CN101042736B - Smart card and method for accessing objects in smart card - Google Patents
Smart card and method for accessing objects in smart card Download PDFInfo
- Publication number
- CN101042736B CN101042736B CN2006100251359A CN200610025135A CN101042736B CN 101042736 B CN101042736 B CN 101042736B CN 2006100251359 A CN2006100251359 A CN 2006100251359A CN 200610025135 A CN200610025135 A CN 200610025135A CN 101042736 B CN101042736 B CN 101042736B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- smart card
- card
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
This invention discloses one intelligent card memory subject method by use of capacity device in subject type, which comprises the following steps: testing order parameters and judging its legality and analyzing its detail operation type; analyzing input subject label and judging whether the current application entrance label is same; if yes, then indexing the current entrance; if there is the subject, fulfilling the memory operation flow according to the subject property; due to APDU subject this invention is for each detail application flow.
Description
Technical field
The present invention relates to a kind of data storage and field of information processing, particularly relate to a kind of smart card and the method for access object in smart card.
Background technology
Because there are defectives such as poor stability in existing magnetic stripe card, so each bank is all progressively adopting smart card (CPU card) to replace magnetic stripe card both at home and abroad, and separately or the associating industry user issued a large amount of smart cards.Generally speaking, smart card is one and comprises the plastic cards that embeds integrated circuit (IC), comprise a miniature central processing unit (CPU), ROM, RAM and other attached peripheral circuit in the integrated circuit, this integrated circuit have with computer like ability, for example: working procedure, handle the input and output data.When using above-mentioned CPU card, need provide power supply and other interfacing equipment by the outside.
For standard from the transition process of magnetic stripe card to IC-card (being often referred to the CPU card), three big international cards organize Europay, MasterCard, Visa to work out financial payment application standard based on IC-card jointly, are called for short the EMV standard.So-called EMV migration is meant, according to the EMV standard, moves to IC-card from magnetic stripe card in each links such as hair fastener, receipts list, message switching, business processing, Related product authentications.
In order to adapt to the needs of internationalization competition rapidly, improve self competitive power as early as possible, during the card EMV of domestic bank migration is progressively being implemented, in the near future, the CPU card will become the smart card that most of people carry.The function of the own smart card of expansion that credit card issuer is all more positive usually, how with this demand of credit card issuer and industry user's project in conjunction with being exactly very important problem.
ISO7816 the 1st~7 part of ISO (International Standards Organization) regulation has been stipulated one group of standard that covers CPU card various aspects.ISO7816 comprises: SCQL instruction (the 7th part) between data element (the 6th part) and industry between exchange instruction (the 4th part), application program identification (the 5th part), industry between physical characteristics (part 1), size and contact position (part 2), electronic signal and host-host protocol (the 3rd part), industry.
For the CPU card, the many application that realize the CPU card are urgent developing direction, so-called many application are meant and have a plurality of application that on same sheet smart card as financial wallet, oiling wallet, work attendance gate inhibition etc., these are applied in and are in different application area in logic respectively usually.Realize necessary main following three partial contents of considering of the many application of CPU card: the memory mechanism of application data on smart card; Application data is data on the access card how; How smart card cooperates actual application to realize concrete application flow.
Existing common IC-card operating system is followed catalogue and the file mode based on the ISO7816 standard, realizes the memory mechanism of application data on smart card, as shown in Figure 1.
Adopt the mode of catalogue and file to carry out the storage of application data in the existing IC-card, promptly existing substantially all is the smart card of file-oriented system.The memory mechanism of the similar common floppy disk of storing process of described file data etc., the capacity of CPU card commonly used only is 8K or 16K byte only now, capacity is less.And, when CPU commonly used now is stuck in operation file, there is following restriction:
The type of the file that statement was earlier created when 1, the CPU card was created a file and the space size of creating file; And the length of determining the back file is exactly fixing, unalterable, thereby the space of application can't reuse before causing.
2, the CPU card cannot be deleted after having created a file.(test can make an exception hair fastener the time, but that deletion this moment is MF, promptly deletes All Files and catalogue in the smart card)
3, CPU Cavan part type has only seldom severally, and promptly file type is fixed.
4, the CPU card is created file, written document must be undertaken by the mode that sends message to smart card, and the byte number of at every turn writing generally can not surpass 256 bytes, complex disposal process.
With reference to Fig. 1, CPU card commonly used now generally comprises file types such as master file MF, private file DF and basic data file MF.The private file (DF, Dedicated File) of card is tree structure with basic data file (EF), and each private file is the entrance of its subordinate's basic data file.
Described master file MF (Master File) is a root directory, is the root of smart card document system, is equivalent to the root directory of DOS, and every card has and have only a MF file.Certainly, the establishment mode of the MF of different intelligent card manufacturer is different.Mainly contain dual mode: in the smart card personalization process, create, give birth to smart card as bright China, moral by the card issuer; Perhaps, create when manufacturer provides smart card, the card issuer can not create again, as holds strange smart card.
Described DF (Dedicated File) file is equivalent to the sub-directory of DOS.Described DF file can be further divided into DDF and ADF again, and the DF that generally will comprise subprime directory is referred to as DDF, does not comprise the ADF that is referred to as of subprime directory.
The realizations of using reach by creating a plurality of ADF (promptly creating a plurality of catalogues) more for existing IC-card.Each ADF represents an application.Corresponding file is arranged under each ADF, deposit corresponding data in the corresponding file.
The ISO7816 standard has also defined some access instructions at file system, as read binary file, write binary file etc., existing IC-card operating system all adopts the mechanism of 7816 li definition basically, and the special instruction that adds self-defining or sector application is in addition again realized.
For example, the CPU card has so instruction: SELECT MF, this instruction expression enters the root directory of smart card, but because the operating system of CPU card is fairly simple, it does not handle the thing of this pure character, and must become hexadecimal form to instruction transformation when smart card sends instruction: the order format that converts smart card to is: 00 A4,00 00 02 3F 00.
Because the ISO7816 standard has only been stipulated some simple access instructions, realize for the special instruction that different application then needs to add self-defining or sector application, so, how smart card cooperates the realization flow of concrete application to unify, for example, the People's Bank has defined and has realized that instruction, China Petrochemical Industry that consumption and circle are deposited have defined the trip instruction, Ministry of Labour of locking of grey lock and defined own realization instruction or the like of guarantor and social security always.Different sector applications is provided with different file structures, length etc. and stores according to self needs, different special instructions is set realizes different application flows.
In a word, the memory mechanism of existing C PU card causes following several problems:
Because the type of the file that statement is earlier created when creating a file and the space size of creating file; And, determine that type, the length of back file is fixed, and cannot delete, thereby the space that causes applying in the past can't reuse.
Because different industries all needs to carry out corresponding performance history when using distribution CPU card, makes this CPU card can carry out special instruction, the flow process of the industry or enterprise.When the new application of the industry or other industry wishes to use jointly this CPU card (promptly creating new the application in this CPU card), but because this CPU card can't be carried out its special instruction, flow process, then have to develop again a neocaine, on the one hand cause cost of development high, and subsequent upgrade or business integration be difficult to realize; Cause different application needs to use different CPU cards on the other hand again, make troubles for consumer and service provider.That is to say that prior art is created the process of using must comprise a performance history at card itself, and can't create Another application easily in this smart card, because need develop process again at this new application in smart card.
And because the application of every profession and trade has uniqueness, self-defined various application instruction and flow process, and existing smart card can't adapt to the different concrete application flow of every profession and trade so bring smart card to use difficulty in the realization more.
The exploitation of application of IC cards mainly is the privately owned exploitation behavior of certain company in the prior art.Though look the same for all smart cards, the operating system software of each smart card all is not quite similar, and there are differences on the interface that design is used.This means that B company has also made a kind of smart card if A company has made a kind of smart card, on these two kinds of cards, make up identical application and have very big uncertainty, even may not finish.This is limited in the less relatively circle with regard to the application and development that causes smart card, is difficult to realize and promote many application of smart card.
Can satisfy instruction or the flow process that every profession and trade is used the CPU card because prior art can't be made a cover, make cost of development high, and subsequent upgrade or business integration be difficult to realize.The independent hair fastener of sector application provider or for certain reason and money pool hair fastener also presses for a general standard and instructs, risk and the cost brought when reducing subsequent upgrade or business integration.
Summary of the invention
In view of the above problems, the purpose of this invention is to provide a kind of smart card platform of public opening, so that: reduce or eliminate the technology barrier of credit card issuer when business development, promote exploitation fast the many application markets of smart card; Satisfy the characteristics and the demand of sector application, independence and privacy that the protection every profession and trade is used; And the application of compatible a plurality of application developers.
For solving the problems of the technologies described above, the objective of the invention is to be achieved through the following technical solutions:
The method of access object in a kind of smart card, described smart card adopts container and subject memory data, may further comprise the steps: check order parameter, judge legitimacy, and analyze and determine concrete action type; Resolve the object identity of input, judge whether identical with the sign of current application class inlet; If identical, then in current application class inlet list object, retrieve this object; If there is this object,, finish the accessing operation flow process of corresponding object then according to action type and the object properties determined.
