[go: up one dir, main page]

CN119515377A - A smart card supply chain hierarchical management method and system - Google Patents

A smart card supply chain hierarchical management method and system Download PDF

Info

Publication number
CN119515377A
CN119515377A CN202411593850.7A CN202411593850A CN119515377A CN 119515377 A CN119515377 A CN 119515377A CN 202411593850 A CN202411593850 A CN 202411593850A CN 119515377 A CN119515377 A CN 119515377A
Authority
CN
China
Prior art keywords
key
card
smart card
client
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411593850.7A
Other languages
Chinese (zh)
Inventor
杨文寿
崔永刚
段灿伟
刘焱
马山
李冰
黄鹤飞
秦天福
徐俊波
李军沛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Newcapec Electronics Co Ltd
Original Assignee
Newcapec Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Newcapec Electronics Co Ltd filed Critical Newcapec Electronics Co Ltd
Priority to CN202411593850.7A priority Critical patent/CN119515377A/en
Publication of CN119515377A publication Critical patent/CN119515377A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/229Hierarchy of users of accounts
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及一种智能卡供应链分级管理方法及系统,属于供应链管理技术领域。该方法为:一级管理机构创建虚拟客户,按照虚拟客户信息统一对空白智能卡批量进行加密初始化,并构建对应的二级客户密钥授权关系;一级管理机构根据二级管理机构的订单信息,将加密初始化后的智能卡及对应的二级客户密钥授权关系发行给二级管理机构;二级管理机构确定最终客户,根据最终客户订单,对智能卡对应的二级客户密钥授权关系,对智能卡进行授权认证以及利用最终客户信息实现智能卡加密激活;将激活后的智能卡写入最终持卡人信息后进行密钥计算得到最终客户密钥。该系统用于实现上述方法。本发明解决了现有方法不能快速响应小客户智能卡业务及管理成本高的问题。

The present invention relates to a smart card supply chain hierarchical management method and system, belonging to the field of supply chain management technology. The method is: the first-level management agency creates a virtual customer, uniformly encrypts and initializes blank smart cards in batches according to the virtual customer information, and builds a corresponding second-level customer key authorization relationship; the first-level management agency issues the encrypted and initialized smart card and the corresponding second-level customer key authorization relationship to the second-level management agency according to the order information of the second-level management agency; the second-level management agency determines the final customer, and according to the final customer order, the second-level customer key authorization relationship corresponding to the smart card, authorizes and authenticates the smart card, and uses the final customer information to realize encryption activation of the smart card; the final cardholder information is written into the activated smart card, and the key is calculated to obtain the final customer key. The system is used to implement the above method. The present invention solves the problem that the existing method cannot quickly respond to small customer smart card business and has high management costs.

Description

Hierarchical management method and system for smart card supply chain
Technical Field
The invention belongs to the technical field of supply chain management, and particularly relates to a hierarchical management method and system for a smart card supply chain.
Background
A smart card is put into use from a blank card provided by a card provider to a user, and needs to undergo the processes of constructing an application file for realizing corresponding service, card encryption, card personalized setting and the like on the blank card, wherein a mechanism for completing the construction of the application file is generally called a primary management mechanism, a foreign office, an agent, a cooperation operator and the like of the primary management mechanism are called a secondary management mechanism, and a mechanism for finally purchasing the application by the smart card is called a final client. Taking a smart card, such as a canteen meal card, as an example, the institution that constructs the canteen swipe payment service system is the primary management institution, while the factory is the final customer.
The supply chain management of smart cards typically involves 1) the primary authority purchasing a blank card from a card vendor, the final customer to the primary authority, encrypting the blank card into a final customer key, 2) after authorization by the primary authority, the card vendor directly distributes the blank card to a secondary authority or final customer, and then performs final customer key encryption on the final customer side. When the two modes are applied to large-batch small clients, management problems can occur, mainly including 1) the fact that the cards of all the small clients cannot be encrypted in a concentrated mode due to different requirements of the small clients, and the management cost is high, 2) the fact that the final clients need to be encrypted at the first-level management mechanism, the distance and the time are limited, the batch popularization of the small client intelligent card service cannot be responded quickly, and in order to meet the requirements of quick response, more supply chain resources are needed to be input, and the management cost is relatively high.
Disclosure of Invention
The invention aims to provide a hierarchical management method and system for a smart card supply chain, which are used for solving the problems that the conventional management method cannot quickly respond to small-customer smart card service and has high management cost.
The smart card supply chain hierarchical management method provided by the invention for solving the technical problems comprises the following steps:
1) The primary management mechanism creates virtual clients, uniformly encrypts and initializes the blank smart cards in batches according to virtual client information, and constructs corresponding secondary client key authorization relations, wherein the encryption initialization refers to constructing a card space structure on the blank smart cards and carrying out general encryption on application files in the cards;
2) The primary management mechanism issues the smart card after encryption initialization and the corresponding secondary client key authorization relationship to the secondary management mechanism according to the order information of the secondary management mechanism;
3) The secondary management mechanism determines a final client, performs authorization authentication on the smart card according to a final client order and a secondary client key authorization relationship corresponding to the smart card allocated to the final client, and realizes smart card encryption activation by utilizing final client information;
4) And writing the activated smart card into the information of the final cardholder, and then performing key calculation to obtain the final client key.
Further, in the process of carrying out general encryption on the application file, when the ciphertext key corresponding to the application file is stored in the intelligent card, the key is stored in a manner of lacking one key, two keys or more keys, and when the intelligent card is encrypted and activated, the key lacking in the intelligent card is complemented according to the secondary client key authorization relationship.
And according to the primary client root key and the unique number of the intelligent card, adopting a set encryption algorithm to obtain an authentication key of the intelligent card, and when the authentication key is consistent with an authorization authentication key in the secondary client key authorization relationship, passing the intelligent card authentication.
Further, in step 3), when the smart card is a secure control card, after the smart card passes the authentication, the secure control card obtains the missing key by adopting a set encryption algorithm according to the secondary client root key and the service application code of the missing key, and writes or updates the key into the secure control card, when the smart card is a user card, after the smart card passes the authentication, the smart card obtains the missing key by adopting the set encryption algorithm according to the secondary client root key, the service application code of the missing key and the unique number of the secure control card matched with the user card, and writes or updates the key into the user card.
Further, the universal encryption is achieved in any mode that 1) encryption keys of all files of all applications in all smart cards are the same, 2) encryption keys of all files of all applications in each smart card are the same, but encryption keys of all smart cards are different, 3) encryption keys of all smart cards are different, and encryption keys of all files under all applications in each smart card are different.
The method has the advantages that the method can effectively carry out hierarchical management of the supply chain of the card, fully ensure the key control right of the primary management mechanism on the card while ensuring the key safety of the card, and greatly reduce the supply chain resource cost caused by card management while helping the secondary management mechanism to quickly respond to business opportunity demands of small and medium customer smart card businesses.
The invention provides a smart card supply chain hierarchical management system for solving the technical problems, which comprises a primary management mechanism, a secondary management mechanism and a final client, wherein the primary management mechanism is used for creating a virtual primary client, carrying out encryption initialization on empty smart cards in batches according to the primary client, and constructing a corresponding secondary client key authorization relationship for the batch of smart cards; according to order information of the secondary management mechanism, the primary management mechanism is used for issuing an intelligent card after encryption initialization and a corresponding secondary client key authorization relationship to the secondary management mechanism, wherein the encryption initialization is to construct a card space structure on a blank intelligent card and carry out general encryption on application files in the card;
The secondary management mechanism is used for determining a final client, carrying out authorization authentication on the smart card and realizing the encryption activation of the smart card by utilizing the final client information according to a final client order and a secondary client key authorization relationship corresponding to the smart card distributed to the final client, and carrying out key calculation after the final client user writes the activated smart card into the final cardholder information to obtain a final client key.
Further, in the process of carrying out general encryption on the application file, when the ciphertext key corresponding to the application file is stored in the intelligent card, the key is stored in a manner of lacking one key, two keys or more keys, and when the intelligent card is encrypted and activated, the key lacking in the intelligent card is complemented according to the secondary client key authorization relationship.
And according to the primary client root key and the unique number of the intelligent card, adopting a set encryption algorithm to obtain an authentication key of the intelligent card, and when the authentication key is consistent with an authorization authentication key in the secondary client key authorization relationship, passing the intelligent card authentication.
Further, in step 3), when the smart card is a secure control card, after the smart card passes the authentication, the secure control card obtains the missing key by adopting a set encryption algorithm according to the secondary client root key and the service application code of the missing key, and writes or updates the key into the secure control card, when the smart card is a user card, after the smart card passes the authentication, the smart card obtains the missing key by adopting the set encryption algorithm according to the secondary client root key, the service application code of the missing key and the unique number of the secure control card matched with the user card, and writes or updates the key into the user card.
Further, the universal encryption is achieved in any mode that 1) encryption keys of all files of all applications in all smart cards are the same, 2) encryption keys of all files of all applications in each smart card are the same, but encryption keys of all smart cards are different, 3) encryption keys of all smart cards are different, and encryption keys of all files under all applications in each smart card are different.
The system has the beneficial effects that the system can effectively carry out the hierarchical management of the supply chain of the card, fully ensure the key control right of the primary management mechanism on the card while ensuring the key safety of the card, and greatly reduce the supply chain resource cost caused by card management while helping the secondary management mechanism to quickly respond to the business opportunity demands of small and medium customer smart card business.
Drawings
FIG. 1 is a diagram of a logic architecture of a smart card supply chain hierarchical management system in accordance with an embodiment of the present invention;
FIG. 2 is a flow chart of a smart card supply chain hierarchical management method according to an embodiment of the present invention.
Detailed Description
The following describes the embodiments of the present invention further with reference to the drawings.
The basic idea of the invention is that the supply chain of the smart card is managed in a grading way, a primary management mechanism carries out batch encryption initialization on the blank smart card according to one or more created virtual clients, establishes the key authorization relationship between the virtual clients and the secondary clients, then issues the key authorization relationship to the secondary management mechanism, and encrypts a final client into a final client key according to the key authorization relationship of the secondary clients by the secondary management mechanism. Therefore, the key control right of the primary management mechanism to the card is fully ensured while the security of the card key is ensured, the assistance secondary management mechanism rapidly responds to the business opportunity demand of the small-medium-sized customer smart card business, and meanwhile, the problem of supply chain resource cost caused by card management is also greatly reduced.
The invention relates to a hierarchical management method embodiment of a smart card supply chain
Based on the basic idea, as shown in fig. 2, the smart card supply chain hierarchical management method of the present embodiment includes:
1) The primary management mechanism creates virtual clients, uniformly encrypts and initializes the blank smart cards in batches according to virtual client information, and constructs corresponding secondary client key authorization relations, wherein the encryption initialization refers to constructing a card space structure on the blank smart cards and carrying out general encryption on application files in the cards;
2) The primary management mechanism issues the smart card after encryption initialization and the corresponding secondary client key authorization relationship to the secondary management mechanism according to the order information of the secondary management mechanism;
3) The secondary management mechanism determines a final client, performs authorization authentication on the smart card according to a final client order and a secondary client key authorization relationship corresponding to the smart card allocated to the final client, and realizes smart card encryption activation by utilizing final client information;
4) And writing the activated smart card into the information of the final cardholder, and then performing key calculation to obtain the final client key.
The smart card includes an M1 card (non-contact IC card, NXP Mifare1 series), a CPU card, a PSAM card (Pin Secure Access Module Card), an ESAM card (Embedded SecureAccess Module Card), a mobile NFC card, a SE card (Secure Element), and the like.
The primary management mechanism creates one or more virtual clients, namely primary clients for short, wherein the information of the primary clients comprises client IDs, client names and secondary client key authorization relations, the secondary clients are secondary clients which are developed in batches by the secondary management mechanism based on primary client authorization, namely final clients, and the final client information comprises the primary client IDs, the secondary client names and the secondary client key authorization relations.
As a preferred embodiment, the secondary key authorization relationship includes an authorization authentication key, an authorization quantity, and an authorization validity period. The authorization authentication key is used for verifying the correctness of the smart card key issued by the primary management mechanism, and is calculated according to the primary client factor, the secondary client factor and the card characteristic information of the smart card and a setting algorithm. The algorithm of the authorized authentication key is consistent with the existing traditional standard algorithm, and symmetric algorithms such as 3DES, SM4 and the like can be adopted. The authorized amount is used to control the number of final customers that the secondary management authority is allowed to create.
When the encryption initialization is carried out on the blank smart card, general encryption is usually carried out on application files of various smart card structures, and a general encryption key is stored in the smart card. The universal encryption can be realized in any mode that 1) the encryption keys of all files of all applications in all smart cards are the same, 2) the encryption keys of all files of all applications in each smart card are the same, but the encryption keys of all smart cards are different, 3) the encryption keys of all smart cards are different, and the encryption keys of all files under all applications in each smart card are different. The algorithm involved in the key value calculation process is mainly symmetric algorithms 3DES and SM4, and a card characteristic value hash algorithm is adopted. The feature value includes a card unique number (card unique number), a card custom number (ASN), an application number, a file number, and the like.
In order to achieve both security and computational complexity, the present embodiment preferably uses 2) general encryption.
The smart cards comprise a user card and a security control card, wherein the user card comprises an M1 card, a CPU card, an NFC card, a SIM card and the like, and application files of the user card after initialization comprise a CPU card file and a sector file. The security control card is generally a PSAM card, an ESAM card, an SE card and the like, is used for storing security information such as an encryption algorithm, a secret key, a certificate and the like, realizes functions such as security authentication, decryption, digital signature and the like, and is mainly used in the fields such as commercial POS machines, network point terminals, direct connection terminals, public transportation systems, mobile payment and the like. The user card and the security control card are generally matched for use, and one security control card usually corresponds to a plurality of user cards. For example, in campus cards, the card held by the student is a user card, and the security control card is arranged in terminal machines such as a canteen card swiping machine, a water-saving device of a water house, a POS machine of a campus supermarket and the like, so as to read and write data of the card. The security control card in this embodiment is used for storing the ciphertext key corresponding to the application file of the user card, and is used in cooperation with the user card.
In order to ensure the security of the smart card and prevent unauthorized client strings from using, in the embodiment, when the space structure of the card and general encryption are constructed on the user card according to standard logic, one, two or more keys of key application files are deliberately lacked, while when the security control card stores the ciphertext keys corresponding to the application files of the user card, the stored ciphertext keys are not complete, and one, two or more key keys are lacked. Therefore, the user who obtains the user card and the corresponding security control card needs to be authenticated by key authorization, and the key which is lack in the user card and the key which is lack in the security control card are complemented so as to be normally used.
In this embodiment, when 1 primary client is used, after initializing the blank smart card according to the unified client encryption, the primary management mechanism constructs a corresponding secondary client key authorization relationship, and then issues the smart card and the corresponding secondary client key authorization relationship to each secondary management mechanism according to order information of the secondary management mechanism; after the secondary management mechanism determines the final customer, the smart card (user card and corresponding security control card) and the corresponding secondary customer key authorization relationship are distributed to the final customer according to the final customer order, and encryption activation is carried out on the final customer side, or the secondary management mechanism encrypts and activates the corresponding quantity of smart cards according to the final customer order and distributes the smart cards to the final customer.
Before the smart card assigned to the final client is encrypted and activated, the smart card authorization authentication is performed according to the second-level key authorization relationship, and the intermediate key which is generally encrypted by the first-level client is hashed by the first-level client root key. The secondary key authorization relationship contains the primary client root key, so that hash verification can be performed according to card characteristic information. The method for authenticating the smart card authorization comprises the steps of obtaining an authentication key of the smart card by adopting a set encryption algorithm according to a primary client root key and a unique number of the smart card, authenticating the smart card by using the authentication key, and considering that the smart card authentication passes when the authentication key obtained by calculation is consistent with an authorization authentication key stored in the secondary authorization relationship.
And when encryption activation is carried out, according to the secondary key authorization relationship, the key keys which are absent in the user card and the security control card are obtained through calculation by a set algorithm, and the user card and the security control card are updated and complemented. The smart card comprises a user card and a matched security control card, and when the smart card is the security control card, as a preferred implementation manner, after the security control card passes the authentication, the security control card uses a set encryption algorithm to obtain the missing key according to the service application code of the secondary client root key and the missing key, and writes or updates the key into the security control card. When the smart card is a user card, after the user card passes the authentication, the missing key is obtained by adopting a set encryption algorithm according to the secondary client root key, the service application code of the missing key and the unique number of the security control card matched with the user card, and the key is written into or updated to the user card. Among them, the set encryption algorithm is preferably a symmetric encryption algorithm such as 3DES and SM 4.
In the above method for authenticating and key supplementing the security control card and the user card, the key difference between the security control card and the user card is N (N is preferably 1, but may also be 2 or 3), and the algorithms used for the two card supplementing must be consistent. The key updating method belongs to industry standard specifications, and reference is made to PBOC specifications, which are not described in detail herein.
The authentication and key completion method of this embodiment is further illustrated below, assuming that the primary client root key included in the secondary key authorization relationship is a RootKey1, the secondary client root key included is a RootKey2, the PSAM card encrypted by the primary client is PsamCard, the unique number of the PSAM card is ASN1, the PSAM card lacks the PSAM01 key, and the key service application number is App01, and then the method for completing the PSAM01 key of the PSAM card is as follows:
1) Hashing the RootKey1+ASNS1 by adopting a 3DES/SM4 algorithm to obtain an authentication key of the PSAM card, authenticating the PSAM card by using the authentication key (the authentication key is considered to pass when the authentication key is consistent with an authorization authentication key in a secondary client authorization relationship), and performing the following step 2) after the authentication is passed;
2) And hashing the RootKey2+App 01 by adopting a 3DES/SM4 algorithm to obtain a final key of the application file, namely a missing Psam01 number key, and writing or updating the final key value into the PSAM card.
Assuming that the User card encrypted from the primary client is UserCard <1 >, the unique number of the User card is ASN2, the User card lacks a User01 number key, the key service application number is App01, and the complement method of the User card User01 number key is as follows:
1) Hashing the RootKey1+ASN2 by adopting a 3DES/SM4 algorithm to obtain an authentication key of the user card, authenticating the user card by using the authentication key (the authentication key is considered to pass when the authentication key is consistent with an authorization authentication key in a secondary client authorization relationship), and performing the following step 2) after the authentication is passed;
2) And hashing the RootKey2+App01+ASN2 by adopting a 3DES/SM4 algorithm to obtain a final key of the application file, namely a missing User01 number key, and writing or updating the final key value into the User card.
In the above method for complementing the PSAM card and the user card, the key difference between the PSAM card and the user card is N (N is preferably 1, but may also be 2 or 3), and the algorithms adopted for complementing the two cards must be consistent. The key updating method belongs to industry standard specifications, and reference is made to PBOC specifications, which are not described in detail herein.
And then, the completed user card is subjected to personalized treatment, including personalized user card information, such as writing the basic information of the end user into the card, and the key is recalculated and authenticated by the security control card according to the basic information of the end user to obtain the key of the end user, and finally, the release of the smart card to the end user is completed.
In this embodiment, the step of performing the two-stage encryption activation on the smart card and the step of performing the personalization processing on the user card may be performed by the secondary management mechanism and the final client, respectively, or may be performed by being combined with each other at the final client side.
In this embodiment, the primary management mechanism performs blank smart card inventory management. The secondary management mechanism manages the intelligent card stock issued by the primary management mechanism, and when the stock of the secondary management mechanism is insufficient, the primary management mechanism issues the intelligent card after encryption initialization to the secondary management mechanism according to the quantity in the order application by submitting the order application to the primary management mechanism.
The smart card supply chain hierarchical management system embodiment of the invention
As shown in fig. 1, the management system comprises a primary management mechanism, a secondary management mechanism and a final client, wherein the primary management mechanism is used for creating a virtual primary client, carrying out encryption initialization on the blank smart cards in batches according to the primary client, and constructing a corresponding secondary client key authorization relationship for the batch smart cards; according to order information of the secondary management mechanism, the primary management mechanism is used for issuing an intelligent card after encryption initialization and a corresponding secondary client key authorization relationship to the secondary management mechanism, wherein the encryption initialization is to construct a card space structure on a blank intelligent card and carry out general encryption on application files in the card;
The secondary management mechanism is used for determining a final client, carrying out authorization authentication on the smart card according to a final client order and a secondary client key authorization relationship corresponding to the smart card allocated to the final client, and realizing the encryption activation of the smart card by utilizing final client information, wherein a final client user writes the activated smart card into final cardholder information and then carries out key calculation to obtain a final client key.
The specific functions of the primary management mechanism, the secondary management mechanism and the end customer are referred to above in the management method embodiments and will not be described in detail herein.

Claims (10)

1. A smart card supply chain hierarchical management method, the method comprising:
1) The primary management mechanism creates virtual clients, uniformly encrypts and initializes the blank smart cards in batches according to virtual client information, and constructs corresponding secondary client key authorization relations, wherein the encryption initialization refers to constructing a card space structure on the blank smart cards and carrying out general encryption on application files in the cards;
2) The primary management mechanism issues the smart card after encryption initialization and the corresponding secondary client key authorization relationship to the secondary management mechanism according to the order information of the secondary management mechanism;
3) The secondary management mechanism determines a final client, performs authorization authentication on the smart card according to a final client order and a secondary client key authorization relationship corresponding to the smart card allocated to the final client, and realizes smart card encryption activation by utilizing final client information;
4) And writing the activated smart card into the information of the final cardholder, and then performing key calculation to obtain the final client key.
2. The hierarchical management method of a smart card supply chain according to claim 1, wherein in the process of carrying out general encryption on application files, when ciphertext keys corresponding to the application files are stored in the smart card, the key keys are stored in a manner of lacking one key, two key keys or more key keys, and when the smart card is encrypted and activated, the key keys lacking in the smart card are complemented according to the secondary client key authorization relationship.
3. The hierarchical management method of smart card supply chain according to claim 1, wherein the secondary client key authorization relationship further comprises a primary client root key and a secondary client root key, and the smart card authentication is passed when the authentication key is identical to the authorization authentication key in the secondary client key authorization relationship by adopting a set encryption algorithm according to the unique numbers of the primary client root key and the smart card.
4. The hierarchical management method of a smart card supply chain according to claim 3, wherein in step 3), when the smart card is a secure control card, after the secure control card passes the authentication, the secure control card obtains the missing key by using a set encryption algorithm according to the service application code of the secondary client root key and the missing key, and writes or updates the missing key into the secure control card, and when the smart card is a user card, after the smart card passes the authentication, the secure control card uses the set encryption algorithm according to the secondary client root key, the service application code of the missing key, and the unique number of the secure control card used with the user card, and writes or updates the missing key into the user card.
5. The hierarchical management method for smart card supply chains according to claim 1, wherein the general encryption is implemented in any one of 1) the encryption keys of the files of all applications in all smart cards are the same, 2) the encryption keys of the files of all applications in each smart card are the same, but the encryption keys of the smart cards are different, 3) the encryption keys of the smart cards are different, and the encryption keys of the files of each application in each smart card are different.
6. The intelligent card supply chain hierarchical management system is characterized by comprising a primary management mechanism, a secondary management mechanism and a final client, wherein the primary management mechanism is used for creating a virtual primary client, carrying out encryption initialization on empty and white intelligent cards in batches according to the primary client, and constructing a corresponding secondary client key authorization relationship for the batch of intelligent cards; according to order information of the secondary management mechanism, the primary management mechanism is used for issuing an intelligent card after encryption initialization and a corresponding secondary client key authorization relationship to the secondary management mechanism, wherein the encryption initialization is to construct a card space structure on a blank intelligent card and carry out general encryption on application files in the card;
The secondary management mechanism is used for determining a final client, carrying out authorization authentication on the smart card and realizing the encryption activation of the smart card by utilizing the final client information according to a final client order and a secondary client key authorization relationship corresponding to the smart card distributed to the final client, and carrying out key calculation after the final client user writes the activated smart card into the final cardholder information to obtain a final client key.
7. The hierarchical management system of a smart card supply chain according to claim 6, wherein in the process of performing general encryption on the application file, when the ciphertext key corresponding to the application file is stored in the smart card, the key is stored in a manner of lacking one, two or more key keys, and when the smart card is activated by encryption, the key lacking in the smart card is complemented according to the secondary client key authorization relationship.
8. The hierarchical management system of smart card supply chain according to claim 6, wherein the secondary client key authorization relationship further comprises a primary client root key and a secondary client root key, wherein the smart card authentication is passed by adopting a set encryption algorithm according to the primary client root key and the unique number of the smart card, and when the authentication key is consistent with the authorization authentication key in the secondary client key authorization relationship.
9. The hierarchical management system of smart card supply chain according to claim 8, wherein in step 3), when the smart card is a secure control card, after the secure control card passes the authentication, the secure control card obtains the missing key by using a set encryption algorithm according to the service application code of the secondary client root key and the missing key, and writes or updates the key into the secure control card, and when the smart card is a user card, after the smart card passes the authentication, the secure control card uses the set encryption algorithm according to the secondary client root key, the service application code of the missing key, and the unique number of the secure control card used with the user card, and writes or updates the key into the user card.
10. The hierarchical management system of smart card supply chains according to claim 6, wherein the general encryption is implemented in any one of 1) the encryption keys of the files of all applications in all smart cards are the same, 2) the encryption keys of the files of all applications in each smart card are the same, but the encryption keys of the smart cards are different, 3) the encryption keys of the smart cards are different, and the encryption keys of the files of each application in each smart card are different.
CN202411593850.7A 2024-11-08 2024-11-08 A smart card supply chain hierarchical management method and system Pending CN119515377A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411593850.7A CN119515377A (en) 2024-11-08 2024-11-08 A smart card supply chain hierarchical management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411593850.7A CN119515377A (en) 2024-11-08 2024-11-08 A smart card supply chain hierarchical management method and system

Publications (1)

Publication Number Publication Date
CN119515377A true CN119515377A (en) 2025-02-25

Family

ID=94656916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411593850.7A Pending CN119515377A (en) 2024-11-08 2024-11-08 A smart card supply chain hierarchical management method and system

Country Status (1)

Country Link
CN (1) CN119515377A (en)

Similar Documents

Publication Publication Date Title
US11876905B2 (en) System and method for generating trust tokens
KR102479086B1 (en) Static Token System and Method for Representing Dynamic Real Credentials
US10565587B1 (en) Systems and methods for cryptographic authentication of contactless cards
CN111160902B (en) Method and system for secure transfer of remote notification service messages to mobile devices without secure elements
CN111523884B (en) Method and system for generating advanced storage keys in mobile devices without secure elements
US12079807B2 (en) Validation service for account verification
US11770254B2 (en) Systems and methods for cryptographic authentication of contactless cards
US20200220711A1 (en) System and method for authorizing transactions in an authorized member network
CN117579281A (en) Method and system for ownership verification using blockchain
CN111201752A (en) Data verification system based on Hash
CN107230054B (en) Method and system for depositing digital currency into a deposit account
US20120246075A1 (en) Secure electronic payment methods
CN107230068A (en) Use the method and system of viewable numbers currency chip card payout figure currency
CN107230050A (en) The method and system of digital cash payment is carried out based on viewable numbers currency chip card
CN113015991A (en) Secure digital wallet processing system
KR102333811B1 (en) System and method for processing card payment based on block-chain
CN107230053A (en) Use the method and system of cash redemption digital cash
CN107230071A (en) Digital cash is converted to the method and system of cash in kind
WO2022087791A1 (en) Digital asset transaction control method and apparatus, terminal device, and storage medium
CN111985918A (en) Blockchain-based electronic voucher circulation management method, system and blockchain platform
US20240311828A1 (en) Mobile device transaction credential lending
TWI748630B (en) Two-dimensional bar code payment method based on mobile phone business card and its payment system, computer readable storage medium and computer equipment
CN115081561B (en) Smart card transaction method, device and electronic device based on blockchain
CN119515377A (en) A smart card supply chain hierarchical management method and system
KR102395871B1 (en) A payment terminal apparatus for providing multi van services using a distributed management network of encryption key based on block chains

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination