×

Intelligent card secure communication method

  • US 9,253,162 B2
  • Filed: 01/07/2014
  • Issued: 02/02/2016
  • Est. Priority Date: 01/22/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method for safe communication of a smart card comprising:

  • S1 comprising powering up the smart card;

    S2 comprising setting a security identifier and a security variate;

    S3 comprising waiting for receiving a command and determining a type of a received command;

    setting an authentication method identifier as an external authentication identifier or a mutual authentication identifier, setting an authentication identifier of a certificate, obtaining an RSA public key reference and an RSA private key reference, setting a security environment management identifier, going back to step S3 if the received command is a first command;

    determining whether both the security environment management identifier and the authentication identifier of the certificate are set if the received command is a second command, authenticating the certificate, setting the authentication identifier and going back to S3 if both the security environment management identifier and the authentication identifier of the certificate are set;

    reporting an error and going back to S2 if the security environment management identifier and the authentication identifier of the certificate are not both set;

    determining whether the authentication identifier of the certificate is set if the received command is a third command, sending the certificate to an external device of the smart card and going back to S3 if the authentication identifier of the certificate is set;

    reporting an error and returning to S2 if the authentication identifier of the certificate is not set;

    if the received command is a fourth command, going to S4;

    if the received command is a fifth command, going to S5;

    if the received command is a sixth command, going to S6;

    if the received command is a seventh command, going to S7;

    determining whether the command meets a preset condition if the command is one of other commands, authenticating the command according to a safe level and a session key if the command meets the preset condition;

    performing corresponding operation after a successful authentication, going back to S3;

    otherwise, reporting an error if the command does not meet the preset condition;

    S4 comprising determining whether a condition that the security environment management identifier is not set and the authentication identifier of the certificate is set is met;

    reporting an error and going back to S2 if the condition is met;

    decrypting the fourth command via a public key referenced by the RSA public key reference to obtain a decryption result;

    obtaining a TLV structure with a safe level from the decryption result, storing the safe level, establishing a session key, storing the session key, setting signature information and setting a session key establishing identifier, going back to S3;

    S5 comprising determining whether the session key establishment identifier is set, generating a first random number, storing the first random number and sending the first random number to the external device of the smart card and setting an obtaining random number identifier if the session key establishment identifier is set;

    going back to S3;

    reporting an error and going back to S2 if the session key establishment identifier is not set;

    S6 comprising determining whether the obtaining random number identifier is set, reporting an error and going back to step S2 if the obtaining random number identifier is not set;

    constructing a first data block containing the TLV structure with safe level, the session key, the first random number, performing an operation on the first data block with a first algorithm to obtain a first calculation result, constructing a second block data containing the first calculation result and the first algorithm, reading a signature result of the external device of the smart card in the sixth command, authenticating the signature result via a public key referenced by the RSA public key reference and the second data block;

    setting an external authentication identifier if the authentication is successful, determining whether an authentication method identifier is the external authentication identifier, setting the mutual authentication identifier if the authentication method identifier is the external authentication identifier, going back to S3;

    going back to S3 if the authentication method identifier is not the external authentication identifier;

    reporting error and going back to S2 if the authentication is not successful;

    S7 comprising obtaining a second random number from the seventh command, storing the second random number, determining whether a condition that the authentication method identifier is the external authentication identifier and the external authentication identifier is set is met, constructing a third data block containing the session key and the second random number if the condition that the authentication method identifier is the external authentication identifier and the external authentication identifier is set is met, performing an operation on the third data block via the first algorithm to obtain a second calculation result;

    constructing a fourth data block containing the second calculation result and the first algorithm;

    encrypting the fourth data block via a private key referenced by the RSA private key reference to obtain an encryption result, wherein the obtained encryption result is a first signature result, sending the first signature result to the external device of the smart card, setting the mutual authentication identifier, clearing the first random number and the second random number, going back to S3;

    going back to S2 if the condition that the authentication method identifier is the external authentication identifier and the external authentication identifier is set is not met.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×