[go: up one dir, main page]

CN101771680B - Method for writing data to smart card, system and remote writing-card terminal - Google Patents

Method for writing data to smart card, system and remote writing-card terminal Download PDF

Info

Publication number
CN101771680B
CN101771680B CN 200810247306 CN200810247306A CN101771680B CN 101771680 B CN101771680 B CN 101771680B CN 200810247306 CN200810247306 CN 200810247306 CN 200810247306 A CN200810247306 A CN 200810247306A CN 101771680 B CN101771680 B CN 101771680B
Authority
CN
China
Prior art keywords
card writing
card
component
remote
user data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN 200810247306
Other languages
Chinese (zh)
Other versions
CN101771680A (en
Inventor
彭华熹
柏洪涛
刘斐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN 200810247306 priority Critical patent/CN101771680B/en
Publication of CN101771680A publication Critical patent/CN101771680A/en
Application granted granted Critical
Publication of CN101771680B publication Critical patent/CN101771680B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及智能卡领域,尤其涉及安全地向智能卡远程写入数据的技术。本发明提供了一种向智能卡写入数据的方法、系统以及远程写卡终端,所述方法包括:写卡客户端对写卡组件进行运算得到所述写卡组件的特征值后,将特征值发送给远程写卡服务器;远程写卡服务器根据特征值对写卡组件进行验证;若验证通过,将所述写卡组件的用户数据通过写卡客户端发送给所述写卡组件后,写卡组件向智能卡写入用户数据。由于远程写卡服务器在将用户数据发送给写卡组件之前可以根据特征值验证写卡组件是否被篡改,从而避免写卡组件被篡改,提高向智能卡远程写入用户数据的安全性。

Figure 200810247306

The invention relates to the field of smart cards, in particular to a technology for safely and remotely writing data into smart cards. The present invention provides a method and system for writing data to a smart card, and a remote card writing terminal. The method includes: after the card writing client performs calculations on the card writing component to obtain the characteristic value of the card writing component, the characteristic value Send to the remote card writing server; the remote card writing server verifies the card writing component according to the characteristic value; if the verification is passed, after sending the user data of the card writing component to the card writing component through the card writing client, the card writing Component writes user data to the smart card. Because the remote card writing server can verify whether the card writing component has been tampered with according to the characteristic value before sending the user data to the card writing component, thereby preventing the card writing component from being tampered with and improving the security of remotely writing user data to the smart card.

Figure 200810247306

Description

一种向智能卡写入数据的方法、系统以及远程写卡终端A method, system and remote card writing terminal for writing data to smart card

技术领域 technical field

本发明涉及智能卡领域,尤其涉及安全地向智能卡远程写入数据的技术。  The invention relates to the field of smart cards, in particular to a technology for safely and remotely writing data into smart cards. the

背景技术 Background technique

智能卡是一种内置微处理器和存储单元的可编程卡片,由于智能卡具有较高的安全性,因此广泛应用到各个领域。在移动通信网络中,SIM卡也是一种智能卡存储有多种数据,包括卡商预先写入的卡原始数据以及移动运营商给用户写入的网络参数和数据(比如接入密钥Ki,IMSI号等)。  A smart card is a programmable card with a built-in microprocessor and a storage unit. Due to its high security, smart cards are widely used in various fields. In the mobile communication network, the SIM card is also a kind of smart card that stores a variety of data, including the card original data written in advance by the card manufacturer and the network parameters and data written by the mobile operator to the user (such as the access key Ki, IMSI number, etc.). the

一般来说,SIM卡的用户数据是由卡商写入,再发送给运营商销售。为便于运营商发展客户,降低运营商的卡库存量,可以采用在营业厅写空卡的方式,及远程写卡的方式向空卡写入用户数据。如图1所示,远程写卡系统可以通过营业厅的远程写卡终端进行智能卡(比如SIM卡)写入的业务,远程写卡终端从远程写卡服务器端获取用户数据(包括网络参数以及个人化数据等),通过写卡器完成写卡操作。由于空白卡是来自于多个卡商,而每个卡商的写卡指令差别较大,因此每个卡商需要在客户端提供相应的写卡组件用于写卡操作。  Generally speaking, the user data of the SIM card is written by the card manufacturer, and then sent to the operator for sale. In order to facilitate the operator to develop customers and reduce the operator's card inventory, it is possible to write blank cards in the business hall and write user data to blank cards remotely. As shown in Figure 1, the remote card writing system can write smart cards (such as SIM cards) through the remote card writing terminal in the business hall. The remote card writing terminal obtains user data (including network parameters and personal data) from the remote card writing server. data, etc.), complete the card writing operation through the card writer. Since blank cards come from multiple card vendors, and the card writing instructions of each card vendor are quite different, each card vendor needs to provide a corresponding card writing component on the client side for card writing operations. the

现有技术的写卡系统如图2所示,包括位于远程写卡终端的写卡组件和写卡客户端,以及远程写卡服务器和数据管理服务器,写卡流程包括如下步骤:  The prior art card writing system is shown in Figure 2, which includes a card writing component and a card writing client located at a remote card writing terminal, as well as a remote card writing server and a data management server. The card writing process includes the following steps:

S201、操作员将空白卡插入写卡器,写卡客户端读取并判断空白卡的卡商信息,写卡客户端判断本地是否存在对应卡商的写卡组件,若不存在则提交卡商信息给远程写卡服务器,请求下载对应卡商的写卡组件。  S201. The operator inserts a blank card into the card writer, the card writing client reads and judges the card vendor information of the blank card, and the card writing client judges whether there is a card writing component corresponding to the card vendor locally, and if not, submits it to the card vendor The information is sent to the remote card writing server, requesting to download the card writing component corresponding to the card manufacturer. the

S202、远程写卡服务器收到请求后将对应卡商的写卡组件下传给写卡客户端。  S202. After receiving the request, the remote card writing server downloads the corresponding card vendor's card writing component to the card writing client. the

S203、为保证写卡组件未被滥用,写卡组件需要对远程写卡服务器进行鉴权:  S203. In order to ensure that the card writing component is not abused, the card writing component needs to authenticate the remote card writing server:

S204、写卡组件生成随机数Rc通过写卡客户端发送给远程写卡服务器;  S204, the card writing component generates a random number Rc and sends it to the remote card writing server through the card writing client;

S205、远程写卡服务器利用鉴权密钥和上传的随机数Rc通过加密算法计算出鉴权结果并下传给写卡客户端;  S205. The remote card writing server uses the authentication key and the uploaded random number Rc to calculate the authentication result through an encryption algorithm and sends it to the card writing client;

