[go: up one dir, main page]

CN106845300A - A kind of secure readers and safe card reading method - Google Patents

A kind of secure readers and safe card reading method Download PDF

Info

Publication number
CN106845300A
CN106845300A CN201611094775.5A CN201611094775A CN106845300A CN 106845300 A CN106845300 A CN 106845300A CN 201611094775 A CN201611094775 A CN 201611094775A CN 106845300 A CN106845300 A CN 106845300A
Authority
CN
China
Prior art keywords
module
card reading
terminal device
card reader
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611094775.5A
Other languages
Chinese (zh)
Inventor
陆勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchSmart Technologies Co Ltd filed Critical Beijing WatchSmart Technologies Co Ltd
Priority to CN201611094775.5A priority Critical patent/CN106845300A/en
Publication of CN106845300A publication Critical patent/CN106845300A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10237Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves the reader and the record carrier being capable of selectively switching between reader and record carrier appearance, e.g. in near field communication [NFC] devices where the NFC device may function as an RFID reader or as an RFID tag
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Toxicology (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种安全读卡器和安全读卡方法,属于读卡器设备领域。所述安全读卡器包括读卡模块和用于与终端设备连接进行数据传输的数据传输模块,所述读卡模块包括接触式读卡单元和非接触式读卡单元,该读卡器还包括安全模块和用于控制读卡模块的工作模式的控制模块,接触式读卡单元和非接触式读卡单元分别与控制模块连接,所述控制模块通过安全模块与数据传输模块连接。本发明实施例中所提供的安全读卡器和安全读卡方法,通过安全模块和控制模块,对读卡器与终端设备两者间交互数据提供了硬件级别的安全保证,解决了读卡器与终端设备间的交互数据容易泄露的问题,保障了两者间数据传输的安全。

The invention discloses a safe card reader and a safe card reading method, belonging to the field of card reader equipment. The secure card reader includes a card reading module and a data transmission module for connecting with a terminal device for data transmission, the card reading module includes a contact card reading unit and a non-contact card reading unit, and the card reader also includes The security module and the control module for controlling the working mode of the card reading module, the contact card reading unit and the non-contact card reading unit are respectively connected with the control module, and the control module is connected with the data transmission module through the security module. The secure card reader and the secure card reading method provided in the embodiments of the present invention provide a hardware-level security guarantee for the interactive data between the card reader and the terminal device through the security module and the control module, and solve the problem of card reader The problem of easy leakage of interactive data with terminal equipment ensures the security of data transmission between the two.

Description

一种安全读卡器和安全读卡方法A kind of safe card reader and safe card reading method

技术领域technical field

本发明涉及读卡器设备领域,具体涉及一种安全读卡器和安全读卡方法。The invention relates to the field of card reader equipment, in particular to a safe card reader and a safe card reading method.

背景技术Background technique

IC卡,是将一个微电子芯片嵌入符合ISO 7816标准的卡基中,做成卡片形式。根据通讯接口把IC卡分成接触式IC卡、非接触式IC和双界面卡(同时具备接触式与非接触式通讯接口)。作为IC卡的读写设备,读卡器也可以将其分为接触式IC卡读卡器、非接触式IC卡读卡器以及远距离读卡器。IC卡与读写器之间的通讯方式可以是接触式,也可以是非接触式。读卡器通过接触式/非接触式方式读取IC卡中的信息,再通过蓝牙、USB或红外等方式将数据上传到终端设备中。目前,读卡器在将数据上传到终端设备时,数据传输的过程中一般都是以明文传输,安全系数低,容易导致数据泄露,尤其是在以蓝牙方式传输数据的时候。An IC card is made into a card form by embedding a microelectronic chip into a card base conforming to the ISO 7816 standard. According to the communication interface, IC cards are divided into contact IC cards, non-contact IC cards and dual-interface cards (both contact and non-contact communication interfaces). As an IC card reading and writing device, card readers can also be divided into contact IC card readers, non-contact IC card readers and long-distance card readers. The communication mode between the IC card and the reader can be contact or non-contact. The card reader reads the information in the IC card through a contact/non-contact method, and then uploads the data to the terminal device through Bluetooth, USB or infrared. At present, when the card reader uploads data to the terminal device, the data transmission process is generally transmitted in plain text, which has a low safety factor and may easily lead to data leakage, especially when transmitting data by Bluetooth.

