue; Finally, SM1 catalogue and DES catalogue are pointed to identical file folder, and in this file, preserve the application data performed needed for payment flow, wherein, in this application data, record the Key file (being called Key1) associated with SM1 algorithm and the Key file (being called Key2) associated with DES algorithm.
As shown in Figure 3, the meaning so arranged is, DES catalogue has been mapped to SM1 catalogue, two kinds of catalogues point to identical file folder, the common application data needed for payment flow is saved in this file, as, applicating maintenance key data unit, apply main work key data unit, application public information file and terminal applies transaction sequence number unit etc., in order to distinguish DES algorithm and SM1 algorithm, Key file can be adopted to identify, both corresponding DES catalogue arranged the Key1 associated with DES algorithm in file, and corresponding SM1 catalogue arranges the Key2 associated with SM1 algorithm in file, like this, in follow-up flow process, if PSAM card uses DES algorithm to perform payment flow, then enter file by DES catalogue, and adopt Key1 to carry out encryption and decryption to the application data of read/write file, if and PSAM card uses SIM1 algorithm to perform payment flow, then enter file by SM1 catalogue, and adopt Key2 to carry out encryption and decryption to the application data of read/write file.Like this, the effective utilization to PSAM card memory space can be ensured, reduce by DES algorithm to the production of PSAM card in SM1 algorithm transition process and maintenance cost
Communication module 20, for when being known that by terminal equipment subscriber card triggers payment flow, being sent selection instruction to subscriber card, carrying the AID of SM1 algorithm or DES algorithm in this selection instruction;
Processing module 22, for the feedback according to subscriber card, when determining subscriber card support use SM1 algorithm, adopts AID (SM1)the application data of preserving under corresponding catalogue and subscriber card carry out payment to be consulted, and when determining subscriber card support use DES algorithm, adopts AID (DES)the application data of preserving under corresponding catalogue and subscriber card carry out payment to be consulted.
Consult shown in Fig. 2, in the embodiment of the present invention, subscriber card (i.e. electronic account carrier, e.g., IC-card, SIM card etc.) comprise memory module 200, communication module 201 and control module 202, wherein,
Memory module 200, the AID for AID and the DES algorithm of corresponding SM1 algorithm respectively sets up catalogue and preserves corresponding application data;
Such as, consult shown in Fig. 4, record in the master file of memory module 200 based on the application data of DES algorithm and the application data based on SM1 algorithm simultaneously.Wherein, the Key file, common application constituent instruments, holder's constituent instruments, transaction details file, storage file and the wallet file that use under DES algorithm can being included in based on the application data of DES algorithm; Equally, the Key file, common application constituent instruments, holder's constituent instruments, transaction details file, storage file and the wallet file that use under SM1 algorithm can being included in based on the application data of SM1 algorithm;
Further, also record card management related data in memory module 200, e.g., the Key file, catalogue file etc. of card, can also preserve other application class data, illustrate no longer one by one at this.
With PSAM card in like manner, in the embodiment of the present invention, in order to save memory space, can preserve the application data (being only citing) needed for payment flow in the following ways in memory module 200: first, the AID of corresponding SM1 algorithm sets up SM1 catalogue; Secondly, the AID of corresponding DES algorithm sets up DES catalogue; Finally, SM1 catalogue and DES catalogue are pointed to identical file folder, and in this file, preserve the application data performed needed for payment flow, wherein, record the Key file associated with SM1 algorithm in this application data and (be called Key1, corresponding with PSAM card) and the Key file (being called Key2, corresponding with PSAM card) that associates with DES algorithm.
As shown in Figure 4, the meaning so arranged is, DES catalogue has been mapped to SM1 catalogue, two kinds of catalogues point to identical file folder, the common application data needed for payment flow is saved in this file, as, common application constituent instruments, holder's constituent instruments, transaction details file, storage file and wallet file etc., in order to distinguish DES algorithm and SM1 algorithm, Key file can be adopted to identify, both corresponding DES catalogue arranged the Key1 associated with DES algorithm in file, and corresponding SM1 catalogue arranges the Key2 associated with SM1 algorithm in file, like this, in follow-up flow process, if PSAM card uses DES algorithm to perform payment flow, then enter file by DES catalogue, and adopt Key1 to carry out encryption and decryption to the application data of read/write file, if and PSAM card uses SIM1 algorithm to perform payment flow, then enter file by SM1 catalogue, and adopt Key2 to carry out encryption and decryption to the application data of read/write file.Like this, the effective utilization to subscriber card memory space can be ensured, reduce by DES algorithm to the production of subscriber card in SM1 algorithm transition process and maintenance cost
Communication module 201, for after triggering payment flow, receives the selection instruction that PSAM card sends, carries the AID of SM1 algorithm in this selection instruction; Certainly, also can the AID of DES algorithm, herein only for the AID of SM1 algorithm.