S206、写卡客户端调用写卡组件的鉴权函数Authentication()计算认证码AuthCode;  S206. The card writing client calls the authentication function Authentication() of the card writing component to calculate the authentication code AuthCode;

S207、写卡客户端比较鉴权结果和AuthCode,如相同则鉴权通过,否则提示流程中止。  S207. The card writing client compares the authentication result with the AuthCode, and if they are the same, the authentication is passed; otherwise, the prompting process is terminated. the

S208、若鉴权通过,写卡客户端则向远程写卡服务器请求获取个人化数据(即用户数据),比如Ki(核心密钥,Key Identifier)、IMSI(国际移动用户识别码,International Mobile Subscriber Identity)、PIN(个人标识号,Personal Identification Number)、PIN2(第二层PIN码)、PUK1(PIN解锁码PIN Unlock Key)、PUK2(第二层PUK)等。  S208. If the authentication is passed, the card writing client requests the remote card writing server to obtain personalized data (ie user data), such as Ki (core key, Key Identifier), IMSI (International Mobile Subscriber Identity, International Mobile Subscriber) Identity), PIN (Personal Identification Number, Personal Identification Number), PIN2 (second layer PIN code), PUK1 (PIN unlock code PIN Unlock Key), PUK2 (second layer PUK), etc. the

S209、远程写卡服务器从数据管理系统获取个人化数据返回给写卡客户端。  S209. The remote card writing server obtains the personalized data from the data management system and returns it to the card writing client. the

S210、写卡客户端以个人化数据作为输入调用写卡组件的写卡函数,完成写卡操作。  S210. The card writing client calls the card writing function of the card writing component by using the personalized data as input to complete the card writing operation. the

由于写卡客户端不在特定的机房,处于不安全的环境,写卡组件有可能会被篡改,导致写卡错误,从而给写入智能卡的用户数据带来安全隐患。  Since the card writing client is not in a specific computer room and is in an unsafe environment, the card writing component may be tampered with, resulting in a card writing error, thereby bringing security risks to the user data written into the smart card. the

发明内容Contents of the invention

本发明实施例提供了一种向智能卡写入数据的方法和系统,避免写卡组件被篡改,提高向智能卡远程写入用户数据的安全性。  The embodiment of the present invention provides a method and system for writing data into a smart card, which prevents the card writing component from being tampered with and improves the security of remotely writing user data into the smart card. the

一种向智能卡写入用户数据的方法,包括:  A method of writing user data to a smart card, comprising:

写卡客户端对写卡组件的二进制代码进行哈希HASH运算,得到所述写卡组件的特征值后,将所述特征值发送给远程写卡服务器;  The card writing client performs hash HASH operation on the binary code of the card writing component, and after obtaining the feature value of the card writing component, sends the feature value to the remote card writing server;

远程写卡服务器根据获得的特征值对所述写卡组件进行验证;若验证通过,将所述写卡组件的用户数据发送给所述写卡客户端;  The remote card writing server verifies the card writing component according to the obtained characteristic value; if the verification is passed, the user data of the card writing component is sent to the card writing client;

所述写卡客户端将所述用户数据传递给所述写卡组件后,写卡组件向智能卡写入用户数据;  After the card writing client transfers the user data to the card writing component, the card writing component writes the user data to the smart card;

其中,所述远程写卡服务器将所述写卡组件的用户数据发送给所述写卡客户端之前,还包括:所述远程写卡服务器生成随机数Rs发送给所述写卡客户端,所述写卡客户端将所述随机数Rs传递给所述写卡组件后,写卡组件根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,所述写卡组件通过所述写卡客户端向所述远程写卡服务器返回所述第一加密运算结果,所述远程写卡服务器根据所述第一加密运算结果对写卡组件进行鉴权。  Wherein, before the remote card writing server sends the user data of the card writing component to the card writing client, it further includes: the remote card writing server generates a random number Rs and sends it to the card writing client, so After the card writing client passes the random number Rs to the card writing component, the card writing component performs encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and the card writing component passes the The card writing client returns the first encryption operation result to the remote card writing server, and the remote card writing server authenticates the card writing component according to the first encryption operation result. the

一种向智能卡写入用户数据的系统,包括:  A system for writing user data to a smart card, comprising:

远程写卡终端,其包括写卡客户端以及写卡组件,所述写卡客户端对所述写卡组件的二进制代码进行哈希HASH运算得到特征值后,将所述特征值进行发送;  A remote card writing terminal, which includes a card writing client and a card writing component. After the card writing client performs a hash HASH operation on the binary code of the card writing component to obtain a feature value, the feature value is sent;

远程写卡服务器,用于根据接收的所述特征值对所述写卡组件进行验证;若验证通过,将所述写卡组件的用户数据发送给所述写卡客户端;  The remote card writing server is used to verify the card writing component according to the received characteristic value; if the verification is passed, send the user data of the card writing component to the card writing client;

所述写卡客户端将所述用户数据传递给所述写卡组件后,写卡组件向智能卡写入用户数据;  After the card writing client transfers the user data to the card writing component, the card writing component writes the user data to the smart card;

所述远程写卡服务器还用于,将所述写卡组件的用户数据发送给所述写卡客户端之前,生成随机数Rs发送给所述写卡客户端;并根据返回的第一加密运算结果对所述写卡组件进行鉴权;  The remote card writing server is also used to generate a random number Rs and send it to the card writing client before sending the user data of the card writing component to the card writing client; and according to the returned first encryption operation As a result, the card writing component is authenticated;

所述写卡组件还用于,通过所述写卡客户端获得随机数Rs,根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,并通过所述写卡客户端返回所述第一加密运算结果。  The card writing component is also used to obtain the random number Rs through the card writing client, perform encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and return the result of the first encryption operation through the card writing client. Describe the result of the first encryption operation. the

一种远程写卡终端,包括:写卡客户端以及写卡组件;  A remote card writing terminal, including: a card writing client and a card writing component;

所述写卡客户端对所述写卡组件的二进制代码进行哈希HASH运算得到 特征值后,将所述特征值发送给远程写卡服务器;并将所述远程写卡服务器返回的所述写卡组件的用户数据传递给所述写卡组件;  After the card writing client performs hash HASH operation on the binary code of the card writing component to obtain the feature value, the feature value is sent to the remote card writing server; and the written card returned by the remote card writing server The user data of the card component is passed to the described card writing component;

所述写卡组件向智能卡写入所述用户数据;  The card writing component writes the user data to the smart card;

附图说明Description of drawings

所述写卡组件还用于通过所述写卡客户端获得所述远程写卡服务器生成的随机数Rs,根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,并通过所述写卡客户端返回所述第一加密运算结果;所述远程写卡服务器根据该第一加密运算结果对所述写卡组件进行鉴权。  The card writing component is also used to obtain the random number Rs generated by the remote card writing server through the card writing client, perform encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and pass the The card writing client returns the first encryption operation result; the remote card writing server authenticates the card writing component according to the first encryption operation result. the

本发明实施例由于在客户端对写卡组件计算特征值,并发送给远程写卡服务器,使得远程写卡服务器在将用户数据发送给写卡组件之前可以根据特征值验证写卡组件是否被篡改;如果验证通过,远程写卡服务器再将用户数据发送给写卡组件,从而避免写卡组件被篡改,提高向智能卡远程写入用户数据的安全性。  In the embodiment of the present invention, since the characteristic value is calculated for the card writing component on the client side and sent to the remote card writing server, the remote card writing server can verify whether the card writing component has been tampered with according to the characteristic value before sending the user data to the card writing component ; If the verification is passed, the remote card writing server sends the user data to the card writing component, thereby preventing the card writing component from being tampered with and improving the security of remotely writing user data to the smart card. the

由于远程写卡服务器在将用户数据发送给写卡组件之前还对写卡组件进行鉴权,从而进一步保证了写卡组件的合法性,提高向智能卡远程写入用户数据的安全性。  Because the remote card writing server also authenticates the card writing component before sending the user data to the card writing component, thereby further ensuring the legitimacy of the card writing component and improving the security of remotely writing user data to the smart card. the

由于在远程写卡服务器与写卡组件之间传输的用户数据被全程加密,即使写卡客户端也无法获知明文的用户数据,从而更进一步保证了远程写入用户数据的安全性。  Since the user data transmitted between the remote card writing server and the card writing component is fully encrypted, even the card writing client cannot obtain the plaintext user data, thereby further ensuring the security of remotely writing user data. the

图1为现有技术的远程写卡系统的示意图;  Fig. 1 is the schematic diagram of the remote card writing system of prior art;

具体实施方式Detailed ways

图2为现有技术的远程写卡系统的框图;  Fig. 2 is the block diagram of the remote card writing system of prior art;

图3为本发明实施例一的向智能卡写入用户数据的方法流程图;  Fig. 3 is the flow chart of the method for writing user data to the smart card in Embodiment 1 of the present invention;

图4为现有技术的远程写卡系统中外壳程序截获用户数据示意图;  Fig. 4 is the schematic diagram of user data intercepted by the shell program in the remote card writing system of the prior art;

图5为本发明实施例二的向智能卡写入用户数据的方法流程图。  FIG. 5 is a flowchart of a method for writing user data into a smart card according to Embodiment 2 of the present invention. the

本发明实施例提供的远程写卡服务器可以提供对写卡组件进行验证,从而在向远程写卡终端发送用户数据之前,可以确保写卡组件没有被篡改。此外,本发明实施例还提供了对用户数据全程加密的方案,从而更进一步提高用户数据写入到智能卡的安全性。  The remote card writing server provided by the embodiment of the present invention can verify the card writing component, so as to ensure that the card writing component has not been tampered with before sending user data to the remote card writing terminal. In addition, the embodiment of the present invention also provides a scheme for encrypting user data throughout, thereby further improving the security of writing user data into the smart card. the

本发明提供了两个具体的实施例;其中,实施例一为远程写卡服务器对写卡组件进行鉴权、验证后远程写卡的具体方案;实施例二为写卡组件对远程写卡服务器鉴权,以及远程写卡服务器对写卡组件进行鉴权后远程写卡的具体方案。  The present invention provides two specific embodiments; wherein, embodiment one is a specific scheme in which the remote card writing server authenticates and authenticates the card writing component; Authentication, and the specific scheme of remote card writing after the remote card writing server authenticates the card writing component. the

实施例一  Embodiment one

本发明实施例一提供的远程写卡服务器对写卡组件进行鉴权、进行写卡的方法流程图,如图3所示,包括如下步骤:  Embodiment 1 of the present invention provides a flow chart of the method for authenticating the card writing component and writing the card by the remote card writing server, as shown in Figure 3, including the following steps:

S301、写卡客户端向远程写卡服务器发送鉴权请求。  S301. The card writing client sends an authentication request to a remote card writing server. the

远程写卡服务器根据鉴权请求对写卡组件进行鉴权:  The remote card writing server authenticates the card writing component according to the authentication request:

S302、远程写卡服务器生成随机数Rs,并通过写卡客户端传给写卡组件。  S302. The remote card writing server generates a random number Rs, and transmits the random number Rs to the card writing component through the card writing client. the

S303、写卡组件利用该随机数Rs及鉴权密钥通过加密算法获得该数据的认证码AuthCode(即加密运算结果),反馈给写卡客户端。  S303. The card writing component uses the random number Rs and the authentication key to obtain the authentication code AuthCode (that is, the result of the encryption operation) of the data through an encryption algorithm, and feeds it back to the card writing client. the

S304、写卡客户端计算所调用的写卡组件的特征值,将特征值与AuthCode一起发送给远程写卡服务器。  S304. The card writing client calculates the feature value of the called card writing component, and sends the feature value together with the AuthCode to the remote card writing server. the

例如写卡客户端可以利用HASH(哈希)算法计算特征值。下面以HASH算法计算的特征值——hash值为例进行说明。写卡客户端对写卡组件进行HASH算法运算(即对写卡组件的二进制代码进行运算),如果写卡组件被人修改过,则其二进制代码也会发生相应的改变,从而计算出的特征值——hash值也就会发生改变。因此,远程写卡服务器可以通过验证hash值来确保写卡组件没有被篡改。  For example, the card writing client can use the HASH (hash) algorithm to calculate the feature value. The following takes the characteristic value calculated by the HASH algorithm——hash value as an example to illustrate. The card writing client performs the HASH algorithm operation on the card writing component (that is, operates on the binary code of the card writing component). Value - the hash value will also change. Therefore, the remote card writing server can ensure that the card writing component has not been tampered with by verifying the hash value. the

S305、远程写卡服务器利用鉴权密钥和保存的下发随机数Rs计算出结果, 与写卡客户端上传的AuthCode进行比较;如相同,则鉴权通过,否则提示流程中止。  S305. The remote card writing server uses the authentication key and the saved random number Rs to calculate the result, and compares it with the AuthCode uploaded by the card writing client; if they are the same, the authentication is passed, otherwise the prompt process is terminated. the

在远程写卡服务器以及写卡组件中都保存有对应于该写卡组件的鉴权密钥。要实现远程写卡服务器对写卡组件的鉴权,并非上述一种方法;本领域技术人员可以根据本发明实施例公开的技术内容采用一些其它具体的鉴权方法来实现远程写卡服务器对写卡组件的鉴权,此处不再对各种鉴权方法一一列举。  Both the remote card writing server and the card writing component store the authentication key corresponding to the card writing component. To realize the authentication of the remote card writing server to the card writing component, it is not the above-mentioned method; those skilled in the art can use some other specific authentication methods according to the technical content disclosed in the embodiment of the present invention to realize the remote card writing server. For the authentication of the card component, various authentication methods will not be listed here. the

S306、远程写卡服务器比较写卡组件的hash值,验证写卡组件没有被篡改,否则提示流程中止。  S306. The remote card writing server compares the hash value of the card writing component, and verifies that the card writing component has not been tampered with, otherwise the prompting process is terminated. the

远程写卡服务器根据保存的写卡组件的hash值与写卡客户端发送的hash值进行比较,如果相同,表明写卡组件没有被篡改,验证通过。  The remote card writing server compares the saved hash value of the card writing component with the hash value sent by the card writing client. If they are the same, it indicates that the card writing component has not been tampered with and the verification is passed. the

这里需要指出的是,写卡客户端对写卡组件的特征值的运算以及将该特征值发送给远程写卡服务器、远程写卡服务器根据该特征值对写卡组件进行验证的过程并不依赖于远程写卡服务器对写卡组件的鉴权过程;也就是说,写卡客户端计算写卡组件的特征值、远程写卡服务器根据该特征值对写卡组件进行验证的步骤可以独立于远程写卡服务器对写卡组件鉴权的步骤。  It should be pointed out here that the operation of the card writing client on the feature value of the card writing component and sending the feature value to the remote card writing server, and the process of the remote card writing server verifying the card writing component based on the feature value does not depend on The remote card writing server authenticates the card writing component; that is, the card writing client calculates the characteristic value of the card writing component, and the remote card writing server verifies the card writing component according to the characteristic value, which can be independent of the remote A step in which the card writing server authenticates the card writing component. the

由于远程写卡服务器在根据写卡客户端发送写卡组件的特征值进行验证的过程中,即可以确定写卡组件是否被篡改或者替换,因此,远程写卡服务器即使没有对写卡组件进行鉴权,也可以避免写卡组件被篡改,提高向智能卡远程写入用户数据的安全性。当然,为了进一步提高向智能卡远程写入用户数据的安全性,还可以增加如上所述的远程写卡服务器对写卡组件鉴权的步骤。  Since the remote card writing server can determine whether the card writing component has been tampered with or replaced in the process of verifying the characteristic value of the card writing component sent by the card writing client, even if the remote card writing server does not authenticate the card writing component It can also prevent the card writing component from being tampered with, and improve the security of remotely writing user data to the smart card. Of course, in order to further improve the security of remotely writing user data to the smart card, the above-mentioned step of authenticating the card writing component by the remote card writing server can also be added. the

在远程写卡服务器对写卡组件鉴权、验证成功后,进行写卡操作,为了进一步保证用户数据的传输安全,可以对用户数据进行全程加密,此处以加密用户数据中的Ki值为例讲述具体方案(对于其它用户数据的全程加密方法本领域技术人员可以根据本发明实施例公开的技术内容轻而易举获得):  After the remote card writing server authenticates and verifies the card writing component successfully, the card writing operation is performed. In order to further ensure the security of user data transmission, the user data can be encrypted throughout the entire process. Here, the Ki value in the encrypted user data is used as an example to describe Specific solutions (those skilled in the art can easily obtain the whole-process encryption method for other user data according to the technical content disclosed in the embodiment of the present invention):

S307、远程写卡服务器从数据管理系统获取相应的用户数据。  S307. The remote card writing server acquires corresponding user data from the data management system. the

S308、远程写卡服务器根据随机数Rs以及鉴权密钥,计算加密密钥skey=hash(Rs,鉴权密钥),其中hash是安全的hash算法,如SHA(安全哈希算法,Secure Hash Algorithm)算法等。本领域技术人员也可以采用其它算法计算加密密钥skey。  S308, the remote card writing server calculates the encryption key skey=hash (Rs, authentication key) according to the random number Rs and the authentication key, where hash is a safe hash algorithm, such as SHA (Secure Hash Algorithm, Secure Hash Algorithm) algorithm, etc. Those skilled in the art may also use other algorithms to calculate the encryption key skey. the

S309、使用skey加密Ki得到EKi,将EKi和其它用户数据一同发送给写卡客户端。  S309. Use the skey to encrypt Ki to obtain EKi, and send EKi and other user data to the card writing client. the

S310、写卡客户端接收到用户数据后,将EKi和其它用户数据作为输入参数,调用写卡组件的写卡函数,即写卡客户端通过写卡函数的接口将EKi和其它用户数据传递给写卡组件。  S310. After receiving the user data, the card writing client uses EKi and other user data as input parameters to call the card writing function of the card writing component, that is, the card writing client passes EKi and other user data to the Write card components. the

S311、写卡组件计算加密密钥skey=hash(Rs,鉴权密钥),其中hash是安全的hash算法(如SHA1等),使用skey解密EKi得到Ki,完成写卡操作。  S311. The card writing component calculates the encryption key skey=hash(Rs, authentication key), where hash is a secure hash algorithm (such as SHA1, etc.), uses the skey to decrypt EKi to obtain Ki, and completes the card writing operation. the

本领域技术人员可以理解,虽然上述说明中,为便于理解,对方法的步骤采用了顺序性描述,但是应当指出,对于上述步骤的顺序并不作严格限制。  Those skilled in the art can understand that although in the above description, the steps of the method are described sequentially for ease of understanding, it should be noted that the sequence of the steps is not strictly limited. the

在现有技术中,即使远程写卡服务器与远程写卡终端之间采有SSL加密传输,然而当用户数据到达远程写卡终端后即被解密;当写卡客户端向写卡组件传送用户数据时是以明文形式传输的。如果写卡组件外被人非法安装了一个外壳程序,则用户数据可以被该外壳程序截获(如图4所示),从而对用户数据进行复制。而采用了本发明实施例步骤S308-S311的方法,由于写卡客户端接收到的用户数据也是加密的,解密是在写卡组件中完成的,因此,防止了外壳程序截获、复制用户数据,更进一步提高了远程写入用户数据的安全性。  In the prior art, even if there is SSL encrypted transmission between the remote card writing server and the remote card writing terminal, the user data will be decrypted after reaching the remote card writing terminal; when the card writing client sends the user data to the card writing component are transmitted in clear text. If a shell program is illegally installed outside the card writing component, the user data can be intercepted by the shell program (as shown in FIG. 4 ), thereby copying the user data. And adopt the method of step S308-S311 of the embodiment of the present invention, because the user data that writes the card client end to receive is also encrypted, and decryption is finished in the writes the card assembly, therefore, has prevented shell program from intercepting, duplicating user data, It further improves the security of remote writing user data. the

