CN103152174A

CN103152174A - Data processing method, device and parking lot management system applied to parking lot

Info

Publication number: CN103152174A
Application number: CN201310031914XA
Authority: CN
Inventors: 唐健; 李昕; 乐江波; 梁卫
Original assignee: Shenzhen Jieshun Science and Technology Industry Co Ltd
Current assignee: Shenzhen Jieshun Science and Technology Industry Co Ltd
Priority date: 2013-01-28
Filing date: 2013-01-28
Publication date: 2013-06-12
Anticipated expiration: 2033-01-28
Also published as: CN103152174B

Abstract

The embodiment of the invention discloses a data processing method, a device and a parking lot management system applied to a parking lot. A terminal of the embodiment of the invention adopts and receives a data processing request which is carried with a first random number and an application serial number and sent by a central processing unit (CPU) card, then the first random number and the application serial number are sent to a secure access module (SAM) card which encrypts the first random number, so that a first encryption data is obtained, an external authentication command carried with the first encryption data is sent by the terminal to the CPU card which performs authentication, and if the authentication result indicates that the authentication passes, then the terminal processes the data according to the data processing request. According to the scheme, a mode of interactive authentication between the CPU card and the SAM card and ciphertext transferring is utilized to process the data, so that the protection for user data can be enhanced, and the safety of the parking lot management system is improved greatly.

Description

Be applied to data processing method, device and the managing system of car parking in parking lot

Technical field

The present invention relates to electronic technology field, be specifically related to a kind of data processing method, device and managing system of car parking that is applied to the parking lot.

Background technology

In the managing system of car parking of China, mostly adopt contactless integrated circuit (IC, integrated circuit) card at present, and be all to adopt non-contact logic encryption card.Wherein, non-contact IC card mainly is comprised of IC chip and induction antenna, and it is completely sealed in a standard polyvinyl chloride (PVC, polyvinylchloride) card, without exposed parts; The read-write process of non-contact IC card is usually by completing by radio wave between non-contact IC card and read write line.

In the research and practice process to prior art, the present inventor's discovery, the fail safe of existing managing system of car parking is not high.

Summary of the invention

The embodiment of the present invention provides a kind of data processing method, device and managing system of car parking that is applied to the parking lot, the fail safe that can improve managing system of car parking.

A kind of data processing method that is applied to the parking lot comprises:

Receive the data processing request that central processing unit (CPU, Central Processing Unit) card sends, described data processing request is carried the first random number and user identity proves (UID, User Identification) information;

Described the first random number and application sequence number are sent to secure access module (SAM, Secure Access Module) card;

Receive the first enciphered data that the SAM card returns, described the first enciphered data number is encrypted gained to described the first random number by the SAM card according to described application sequence;

Send the external authentication order to the CPU card, described the first enciphered data is carried the first enciphered data;

Receive the response message that carries the external authentication result that the CPU card returns, described external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data;

When determining that described external authentication result indication authentication is passed through, carry out data according to described data processing request and process.

Optionally, wherein, described the first enciphered data number is encrypted gained to described the first random number by the SAM card according to described application sequence, is specifically as follows:

The SAM Cali number disperses described master key with described application sequence, obtains process key; Utilize described process key, adopt the encription algorithms approved by the State Password Administration Committee Office algorithm that described the first random number is encrypted, obtain the first enciphered data.

Optionally, wherein, described external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data, is specifically as follows:

The CPU Cali is decrypted the first enciphered data with the close decipherment algorithm of state, obtains the first data decryption; When determining that described the first data decryption equals described the first random number, generate the external authentication result that the indication external authentication is passed through.

Optionally, wherein, describedly carry out data according to described data processing request and process, be specifically as follows:

According to described data processing request, user data, and with described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or facility information.

Optionally, wherein described according to described data processing request, user data, and with after described storage of subscriber data is on described server, can also comprise:

According to user profile, entry time and time for competiton calculating consumption charge, the described consumption charge of deduction from described CPU card.

Optionally, when expense is not enough in described CPU card, can also alarm.

Optionally, before the data processing request that receives the transmission of CPU card, the method can also comprise:

Obtain application sequence number to the CPU card, and obtain the second random number to the SAM card, described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data, receive the second enciphered data that the CPU card returns; Send the internal authentication order and send to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data; Determine that described external authentication result indication external authentication passes through, and determine described internal authentication result indication internal authentication by the time, carry out data according to described data processing request and process.

Optionally, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data, specifically can comprise:

The SAM card number disperses inner authenticate key according to described application sequence, obtains temporary key; Utilize described temporary key, adopt the close decipherment algorithm of state that described the second enciphered data is decrypted, obtain the second data decryption; When determining that described the second data decryption equals the second random number, generate the internal authentication result that the indication internal authentication passes through.

Accordingly, the embodiment of the present invention also provides a kind of data processing equipment that is applied to the parking lot, comprises the first receiving element, the first transmitting element, the second receiving element, the second transmitting element, the 3rd receiving element and processing unit;

The first receiving element be used for to receive the data processing request that the CPU card sends, and described data processing request is carried the first random number and application sequence number;

The first transmitting element is used for described the first random number and application sequence number are sent to the SAM card;

The second receiving element be used for to receive the first enciphered data that the SAM card returns, and described the first enciphered data number is encrypted gained to described the first random number by the SAM card according to described application sequence;

The second transmitting element is used for sending the external authentication order to the CPU card, and described the first enciphered data is carried in described external authentication order;

The 3rd receiving element is used for receiving the response message that carries the external authentication result that the CPU card returns, and described external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data;

Processing unit when being used for determining that described external authentication result indication external authentication is passed through, carrying out data according to described data processing request and processes.

Optionally, wherein, described processing unit, specifically can be used for according to described data processing request, user data, and with described storage of subscriber data on server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or facility information.

Optionally, described processing unit can also be used for calculating consumption charge according to user profile, entry time and time for competiton, the described consumption charge of deduction from described CPU card.

Optionally, described processing unit can also be used for when described CPU card expense is not enough alarm.

Optionally, this data processing equipment can also comprise the internal authentication unit;

The internal authentication unit can be used for obtaining application sequence number to the CPU card, and obtain the second random number to the SAM card; Described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data; Receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data; Carrying out data according to described data processing request processes and to be specially: determine that this external authentication result indication external authentication passes through, and determine this internal authentication result indication internal authentication by the time, carry out data according to this data processing request and process.