本发明内容Contents of the invention

针对现有技术中存在的缺陷,本发明的目的在于提供一种安全读卡器和安全读卡方法,通过该读卡器和读卡方法能够有效保证读卡器与终端设备间数据传输的安全性。In view of the defects existing in the prior art, the object of the present invention is to provide a safe card reader and a safe card reading method, through which the card reader and the card reading method can effectively ensure the security of data transmission between the card reader and the terminal equipment sex.

为实现上述目的,本发明所采用的技术方案为:一种安全读卡器,包括读卡模块和用于与终端设备连接进行数据传输的数据传输模块,所述读卡模块包括接触式读卡单元和非接触式读卡单元,还包括安全模块和用于控制读卡模块的工作模式的控制模块,接触式读卡单元和非接触式读卡单元分别与控制模块连接,所述控制模块通过安全模块与数据传输模块连接。In order to achieve the above object, the technical solution adopted in the present invention is: a secure card reader, including a card reading module and a data transmission module for connecting with a terminal device for data transmission, the card reading module includes a contact card reader The unit and the non-contact card reading unit also include a security module and a control module for controlling the working mode of the card reading module, and the contact card reading unit and the non-contact card reading unit are respectively connected with the control module, and the control module passes through The security module is connected with the data transmission module.

进一步,如上所述的一种安全读卡器,所述安全模块包括加解密单元。Further, in the above-mentioned secure card reader, the security module includes an encryption and decryption unit.

进一步,如上所述的一种安全读卡器,所述安全模块还包括用于与终端设备进行双向安全认证的终端设备验证单元。Further, in the secure card reader as described above, the security module further includes a terminal device verification unit for conducting two-way security authentication with the terminal device.

进一步,如上所述的一种安全读卡器,所述安全模块还包括用于存储终端设备相关信息的设备信息存储单元,所述终端设备相关信息包括终端设备的唯一标识Further, in the secure card reader as described above, the security module further includes a device information storage unit for storing terminal device related information, and the terminal device related information includes the unique identifier of the terminal device

进一步,如上所述的一种安全读卡器,所述安全模块为安全元件SE。Further, in the above-mentioned secure card reader, the security module is a security element SE.

进一步,如上所述的一种安全读卡器,还包括用于对安全读卡器的各模块进行供电的电源管理模块,所述电源管理模块包括电源模块和电压转换模块,电源模块通过电压转换模块与读卡器的各模块连接。Further, a security card reader as described above also includes a power management module for supplying power to each module of the security card reader, the power management module includes a power supply module and a voltage conversion module, and the power supply module converts voltage The module is connected with each module of the card reader.

进一步,如上所述的一种安全读卡器,所述数据传输模块包括以下模块中的至少一种:Further, for a secure card reader as described above, the data transmission module includes at least one of the following modules:

USB通信模块、蓝牙通信模块、红外通信模块、Wifi通信模块。USB communication module, Bluetooth communication module, infrared communication module, Wifi communication module.

进一步,如上所述的一种安全读卡器,所述控制模块为主控芯片MCU。Further, in the above-mentioned secure card reader, the control module is the main control chip MCU.

本发明实施例中还提供了一种基于所述安全读卡器的一种安全读卡方法,包括以下步骤:An embodiment of the present invention also provides a secure card reading method based on the secure card reader, comprising the following steps:

读卡器的控制模块控制接触式读卡单元或非接触式读卡单元读取IC卡上的第一数据,并将第一数据发送到安全模块;The control module of the card reader controls the contact type card reading unit or the non-contact type card reading unit to read the first data on the IC card, and send the first data to the security module;

所述安全模块对所述第一数据进行加密,并将加密后的密文通过数据传输模块发送到终端设备;The security module encrypts the first data, and sends the encrypted ciphertext to the terminal device through the data transmission module;

读卡器的安全模块通过数据传输模块接收终端设备下发的第二数据,对所述第二数据进行解密,并将解密后的明文发送到控制模块;The security module of the card reader receives the second data issued by the terminal device through the data transmission module, decrypts the second data, and sends the decrypted plaintext to the control module;

控制模块根据解密后的明文,控制接触式读卡单元或非接触式读卡单元完成对IC卡的操作。The control module controls the contact type card reading unit or the non-contact type card reading unit to complete the operation on the IC card according to the decrypted plaintext.

进一步,如上所述的一种安全读卡方法,读卡器与终端设备之间进行数据交互前,还包括:Further, in the secure card reading method described above, before data interaction between the card reader and the terminal device, it also includes:

读卡器通过所述安全模块与终端设备进行双向认证,双向认证均通过后,读卡器与终端设备进行数据交互。The card reader performs two-way authentication with the terminal device through the security module, and after the two-way authentication passes, the card reader performs data interaction with the terminal device.

本发明的有益效果在于:本发明实施例中所提供的安全读卡器和安全读卡方法,通过安全模块和控制模块,对读卡器与终端设备两者间交互数据提供了硬件级别的安全保证,解决了读卡器与终端设备间交互数据容易泄露的问题。此外,本发明的另一个实施例中,读卡器与终端设备进行数据交互前,还可以基于安全模块完成两者间的双向安全验证,进一步保证接入的读卡器或终端设备的合法性,保障了数据传输的安全。The beneficial effect of the present invention is that: the secure card reader and the secure card reading method provided in the embodiment of the present invention provide hardware-level security for the data exchanged between the card reader and the terminal device through the security module and the control module. Guaranteed to solve the problem that the interactive data between the card reader and the terminal device is easy to leak. In addition, in another embodiment of the present invention, before the card reader and the terminal device perform data interaction, the two-way security verification between the two can be completed based on the security module to further ensure the legitimacy of the connected card reader or terminal device , ensuring the security of data transmission.

附图说明Description of drawings

图1为本发明具体实施方式中提供的一种安全读卡器的结构示意图;Fig. 1 is a schematic structural view of a secure card reader provided in a specific embodiment of the present invention;

图2为本发明具体实施方式中安全模块的一种结构示意图;FIG. 2 is a schematic structural view of a security module in a specific embodiment of the present invention;

图3为本发明具体实施方式中提供的一种安全读卡器的结构示意图;3 is a schematic structural view of a secure card reader provided in a specific embodiment of the present invention;

图4为本发明具体实施方式中提供的一种安全读卡方法的流程示意图。Fig. 4 is a schematic flowchart of a secure card reading method provided in a specific embodiment of the present invention.

具体实施方式detailed description

下面结合说明书附图与具体实施方式对本发明做进一步的详细说明。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

图1示出了本发明的一个实施例中提供的一种安全读卡器的结构示意图,由图中可以看出,该安全读卡器100包括读卡模块110和用于与终端设备200连接进行数据传输的数据传输模块120,所述读卡模块110包括接触式读卡单元111和非接触式读卡单元110,其中,所述安全读卡器110还包括安全模块130和用于控制读卡模块110的工作模式的控制模块140,接触式读卡单元111和非接触式读卡单元112分别与控制模块140连接,所述控制模块140通过安全模块130与数据传输模块120连接。其中,所述读卡模块110的工作模式为接触式读卡或非接触式读卡。Fig. 1 shows a schematic structural view of a secure card reader provided in an embodiment of the present invention, as can be seen from the figure, the secure card reader 100 includes a card reader module 110 and is used to connect with a terminal device 200 A data transmission module 120 for data transmission, the card reading module 110 includes a contact card reading unit 111 and a non-contact card reading unit 110, wherein the secure card reader 110 also includes a security module 130 and is used to control the reading The control module 140 of the working mode of the card module 110 , the contact card reading unit 111 and the contactless card reading unit 112 are respectively connected with the control module 140 , and the control module 140 is connected with the data transmission module 120 through the security module 130 . Wherein, the working mode of the card reading module 110 is contact card reading or non-contact card reading.

本发明提供的所述安全读卡器100,通过所述安全模块130,使得读卡器与终端设备200之间的交互数据,均需要通过安全模块130的处理,解决了所述两者间交互数据传输不安全的问题。其中,所述交互数据包括读卡器通过接触式读卡单元111或非接触读卡器单元112读取到的卡片中的信息,或者是终端设备200需要下发到卡片中的操作指令或其它数据信息。The security card reader 100 provided by the present invention, through the security module 130, makes the interaction data between the card reader and the terminal device 200 need to be processed by the security module 130, which solves the problem of the interaction between the two. The problem of insecure data transmission. Wherein, the interaction data includes the information in the card read by the card reader through the contact card reader unit 111 or the contactless card reader unit 112, or the operation instruction or other information that the terminal device 200 needs to send to the card. Data information.

所述终端设备200包括但不限于智能手机、PC机以及服务器等。The terminal device 200 includes, but is not limited to, a smart phone, a PC, and a server.

在本发明的一个实施例中,所述数据传输模块120包括以下模块中的至少一种:USB通信模块、蓝牙通信模块、红外通信模块、Wifi通信模块。In an embodiment of the present invention, the data transmission module 120 includes at least one of the following modules: a USB communication module, a Bluetooth communication module, an infrared communication module, and a Wifi communication module.

在实际应用中,可以根据需要选择上述一种或多种数据传输模块,使终端设备200与安全读卡器100之间可以根据实际应用场景的需求进行不同通信方式的选择。此外,安全读卡器100与终端设备200通过数据传输模块120连接后,终端设备还可以通过所述数据传输模块120为读卡器提供工作电源,即读卡器的工作电源可以由终端设备200提供,例如,PC机可以通过USB接口为读卡器提供工作电源。In practical applications, one or more of the above-mentioned data transmission modules can be selected according to needs, so that different communication modes can be selected between the terminal device 200 and the secure card reader 100 according to the requirements of practical application scenarios. In addition, after the secure card reader 100 is connected to the terminal device 200 through the data transmission module 120, the terminal device can also provide working power for the card reader through the data transmission module 120, that is, the working power of the card reader can be provided by the terminal device 200 Provide, for example, a PC can provide working power for the card reader through the USB interface.

在本发明的一个实施例中,所述安全模块130包括加解密单元131,如图2所示,所述加解密单元131通过其存储的密钥数据,对安全读卡器100与终端设备200之间的交互数据进行加密或解密处理。其中,所述加解密单元121中存储的具体密钥数据由读卡器与终端设备200之间所约定的具体加解密方式决定,所述具体加解密方式可以根据实际需要进行选择。In one embodiment of the present invention, the security module 130 includes an encryption and decryption unit 131, as shown in FIG. Encrypt or decrypt the interaction data between them. Wherein, the specific key data stored in the encryption and decryption unit 121 is determined by a specific encryption and decryption method agreed between the card reader and the terminal device 200, and the specific encryption and decryption method can be selected according to actual needs.

在本发明的一个实施例中,所述安全模块130还可以包括用于与终端设备200进行双向安全认证的终端设备验证单元132,如图2所示。In an embodiment of the present invention, the security module 130 may further include a terminal device verification unit 132 for performing two-way security authentication with the terminal device 200, as shown in FIG. 2 .

采用本实施例中的方案,安全读卡器100与终端设备200进行交互数据的传输前,可以通过终端设备验证单元132完成两者间的双向认证,只有双向认证均通过,才能够进行后续的交互数据的传输。通过终端设备验证单元132,对终端设备和安全读卡器均进行安全验证,保证了进行数据传输的读卡器与终端设备的合法性。Using the solution in this embodiment, before the secure card reader 100 and the terminal device 200 perform interactive data transmission, the two-way authentication between the two can be completed through the terminal device verification unit 132. Only when the two-way authentication passes, can the subsequent Transmission of interactive data. Through the terminal device verification unit 132, security verification is performed on both the terminal device and the secure card reader, thereby ensuring the legitimacy of the card reader and the terminal device for data transmission.

在本发明的一个实施例中,所述安全模块130还可以包括用于存储终端设备相关信息的设备信息存储单元133,所述终端设备相关信息包括终端设备的唯一标识,如设备的序列号或其它标识ID。此时,终端设备验证单元132可以基于设备信息存储单元133中所存储的设备先关信息与终端设备进行双向认证,即所述终端设备相关信息用作双向认证的参数,由于所述终端设备相关信息具有唯一性,因此采用该方式,保证了双向认证过程中一个终端设备对应唯一的的认证参数。In an embodiment of the present invention, the security module 130 may further include a device information storage unit 133 for storing terminal device-related information, the terminal device-related information includes the unique identifier of the terminal device, such as the serial number of the device or Other IDs. At this time, the terminal device verification unit 132 can perform two-way authentication with the terminal device based on the device-related information stored in the device information storage unit 133, that is, the terminal device-related information is used as a parameter for two-way authentication, because the terminal device The information is unique, so this method ensures that a terminal device corresponds to a unique authentication parameter in the two-way authentication process.

需要说明的是,双向认证的具体实现方式为现有技术,具体选用何种双向认证方式可以根据实际需要进行选择,所述终端设备相关信息在双向认证的所起到的具体作用由选择的具体双向认证方案以及用户的设置决定。It should be noted that the specific implementation method of two-way authentication is an existing technology, and the specific two-way authentication method to be selected can be selected according to actual needs. Two-way authentication schemes and user settings are determined.

在实际操作中,所述安全模块130可以直接选用安全元件SE。所述控制模块140可以直接选用主控芯片MCU来实现。In actual operation, the security module 130 may directly select the security element SE. The control module 140 can be implemented directly by selecting the main control chip MCU.

在本发明的一个实施例中,所述安全读卡器100还可以包括用于对安全读卡器的各模块进行供电的电源管理模块150,如图3所示,其中,所述电源管理模块150包括电源模块151和电压转换模块152,电源模块151通过电压转换模块152与读卡器的各模块连接。In one embodiment of the present invention, the secure card reader 100 may also include a power management module 150 for supplying power to each module of the secure card reader, as shown in FIG. 3 , wherein the power management module 150 includes a power supply module 151 and a voltage conversion module 152, and the power supply module 151 is connected to each module of the card reader through the voltage conversion module 152.

本实施例中,所述安全读卡器100为有源读卡器,电源管理模块150用于为读卡器的各模块(包括控制模块140、安全模块130、数据传输模块120、接触式读卡单元111)供电,其中,所述电源模块151包括但不限于可充电电池,所述电压转换模块152用于将电源模块151的电压转换为各模块所需要的工作电压。In this embodiment, the secure card reader 100 is an active card reader, and the power management module 150 is used for each module of the card reader (including the control module 140, the security module 130, the data transmission module 120, the contact reader The card unit 111) provides power, wherein the power module 151 includes but not limited to a rechargeable battery, and the voltage conversion module 152 is used to convert the voltage of the power module 151 into the working voltage required by each module.

本发明的实施例中还提供了一种基于上述安全读卡器的安全读卡方法,如图4所示,该方法主要可以包括以下步骤:An embodiment of the present invention also provides a secure card reading method based on the above secure card reader, as shown in Figure 4, the method may mainly include the following steps:

步骤S2:读卡器的控制模块控制接触式读卡单元或非接触式读卡单元读取IC卡上的第一数据,并将第一数据发送到安全模块;Step S2: the control module of the card reader controls the contact type card reading unit or the non-contact type card reading unit to read the first data on the IC card, and send the first data to the security module;

步骤S3:所述安全模块对所述第一数据进行加密,并将加密后的密文通过数据传输模块发送到终端设备;Step S3: the security module encrypts the first data, and sends the encrypted ciphertext to the terminal device through the data transmission module;

步骤S4:读卡器的安全模块通过数据传输模块接收终端设备下发的第二数据,对所述第二数据进行解密,并将解密后的明文发送到控制模块;Step S4: The security module of the card reader receives the second data sent by the terminal device through the data transmission module, decrypts the second data, and sends the decrypted plaintext to the control module;

步骤S5:控制模块根据解密后的明文,控制接触式读卡单元或非接触式读卡单元完成对IC卡的操作。Step S5: The control module controls the contact card reading unit or the non-contact card reading unit to complete the operation on the IC card according to the decrypted plaintext.

读卡器与终端设备通过数据传输模块连接后,读卡器读取IC中的第一数据后,将读取到的第一数据加密后再发送到终端设备,终端设备通过读卡器向IC卡下发第二数据时,第二数据也是加密后的数据,需要有安全模块先解密后再根据第二数据的明文完成对IC卡的操作。可见,不论是读卡器上传的数据还是终端设备下发的数据,均需要通过安全模块的处理,保证了数据传输的安全性。After the card reader is connected to the terminal device through the data transmission module, after the card reader reads the first data in the IC, it encrypts the read first data and then sends it to the terminal device, and the terminal device sends the data to the IC through the card reader. When the card sends the second data, the second data is also encrypted data, and a security module is required to decrypt it first and then complete the operation on the IC card according to the plaintext of the second data. It can be seen that no matter the data uploaded by the card reader or the data sent by the terminal equipment, it needs to be processed by the security module to ensure the security of data transmission.

需要说明的是,上述步骤S2-步骤S5的顺序并不是唯一的,根据应用场景的不同顺序也可能不同。例如,当需要对IC卡中的安全应用或其它信息进行操作时,如果此时只有终端设备通过读卡器向IC发送操作指令时,所述方法可以只包括步骤S3和步骤S4,也可以是终端设备先向读卡器下发数据,读卡器根据下发数据完成操作后再向读卡器返回响应数据,此时,所述方法的步骤即为步骤S3、S4、S1和S2。It should be noted that the above sequence of steps S2 to S5 is not unique, and the sequence may be different according to different application scenarios. For example, when it is necessary to operate the security application or other information in the IC card, if only the terminal device sends an operation instruction to the IC through the card reader, the method may only include steps S3 and S4, or it may be The terminal device first sends data to the card reader, and the card reader returns response data to the card reader after completing the operation according to the sent data. At this time, the steps of the method are steps S3, S4, S1 and S2.

在本发明的一个实施例中,当所述读卡器包括终端设备验证单元时,读卡器与终端设备之间进行数据交互前,该读卡方法还可以包括:In an embodiment of the present invention, when the card reader includes a terminal device verification unit, before data interaction between the card reader and the terminal device, the card reading method may further include:

步骤S1:读卡器通过所述安全模块与终端设备进行双向认证;Step S1: the card reader performs two-way authentication with the terminal device through the security module;

读卡器与终端设备进行数据交互(读卡器向终端设备上传数据或终端设备向读卡器下发数据)前,首先进行两者的双向认证,双向认证均通过后,读卡器与终端设备才能够进行数据交互。通过进行双向认证,保证了进行数据交互的读卡器和终端设备均是合法的设备,进一步提高了数据交互的安全性。Before the card reader and the terminal device perform data interaction (the card reader uploads data to the terminal device or the terminal device sends data to the card reader), the two-way authentication of the two is first performed. After the two-way authentication is passed, the card reader and the terminal Only devices can exchange data. Through two-way authentication, it is ensured that the card reader and the terminal device for data interaction are legal devices, further improving the security of data interaction.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其同等技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (10)

1. a kind of secure readers, including card reading module (110) and for being connected what is carried out data transmission with terminal device (200) Data transmission module (120), the card reading module (110) includes contact card reading unit (111) and contactless card reading unit (112), it is characterised in that:Also include security module (130) and the control mould for controlling the mode of operation of card reading module (110) Block (140), contact card reading unit (111) and contactless card reading unit (112) are connected with control module (140) respectively, institute Control module (140) is stated to be connected with data transmission module (120) by security module (130).
2. a kind of secure readers according to claim 1, it is characterised in that:The security module (130) is including adding solution Close unit (131).
3. a kind of secure readers according to claim 2, it is characterised in that:The security module (130) also includes using In the terminal device authentication unit (132) that bidirectional safe certification is carried out with terminal device (200).
4. a kind of secure readers according to claim 3, it is characterised in that:The security module (130) also includes using In the device information storage unit (133) of storage terminal device relevant information, the terminal device relevant information sets including terminal Standby unique mark.
5. according to a kind of secure readers that one of Claims 1-4 is described, it is characterised in that:The security module (130) is Safety element SE.
6. according to a kind of secure readers that one of Claims 1-4 is described, it is characterised in that:Also include being used to read safety The power management module (150) that each module of card device is powered, the power management module (150) is including power module (151) and voltage transformation module (152), power module (151) passes through voltage transformation module (150) and connects with each module of card reader Connect.
7. a kind of secure readers according to claim 6, it is characterised in that:The data transmission module (120) includes With at least one in lower module:
Usb communication module, bluetooth communication, infrared communication module, Wifi communication modules.
8. a kind of secure readers according to claim 6, it is characterised in that:The control module (140) is master control core Piece MCU.
9. a kind of safe card reading method based on one of claim 1 to 8 secure readers, comprises the following steps:
The control module control contact card reading unit of card reader or contactless card reading unit read the first data on IC-card, And by the first data is activation to security module;
The security module is encrypted to first data, and the ciphertext after encryption is sent to by data transmission module Terminal device;
The second data that the security module of card reader is issued by data transmission module receiving terminal apparatus, to second data It is decrypted, and the plaintext after decryption is sent to control module;
Control module is completed to IC-card according to the plaintext after decryption, control contact card reading unit or contactless card reading unit Operation.
10. a kind of safe card reading method according to claim 9, it is characterised in that:Enter between card reader and terminal device Before row data interaction, also include:
Card reader carries out two-way authentication by the security module and terminal device, after two-way authentication passes through, card reader and end End equipment carries out data interaction.
CN201611094775.5A 2016-12-02 2016-12-02 A kind of secure readers and safe card reading method Pending CN106845300A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611094775.5A CN106845300A (en) 2016-12-02 2016-12-02 A kind of secure readers and safe card reading method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611094775.5A CN106845300A (en) 2016-12-02 2016-12-02 A kind of secure readers and safe card reading method

Publications (1)

Publication Number Publication Date
CN106845300A true CN106845300A (en) 2017-06-13

Family

ID=59146414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611094775.5A Pending CN106845300A (en) 2016-12-02 2016-12-02 A kind of secure readers and safe card reading method

Country Status (1)

Country Link
CN (1) CN106845300A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031535A (en) * 2019-11-15 2020-04-17 华中科技大学 Secure communication method and system for smart card system
CN111460471A (en) * 2020-03-18 2020-07-28 北京兆维自服装备技术有限公司 Self-service data processing device and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789068A (en) * 2009-01-22 2010-07-28 深圳市景丰汇达科技有限公司 Card reader safety certification device and method
CN103400091A (en) * 2013-07-04 2013-11-20 深圳市深信信息技术有限公司 All-in-one card reader and agricultural product transaction equipment
CN206270971U (en) * 2016-12-02 2017-06-20 北京握奇智能科技有限公司 A kind of secure readers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789068A (en) * 2009-01-22 2010-07-28 深圳市景丰汇达科技有限公司 Card reader safety certification device and method
CN103400091A (en) * 2013-07-04 2013-11-20 深圳市深信信息技术有限公司 All-in-one card reader and agricultural product transaction equipment
CN206270971U (en) * 2016-12-02 2017-06-20 北京握奇智能科技有限公司 A kind of secure readers

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031535A (en) * 2019-11-15 2020-04-17 华中科技大学 Secure communication method and system for smart card system
CN111460471A (en) * 2020-03-18 2020-07-28 北京兆维自服装备技术有限公司 Self-service data processing device and method

Similar Documents

Publication Publication Date Title
CN101958026B (en) User authentication module setting method and system
CN102611694B (en) Handheld terminal, system and battery information processing method thereof
CN104504563B (en) A kind of mobile message safety means and its method of work
CN103413161B (en) A kind of method of changeable electronic tag and switching for safe mode
CN110084054A (en) A kind of data privacy device, method, electronic equipment and storage medium
CN105376059A (en) Method and system for performing application signature based on electronic key
CN106911476A (en) A kind of ciphering and deciphering device and method
CN104063333A (en) Encrypted storage equipment and encrypted storage method
CN205692372U (en) Electric energy metering terminal based on LoRa wireless communication technology
CN103093139B (en) Integrated circuit (IC) card intelligent gas meter information safety management module
CN101800987A (en) Intelligent card authentication device and method
CN108243402B (en) A method and device for reading and writing smart cards
CN103985042A (en) Digital information encryption and decryption method based on NFC mobile phone and IC card
CN105389526A (en) Mobile hard disk integrating encrypted area and non-encrypted area and data storage method for mobile hard disk
CN102831081A (en) Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof
CN106845300A (en) A kind of secure readers and safe card reading method
CN108171438B (en) Experimental equipment remote management system and method based on IC card and mobile phone mobile terminal
CN103902932B (en) Method for encryption through data encryption and decryption device for USB storage devices
CN206270971U (en) A kind of secure readers
CN106487796A (en) Identity card reads the safe ciphering unit in equipment and its application process
CN207070088U (en) A kind of identity card cloud identifies Verification System
CN105847261A (en) Bluetooth wireless encryption and decryption-based electronic signature method
CN104144051B (en) A kind of remote speech encipher-decipher method
CN204595898U (en) A kind of wireless ID card reader equipment
CN103971044A (en) Radio frequency identification and digital signature integration device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Lu Yong

Inventor after: Wang Youjun

Inventor before: Lu Yong

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20171123

Address after: 100102 Beijing city Chaoyang District Wangjing Lize Park No. 101 west 7 floor International Building Qiming

Applicant after: BEIJING WATCHSMART TECHNOLOGIES Co.,Ltd.

Applicant after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100102 Beijing city Chaoyang District Wangjing Lize Park No. 101 West eight floor International Building Qiming

Applicant before: BEIJING WATCHSMART TECHNOLOGIES Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170613