Control module 202, feeds back to PSAM card for the encryption algorithm type supported according to this locality, if when determining local support use SM1 algorithm, then adopt AID (SM1)the application data of preserving under corresponding catalogue and PSAM card carry out payment to be consulted, if determine, local support uses DES algorithm, then adopt AID (DES)the application data of preserving under corresponding catalogue and PSAM card carry out payment to be consulted.
In the present embodiment, the Key file based on SM1 algorithm preserved separately in PSAM card and subscriber card (as, Key1) and based on SM1 algorithm Key file (as, Key2) be write according to the requirement of operator is corresponding in the card production phase, therefore, PSAM card and subscriber card can use respective Key file and opposite end to carry out payment smoothly to consult.
Based on technique scheme, consult shown in Fig. 5, in the embodiment of the present invention, it is as follows that PSAM card and subscriber card carry out the compatible detailed process managed to cryptographic algorithm:
Step 500: subscriber card triggers payment flow.
Such as, user uses subscriber card to swipe the card in POS, thus triggers payment flow, PSAM card is provided with in POS, PSAM cartoon crosses POS can complete the information interaction with subscriber card, for convenience of description follow-up, directly introduces the interaction flow between PSAM card and subscriber card.
Step 510:PSAM card sends selection instruction to subscriber card, carries the AID of SM1 algorithm, i.e. A00002 in this selection instruction after knowing that subscriber card triggers payment flow.
In the embodiment of the present invention, all record the AID of AID and the SM1 algorithm of DES algorithm in PSAM card and subscriber card, preferably, DES algorithm AID continues to use existing AID, is designated as AID (DES)the AID of=A00001, SM1 algorithm then uses the AID of new definition, is designated as AID (SM1)=A00002.
In step 510, PSAM card also can carry the AID of DES algorithm in selection instruction, i.e. A00001, in the present embodiment, is only introduced to carry A00002.
Step 520: after subscriber card receives the selection instruction of PSAM card transmission, according to supporting that the encryption algorithm type used is fed back to PSAM card.
Such as, the AID that subscriber card receives the transmission of PSAM card is after A00002, judge whether this locality is supported to use SM1 algorithm, if, then to the correct response message of PSAM card feedback, further, clear data required in some payment flows can also together be fed back with correct response message, as, subscriber card numbering etc.; Otherwise, to PSAM card feedback error response message.
Does according to the feedback of subscriber card, step 530:PSAM card judge that SM1 algorithm supported by subscriber card? if so, then carry out step 540; Otherwise, carry out step 560.
In the present embodiment, when PSAM clamping receives the correct response message of subscriber card feedback, determine that subscriber card support uses SM1 algorithm, PSAM card prepares to adopt SM1 algorithm to perform follow-up payment flow according to the clear data obtained simultaneously, if PSAM clamping receives the error response message of subscriber card feedback, then PSAM card determines that subscriber card pays use SM1 algorithm, now, preferably, initiatively can feed back to PSAM card the clear data used in continuation payment flow process by subscriber card, also again can be sent the AID of DES algorithm to subscriber card by PSAM card, i.e. A00001, when subscriber card receives A00001 and determines local payment use DES algorithm, the clear data used in the payment flow returned to PSAM card again, PSAM card then prepares to adopt DES algorithm to perform follow-up payment flow according to the clear data obtained.
The SM1 algorithm related application data that step 540:PSAM card and subscriber card are all preserved under SM1 catalogue is selected in this locality.
Be specially: PSAM cartoon is crossed local SM1 catalogue and imported the file preserving application data, read Key1 and other application datas; Subscriber card also imports the file preserving application data by local SM1 catalogue, read Key1T and other application datas.
Step 550:PSAM card and subscriber card adopt the application data based on SM1 algorithm obtained to carry out payment and consult, to complete payment flow between the two, wherein, pay performing according to existing mode of the concrete steps of consulting, difference is by using DES algorithm to change the encryption and decryption using SM1 algorithm to carry out associative operation into.