Accordingly, the embodiment of the present invention also provides a kind of managing system of car parking, comprises terminal, CPU card and SAM card;

Described terminal, be used for receiving the data processing request that the CPU card sends, described data processing request is carried the first random number and application sequence number, described the first random number and application sequence number are sent to the SAM card, receive the first enciphered data that the SAM card returns, send the external authentication order to the CPU card, described the first enciphered data is carried in described external authentication order, receive the response message that carries the external authentication result that the CPU card returns, when determining that described external authentication result indication external authentication is passed through, carry out data according to described data processing request and process;

Described CPU card be used for to send data processing request to described terminal, and described data processing request is carried the first random number and application sequence number; Receive the external authentication order of carrying the first enciphered data that described terminal sends, the first enciphered data is decrypted and authenticates, obtain the external authentication result, the external authentication result is sent to described terminal;

Described SAM card is used for receiving the first random number that described terminal sends and application sequence number, number described the first random number is encrypted according to described application sequence, obtains the first enciphered data, and the first enciphered data is sent to described terminal.

Optionally, described SAM card specifically can be used for utilizing described application sequence number described master key to be disperseed, and obtains process key, utilizes described process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that described the first random number is encrypted, and obtains the first enciphered data.

Described CPU card specifically can be used for utilizing the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption, when determining that described the first data decryption equals described the first random number, generates the external authentication result that the indication authentication is passed through.

Optionally, this managing system of car parking can also comprise server;

Described server is used for user data is carried out store and management;

Described terminal, specifically can be used for according to described data processing request, and the user data on server is processed.

Optionally, described terminal specifically can be used for according to described data processing request, user data, and with described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or facility information.

Optionally, described terminal can also be used for calculating consumption charge according to user profile, entry time and time for competiton, the described consumption charge of deduction from described CPU card.

Optionally, described terminal can also be used for when described CPU card expense is not enough alarm.

Optionally, described terminal can also be used for obtaining application sequence number to the CPU card, and obtain the second random number to the SAM card; Described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data; Receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data; Determine that described external authentication result indication external authentication passes through, and determine described internal authentication result indication internal authentication by the time, carry out data according to described data processing request and process.

Optionally, described SAM card can also be used for number inner authenticate key being disperseed according to described application sequence, obtains temporary key; Utilize described temporary key, adopt the close decipherment algorithm of state that described the second enciphered data is decrypted, obtain the second data decryption; When determining that described the second data decryption equals the second random number, generate the internal authentication result that the indication internal authentication passes through.

The terminal of the embodiment of the present invention adopts the data processing request of carrying the first random number and application sequence number that receives that the CPU card sends, then this first random number and application sequence number are sent to the SAM card, by the SAM card, the first random number is encrypted, obtain the first enciphered data, by terminal, this first enciphered data is sent to the CPU card, authenticated by the CPU card, if external authentication result indication external authentication is passed through, terminal is carried out the data processing according to described data processing request.Because the mode that this scheme has adopted CPU card and SAM card interactive authentication and ciphertext to transmit is processed data; so can strengthen the protection to user data (such as user profile and transaction data), the fail safe that has greatly improved managing system of car parking.

Description of drawings

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, during the below will describe embodiment, the accompanying drawing of required use is done to introduce simply, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the flow chart of the data processing method that is applied to the parking lot that provides of the embodiment of the present invention;

Fig. 2 a is the principle schematic of the managing system of car parking that provides of the embodiment of the present invention;

Fig. 2 b is the flow chart of the data processing method that is applied to the parking lot that provides of the embodiment of the present invention;

Fig. 2 c is the scene schematic diagram in the parking lot that provides of the embodiment of the present invention;

Fig. 3 is the structural representation of the data processing equipment that is applied to the parking lot that provides of the embodiment of the present invention;

Fig. 4 is the structural representation of the managing system of car parking that provides of the embodiment of the present invention;

Fig. 5 is another structural representation of the managing system of car parking that provides of the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those skilled in the art belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.

The embodiment of the present invention provides a kind of data processing method, device and managing system of car parking that is applied to the parking lot.Below be elaborated respectively.

Embodiment one,

The embodiment of the present invention will be described from the angle of terminal, and this terminal is specifically as follows consumption terminal or circle is deposited terminal.

A kind of data processing method that is applied to the parking lot, comprise: the data processing request of carrying the first random number and application sequence number that receives that the CPU card sends, this first random number and application sequence number are sent to the SAM card, receive the first enciphered data that the SAM card returns, wherein, this first enciphered data number is encrypted gained to this first random number by the SAM card according to described application sequence; Send the external authentication order to the CPU card, the first enciphered data is carried in described external authentication order; Receive the response message that carries the external authentication result that the CPU card returns, wherein, the external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data, when determining that external authentication result indication external authentication is passed through, carries out data according to data processing request and processes.

Wherein, the CPU card refers to the intellective IC card of a kind of CPU of having.

As shown in Figure 1, idiographic flow can be as follows:

101, receive the data processing request that the CPU card sends, wherein, data processing request is carried the first random number and application sequence number;

102, the first random number in data processing request and application sequence number are sent to the SAM card.

Wherein, the SAM card can be arranged on facility, namely in terminal, deposits in terminal such as specifically being arranged on consumption terminal or circle, and wherein, circle is deposited terminal and is specifically as follows the machine of depositing that encloses.For example, the SAM card can comprise main frame SAM card (HSAM, Host Secure Access Module), deposit SAM card (ISAM, Increase Secure Access Module) and/or consumption SAM card (PSAM, Purchase Secure Access Module); HSAM can be arranged on circle and deposit in terminal, is used to the CPU card to enclose to deposit the operation such as to supplement with money; ISAM can be arranged on circle and deposit in terminal, also can be used to the CPU card to enclose to deposit the operation such as to supplement with money; The PSAM card can be arranged in consumption terminal, is used for the CPU card is carried out the operations such as consumption charge deduction.

Wherein, circle is deposited to refer to money is deposited in user's CPU card, makes the remaining sum in the CPU card increase; Consumption refers to the money that utilizes in the CPU card and buys service or commodity, makes remaining sum reduce.

103, receive the first enciphered data that the SAM card returns;

Wherein, this first enciphered data is stuck according to application sequence by SAM and number this first random number is encrypted gained, for example, and specifically can be as follows:

The SAM Cali number disperses master key with this application sequence, obtains process key, utilizes this process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that this first random number is encrypted, and obtains the first enciphered data.

Wherein, the injection of master key can be adopted ciphertext and message authentication code (MAC, Message Authentication Code) mode that combines of link encryption, wherein, MAC can be by adopting the close SM1(SM1cryptographic algorithm of state) be that the encryption of blocks of data of 128 obtains to block length.

