CN102315940A - Data transmission and processing system and method thereof - Google Patents
Data transmission and processing system and method thereof Download PDFInfo
- Publication number
- CN102315940A CN102315940A CN201110266200A CN201110266200A CN102315940A CN 102315940 A CN102315940 A CN 102315940A CN 201110266200 A CN201110266200 A CN 201110266200A CN 201110266200 A CN201110266200 A CN 201110266200A CN 102315940 A CN102315940 A CN 102315940A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- data
- card reader
- card
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title abstract description 17
- 238000003672 processing method Methods 0.000 claims abstract description 17
- 230000008859 change Effects 0.000 claims description 10
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 7
- 238000004891 communication Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 2
- 101000896740 Solanum tuberosum Cysteine protease inhibitor 9 Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention, which belongs to the information safety field, discloses a data transmission and processing system and a method thereof. The system comprises: an intelligent card, a card reader, an upper computer and a server. The data transmission and processing method comprises the following steps that: the card reader generates and sends operation data packet cryptograph; the server receives the operation data packet cryptograph through the upper computer, carries out decryption operation to the operation data packet cryptograph; when the data packet obtained through the decryption has a correct format and content, the operation is performed, operation result data packet cryptograph is generated and sent; the card reader receives the operation result data packet cryptograph through the upper computer, carries out the decryption operation to the operation result data packet cryptograph and sends the data packet obtained through the decryption to the intelligent card; the server acquires operation result prompt information sent by the card reader through the upper computer; when the operation result prompt information is illegal data prompt information, the data which is changed during the operation is recovered.
Description
Technical field
The present invention relates to information security field, particularly a kind of transmission of data and treatment system and method.
Background technology
The CPU card is also claimed smart card, has microprocessor CPU, memory cell (comprising random access memory ram, program memory ROM, user memory EEPROM) and chip operating system COS in the integrated circuit in the card.The CPU card that COS is housed is equivalent to a microcomputer, not only has data storage function, has functions such as command process and data security protecting simultaneously.
The use of smart card; Need the tool terminal of corresponding support smart card operation, card reader just, card reader provide an economy, safe and general interface for smart card and computer; It uses and various computer interfaces; And rely on built-in powerful software, can be compatible all kinds of existing and smart card, operating system and industrial API (Application Programming Interface, the application programming interfaces) standards that are about to emerge.Card reader can be applied in fields such as enterprise security, PKI (Public KEY Infrastructure, PKIX) framework, Home Banking and ecommerce at present.Through card reader, the smart card that can utilize powerful, safety and be easy to carry about with one is implemented unified and integrated security strategy at organization internal.
Along with popularizing of CPU card, use the place of CPU card more and more in the financial field, the requirement of reading card device and server etc. also gets more and more, and is especially increasingly high to safety of transmission on public network such as the information of smart card and operating data.
Summary of the invention
In order to improve data safety of transmission on public network, the invention provides a kind of safe transfer of data and treatment system and method for work.
The technological means that the present invention adopted is:
A kind of transmission of data and processing method comprise:
What card reader will receive forms the operating data bag from the operating data of host computer with from the card essential information of smart card, generates first dynamic password, and according to said operating data bag and the said first dynamic password generating run packet ciphertext;
Server obtains said operating data bag ciphertext through said host computer from said card reader;
Said server generates second dynamic password or the second dynamic password window; According to the dynamic password in second dynamic password or the second dynamic password window operating data bag ciphertext that receives is carried out decrypt operation; After the data packet format that the judgement deciphering obtains is correct; The data base calibration server dynamic factor, the said second dynamic password window comprises at least two dynamic passwords;
When the packet content that obtains when said deciphering is correct, carry out this operation, generating run result data bag according to the data in the said packet;
Generate the 3rd dynamic password, and according to said operating result packet and said the 3rd dynamic password generating run result data bag ciphertext,
Said server sends said operating result packet ciphertext through said host computer to said card reader;
Said card reader generates the 4th dynamic password or the 4th dynamic password window; According to dynamic password in the 4th dynamic password window or the 4th dynamic password said operating result packet ciphertext is carried out decrypt operation; Send the packet that deciphering obtains to said smart card; And through said host computer to said server transmit operation results suggest information; Said the 4th dynamic password window comprises at least two dynamic passwords, and said operating result information is successful information of operation or the illegal information of data;
Said server obtains the said operating result information that said card reader is sent through said host computer;
When said server is the illegal information of said data in said operating result information, recover the data of change in this operation.
Said card reader will receive form the operating data bag from the operating data of host computer with from the card essential information of smart card before also comprise:
After said host computer receives the button trigger message, generate said operating data, and send said operating data to said card reader;
Card image is read in said card reader transmission orders to said smart card, receives the card essential information that said smart card sends.
After said host computer receives said button trigger message, generate said operating data, and before said card reader is sent said operating data, also comprise:
Said host computer triggers said card reader and reads the card image order to said smart card transmission;
Said card reader receives the card essential information that said smart card sends.