In the process performing step 550, PSAM calorie requirement uses Key1 to be encrypted the message mailing to subscriber card.
In like manner, subscriber card also needs to adopt Key1 to be encrypted the message returning back to PSAM card.
The DES algorithm related application data that step 560:PSAM card and subscriber card are all preserved under DES catalogue is selected in this locality.
Be specially: PSAM cartoon is crossed local DES catalogue and imported the file (identical with the file imported by SM1 catalogue) preserving application data, read Key2 and other application datas; Subscriber card also imports the file (identical with the file imported by SM1 catalogue) preserving application data by local DES catalogue, read Key2 and other application datas.
Step 570:PSAM card and subscriber card adopt the application data based on DES algorithm obtained to carry out payment and consult, and to complete payment flow between the two, wherein, pay the concrete steps of consulting and perform according to existing mode.
In the process performing step 570, PSAM calorie requirement uses Key2 to be encrypted the message mailing to subscriber card.
In like manner, subscriber card also needs to adopt Key2 to be encrypted the message returning back to PSAM card.
So far, the payment flow between PSAM card and subscriber card is finished, and subscriber card is successfully completed one-time-consumption.
In the above-described embodiments, when carrying out payment negotiation between PSAM card and subscriber card, in order to ensure the fail safe of user data, both sides all need to adopt Key1 or Key2 to be encrypted mutual message.
Preferably, in the present embodiment, PSAM card and subscriber card adopt Key1, and the mode namely adopting SM1 algorithm to be encrypted message is specific as follows:
The random number that A, acquisition subscriber card generate, and this random number is adjusted to the initial value of 16 bytes.
Such as, if PSAM card performs encryption flow, send Get Challenge order to subscriber card, obtain the random number of generation from subscriber card, if subscriber card performs encryption flow, then the direct random number obtaining generation in this locality.
In practical application, the random number that subscriber card generates may be 4 bytes, 8 bytes or 16 bytes, and according to different situations, mode random number being adjusted to the initial value of 16 bytes is also different, is specially:
If the random number length obtained is 4 bytes, then adopt 4 bytes " 0 " to carry out cover in the last position of 4 byte random numbers and form 8 byte datas, i.e. " 4 byte random number+4 byte ' 0 '=8 byte DATA ", then, this 8 byte data inverted value after cover is carried out in the last position of this 8 byte data is adopted to form 16 byte datas, i.e. " ' 8 byte DATA+8 byte DATA ' inverted value=16 byte data ", this 16 byte data is both as the initial value of follow-up cryptographic calculation.Such as, 4 byte random number numbers are " 11111111 ", then the initial value after adjustment is " 1111111100000000EEEEEEEEFFFFFFFF ".
If the random number length obtained is 8 bytes, this 8 byte random number inverted value after cover is carried out in the last position of this 8 byte random number is then adopted to form 16 byte datas, namely " ' 8 byte random number+8 byte random numbers ' inverted value=16 byte data ", this 16 byte data is both as the initial value of follow-up cryptographic calculation.Such as, 8 byte random numbers are " 1111111111111111 ", then the initial value after adjustment is " 1111111111111111EEEEEEEEEEEEEEEE ".
If the random number length obtained is 16 bytes, then direct using the initial value of this 16 byte random number as follow-up cryptographic calculation.
B, based on specified format, data to be transmitted is formed primary data.
Such as, adopt the form of " command message head+command message body " that data to be transmitted is formed primary data, wherein; command message head can comprise CLA, INS, P1; P2, Lc+4, preferably; need the rear nibble of CLA to be set to hexadecimal " 4 ", then need in command message body to carry data waiting for transmission, be designated as DATA; this DATA can be plaintext version, also can be ciphertext form, as; if desired carry out link encryption protection, then need DATA to transmit with ciphertext form.
C, primary data is divided into some data blocks in units of 16 bytes, and according to setting means, cover is carried out to last data block.
Such as, by divide after each data block be designated as respectively BLOCK1, BLOCK2 ... BLOCKn, wherein, the data length of BLOCKn is likely 1-16 byte, therefore, needs to carry out cover to it, as, whether the length judging BLOCKn is 16 bytes, if so, then adopts 16 binary digits " 8000000000000000 " to carry out cover in position, BLOCKn end; Otherwise, 16 binary digits " 80 " are first adopted to carry out cover in the last position of BLOCKn, if reach 16 byte lengths, then perform subsequent operation, if do not reach 16 byte lengths, last position then after cover is continued employing 16 binary digits " 00 " and is carried out cover, until the length of BLOCKn reaches 16 bytes.