Wherein, the close SM1 algorithm of state is a kind of commercial cipher grouping standard symmetry algorithm by the establishment of national Password Management office.This algorithm is the SM1 block cipher that national Password Management department examines, block length and key length are all 128 bits, algorithm security encryption strength and relevant software and hardware are realized performance and Advanced Encryption Standard (AES, Advanced Encryption Standard) suitable, this algorithm is underground, and only the form with IP kernel is present in chip.Because the close SM1 algorithm of state is underground, so with respect to the existing public algorithm DES/3DES(Data Encryption Standard that adopts, be the data encryption standard of DEA) algorithm etc., safer.

104, send the external authentication order to the CPU card, wherein, carry the first enciphered data that receives in the external authentication order.

105, receive the response message that carries the external authentication result that the CPU card returns.

Wherein, this external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data, for example, if in step 103, the SAM card adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that the first random number is encrypted, and obtains the first enciphered data, this moment, the CPU fixture body can utilize the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption.That is, this external authentication result specifically can following method obtain:

The CPU Cali is decrypted the first enciphered data with the close decipherment algorithm of state, obtain the first data decryption, determine whether this first data decryption equals this first random number, if this first data decryption equals this first random number, generate the authentication result that the indication external authentication is passed through; If this first data decryption is not equal to this first random number, flow process finishes, and is perhaps optional, if this first data decryption is not equal to this first random number, also can generate the authentication result of indication external authentication failure.

When 106, determining that external authentication result indication external authentication is passed through, carry out data according to the data processing request that receives and process.

For example, can the user data on server be processed according to this data processing request, specifically can be as follows:

According to this data processing request, user data, and with this storage of subscriber data on server, wherein, this user data can comprise the data such as user profile, entry time, time for competiton, parking lot information and/or facility information.

In addition, in user data, and with after this storage of subscriber data is on server, the method can also comprise:

According to user profile, entry time and time for competiton calculating consumption charge, this consumption charge of deduction from the CPU card.

Optionally, when expense was not enough in the CPU card, terminal can also send warning, so that the user is pointed out.

In addition, optional, terminal (such as circle is deposited terminal) can also be enclosed to deposit to the CPU card and be supplemented with money.

In addition, optional, in order to add the fail safe of strong authentication, also can the legitimacy of CPU5361 be authenticated; For convenience, in embodiments of the present invention, the process of CPU card authentication SAM card (the SAM card can be arranged in terminal) is called external authentication, the process of SAM card authentication CPU card is called internal authentication, namely before carrying out the data processing according to the data processing request that receives, the method can also comprise:

Obtain application sequence number to the CPU card, and obtain the second random number to the SAM card, this second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to this second random number, obtain the second enciphered data, receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, the second enciphered data and application sequence number are carried in this internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns.

At this moment, carrying out data according to this data processing request processes (being step 106) and is specifically as follows: determine that this external authentication result indication external authentication passes through, and when determining that this internal authentication result indication internal authentication passes through, carry out data according to this data processing request and process.

Wherein, this internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data, for example, and specifically can be as follows:

The SAM card number disperses inner authenticate key according to this application sequence, obtains temporary key; Utilize this temporary key, adopt the close decipherment algorithm of state that this second enciphered data is decrypted, obtain the second data decryption; When determining that this second data decryption equals the second random number, generate the internal authentication result (the internal authentication result of namely indicating internal authentication to pass through) that the indication internal authentication passes through.

Optionally, if this second data decryption is not equal to this second random number, flow process finishes, perhaps, optionally, if this second data decryption is not equal to this second random number, also can generate the internal authentication result (namely indicating the internal authentication result of internal authentication failure) of indication internal authentication failure.

It should be noted that, the execution of external authentication and internal authentication can in addition, also it should be noted that in no particular order, also can only carry out internal authentication, and not carry out external authentication, i.e. a kind of data processing method that is applied to the parking lot comprises:

Obtain application sequence number to the CPU card, and obtain the second random number to the SAM card, this second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to this second random number, obtain the second enciphered data, receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, the second enciphered data and application sequence number are carried in this internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, when determining that this internal authentication result indication internal authentication passes through, carry out data according to this data processing request and process, only carry out internal authentication and equally also can realize the beneficial effect of the embodiment of the present invention, this repeats no more.

As from the foregoing, the terminal of the present embodiment adopts the data processing request of carrying the first random number and application sequence number that receives that the CPU card sends, then this first random number and application sequence number are sent to the SAM card, by the SAM card, the first random number is encrypted, obtain the first enciphered data, sent by terminal and carry the external authentication order of this first enciphered data to the CPU card, authenticated by the CPU card, if external authentication result indication external authentication is passed through, terminal is carried out the data processing according to this data processing request.Because the mode that this scheme has adopted CPU card and SAM card interactive authentication and ciphertext to transmit is processed data; so can strengthen the protection to user data; particularly to the protection of user's cash flow safety, the fail safe that has greatly improved managing system of car parking.

Embodiment two,

Method described according to embodiment one below will be described in further detail for example.

As shown in Fig. 2 a, this figure is the principle schematic of managing system of car parking, and as shown in Figure 2, this managing system of car parking can comprise terminal, CPU card, SAM card and server, and wherein, the 26S Proteasome Structure and Function of each equipment specifically can be as follows:

(1) terminal;

Terminal can comprise the modules such as micro-control unit, SAM card drive circuit, CPU card drive circuit, man-machine interface, communication interface and radio circuit interface;

Wherein, SAM card drive circuit is supported the ISO7816 agreement, and CPU card drive circuit is supported the ISO14443 agreement, and radio circuit is used for driven antenna work.Terminal is as SAM card and mutual promoter and the link man of CPU card, transmits and the interactive information for the treatment of S AM card and CPU card.

(2) CPU card;

This CPU card comprises the IP kernel (Intellectual Property core) of supporting the close algorithm of state, comprises all user profile and Transaction Information in this CPU card card, specifically can be held by the user.

(3) SAM card;

Include SM1 algorithm coprocessor, cipher key calculation unit and security module in the SAM card, main being responsible for carried out key management and control and authentication to the operation of CPU card, guarantees subscriber card fund and information security.

Wherein, the SAM card can be arranged on facility, namely in terminal, deposits in terminal such as specifically being arranged on consumption terminal or circle, and wherein, circle is deposited terminal and is specifically as follows the machine of depositing that encloses.For example, the SAM card can comprise HSAM, ISAM and/or PSAM; HSAM can be arranged on circle and deposit in terminal, is used to the CPU card to enclose to deposit the operation such as to supplement with money; ISAM can be arranged on circle and deposit in terminal, also can be used to the CPU card to enclose to deposit the operation such as to supplement with money; The PSAM card can be arranged in consumption terminal, is used for the CPU card is carried out the operations such as consumption charge deduction.

(4) server

Server carries out the work such as financial management and data backup to user profile and transaction data.

It should be noted that, this managing system of car parking can also comprise other equipment, such as parking lot controller, is used for terminal, SAM card and/or server and controls.

Take this managing system of car parking as example, as Fig. 2 b, this data processing method that is applied to the parking lot specifically can be as follows:

201, terminal receives the data processing request that the CPU card sends, and wherein, data processing request is carried the first random number and application sequence number;

Such as, when vehicle entered the parking lot, the user brushed CPU and snaps in the field, and this moment, terminal will receive the data processing request about the vehicle admission that the CPU card sends; Again such as, when vehicle left the parking lot, the user brushed the CPU card and appears on the scene, the data processing request that this moment, terminal will receive that the CPU card sends appears on the scene about vehicle; Again such as, when the user need to supplement with money, the user deposited the upper brush CPU card of terminal (also referred to as the card add value terminal) at circle, this moment, terminal can receive the data processing request about supplementing with money for the CPU card that the CPU card sends, such as can be specifically charging request, etc.

202, terminal number sends to the SAM card with the first random number in data processing request and application sequence.

Wherein, this SAM card can be arranged in terminal, also can be arranged in other equipment, then communicates by wired or wireless mode and terminal.

203, the first random number that terminal sends and application sequence number are received in the SAM clamping, utilize application sequence number master key to be disperseed, and obtain process key.

Wherein, preserve master key in the SAM card.The mode that the injection of this master key can adopt ciphertext and MAC link encryption to combine, wherein, MAC can be that the encryption of blocks of data of 128 obtains to block length by adopting the close SM1 of state.

204, SAM uses the Cali this process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that this first random number is encrypted, and obtains the first enciphered data, and this first enciphered data is sent to terminal.

Wherein, the mode that the injection of master key can adopt ciphertext and MAC link encryption to combine, wherein, MAC can be that the encryption of blocks of data of 128 obtains to block length by adopting the close SM1 of state.

Wherein, the close SM1 algorithm of state is a kind of commercial cipher grouping standard symmetry algorithm by the establishment of national Password Management office.This algorithm is the SM1 block cipher that national Password Management department examines, block length and key length are all 128 bits, algorithm security encryption strength and relevant software and hardware realize that performance is suitable with AES, and this algorithm is underground, and only the form with IP kernel is present in chip.Because the close SM1 algorithm of state is underground, so with respect to the existing public algorithm DES/3DES algorithm that adopts etc., safer.

205, the external authentication order that the first enciphered data of terminal reception SAM card transmission, and transmission is carried this first enciphered data sends to the CPU card.

206, the external authentication order of carrying the first enciphered data that terminal sends is received in the CPU clamping, utilizes the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption.

207, the CPU card determines whether this first data decryption equals this first random number, if this first data decryption equals this first random number, generate the external authentication result that the indication external authentication is passed through, and this external authentication result is carried at sends to terminal in response message; If this first data decryption is not equal to this first random number, flow process finishes, perhaps, optionally, if this first data decryption is not equal to this first random number, also can generate the external authentication result of indication external authentication failure, and the external authentication result is carried at sends to terminal in response message.

208, terminal receives response message, determines whether the external authentication result indicates external authentication to pass through, if the indication external authentication is passed through, can carry out subsequent operation, namely carries out data according to the data processing request that receives and processes; If indication external authentication failure, flow process finishes, and can generate prompting message this moment with the prompting user.

For example, terminal can determine specifically whether the response message that receives is " 9000 ", if, show that external authentication passes through, can carry out data according to the data processing request that receives this moment and process, if not, authentification failure is so flow process finishes.

Wherein, terminal carry out according to the data processing request that receives that data process specifically can be as follows:

In addition, can also calculate consumption charge according to user profile, entry time and time for competiton, this consumption charge of deduction, optional from the CPU card, if in the CPU card, expense is not enough, terminal can also send warning, so that the user is pointed out, etc.

for example, specifically can be referring to Fig. 2 c, this figure is the scene schematic diagram in parking lot, wherein, this managing system of car parking also comprises parking lot controller, be used for the terminal to each import and export of parking lot, SAM card (comprising PSAM card and HSAM card etc.) and/or server are controlled, wherein, the PSAM card is arranged in the consumption terminal of Fig. 2 c, this consumption terminal is used for recording user information, the vehicle time for competiton, parking lot information and facility information, and according to calculation of price parking consumption charge, deduct the fee from the CPU subscriber card by the outlet terminal, if expense is not enough, alarm, the HSAM card is arranged on circle and deposits in terminal, and this circle is deposited terminal also referred to as the card add value terminal, and the circle that can accept the user is deposited and supplemented with money, the concrete operations under this application scenarios can be as follows:

When vehicle enters the parking lot, car owner's (being the user) brush CPU snaps in the field, at this moment, managing system of car parking comes the car owner is carried out authentication by carrying out ciphertext between CPU card and PSAM card alternately, begins simultaneously recording user information, vehicle entry time, parking lot information and facility information.Then, when vehicle leaves the parking lot, car owner's (being the user) brush CPU appears on the scene, at this moment, managing system of car parking carries out authentication to the car owner, begins simultaneously recording user information, vehicle time for competiton, parking lot information and facility information, and according to calculation of price parking consumption charge, deduct the fee from the CPU subscriber card by the outlet terminal, if expense is not enough, alarm.

In addition, optionally, card add value terminal in Fig. 2 c (is that the said circle of the embodiment of the present invention is deposited terminal, the HSAM card is installed) can also receive the data processing request (can be specifically charging request) of user's transmission, wherein, this data processing request is carried the first random number and application sequence number, the card add value terminal number sends to the HSAM card with this first random number and application sequence, come alternately the car owner is carried out authentication by carrying out ciphertext between CPU card and HSAM card, if be verified, accept this charging request, the CPU card is rised in value; That is to say, at the add value terminal place, the user can also deposit on machine, the CPU card to be enclosed at circle and deposit operation, and so that the CPU card is rised in value, certainly, the user also can manually be rised in value at card business centre management, does not repeat them here.

It should be noted that, except above-mentioned flow process, in order to add the fail safe of strong authentication, can also can authenticate the legitimacy of CPU, that is to say, terminal can also be carried out internal authentication to the CPU card before the data processing request that receives the transmission of CPU card, namely before according to data processing request, data being processed, the method can also comprise:

Obtain application sequence number to the CPU card, and obtain the second random number to SAM card (such as PSAM card or HSAM card etc.), this second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to this second random number, obtain the second enciphered data, receive the second enciphered data that the CPU card returns; The internal authentication order of carrying this second enciphered data and application sequence number is sent to the SAM card; Receive the response message that carries the internal authentication result that the SAM card returns.

At this moment, carrying out data according to described data processing request processes (being step 208) and is specifically as follows: determine that described external authentication result indication external authentication passes through, and when determining that this internal authentication result indication internal authentication passes through, carrying out data according to described data processing request processes, wherein, the mode that data are processed specifically can referring to the embodiment of front, not repeat them here.

As from the foregoing, the terminal of the present embodiment adopts the data processing request of carrying the first random number and application sequence number that receives that the CPU card sends, then this first random number and application sequence number are sent to the SAM card, by the SAM card, the first random number is encrypted, obtain the first enciphered data, the external authentication order that to be carried this first enciphered data by terminal sends to the CPU card, authenticated by the CPU card, if external authentication result indication external authentication is passed through, terminal is carried out the data processing according to this data processing request.because having adopted CPU card and SAM card interactive authentication and ciphertext, this scheme transmits (terminal and CPU card, between the SAM card, the transmission of data is not expressly, in this process, data have the association key protection, and support in card that by solidifying the SM1 algoritic module is encrypted and deciphers, even be illegally listened, because SM1 is underground, there is no decruption key and related algorithm, so also can't obtain expressly) mode user identity is verified, so can strengthen the protection to user data, particularly to the protection of user's cash flow safety, greatly improved the fail safe of managing system of car parking.

In addition, further, carry out the data processing according to this data processing request before, except carrying out also can carrying out internal authentication external authentication, if both carried out external authentication, also carried out internal authentication, its fail safe can be further enhanced, and does not repeat them here.

Embodiment three,

Method described according to front embodiment, below will be specially consumption terminal with terminal respectively and circle is deposited terminal, the SAM fixture body is PSAM card and HSAM(ISAM) card describes for example, namely respectively to consume and circle is deposited and supplemented two scenes with money and be described further as example.

During concrete enforcement, this managing system of car parking can comprise a plurality of terminals, many PSAM cards and/or many HSAM cards and/or ISAM card, wherein, corresponding many PSAM cards of each terminal or many HSAM cards or ISAM card, each terminal can corresponding many CPU cards.

(1) consumption;

1, consumption terminal is selected the PSAM card;

2, the PSAM card returns to the terminating machine numbering and consumes cipher key index to consumption terminal;

3, consumption terminal is selected CPU card (being subscriber card);

4, the CPU card returns to the information such as card issuer sign and application sequence number to consumption terminal;

5, consumption terminal is consumed initialization according to information such as terminating machine numbering, consumption cipher key index, card issuer's sign and application sequence number;

6, the CPU card sends data processing request, and to consumption terminal, wherein, this consumption request can be carried the information such as the first random number and CPU card transaction sequence number such as the consumption request, in addition, can also carry the information such as consumption key version number and consumption key algorithm sign;

7, consumption terminal sends to the PSAM card with information such as the first random number and CPU card transaction sequence numbers, utilize the PSAM calorimeter to calculate MAC1, such as, specifically can disperse master key, obtain process key, utilize this process key, adopt the encription algorithms approved by the State Password Administration Committee Office algorithm that this first random number is encrypted, obtain MAC1;

8, the PSAM card returns to MAC1 to consumption terminal;

9, consumption terminal sends the consumption order to the CPU card, and wherein, this consumption order can be carried MAC1;

10, the CPU card is decrypted MAC1, and when definite this first data decryption equals this first random number, returns to MAC2 and TAC2 to consumption terminal;

11, consumption terminal is the transaction verification code with MAC2 and TAC2(TAC) send to the PSAM card, by PSAM card verification MAC2, if verification is passed through, return to the response message that passes through of indication verification to consumption terminal, otherwise, return to the response message of indication verification failure to consumption terminal;

If 12 receive the response message that the indication verification is passed through, consumption terminal can be deducted the consumption amount of money on the CPU card.

(2) Application of composite consumption;

1, consumption terminal is selected the PSAM card;

2, the PSAM card return to terminating machine numbering and to consumption terminal to the consumption cipher key index;

3, consumption terminal is selected the CPU card;

5, consumption terminal sends Application of composite consumption initialization command to the CPU card;

6, the CPU card sends data processing request, such as Application of composite consumption is asked to consumption terminal, wherein, this Application of composite consumption request can be carried information such as returning to the first random number and subscriber card transaction sequence number, in addition, can also carry the information such as consumption key version number, consumption key algorithm sign, electronic purse balance amount, the limit of overdrawn account, algorithm sign;

8, the PSAM card returns to MAC1 to consumption terminal;

9, consumption terminal sends the CPU card and upgrades the order of Application of composite data buffer storage;

10, consumption terminal sends Application of composite consumption order to the CPU card, wherein, can carry MAC1 in Application of composite consumption order;

11, the CPU card is decrypted MAC1, and when definite this first data decryption equals this first random number, returns to MAC2 and TAC2 to consumption terminal;

12, MAC2 and TAC2 send to the PSAM card, by PSAM card verification MAC2, if verification is passed through, return to the response message that passes through of indication verification to consumption terminal, otherwise, return to the response message of indication verification failure to consumption terminal;

If 13 receive the response message that the indication verification is passed through, consumption terminal can be deducted the consumption amount of money on the CPU card.

(3) circle is deposited and is supplemented with money;

1, circle is deposited terminal and is selected the CPU card;

2, the CPU card returns to the information such as card issuer sign and application sequence number to consumption terminal;

3, circle is deposited terminal the CPU card is carried out validity check, and sends holder's password to the CPU card;

4, the CPU card returns to the message of the validity of indication holder password to terminal;

5, circle is deposited terminal and is deposited Initial message to CPU card transmission circle, and wherein, this circle is deposited and carried cipher key index in Initial message;

6, the CPU card checks whether cipher key index is correct, if correct, return to charging request and deposits terminal to circle, wherein, carries the information such as the first random number and MAC1 in this charging request;

7, circle is deposited terminal and is sent the information such as the first random number and MAC1 to the HSAM card in financial host (or ISAM card), and whether MAC1 is correct for the checking of HSAM card, if MAC1 is correct, the circle that deducts input from holder's personal account is deposited the amount of money, and produces MAC2;

8, after the HSAM card is successfully concluded the business, return to circle and deposit transaction message and deposit terminal to circle, such as MAC2, exchange hour;

9, circle is deposited circle that terminal returns to the HSAM card and is deposited transaction message and be sent to the CPU card, by the validity of CPU card checking MAC2, if MAC2 is correct, upgrades the corresponding data of stored value card, such as upgrading electronic purse balance amount, and the on-line transaction sequence number is added 1;

10, the CPU calorimeter is calculated TAC(transaction verification code), and return to the transaction verification code and deposit terminal to circle;

11, after circle is deposited the TAC of terminal reception CPU card transmission, being sent to main frame and verifying, if be verified, is CPU card successful recharging, and flow process finishes.

It should be noted that, above is only three concrete application scenarioss of the embodiment of the present invention, should not be construed as restriction, and, it should be understood that the embodiment of the present invention can also have other application scenarios, does not repeat them here.

As from the foregoing; the present embodiment equally also can be realized the described beneficial effect of front embodiment, namely can strengthen the protection to user data, particularly to the protection of user's cash flow safety; greatly improved the fail safe of managing system of car parking, do not repeated them here.

Embodiment four,

Accordingly, the embodiment of the present invention also provides a kind of data processing equipment that is applied to the parking lot, specifically can be used as the terminal of the embodiment of the present invention.As shown in Figure 3, this data processing equipment that is applied to the parking lot comprises the first receiving element 301, the first transmitting element 302, the second receiving element 303, the second transmitting element 304, the 3rd receiving element 305 and processing unit 306;

The first receiving element 301 be used for to receive the data processing request that the CPU card sends, and wherein, data processing request is carried the first random number and application sequence number;

The first transmitting element 302 is used for this first random number and application sequence number are sent to the SAM card;

The second receiving element 303 is used for receiving the first enciphered data that the SAM card returns;

The SAM Cali number disperses this master key with application sequence, obtains process key, utilizes this process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that this first random number is encrypted, and obtains the first enciphered data.

The second transmitting element 304 is used for sending the external authentication order to the CPU card, and wherein, this first enciphered data is carried in this external authentication order;

The 3rd receiving element 305 is used for receiving the response message that carries the external authentication result that the CPU card returns;

Wherein, this external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data, for example, if the SAM card adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that the first random number is encrypted, obtain the first enciphered data, this moment, the CPU fixture body can utilize the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption.

Processing unit 306 when being used for determining that this external authentication result indication external authentication is passed through, carrying out data according to this data processing request and processes.

For example, can the user data on server be processed according to this data processing request, such as, specific as follows:

Processing unit 306, specifically can be used for according to this data processing request, user data, and with described storage of subscriber data on server, wherein, user data comprises the information such as user profile, entry time, time for competiton, parking lot information and/or facility information.

In addition, processing unit 306 can also be used for calculating consumption charge according to user profile, entry time and time for competiton, the described consumption charge of deduction from described CPU card.

Optionally, when expense was not enough in the CPU card, terminal can also send warning, so that the user is pointed out.That is:

Processing unit 306 can also be used for when CPU card expense is not enough alarm.

In addition, optional, processing unit 306 can also be used for the CPU card is enclosed to deposit supplementing with money.

In addition, in order to add the fail safe of strong authentication, also can the legitimacy of CPU be authenticated, namely this data processing equipment that is applied to the parking lot can also comprise the internal authentication unit;

The internal authentication unit is used for obtaining application sequence number to the CPU card, and obtains the second random number to the SAM card; This second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to this second random number, obtain the second enciphered data; Receive the second enciphered data that the CPU card returns; Transmission is carried the internal authentication order of this second enciphered data and application sequence number to the SAM card; Receive the response message that carries the internal authentication result that the SAM card returns; Determine that this external authentication result indication external authentication passes through, and determine this internal authentication result (being the internal authentication result of carrying in the response message that returns of SAM card) indication internal authentication by the time, carry out data according to this data processing request and process.

Wherein, this authentication result (being the authentication result of carrying in the response message that returns of SAM card) is decrypted and authenticates gained by the SAM card to the second enciphered data, for example, and specifically can be as follows:

The SAM card number disperses inner authenticate key according to application sequence, obtains temporary key; Utilize this temporary key, adopt the close decipherment algorithm of state that this second enciphered data is decrypted, obtain the second data decryption; When determining that this second data decryption equals the second random number, generate the internal authentication result (the internal authentication result of namely indicating internal authentication to pass through) that the indication internal authentication passes through.

Optionally, if this second data decryption is not equal to this second random number, flow process finishes, perhaps, optionally, if this second data decryption is not equal to this second random number, also can generate the authentication result (namely indicating the internal authentication result of internal authentication failure) of indication internal authentication failure.

It should be noted that, the execution of external authentication and internal authentication can be in no particular order.

During concrete enforcement, above unit can be used as independently entity and realizes, also can carry out combination in any, comes entity as same entity, and the concrete enforcement of above unit can referring to the embodiment of the method for front, not repeat them here.

as from the foregoing, the first receiving element 301 of the data processing equipment that is applied to the parking lot of the present embodiment receives that the CPU cards send carries the data processing request of the first random number and application sequence number, then by the first transmitting element 302, this first random number and application sequence number are sent to the SAM card, by the SAM card, the first random number is encrypted, obtain the first enciphered data, by the second transmitting element 304 of terminal, this first enciphered data is carried at and sends to the CPU card in the external authentication order, authenticated by the CPU card, if external authentication result indication external authentication is passed through, the processing unit 306 of terminal carries out the data processing according to this data processing request.Because the mode that this scheme has adopted CPU card and SAM card interactive authentication and ciphertext to transmit is processed data (such as transaction data); so can strengthen the protection to user data; particularly to the protection of user's cash flow safety, the fail safe that has greatly improved managing system of car parking.

In addition, further, carry out the data processing according to this data processing request at processing unit 306 before, except carrying out external authentication, also can carry out internal authentication by the internal authentication unit, if both carried out external authentication, also carry out internal authentication, its fail safe can be further enhanced, and does not repeat them here.

Embodiment five,

Accordingly, the embodiment of the present invention also provides a kind of managing system of car parking, comprises terminal 401, CPU card 402 and SAM card 403; Wherein, terminal 401 be specially that the embodiment of the present invention provides any be applied to the data processing equipment in parking lot, for example, specifically can be as follows:

Terminal 401, be used for receiving the data processing request that the CPU card sends, wherein, this data processing request is carried the first random number and application sequence number, the first random number and application sequence number are sent to SAM card 403, receive the first enciphered data that SAM card 403 returns, transmission is carried the external authentication order of this first enciphered data to CPU card 402, receive the response message that carries the external authentication result that CPU card 402 returns, when determining that this external authentication result indication external authentication is passed through, carry out data according to data processing request and process;

CPU card 402 be used for to send data processing request to terminal 401, and wherein, this data processing request is carried the first random number and application sequence number; The external authentication order of carrying the first enciphered data that receiving terminal 401 sends is decrypted and authenticates the first enciphered data, obtains the external authentication result, and the external authentication result is sent to terminal 401;

SAM card 403 is used for the first random number that receiving terminal 401 sends and application sequence number, number the first random number is encrypted according to this application sequence, obtains the first enciphered data, and the first enciphered data is sent to terminal 401.

Optionally, wherein, SAM card 403 specifically can be used for utilizing this application sequence number described master key to be disperseed, and obtains process key, utilizes this process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that this first random number is encrypted, and obtains the first enciphered data.

This moment, CPU card 402 specifically can be used for utilizing the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption, when determining that this first data decryption equals this first random number, generates the external authentication result that the indication external authentication is passed through.

It should be noted that, if CPU card 402 determines that this first data decryption is not equal to this first random number, flow process finishes, and is perhaps optional, also can generate the external authentication result of indication external authentication failure.

Also it should be noted that, wherein, SAM card 403 can be arranged on facility, namely in terminal, deposits in terminal such as specifically being arranged on consumption terminal or circle, and wherein, circle is deposited terminal and is specifically as follows the machine of depositing that encloses.For example, SAM card 403 can comprise HSAM, ISAM and/or PSAM; HSAM can be arranged on circle and deposit in machine, is used to CPU card 402 to enclose to deposit the operation such as to supplement with money; ISAM can be arranged on circle and deposit in machine, also can be used to CPU card 402 to enclose to deposit the operation such as to supplement with money; The PSAM card can be arranged in consumption terminal, is used for CPU card 402 is carried out the operations such as consumption charge deduction.

In addition, as shown in Figure 5, this managing system of car parking can also comprise server 404;

Server 404 is used for user data is carried out store and management;

Terminal 401, specifically can be used for according to this data processing request, and the user data on server 404 is processed.For example, specifically can be as follows:

Terminal 401, specifically can be used for according to data processing request, user data, and with this storage of subscriber data on described server 404, wherein, user data can comprise the information such as user profile, entry time, time for competiton, parking lot information and/or facility information.

In addition, this terminal 401 can also be used for calculating consumption charge according to user profile, entry time and time for competiton, this consumption charge of deduction from described CPU card 402.

Optionally, terminal 401 also is used for when CPU card 402 expenses are not enough alarm.

In addition, optional, terminal 401 also is used for the CPU card is enclosed to deposit supplementing with money.

In addition, in order to add the fail safe of strong authentication, also can the legitimacy of CPU be authenticated, that is:

Terminal 401 can also be used for obtaining application sequence number to CPU card 402, and obtain the second random number to SAM card 403; This second random number is sent to CPU card 402, so that CPU card 402 adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to this second random number, obtain the second enciphered data; Receive the second enciphered data that CPU card 402 returns; Transmission is carried the internal authentication order of this second enciphered data and application sequence number to SAM card 403; Receive the response message that carries the internal authentication result that SAM card 403 returns; Determine that this external authentication result indication external authentication passes through, and determine this internal authentication result indication internal authentication by the time, carry out data according to this data processing request and process.

Wherein, the internal authentication result of carrying in the response message that SAM card 403 returns can be decrypted and authenticate gained by 403 pairs of the second enciphered datas of SAM card, for example, and specifically can be as follows:

SAM card 403 can also be used for number inner authenticate key being disperseed according to this application sequence, obtains temporary key; Utilize described temporary key, adopt the close decipherment algorithm of state that described the second enciphered data is decrypted, obtain the second data decryption; When determining that described the second data decryption equals the second random number, generate the internal authentication result that the indication internal authentication passes through, this internal authentication result is sent to terminal 401.

Optionally, SAM card 403, can also be used for when this second data decryption is not equal to this second random number, process ends, perhaps, optionally, when this second data decryption is not equal to this second random number, also can generate the internal authentication result (namely indicating the internal authentication result of internal authentication failure) of indication internal authentication failure.

During concrete enforcement, above each equipment can be used as independently entity and realizes, also can carry out combination in any, realize as same or several entities, such as, SAM card 403 specifically can be contained in terminal 401, etc.Wherein, terminal 401 specifically can comprise the modules such as micro-control unit, SAM card drive circuit, CPU card drive circuit, man-machine interface, communication interface and radio circuit interface; CPU card 402 comprises the IP kernel of supporting the close algorithm of state; SAM card 403 comprises the modules such as M1 algorithm coprocessor, cipher key calculation unit and security module; And server 404 can comprise and specifically can referring to the embodiment of front, not repeat them here SM1 security module etc.

as from the foregoing, terminal 401 in the managing system of car parking of the present embodiment can receive that the CPU card sends carries the data processing request of the first random number and application sequence number, then this first random number and application sequence number are sent to SAM card 403, be encrypted by 403 pairs of the first random numbers of SAM card, obtain the first enciphered data, sent by terminal 401 and carry the external authentication order of this first enciphered data to CPU card 402, authenticated by CPU card 402, if external authentication result indication external authentication is passed through, terminal 401 is carried out the data processing according to this data processing request.because having adopted CPU card 402 and SAM card 401 interactive authentications and ciphertext, this scheme transmits (terminal 401 and CPU card 402, between SAM card 403, the transmission of data is not expressly, in this process, data have the association key protection, and support in card that by solidifying the SM1 algoritic module is encrypted and deciphers, even be illegally listened, because SM1 is underground, there is no decruption key and related algorithm, so also can't obtain expressly) mode data are processed, so can strengthen the protection to user data, particularly to the protection of user's cash flow safety, greatly improved the fail safe of managing system of car parking.

One of ordinary skill in the art will appreciate that all or part of step in the whole bag of tricks of above-described embodiment is to come the relevant hardware of instruction complete by program, this program can be stored in a computer-readable recording medium, storage medium can comprise: read-only memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc.

Above a kind of data processing method, device and managing system of car parking that is applied to the parking lot that the embodiment of the present invention is provided is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for those skilled in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims

1. a data processing method that is applied to the parking lot, is characterized in that, comprising:

Receive the data processing request that the central processor CPU card sends, described data processing request is carried the first random number and application sequence number;

Described the first random number and application sequence number are sent to secure access module SAM card;

Send the external authentication order to the CPU card, the first enciphered data is carried in described external authentication order;

When determining that described external authentication result indication external authentication is passed through, carry out data according to described data processing request and process.

2. method according to claim 1, is characterized in that, described the first enciphered data number is encrypted gained to described the first random number by the SAM card according to described application sequence, is specially:

The SAM Cali number disperses described master key with described application sequence, obtains process key;

Utilize described process key, adopt the encription algorithms approved by the State Password Administration Committee Office algorithm that described the first random number is encrypted, obtain the first enciphered data.

3. method according to claim 2, is characterized in that, described external authentication result is decrypted and authenticates gained by the CPU card to the first enciphered data, is specially:

The CPU Cali is decrypted the first enciphered data with the close decipherment algorithm of state, obtains the first data decryption;

When determining that described the first data decryption equals described the first random number, generate the external authentication result that the indication external authentication is passed through.

4. the described method of according to claim 1 to 3 any one, is characterized in that, describedly carries out data according to described data processing request and process, and is specially:

5. method according to claim 4, is characterized in that, and is described according to described data processing request, user data, and with after described storage of subscriber data is on described server, also comprise:

6. method according to claim 5, is characterized in that, the method also comprises:

When expense is not enough in described CPU card, alarm.

7. method according to claim 1, is characterized in that, describedly carries out also comprising before data process according to described data processing request:

Obtain application sequence number to the CPU card, and obtain the second random number to the SAM card;

Described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data;

Receive the second enciphered data that the CPU card returns;

Send the internal authentication order to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order;

Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data;

When described definite described external authentication result indication external authentication is passed through, carrying out data according to described data processing request processes and to be specially: determine that described external authentication result indication external authentication passes through, and when determining that described internal authentication result indication internal authentication passes through, carry out data according to described data processing request and process.

8. method according to claim 7, is characterized in that, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data, comprising:

The SAM card number disperses inner authenticate key according to described application sequence, obtains temporary key;

Utilize described temporary key, adopt the close decipherment algorithm of state that described the second enciphered data is decrypted, obtain the second data decryption;

When determining that described the second data decryption equals the second random number, generate the internal authentication result that the indication internal authentication passes through.

9. a data processing equipment that is applied to the parking lot, is characterized in that, comprising:

The first receiving element be used for to receive the data processing request that the central processor CPU card sends, and described data processing request is carried the first random number and application sequence number;

The first transmitting element is used for described the first random number and application sequence number are sent to secure access module SAM card;

10. the data processing equipment that is applied to the parking lot according to claim 9, is characterized in that,

Described processing unit, concrete being used for according to described data processing request, user data, and with described storage of subscriber data on server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or facility information.

11. the data processing equipment that is applied to the parking lot according to claim 10 is characterized in that,

Described processing unit also is used for calculating consumption charge according to user profile, entry time and time for competiton, the described consumption charge of deduction from described CPU card.

12. the data processing equipment that is applied to the parking lot according to claim 11 is characterized in that,

Described processing unit also is used for when described CPU card expense is not enough alarm.

13. the data processing equipment that is applied to the parking lot according to claim 9 is characterized in that, also comprises the internal authentication unit;

The internal authentication unit is used for obtaining application sequence number to the CPU card, and obtains the second random number to the SAM card; Described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data; Receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data;

Described processing unit specifically is used for determining that described external authentication result indication external authentication passes through, and determine described internal authentication result indication internal authentication by the time, carry out data according to described data processing request and process.

14. a managing system of car parking is characterized in that, comprises terminal, central processor CPU card and secure access module SAM card;

Described terminal, be used for receiving the data processing request that the CPU card sends, described data processing request is carried the first random number and application sequence number, described the first random number and application sequence number are sent to the SAM card, receive the first enciphered data that the SAM card returns, send the external authentication order to the CPU card, the first enciphered data is carried in described external authentication order, receive the response message that carries the external authentication result that the CPU card returns, when determining that described external authentication result indication external authentication is passed through, carry out data according to described data processing request and process;

Described CPU card be used for to send data processing request to described terminal, and described data processing request is carried the first random number and application sequence number; Receive the external authentication order of first enciphered data of carrying of described terminal transmission, the first enciphered data is decrypted and authenticates, obtain the external authentication result, the external authentication result is sent to described terminal;

15. managing system of car parking according to claim 14 is characterized in that,

Described SAM card concrete is used for utilizing described application sequence number described master key to be disperseed, and obtains process key, utilizes described process key, adopts the encription algorithms approved by the State Password Administration Committee Office algorithm that described the first random number is encrypted, and obtains the first enciphered data.

16. managing system of car parking according to claim 15 is characterized in that,

Described CPU card, concrete being used for utilizes the close decipherment algorithm of state that the first enciphered data is decrypted, and obtains the first data decryption, when determining that described the first data decryption equals described the first random number, generates the external authentication result that the indication authentication is passed through.

17. according to claim 14 to the 16 described managing system of car parking of any one, it is characterized in that, also comprise server;

Described server is used for user data is carried out store and management;

Described terminal, concrete being used for according to described data processing request, process the user data on server.

18. managing system of car parking according to claim 17 is characterized in that,

Described terminal, concrete being used for according to described data processing request, user data, and with described storage of subscriber data on described server, described user data comprises user profile, entry time, time for competiton, parking lot information and/or facility information.

19. managing system of car parking according to claim 18 is characterized in that,

Described terminal also is used for calculating consumption charge according to user profile, entry time and time for competiton, the described consumption charge of deduction from described CPU card.

20. managing system of car parking according to claim 19 is characterized in that,

Described terminal also is used for when described CPU card expense is not enough alarm.

21. managing system of car parking according to claim 14 is characterized in that,

Described terminal also is used for obtaining application sequence number to the CPU card, and obtains the second random number to the SAM card; Described the second random number is sent to the CPU card, so that the CPU card adopts the internal authentication key to carry out encription algorithms approved by the State Password Administration Committee Office to described the second random number, obtain the second enciphered data; Receive the second enciphered data that the CPU card returns; Send the internal authentication order to the SAM card, described the second enciphered data and application sequence number are carried in described internal authentication order; Receive the response message that carries the internal authentication result that the SAM card returns, described internal authentication result is decrypted and authenticates gained by the SAM card to the second enciphered data; Determine that described external authentication result indication external authentication passes through, and determine described internal authentication result indication internal authentication by the time, carry out data according to described data processing request and process.

22. managing system of car parking according to claim 21 is characterized in that,

Described SAM card also is used for number inner authenticate key being disperseed according to described application sequence, obtains temporary key; Utilize described temporary key, adopt the close decipherment algorithm of state that described the second enciphered data is decrypted, obtain the second data decryption; When determining that described the second data decryption equals the second random number, generate the internal authentication result that the indication internal authentication passes through.