本发明实施例由于在客户端对写卡组件计算特征值(比如hash值),并发送给远程写卡服务器,使得远程写卡服务器在将用户数据发送给写卡组件之前可以根据hash值验证写卡组件是否被篡改;如果验证通过,远程写卡服务器再将用户数据发送给写卡组件,从而避免写卡组件被篡改,提高向智能卡 远程写入用户数据的安全性。  In the embodiment of the present invention, since the characteristic value (such as a hash value) is calculated on the client side for the card writing component and sent to the remote card writing server, the remote card writing server can verify the written value according to the hash value before sending the user data to the card writing component. Whether the card component has been tampered with; if the verification is passed, the remote card writing server will send the user data to the card writing component, thereby preventing the card writing component from being tampered with and improving the security of remotely writing user data to the smart card. the

由于远程写卡服务器在将用户数据发送给写卡组件之前还对写卡组件进行鉴权,从而进一步保证了写卡组件的合法性,提高向智能卡远程写入用户数据的安全性。  Because the remote card writing server also authenticates the card writing component before sending the user data to the card writing component, thereby further ensuring the legitimacy of the card writing component and improving the security of remotely writing user data to the smart card. the

由于在远程写卡服务器与写卡组件之间传输的用户数据被skey全程加密,即使写卡客户端也无法获知明文的用户数据,从而更进一步保证了远程写入用户数据的安全性。  Since the user data transmitted between the remote card writing server and the card writing component is fully encrypted by skey, even the card writing client cannot know the user data in clear text, thus further ensuring the security of remotely writing user data. the

实施例二  Example two

在远程写卡服务器对写卡组件进行鉴权之前,写卡组件可以先对远程写卡服务器进行鉴权。鉴权以及写卡过程的流程图如图5所示,包括如下步骤:  Before the remote card writing server authenticates the card writing component, the card writing component may first authenticate the remote card writing server. The flowchart of authentication and card writing process is shown in Figure 5, including the following steps:

S501、写卡组件对远程写卡服务器鉴权:写卡组件生成随机数Rc通过写卡客户端发送给远程写卡服务器。  S501. The card writing component authenticates the remote card writing server: the card writing component generates a random number Rc and sends it to the remote card writing server through the card writing client. the

S502、远程写卡服务器利用鉴权密钥和上传的随机数Rc通过加密算法计算出鉴权加密结果并下传给写卡客户端。  S502. The remote card writing server uses the authentication key and the uploaded random number Rc to calculate an authentication and encryption result through an encryption algorithm and sends it down to the card writing client. the

S503、写卡组件利用鉴权密钥和随机数Rc计算认证码AuthCode'(即加密运行结果)。  S503. The card writing component uses the authentication key and the random number Rc to calculate the authentication code AuthCode' (that is, the encrypted operation result). the

S504、写卡客户端比较鉴权加密结果和AuthCode',如相同则鉴权通过,否则提示流程中止。  S504. The card writing client compares the authentication and encryption result with the AuthCode', and if they are the same, the authentication is passed; otherwise, the prompting process is terminated. the

S505、写卡客户端在写卡组件对远程写卡服务器鉴权通过后,向远程写卡服务器发送鉴权请求。  S505. After the card writing component authenticates the remote card writing server, the card writing client sends an authentication request to the remote card writing server. the

S506、远程写卡服务器生成随机数Rs,并通过写卡客户端传给写卡组件。  S506. The remote card writing server generates a random number Rs, and transmits the random number Rs to the card writing component through the card writing client. the

S507、写卡组件利用该随机数Rs及鉴权密钥通过加密算法获得该数据的认证码AuthCode(即加密运行结果),反馈给写卡客户端。  S507. The card writing component uses the random number Rs and the authentication key to obtain the authentication code AuthCode (that is, the encryption operation result) of the data through an encryption algorithm, and feeds it back to the card writing client. the

S508、写卡客户端计算所调用的写卡组件的特征值(比如hash值),将hash值与AuthCode一起发送给远程写卡服务器。  S508. The card writing client calculates a characteristic value (such as a hash value) of the called card writing component, and sends the hash value together with the AuthCode to the remote card writing server. the

S509、远程写卡服务器利用鉴权密钥和保存的下发随机数Rs计算出结果, 与写卡客户端上传的AuthCode进行比较,如相同则鉴权通过,否则提示流程中止。  S509. The remote card writing server uses the authentication key and the saved random number Rs to calculate the result, and compares it with the AuthCode uploaded by the card writing client. If they are the same, the authentication is passed, otherwise the prompt process is terminated. the

上述的鉴权密钥与鉴权密钥可以是相同的密钥,也可以是对称密钥。  The aforementioned authentication key and the authentication key may be the same key, or may be a symmetric key. the

S510、远程写卡服务器比较写卡组件的hash值,验证写卡组件没有被篡改,否则提示流程中止。  S510. The remote card writing server compares the hash value of the card writing component, and verifies that the card writing component has not been tampered with, otherwise the prompting process is terminated. the

写卡组件鉴权、验证成功后,进行写卡操作,为了进一步保证用户数据的传输安全,可以对用户数据进行全程加密,此处以加密用户数据中的Ki值为例讲述具体方案(对于其它用户数据的全程加密方法本领域技术人员可以根据本发明实施例公开的技术内容轻而易举获得):  After the authentication and verification of the card writing component is successful, the card writing operation is performed. In order to further ensure the transmission security of user data, the user data can be encrypted in the whole process. Here, the Ki value in the encrypted user data is used as an example to describe the specific solution (for other users A person skilled in the art can easily obtain the whole process encryption method of data according to the technical content disclosed in the embodiment of the present invention):

S511、远程写卡服务器从数据管理系统获取相应的用户数据。  S511. The remote card writing server acquires corresponding user data from the data management system. the

S512、远程写卡服务器根据随机数Rs、Rc以及鉴权密钥计算加密密钥skey=hash(Rs,Rc,鉴权密钥)。  S512. The remote card writing server calculates an encryption key skey=hash(Rs, Rc, authentication key) according to the random numbers Rs, Rc and the authentication key. the

S513、使用skey加密Ki得到EKi,将EKi和其它用户数据一同发送给写卡客户端。  S513. Use the skey to encrypt Ki to obtain EKi, and send EKi and other user data to the card writing client. the

S514、写卡客户端接收到用户数据后,将EKi和个人化数据作为输入参数,调用写卡组件的写卡函数。  S514. After receiving the user data, the card writing client uses the EKi and the personalization data as input parameters, and calls the card writing function of the card writing component. the

S515、写卡组件计算加密密钥skey=hash(Rs,鉴权密钥),其中hash是安全的hash算法(如SHA等),使用skey解密EKi得到Ki,完成写卡操作。  S515. The card writing component calculates the encryption key skey=hash(Rs, authentication key), where hash is a secure hash algorithm (such as SHA, etc.), uses the skey to decrypt EKi to obtain Ki, and completes the card writing operation. the

本发明实施例由于在客户端对写卡组件计算特征值(比如hash值),并发送给远程写卡服务器,使得远程写卡服务器在将用户数据发送给写卡组件之前可以根据hash值验证写卡组件是否被篡改;如果验证通过,远程写卡服务器再将用户数据发送给写卡组件,从而避免写卡组件被篡改,提高向智能卡远程写入用户数据的安全性。  In the embodiment of the present invention, since the characteristic value (such as a hash value) is calculated on the client side for the card writing component and sent to the remote card writing server, the remote card writing server can verify the written value according to the hash value before sending the user data to the card writing component. Whether the card component has been tampered with; if the verification is passed, the remote card writing server will send the user data to the card writing component, thereby preventing the card writing component from being tampered with and improving the security of remotely writing user data to the smart card. the

由于远程写卡服务器在将用户数据发送给写卡组件之前还对写卡组件进行鉴权,从而进一步保证了写卡组件的合法性,提高向智能卡远程写入用户数据的安全性。  Because the remote card writing server also authenticates the card writing component before sending the user data to the card writing component, thereby further ensuring the legitimacy of the card writing component and improving the security of remotely writing user data to the smart card. the

由于在远程写卡服务器与写卡组件之间传输的用户数据被skey全程加密,即使写卡客户端也无法获知明文的用户数据,从而更进一步保证了远程写入用户数据的安全性。  Since the user data transmitted between the remote card writing server and the card writing component is fully encrypted by skey, even the card writing client cannot know the user data in clear text, thus further ensuring the security of remotely writing user data. the

本领域技术人员可以理解,虽然上述说明中,为便于理解,对方法的步骤采用了顺序性描述,但是应当指出,对于上述步骤的顺序并不作严格限制。  Those skilled in the art can understand that although in the above description, the steps of the method are described sequentially for ease of understanding, it should be noted that the sequence of the steps is not strictly limited. the

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读取存储介质中,如:ROM/RAM、磁碟、光盘等。  Those of ordinary skill in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium, such as: ROM/RAM, Diskettes, CDs, etc. the

还可以理解的是,附图或实施例中所示的装置结构仅仅是示意性的,表示逻辑结构。其中作为分离部件显示的模块可能是或者可能不是物理上分开的,作为模块显示的部件可能是或者可能不是物理模块。  It can also be understood that the device structures shown in the drawings or embodiments are only schematic and represent logical structures. Where modules shown as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules. the

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。  The above is only a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications should also be It is regarded as the protection scope of the present invention. the

Claims (14)

1.一种向智能卡写入用户数据的方法,其特征在于,包括:1. A method for writing user data to a smart card, characterized in that, comprising: 写卡客户端对写卡组件的二进制代码进行哈希HASH运算,得到所述写卡组件的特征值后,将所述特征值发送给远程写卡服务器;The card writing client performs hash HASH operation on the binary code of the card writing component, and after obtaining the feature value of the card writing component, sends the feature value to the remote card writing server; 远程写卡服务器根据获得的特征值对所述写卡组件进行验证;若验证通过,将所述写卡组件的用户数据发送给所述写卡客户端;The remote card writing server verifies the card writing component according to the obtained feature value; if the verification is passed, the user data of the card writing component is sent to the card writing client; 所述写卡客户端将所述用户数据传递给所述写卡组件后,写卡组件向智能卡写入用户数据;After the card writing client transmits the user data to the card writing component, the card writing component writes the user data to the smart card; 其中,所述远程写卡服务器将所述写卡组件的用户数据发送给所述写卡客户端之前,还包括:所述远程写卡服务器生成随机数Rs发送给所述写卡客户端,所述写卡客户端将所述随机数Rs传递给所述写卡组件后,写卡组件根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,所述写卡组件通过所述写卡客户端向所述远程写卡服务器返回所述第一加密运算结果,所述远程写卡服务器根据所述第一加密运算结果对写卡组件进行鉴权。Wherein, before the remote card writing server sends the user data of the card writing component to the card writing client, it further includes: the remote card writing server generates a random number Rs and sends it to the card writing client, so After the card writing client passes the random number Rs to the card writing component, the card writing component performs encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and the card writing component passes the The card writing client returns the first encryption operation result to the remote card writing server, and the remote card writing server authenticates the card writing component according to the first encryption operation result. 2.如权利要求1所述的方法,其特征在于,在所述远程写卡服务器将所述写卡组件的用户数据发送给所述写卡客户端之前,还包括:2. The method according to claim 1, further comprising: before the remote card writing server sends the user data of the card writing component to the card writing client: 所述远程写卡服务器根据所述随机数Rs以及鉴权密钥生成密钥skey,并使用所述skey对所述用户数据进行加密;以及The remote card writing server generates a key skey according to the random number Rs and an authentication key, and uses the skey to encrypt the user data; and 所述写卡组件向智能卡写入用户数据之前,还包括:Before the described card writing component writes user data to the smart card, it also includes: 所述写卡组件根据所述随机数Rs以及鉴权密钥生成所述skey,使用所述skey对接收的用户数据进行解密。The card writing component generates the skey according to the random number Rs and the authentication key, and uses the skey to decrypt the received user data. 3.如权利要求1所述的方法,其特征在于,在所述远程写卡服务器对所述写卡组件进行鉴权之前,还包括:3. The method according to claim 1, wherein, before the remote card writing server authenticates the card writing component, further comprising: 所述写卡组件对所述远程写卡服务器进行鉴权。The card writing component authenticates the remote card writing server. 4.如权利要求3所述的方法,其特征在于,所述写卡组件对所述远程写卡服务器进行鉴权,具体包括:4. The method according to claim 3, wherein the card writing component authenticates the remote card writing server, specifically comprising: 所述写卡组件生成随机数Rc通过所述写卡客户端发送给所述远程写卡服务器;The card writing component generates a random number Rc and sends it to the remote card writing server through the card writing client; 所述远程写卡服务器根据随机数Rc以及鉴权密钥进行加密计算得到第二加密运算结果,通过所述写卡客户端返回所述第二加密运算结果;The remote card writing server performs encryption and calculation according to the random number Rc and the authentication key to obtain a second encryption operation result, and returns the second encryption operation result through the card writing client; 所述写卡组件根据所述第二加密运算结果对远程写卡服务器进行鉴权。The card writing component authenticates the remote card writing server according to the second encryption operation result. 5.如权利要求4所述的方法,其特征在于,在所述远程写卡服务器将所述写卡组件的用户数据发送给所述写卡客户端之前,还包括:5. The method according to claim 4, further comprising: before the remote card writing server sends the user data of the card writing component to the card writing client: 所述远程写卡服务器根据所述随机数Rs、随机数Rc以及鉴权密钥生成密钥skey,并使用所述skey对所述用户数据进行加密;以及The remote card writing server generates a key skey according to the random number Rs, the random number Rc and the authentication key, and uses the skey to encrypt the user data; and 所述写卡组件向智能卡写入用户数据之前,还包括:Before the described card writing component writes user data to the smart card, it also includes: 所述写卡组件根据所述随机数Rs、随机数Rc以及鉴权密钥生成所述skey,使用所述skey对用户数据进行解密。The card writing component generates the skey according to the random number Rs, the random number Rc and the authentication key, and uses the skey to decrypt user data. 6.一种向智能卡写入用户数据的系统,其特征在于,包括:6. A system for writing user data to a smart card, characterized in that it comprises: 远程写卡终端,其包括写卡客户端以及写卡组件,所述写卡客户端对所述写卡组件的二进制代码进行哈希HASH运算得到特征值后,将所述特征值进行发送;A remote card writing terminal, which includes a card writing client and a card writing component. After the card writing client performs a hash HASH operation on the binary code of the card writing component to obtain a feature value, the feature value is sent; 远程写卡服务器,用于根据接收的所述特征值对所述写卡组件进行验证;若验证通过,将所述写卡组件的用户数据发送给所述写卡客户端;The remote card writing server is configured to verify the card writing component according to the received characteristic value; if the verification is passed, send the user data of the card writing component to the card writing client; 所述写卡客户端将所述用户数据传递给所述写卡组件后,写卡组件向智能卡写入用户数据;After the card writing client transmits the user data to the card writing component, the card writing component writes the user data to the smart card; 所述远程写卡服务器还用于,将所述写卡组件的用户数据发送给所述写卡客户端之前,生成随机数Rs发送给所述写卡客户端;并根据返回的第一加密运算结果对所述写卡组件进行鉴权;The remote card writing server is also used to generate a random number Rs and send it to the card writing client before sending the user data of the card writing component to the card writing client; and according to the returned first encryption operation As a result, the card writing component is authenticated; 所述写卡组件还用于,通过所述写卡客户端获得随机数Rs,根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,并通过所述写卡客户端返回所述第一加密运算结果。The card writing component is also used to obtain the random number Rs through the card writing client, perform encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and return the result of the first encryption operation through the card writing client. Describe the result of the first encryption operation. 7.如权利要求6所述的系统,其特征在于,7. The system of claim 6, wherein: 所述远程写卡服务器还用于在将所述用户数据发送给所述写卡客户端之前,根据所述随机数Rs以及鉴权密钥生成密钥skey,并使用所述skey对所述用户数据进行加密;以及The remote card writing server is also used to generate a key skey according to the random number Rs and an authentication key before sending the user data to the card writing client, and use the skey to authenticate the user Data is encrypted; and 所述写卡组件还用于根据所述随机数Rs以及鉴权密钥生成所述skey,使用所述skey对接收的用户数据进行解密。The card writing component is also used to generate the skey according to the random number Rs and the authentication key, and use the skey to decrypt the received user data. 8.如权利要求6所述的系统,其特征在于,所述写卡组件还用于对所述远程写卡服务器进行鉴权。8. The system according to claim 6, wherein the card writing component is also used for authenticating the remote card writing server. 9.如权利要求8所述的系统,其特征在于,9. The system of claim 8, wherein: 所述写卡组件具体用于生成随机数Rc通过所述写卡客户端发送给所述远程写卡服务器;并根据所述远程写卡服务器返回的第二加密运算结果对所述远程写卡服务器进行鉴权;The card writing component is specifically used to generate a random number Rc and send it to the remote card writing server through the writing card client; perform authentication; 所述远程写卡服务器根据随机数Rc以及鉴权密钥进行加密计算得到所述第二加密运算结果,通过所述写卡客户端返回所述第二加密运算结果。The remote card writing server performs encrypted calculation according to the random number Rc and the authentication key to obtain the second encryption operation result, and returns the second encryption operation result through the card writing client. 10.如权利要求9所述的系统,其特征在于,10. The system of claim 9, wherein: 所述远程写卡服务器还用于在将所述用户数据发送给所述写卡客户端之前,根据所述随机数Rs、随机数Rc以及鉴权密钥生成密钥skey,并使用所述skey对所述用户数据进行加密;以及The remote card writing server is also used to generate a key skey according to the random number Rs, the random number Rc and the authentication key before sending the user data to the card writing client, and use the skey encrypt said user data; and 所述写卡组件还用于根据所述随机数Rs、随机数Rc以及鉴权密钥生成所述skey,使用所述skey对接收的用户数据进行解密。The card writing component is further configured to generate the skey according to the random number Rs, the random number Rc and the authentication key, and use the skey to decrypt the received user data. 11.一种远程写卡终端,其特征在于,包括:写卡客户端以及写卡组件;11. A remote card writing terminal, characterized in that it comprises: a card writing client and a card writing component; 所述写卡客户端对所述写卡组件的二进制代码进行哈希HASH运算得到特征值后,将所述特征值发送给远程写卡服务器;并将所述远程写卡服务器返回的所述写卡组件的用户数据传递给所述写卡组件;After the card writing client performs a hash HASH operation on the binary code of the card writing component to obtain a feature value, the feature value is sent to a remote card writing server; and the written card returned by the remote card writing server The user data of the card component is passed to the described card writing component; 所述写卡组件向智能卡写入所述用户数据;The card writing component writes the user data into the smart card; 所述写卡组件还用于通过所述写卡客户端获得所述远程写卡服务器生成的随机数Rs,根据随机数Rs以及鉴权密钥进行加密计算得到第一加密运算结果,并通过所述写卡客户端返回所述第一加密运算结果;所述远程写卡服务器根据该第一加密运算结果对所述写卡组件进行鉴权。The card writing component is also used to obtain the random number Rs generated by the remote card writing server through the card writing client, perform encryption calculation according to the random number Rs and the authentication key to obtain the first encryption operation result, and pass the The card writing client returns the first encryption operation result; the remote card writing server authenticates the card writing component according to the first encryption operation result. 12.如权利要求11所述的终端,其特征在于,12. The terminal according to claim 11, characterized in that, 所述写卡组件还用于根据所述随机数Rs以及所述鉴权密钥生成密钥skey,使用所述skey对接收的用户数据进行解密;所述写卡组件接收的用户数据被所述远程写卡服务器根据所述随机数Rs以及所述鉴权密钥生成的所述skey加密。The card writing component is also used to generate a key skey according to the random number Rs and the authentication key, and use the skey to decrypt the received user data; the user data received by the card writing component is obtained by the The remote card writing server encrypts the skey generated according to the random number Rs and the authentication key. 13.如权利要求11所述的终端,其特征在于,13. The terminal according to claim 11, characterized in that, 所述写卡组件还用于生成随机数Rc通过所述写卡客户端发送给所述远程写卡服务器;并根据所述远程写卡服务器返回的第二加密运算结果对所述远程写卡服务器进行鉴权。The card writing component is also used to generate a random number Rc and send it to the remote card writing server through the writing card client; Authenticate. 14.如权利要求13所述的终端,其特征在于,14. The terminal according to claim 13, characterized in that, 所述写卡组件还用于根据所述随机数Rs、随机数Rc以及所述鉴权密钥生成密钥skey,使用所述skey对接收的用户数据进行解密;所述写卡组件接收的用户数据被所述远程写卡服务器根据所述随机数Rs、随机数Rc以及所述鉴权密钥生成的所述skey加密。The card writing component is also used to generate a key skey according to the random number Rs, the random number Rc and the authentication key, and use the skey to decrypt the received user data; the user received by the card writing component The data is encrypted by the skey generated by the remote card writing server according to the random number Rs, the random number Rc and the authentication key.
CN 200810247306 2008-12-29 2008-12-29 Method for writing data to smart card, system and remote writing-card terminal Active CN101771680B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810247306 CN101771680B (en) 2008-12-29 2008-12-29 Method for writing data to smart card, system and remote writing-card terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810247306 CN101771680B (en) 2008-12-29 2008-12-29 Method for writing data to smart card, system and remote writing-card terminal

Publications (2)

Publication Number Publication Date
CN101771680A CN101771680A (en) 2010-07-07
CN101771680B true CN101771680B (en) 2013-03-13

Family

ID=42504274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810247306 Active CN101771680B (en) 2008-12-29 2008-12-29 Method for writing data to smart card, system and remote writing-card terminal

Country Status (1)

Country Link
CN (1) CN101771680B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469094A (en) * 2010-11-19 2012-05-23 中国电信股份有限公司 Long-range writing card, server and system
US8839415B2 (en) * 2011-02-01 2014-09-16 Kingston Technology Corporation Blank smart card device issuance system
CN103260157B (en) * 2012-05-07 2015-12-16 中国交通通信信息中心 Towards Subscriber Management System and the using method thereof of satellite communications services
CN104866881B (en) * 2015-06-10 2018-10-23 广州市森锐科技股份有限公司 System of real name, which is opened an account, reads and writes card apparatus
CN108229207B (en) * 2016-12-09 2021-09-14 上海新微技术研发中心有限公司 SOC chip with memory internal data tamper-proof mechanism and method
CN109992949B (en) * 2017-12-29 2021-04-16 中移(杭州)信息技术有限公司 Device authentication method, air card writing method and device authentication device
CN110049025A (en) * 2019-04-02 2019-07-23 公安部第三研究所 The method for realizing the distant processing of getting killed of safety for smart chip card
CN110267257A (en) * 2019-06-27 2019-09-20 恒宝股份有限公司 A kind of method, usim card and terminal updating usim card
CN111464998B (en) * 2020-03-27 2022-03-25 郑州信大捷安信息技术股份有限公司 Burning and accessing method and system for private network SIM card

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471274A (en) * 2003-07-07 2004-01-28 江苏移动通信有限责任公司 Internet-based smart card remote concurrent writing system
CN1687899A (en) * 2005-06-15 2005-10-26 大唐微电子技术有限公司 Method, system and module for dynamically downloading application program to subscriber identity module
CN101175324A (en) * 2004-08-29 2008-05-07 华为技术有限公司 Safety guaranteeing method of user card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471274A (en) * 2003-07-07 2004-01-28 江苏移动通信有限责任公司 Internet-based smart card remote concurrent writing system
CN101175324A (en) * 2004-08-29 2008-05-07 华为技术有限公司 Safety guaranteeing method of user card
CN1687899A (en) * 2005-06-15 2005-10-26 大唐微电子技术有限公司 Method, system and module for dynamically downloading application program to subscriber identity module

Also Published As

Publication number Publication date
CN101771680A (en) 2010-07-07

Similar Documents

Publication Publication Date Title
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
KR101544722B1 (en) Method for performing non-repudiation, payment managing server and user device therefor
US8943311B2 (en) System and methods for online authentication
JP6586446B2 (en) Method for confirming identification information of user of communication terminal and related system
US20160005032A1 (en) Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
CN102413224B (en) Methods, systems and equipment for binding and running security digital card
CN111275419B (en) Block chain wallet signature right confirming method, device and system
US8397281B2 (en) Service assisted secret provisioning
CN109981562B (en) Software development kit authorization method and device
JP2009529832A (en) Undiscoverable, ie secure data communication using black data
CN107920052B (en) Encryption method and intelligent device
JP7617047B2 (en) Message transmission system with hardware security module
WO2014067925A1 (en) Telecommunications chip card
WO2012034339A1 (en) Method and mobile terminal for realizing network payment
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
CN104125064B (en) A kind of dynamic cipher authentication method, client and Verification System
CN110838919B (en) Communication method, storage method, operation method and device
CN107332666A (en) Terminal document encryption method
CN101944216A (en) Double-factor online transaction security authentication method and system
CN108768941B (en) Method and device for remotely unlocking safety equipment
CN104301886A (en) A short message reading method and system, terminal, and wearable device
CN106656955A (en) Communication method and system and user terminal
KR101745482B1 (en) Communication method and apparatus in smart-home system
JP6451947B2 (en) Remote authentication system
KR102053993B1 (en) Method for Authenticating by using Certificate

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant