CN102315940B - Data transmission and processing system and method thereof - Google Patents
Data transmission and processing system and method thereof Download PDFInfo
- Publication number
- CN102315940B CN102315940B CN 201110266200 CN201110266200A CN102315940B CN 102315940 B CN102315940 B CN 102315940B CN 201110266200 CN201110266200 CN 201110266200 CN 201110266200 A CN201110266200 A CN 201110266200A CN 102315940 B CN102315940 B CN 102315940B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- data
- card reader
- packet
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention, which belongs to the information safety field, discloses a data transmission and processing system and a method thereof. The system comprises: an intelligent card, a card reader, an upper computer and a server. The data transmission and processing method comprises the following steps that: the card reader generates and sends operation data packet cryptograph; the server receives the operation data packet cryptograph through the upper computer, carries out decryption operation to the operation data packet cryptograph; when the data packet obtained through the decryption has a correct format and content, the operation is performed, operation result data packet cryptograph is generated and sent; the card reader receives the operation result data packet cryptograph through the upper computer, carries out the decryption operation to the operation result data packet cryptograph and sends the data packet obtained through the decryption to the intelligent card; the server acquires operation result prompt information sent by the card reader through the upper computer; when the operation result prompt information is illegal data prompt information, the data which is changed during the operation is recovered.
Description
Technical field
The present invention relates to information security field, particularly a kind of transmission of data and treatment system and method.
Background technology
The CPU card also claims smart card, has microprocessor CPU, memory cell (comprising random access memory ram, program memory ROM, user memory EEPROM) and chip operating system COS in the integrated circuit in the card.The CPU card that COS is housed is equivalent to a microcomputer, not only has data storage function, has functions such as command process and data security protecting simultaneously.
The use of smart card, the tool terminal that corresponding support smart card operation need be arranged, card reader just, card reader provides an economy, safe and general interface for smart card and computer, it uses and various computer interfaces, and rely on built-in powerful software, can be compatible all kinds of existing and smart card, operating system and industrial API (Application Programming Interface, the application programming interfaces) standards that are about to emerge.Card reader can be applied in fields such as enterprise security, PKI (Public KEY Infrastructure, PKIX) framework, Home Banking and ecommerce at present.By card reader, the smart card that can utilize powerful, safety and be easy to carry about with one is implemented unified and integrated security strategy at organization internal.
Along with popularizing of CPU card, use the place of CPU card more and more in the financial field, also more and more to the requirement of card reader and server etc., especially more and more higher to safety of transmission on public network such as the information of smart card and operating data.
Summary of the invention
In order to improve data safety of transmission on public network, the invention provides a kind of safe transfer of data and treatment system and method for work.
The technology used in the present invention means are:
A kind of transmission of data and processing method comprise:
What card reader will receive forms the operating data bag from the operating data of host computer with from the card essential information of smart card, generates first dynamic password, and according to described operating data bag and the described first dynamic password generating run packet ciphertext;
Server obtains described operating data bag ciphertext by described host computer from described card reader;
Described server generates second dynamic password or the second dynamic password window, according to the dynamic password in second dynamic password or the second dynamic password window operating data bag ciphertext that receives is decrypted computing, after the data packet format that the judgement deciphering obtains is correct, the data base calibration server dynamic factor, the described second dynamic password window comprises at least two dynamic passwords;
When the packet content that obtains when described deciphering is correct, carry out this operation according to the data in the described packet, generating run result data bag;
Generate the 3rd dynamic password, and according to described operating result packet and described the 3rd dynamic password generating run result data bag ciphertext,
Described server sends described operating result packet ciphertext by described host computer to described card reader;
Described card reader generates the 4th dynamic password or the 4th dynamic password window, according to the dynamic password in the 4th dynamic password window or the 4th dynamic password described operating result packet ciphertext is decrypted computing, send the packet that deciphering obtains to described smart card, and by described host computer to described server transmit operation results suggest information, described the 4th dynamic password window comprises at least two dynamic passwords, and described operating result information is the successful information of operation or the illegal information of data;
Described server obtains the described operating result information that described card reader sends by described host computer;
When described server is the illegal information of described data in described operating result information, recover the data of change in this operation.
Described card reader will receive form the operating data bag from the operating data of host computer with from the card essential information of smart card before also comprise:
After described host computer receives the button trigger message, generate described operating data, and send described operating data to described card reader;
Described card reader sends and reads the card image order to described smart card, receives the card essential information that described smart card sends.
After described host computer receives described button trigger message, generate described operating data, and before described card reader sends described operating data, also comprise:
Described host computer triggers described card reader and reads the card image order to described smart card transmission;
Described card reader receives the card essential information that described smart card sends.
After described host computer receives described button trigger message, generate described operating data, and after described card reader sends described operating data, also comprise:
Described card reader sends to described smart card and reads the card image order;
Described card reader receives the card essential information that described smart card sends.
Described server generates second dynamic password or the second dynamic password window comprises:
When the dynamic password of described server generation is time type, generate the second dynamic password window, when the dynamic password of described server generation is event mode, generate second dynamic password or the second dynamic password window.
Described card reader generates the 4th dynamic password or the 4th dynamic password window comprises:
When the dynamic password of described card reader generation is time type, generate the 4th dynamic password window, when the dynamic password of described card reader generation is event mode, generate the 4th dynamic password or the 4th dynamic password window.
When described second dynamic password or described the 4th dynamic password are the time type dynamic password, described second dynamic password or described the 4th dynamic password are the dynamic password that generates according to corresponding dynamic factor of current server time, the described second dynamic password window is one group of dynamic password centered by second dynamic password, and described the 4th dynamic password window is one group of dynamic password centered by the 4th dynamic password;
When described second dynamic password or described the 4th dynamic password are the event mode dynamic password, described second dynamic password or described the 4th dynamic password are for generating the dynamic password that time numerical value generates as dynamic factor with the current dynamic password of storing in the server, the described second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and described the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password.
When the dynamic password in the described second dynamic password window and described the 4th dynamic password window was the time type dynamic password, described data base calibration server dynamic factor was for replacing with server time the corresponding time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the second dynamic password window;
When the dynamic password in the described second dynamic password window and described the 4th dynamic password window is the event mode dynamic password, then described data base calibration server dynamic factor for server is generated dynamic password time numerical value replace with the second dynamic password window in successfully decrypt the current generation dynamic password time numerical value of the dynamic password of operating data bag.
The described transmission to described smart card deciphered the packet that obtains, and comprises to described server transmit operation results suggest information by described host computer:
The packet that described card reader transmission deciphering obtains is to described smart card;
Described smart card judges whether the data in the packet that described deciphering that described card reader sends obtains are legal;
When the data in the packet that described deciphering obtains were legal, described smart card upgraded the card essential information of described smart card, and sent the successful information of described operation to described card reader;
When the data in the packet that described deciphering obtains were illegal, described smart card sent the illegal information of described data by described card reader and described host computer to described server.
Send the packet that described deciphering obtains to described smart card, and comprise to described server transmit operation results suggest information by described host computer:
Described card reader judges whether the data in the packet that described deciphering obtains are legal;
When the data in the packet that described deciphering obtains are legal, described card reader sends described legal data to described smart card, after described smart card receives described legal data, upgrade the card essential information of described smart card, and send the successful information of described operation to described card reader;
When the data in the packet that described deciphering obtains were illegal, described card reader sent the illegal information of described data by described host computer to described server.
A kind of transmission and treatment system of data comprise: smart card, card reader, host computer and server;
Described smart card comprises:
First sending module is used for sending card essential information and operating result information to described card reader;
First receiver module is used for receiving reading the order of card essential information and deciphering the packet that obtains of described card reader transmission;
Operational module carries out corresponding operating for the data of the packet that obtains according to described deciphering, generates described operating result information;
First memory module: the described card essential information that is used for the described smart card of storage;
Described card reader comprises:
Interface module is used for described card reader and described host computer and connects;
The draw-in groove module is used for described card reader and described smart card and connects;
Second receiver module is used for receiving described card essential information and the described operating result information that described smart card sends, and receives operating data and operating result packet ciphertext that described host computer sends;
Group bag module, the described operating data and the described card essential information that are used for receiving are formed the operating data bag;
The first dynamic password module is used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of described card reader storage inside;
First encrypting module is used for according to described operating data bag and the described first dynamic password generating run packet ciphertext;
First deciphering module is used for according to the dynamic password of described the 4th dynamic password or described the 4th dynamic password window described operating result packet ciphertext being decrypted computing;
Second sending module, be used for reading the card image order and deciphering the packet that obtains to described smart card transmission, send to described host computer and to encrypt successful information and operating result information, and send described operating data bag ciphertext to host computer receiving when obtaining the encrypted result instruction;
Second memory module is used for the storage dynamic password and generates key element, cryptographic algorithm and decipherment algorithm;
Power module is used to described card reader that electric energy is provided.
Described host computer comprises:
Communication module, the operating data bag ciphertext that is used for described card reader is sent sends to described server, the operating result packet ciphertext that described server is sent sends to described card reader, and the operating result information that described card reader is sent sends to described server;
Key-press module is used for receiving the button trigger message;
Generation module is used for generating described operating data according to described button trigger message.
Described server comprises:
The 3rd receiver module is used for receiving described operating data bag ciphertext and the operating result information that described host computer sends;
The second dynamic password module, the dynamic password that is used for storing according to described server generates key element and generates second dynamic password and the 3rd dynamic password or generate the second dynamic password window and the 3rd dynamic password;
Second deciphering module is used for according to the dynamic password of described second dynamic password or the described second dynamic password window the described operating data bag ciphertext that receives being decrypted computing;
Second judge module is for judging whether the packet that deciphering obtains is complete;
Calibration module, when complete for the packet that obtains in described deciphering, the data base calibration server dynamic factor;
Executive Module, when complete for the packet that obtains in described deciphering, data in the packet that obtains according to described deciphering are carried out this operation, generating run result data bag, also be used for when described operating result information is the illegal information of operating result data, recovering the data of change in this operation;
Second encrypting module is used for according to described the 3rd dynamic password and described operating result packet generating run result data bag ciphertext;
The 3rd sending module is used for sending described operating result packet ciphertext to described host computer;
The 3rd memory module is used for the storage dynamic password and generates key element and cryptographic algorithm.