After said host computer receives said button trigger message, generate said operating data, and after said card reader is sent said operating data, also comprise:
Said card reader is sent to said smart card and is read the card image order;
Said card reader receives the card essential information that said smart card sends.
Said server generates second dynamic password or the second dynamic password window comprises:
When the dynamic password of said server generation is time type, generate the second dynamic password window, when the dynamic password of said server generation is event mode, generate second dynamic password or the second dynamic password window.
Said card reader generates the 4th dynamic password or the 4th dynamic password window comprises:
When the dynamic password of said card reader generation is time type, generate the 4th dynamic password window, when the dynamic password of said card reader generation is event mode, generate the 4th dynamic password or the 4th dynamic password window.
When said second dynamic password or said the 4th dynamic password are the time type dynamic password; Said second dynamic password or said the 4th dynamic password are the dynamic password that generates according to pairing dynamic factor of current server time; The said second dynamic password window is for being one group of dynamic password at center with second dynamic password, and said the 4th dynamic password window is for being one group of dynamic password at center with the 4th dynamic password;
When said second dynamic password or said the 4th dynamic password are the event mode dynamic password; Said second dynamic password or said the 4th dynamic password are for generating the dynamic password that time numerical value generates as dynamic factor with the current dynamic password of storing in the server; The said second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and said the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password.
When the dynamic password in said second dynamic password window and said the 4th dynamic password window was the time type dynamic password, said data base calibration server dynamic factor was for replacing with server time the pairing time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the second dynamic password window;
When the dynamic password in said second dynamic password window and said the 4th dynamic password window is the event mode dynamic password, then said data base calibration server dynamic factor for server is generated dynamic password time numerical value replace with the second dynamic password window in successfully decrypt the current generation dynamic password time numerical value of the dynamic password of operating data bag.
The said transmission to said smart card deciphered the packet that obtains, and comprises to said server transmit operation results suggest information through said host computer:
The packet that said card reader transmission deciphering obtains is given said smart card;
Said smart card judges whether the data in the packet that said deciphering that said card reader is sent obtains are legal;
When the data in the packet that said deciphering obtains were legal, said smart card upgraded the card essential information of said smart card, and sent the successful information of said operation to said card reader;
When the data in the packet that said deciphering obtains were illegal, said smart card sent the illegal information of said data through said card reader and said host computer to said server.
Send the packet that said deciphering obtains to said smart card, and comprise to said server transmit operation results suggest information through said host computer:
Said card reader judges whether the data in the packet that said deciphering obtains are legal;
When the data in the packet that said deciphering obtains are legal; Said card reader is sent said legal data to said smart card; After said smart card receives said legal data, upgrade the card essential information of said smart card, and send the successful information of said operation to said card reader;
When the data in the packet that said deciphering obtains were illegal, said card reader was sent the illegal information of said data through said host computer to said server.
A kind of transmission and treatment system of data comprise: smart card, card reader, host computer and server;
Said smart card comprises:
First sending module is used for sending card essential information and operating result information to said card reader;
First receiver module is used to receive reading the order of card essential information and deciphering the packet that obtains of said card reader transmission;
Operational module, the data of the packet that is used for obtaining according to said deciphering are carried out corresponding operating, generate said operating result information;
First memory module: the said card essential information that is used to store said smart card;
Said card reader comprises:
Interface module is used for said card reader and said host computer connects;
The draw-in groove module is used for said card reader and said smart card connects;
Second receiver module is used to receive said card essential information and the said operating result information that said smart card sends, and receives operating data and operating result packet ciphertext that said host computer sends;
Group bag module is used for said operating data that receives and said card essential information are formed the operating data bag;
The first dynamic password module is used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of said card reader storage inside;
First encrypting module is used for according to said operating data bag and the said first dynamic password generating run packet ciphertext;
First deciphering module is used for according to the dynamic password of said the 4th dynamic password or said the 4th dynamic password window said operating result packet ciphertext being carried out decrypt operation;
Second sending module; Be used for reading the card image order and deciphering the packet that obtains to said smart card transmission; Send to said host computer and to encrypt successful information and operating result information, and send said operating data bag ciphertext to host computer receiving when obtaining encrypted result and instructing;
Second memory module is used to store dynamic password and generates key element, AES and decipherment algorithm;
Power module is used to said card reader electric energy is provided.
Said host computer comprises:
Communication module; The operating data bag ciphertext that is used for said card reader is sent sends to said server; The operating result packet ciphertext that said server is sent sends to said card reader, and the operating result information that said card reader is sent sends to said server;
Key-press module is used to receive the button trigger message;
Generation module is used for generating said operating data according to said button trigger message.
Said server comprises:
The 3rd receiver module is used to receive said operating data bag ciphertext and the operating result information that said host computer sends;
The second dynamic password module, the dynamic password that is used for storing according to said server generates key element and generates second dynamic password and the 3rd dynamic password or generate the second dynamic password window and the 3rd dynamic password;
Second deciphering module is used for according to the dynamic password of said second dynamic password or the said second dynamic password window the said operating data bag ciphertext that receives being carried out decrypt operation;
Second judge module is used to judge whether the packet that deciphering obtains is complete;
Calibration module, when the packet that is used for obtaining in said deciphering is complete, the data base calibration server dynamic factor;
Executive Module; When the packet that is used for obtaining in said deciphering is complete; Data in the packet that obtains according to said deciphering are carried out this operation; Generating run result data bag also is used for when said operating result information is the illegal information of operating result data, recovers the data of change in this operation;
Second encrypting module is used for according to said the 3rd dynamic password and said operating result packet generating run result data bag ciphertext;
The 3rd sending module is used for sending said operating result packet ciphertext to said host computer;
The 3rd memory module is used to store dynamic password and generates key element and AES.
Said card reader also comprises:
The 3rd judge module, whether the data of the packet that is used for judging that said deciphering obtains are legal.
Said smart card also comprises:
First judge module is used for judging whether the data of the packet that said deciphering that said card reader is sent obtains are legal.
The transmission of the data that the embodiment of the invention provides and treatment system and method, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext through host computer; Operating data bag ciphertext is carried out decrypt operation, when data packet format that obtains when said deciphering and content are all correct, carry out this operation; Generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext through host computer then, and said operating result packet ciphertext is carried out decrypt operation, sends the packet that deciphering obtains to said smart card; Last server obtains the said operating result information that said card reader is sent through said host computer, when said operating result information is the illegal information of said data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network through the data that need on public network, transmit are encrypted, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The transmission of a kind of data that Fig. 1 provides for the embodiment of the invention one and the structural representation of treatment system;
The another kind of structural representation figure of the transmission of a kind of data that Fig. 2 provides for the embodiment of the invention one and treatment system;
The transmission of a kind of data that Fig. 3 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of the another kind of data that Fig. 4 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of another data that Fig. 5 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of another data that Fig. 6 provides for the embodiment of the invention two and the flow chart of processing method.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making all other embodiment that obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
For the advantage that makes technical scheme of the present invention is clearer, the present invention is elaborated below in conjunction with accompanying drawing and embodiment.
Embodiment one
Referring to Fig. 1, the embodiment of the invention one provides a kind of transmission and treatment system of data, and said system comprises smart card 1, card reader 2, host computer 3 and server 4;
Said smart card 1 comprises first sending module 11, first receiver module 12, operational module 13, first memory module 14, first judge module 15, and the function of above-mentioned each module is following:
First sending module 11: be used for sending card essential information and operating result information to said card reader;
Particularly, said operating result information comprises information and the illegal information of data that operation is successful;
First receiver module 12: be used to receive reading the order of card essential information and deciphering the packet that obtains of said card reader transmission;
Operational module 13: the data of the packet that is used for obtaining according to said deciphering are carried out corresponding operating, generate said operating result information;
Particularly, said corresponding operating is for upgrading the card essential information of storage in first memory module 14;
First memory module 14: the said card essential information that is used to store said smart card 1;
First judge module 15: whether the data that are used for judging the packet that said deciphering that said card reader 2 is sent obtains are legal;
Said card reader 2 comprises interface module 21, draw-in groove module 22, second receiver module 23, group bag module 24, the first dynamic password module 25, first encrypting module 26, first deciphering module 27, second sending module 28, second memory module 29, power module 210, and the function of above-mentioned each module is following:
Interface module 21: be used for said card reader 2 and connect with said host computer 3;
Draw-in groove module 22: be used for said card reader 2 and connect with said smart card 1;
Second receiver module 23: be used to receive said card essential information and said operating result information that said smart card 1 sends, and receive operating data that said host computer 3 sends, read the order of card essential information, obtain encrypted result instruction and operating result packet ciphertext;
Group bag module 24: be used for said operating data that receives and said card essential information are formed the operating data bag;
The first dynamic password module 25: be used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of said card reader 2 storage inside;
First encrypting module 26: be used for according to said operating data bag and the said first dynamic password generating run packet ciphertext;
First deciphering module 27: be used for said operating result packet ciphertext being carried out decrypt operation according to the dynamic password of said the 4th dynamic password or said the 4th dynamic password window;
Second sending module 28: be used for reading the order of card essential information and deciphering the packet that obtains to said smart card 1 transmission; Send to said host computer 3 and to encrypt successful information and operating result informations, and receiving when obtaining the encrypted result instruction to the said operating data bag ciphertext of host computer 3 transmissions;
Second memory module 29: be used to store dynamic password and generate key element, AES and decipherment algorithm;
Power module 210: be used to said card reader 2 electric energy is provided;
Said host computer 3 comprises communication module 31, key-press module 32, generation module 33, and the concrete function of above-mentioned each module is following:
Communication module 31: the operating data bag ciphertext that is used for said card reader 2 is sent sends to said server 4; The operating result packet ciphertext that said server 4 is sent sends to said card reader 2, and the operating result information that said card reader 2 is sent sends to said server 4;
Key-press module 32: be used to receive the button trigger message, and said button trigger message is sent to said generation module 33;
Generation module 33: be used for generating said operating data, and said operating data is sent to said communication module 31 according to said button trigger message;
Said server 4 comprises the 3rd receiver module 41, the second dynamic password module 42, second deciphering module 43, second judge module 44, calibration module 45, Executive Module 46, second encrypting module 47, the 3rd sending module 48, the 3rd memory module 49, and the function of above-mentioned each module is following:
The 3rd receiver module 41: be used to receive said operating data bag ciphertext and the operating result information that said host computer 3 sends;
The second dynamic password module 42: be used for generating second dynamic password and the 3rd dynamic password or generating the second dynamic password window and the 3rd dynamic password according to the dynamic password generation key element of said server 4 storages;
Second deciphering module 43: be used for the said operating data bag ciphertext that receives being carried out decrypt operation according to the dynamic password of said second dynamic password or the said second dynamic password window;
Second judge module 44: whether whether the content correct and packet that the judgement deciphering obtains is correct to be used to judge the form of deciphering the packet that obtains;
Calibration module 45: during the correct format of the packet that is used for obtaining in said deciphering, the data base calibration server dynamic factor;
Executive Module 46: when the packet content that is used for obtaining in said deciphering is correct; Data in the packet that obtains according to said deciphering are carried out this operation; Generating run result data bag; Also be used for when said operating result information is the illegal information of operating result data, recover the data of change in this operation;
Second encrypting module 47: be used for according to said the 3rd dynamic password and said operating result packet generating run result data bag ciphertext;
The 3rd sending module 48: be used for sending said operating result packet ciphertext to said host computer 3;
The 3rd memory module 49: be used to store dynamic password and generate key element, AES and decipherment algorithm;
As shown in Figure 2, in the present embodiment, card reader 2 can also comprise that the function of the 3rd judge module 211, the three judge modules 211 is following:
The 3rd judge module 211: whether the data that are used for judging the packet that 27 deciphering of first deciphering module obtain are legal;
Correspondingly; Smart card 1 does not comprise second sending module, the 28 corresponding first receiver module 12` and the second sending module 28` of becoming in first judge module 15 and first receiver module 12 and the card reader 2, and the first receiver module 12` and the second sending module 28` are specific as follows:
The first receiver module 12`: the packet that the card essential information is ordered and legal deciphering obtains that reads that is used to receive said card reader transmission;
The second sending module 28`: be used for reading the packet that the card essential information is ordered and legal deciphering obtains to said smart card 1 transmission; Send to said host computer 3 and to encrypt successful information and operating result informations, and receiving when obtaining the encrypted result instruction to the said operating data bag ciphertext of host computer 3 transmissions.
The transmission of the data that the embodiment of the invention provides and treatment system, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext through host computer; Operating data bag ciphertext is carried out decrypt operation, when data packet format that obtains when said deciphering and content are all correct, carry out this operation; Generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext through host computer then, and said operating result packet ciphertext is carried out decrypt operation, sends the packet that deciphering obtains to said smart card; Last server obtains the said operating result information that said card reader is sent through said host computer, when said operating result information is the illegal information of said data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network through the data that need on public network, transmit are encrypted, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
Embodiment two
Referring to Fig. 3, the embodiment of the invention two provides a kind of transmission and processing method of data, and concrete steps are following:
Step 301: card reader and host computer connect;
Step 302: host computer triggers card reader and reads the card image order to the smart card transmission, waits for that smart card returns the card essential information;
Step 303: smart card receives and reads card image order back transmission card essential information to card reader;
Step 304: card reader receives the card essential information, waits for that receiving host computer issues operating data;
Step 305: host computer receives generating run data behind the button trigger message;
Step 306: host computer transmit operation data are given card reader, and the wait card reader is returned and encrypted successful information;
Step 307: after card reader receives operating data, said operating data and said card essential information are formed the operating data bag, and generate first dynamic password;
Step 308: card reader as key, is called AES with first dynamic password, the operating data bag is carried out cryptographic calculation draw operating data bag ciphertext, and store said operating data bag ciphertext;
Particularly, can be DES algorithm, RSA Algorithm etc. at said AES;
Step 309: card reader is sent and is encrypted successful information to host computer;
Step 310: host computer receives to be encrypted after the successful information transmission and obtains encrypted result and instruct to card reader;
Step 311: card reader receives obtains encrypted result instruction back transmit operation packet ciphertext to host computer;
Step 312: host computer will receive operating data bag ciphertext and send to server, then not finish process if receive any answer signal that server returns in the given time;
Step 313: server receives operating data bag ciphertext;
Step 314: server generates the second dynamic password window;
Wherein, the said second dynamic password window is one group of dynamic password, particularly:
When the dynamic password in the present embodiment is the time type dynamic password; Said second dynamic password is the dynamic password that generates with corresponding dynamic factor of current server time; The said second dynamic password window is for being one group of dynamic password at center with second dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
When the dynamic password in the present embodiment is the event mode dynamic password; Said second dynamic password is to generate the dynamic password that time numerical value generates as dynamic factor with the dynamic password of current server; Or generate time numerical value with the dynamic password of current server and add the dynamic password that preset value generates as dynamic factor; The said second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
Preferably, said in the present embodiment preset value is 1;
Step 315: server, calls decipherment algorithm operating data bag ciphertext is carried out decrypt operation as key with the dynamic password in the said second dynamic password window;
Step 316: server judges whether the form of the packet that deciphering obtains is correct, is execution in step 319 then, otherwise execution in step 317;
Step 317: server sends miscue information and gives host computer;
Step 318: host computer receives miscue information, and process finishes;
Step 319: server calibration dynamic factor; Whether the content of judging the packet that said deciphering obtains is correct; Be that data in the packet that then obtains according to said deciphering are carried out this operation, generating run result data bag and the 3rd dynamic password are given host computer otherwise send miscue information;
Particularly: when the dynamic password in the present embodiment was the time type dynamic password, said calibration dynamic factor was for replacing with server time the pairing time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the window;
When the dynamic password in the present embodiment is the event mode dynamic password; If the dynamic password in the said window generates time numerical value with the current dynamic password of server and generates as dynamic factor, then said calibration dynamic factor replaces with the value after the generation dynamic password time numerical value that is used to generate the dynamic password that successfully decrypts the operating data bag adds preset value for server being generated dynamic password time numerical value; If the dynamic password in the said window is to generate as dynamic factor with the value that the current dynamic password of server time numerical value adds behind the preset value, then said calibration dynamic factor replaces with and is used to generate the generation dynamic password time numerical value that successfully decrypts operating data bag dynamic password for server being generated dynamic password time numerical value;
Step 320: server is done key with the 3rd dynamic password, calls AES, the operating result packet is carried out cryptographic calculation obtain operating result packet ciphertext;
Step 321: server transmit operation result data bag ciphertext is given host computer;
Step 322: host computer sends to card reader with the operating result packet ciphertext that receives;
Step 323: card reader generates the 4th dynamic password window after receiving operating result packet ciphertext;
Wherein, said the 4th dynamic password window is one group of dynamic password, particularly:
When the dynamic password in the present embodiment is the time type dynamic password; Said the 4th dynamic password is the dynamic password that generates with corresponding dynamic factor of current server time; Said the 4th dynamic password window is for being one group of dynamic password at center with the 4th dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
When the dynamic password in the present embodiment is the event mode dynamic password; Said the 4th dynamic password is to generate the dynamic password that time numerical value generates as dynamic factor with the dynamic password of current server; Or generate time numerical value with the dynamic password of current server and add the dynamic password that preset value (as 1) generates as dynamic factor; Said the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
Step 324: card reader, is called decipherment algorithm operating result packet ciphertext is carried out decrypt operation as key with the dynamic password in the 4th dynamic password window;
Step 325: card reader sends to smart card with the packet that deciphering draws;
Step 326: smart card receives the packet that said deciphering draws, and judges whether the data in the packet that said deciphering draws are legal, is execution in step 327 then, otherwise execution in step 329;
Step 327: the smart card executable operations, upgrade the card essential information;
Step 328: smart card transmit operation prompt for successful information is given card reader;
Step 329: smart card is to the illegal information of card reader return data;
Step 330: card reader is to host computer transmit operation results suggest information;
Particularly, said operating result information is operation successful information or the illegal information of data;
Step 331: host computer is to server transmit operation results suggest information;
Step 332: when the said operating result information that receives when server was the illegal information of data, this operation of server cancellation recovered the data of this operation change.
Referring to Fig. 4, in the present embodiment, step 302,303,304,305,306,307 can replace with step 302`, 303`, 304`, 305`, 306`, 307`, and the particular content of step 302`, 303`, 304`, 305`, 306`, 307` is following:
Step 302`: generating run data behind the host computer reception button trigger message;
Step 303`: host computer transmit operation data are given card reader, wait for receiving and encrypt successful information;
Step 304`: card reader receives operating data;
Step 305`: the card reader transmission is read card image and is instructed to smart card, waits for that smart card returns the card essential information;
Step 306`: smart card receives and reads card image instruction back transmission card essential information to card reader;
Step 307`: card reader is formed the operating data bag with said card essential information and said operating data after receiving the card essential information, and generates first dynamic password.
Referring to Fig. 5; Step 325,326,327,328,329,330,331,332 in the present embodiment; Can replace with step 325`, 326`, 327`, 328`, 329`, 330`, 331`, the particular content of step 325`, 326`, 327`, 328`, 329`, 330`, 331` is following:
Step 325`: card reader judges whether the data in the packet that deciphering obtains are legal, is execution in step 326` then, otherwise execution in step 329`;
Step 326`: card reader sends to smart card with the packet that legal deciphering obtains;
Step 327`: the smart card executable operations, upgrade the card essential information;
Step 328`: smart card transmit operation prompt for successful information is given card reader;
Step 329`: card reader is to host computer transmit operation results suggest information;
Said operating result information is operation successful information or the illegal information of data;
Step 330`: host computer is to server transmit operation results suggest information;
Step 331`: when the said operating result information that receives when server was the illegal information of data, this operation of server cancellation recovered the data of this operation change.
Referring to Fig. 6; In the present embodiment, can be simultaneously step 302,303,304,305,306,307 be replaced with step 302`, 303`, 304`, 305`, 306`, 307` and step 325,326,327,328,329,330,331,332 is replaced with step 325`, 326`, 327`, 328`, 329`, 330`, 331`;
In addition when the dynamic password in the present embodiment is the event mode dynamic password:
Said step 314 also can replace with step 314`: server generates second dynamic password;
Correspondingly:
Step 315 replaces with 315`: server, calls AES operating data bag ciphertext is carried out decrypt operation as key with said second dynamic password;
Step 319 replaces with 319`: server is carried out this operation, generating run result data bag and the 3rd dynamic password;
Step 323 replaces with 323`: card reader generates the 4th dynamic password after receiving operating result packet ciphertext;
Step 324 replaces with 324`: card reader, is called AES and operating result packet ciphertext is deciphered is drawn the operating result data as key with the 4th dynamic password.
The transmission of the data that the embodiment of the invention provides and treatment system, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext through host computer; Operating data bag ciphertext is carried out decrypt operation, when data packet format that obtains when said deciphering and content are all correct, carry out this operation; Generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext through host computer then, and said operating result packet ciphertext is carried out decrypt operation, sends the packet that deciphering obtains to said smart card; Last server obtains the said operating result information that said card reader is sent through said host computer, when said operating result information is the illegal information of said data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network through the data that need on public network, transmit are encrypted, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
The transmission of the data that the embodiment of the invention provides and treatment system can realize the above-mentioned method embodiment that provides, and concrete function is realized seeing also the explanation among the method embodiment, repeats no more at this.The transmission of the data that the embodiment of the invention provides and treatment system and method go for information security field, but are not limited only to this.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium; This program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (13)
1. the transmission of data and processing method is characterized in that, comprising:
What card reader will receive forms the operating data bag from the operating data of host computer with from the card essential information of smart card, generates first dynamic password, and according to said operating data bag and the said first dynamic password generating run packet ciphertext;
Server obtains said operating data bag ciphertext through said host computer from said card reader;
Said server generates second dynamic password or the second dynamic password window; According to the dynamic password in second dynamic password or the second dynamic password window operating data bag ciphertext that receives is carried out decrypt operation; After the data packet format that the judgement deciphering obtains is correct; The data base calibration server dynamic factor, the said second dynamic password window comprises at least two dynamic passwords;
When the packet content that obtains when said deciphering is correct, carry out this operation, generating run result data bag according to the data in the said packet;
Generate the 3rd dynamic password, and according to said operating result packet and said the 3rd dynamic password generating run result data bag ciphertext,
Said server sends said operating result packet ciphertext through said host computer to said card reader;
Said card reader generates the 4th dynamic password or the 4th dynamic password window; According to dynamic password in the 4th dynamic password window or the 4th dynamic password said operating result packet ciphertext is carried out decrypt operation; Send the packet that deciphering obtains to said smart card; And through said host computer to said server transmit operation results suggest information; Said the 4th dynamic password window comprises at least two dynamic passwords, and said operating result information is successful information of operation or the illegal information of data;
Said server obtains the said operating result information that said card reader is sent through said host computer;
When said server is the illegal information of said data in said operating result information, recover the data of change in this operation.
2. the transmission of data according to claim 1 and processing method is characterized in that, said card reader will receive form the operating data bag from the operating data of host computer with from the card essential information of smart card before also comprise:
After said host computer receives the button trigger message, generate said operating data, and send said operating data to said card reader;
Card image is read in said card reader transmission orders to said smart card, receives the card essential information that said smart card sends.
3. transfer of data according to claim 2 and processing method is characterized in that, after said host computer receives said button trigger message, generate said operating data, and before said card reader is sent said operating data, also comprise:
Said host computer triggers said card reader and reads the card image order to said smart card transmission;
Said card reader receives the card essential information that said smart card sends.
4. transfer of data according to claim 2 and processing method is characterized in that, after said host computer receives said button trigger message, generate said operating data, and after said card reader is sent said operating data, also comprise:
Said card reader is sent to said smart card and is read the card image order;
Said card reader receives the card essential information that said smart card sends.
5. the transmission of data according to claim 1 and processing method is characterized in that, said server generates second dynamic password or the second dynamic password window comprises:
When the dynamic password of said server generation is time type, generate the second dynamic password window, when the dynamic password of said server generation is event mode, generate second dynamic password or the second dynamic password window.
6. the transmission of data according to claim 5 and processing method is characterized in that, said card reader generates the 4th dynamic password or the 4th dynamic password window comprises:
When the dynamic password of said card reader generation is time type, generate the 4th dynamic password window, when the dynamic password of said card reader generation is event mode, generate the 4th dynamic password or the 4th dynamic password window.
7. the transmission of data according to claim 6 and processing method is characterized in that,
When said second dynamic password or said the 4th dynamic password are the time type dynamic password; Said second dynamic password or said the 4th dynamic password are the dynamic password that generates according to pairing dynamic factor of current server time; The said second dynamic password window is for being one group of dynamic password at center with second dynamic password, and said the 4th dynamic password window is for being one group of dynamic password at center with the 4th dynamic password;
When said second dynamic password or said the 4th dynamic password are the event mode dynamic password; Said second dynamic password or said the 4th dynamic password are for generating the dynamic password that time numerical value generates as dynamic factor with the current dynamic password of storing in the server; The said second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and said the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password.
8. the transmission of data according to claim 7 and processing method is characterized in that,
When the dynamic password in said second dynamic password window and said the 4th dynamic password window was the time type dynamic password, said data base calibration server dynamic factor was for replacing with server time the pairing time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the second dynamic password window;
When the dynamic password in said second dynamic password window and said the 4th dynamic password window is the event mode dynamic password, then said data base calibration server dynamic factor for server is generated dynamic password time numerical value replace with the second dynamic password window in successfully decrypt the current generation dynamic password time numerical value of the dynamic password of operating data bag.
9. the transmission of data according to claim 1 and processing method is characterized in that, the said transmission to said smart card deciphered the packet that obtains, and comprises to said server transmit operation results suggest information through said host computer:
The packet that said card reader transmission deciphering obtains is given said smart card;
Said smart card judges whether the data in the packet that said deciphering that said card reader is sent obtains are legal;
When the data in the packet that said deciphering obtains were legal, said smart card upgraded the card essential information of said smart card, and sent the successful information of said operation to said card reader;
When the data in the packet that said deciphering obtains were illegal, said smart card sent the illegal information of said data through said card reader and said host computer to said server.
10. the transmission of data according to claim 1 and processing method is characterized in that, send the packet that said deciphering obtains to said smart card, and comprise to said server transmit operation results suggest information through said host computer:
Said card reader judges whether the data in the packet that said deciphering obtains are legal;
When the data in the packet that said deciphering obtains are legal; Said card reader is sent said legal data to said smart card; After said smart card receives said legal data, upgrade the card essential information of said smart card, and send the successful information of said operation to said card reader;
When the data in the packet that said deciphering obtains were illegal, said card reader was sent the illegal information of said data through said host computer to said server.
11. the transmission of data and treatment system is characterized in that, comprising: smart card, card reader, host computer and server;
Said smart card comprises:
First sending module is used for sending card essential information and operating result information to said card reader;
First receiver module is used to receive reading the order of card essential information and deciphering the packet that obtains of said card reader transmission;
Operational module, the data of the packet that is used for obtaining according to said deciphering are carried out corresponding operating, generate said operating result information;
First memory module: the said card essential information that is used to store said smart card;
Said card reader comprises:
Interface module is used for said card reader and said host computer connects;
The draw-in groove module is used for said card reader and said smart card connects;
Second receiver module is used to receive said card essential information and the said operating result information that said smart card sends, and receives operating data and operating result packet ciphertext that said host computer sends;
Group bag module is used for said operating data that receives and said card essential information are formed the operating data bag;
The first dynamic password module is used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of said card reader storage inside;
First encrypting module is used for according to said operating data bag and the said first dynamic password generating run packet ciphertext;
First deciphering module is used for according to the dynamic password of said the 4th dynamic password or said the 4th dynamic password window said operating result packet ciphertext being carried out decrypt operation;
Second sending module; Be used for reading the card image order and deciphering the packet that obtains to said smart card transmission; Send to said host computer and to encrypt successful information and operating result information, and send said operating data bag ciphertext to host computer receiving when obtaining encrypted result and instructing;
Second memory module is used to store dynamic password and generates key element, AES and decipherment algorithm;
Power module is used to said card reader electric energy is provided.
Said host computer comprises:
Communication module; The operating data bag ciphertext that is used for said card reader is sent sends to said server; The operating result packet ciphertext that said server is sent sends to said card reader, and the operating result information that said card reader is sent sends to said server;
Key-press module is used to receive the button trigger message;
Generation module is used for generating said operating data according to said button trigger message.
Said server comprises:
The 3rd receiver module is used to receive said operating data bag ciphertext and the operating result information that said host computer sends;
The second dynamic password module, the dynamic password that is used for storing according to said server generates key element and generates second dynamic password and the 3rd dynamic password or generate the second dynamic password window and the 3rd dynamic password;
Second deciphering module is used for according to the dynamic password of said second dynamic password or the said second dynamic password window the said operating data bag ciphertext that receives being carried out decrypt operation;
Second judge module is used to judge whether the packet that deciphering obtains is complete;
Calibration module, when the packet that is used for obtaining in said deciphering is complete, the data base calibration server dynamic factor;
Executive Module; When the packet that is used for obtaining in said deciphering is complete; Data in the packet that obtains according to said deciphering are carried out this operation; Generating run result data bag also is used for when said operating result information is the illegal information of operating result data, recovers the data of change in this operation;
Second encrypting module is used for according to said the 3rd dynamic password and said operating result packet generating run result data bag ciphertext;
The 3rd sending module is used for sending said operating result packet ciphertext to said host computer;
The 3rd memory module is used to store dynamic password and generates key element and AES.
12. the transmission of data according to claim 11 and treatment system is characterized in that, said card reader also comprises:
The 3rd judge module, whether the data of the packet that is used for judging that said deciphering obtains are legal.
13. the transmission of data according to claim 11 and treatment system is characterized in that, said smart card also comprises:
First judge module is used for judging whether the data of the packet that said deciphering that said card reader is sent obtains are legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110266200 CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110266200 CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102315940A true CN102315940A (en) | 2012-01-11 |
| CN102315940B CN102315940B (en) | 2013-09-18 |
Family
ID=45428781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110266200 Expired - Fee Related CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102315940B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647648A (en) * | 2013-12-10 | 2014-03-19 | 飞天诚信科技股份有限公司 | Safety communication method |
| CN107346401A (en) * | 2016-05-06 | 2017-11-14 | 波音公司 | Information Guarantee System for safely configuration processor |
| CN111031535A (en) * | 2019-11-15 | 2020-04-17 | 华中科技大学 | Secure communication method and system for smart card system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1387647A (en) * | 1999-10-08 | 2002-12-25 | 株式会社韩亚银行 | Apparatus and method for on-line transaction using smart card |
| US20050139652A1 (en) * | 2003-12-25 | 2005-06-30 | Matsushita Electric Industrial Co., Ltd. | Information reading device and information reading system |
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN101719054A (en) * | 2009-12-24 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and device for realizing multi-card slot access |
-
2011
- 2011-09-08 CN CN 201110266200 patent/CN102315940B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1387647A (en) * | 1999-10-08 | 2002-12-25 | 株式会社韩亚银行 | Apparatus and method for on-line transaction using smart card |
| US20050139652A1 (en) * | 2003-12-25 | 2005-06-30 | Matsushita Electric Industrial Co., Ltd. | Information reading device and information reading system |
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN101719054A (en) * | 2009-12-24 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and device for realizing multi-card slot access |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647648A (en) * | 2013-12-10 | 2014-03-19 | 飞天诚信科技股份有限公司 | Safety communication method |
| WO2015085754A1 (en) * | 2013-12-10 | 2015-06-18 | 飞天诚信科技股份有限公司 | Secure communication method |
| CN107346401A (en) * | 2016-05-06 | 2017-11-14 | 波音公司 | Information Guarantee System for safely configuration processor |
| CN107346401B (en) * | 2016-05-06 | 2022-02-08 | 波音公司 | Information security system for securely executing program |
| CN111031535A (en) * | 2019-11-15 | 2020-04-17 | 华中科技大学 | Secure communication method and system for smart card system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102315940B (en) | 2013-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101667240B (en) | Intelligent card and card writing method, equipment and system thereof | |
| EP2442601B1 (en) | Method and system for automatically logging in client | |
| CN103714635B (en) | A kind of POS terminal and terminal master key downloading mode collocation method thereof | |
| CN100533459C (en) | Data safe reading method and safe storage device thereof | |
| CN101122942B (en) | Data safe reading method and its safe storage device | |
| CN107508679B (en) | Binding and authentication method for intelligent terminal main control chip and encryption chip | |
| CN101739758B (en) | Method for encrypting and decrypting smart card, system and reader-writer | |
| CN101339597B (en) | Method, system and equipment for upgrading read-write machine firmware | |
| CN102867366B (en) | Portable bank card data processing device, system and method | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN102123027A (en) | Information security processing method and mobile terminal | |
| CN101282218B (en) | Method for ciphering and deciphering host computer and pickaback plane of split type terminal | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| CN101866411B (en) | Security certification and encryption method and system of multi-application noncontact-type CPU card | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| CN101587458A (en) | Operation method and device for intelligent storing card | |
| CN102315940B (en) | Data transmission and processing system and method thereof | |
| CN104063333A (en) | Encrypted storage equipment and encrypted storage method | |
| CN102118745B (en) | Method and device for secure encryption for mobile payment data, and mobile phone | |
| CN105577361A (en) | Information processing method and device thereof | |
| CN201742425U (en) | Non-contact type CPU card multi-application security authentication and encryption system | |
| CN102611552B (en) | There are the read-write terminal of valency information recording medium, system | |
| CN103324970B (en) | The receiving/transmission method of a kind of RFID of highly effective and safe and system thereof | |
| CN202978979U (en) | Password security keypad device and password security pad system | |
| CN214175061U (en) | Binding system of terminal equipment and external password keyboard |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130918 |