D, be initial with described initial value, according to from first data block to the order of last data block, perform XOR encryption successively and iterate computing, obtain the result of calculation of 16 bytes.
Consult shown in Fig. 6, for initial value and BLOCK1, BLOCK2, so-called XOR encryption iterates computing and namely refers to: initial value and BLOCK1 are carried out XOR, after operation result adopts Key1 to be encrypted, encrypted result (data length is also 16 bytes) is carried out XOR with BLOCK2, after adopting Key1 to be encrypted operation result again, prepare to be encrypted computing with BLOCK3 again ... by that analogy, until complete the XOR cryptographic calculation of last data block.
E, by step D obtain result of calculation in units of 4 bytes, be divided into multiple sub-block, and according to from first data block to the order of last sub-block, perform XOR successively and iterate computing, and using the operation result of 4 bytes that finally obtains as MAC(Message Authentication Code, message-authentication code), namely this MAC is the message after encryption.
For the first sub-block, the second sub-block and the 3rd sub-block, so-called XOR iterates computing and namely refers to: the first sub-block and the second sub-block are carried out XOR, again operation result and the 3rd sub-block are carried out XOR ... by that analogy, until complete the XOR cryptographic calculation of last sub-block.
The executive agent of above-mentioned steps A-step e both can be PSAM card, and also can be subscriber card (e.g., IC-card), both all can adopt aforesaid way and opposite end to carry out message interaction.
Based on above-described embodiment, in practical application, the application data to preserving in PSAM card and subscriber card is sometimes needed to upgrade, such as, the application public information file preserved in PSAM card is upgraded, again such as, the holder's constituent instruments preserved in subscriber card is upgraded.Updating device may be other back-stage management terminals outside POS, at no point in the update process, in order to ensure the fail safe of user data, PSAM calorie requirement adopts Key1 or Key2 pair and the mutual data of updating device to carry out encryption and decryption, in like manner, subscriber card also needs to adopt Key1 or Key2 pair and the mutual data of updating device to carry out encryption and decryption.
Preferably, in the present embodiment, encryption and decryption calculates and adopts ECB(Electronic Code Book, code book) as block mode of operation.
PSAM card and subscriber card adopt Key1, and the idiographic flow namely adopting SM1 algorithm to be encrypted data mutual in renewal process is as follows:
(1) determine the length of clear data to be encrypted, generate be-encrypted data;
Preferably, LD(Length of Data can be adopted in the data head of clear data, data length) represent the length of clear data, thus generate be-encrypted data;
(2) data to be sent obtained are divided into some block of plaintext data with 16 bytes, and according to setting means, cover are carried out to last block of plaintext data.
Such as, by divide after each block of plaintext data be designated as PLAIN1, PLAIN2 ... PLAINn, wherein, the data length of PLAINn is likely 1 ~ 16 byte, therefore, needs to carry out cover to it.As, when the data length determining PLAINn is not 16 byte, 16 binary digits " 80 " are adopted to carry out cover in the last position of PLAINn, if reach 16 byte lengths, then perform subsequent operation, if do not reach 16 byte lengths, then the last position after cover is continued employing 16 binary digits " 00 " and is carried out cover, until the length of PLAINn reaches 16 bytes.
(3) adopt Key1 to be encrypted each block of plaintext data respectively, obtain corresponding ciphertext block data.
Consult shown in Fig. 7, PSAM card and subscriber card all can adopt the local Key1 preserved to be encrypted the block of plaintext data dividing each 16 byte obtained, thus obtain the ciphertext block data of respective number, such as, each ciphertext block data is designated as CIPHER1, CIPHER2 successively ... CIPHERn.
(4) each ciphertext block data obtained is connected according to the stripe sequence of corresponding block of plaintext data, successively to obtain final enciphered data.
Now, the executed of data encryption flow process is complete, enciphered data can be inserted into order data territory, be ready for sending.
Accordingly, PSAM card and subscriber card adopt Key1, namely adopt the idiographic flow of SM1 algorithm to decrypt data mutual in renewal process as follows:
(1) data to be decrypted are obtained.As, in order data territory, obtain data to be decrypted.
(2) data to be decrypted are divided into some ciphertext block datas in units of 16 bytes.
Such as, each ciphertext block data after division is designated as CIPHER1, CIPHER2 ... CIPHERn.
(3) adopt a Key file to be decrypted each ciphertext block data respectively, obtain corresponding block of plaintext data.
Consult shown in Fig. 8, PSAM card and subscriber card all can adopt the local Key1 preserved to be decrypted the ciphertext block data dividing each 16 byte obtained, thus obtain the block of plaintext data of respective number, such as, each block of plaintext data is designated as PLAIN1, PLAIN2 successively ... PLAINn.
(4) each block of plaintext data obtained is connected successively according to the stripe sequence of corresponding ciphertext block data, obtain final data decryption.
Now, data decryption by LD, clear data, filling character forms, because LD represents clear data length, therefore, it can be used to recover clear data, namely judge that whether clear data complete.
Certainly, in the above-described embodiments, 16 bytes are only citing, in practical application, according to different applied environments, also can be replaced other setting byte length, do not repeat them here.
On the other hand, above-described embodiment has only carried out related description for the application scenarios saving two kinds of cryptographic algorithm in PSAM card and subscriber card, for the application scenarios of cryptographic algorithm saving more than three kinds and three kinds in PSAM card and subscriber card, the technical scheme that above-described embodiment provides stands good after corresponding adjustment, does not repeat them here.
In sum, in the embodiment of the present invention, the AID catalogue of different cryptographic algorithm all can be set in PSAM card and subscriber card, and under each AID catalogue, preserve the application data performed needed for payment flow, like this, no matter any cryptographic algorithm supported by subscriber card, PSAM card all can coordinate and calls corresponding cryptographic algorithm and complete payment flow, correspondingly, no matter any cryptographic algorithm supported by PSAM card, subscriber card also all can coordinate and calls corresponding cryptographic algorithm and complete payment flow, convenient for different AID catalogues, achieve same application flow process under different cryptographic algorithm compatibility management, do not changing payment flow, not add any other instruction, under not revising the prerequisite of terminal equipment, ensure that subscriber card and PSAM card can be well on transition to the standard encryption algorithms that State Commercial Cryptography Administration formulates by DES algorithm, while ensure that payment system service behaviour, also reduce to minimum by realizing cost.
On the other hand, in the embodiment of the present invention, also utilize the method for mapping different AID catalogue to be mapped to identical file folder, and adopt different Key files to be distinguished, thus realize the effective utilization to card memory space, avoid the waste of memory space.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (15)

1. the method for cryptographic algorithm compatibility management, is characterized in that, comprising:
In consumption safety access module PSAM card and subscriber card, corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data, specifically comprises: corresponding each cryptographic algorithm application identities symbol sets up corresponding catalogue respectively; The multiple catalogues set up are pointed to identical file folder, in this file, preserves the application data performed needed for payment flow, wherein, in described application data, record the Key file associated with each cryptographic algorithm respectively;
When PSAM card knows that subscriber card triggers payment flow, send selection instruction to subscriber card, in this selection instruction, carry cryptographic algorithm application identities symbol;
If corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in described subscriber card, then described subscriber card responds to described PSAM card, know the local cryptographic algorithm application identities symbol supporting to use to PSAM cartoon, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and PSAM card carry out payment consults;
If corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data in described PSAM card, then PSAM card is according to the response of subscriber card, determine the cryptographic algorithm application identities symbol that subscriber card support uses, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and subscriber card carry out payment consults.
2. the method for claim 1, it is characterized in that, payment is carried out when consulting in the application data that described PSAM card and subscriber card are preserved under adopting catalogue corresponding to any cryptographic algorithm application identities symbol and opposite end, in negotiations process, import the application data needed for the reading of described file or write from the catalogue that described any cryptographic algorithm application identities symbol is corresponding, and adopt corresponding Key file to be encrypted the message mailing to opposite end.
3. method as claimed in claim 2, is characterized in that, described PSAM card and subscriber card adopt Key file corresponding to any cryptographic algorithm application identities symbol to be encrypted the message mailing to opposite end, comprising:
Obtain the random number that subscriber card generates, and this random number is adjusted to the initial value of setting byte length;
Based on specified format, data to be transmitted is formed primary data;
To set in units of byte length, described primary data is divided into some data blocks, and according to setting means, cover is carried out to last data block;
Be initial with described initial value, according to from first data block to the order of last data block, adopt described Key file to perform XOR encryption successively and iterate computing, obtain the first result of calculation;
In units of 4 bytes, described first result of calculation is divided into multiple sub-block, and according to from first data block to the order of last sub-block, perform XOR successively and iterate computing, obtain the second result of calculation, and using the second result of calculation as final message-authentication code MAC.
4. the method as described in any one of claim 1-3, it is characterized in that, when described PSAM card and the application data of subscriber card to any cryptographic algorithm application identities symbol correspondence that this locality is preserved upgrade, in the following ways data mutual in renewal process are encrypted:
Determine the length of clear data to be sent, generate data to be sent;
Be some block of plaintext data to set described Data Placement to be sent in units of byte length, and according to setting means, cover carried out to last block of plaintext data;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be encrypted each block of plaintext data respectively, obtain corresponding ciphertext block data;
The each ciphertext block data obtained is connected successively according to the stripe sequence of corresponding block of plaintext data, obtains final enciphered data.
5. the method as described in any one of claim 1-3, it is characterized in that, when described PSAM card and the application data of subscriber card to any cryptographic algorithm application identities symbol correspondence that this locality is preserved upgrade, in the following ways to decrypt data mutual in renewal process:
Obtain data to be decrypted;
Be some ciphertext block datas to set described Data Placement to be decrypted in units of byte length;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be decrypted each ciphertext block data respectively, obtain corresponding block of plaintext data;
The each block of plaintext data obtained is connected successively according to the stripe sequence of corresponding ciphertext block data, obtains final data decryption.
6. the device of cryptographic algorithm compatibility management, is characterized in that, comprising:
Memory module, set up catalogue respectively for multiple encryption algorithms application identities symbol corresponding to this locality and preserve corresponding application data, described memory module is when in this locality, corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data, corresponding each cryptographic algorithm application identities symbol sets up corresponding catalogue respectively, and the multiple catalogues set up are pointed to identical file folder, the application data performed needed for payment flow is preserved in this file, wherein, the Key file associated with each cryptographic algorithm is recorded in described application data respectively;
Communication module, for when knowing that subscriber card triggers payment flow, sends selection instruction to subscriber card, carries cryptographic algorithm application identities symbol in this selection instruction,
Processing module, for the response according to subscriber card, when determining the cryptographic algorithm application identities symbol that subscriber card support uses, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and subscriber card carry out payment consults.
7. device as claimed in claim 6, it is characterized in that, the application data that described processing module is preserved under adopting catalogue corresponding to any cryptographic algorithm application identities symbol and subscriber card carry out payment when consulting, in negotiations process, import the application data needed for the reading of described file or write from the catalogue that described any cryptographic algorithm application identities symbol is corresponding, and adopt corresponding Key file to be encrypted the message mailing to subscriber card.
8. device as claimed in claim 7, is characterized in that, when described processing module adopts Key file corresponding to any cryptographic algorithm application identities symbol to be encrypted the message mailing to subscriber card, comprising:
Obtain the random number that subscriber card generates, and this random number is adjusted to the initial value of setting byte length;
Based on specified format, data to be transmitted is formed primary data,
To set in units of byte length, described primary data is divided into some data blocks, and according to setting means, cover is carried out to last data block;
Be initial with described initial value, according to from first data block to the order of last data block, adopt described Key file to perform XOR encryption successively and iterate computing, obtain the first result of calculation;
In units of 4 bytes, described first result of calculation is divided into multiple sub-block, and according to from first data block to the order of last sub-block, perform XOR successively and iterate computing, obtain the second result of calculation, and using the second result of calculation as final message-authentication code MAC.
9. the device as described in any one of claim 6-8, it is characterized in that, when the application data of described processing module to any cryptographic algorithm application identities symbol correspondence of preserving in local memory module upgrades, in the following ways data mutual in renewal process are encrypted:
Determine the length of clear data to be sent, generate data to be sent;
Be some block of plaintext data to set described Data Placement to be sent in units of byte length, and according to setting means, cover carried out to last block of plaintext data;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be encrypted each block of plaintext data respectively, obtain corresponding ciphertext block data;
The each ciphertext block data obtained is connected successively according to the stripe sequence of corresponding block of plaintext data, obtains final enciphered data.
10. the device as described in any one of claim 6-8, it is characterized in that, when the application data of described processing module to any cryptographic algorithm application identities symbol correspondence that local memory module is preserved upgrades, in the following ways to decrypt data mutual in renewal process:
Obtain data to be decrypted;
Be some ciphertext block datas to set described Data Placement to be decrypted in units of byte length;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be decrypted each ciphertext block data respectively, obtain corresponding block of plaintext data;
The each block of plaintext data obtained is connected successively according to the stripe sequence of corresponding ciphertext block data, obtains final data decryption.
The device of 11. cryptographic algorithm compatibility management, is characterized in that, comprising:
Memory module, set up catalogue respectively for multiple encryption algorithms application identities symbol corresponding in subscriber card and preserve corresponding application data, described memory module is when in this locality, corresponding multiple encryption algorithms application identities symbol is set up catalogue respectively and preserves corresponding application data, corresponding each cryptographic algorithm application identities symbol sets up corresponding catalogue respectively, the multiple catalogues set up are pointed to identical file folder, the application data performed needed for payment flow is preserved in this file, wherein, the Key file associated with each cryptographic algorithm is recorded in described application data respectively;
Communication module, for after triggering payment flow, receives the selection instruction that consumption safety access module PSAM card sends, carries cryptographic algorithm application identities symbol in this selection instruction;
Control module, for responding to PSAM card, knows the local cryptographic algorithm application identities symbol supporting to use to PSAM cartoon, and the application data of preserving under adopting this cryptographic algorithm application identities to accord with corresponding catalogue and PSAM card carry out payment consults.
12. devices as claimed in claim 11, it is characterized in that, the application data that described control module is preserved under adopting catalogue corresponding to any cryptographic algorithm application identities symbol and PSAM card carry out payment when consulting, in negotiations process, import the application data needed for the reading of described file or write from the catalogue that described any cryptographic algorithm application identities symbol is corresponding, and adopt corresponding Key file to be encrypted the message mailing to PSAM card.
13. devices as claimed in claim 12, is characterized in that, described control module adopts Key file corresponding to any cryptographic algorithm application identities symbol to be encrypted the message mailing to PSAM card, comprising:
Obtain the local random number generated, and this random number is adjusted to the initial value of setting byte length;
Based on specified format, data to be transmitted is formed primary data;
To set in units of byte length, described primary data is divided into some data blocks, and according to setting means, cover is carried out to last data block;
Be initial with described initial value, according to from first data block to the order of last data block, adopt described Key file to perform XOR encryption successively and iterate computing, obtain the first result of calculation;
In units of 4 bytes, described first result of calculation is divided into multiple sub-block, and according to from first data block to the order of last sub-block, perform XOR successively and iterate computing, obtain the second result of calculation, and using the second result of calculation as final message-authentication code MAC.
14. devices as described in any one of claim 11-13, it is characterized in that, when the application data of described control module to any cryptographic algorithm application identities symbol correspondence that local memory module is preserved upgrades, in the following ways data mutual in renewal process are encrypted:
Determine the length of clear data to be sent, generate data to be sent;
Be some block of plaintext data to set described Data Placement to be sent in units of byte length, and according to setting means, cover carried out to last block of plaintext data;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be encrypted each block of plaintext data respectively, obtain corresponding ciphertext block data;
The each ciphertext block data obtained is connected successively according to the stripe sequence of corresponding block of plaintext data, obtains final enciphered data.
15. devices as described in any one of claim 11-13, it is characterized in that, when the application data of described control module to any cryptographic algorithm application identities symbol correspondence that local memory module is preserved upgrades, in the following ways to decrypt data mutual in renewal process:
Obtain data to be decrypted;
Be some ciphertext block datas to set described Data Placement to be decrypted in units of byte length;
Adopt Key file corresponding to described any cryptographic algorithm application identities symbol to be decrypted each ciphertext block data respectively, obtain corresponding block of plaintext data;
The each block of plaintext data obtained is connected successively according to the stripe sequence of corresponding ciphertext block data, obtains final data decryption.
CN201210139449.7A 2012-05-07 2012-05-07 Method and device for compatible management of encryption algorithm Expired - Fee Related CN102710412B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210139449.7A CN102710412B (en) 2012-05-07 2012-05-07 Method and device for compatible management of encryption algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210139449.7A CN102710412B (en) 2012-05-07 2012-05-07 Method and device for compatible management of encryption algorithm

Publications (2)

Publication Number Publication Date
CN102710412A CN102710412A (en) 2012-10-03
CN102710412B true CN102710412B (en) 2015-07-01

Family

ID=46902984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210139449.7A Expired - Fee Related CN102710412B (en) 2012-05-07 2012-05-07 Method and device for compatible management of encryption algorithm

Country Status (1)

Country Link
CN (1) CN102710412B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780376B (en) * 2012-10-26 2017-06-23 中国银联股份有限公司 Method, terminal and safety barrier that cryptographic algorithm system self adaptation switches
CN103150771B (en) * 2013-02-01 2015-12-23 武汉市城市路桥收费管理中心 Track PSAM card and the using method thereof of charge is freely flowed for city road and bridge
CN103150770A (en) * 2013-02-01 2013-06-12 华中科技大学 On board unit embedded secure access module (ESAM) for free stream toll collection and use method thereof
CN103593592B (en) * 2013-11-08 2017-01-18 上海新储集成电路有限公司 User data encryption and decryption method
CN106559218A (en) * 2015-09-29 2017-04-05 中国电力科学研究院 A kind of safe acquisition method of intelligent substation continuous data
SG10201700811VA (en) * 2017-02-01 2018-09-27 Huawei Int Pte Ltd System and method for efficient and secure communications between devices
CN107994986A (en) * 2017-12-22 2018-05-04 记忆科技(深圳)有限公司 A kind of renewable TF card of Encryption Algorithm and method
CN111127015B (en) * 2019-12-25 2023-09-19 中国银联股份有限公司 Transaction data processing method and device, trusted application and electronic device
CN114329499A (en) * 2022-01-06 2022-04-12 新开普电子股份有限公司 A kind of application method of CPU smart card
CN114697094B (en) * 2022-03-21 2024-03-26 北京交大微联科技有限公司 Encryption method and encryption device compatible with multiple encryption algorithms and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system
CN1666544A (en) * 2002-07-01 2005-09-07 3柯姆公司 System and method for a universal wireless acces gateaway
CN101141250A (en) * 2007-10-10 2008-03-12 北京握奇数据系统有限公司 Instrument equipment, data safety access method, device and system
CN101599130A (en) * 2008-06-06 2009-12-09 索尼株式会社 Information processing device, information processing method, program, and communication system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system
CN1666544A (en) * 2002-07-01 2005-09-07 3柯姆公司 System and method for a universal wireless acces gateaway
CN101141250A (en) * 2007-10-10 2008-03-12 北京握奇数据系统有限公司 Instrument equipment, data safety access method, device and system
CN101599130A (en) * 2008-06-06 2009-12-09 索尼株式会社 Information processing device, information processing method, program, and communication system
CN102377566A (en) * 2010-08-11 2012-03-14 北京融通高科科技发展有限公司 Security processing device and system for electric meter data

Also Published As

Publication number Publication date
CN102710412A (en) 2012-10-03

Similar Documents

Publication Publication Date Title
CN102710412B (en) Method and device for compatible management of encryption algorithm
JP5005811B2 (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
US7882208B2 (en) Information management apparatus, information management method, and program for managing an integrated circuit
WO2020072551A1 (en) Contactless card emulation system and method
CN101729244B (en) Method and system for distributing key
CN112862481A (en) Block chain digital asset key management method and system based on SIM card
US11922428B2 (en) Security for contactless transactions
CN116418485A (en) Quantum key filling method, system and components based on quantum cryptography service platform
CA3239475A1 (en) Key recovery based on contactless card authentication
CN109246130A (en) Data ciphering method, device, computer equipment and storage medium
US20240289798A1 (en) Techniques to provide secure cryptographic authentication, verification, functionality access, and payments between contactless cards and communication devices
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN105376059A (en) Method and system for performing application signature based on electronic key
KR20250022062A (en) Technology for handling contactless card functionality in a multi-bank system environment
JP6845853B2 (en) Systems and methods for self-calculating token vaults
US20250308316A1 (en) Contactless card and personal identification system
KR20250068667A (en) Technology that provides secure cryptographic authentication of contactless cards by decentralized entities
CN101841806A (en) Service card information processing method, device and system and communication terminal
CN103023642B (en) A kind of mobile terminal and digital certificate functionality implementation method thereof
CN106960345B (en) Internet of things card and working method thereof
CN103905624A (en) Digital signature generation method and mobile phone terminal
CN101877835A (en) STK (SIM (Subscriber Identity Module) Tool Kit) business processing method and system as well as mobile terminal
US20260111880A1 (en) Methods and arrangements to communicate data
US20260121836A1 (en) Telephone uri processing with nfc and cryptographic one time password
US20260122061A1 (en) Digital service authentication using a contactless card

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd.

CP01 Change in the name or title of a patent holder
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150701

CF01 Termination of patent right due to non-payment of annual fee