Described card reader also comprises:
The 3rd judge module is used for judging whether the data of the packet that described deciphering obtains are legal.
Described smart card also comprises:
First judge module is used for judging whether the data of the packet that the described deciphering of described card reader transmission obtains are legal.
The transmission of the data that the embodiment of the invention provides and treatment system and method, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext by host computer, operating data bag ciphertext is decrypted computing, when the data packet format that obtains when described deciphering and content are all correct, carries out this operation, generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext by host computer then, and described operating result packet ciphertext is decrypted computing, sends the packet that deciphering obtains to described smart card; Last server obtains the described operating result information that described card reader sends by described host computer, when described operating result information is the illegal information of described data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network by to being encrypted in the data that public network transmits, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The transmission of a kind of data that Fig. 1 provides for the embodiment of the invention one and the structural representation for the treatment of system;
The transmission of a kind of data that Fig. 2 provides for the embodiment of the invention one and the another kind of structural representation figure for the treatment of system;
The transmission of a kind of data that Fig. 3 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of the another kind of data that Fig. 4 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of another data that Fig. 5 provides for the embodiment of the invention two and the flow chart of processing method;
The transmission of another data that Fig. 6 provides for the embodiment of the invention two and the flow chart of processing method.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making all other embodiment that obtain under the creative work prerequisite.
For the advantage that makes technical solution of the present invention is clearer, below in conjunction with drawings and Examples the present invention is elaborated.
Embodiment one
Referring to Fig. 1, the embodiment of the invention one provides a kind of transmission and treatment system of data, and described system comprises smart card 1, card reader 2, host computer 3 and server 4;
Described smart card 1 comprises first sending module 11, first receiver module 12, operational module 13, first memory module 14, first judge module 15, and the function of above-mentioned each module is as follows:
First sending module 11: be used for sending card essential information and operating result information to described card reader;
Particularly, described operating result information comprises information and the illegal information of data that operation is successful;
First receiver module 12: be used for receiving reading the order of card essential information and deciphering the packet that obtains of described card reader transmission;
Operational module 13: the data for the packet that obtains according to described deciphering are carried out corresponding operating, generate described operating result information;
Particularly, described corresponding operating is for upgrading the card essential information of storage in first memory module 14;
First memory module 14: the described card essential information that is used for the described smart card 1 of storage;
First judge module 15: whether the data that are used for judging the packet that the described deciphering of described card reader 2 transmissions obtains are legal;
Described card reader 2 comprises interface module 21, draw-in groove module 22, second receiver module 23, group bag module 24, the first dynamic password module 25, first encrypting module 26, first deciphering module 27, second sending module 28, second memory module 29, power module 210, and the function of above-mentioned each module is as follows:
Interface module 21: be used for described card reader 2 and connect with described host computer 3;
Draw-in groove module 22: be used for described card reader 2 and connect with described smart card 1;
Second receiver module 23: be used for to receive described card essential information and described operating result information that described smart card 1 sends, and receive operating data that described host computer 3 sends, read the order of card essential information, obtain encrypted result instruction and operating result packet ciphertext;
Group bag module 24: the described operating data and the described card essential information that are used for receiving are formed the operating data bag;
The first dynamic password module 25: be used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of described card reader 2 storage inside;
First encrypting module 26: be used for according to described operating data bag and the described first dynamic password generating run packet ciphertext;
First deciphering module 27: be used for according to the dynamic password of described the 4th dynamic password or described the 4th dynamic password window described operating result packet ciphertext being decrypted computing;
Second sending module 28: be used for reading the order of card essential information and deciphering the packet that obtains to described smart card 1 transmission, send to described host computer 3 and to encrypt successful information and operating result informations, and send described operating data bag ciphertext to host computer 3 receiving when obtaining the encrypted result instruction;
Second memory module 29: be used for the storage dynamic password and generate key element, cryptographic algorithm and decipherment algorithm;
Power module 210: be used to described card reader 2 that electric energy is provided;
Described host computer 3 comprises communication module 31, key-press module 32, generation module 33, and the concrete function of above-mentioned each module is as follows:
Communication module 31: the operating data bag ciphertext that is used for described card reader 2 is sent sends to described server 4, the operating result packet ciphertext that described server 4 is sent sends to described card reader 2, and the operating result information that described card reader 2 is sent sends to described server 4;
Key-press module 32: be used for receiving the button trigger message, and described button trigger message is sent to described generation module 33;
Generation module 33: be used for generating described operating data according to described button trigger message, and described operating data is sent to described communication module 31;
Described server 4 comprises the 3rd receiver module 41, the second dynamic password module 42, second deciphering module 43, second judge module 44, calibration module 45, Executive Module 46, second encrypting module 47, the 3rd sending module 48, the 3rd memory module 49, and the function of above-mentioned each module is as follows:
The 3rd receiver module 41: be used for receiving described operating data bag ciphertext and the operating result information that described host computer 3 sends;
The second dynamic password module 42: be used for generating second dynamic password and the 3rd dynamic password or generating the second dynamic password window and the 3rd dynamic password according to the dynamic password generation key element of described server 4 storages;
Second deciphering module 43: be used for according to the dynamic password of described second dynamic password or the described second dynamic password window the described operating data bag ciphertext that receives being decrypted computing;
Second judge module 44: whether whether the content correct and packet that the judgement deciphering obtains is correct to be used for judging the form of deciphering the packet that obtains;
Calibration module 45: when being used for the correct format of the packet that obtains in described deciphering, the data base calibration server dynamic factor;
Executive Module 46: when correct for the packet content that obtains in described deciphering, data in the packet that obtains according to described deciphering are carried out this operation, generating run result data bag, also be used for when described operating result information is the illegal information of operating result data, recovering the data of change in this operation;
Second encrypting module 47: be used for according to described the 3rd dynamic password and described operating result packet generating run result data bag ciphertext;
The 3rd sending module 48: be used for sending described operating result packet ciphertext to described host computer 3;
The 3rd memory module 49: be used for the storage dynamic password and generate key element, cryptographic algorithm and decipherment algorithm;
As shown in Figure 2, in the present embodiment, card reader 2 can also comprise that the function of the 3rd judge module 211, the three judge modules 211 is as follows:
The 3rd judge module 211: whether legal for the data of judging the packet that 27 deciphering of first deciphering module obtain;
Correspondingly, smart card 1 does not comprise second sending module, the 28 corresponding first receiver module 12` and the second sending module 28` of becoming in first judge module 15 and first receiver module 12 and the card reader 2, and the first receiver module 12` and the second sending module 28` are specific as follows:
The first receiver module 12`: what be used for to receive that described card reader sends reads the packet that the order of card essential information and legal deciphering obtain;
The second sending module 28`: for read the packet that the order of card essential information and legal deciphering obtain to described smart card 1 transmission, send to described host computer 3 and to encrypt successful information and operating result informations, and send described operating data bag ciphertext to host computer 3 receiving when obtaining the encrypted result instruction.
The transmission of the data that the embodiment of the invention provides and treatment system, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext by host computer, operating data bag ciphertext is decrypted computing, when the data packet format that obtains when described deciphering and content are all correct, carries out this operation, generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext by host computer then, and described operating result packet ciphertext is decrypted computing, sends the packet that deciphering obtains to described smart card; Last server obtains the described operating result information that described card reader sends by described host computer, when described operating result information is the illegal information of described data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network by to being encrypted in the data that public network transmits, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
Embodiment two
Referring to Fig. 3, the embodiment of the invention two provides a kind of transmission and processing method of data, and concrete steps are as follows:
Step 301: card reader and host computer connect;
Step 302: host computer triggers card reader and reads the card image order to the smart card transmission, waits for that smart card returns the card essential information;
Step 303: smart card sends the card essential information to card reader after receiving and reading the card image order;
Step 304: card reader receives the card essential information, waits for that receiving host computer issues operating data;
Step 305: host computer receives generating run data behind the button trigger message;
Step 306: host computer transmit operation data are given card reader, and the wait card reader is returned and encrypted successful information;
Step 307: after card reader receives operating data, described operating data and described card essential information are formed the operating data bag, and generate first dynamic password;
Step 308: card reader as key, is called cryptographic algorithm with first dynamic password, the operating data bag is encrypted computing draws operating data bag ciphertext, and store described operating data bag ciphertext;
Particularly, can be DES algorithm, RSA Algorithm etc. in described cryptographic algorithm;
Step 309: card reader sends encrypts successful information to host computer;
Step 310: host computer receives to be encrypted after the successful information transmission and obtains encrypted result and instruct to card reader;
Step 311: card reader receives obtains encrypted result instruction back transmit operation packet ciphertext to host computer;
Step 312: host computer will receive operating data bag ciphertext and send to server, then not finish process if receive any answer signal that server returns in the given time;
Step 313: server receives operating data bag ciphertext;
Step 314: server generates the second dynamic password window;
Wherein, the described second dynamic password window is one group of dynamic password, particularly:
When the dynamic password in the present embodiment is the time type dynamic password, described second dynamic password is the dynamic password with the dynamic factor generation of current server time correspondence, the described second dynamic password window is one group of dynamic password centered by second dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
When the dynamic password in the present embodiment is the event mode dynamic password, described second dynamic password is to generate the dynamic password that time numerical value generates as dynamic factor with the dynamic password of current server, or generate time numerical value with the dynamic password of current server and add the dynamic password that preset value generates as dynamic factor, the described second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