Preferably, if corresponding operating process for quoting flow process, then with the data field content resolution of instruction and check data field length Lc and whether data field mates, and whether the structure of data field inside correct; If check and pass through, then determine according to the attribute of object whether current referencing operation is legal; If legal, then quote corresponding object.
Preferably, the described object of quoting comprises the APDU object that is used to realize certain application instruction function.Preferably, if current object is a key object, then carry out corresponding verification process according to the key attribute; If authentication is passed through, then quote this key object.
Preferably, if corresponding operating process is the deletion flow process, then with the data field content resolution of instruction and check data field length Lc and whether data field mates; If coupling, the state machine of inspection current application class; If the deletion condition of corresponding object satisfies, then this object occupation space is all discharged, and upgrade the relevant tabulation of object therewith.
Preferably, if corresponding operating process is for reading flow process, then with the data field content resolution of instruction and check data field length Lc and whether data field mates; If coupling checks whether the attribute of current object is common data object; If, check the state machine of current application class item by item then according to reading of data item tabulation (DOL); If the reading conditions of data item satisfies, then the content of this data item is read.
Preferably, if corresponding operating process is new technological process more, then with the data field content resolution of instruction and check data field length Lc and whether data field mates; If coupling checks whether the attribute of current object is common data object; If then, check the state machine of current application class item by item according to upgrading list of data items (DOL); If the update condition of all data item all satisfies, then with the content update of this data item.
Preferably, if corresponding operating process is value added or the depreciation flow process, then with the data field content resolution of instruction and check data field length Lc and whether data field mates; If coupling checks whether the attribute of current object is calculating object; If then check the state machine of current application class; If the value added or depreciation condition of data item satisfies, then value added the or depreciation with the content of this data item.
Preferably, if corresponding operating process is the release treatment scheme, then finish following step:
Whether the key that step 4, judgement are used for vessel certification locks; If not locking, the then value of twin check value and preservation PUK; If verification succeeds, then unlocking PIN;
Whether the key that step 5, judgement are used for vessel certification locks; If do not lock, then the PIN value of twin check value and preservation; If verification succeeds then upgrade the value of PIN;
Whether the key that step 6, judgement are used for vessel certification locks;
If locking does not judge then whether the key of release vessel certification key locks; If not locking then utilizes card uniqueness sign that the application class Personal Unlocking Key is disperseed, obtain the releasing process key; The releasing process key obtains authenticating ciphertext with the random number encryption of terminal input; The ciphertext of more described authentication ciphertext and input, if the comparative result unanimity, then release success.
The present invention also provides a kind of intelligent card data treating apparatus, smart card adopts container and subject memory data, and provide the general insertion and the operation of reference object in container end, this intelligent card data treating apparatus comprises: check module, check order parameter, judge legitimacy, and analyze and determine concrete action type; Parsing module is resolved the object identity of importing, and judges whether identical with the sign of current application class inlet; If identical, retrieval module is this object of retrieval in current application class inlet list object; If there is this object,, finish the accessing operation flow process of corresponding object then according to action type and the object properties determined.
The invention also discloses a kind of smart card methods of using that realize more, comprising: at least one container is set; Data are stored according to the mode of container and object, comprise the object set of at least one application in each container; The operation-interface of container is set, to realize general operation at object.Preferably, according to the characteristic of data, data are stored as data object, calculating object, key object and Application Protocol Data Unit APDU object respectively; Described data object is used for storing applied data, and described calculating object is used to store sensitive data, and described key object is used to store the key data of application; Described APDU object is used to store the instruction sequence data that realize specific function.
Compared with prior art, can draw from technique scheme, the present invention has the following advantages:
Because smart card of the present invention adopts the notion application data of container, object to store, and provide general operation at object in container end, and own security mechanism and the application flow that will use given external treatment fully, reached maximum versatility, this is to adopt the standard of ISO7816 file system to be difficult to accomplish.Described versatility is embodied in, adopt the date storage method of smart card of the present invention, only need carry out primary development at this smart card gets final product, later personalization process and use flow process can adopt generalized flowsheet to realize, and do not need because the process that certain concrete special requirement of using or special instruction are developed again to this smart card.
Adopt the notion of object to solve the application data store problem, and the interface that standard is provided is realized the insertion and the accessing operation of object, so the concrete form of application data of the present invention without limits, define voluntarily and set by application itself, thereby solved the access issues of data simultaneously; Preferably, the present invention can also adopt the safe packet mechanism consistent with traditional approach to come assurance system and data security.
Because the present invention has adopted the data storage method of container and object, use so more son, is created in the application that smart card of the present invention can also be specifically independent with certain as container below this is used, thereby can realize a plurality of little application.
The flow process of using of creating in smart card of the present invention goes for various industries, and a kind of general visioning procedure is provided.Only need carry out primary development in the distribution process of smart card and get final product, the method that various sector applications can adopt establishment of the present invention to use is created in smart card and is used, i.e. the present invention can realize creating use very easily in smart card.
Realization for the fit applications flow process, the present invention adopts the APDU object to realize the function of the instruction that definition in the past is special-purpose, the initiative that addresses this problem is sent to application one side from smart card, can be by using the corresponding object of specific design, as long as it is just passable to insert container.Container is handled the APDU object class like a hook, when finding that the instruction that the card fetch equipment is sent is not the instruction of standard, then check current APDU list object, if certain object meets the request of processing then calls processing, the function of definition special instruction before can realizing.
Because the employing of APDU object makes the flow process of access object of the present invention go for the concrete application flow of various industries.General read, flow process such as reference object is unified, and the flow process of execution special instruction also is unified: quote corresponding APDU object earlier, finish special command function by this APDU object control flow then.
Because solved the storage problem and the access issues of data, and practical application has also been sent in the processing of application flow gone to handle, the present invention just can provide unified multi-application platform.All manufacturers of IC-card industrial chain all can develop general, compatible product, reduce cost, and promote the development of whole industry.
A multi-application smart card platform opening, interoperable all will bring benefit for different mechanisms, for example, and holder, trade company, card issuer, acquirer, system integrator, smart card vendor and card fetch equipment supplier etc.For the card issuer, can provide common platform to use for business partner, facilitate to the holder, keep its loyalty, improve the enthusiasm of using the one's own profession card; For the holder, can obtain the various services that the card issuer provides easily, timely, can understand integration volume or the information such as VIP grade of oneself at any time; For trade company, acquirer, system integrator, smart card vendor and card fetch equipment supplier, can be various application services by public platform and POS system, such as can on holder's card, easily adding the integrating system of oneself, and need not any investment.
Because smart card of the present invention has unified interface; so system integrator, facility supplier can develop the product of standard; avoid certain concrete project development is increased cost of development; and card issuer also can reduce the compatible risk of system; and keep enough openings; guarantee that follow-up business can update to smart card and relevant link, the protection gain on investments.
Description of drawings
The present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
Fig. 1 is based on the catalogue of ISO7816 standard and the intelligent card data storage mode synoptic diagram of file;
Fig. 2 is the device block diagram of the application of smart card;
Fig. 3 is an information flow chart of realizing the APDU object;
Fig. 4 is a system construction drawing of realizing the APDU object;
Fig. 5 is the container of data storage in the smart card and the concept map of object;
Fig. 6 is relation between objects figure dissimilar in the container of data storage in the smart card;
Fig. 7 is the block diagram of vessel certification flow process;
Fig. 8 is a block diagram of inserting the treatment scheme of object;
Fig. 9 is the block diagram of the treatment scheme of access object;
Figure 10 is the block diagram of the treatment scheme of reference object;
Figure 11 is the block diagram of the treatment scheme of deletion object;
Figure 12 is the block diagram of the treatment scheme of reading object;
Figure 13 is the block diagram of the treatment scheme of upgating object;
Figure 14 is the block diagram of the value added treatment scheme of object;
Figure 15 is the block diagram of the treatment scheme of object depreciation;
Figure 16 is the block diagram of the treatment scheme of release vessel certification key.
Embodiment
Use (Application) described in the present invention and generally be meant smart card and card fetch equipment (Card Acceptance Device, CAD) application protocol between and relevant data.A typical smart card device generally comprises one 8 or 16 the microprocessor that operates in 3.7MHz, has the RAM of 1K and more than the nonvolatile memory (programmable read only memory or flash memory) of 16K.Smart card can be divided into can contacting with non-and contacts.Can contact 8 the contact physics of smart card by card reader and smart card and contact communication and work, rely on less than the radiofrequency signal communication within 2 feet the general distance but not can contact smart card.
The application of typical smart card of the present invention is not what isolate, but comprises smart card, card fetch equipment and backend applications.With reference to Fig. 2, the device block diagram of the application of smart card.
Smart card inserts the card fetch equipment that can link to each other with another computing machine, thereby realizes data transmission and processing.The card fetch equipment can be called terminal, card reader or interfacing equipment (IFD) again.Above-mentioned card fetch equipment all has to smart card to be provided power supply and sets up the basic function that data transmission is connected.
The service that card is gone up APDU object (perhaps being called applet) that can provide support of described backend applications.For example, being connected of the certificate on a backend applications can provide security system and block provides powerful security.In an electronic payment system, backend applications can provide credit card to visit the service of other payment informations.Described APDU is meant Application Protocol Data Unit (Application Protocol Data Unit).Described APDU object class comprises the instruction set that can realize certain function like the JAVA small routine.
Card fetch equipment end primary application program is present in one for example in the such desktop computer of personal computer, electronic payment terminal, mobile phone or the secure subsystem.Described card fetch equipment primary application program is handled the communication between smart card, APDU object and supplier's the backend applications.
Card fetch equipment (CAD) is the interfacing equipment that is between primary application program and the smart card device.Described card fetch equipment CAD provides electric power for smart card, and carries out electronics or radio communication with this smart card.Described card fetch equipment CAD may be a card reader of using serial port to invest desk-top computer, perhaps may be integrated in the other-end, for example the electronic payment terminal in restaurant or the refuelling station.This interfacing equipment passes on Application Protocol Data Unit (Application Protocol Data Unit, be called for short APDU) instruction from the primary application program to the smart card, and passes on response from smart card to primary application program.Certainly, some card fetch equipment CAD can also be useful on the keyboard of input Personal Identification Number, is provided with to also have display screen.
Preferably there are the one or more APDU objects that can realize certain command function in the smart card of the present invention, also need to exist support software, for example, the operating system of smart card etc.Because smart card of the present invention can be stored the APDU object, use the APDU object can simulate any known or possible instruction, corresponding virtual machine and order set support then must be arranged, be that smart card of the present invention can also comprise corresponding virtual machine and order set, in order to guarantee the execution of instruction.
With reference to Fig. 3, be the information flow chart of realizing the APDU object; With reference to Fig. 4, be the system construction drawing of realizing the APDU object.
APDU sets up related with INS with the APDU order that card fetch equipment (CAD) sends by CLA to liking a predefined program.When container at certain APDU object, and CLA, the INS byte of the card fetch equipment CAD APDU order of sending are identical with CLA, the INS of this APDU object association, then this program will be performed, thereby finishes specific application function.
Realize the APDU object, need that then the corresponding instruction system is set and virtual machine is supported, quote the APDU object, its content (with the program of high level language) will be compiled into a string instruction sequence, program implementation is exactly that corresponding instruction sequence is carried out on machine code in fact, it is a transfer process that the program compilation of APDU object is become instruction sequence, the language that the language conversion that the mankind are understood easily becomes machine to understand easily.In order to improve operational efficiency, conversion (compiling) process can realize in that card is outside, and downloading on the card is instruction sequence after changing.
To quoting of APDU object is exactly to carry out the corresponding instruction sequence in fact, and micro-order is in each the bar instruction in the instruction sequence again.In the reality, different chips may have different machine construction and instruction set, the function of micro-order definition is realized it must being translated once more the instruction of the special use of this chip platform of title on concrete chip platform, the mechanism of this translation and method just are referred to as virtual machine.
With reference to Fig. 3 as can be known owing to be provided with the order set of realizing the APDU object, so the APDU object (microinstruction sequence) after the compiling can on any chip platform, move because its order set has nothing to do with concrete chip platform.Fig. 4 shows the system construction drawing of realizing the APDU object.How the translation rule and the process of virtual machine definition micro-order comprise accessing operation number etc., how maintenance instruction stack, order register and symbol table.Different chips realizes that the virtual machine of APDU object is identical.
The order set of realization APDU object can be set according to the needs of real data processing procedure.Certainly, general order set can set add instruction, subtract instruction, take advantage of instruction, except that instruction, comparison order, conditional branch instruction, left dislocation instruction, right displacement commands, pop down instruction, pull instruction, deposit operand etc., the present invention is not limited this.
With reference to Fig. 5, at first the container of data storage in the smart card and the notion of object are described in detail.
Container has many objects can reference in actual environment, such as office, city, village and society etc., wherein comprised many other, various things, be referred to as object by what container contained.Object has certain association in container, also may not have, but the object in the container needs the common rule of observing container.
For smart card, smart card itself is exactly a container in fact, and master file (MF, Master File) has comprised card and gone up all applications, and the DF under the MF is again a sub-container, has comprised to use concrete data or key.Container is exactly one group of manager that provides a series of services, and just can allow the interior management service (at the operation of object) of usable range as long as meet service request (standard) container of container.A DF on the smart card with unique application identifier (AID) sign, can identify into an application in payment system environment (PSE) lining.
So one of core of the present invention is just adopting the data storage framework of container and object, and provides the general insertion and the operation of reference object in container end, in order to reach the purpose of general-purpose platform; And own security mechanism and the application flow that will use given external treatment fully, reached maximum versatility, and this is to adopt the standard of ISO7816 file system to be difficult to accomplish.
Because operation, operating conditions and safe coefficient that different data relate to are not quite similar, therefore better meet various data for the basic general operation that container is provided, smart card of the present invention is stored as dissimilar objects respectively according to different data types.For example, can define following four class objects: data object, calculating object, key object and APDU object.With reference to Fig. 6, be the graph of a relation between the different object.
Data object is used for storing concrete application data, and an application can have a plurality of data objects.All application datas all must correspond on the corresponding object, a data object can comprise one or more application data items, different data item adopts the TLV construction packages, and the access condition of each data item (AC, Access Condition) can define separately.Described TLV is a kind of version, wherein T=TAG: sign; L=LENTGTH: length; V=value: value.Certainly, concrete data item also can adopt the structure that other can elongated degree, but described TLV structure is very easy to use, during establishment, defines a segment structure body size and adds that the space of variable length data length gets final product to it; During release, directly the total body is discharged just passable; Described release is meant the total occupation space is discharged, so the present invention adopts the form of data object can reuse the space of applying for.
Calculating object is a kind of special data object, is used for storing special sensitive data, and such as integrated value in the loyal project etc., a calculating object can only be stored a sensitive data item.Other settings of calculating object are identical with data object.
The key of key object storage application safety control, the corresponding key object of key, key object are used for the protected data object.A key object can only be stored a key, and the use of key itself also can specify other key object to protect.Described key object can adopt single-length and double-length symmetric key, also supports unsymmetrical key.By key object, can realize security mechanisms such as external authentication or route protection.
The APDU object class comprises the instruction set that can realize certain function like the JAVA small routine, and it can use self-defining interface, and the APDU instruction that microprocessor is responsible for the card fetch equipment is sent is transferred to corresponding APDU object, carries out concrete action by it.The APDU object class is like a Hook Function, and the application of appointment in entering container is in case when sending the APDU instruction of APDU object definition, container is given APDU object with control, explains this instruction by it.By corresponding virtual machine and order set support, the APDU object can be simulated any known or possible instruction, thereby reaches high generality.
Because smart card in most cases is to be had by the main publisher that uses, described many application container can be provided with increase and the deletion that a control key is used in order to control.Object in each is used then can be by self-defining security strategy control, i.e. security mechanism, the application flow of application itself are given the outside and handled, and further improve the versatility of sector application.
All data objects all may be subjected to key object protection, and key object is protected by other key object also may, but the APDU object is not subjected to key object protection, because described APDU object is used for simulating a general-purpose interface.When the inter-process of APDU object refers to data object or key object, be the same with the condition of external reference, promptly need to satisfy different objects access condition (AC) separately.
When two computing machines communicated each other, what exchange between them was the packet of constructing according to series of protocols.Similarly, smart card also uses the packet of oneself---be called APDU (Application Protocol Data Unit, Application Protocol Data Unit) to engage in the dialogue with the card fetch equipment.An APDU packet comprises an instruction or response message.What the communication of smart card was adopted is master slave mode, and smart card is played the part of driven role forever; In other words, smart card is always at the order APDU that waits for from the card fetch equipment.Subsequently, smart card is carried out the APDU specified action, and replys APDU with one and make answer to the card fetch equipment, promptly intercourses order APDU and replys APDU between smart card and the card fetch equipment.
The form that following table describes order APDU respectively in detail and replys APDU.
Table 1: order APDU and the form of replying APDU
The title head of order APDU is encoded to selected instruction described in the last table, and it comprises 4 fields: class (CLA), instruction (INS) and parameter 1 and 2 (P1 and P2), wherein each field comprises a byte.
CLA: class byte, this byte are used for the classification of presentation directives;
INS: command byte, this byte representation instruction code;
P1-P2: parameter byte, this byte provide order APDU and further specify.
The main part of the APDU of order described in the last table comprises three fields, and wherein, Lc represents to order the byte number of the data field of APDU; Below representing, Le replys the byte number that the data field of APDU is wished.
The state byte SW1 and the SW2 that reply the afterbody of APDU described in the last table represent to order the treatment state of APDU in smart card.
Below smart card of the present invention is described carrying out the data element that APDU uses when mutual with the card fetch equipment, its length is unit with the byte.
Container comprises two data elements at least: container is realized version and container uniqueness sign, and certainly, described container can also comprise other data element, for example below shown in:
Table 2: container data unit
Table 3: the data element that object comprises
| Data element | Code | Type | Length | Implication |
| Sign | OUID | OID | 5-16 | The unique identification of object |
| Attribute | Attrib | Scale-of-two | Variable | The attribute of object |
| Object AC | OAC | Scale-of-two | 2 | The access condition of object |
| Content | Content | TLV | Variable | The content of object |
Table 3 has been described some data elements that object may comprise.Wherein object identity is used for an object in unique sign container, owing to may hold a plurality of application in the container, each is used and all defines an a plurality of object, and this just requires object identity must be able to distinguish different application and the interior different objects of same application.
In ISO7816, identify one and use the define method that use is called AID, the length of AID can be from 5 to 16 bytes; ASN.1 (Abstract Syntax Notation 1) standard definition a kind of general object identity method OID, X.208 concrete definition and coded format see also.The length of OID without limits, the form of OID is according to tree-shaped rule definition, each layer is all by ISO or the definition of other international organization.OID has special compression storage format during storage, can save a lot of spaces.So, preferably adopt OID to identify the interior object of container here.Following Example is part of O ID definition and storage format:
Table 4:OID form and storage example
| OID | Implication | Storage format |
| 1.2.840.113549.1 | pkcs-1 | 2A?86?48?86?F7?0D?01 |
| 1.2.840.113549.1.9.1 | emailAddress | 2A?86?48?86?F7?0D?01?09?01 |
| 1.2.840.113549.3.7 | desCBC | 2A?86?48?86?F7?0D?03?07 |
| 5.9.86.0.0.1 | Unknown | D1?56?00?00?01 |
Adopt the OID type as object identity (OUID), OUID can be divided into two parts: last bit field sign object is should be with interior numbering (OSN), the affiliated application class (OAID) of domain identifier object that the front is all.Use OAID to come unique application class of sign in a container, the span of OSN is restricted to 1~254, and interior application of container just can have 254 objects at most.For example:
Object properties in the object data unit can define with two bytes, define the type and the attribute of object respectively, describe in detail below.
Table 5: object properties first byte definition
The first byte position 8,7 has identified the type of an object, if data object, calculating object or APDU object, the remaining bit and second byte all keep use.
If key object, the remaining bit of first byte then is used to define the purposes of key object.If key object, then second byte is used to define the attribute of key.Table 5 shows some concrete conditions of definition:
Table 6: object properties second byte definition
Each data object in container can be by APDU by external reference, and key object can be quoted by data object or other key object, and the APDU object can be by external call; Quoting between object only limits to the same application in the container, and promptly object all has identical OAID, and described OAID is used for identifying the affiliated application class of object; All objects also can be deleted, and the prerequisite of quoting or deleting is defined as service condition (AC, Access Condition).
Object-based operation can have two classes: quote (Reference) and deletion (Delete).
Data object to quote condition nonsensical, object is the set of a data item, and all data item all have the AC of oneself respectively.The condition of quoting of APDU object is also nonsensical.
The referencing operation of key object is explained according to the purposes and the attribute of key, if PIN then is interpreted as the verification password, if the external authentication key then is interpreted as using external authentication; Claiming the route protection key if encryption key is then explained, by key attribute decision protected mode, if attribute definition is MAC KEY, is the protected mode that expressly adds MAC, if attribute definition is ENC ﹠amp; MAC KEY then adds the protected mode of MAC for ciphertext; Following table is the action interpretation when referring to a key object.
Table 7: the action interpretation of key object
The service condition of object (AC) can be defined as a byte, and value is 0~255.According to object-based operation, each object has two AC, first byte be defined as the condition of quoting (Reference AC, RAC), second byte be defined as the deletion condition (Delete AC, DAC), AC is defined as follows shown in the table:
Table 8: the definition of object AC
| Value | Definition |
| 0 | Free |
| 1-254 | Object number, concrete implication is explained by the attribute of object |
| 255 | Forbid |
When the AC value was 0, expression was unconditional, and promptly any condition can be visited; If be 255, then be expressed as and forbid; Other then points to certain object, is decided the condition of visit by the attribute definition of this object.
The content of object can be divided into two-part structure, the attribute of the data item of part definition object storage inside, and a part is a data item itself.The attribute of data item is meant the access condition of data element, and the access condition of a plurality of data item is formed a tabulation.The content that is object is made up of data item service condition tabulation (ACL) and data item itself.The form of service condition tabulation (ACL) can adopt the notion of the DOL in the similar EMV standard, is made up of one group of label (Tag) and access condition (AC), and form is the AC that closelys follow the data element of this Tag definition behind the Tag.For the length and the enhancing ease for use that reduce ACL, suggestion will have the data item of identical AC packs with a template, and all data item in the template all will be inherited the AC of template.
Operation and service condition based on data item are described below:
In data object, the operation of data item is normally read (Read) and is write (Update), and for special data item, such as sensitive informations such as the amount of money or some certificates, for the purpose of safety, the operation of permission is to increase progressively (Increase) and successively decrease (Decrease); For the data item of key object, (Update) only write in the operation of permission; And for the APDU object, preferred, do not allow to operate.
The data item service condition can be defined as two bytes, and for data object, first byte is defined as to be read conditioned disjunction and increase progressively condition, and second byte is defined as write condition or lapse conditions; For key object, first byte is defined as the mistake of key and uses the protection counter, and high nibble is a maximal value, and low nibble is an initial value, and second byte is defined as write condition.
All data item can represent with the TLV structure, do not allow to occur the data item of same label in object, and the data item of different objects can adopt identical label.
The establishment and the choice mechanism of container and application class are described below:
Design owing to The present invention be directed to use more, can contain open platform and non-open platform,, promptly this is not limited so the establishment of container is not done to require and description here.
Container is as many application carrier, and after the card fetch equipment sent SELECT command selection container, smart card need return some information and the public information of container itself, and the information of container that need return sees the following form:
Need the information of container that returns after the table 9:SELECT order
| |
1 byte |
| Smart card uniqueness mark | 8 |
| Container characteristics | |
| 1 byte | |
| The |
2 |
| Remaining space | |
| 2 bytes |
Public information can be kept in the public information object, after the card fetch equipment is selected container, has this object if smart card is checked in the container, returns after then its data item being attached to information of container.The establishment of public information object is created when creating container together, how to create and writing information the present invention does not limit.Certainly, preferred, can be with holder's information a part as the public information contents of object.
The authentication of container can be external authentication, also can be the PIN authentication, in case finish the verification process of container, container just allows to enter the state of creating object.
The establishment of application class must just can use Insert Object order to create after the authentication of finishing container, and an application class can be created nearly 254 objects, the OAID that uses when the OAID of the OID of the object of insertion must be authentication.
After the card fetch equipment sent the application class select command of the present invention definition, the application corresponding class was selected, and according to the reset state machine of container of the setting of the key object of current application class.
Creationary proposition adopts the notion of container and object to store after many application datas, and the present invention also needs to solve the access that how to realize in the application flow the object data on the smart card.Below the main authentication that relates to container, the process step that inserts object and access object introduced in detail.Wherein, might relate to the result who adopts status word to represent, following table has been described the status word and the implication thereof of preferred use.
Table 10: preferred status word and the implication of using thereof
| Status word | Implication |
| 90?00 | Successful execution |
| 65?81 | EMS memory error |
| 69?85 | Service condition does not satisfy |
| 69?82 | Safety condition does not satisfy |
| 67?00 | Length is not right |
| 6A?88 | Reference data does not find |
| 6B?00 | P1, the P2 parameter is incorrect |
| 6A?80 | The data field content is incorrect |
| 69?83 | The certification mode locking |
| 69?88 | Encrypt data or MAC mistake |
| 6E?00 | CLA does not support |
| 6D?00 | INS does not support |
With reference to Fig. 7, introduce the identifying procedure step of container below in detail.
The identifying procedure of container promptly obtains the process of access rights (GET ACCESS RIGHT), and vessel certification can adopt PIN authentication or external authentication mode.The authentication that obtains container can be created this application class to obtain the authority of inserting object in authentication, the application class of creating before also can selecting is to add object.But through the access rights obtained of authentication, when running into following any situation, this authority will lose efficacy immediately:
The card fetch equipment has sent a SELECT CLASS order
The card fetch equipment has sent GET ACCESS RIGHT order
The card fetch equipment withdraws from container
Just object can be inserted in the container after the identifying procedure by container, can may further comprise the steps as the identifying procedure step 1 of container:
Step 1: judge it is authentication or operation according to P1, if operation then changes step 4 over to.
Step 2: judge certification mode according to P1,, otherwise change step 3 if creation mode then changes step 4 over to.
Step 3: the current authentication pattern is the interpolation pattern, and the application class of search appointment in container changes step 4 if find, otherwise the newspaper reference data does not find (6A88).
Step 4: according to the characteristic information in the container, judge the concrete grammar of authentication,, otherwise forward step 6 to if the PIN authentication then forwards step 5 to.
Step 5: if the PIN certification mode, then whether verification container PIN at first differentiates PIN and locks, if the locking would stop and return 0x6983; Otherwise the value of twin check value and object stored is made comparisons, if different, then error counter is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then this PIN is locked; If verification succeeds then the error counter that recovers PIN is an initial value forwards step 9 to.
Step 6: at first differentiate the vessel certification key and whether lock, if the locking would stop and return 0x6983; Otherwise continue to resolve the OAID of input, if its curtailment 8 bytes, then 0xFF is mended up to polishing 8 bytes in the back, afterwards as dispersion factor; If OAID length, is then got its rightest 8 bytes greater than 8 bytes as dispersion factor.With the dispersion factor dispersion cup master control key class control key that is applied, dispersing mode sees " China's finance integrated circuit card standard-stored value card electronic bankbook using standard " for details and gets final product.
Step 7: utilize identical process for dispersing, the application class control key is disperseed, obtain the verification process key with smart card uniqueness sign.
Step 8: check whether the card fetch equipment got random number, if random number effectively then use this random number as input, with the verification process key its encryption is obtained authenticating ciphertext, compare with the ciphertext of input, if inconsistent then verification process is failed, error counter is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then this key is locked; If it is that initial value changes step 9 that authentication success recovers the error counter of authenticate key.
Step 9: judgement is authentication or authentication switch operation, if step 10 is changeed in authentication, if step 11 is changeed in the authentication switch operation.
Step 10: according to the setting of P1, in container, create new application class inlet or select the application class inlet of appointment, and in container and the authentication success sign is set.
Step 11:, activate or the closing containers authentication function according to the setting of P1.
With reference to Fig. 8 in detail, the treatment scheme of inserting object Insert Object is described in detail below.The process of described insertion object is meant the constructive process of object, will carry out Container Management simultaneously in the process of creating object.
Step 1: check whether P2 is 0x00; Check that simultaneously whether P1 is the value in the appointment scope, if there is one not satisfy then stop and return 6B00;
Step 2: check internal state, confirm whether complete successfully verification process, if finish then allow to insert object, otherwise termination and return safety condition and do not satisfy code 6982.
Step 3: in data, parse object identity OUID, check whether have and the identical OAID of current application class inlet, if do not satisfy then termination and the incorrect code 6A80 in return data territory.
If satisfy, then parse object properties Attrib and object access condition OAC.The analytic target attribute whether with the P1 parameter in the type matching of the insertion object set, if do not satisfy then termination and the incorrect 6A80 in return data territory, otherwise continue to analyze, if key object is then resolved the subsequent byte of attribute, and according to the length of the algorithm computation key of key.
If attribute satisfies, then access condition tabulation ACL is at first analyzed and preserved to the content of analysis object, retrieves in ACL item by item when recognition data item content, if defined the AC of data item, then writes down the acl list of the AC of this data item to object; If the label that defines in ACL is the template of an application definition, then all data item in the template are inherited the AC of template; If in ACL, there is not the AC of definition of data item, default value 0x00FF then is set, the expression access limit is free; If key object then writes down the condition of quoting, counter and the update condition of object and describes in the tabulation to the state machine of current application class inlet.
If the incorrect situation of data field content when the analysis object content, occurs, should stop and return 6A80, smart card must discharge the temporary space of promising this object application, other state should return to the state that inserts before this object.
Step 4: the object of current parsing is inserted in the list object of current application class inlet.
If after the verification process success, the object of this application class of neither one is inserted in the container, when the card fetch equipment was selected to leave container or authenticated with the OAID of Another application class, current application class entered the mouth and discharge.
With reference to Fig. 9 in detail, the access Access Object treatment scheme of object is described in detail below.
The access procedure of object is actual to be the access of application data, also may be to carry out certain specific function, and object-based operation can comprise two classes at least: quote (Reference) and deletion (Delete).The access Access Object treatment scheme of described object can may further comprise the steps:
Step 1: check value and the legitimacy of P1, P2, if P2 then stops and return 6B00 not for the value position 8 of 0x00 or P1 there is not set.Analyze the value of P1 simultaneously, and then determine concrete action type.
Step 2: the object OUID of parsing input, confirm to have identical OAID with current application class inlet, if do not satisfy then termination and the incorrect code 6A80 in return data territory.
This object of retrieval in current application class inlet list object if do not find, then stops and returns 6A88.
Step 3:, enter corresponding operating process respectively according to the action type that step 1 analysis obtains.
Respectively concrete operating process is described in detail below: quote (Reference) process flow, deletion (Delete) process flow, read (Read) process flow, renewal (Update) process flow, value added (Increase) process flow, depreciation (Decrease) process flow and Unblock CAK treatment scheme.
(1), describe the process step of quoting (Reference) process in detail with reference to Figure 10:
Step 4: with the data field content resolution of instruction and check data field length Lc and whether data field mates, and whether the structure of data field inside is correct.If the incorrect code 6700 of incorrect return data length of field.
Step 5: check whether current object allows to quote, if can not quote then stop and return 6985.
Determine according to the attribute of object whether current referencing operation is legal, if the incorrect service condition of returning does not satisfy code 6985.
Whether step 6: to indicate be the verification password if current object is PIN key object and P1, then enters verification password process, at first differentiate this key object and lock, if locking then stop and return 0x6983; Otherwise the value of twin check value and object stored is made comparisons, if different, then error counter is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then this key is locked.
Whether step 7: to indicate be the PIN release if current object is PUK key object and P1, then enters the PIN releasing process, at first differentiate this key object and lock, if locking then stop and return 0x6983; Otherwise continue to check whether destination object is the PIN object, if not then stopping and returning service condition and do not satisfy 6985, if destination object is the PIN key object then continues to check whether this object locks, if not locking then stop and return safe condition and do not satisfy 6982, otherwise value with regard to twin check value and PUK object stored, if it is identical then with the release of target P IN object, and the maximal value that its error counter allows for this key object is set, if it is different, then the error counter with the PUK key object subtracts 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, then this key is provided with lock token.
Step 8: if current object is a key object,, at first differentiates this key object and whether lock, if locking then stop and return 0x6983 when the key attribute is to allow external authentication and P1 to indicate to be external authentication, then to enter the external authentication process;
If not locking checks then whether the card fetch equipment got random number, if random number effectively then use this random number as input, the ciphertext that its encryption is obtained authenticating ciphertext and input with the key in the object relatively, if inconsistent then verification process is failed.
If Key Tpe is a unsymmetrical key, then by the method polishing Data Post that indicates in the key attribute.
Step 9: if current object is a key object,, at first differentiates this key object and whether lock, if locking then stop and return 0x6983 when the key attribute is to allow internal authentication and P1 to indicate to be internal authentication, then to enter the internal authentication process;
If locking then will import data as input, its encryption is obtained ciphertext and return with the interior key of object.
If Key Tpe is a unsymmetrical key, then by the method polishing Data Post that indicates in the key attribute.
Step 10: if current object is a key object,, at first differentiates this key object and whether lock, if locking then stop and return 0x6983 when key attribute mark is to allow compute signature and P1 to indicate to be compute signature, then to enter the compute signature process;
If not locking then checks in the card whether be provided with or calculate hash value, if do not report 6985, otherwise with hash value by the algorithm polishing that indicates in the key attribute to key mould length compute signature.
Step 11: if current object is a key object,, at first differentiates this key object and whether lock, if locking then stop and return 0x6983 when the key attribute is to allow signature verification and P1 to indicate to be signature verification, then to enter the signature verification process;
Check in the card whether be provided with or calculate hash value,, otherwise the signed data of input untied that parse the interior hash value of hash value and card relatively, comparative result is consistent to return 9000, otherwise returns 9xxx if do not report 6985.
(2), describe the process step of deletion (Delete) process in detail with reference to Figure 11:
Step 12: check the length of LC and data, if do not match then stop and return 6700.
Step 13: check the state machine of current application class,, then object is discharged, and upgrade the relevant tabulation of object therewith if the deletion condition of object satisfies.
(3), describe the process step that reads (Read) process in detail with reference to Figure 12:
Step 14: check the length of LC and data, if do not match then stop and return 6700.Whether the attribute of checking current object is common data object, if calculating object or key object, then stops and returns 6985.
Step 15: according to reading of data item tabulation (DOL), check the state machine of current application class item by item,, then the content of this data item is read and is saved in a tabulation, finish dealing with up to all data item if the reading conditions of data item satisfies.If there is one reading conditions not satisfy, then stops and return 6985.After the content of data item reads and finishes, return the data item contents list that reads.
(4), describe in detail and upgrade (Update) process flow with reference to Figure 13:
Step 16: check the length of LC and data, if do not match then stop and return 6700.Whether the attribute of checking current object is common data object, if calculating object or key object, then stops and returns 6985.
Step 17: according to upgrading list of data items (DOL), check the state machine of current application class item by item, if the update condition of all data item all satisfies, then with the content update of this data item.If there is one reading conditions not satisfy, then stop and return 6985, smart card must guarantee not have an item number according to being updated.
(5), describe value added (Increase) process flow in detail with reference to Figure 14:
Step 18: check the length of LC and data, if do not match then stop and return 6700.Whether the attribute of checking current object is calculating object, if not then stopping and returning 6985.
Step 19: check the state machine of current application class,,, otherwise stop and return 6985 then with the content update of this data item if the value added condition of data item satisfies,
(6), describe depreciation (Decrease) process flow in detail with reference to Figure 15:
Step 20: check the length of LC and data, if do not match then stop and return 6700.Whether the attribute of checking current object is calculating object, if not then stopping and returning 6985.
Step 21: check the state machine of current application class,,, otherwise stop and return 6985 then with the content update of this data item if the depreciation condition of data item satisfies,
(7), describe Unblock CAK release treatment scheme in detail with reference to Figure 16:
UnBlock CAK release treatment scheme can be used for release vessel certification key, and described key can be PIN key or authenticate key.Described release treatment scheme preferably can may further comprise the steps:
Step 1: check the length of LC and data, if do not match then stop and return 6700.
Step 2: judge the certification mode of current container, and whether the pattern that indicates in the decision instruction is correct,, stops and return safety condition and do not satisfy code if incorrect; Otherwise continue, if the PIN certification mode is changeed step 3; If the external authentication pattern is changeed step 6.
Step 3: judge concrete action type, if unlocking PIN then changes step 4; If revise PIN, then change step 5.
Step 4: at first differentiate the PIN key be used for vessel certification and whether lock, if not locking then stop and return 0x6985;
Otherwise continue to judge whether the PUK key that is used for vessel certification locks, if locking then stop and return 0x6983;
Otherwise the value of twin check value and preservation PUK is made comparisons, if different, then the PUK error counter is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then the PUK key is locked.If verification succeeds then 44 error counters with vessel certification PIN revert to initial value, the error counter that recovers the PUK key simultaneously is initial value and END instruction flow process.
Step 5: at first differentiate the PIN key be used for vessel certification and whether lock, if locking then stop and return 0x6983;
Otherwise the PIN value of twin check value and preservation is made comparisons, if different, then the PIN error counter is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then the PIN key is locked.If verification succeeds then upgrade the value of PIN, the error counter that recovers PIN is initial value and END instruction flow process.
Step 6: at first differentiate the vessel certification key and whether lock, if not locking then stop and return 0x6985;
Otherwise continue to judge whether the key of release vessel certification key locks, if lock then stop and return 0x6983; Resolve the OAID of input and check length, if less than 8 bytes, then 0xFF is mended up to polishing 8 bytes in the back, afterwards as dispersion factor; If OAID length, is then got its rightest 8 bytes greater than 8 bytes as dispersion factor.Disperse to be used for the Personal Unlocking Key of release vessel certification key with dispersion factor, the class that is applied Personal Unlocking Key, dispersing mode can see " China's finance integrated circuit card standard-stored value card electronic bankbook using standard " for details.
Utilize identical process for dispersing, the application class Personal Unlocking Key is disperseed, obtain the releasing process key with smart card uniqueness sign.
Check whether the card fetch equipment got random number, if random number effectively then use this random number as input, with the releasing process key its encryption is obtained authenticating ciphertext, compare with the ciphertext of input, if inconsistent then releasing process is failed, the error counter of Personal Unlocking Key is subtracted 1, return 0x6Cxx, but xx is remaining number of attempt; If error counter is 0, represent that then this key is locked; If comparative result unanimity then the error counter of vessel certification key is reverted to initial value, the error counter that recovers Personal Unlocking Key simultaneously is initial value and END instruction flow process.
Owing to can have a plurality of application on the smart card of the present invention, then for the different application class in the Manage Containers independently, each application class preferably should be placed on an independent interval.That is between application class, should design one " fire wall " to prevent that striding across application class carries out unauthorized access.
In order to realize the independence of cipher key function, preferred, the keys for encryption/decryption that is used for a kind of specific function can not be used by any other function, comprises key that is kept in the IC-card and the key that is used for producing, derive from, transmitting these keys.
The purpose that safe packet transmits is the reliability that guarantees data, integrality and to the authentication of transmit leg.Data integrity and can realize by using MAC to the authentication of transmit leg.The reliability of data can be guaranteed by the encryption to data field.
Realize that the concrete mode that above-mentioned safe packet transmits can be referring to following example.
For example, adopt the APDU message to transmit, when second nibble of CLA byte equals hexadecimal digit " 4 ", show and to adopt safe packet to transmit the transmit leg order data.When message safe in utilization transmitted, the TLV structural identification of the data in the order data territory, form can adopt " OUID+ order association data+MAC ".For guaranteeing the confidentiality of clear data in the order, can be with data encryption.The label and the length that comprise enciphered data during encryption, the DOL when in the APDU enciphered data, not comprising OUID and reading and writing data.
Preceding two bytes of random number that obtain from smart card before carrying out safe packet are defined as ICVprefix, are that 8 bytes get ICV as calculating MAC with ICVprefix with the specific data polishing.
Preceding two bytes of ICVprefix=smart card random number
ICV=ICVprefix+“0F?00?00?00?00?F0”
If carry out safe packet transmission continuously, then ICVprefix is added value after 1 as new ICVprefix as round values, participating in safe packet MAC as new ICV behind the polishing again must calculate, and so analogizes.If the order of using random number is arranged between continuous safe packet, send and select the container order or select the application class order to occur, the random number that then obtains previously lost efficacy, and the card fetch equipment must be got the smart card random number again to calculate ICVprefix.The computational data of MAC begins to finish to data field from the CLA byte.
The specific embodiment of client being issued accumulating card below by a cafe is elaborated to thought of the present invention.
Certain cafe is prepared client is issued accumulating card, so that in intense market competition, keep the customer loyalty degree, plan will be carried out certain preferential and give to the client who holds accumulating card, but these preferential plans are variable, also may implement different preferential plans at different customer bases.Requirement to smart card is integrated value, VIP rank and the identity identification information that will write down client on the smart card, can be behind hair fastener the modification related content of safety.
According to integration plan demand, can do following design:
Table 11: the initialization information of distribution accumulating card
After the smart card designs of required distribution is finished, just can begin the smart card personalization process.The described individualized stage mainly is that application is inserted in the container, how on smart card, to create container and do not do description here, when individualized, according to the commercial business model of reality, may be independent hair fastener, also may be to add the plan of this integration on affiliate's card.
Suppose that the personalized smart card of described needs adopts following APDU command code
Table 12: the APDU command code of presetting
| CLA | INS | Title | Quote |
| 80 | 40 | Insert object (INSERT OBJECT) | - |
| 8X | 42 | Reference object (ACCESS OBJECT) | - |
| 80 | 46 | Gain access (GET ACCESS right) | - |
| 80 | 24 | Release vessel certification key (UNBLOCK CAK) | - |
| 80 | 58 | Container locks/release (LOCK/UNLOCK) | - |
| 80 | 48 | Calculate Hash (COMPUTE HASH) | - |
| 80 | A4 | Select application class (SELECT CLASS) | - |
| 80 | 4E | Get application class tabulation (LIST CLASS) | - |
| 00 | C?0 | Get return data (GET RESPONSE) | ISO/IEC7816-4 |
| 00 | 84 | Get random number (GET CHALLENGE) | ISO/IEC7816-4 |
Described smart card personalization process can may further comprise the steps, and wherein command component adopts to go up and shows to replace correspondence to illustrate.
Step 1: select container, obtain the authentication information of container
To?Card:00?A4?04?00?10“CUP?CONTAINER001”
From?Card:
70?1D?5F01?01?40?5F02?08?11?22?33?44?55?66?77?88?5F03?01?00?5F04
02?FF?FE?5F05?02?A0?00
Authentication function at this supposition container is a state of activation, and certification mode is the PIN authentication; The information such as version number of the remaining space and the container of container have been known simultaneously.
Step 2: authentication container
To?Card:
80 46 01 00 1D, 61 11 4F 05 46 01 00 00 01 50 08 " QQ cafe " 57 08
26?12?34?56?FF?FF?FF?FF
From?Card:90?00
According to the 1st information that obtains of step, with the PIN of container container is authenticated and creates and should use class, the value of supposing container PIN is " 123456 ".
In this step, if the external authentication pattern is then at first got random number from smart card, the verify data above will replacing with the verify data behind the authenticate key encrypted random number; If the first step is indicated the vessel certification function and for closing, then can be skipped this step.
Step 3: insert application
At first need to insert all and use key in container:
To?Card:
80?40?80?00?2E?7A?2C?51?06?46?01?00?00?01?01?52?03?80?69?00
53?02?00?01?7B?19?54?03?55?FF?02?55?12?00?00?DropKey
From?Card:90?00
To?Card:
80?40?80?00?2E?7A?2C?51?06?46?01?00?00?01?02?52?03?80?89?00
53?02?00?01?7B?19?54?03?55?FF?02?55?12?00?00?MtKey
From?Card:90?00
To?Card:
80?40?80?00?2E?7A?2C?51?06?46?01?00?00?01?03?52?03?80?89?00
53?02?00?01?7B?19?54?03?55?FF?02?55?12?00?00?IncKey
From?Card:90?00
To?Card:
80?40?80?00?2E?7A?2C?51?06?46?01?00?00?01?04?52?03?80?89?00
53?02?00?01?7B?19?54?03?55?FF?02?55?12?00?00?DecKey
From?Ca?rd:90?00
It should be noted that, ciphertext installation key if desired, then at first a transmission security key must be installed, again all are prepared the attribute of the key that ciphertexts install and acl list with Insert object instruct write container after, in the mode of ciphertext key value is imported container with Access object.
Insert the data object of using again:
To?Card:
80?40?00?00?2C?7A?2A?51?06?46?01?00?00?01?05?52?01?00
53?02?00?01?7B?19?54?06?B1?00?FF?93?00?02?B1?0C?91?05“Tiger”92?03
39?35?38?93?01?01
From?Ca?rd:90?00
To?Card:80?40?40?00?1E?7A?1C?51?06?46?01?00?00?01?06?52?01?40?53?02
00?01?7B?0B?54?03?56?03?04?56?04?00?00?00?00
From?Card:90?00
So far, the individualized work of integration application has just been finished.
After individualized the finishing of integration smart card, the usage example that integration is used describes in detail below:
According to real business demand, the usage example that integration is used comprises two aspects, is inquiry integration and personal information on the one hand, is the increase and decrease integrated value on the other hand.
Suppose, we predefine some algorithms and data code, as described in following table,
Table 13: algorithm that presets and data code
| Code | Implication |
| Fenc | Cryptographic algorithm |
| Fmac | The MAC algorithm |
| Fpad | Data polishing algorithm |
| ICV | The initial value of computationally secure message |
| MD | Calculate the input data of MAC |
Inquiry integration and personal information
Querying individual information:
To?Card:80?A4?00?00?05?46?01?00?00?01
From?Card:90?00
To?Card:
80?42?B0?00?0D?51?06?46?01?00?00?01?05?58?03?91?92?93
From?Card:“Tiger”39?35?38?01
The inquiry integration:
To?Card:80?A4?00?00?05?46?01?00?00?01
From?Card:90?00
To?Card:80?42?B0?00?0B?51?06?46?01?00?00?01?06?58?01?56
From?Card:00?00?00?00
The increase and decrease integrated value
Increase by 1000 points:
To?Card:80?A4?00?00?05?46?01?00?00?01
From?Card:90?00
To?Card:00?84?00?00?08
From?Card:F2?87?AA?3D?93?6A?C1?8F?90?00
To?Card:84?42?C0?00?1B?51?06?46?01?00?00?01?05?58?01?93
57?08?EncValue?59?04?Mac
From?Card:90?00
EncValue=Fenc(IncKey,“00?00?03?E8”)
MD=Fpad(“84?42?D0?00?1B?51?06?46?01?00?00?01?06?58?01?56?57?08”EncValue)
ICVprefix=“B0?01”
ICV=ICVprefix+“0F?00?00?00?00?F0”
Mac=Fmac(IncKey,ICV,MD)
Reduce 500 points:
To?Card:84?42?E0?00?1B?51?06?46?01?00?00?01?06?58?01?56
57?08?EncValue?59?04?Mac
From?Card:90?00
EncValue=Fenc(DecKey,“00?00?01?F4”)
MD=Fpad(84?42?E0?00?1B?51?06?46?01?00?00?01?06?58?01?56?57?08EncValue)
ICVprefix++
ICV=ICVprefix+“0F?00?00?00?00?F0”
Mac=Fmac(DecKey,ICV,MD)
Revise the VIP grade
To?Card:80?A4?00?00?05?46?01?00?00?01
From?Card:90?00
To?Card:00?84?00?00?08
From?Card:B0?01?0E?6F?1E?76?5E?60?90?00
To?Card:84?42?D0?00?1B?51?06?46?01?00?00?01?06?58?01?56
57?08?EncValue?59?04?Mac
From?Card:90?00
EncValue=Fenc(MtKey,“02”)
MD=Fpad(“84?42?C0?00?1B?51?06?46?01?00?00?01?05?58?01?93?57?08”EncValue)
ICVprefix=“F2?87”
ICV=ICVprefix+“0F?00?00?00?00?F0”
Mac=Fmac(MtKey,ICV,MD)
After integration is used use a period of time, add new object possibly and support new business demand, this is exactly modification or maintenance to issuing application in fact.Flow process to contingent integration change of plan describes below:
The deletion object
The authority of deletion object can so need not container is authenticated, as long as meet the deletion condition of object, just can be deleted the object of appointment by application class oneself control.
Add object
The interpolation object must be finished the authentication to container, and process is with individualized identical.
Revise object
Owing to can only revise the content of data item behind the Object Creation, can't add the attribute of data item or modification data item, if use the content that must revise object, then must at first delete this object, and then create this object again.
More than the method for access object in a kind of smart card provided by the present invention and the smart card is described in detail, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (12)
1. the method for access object in the smart card is characterized in that, described smart card adopts container and subject memory data, and provides the general insertion and the operation of reference object in container end, said method comprising the steps of:
Check order parameter, judge legitimacy, and analyze and determine concrete action type;
Resolve the object identity of input, judge whether identical with the sign of current application class inlet;
If identical, then in current application class inlet list object, retrieve this object;
If there is this object,, finish the accessing operation flow process of corresponding object then according to action type and the object properties determined.
2. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is for quoting flow process, then
With the data field content resolution of instruction and check data field length Lc and whether data field mates, and whether the structure of data field inside is correct;
If check and pass through, then determine according to the attribute of object whether current referencing operation is legal;
If legal, then quote corresponding object.
3. the method for access object is characterized in that in the smart card as claimed in claim 2, and the described object of quoting comprises the APDU object that is used to realize certain application instruction function.
4. the method for access object is characterized in that in the smart card as claimed in claim 2, also comprises:
If current object is a key object, then carry out corresponding verification process according to the key attribute;
If authentication is passed through, then quote this key object.
5. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is the deletion flow process, then;
With the data field content resolution of instruction and check data field length Lc and whether data field mates;
If coupling, the state machine of inspection current application class;
If the deletion condition of corresponding object satisfies, then this object occupation space is all discharged, and upgrade the relevant tabulation of object therewith.
6. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is for reading flow process, then;
With the data field content resolution of instruction and check data field length Lc and whether data field mates;
If coupling checks whether the attribute of current object is common data object;
If, check the state machine of current application class item by item then according to reading of data item tabulation (DOL);
If the reading conditions of data item satisfies, then the content of this data item is read.
7. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is new technological process more, then;
With the data field content resolution of instruction and check data field length Lc and whether data field mates;
If coupling checks whether the attribute of current object is common data object;
If then, check the state machine of current application class item by item according to upgrading list of data items (DOL);
If the update condition of all data item all satisfies, then with the content update of this data item.
8. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is value added or the depreciation flow process, then;
With the data field content resolution of instruction and check data field length Lc and whether data field mates;
If coupling checks whether the attribute of current object is calculating object;
If then check the state machine of current application class;
If the value added or depreciation condition of data item satisfies, then value added the or depreciation with the content of this data item.
9. the method for access object is characterized in that in the smart card as claimed in claim 1, if corresponding operating process is the release treatment scheme, then;
Step 1, with the data field content resolution of instruction and check data field length Lc and whether data field mates; If mate, then judge the certification mode of current container;
Step 2 is if the PIN certification mode is then changeed step 3; If the external authentication pattern is then changeed step 6;
Step 3, the concrete action type of judgement are if unlocking PIN then changes step 4; If revise PIN, then change step 5.
Whether the key that step 4, judgement are used for vessel certification locks; If not locking, the then value of twin check value and preservation PUK; If verification succeeds, then unlocking PIN;
Whether the key that step 5, judgement are used for vessel certification locks; If do not lock, then the PIN value of twin check value and preservation; If verification succeeds then upgrade the value of PIN;
Whether the key that step 6, judgement are used for vessel certification locks;
If locking does not judge then whether the key of release vessel certification key locks;
If not locking then utilizes card uniqueness sign that the application class Personal Unlocking Key is disperseed, obtain the releasing process key;
The releasing process key obtains authenticating ciphertext with the random number encryption of terminal input;
The ciphertext of more described authentication ciphertext and input, if the comparative result unanimity, then release success.
10. an intelligent card data treating apparatus is characterized in that, smart card adopts container and subject memory data, and provides the general insertion and the operation of reference object in container end, and this intelligent card data treating apparatus comprises:
Check module, check order parameter, judge legitimacy, and analyze and determine concrete action type;
Parsing module is resolved the object identity of importing, and judges whether identical with the sign of current application class inlet;
If identical, retrieval module is this object of retrieval in current application class inlet list object;
If there is this object,, finish the accessing operation flow process of corresponding object then according to action type and the object properties determined.
11. realize the smart card methods of using for one kind more, it is characterized in that, in described smart card:
At least one container is set;
Data are stored according to the mode of container and object, comprise the object set of at least one application in each container;
Provide the general insertion and the operation of reference object in container end, to realize general operation at object;
Described method comprises:
Check order parameter, judge legitimacy, and analyze and determine concrete action type;
Resolve the object identity of input, judge whether identical with the sign of current application class inlet;
If identical, then in current application class inlet list object, retrieve this object;
If there is this object,, finish the accessing operation flow process of corresponding object then according to action type and the object properties determined.
12. the realization smart card as claimed in claim 11 methods of using is characterized in that more, also comprise:
According to the characteristic of data, data are stored as data object, calculating object, key object and Application Protocol Data Unit APDU object respectively; Described data object is used for storing applied data, and described calculating object is used to store sensitive data, and described key object is used to store the key data of application; Described APDU object is used to store the instruction sequence data that realize specific function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100251359A CN101042736B (en) | 2006-03-24 | 2006-03-24 | Smart card and method for accessing objects in smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100251359A CN101042736B (en) | 2006-03-24 | 2006-03-24 | Smart card and method for accessing objects in smart card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101042736A CN101042736A (en) | 2007-09-26 |
| CN101042736B true CN101042736B (en) | 2011-11-30 |
Family
ID=38808237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100251359A Active CN101042736B (en) | 2006-03-24 | 2006-03-24 | Smart card and method for accessing objects in smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101042736B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402697A (en) * | 2010-09-07 | 2012-04-04 | 国民技术股份有限公司 | Radio frequency communication system and radio frequency communication method |
| CN102467672B (en) * | 2010-11-11 | 2014-08-06 | 中国移动通信集团公司 | Method and equipment for managing sub-application of smart card |
| CN102521551B (en) * | 2011-12-23 | 2014-08-20 | 大唐微电子技术有限公司 | Personalized IC (integrated circuit) card issuing device and method |
| CA2881985A1 (en) * | 2012-08-15 | 2014-02-20 | Hewlett-Packard Development Company, L.P. | Metadata tree of a patient with lockboxes |
| CN103678427B (en) * | 2012-09-26 | 2017-06-23 | 中国银联股份有限公司 | Retrieve and use the method and system of the application being arranged in smart card |
| CN102945206B (en) * | 2012-10-22 | 2016-04-20 | 大唐微电子技术有限公司 | A kind of object memory access method based on smart card and smart card |
| US10324781B2 (en) | 2013-04-25 | 2019-06-18 | Feitian Technologies Co., Ltd. | Method for managing application on card |
| CN103281172B (en) * | 2013-05-13 | 2016-03-02 | 天津市天安怡和信息技术有限公司 | Pond communication means between highway electric prepaid card and encryption equipment |
| CN104217327B (en) * | 2014-09-25 | 2017-12-26 | 中孚信息股份有限公司 | A kind of financial IC card internet terminal and its method of commerce |
| CN104463263B (en) * | 2014-10-17 | 2017-08-11 | 青岛丰华时代信息技术有限公司 | The system architecture of many applications and the information processing method based on the framework on IC-card |
| CN104484628B (en) * | 2014-12-17 | 2018-04-13 | 西安邮电大学 | It is a kind of that there is the multi-application smart card of encrypting and decrypting |
| CN105530088A (en) * | 2015-09-01 | 2016-04-27 | 北京中电华大电子设计有限责任公司 | Safe JAVA card secret key storage method |
| CN107451498B (en) * | 2016-06-01 | 2020-06-09 | 北京数码视讯科技股份有限公司 | Method and device for providing association relationship between objects and smart card |
| CN106296155B (en) * | 2016-08-04 | 2019-07-23 | 武汉天喻信息产业股份有限公司 | A kind of implementation method of credit card issuer directive script chain type MAC |
| CN106992858B (en) * | 2017-04-06 | 2020-05-19 | 四川科道芯国智能技术股份有限公司 | Data processing method and device |
| CN107729056A (en) * | 2017-10-26 | 2018-02-23 | 东信和平科技股份有限公司 | The program store method and relevant apparatus of a kind of read-only storage |
| CN107797930B (en) * | 2017-10-27 | 2021-04-23 | 东信和平科技股份有限公司 | Method, system, device and readable storage medium for testing functions of smart card |
| CN108363663B (en) * | 2018-02-02 | 2021-05-11 | 浙江德景电子科技有限公司 | Application of intelligent POS terminal to inspection bank card detection center authentication |
| CN108573296B (en) * | 2018-07-02 | 2024-03-15 | 北京广弘电子信息技术有限公司 | Anti-counterfeiting device, anti-counterfeiting system and anti-counterfeiting method |
| CN109558756B (en) * | 2018-12-13 | 2022-04-12 | 艾体威尔电子技术(北京)有限公司 | EMV message analysis tool |
| CN109885351B (en) * | 2019-01-22 | 2021-09-28 | 飞天诚信科技股份有限公司 | Multi-application smart card and method for establishing master-slave application relationship thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5581708A (en) * | 1993-03-23 | 1996-12-03 | Kabushiki Kaisha Toshiba | Data transmission system using electronic apparatus having a plurality of transmission protocols |
| CN1236462A (en) * | 1997-09-19 | 1999-11-24 | 施蓝姆伯格工业公司 | Intelligent card and selective method for application thereof |
| CN1242094A (en) * | 1996-12-23 | 2000-01-19 | 德意志银行股份公司 | Chip card and method for its use |
-
2006
- 2006-03-24 CN CN2006100251359A patent/CN101042736B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5581708A (en) * | 1993-03-23 | 1996-12-03 | Kabushiki Kaisha Toshiba | Data transmission system using electronic apparatus having a plurality of transmission protocols |
| CN1242094A (en) * | 1996-12-23 | 2000-01-19 | 德意志银行股份公司 | Chip card and method for its use |
| CN1236462A (en) * | 1997-09-19 | 1999-11-24 | 施蓝姆伯格工业公司 | Intelligent card and selective method for application thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101042736A (en) | 2007-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101042736B (en) | Smart card and method for accessing objects in smart card | |
| CN101042738B (en) | Method for implementing smart card multi-application and data processing apparatus | |
| CN101042737B (en) | Smart card and method for creating application and insertion objects in smart card | |
| US8789146B2 (en) | Dual interface device for access control and a method therefor | |
| Hansmann et al. | Smart card application development using Java | |
| CN100555316C (en) | One-time authentication system | |
| JP4428055B2 (en) | Data communication apparatus and memory management method for data communication apparatus | |
| CN101183413B (en) | Architecture of trusted platform module and method for providing service thereof | |
| CN100438409C (en) | Intelligent card with financial-transaction message processing ability and its method | |
| Rankl | Smart Card Applications: Design models for using and programming smart cards | |
| US20030154376A1 (en) | Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using | |
| WO2005076204A1 (en) | Smart card for containing plural issuer security domain and method for installing plural issuer security domain in a smart card | |
| JPH11505355A (en) | Data exchange system including portable data processing unit | |
| CN101599130A (en) | Signal conditioning package, information processing method, program and communication system | |
| CN109446259A (en) | Data processing method and device, processor and storage medium | |
| CN102881085B (en) | Integrated circuit (IC) card module security authentication method for intelligent water meter | |
| JP2005196412A (en) | Data communication device and memory management method for data communication device | |
| CN101339683A (en) | Bag cabinet control method and system based on data sharing center | |
| CN103516517A (en) | Production method, RFID transponder, authentication method, and reader device | |
| CN103235995A (en) | Electronic anti-counterfeiting and logistics management system based on NFC (near field communication) mobile phone | |
| CN101866411A (en) | Security certification and encryption method and system of multi-application noncontact-type CPU card | |
| CN1930592A (en) | Emv transactions in mobile terminals | |
| JP2004526242A (en) | Operation method of non-contact identification medium | |
| CN102999839A (en) | Cloud platform and virtual SE (security element) based electronic currency security payment system and cloud platform and virtual SE based electronic currency security payment method | |
| CN101119423A (en) | Electronic label intelligent finance self-help payment telephone terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |