Method for realizing secure communication

摘要

A method for realizing secure communication, comprises: Step 1, a card reader is powered on, determine a system working mode, perform an apple device verification and execute Step 2 if the system working mode is apple mode; execute Step 2 if the system working mode is USB mode; Step 2, wait for receiving an instruction, determine a first preset byte of the instruction, perform corresponding operation if the first preset byte is a first preset value; decrypt the instruction according to an initial encryption key, a key serial number and an algorithm corresponding to an algorithm flag, send the decrypted instruction to a card and execute Step 3 if the first preset byte is a second preset value; Step 3, when data returned by the card is received, the key serial number is updated, the algorithm according to the algorithm flag, the initial encryption key and the updated key serial number are configured to encrypt the data returned by the card, send the encrypted data to an upper computer via a corresponding interface according to the system working mode. According to the present invention, after a key agreement between the card reader and the upper computer, the key is updated, data is encrypted or decrypted by the updated key to improve safety of data communication.

主权项

1. A method for realizing secure communication, said method comprises the steps of:
Step S1, powering on a card reader and initializing, the initializing includes setting a decryption flag, initializing an algorithm flag and setting a decryption way as a uni-directional decryption or a bi-directional decryption; Step S2, determining a system working mode, executing Step S3 where the system working mode is apple mode; while executing Step S4 where the system working mode is a USB mode; Step S3, performing an apple device certification, determining whether the apple device certification is successfully performed, if yes, executing Step S4, otherwise, returning to Step S2; Step S4, waiting, by the card reader, for receiving an instruction, when the instruction is received, determining a first preset byte of the instruction, executing Step S5 if the instruction is a first preset value; executing Step S6 if the instruction is a second preset value; executing corresponding operation and returning to Step S4 if the instruction is another value; Step S5, determining a type of the instruction according to a second preset byte of the instruction, if the instruction is a first instruction, setting the decryption flag, the algorithm flag and the decryption way according to the first instruction, and sending a first response to an upper computer via a corresponding interface according to the system working mode, and returning to Step S4; if the instruction is a second instruction, updating an initialized encryption key and a key serial number in the card reader according to the second instruction, and sending a second response to the upper computer via a corresponding interface according to the system working mode, and returning to Step S4; if the instruction is a third instruction, obtaining the key serial number from the card reader, and sending a third response to the upper computer via a corresponding interface according to the system working mode, and returning to Step S4; Step S6, determining whether the decryption flag is set, if yes, executing Step S7, otherwise, sending the instruction received to a card, and waiting for receiving data returned by the card, when the data is received by the card reader, sending the data to the upper computer via a corresponding interface according to the system working mode, and returning to Step S4; Step S7, determining the decryption way, where the decryption way is the bi-directional decryption, obtaining an initial encryption key and the key serial number from the card reader, calculating to obtain a decryption key according to the initial encryption key and the key serial number, decrypting a cyptertext in the received instruction in accordance with an algorithm corresponding to the algorithm flag and the decryption key to obtain a decrypted instruction, sending the instruction decrypted to the card, and waiting for receiving data returned by the card, executing Step S8; where the decryption way is the unidirectional decryption, sending the instruction received to the card, waiting for receiving the data returned by the card, and executing Step S8; and Step S8, when the data returned by the card is received by the card reader, updating the key serial number according to a preset way, in which the algorithm corresponding to the algorithm flag, the initial encryption key and the key serial number are configured to encrypt the data returned by the card to obtain a ciphertext of the data returned; sending the ciphertext to the upper computer according to the system working mode via a corresponding interface, and returning to Step S4.