TWI596547B - Card application service anti-counterfeiting writing system and method based on multi-card combination - Google Patents
Card application service anti-counterfeiting writing system and method based on multi-card combination Download PDFInfo
- Publication number
- TWI596547B TWI596547B TW105137566A TW105137566A TWI596547B TW I596547 B TWI596547 B TW I596547B TW 105137566 A TW105137566 A TW 105137566A TW 105137566 A TW105137566 A TW 105137566A TW I596547 B TWI596547 B TW I596547B
- Authority
- TW
- Taiwan
- Prior art keywords
- card
- signature
- application
- module
- personalized data
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Description
本發明屬於一種基於多卡合一之卡片應用服務防偽寫入系統與方法,尤指一種基於多卡合一之卡片應用服務防偽寫入系統與方法,以降低偽造的多卡合一智慧卡於市面流通之數量。 The invention belongs to a card application service anti-counterfeiting writing system and method based on multi-card combination, in particular to a card application service anti-counterfeiting writing system and method based on multi-card combination, so as to reduce the forged multi-card smart card. The amount of circulation in the market.
智慧卡即是一晶片卡,是在一可攜式塑膠卡片上內嵌一積體電路晶片。卡片包含了微處理器、I/O介面以及記憶體,可儲存各式卡片資訊,並依其儲存資訊之用途不同,可區分為身分證、健保卡、駕照、信用卡、電子票證、交通票證等。由於卡片種類眾多,造成攜帶之不便,故多卡合一便應運而生。 A smart card is a chip card in which an integrated circuit chip is embedded in a portable plastic card. The card contains a microprocessor, I/O interface and memory. It can store all kinds of card information and can be divided into identity card, health insurance card, driver's license, credit card, electronic ticket, transportation ticket, etc. according to the purpose of storing the information. . Due to the variety of cards, it is inconvenient to carry, so multi-card combination came into being.
如台灣公開號TW 200502840「具備多應用程式之智慧卡與終端機間的資料處理方法」,其智慧卡具有複數應用程式,為多卡合一之原型,其中透過一終端機向應用程式傳遞參數並取得狀態回應訊息,唯此一方法並未進行安全性上的驗證;又如台灣公開號TW 201610858「多卡合一裝置、系統和卡資訊載入方法」,其通過多卡合一裝置在輸入單元接收使用者發出的一指令並透過記憶體讀取對應之卡片資訊,此一方法僅提供了讀卡時的安全性驗證,並未於發卡階段進行安 全性的處理;又如美國公開號US 20080005567 A1「Method and system for personalizing smart cards using asymmetric key cryptography」,其使用複數個密鑰加密個人化指令,並以應用程式提供者私鑰進行簽章,傳送至卡片並透過應用程式進行驗證與解密,以達到發卡時之安全性處理,唯以應用程式提供者私鑰簽章之狀況下,無法保護獲取之卡片應用服務隸屬於同一使用者。 For example, Taiwan's publication number TW 200502840 "Data processing method between smart card and terminal with multi-application", the smart card has multiple applications, which is a prototype of multi-card integration, in which parameters are transmitted to the application through a terminal. And get the status response message, but this method has not been verified for security; for example, Taiwan's public number TW 201610858 "multi-card device, system and card information loading method", through the multi-card unit The input unit receives an instruction from the user and reads the corresponding card information through the memory. This method only provides security verification during card reading, and is not performed during the card issuance phase. Fully processed; as in US 20080005567 A1 "Method and system for personalizing smart cards using asymmetric key cryptography", which uses a plurality of keys to encrypt personalized instructions and sign with the application provider private key. It is transmitted to the card and verified and decrypted by the application to achieve security processing at the time of card issuance. The card application service cannot be protected from being owned by the same user only when the application provider private key is signed.
另如美國公開號US 7380125 B2「Smart card data transaction system and methods for providing high levels of storage and transmission security」,其揭露一智慧卡儲存與傳輸安全之方法,唯其未針對驗證之行為進行說明,且其未將此一安全機制擴展至多卡合一上。 In addition, the US Patent Publication No. 7380125 B2 "Smart card data transaction system and methods for providing high levels of storage and transmission security" discloses a smart card storage and transmission security method, but it does not describe the behavior of verification, and It does not extend this security mechanism to multi-card integration.
本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本基於多卡合一之卡片應用服務防偽寫入系統與方法。 In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, finally successfully developed and completed the anti-counterfeiting writing system and method for the card application service based on multi-card.
為達上述目的,本發明提出提供一種基於多卡合一之卡片應用服務防偽寫入系統與方法,於多卡合一架構下,若欲進行一多卡合一之晶片卡發卡流程,需包含一使用者之要求、一申辦受理模組、一製卡管理模組、一多卡合一發行管理平台、一寫卡元件模組、各式提供該卡片資訊的卡片服務供應商、以及一金鑰管理模組;其中由製卡管理系統提供使用者資訊與需求予多卡合一發行管理平台,然若此一流程經由人為操縱製卡管理系統,竄改其中任一卡片應用服務之使用者 資訊為他人並發出需求,則此惡意攻擊者即可獲得未授權寫入之卡片應用服務,進而使同一實體證件內的卡片應用服務不隸屬於同一使用者。因此,現有的多卡合一架構有安全性上的疑慮。 In order to achieve the above object, the present invention provides a card application service anti-counterfeiting writing system and method based on a multi-card combination. In the multi-card combination architecture, if a multi-card wafer card issuing process is to be performed, it is required to include A user's request, a bid acceptance module, a card management module, a multi-card integration management platform, a card component module, various card service providers that provide the card information, and a gold Key management module; wherein the card management system provides user information and requirements to the multi-card integration management platform, but if the process is manually manipulated by the card management system, the user of any card application service is tampered with If the information is for others and the request is made, the malicious attacker can obtain the card application service that is not authorized to write, so that the card application service in the same entity certificate is not affiliated with the same user. Therefore, the existing multi-card architecture has security concerns.
本發明為一種基於多卡合一之卡片應用服務防偽寫入系統與方法,其主要目的在於設計一多卡合一架構下,縱使製卡流程中製卡管理系統被操縱,竄改任一卡片應用服務之使用者資訊,亦無法於寫卡階段將未取得授權之卡片應用服務寫入卡片之方法。 The invention relates to a multi-card-based card application service anti-counterfeiting writing system and method, the main purpose of which is to design a multi-card-integrated architecture, even if the card-making management system is manipulated in the card-making process, tampering with any card application The user information of the service is also unable to write the unauthorised card application service to the card during the card writing phase.
一種基於多卡合一之卡片應用服務防偽寫入系統,其主要包括:一製卡管理模組,是以啟動製卡程序,傳遞使用者資訊與一或複數個需求至一多卡合一發行管理平台;多卡合一發行管理平台,是將使用者資訊與需求傳遞至指定之卡片服務供應商,再將回傳之個人化資料與簽章傳送至寫卡元件模組;寫卡元件模組,是將個人化資料與簽章傳送給卡片內指定之應用程式;一金鑰管理模組,是具有卡片唯一金鑰對,並得以儲存私鑰,以及將公鑰寫入智慧卡,同時得以紀錄使用者資訊與其金鑰對的配對關是,並產製個人化資料的簽章值。 A card application service anti-counterfeiting writing system based on multi-card combination, which mainly comprises: a card-making management module, which is to start a card-making process, and transmits user information and one or more requirements to one-card-one issuance. Management platform; multi-card integration release management platform, is to transfer user information and needs to the designated card service provider, and then transfer the returned personalized data and signature to the card component module; write card component module The group transmits the personalized data and the signature to the specified application in the card; a key management module has the unique key pair of the card, and can store the private key and write the public key to the smart card, It is possible to record the matching of user information with its key pair and to produce the signature value of the personalized data.
其中卡片內指定之應用程式,是得以驗證簽章並判定是否寫入個人化資料。 The application specified in the card is able to verify the signature and determine whether to write personalized data.
一種基於多卡合一之卡片應用服務防偽寫入方法,包括:獲得使用者資訊或需求; 多卡合一發行管理平台提出個人化資料要求;卡片服務供應商完成個人化資料產製;卡片服務供應商提出簽章要求;金鑰管理模組完成簽章動作;金鑰管理模組回傳簽章資料;卡片服務供應商回傳個人化資料與對應簽章;多卡合一發行管理平台提出寫卡要求;寫卡元件模組進行寫卡動作。 An anti-counterfeiting writing method for a card application service based on multi-card integration, comprising: obtaining user information or requirements; The multi-card integration management platform proposes personalized data requirements; the card service provider completes the personalized data production system; the card service provider proposes the signature requirements; the key management module completes the signature action; the key management module returns The signature information; the card service provider returns the personalized data and the corresponding signature; the multi-card integration management platform proposes the writing card; the writing card component module performs the card writing action.
其中寫卡動作之流程,是包含:寫卡元件模組接收多卡合一發行管理平台之個人化資料與簽章;寫卡元件模組將個人化資料與簽章輸入智慧卡模組之卡片服務供應商所屬之應用程式;智慧卡模組卡片公開金鑰存放區驗證卡片服務供應商所屬之應用程式之個人化資料與簽章。 The process of writing the card action includes: the card component module receives the personalized data and signature of the multi-card integration management platform; the card component module inputs the personalized data and the signature into the card of the smart card module. The application to which the service provider belongs; the smart card module card public key storage area verifies the personalized information and signature of the application to which the card service provider belongs.
其中驗證之流程,是包含:應用程式執行碼模組之個人化資料簽章驗證單元向卡片公開金鑰存放區接收公開金鑰;應用程式執行碼模組之正常應用程式處裡單元接收驗證成功之個人化資料;卡片應用程式模組之應用程式區接收由正常應用程式處裡單元接收之驗證成功之個人化資料。 The verification process includes: the personalization data signature verification unit of the application execution code module receives the public key from the card public key storage area; the unit of the application execution code module receives the verification successfully. Personalized data; the application area of the card application module receives personalized data that is successfully verified by the unit in the normal application.
本發明所提供一種基於多卡合一之卡片應用服務防偽寫入系統與方法,與其他習用技術相互比較時,更具備下列優點: The invention provides a multi-card-based card application service anti-counterfeiting writing system and method, and has the following advantages when compared with other conventional technologies:
1.本發明在一多卡合一架構下提供卡片應用服務之驗 證技術,防範偽造的卡片應用服務之寫入,當有心人士或駭客取得製卡管理系統的權限後,縱使刻意竄改使用者資料,亦無法將未取得授權之卡片應用服務寫入卡片。 1. The invention provides a card application service test under a multi-card combination architecture The technology of the card prevents the writing of the forged card application service. When the person or the hacker obtains the authority of the card management system, even if the user data is deliberately falsified, the unauthorised card application service cannot be written into the card.
110‧‧‧使用者 110‧‧‧Users
120‧‧‧申辦受理模組 120‧‧‧Application Acceptance Module
130‧‧‧製卡管理模組 130‧‧‧Card Management Module
131‧‧‧操作人員 131‧‧‧Operators
140‧‧‧多卡合一發行管理平台 140‧‧‧Doka One Distribution Management Platform
150‧‧‧卡片服務供應商 150‧‧‧Card Service Provider
160‧‧‧金鑰管理模組 160‧‧‧Key Management Module
161‧‧‧產製金鑰 161‧‧‧Production Key
170‧‧‧寫卡元件模組 170‧‧‧Write Card Component Module
180‧‧‧智慧卡模組 180‧‧‧Smart Card Module
181‧‧‧寫入公開金鑰 181‧‧‧Write public key
S301~S309‧‧‧發卡流程 S301~S309‧‧‧ card issuance process
S401~S405‧‧‧寫卡動作流程 S401~S405‧‧‧Write card action flow
S501~S505‧‧‧驗證流程 S501~S505‧‧‧ verification process
請參閱有關本發明之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關附圖為:圖1為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之架構示意圖;圖2為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之初始化示意圖;圖3為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之發卡流程圖;圖4為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之寫卡動作流程圖;圖5為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之驗證流程圖。 Please refer to the detailed description of the present invention and its accompanying drawings, which will further understand the technical contents of the present invention and the functions of the present invention. FIG. 1 is a multi-card integrated card application service anti-counterfeiting writing system according to the present invention. Schematic diagram of the architecture and method of the present invention; FIG. 2 is an initial diagram of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination; FIG. FIG. 4 is a flow chart of the card writing operation of the card application service anti-counterfeiting writing system and method based on the multi-card combination; FIG. 5 is a card application service anti-counterfeiting writing system based on the multi-card combination Verification flowchart with method.
為了使本發明的目的、技術方案及優點更加清楚明白,下面結合附圖及實施例,對本發明進行進一步詳細說明。應當理解,此處所描述的具體實施例僅用以解釋本發明,但並不用於限定本發明。 The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
以下,結合附圖對本發明進一步說明:請參閱圖1所示,為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之架構示意圖,其包括: 一製卡管理模組130,是以啟動製卡程序,傳遞使用者資訊與一或複數個需求至一多卡合一發行管理平台140;多卡合一發行管理平台140,是將使用者資訊與需求傳遞至指定之卡片服務供應商150,再將回傳之個人化資料與簽章傳送至寫卡元件模組170;寫卡元件模組170,是將個人化資料與簽章傳送給卡片內指定之應用程式;一金鑰管理模組160,是具有卡片唯一金鑰對,並得以儲存私鑰,以及將公鑰寫入智慧卡,同時得以紀錄使用者資訊與其金鑰對的配對關是,並產製個人化資料的簽章值。 The present invention is further described with reference to the accompanying drawings. Please refer to FIG. 1 , which is a schematic structural diagram of a multi-card integrated card application service anti-counterfeiting writing system and method according to the present invention, which includes: The card-making management module 130 is a startup card-making program that transmits user information and one or more requirements to a multi-card integration management platform 140; the multi-card integration management platform 140 is a user information And the demand is transmitted to the designated card service provider 150, and the returned personalized data and signature are transmitted to the card writing component module 170; the writing card component module 170 transmits the personalized information and the signature to the card. The specified application; a key management module 160 has a unique key pair of the card, and can store the private key, and write the public key to the smart card, and at the same time record the pairing of the user information and its key pair. Yes, and produce the signature value of the personalized information.
由上述步驟可以得知,進入發卡流程前,卡片需經過金鑰管理模組以完成初始化動作;發卡流程開始後,使用者110向申辦受理模組120提出製卡之要求,由申辦受理模組120傳遞此要求至製卡管理模組130,製卡管理模組130操作人員131操作模組,依序傳遞使用者資訊與需求1到n至多卡合一發行管理平台140,由多卡合一發行管理平台140將對應之使用者資訊與需求傳遞至對應之卡片服務供應商140,卡片服務供應商150至金鑰管理模組160取得簽章後,將個人化資料與對應之簽章回傳至多卡合一發行管理平台140,由多卡合一發行管理平台140要求寫卡元件模組170進行寫卡動作,寫卡時,卡片之應用程式會針對各卡片應用服務之個人化資料與對應之簽章進行驗證,若驗證成功,則可進行寫入之動作,反之則拒絕寫入。 It can be known from the above steps that before entering the card issuance process, the card needs to go through the key management module to complete the initialization action; after the card issuance process starts, the user 110 requests the bidding acceptance module 120 to make a card, and the application accepts the module. 120 transmits the request to the card management module 130, the card management module 130 operator 131 operates the module, sequentially transmits the user information and requirements 1 to n to the multi-card integration management platform 140, and the multi-card is integrated The distribution management platform 140 transmits the corresponding user information and requirements to the corresponding card service provider 140. After the card service provider 150 to the key management module 160 obtains the signature, the personalized information and the corresponding signature are returned. At most the card-to-one-issue management platform 140, the card-in-one component management system 140 requires the card-carrying component module 170 to perform a card-writing operation. When the card is written, the card-based application will apply personalized information and corresponding services for each card application service. The signature is verified. If the verification is successful, the write operation can be performed, and if not, the write is refused.
藉由上述之流程與方法,縱使製卡管理模組操縱人員131竄改任一卡片應用服務之使用者資訊,亦無法製造 出卡片應用服務不隸屬於同一使用者的實體證件,提升了多卡合一架構下製卡流程的安全性。 Through the above-mentioned processes and methods, even if the card management module operator 131 tampers with the user information of any card application service, it cannot be manufactured. The card application service is not affiliated with the entity certificate of the same user, which improves the security of the card-making process under the multi-card integration architecture.
請參閱圖2所示,為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之初始化示意圖,在進入發卡流程之前,所有卡片皆須經過初始化動作,而初始化過程主要則是包括規劃卡片資料空間、applet預先載入以及產製金鑰161等。由圖2中可以看到,金鑰管理模組160將於初始化過程中產製專屬於每張卡片之唯一金鑰對,並將私密金鑰存放於金鑰管理模組160中,並寫入公開金鑰181於智慧卡模組180中預先規劃之公開金鑰存放區;其中,金鑰對的產製動作亦可利用硬體保密器來協助進行,則私密金鑰可直接存放於硬體保密器之中。 Please refer to FIG. 2 , which is an initialization diagram of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination. Before entering the card issuing process, all cards must undergo an initialization action, and the initialization process mainly includes Plan card data space, applet preloading, and production key 161. As can be seen from FIG. 2, the key management module 160 will generate a unique key pair unique to each card in the initialization process, and store the private key in the key management module 160 and write it publicly. The key 181 is pre-planned in the public key storage area of the smart card module 180; wherein the production process of the key pair can also be assisted by using a hardware security device, and the private key can be directly stored in the hardware security. Among the devices.
在產製此金鑰對之目的在於後續進行寫卡動作時,卡片本身將利用公開金鑰進行簽章之驗證動作,用以判斷欲寫入之資料是否確定由同一金鑰對之私密金鑰所進行簽署;由於當使用者申辦多卡合一證件時,使用者資訊及配發之卡片金鑰間的配對關係將紀錄於金鑰管理模組中,因此根據卡片驗證簽章之結果,即可判斷出欲寫入之資料是否確為所屬使用者之個人化產製資料,唯有驗證簽章正確時,方可進行寫卡動作。金鑰產製的方法是由金鑰管理模組產製,並從外部將公開金鑰寫入卡片,此舉與直接從卡片內部產製金鑰之方法有所不同,其原因在於卡片內部產製金鑰之目的主要是利用卡片內之私密金鑰進行簽章,而上述所提及透過金鑰管理模組產製金鑰對,並將公開金鑰寫入卡片之中,此舉之目的是要利用卡片上之公開金鑰來驗證簽章,意即利用卡片上之公開金鑰來驗證欲寫入之資料確定為該使用者之私密金鑰所簽署, 等同於使用卡片本身來檢驗欲寫入資料之合法性,針對個人化資料而言,如同達到「身分識別」之效果,此目的與過去直接使用卡片進行簽章之應用場景有所差異,可避免發出具不同使用者資料的多卡合一智慧卡,達降低偽卡數量的功效。 When the purpose of producing the key pair is to perform a subsequent card write operation, the card itself will use the public key to perform the verification action of the signature to determine whether the data to be written determines the private key of the same key pair. Signing; because when the user applies for the multi-card ID, the matching relationship between the user information and the issued card key will be recorded in the key management module, so according to the result of the card verification signature, It can be judged whether the information to be written is the personalized product data of the user, and the card writing action can only be performed when the verification signature is correct. The key production method is produced by the key management module, and the public key is written to the card from the outside. This is different from the method of directly producing the key from the inside of the card. The purpose of the key is to use the private key in the card to sign, and the above mentioned key generation by the key management module, and the public key is written into the card, the purpose of this It is to use the public key on the card to verify the signature, that is, to use the public key on the card to verify that the information to be written is determined to be signed by the user's private key. It is equivalent to using the card itself to verify the legitimacy of the data to be written. For the personalized data, as with the effect of “identity recognition”, this purpose is different from the application scenario in which the card was directly used for signing in the past. A multi-card smart card with different user data is issued to reduce the number of fake cards.
請參閱圖3所示,為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之發卡流程圖,包括:S310獲得使用者資訊或需求;多卡合一發行管理平台S320提出個人化資料要求;卡片服務供應商S303完成個人化資料產製;卡片服務供應商S304提出簽章要求;金鑰管理模組S305完成簽章動作;金鑰管理模組S306回傳簽章資料;卡片服務供應商S307回傳個人化資料與對應簽章;多卡合一發行管理平台S308提出寫卡要求;寫卡元件模組S309進行寫卡動作。 Please refer to FIG. 3, which is a flow chart of card issuance system and method for card application service based on multi-card integration, including: S310 obtains user information or demand; and multi-card integration management platform S320 proposes individual The data service requirement; the card service provider S303 completes the personalized data production system; the card service provider S304 proposes the signature requirement; the key management module S305 completes the signature action; the key management module S306 returns the signature information; The service provider S307 returns the personalized data and the corresponding signature; the multi-card integration management platform S308 proposes the writing card; and the writing card component module S309 performs the writing operation.
由上述得知,多卡合一發行管理平台須根據所收到的使用者資訊,以及該使用者所要求之卡片應用服務,向相對應之卡片服務供應商要求該使用者之個人化資料,此時多卡合一發行管理平台須告知卡片服務供應商所需之使用者資訊,例如:使用者之唯一識別代碼(如:帳號、識別碼等)。當卡片服務供應商獲得使用者之識別資訊後,首先會針對該使用者進行個人化資料產製,產製完成後則根據使用者識別資訊向金鑰管理模組提出簽章要求,而簽章要求中須提供給金鑰管理模組之必要資訊至少需要包含使用者識別資訊,以及個人化資料雜湊值等兩項主要資訊。當金鑰管理模組收到簽章要求之後,則根據簽章要求中的使用者識別資訊,以該使用 者之私密金鑰,對此使用者之個人化資料雜湊值進行簽章動作,完成簽章後再回傳至卡片服務供應商。卡片服務供應商收到金鑰管理模組回傳之簽章資料後,才將個人化資料與簽章一併回傳至多卡合一發行管理平台,多卡合一發行管理平台則會將個人化資料與簽章傳送至寫卡元件模組,由寫卡元件模組開始進行寫卡動作。 It is known from the above that the multi-card integration management platform must request the personalized information of the user from the corresponding card service provider according to the received user information and the card application service requested by the user. At this time, the multi-card integration management platform must inform the card service provider of the user information required, for example, the user's unique identification code (eg, account number, identification code, etc.). When the card service provider obtains the user's identification information, the user first conducts personalized information production for the user. After the production is completed, the signature management request is submitted to the key management module according to the user identification information, and the signature is signed. The necessary information required to be provided to the key management module in the request must contain at least two main pieces of information, such as user identification information and personalized data hash value. After the key management module receives the signature request, it uses the user identification information in the signature request for the use. The private key of the user, signing the user's personalized data hash value, and then returning to the card service provider after completing the signature. After receiving the signature information returned by the key management module, the card service provider will return the personalized data and the signature to the multi-card integration management platform. The multi-card integration management platform will be the individual. The data and the signature are transmitted to the writing card component module, and the writing card component module starts the writing operation.
請參閱圖4所示,為本發明基於多卡合一之卡片應用服務防偽寫入系統與方法之寫卡動作流程圖,是包含:S401個人化資料與對應簽章;寫卡元件模組S402接收多卡合一發行管理平台之個人化資料與簽章;寫卡元件模組S403將個人化資料與簽章輸入智慧卡模組之S404卡片服務供應商所屬之應用程式;智慧卡模組S405卡片公開金鑰存放區驗證卡片服務供應商所屬之應用程式之個人化資料與簽章。 Please refer to FIG. 4 , which is a flow chart of the card writing operation of the anti-counterfeiting writing system and method for the card application service based on the multi-card combination, which comprises: S401 personalized data and corresponding signature; the writing card component module S402 Receiving the personalized information and signature of the multi-card integration management platform; the writing component module S403 inputs the personalized data and the signature into the application of the S404 card service provider of the smart card module; the smart card module S405 The card public key storage area verifies the personalized information and signature of the application to which the card service provider belongs.
由上述得知,寫卡元件模組與智慧卡模組進行通訊,並選擇特定卡片服務供應商所屬之應用程式以嘗試進行個人化資料寫入。寫卡元件模組對智慧卡模組建立連線通道,並將接收到的個人化資料與簽章傳遞給智慧卡模組,而在本實施例中智慧卡模組中之卡片服務供應商所屬之應用程式是以applet的形式存在,而寫卡元件模組是為國際標準ISO 7816,再將欲寫入之個人化資料與簽章傳送給對應之卡片服務供應商所屬之應用程式,卡片服務供應商所屬之應用程式將由金鑰存放區取得公開金鑰進行簽章驗證,並依驗證結果決定是否寫入收到的個人化資料。 It is known from the above that the write card component module communicates with the smart card module and selects an application to which the specific card service provider belongs to attempt to write the personalized data. The card component module establishes a connection channel for the smart card module, and transmits the received personalized data and the signature to the smart card module, and in the embodiment, the card service provider in the smart card module belongs to The application is in the form of an applet, and the write card component module is an international standard ISO 7816, and then the personalized data and signature to be written are transmitted to the corresponding card service provider's application, card service. The application to which the supplier belongs will be obtained by the key storage area to obtain the public key for signature verification, and determine whether to write the received personalized data according to the verification result.
請參閱圖5所示,為本發明基於多卡合一之卡片 應用服務防偽寫入系統與方法之驗證流程圖,是包含:S501個人化資料與簽章輸入應用程式執行碼模組應用程式執行碼模組之S502個人化資料簽章驗證單元向S503卡片公開金鑰存放區接收公開金鑰;應用程式執行碼模組之S504正常應用程式處裡單元接收驗證成功之個人化資料;卡片應用程式模組之S505應用程式區接收由正常應用程式處裡單元接收之驗證成功之個人化資料。 Please refer to FIG. 5, which is a card based on multi-card in accordance with the present invention. The verification flow chart of the application service anti-counterfeiting writing system and method is: S501 personalized data and signature input application execution code module application execution code module S502 personalized data signature verification unit to S503 card public gold The key storage area receives the public key; the S504 normal application unit of the application execution code module receives the personalized data that is successfully verified; the S505 application area of the card application module is received by the unit in the normal application unit. Verify successful personalization.
由上述得知,卡片初始化過程中會產生專屬於每張卡片之唯一金鑰對,其私鑰存放於金鑰管理模組,而對應之公鑰則寫入卡片之公開金鑰存放區內。卡片內之應用程式取得個人化資料與簽章後,將經由應用程式可執行碼執行驗證簽章程序。應用程式可執行碼以Java Card應用程式介面向卡片公開金鑰存放區取得卡片公開金鑰,並以此公鑰驗證個人化資料對應之簽章。若個人化資料經過竄改、替換為非原卡片使用者之資料,則於金鑰管理模組會使用非原卡片使用者之私密金鑰簽章,此驗簽程序將會失敗,應用程式可執行碼將回覆存取失敗而拒絕寫入。若驗簽程序成功,則代表此個人化資料是由金鑰管理模組認證為原卡片使用者對應的個人化資料,應用程式可執行碼將會把驗證成功之個人化資料寫入應用程式資料區。如此即完成一種基於多卡合一之卡片應用服務防偽寫入系統與方法。 It is known from the above that during the card initialization process, a unique key pair unique to each card is generated, and the private key is stored in the key management module, and the corresponding public key is written in the public key storage area of the card. After the application in the card obtains the personalized data and signature, the verification signature program will be executed via the application executable code. The application executable code obtains the card public key from the Java Card application program for the card public key storage area, and uses the public key to verify the signature corresponding to the personalized data. If the personalized data has been tampered with and replaced with the data of the non-origin card user, the key management module will use the private key signature of the non-origin card user, the verification procedure will fail, and the application can be executed. The code will reply to the failed access and refuse to write. If the verification procedure is successful, the personalized data is authenticated by the key management module as the personalized data corresponding to the original card user, and the application executable code will write the verified personalized data into the application data. Area. Thus, a system and method for anti-counterfeiting writing of a card application service based on multi-card is completed.
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。 The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。 To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
110‧‧‧使用者 110‧‧‧Users
120‧‧‧申辦受理模組 120‧‧‧Application Acceptance Module
130‧‧‧製卡管理模組 130‧‧‧Card Management Module
131‧‧‧操作人員 131‧‧‧Operators
140‧‧‧多卡合一發行管理平台 140‧‧‧Doka One Distribution Management Platform
150‧‧‧卡片服務供應商 150‧‧‧Card Service Provider
160‧‧‧金鑰管理模組 160‧‧‧Key Management Module
170‧‧‧寫卡元件模組 170‧‧‧Write Card Component Module
180‧‧‧智慧卡模組 180‧‧‧Smart Card Module
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105137566A TWI596547B (en) | 2016-11-17 | 2016-11-17 | Card application service anti-counterfeiting writing system and method based on multi-card combination |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105137566A TWI596547B (en) | 2016-11-17 | 2016-11-17 | Card application service anti-counterfeiting writing system and method based on multi-card combination |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI596547B true TWI596547B (en) | 2017-08-21 |
TW201820209A TW201820209A (en) | 2018-06-01 |
Family
ID=60189397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW105137566A TWI596547B (en) | 2016-11-17 | 2016-11-17 | Card application service anti-counterfeiting writing system and method based on multi-card combination |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI596547B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI707247B (en) * | 2018-12-28 | 2020-10-11 | 中華電信股份有限公司 | Data security system and operation method thereof |
CN111627146A (en) * | 2020-06-05 | 2020-09-04 | 中国银行股份有限公司 | User behavior identification method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200502840A (en) * | 2003-07-07 | 2005-01-16 | Acer Inc | Data processing method between a smart card with multiple application programs and a terminal |
US20080005567A1 (en) * | 2006-01-24 | 2008-01-03 | Stepnexus, Inc. | Method and system for personalizing smart cards using asymmetric key cryptography |
TW200949765A (en) * | 2008-05-16 | 2009-12-01 | President Information Corp | Verification system and method of smart card |
TW201101778A (en) * | 2009-06-19 | 2011-01-01 | Chunghwa Telecom Co Ltd | Security authentication method of integrating certificate and IC card management |
US20120198548A1 (en) * | 2011-02-01 | 2012-08-02 | Kingston Technology Corporation | Blank smart card device issuance system |
CN102064944B (en) * | 2010-11-30 | 2013-01-09 | 飞天诚信科技股份有限公司 | Safety card issuing method as well as card issuing equipment and system |
TW201512888A (en) * | 2013-09-16 | 2015-04-01 | Chunghwa Telecom Co Ltd | A cloud card system and operation method |
TW201541924A (en) * | 2014-04-21 | 2015-11-01 | Ding Ding Integrated Marketing Service Co Ltd | Method for authenticating user information |
-
2016
- 2016-11-17 TW TW105137566A patent/TWI596547B/en active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200502840A (en) * | 2003-07-07 | 2005-01-16 | Acer Inc | Data processing method between a smart card with multiple application programs and a terminal |
US20080005567A1 (en) * | 2006-01-24 | 2008-01-03 | Stepnexus, Inc. | Method and system for personalizing smart cards using asymmetric key cryptography |
TW200949765A (en) * | 2008-05-16 | 2009-12-01 | President Information Corp | Verification system and method of smart card |
TW201101778A (en) * | 2009-06-19 | 2011-01-01 | Chunghwa Telecom Co Ltd | Security authentication method of integrating certificate and IC card management |
CN102064944B (en) * | 2010-11-30 | 2013-01-09 | 飞天诚信科技股份有限公司 | Safety card issuing method as well as card issuing equipment and system |
US20120198548A1 (en) * | 2011-02-01 | 2012-08-02 | Kingston Technology Corporation | Blank smart card device issuance system |
TW201512888A (en) * | 2013-09-16 | 2015-04-01 | Chunghwa Telecom Co Ltd | A cloud card system and operation method |
TW201541924A (en) * | 2014-04-21 | 2015-11-01 | Ding Ding Integrated Marketing Service Co Ltd | Method for authenticating user information |
Also Published As
Publication number | Publication date |
---|---|
TW201820209A (en) | 2018-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11664997B2 (en) | Authentication in ubiquitous environment | |
JP7230235B2 (en) | Using Contactless Cards to Securely Share Personal Data Stored on Blockchain | |
US10616222B2 (en) | Authenticator centralization and protection based on authenticator type and authentication policy | |
CN106576044B (en) | Authentication in ubiquitous environments | |
ES2599985T3 (en) | Validation at any time for verification tokens | |
AU2020414359B2 (en) | Steganographic image encoding of biometric template information on a card | |
KR20100126291A (en) | Method for reading attributes from an id token | |
JP6691582B2 (en) | User authentication method and authentication management method | |
EP3485600B1 (en) | Method for providing secure digital signatures | |
TWI596547B (en) | Card application service anti-counterfeiting writing system and method based on multi-card combination | |
KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
JP2020115386A (en) | Authentication in ubiquitous environment | |
KR20200031026A (en) | Apparatus and Method for Processing Signal | |
KR20120129617A (en) | Identification card, apparatus and method for issuing card |