Preferably, described preset value is 1 in the present embodiment;
Step 315: server, calls decipherment algorithm operating data bag ciphertext is decrypted computing as key with the dynamic password in the described second dynamic password window;
Step 316: server judges whether the form of the packet that deciphering obtains is correct, is execution in step 319 then, otherwise execution in step 317;
Step 317: server sends miscue information to host computer;
Step 318: host computer receives miscue information, and process finishes;
Step 319: server calibration dynamic factor, whether the content of judging the packet that described deciphering obtains is correct, be that data in the packet that then obtains according to described deciphering are carried out this operation, generating run result data bag and the 3rd dynamic password, otherwise send miscue information to host computer;
Particularly: when the dynamic password in the present embodiment was the time type dynamic password, described calibration dynamic factor was for replacing with server time the corresponding time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the window;
When the dynamic password in the present embodiment is the event mode dynamic password, if the dynamic password in the described window generates time numerical value with the current dynamic password of server and generates as dynamic factor, then described calibration dynamic factor replaces with for the inferior numerical value of the generation dynamic password that generates the dynamic password that successfully decrypts the operating data bag and adds value behind the preset value for server being generated dynamic password time numerical value; If the dynamic password in the described window is to generate as dynamic factor with the value that the current dynamic password of server time numerical value adds behind the preset value, then described calibration dynamic factor replaces with for generating the inferior numerical value of the generation dynamic password that successfully decrypts operating data bag dynamic password for server being generated dynamic password time numerical value;
Step 320: server is done key with the 3rd dynamic password, calls cryptographic algorithm, the operating result packet is encrypted computing obtains operating result packet ciphertext;
Step 321: server transmit operation result data bag ciphertext is given host computer;
Step 322: host computer sends to card reader with the operating result packet ciphertext that receives;
Step 323: card reader generates the 4th dynamic password window after receiving operating result packet ciphertext;
Wherein, described the 4th dynamic password window is one group of dynamic password, particularly:
When the dynamic password in the present embodiment is the time type dynamic password, described the 4th dynamic password is the dynamic password with the dynamic factor generation of current server time correspondence, described the 4th dynamic password window is one group of dynamic password centered by the 4th dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
When the dynamic password in the present embodiment is the event mode dynamic password, described the 4th dynamic password is to generate the dynamic password that time numerical value generates as dynamic factor with the dynamic password of current server, or generate time numerical value with the dynamic password of current server and add the dynamic password that preset value (as 1) generates as dynamic factor, described the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password, and the quantity of dynamic password is relevant with predefined window size in the concrete window;
Step 324: card reader, is called decipherment algorithm operating result packet ciphertext is decrypted computing as key with the dynamic password in the 4th dynamic password window;
Step 325: card reader sends to smart card with the packet that deciphering draws;
Step 326: smart card receives the packet that described deciphering draws, and judges whether the data in the packet that described deciphering draws are legal, is execution in step 327 then, otherwise execution in step 329;
Step 327: the smart card executable operations, upgrade the card essential information;
Step 328: smart card transmit operation prompt for successful information is given card reader;
Step 329: smart card is to the illegal information of card reader return data;
Step 330: card reader is to host computer transmit operation results suggest information;
Particularly, described operating result information is operation successful information or the illegal information of data;
Step 331: host computer is to server transmit operation results suggest information;
Step 332: when the described operating result information that receives when server was the illegal information of data, server was cancelled this operation, recovered the data of this operation change.
Referring to Fig. 4, in the present embodiment, step 302,303,304,305,306,307 can replace with step 302`, 303`, 304`, 305`, 306`, 307`, and the particular content of step 302`, 303`, 304`, 305`, 306`, 307` is as follows:
Step 302`: generating run data behind the host computer reception button trigger message;
Step 303`: host computer transmit operation data are given card reader, wait for receiving and encrypt successful information;
Step 304`: card reader receives operating data;
Step 305`: the card reader transmission is read card image and is instructed to smart card, waits for that smart card returns the card essential information;
Step 306`: smart card receives and reads card image instruction back transmission card essential information to card reader;
Step 307`: card reader is formed the operating data bag with described card essential information and described operating data after receiving the card essential information, and generates first dynamic password.
Referring to Fig. 5, step 325,326,327,328,329,330,331,332 in the present embodiment, can replace with step 325`, 326`, 327`, 328`, 329`, 330`, 331`, the particular content of step 325`, 326`, 327`, 328`, 329`, 330`, 331` is as follows:
Step 325`: card reader judges whether the data in the packet that deciphering obtains are legal, is execution in step 326` then, otherwise execution in step 329`;
Step 326`: card reader sends to smart card with the packet that legal deciphering obtains;
Step 327`: the smart card executable operations, upgrade the card essential information;
Step 328`: smart card transmit operation prompt for successful information is given card reader;
Step 329`: card reader is to host computer transmit operation results suggest information;
Described operating result information is operation successful information or the illegal information of data;
Step 330`: host computer is to server transmit operation results suggest information;
Step 331`: when the described operating result information that receives when server was the illegal information of data, server was cancelled this operation, recovered the data of this operation change.
Referring to Fig. 6, in the present embodiment, can simultaneously step 302,303,304,305,306,307 be replaced with step 302`, 303`, 304`, 305`, 306`, 307` and step 325,326,327,328,329,330,331,332 replaced with step 325`, 326`, 327`, 328`, 329`, 330`, 331`;
In addition when the dynamic password in the present embodiment is the event mode dynamic password:
Described step 314 also can replace with step 314`: server generates second dynamic password;
Correspondingly:
Step 315 replaces with 315`: server, calls cryptographic algorithm operating data bag ciphertext is decrypted computing as key with described second dynamic password;
Step 319 replaces with 319`: server is carried out this operation, generating run result data bag and the 3rd dynamic password;
Step 323 replaces with 323`: card reader generates the 4th dynamic password after receiving operating result packet ciphertext;
Step 324 replaces with 324`: card reader, is called cryptographic algorithm and operating result packet ciphertext is decrypted is drawn the operating result data as key with the 4th dynamic password.
The transmission of the data that the embodiment of the invention provides and treatment system, at first card reader generates and sends operating data bag ciphertext; Server receives operating data bag ciphertext by host computer, operating data bag ciphertext is decrypted computing, when the data packet format that obtains when described deciphering and content are all correct, carries out this operation, generating run result data bag ciphertext, transmit operation result data bag ciphertext; Card reader receives operating result packet ciphertext by host computer then, and described operating result packet ciphertext is decrypted computing, sends the packet that deciphering obtains to described smart card; Last server obtains the described operating result information that described card reader sends by described host computer, when described operating result information is the illegal information of described data, recovers the data of change in this operation.The embodiment of the invention has guaranteed data safety of transmission on public network by to being encrypted in the data that public network transmits, and has solved in the prior art, and data are the not high problem of safety of transmission on public network.
The above-mentioned method embodiment that provides can be provided for the transmission of the data that the embodiment of the invention provides and treatment system, and concrete function realizes seeing also the explanation among the method embodiment, does not repeat them here.The transmission of the data that the embodiment of the invention provides and treatment system and method go for information security field, but are not limited only to this.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in above-described embodiment method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (13)
1. the transmission of data and processing method is characterized in that, comprising:
What card reader will receive forms the operating data bag from the operating data of host computer with from the card essential information of smart card, generates first dynamic password, and according to described operating data bag and the described first dynamic password generating run packet ciphertext;
Server obtains described operating data bag ciphertext by described host computer from described card reader;
Described server generates second dynamic password or the second dynamic password window, according to the dynamic password in second dynamic password or the second dynamic password window operating data bag ciphertext that receives is decrypted computing, after the data packet format that the judgement deciphering obtains is correct, the data base calibration server dynamic factor, whether the content of judging the packet that described deciphering obtains is correct, and the described second dynamic password window comprises at least two dynamic passwords;
When the packet content that obtains when described deciphering is correct, the data executable operations in the packet that obtains according to described deciphering, generating run result data bag;
Generate the 3rd dynamic password, and according to described operating result packet and described the 3rd dynamic password generating run result data bag ciphertext,
Described server sends described operating result packet ciphertext by described host computer to described card reader;
Described card reader generates the 4th dynamic password or the 4th dynamic password window, according to the dynamic password in the 4th dynamic password window or the 4th dynamic password described operating result packet ciphertext is decrypted computing, send the packet that deciphering obtains to described smart card, and by described host computer to described server transmit operation results suggest information, described the 4th dynamic password window comprises at least two dynamic passwords, and described operating result information is the successful information of operation or the illegal information of data;
Described server obtains the described operating result information that described card reader sends by described host computer;
When described server is the illegal information of described data in described operating result information, recover the data of changing in the operation of the data execution in the packet that obtains according to described deciphering.
2. the transmission of data according to claim 1 and processing method is characterized in that, described card reader will receive form the operating data bag from the operating data of host computer with from the card essential information of smart card before also comprise:
After described host computer receives the button trigger message, generate described operating data, and send described operating data to described card reader;
Described card reader sends and reads the card image order to described smart card, receives the card essential information that described smart card sends.
3. transfer of data according to claim 2 and processing method is characterized in that, after described host computer receives described button trigger message, generate described operating data, and also comprise before described card reader sends described operating data:
Described host computer triggers described card reader and reads the card image order to described smart card transmission;
Described card reader receives the card essential information that described smart card sends.
4. transfer of data according to claim 2 and processing method is characterized in that, after described host computer receives described button trigger message, generate described operating data, and also comprise after described card reader sends described operating data:
Described card reader sends to described smart card and reads the card image order;
Described card reader receives the card essential information that described smart card sends.
5. the transmission of data according to claim 1 and processing method is characterized in that, described server generates second dynamic password or the second dynamic password window comprises:
When the dynamic password of described server generation is time type, generate the second dynamic password window, when the dynamic password of described server generation is event mode, generate second dynamic password or the second dynamic password window.
6. the transmission of data according to claim 5 and processing method is characterized in that, described card reader generates the 4th dynamic password or the 4th dynamic password window comprises:
When the dynamic password of described card reader generation is time type, generate the 4th dynamic password window, when the dynamic password of described card reader generation is event mode, generate the 4th dynamic password or the 4th dynamic password window.
7. the transmission of data according to claim 6 and processing method is characterized in that,
When described second dynamic password or described the 4th dynamic password are the time type dynamic password, described second dynamic password or described the 4th dynamic password are the dynamic password that generates according to corresponding dynamic factor of current server time, the described second dynamic password window is one group of dynamic password centered by second dynamic password, and described the 4th dynamic password window is one group of dynamic password centered by the 4th dynamic password;
When described second dynamic password or described the 4th dynamic password are the event mode dynamic password, described second dynamic password or described the 4th dynamic password are for generating the dynamic password that time numerical value generates as dynamic factor with the current dynamic password of storing in the server, the described second dynamic password window is for being one group of dynamic password of starting point with second dynamic password, and described the 4th dynamic password window is for being one group of dynamic password of starting point with the 4th dynamic password.
8. the transmission of data according to claim 7 and processing method is characterized in that,
When the dynamic password in the described second dynamic password window and described the 4th dynamic password window was the time type dynamic password, described data base calibration server dynamic factor was for replacing with server time the corresponding time of dynamic factor of the dynamic password that successfully decrypts the operating data bag in the second dynamic password window;
When the dynamic password in the described second dynamic password window and described the 4th dynamic password window is the event mode dynamic password, then described data base calibration server dynamic factor for server is generated dynamic password time numerical value replace with the second dynamic password window in successfully decrypt the current generation dynamic password time numerical value of the dynamic password of operating data bag.
9. the transmission of data according to claim 1 and processing method is characterized in that, the described transmission to described smart card deciphered the packet that obtains, and comprises to described server transmit operation results suggest information by described host computer:
The packet that described card reader transmission deciphering obtains is to described smart card;
Described smart card judges whether the data in the packet that described deciphering that described card reader sends obtains are legal;
When the data in the packet that described deciphering obtains were legal, described smart card upgraded the card essential information of described smart card, and sent the successful information of described operation to described card reader;
When the data in the packet that described deciphering obtains were illegal, described smart card sent the illegal information of described data by described card reader and described host computer to described server.
10. the transmission of data according to claim 1 and processing method is characterized in that, send the packet that described deciphering obtains to described smart card, and comprise to described server transmit operation results suggest information by described host computer:
Described card reader judges whether the data in the packet that described deciphering obtains are legal;
When the data in the packet that described deciphering obtains are legal, described card reader sends described legal data to described smart card, after described smart card receives described legal data, upgrade the card essential information of described smart card, and send the successful information of described operation to described card reader;
When the data in the packet that described deciphering obtains were illegal, described card reader sent the illegal information of described data by described host computer to described server.
11. the transmission of data and treatment system is characterized in that, comprising: smart card, card reader, host computer and server;
Described smart card comprises:
First sending module is used for sending card essential information and operating result information to described card reader;
First receiver module is used for receiving reading the order of card essential information and deciphering the packet that obtains of described card reader transmission;
Operational module carries out corresponding operating for the data of the packet that obtains according to described deciphering, generates described operating result information;
First memory module: the described card essential information that is used for the described smart card of storage;
Described card reader comprises:
Interface module is used for described card reader and described host computer and connects;
The draw-in groove module is used for described card reader and described smart card and connects;
Second receiver module is used for receiving described card essential information and the described operating result information that described smart card sends, and receives operating data and operating result packet ciphertext that described host computer sends;
Group bag module, the described operating data and the described card essential information that are used for receiving are formed the operating data bag;
The first dynamic password module is used for generating first dynamic password and the 4th dynamic password or generating first dynamic password and the 4th dynamic password window according to the dynamic password generation key element of described card reader storage inside;
First encrypting module is used for according to described operating data bag and the described first dynamic password generating run packet ciphertext;
First deciphering module is used for according to the dynamic password of described the 4th dynamic password or described the 4th dynamic password window described operating result packet ciphertext being decrypted computing;
Second sending module, be used for reading the card image order and deciphering the packet that obtains to described smart card transmission, send to described host computer and to encrypt successful information and operating result information, and send described operating data bag ciphertext to host computer receiving when obtaining the encrypted result instruction;
Second memory module is used for the storage dynamic password and generates key element, cryptographic algorithm and decipherment algorithm;
Power module is used to described card reader that electric energy is provided;
Described host computer comprises:
Communication module, the operating data bag ciphertext that is used for described card reader is sent sends to described server, the operating result packet ciphertext that described server is sent sends to described card reader, and the operating result information that described card reader is sent sends to described server;
Key-press module is used for receiving the button trigger message;
Generation module is used for generating described operating data according to described button trigger message;
Described server comprises:
The 3rd receiver module is used for receiving described operating data bag ciphertext and the operating result information that described host computer sends;
The second dynamic password module, the dynamic password that is used for storing according to described server generates key element and generates second dynamic password and the 3rd dynamic password or generate the second dynamic password window and the 3rd dynamic password;
Second deciphering module is used for according to the dynamic password of described second dynamic password or the described second dynamic password window the described operating data bag ciphertext that receives being decrypted computing;
Second judge module is for judging whether the packet that deciphering obtains is complete;
Calibration module, when complete for the packet that obtains in described deciphering, the data base calibration server dynamic factor;
Executive Module, when complete for the packet that obtains in described deciphering, data executable operations in the packet that obtains according to described deciphering, generating run result data bag, also be used for when described operating result information is the illegal information of operating result data, recover the data of changing in the operation of the data execution in the packet that obtains according to described deciphering;
Second encrypting module is used for according to described the 3rd dynamic password and described operating result packet generating run result data bag ciphertext;
The 3rd sending module is used for sending described operating result packet ciphertext to described host computer;
The 3rd memory module is used for the storage dynamic password and generates key element and cryptographic algorithm.
12. the transmission of data according to claim 11 and treatment system is characterized in that, described card reader also comprises:
The 3rd judge module is used for judging whether the data of the packet that described deciphering obtains are legal.
13. the transmission of data according to claim 11 and treatment system is characterized in that, described smart card also comprises:
First judge module is used for judging whether the data of the packet that the described deciphering of described card reader transmission obtains are legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110266200 CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110266200 CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102315940A CN102315940A (en) | 2012-01-11 |
| CN102315940B true CN102315940B (en) | 2013-09-18 |
Family
ID=45428781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110266200 Expired - Fee Related CN102315940B (en) | 2011-09-08 | 2011-09-08 | Data transmission and processing system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102315940B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647648B (en) * | 2013-12-10 | 2017-01-18 | 飞天诚信科技股份有限公司 | Safety communication method |
| US10210323B2 (en) * | 2016-05-06 | 2019-02-19 | The Boeing Company | Information assurance system for secure program execution |
| CN111031535A (en) * | 2019-11-15 | 2020-04-17 | 华中科技大学 | Secure communication method and system for smart card system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1387647A (en) * | 1999-10-08 | 2002-12-25 | 株式会社韩亚银行 | Apparatus and method for on-line transaction using smart card |
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN101719054A (en) * | 2009-12-24 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and device for realizing multi-card slot access |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3900152B2 (en) * | 2003-12-25 | 2007-04-04 | 松下電器産業株式会社 | Information reading apparatus and information reading system |
-
2011
- 2011-09-08 CN CN 201110266200 patent/CN102315940B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1387647A (en) * | 1999-10-08 | 2002-12-25 | 株式会社韩亚银行 | Apparatus and method for on-line transaction using smart card |
| CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
| CN101719054A (en) * | 2009-12-24 | 2010-06-02 | 北京飞天诚信科技有限公司 | Method and device for realizing multi-card slot access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102315940A (en) | 2012-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101667240B (en) | Intelligent card and card writing method, equipment and system thereof | |
| EP2442601B1 (en) | Method and system for automatically logging in client | |
| CN106529969B (en) | Method and system for checking fake source by NFC | |
| CN107508679B (en) | Binding and authentication method for intelligent terminal main control chip and encryption chip | |
| CN101339597B (en) | Method, system and equipment for upgrading read-write machine firmware | |
| CN101122942B (en) | Data safe reading method and its safe storage device | |
| CN101739758B (en) | Method for encrypting and decrypting smart card, system and reader-writer | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN103714635A (en) | POS terminal and terminal master key downloading mode configuration method thereof | |
| CN102571340A (en) | Certificate authentication device as well as access method and certificate update method thereof | |
| CN101582125B (en) | Communication device, communication method, reader/writer, and communication system | |
| CN102123027A (en) | Information security processing method and mobile terminal | |
| CN101866411B (en) | Security certification and encryption method and system of multi-application noncontact-type CPU card | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| CN101587458A (en) | Operation method and device for intelligent storing card | |
| CN102315940B (en) | Data transmission and processing system and method thereof | |
| CN102082669A (en) | Security certification method and device | |
| CN101883357A (en) | Method, device and system for mutual authentication between terminal and intelligent card | |
| CN105577361A (en) | Information processing method and device thereof | |
| CN102118745B (en) | Method and device for secure encryption for mobile payment data, and mobile phone | |
| CN201742425U (en) | Non-contact type CPU card multi-application security authentication and encryption system | |
| CN101236674A (en) | Intelligent cipher key equipment and method for information exchange with external apparatus | |
| CN214175061U (en) | Binding system of terminal equipment and external password keyboard | |
| CN103324970B (en) | The receiving/transmission method of a kind of RFID of highly effective and safe and system thereof | |
| CN102307100B (en) | Data processing device and data processing method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130918 |