Patent Application
20230370838
The present invention relates to a terminal for reading a card and working method therefor, which belongs to communication security technology field.
Cards are widely used everywhere in human life. Because there are many types of cards, the meaning scope of a card reading terminal which supports using a card is wide as well. Generally, a working method of a card reading terminal is: after acquiring a host instruction from a host, the card reading terminal sends the host instruction to the card directly; when receiving a host response returned from the card, the card reading terminal sends the host response to the host; there is no secure processing of communication data between the card reading terminal and the card, therefore the communication data is easily to be intercepted, leaked or tampered and security level is low. In prior art, it requires a card reading terminal and a working method thereof to solve this problem.
The object of the present invention is to provide a terminal for reading a card and working method therefor, which securely processes communication data between the card reading terminal and the card. Therefore, it is hard to intercept, leak or tamper the communication, which improves security greatly.
Thus, according to one aspect of the present invention, there is provided a working method for a card reading terminal, which comprises the following steps:
According to another aspect of the present invention, there is provided a terminal for reading a card, which includes a receiving module, a first determining module, a first judging module, a first acquiring module, a second determining module, a second acquiring module, a third acquiring module, a first obtaining module, a fourth acquiring module, a first decrypting module, a generating module, a second obtaining module, an updating module, a third obtaining module, a fourth obtaining module, a reading module, a second judging module, a identifying module, a fifth obtaining module, a third judging module, an executing module, a fifth acquiring module, a sixth acquiring module, an encrypting module, a second decrypting module and a sending module;
According to the present invention, there is provided a terminal for reading a card and a method for making a terminal for reading a card; in the claimed method, any communication data between the card reading terminal and the card is transmitted in cipher text via a secure channel, which can avoid that the communication data to be intercepted, leaked or tampered and improves security of communication; meanwhile, it is compatible to a standard card reading process, which has a good generality.
According to the present invention, the communication data between the card reading terminal and the card is processed securely, which is hard to be intercepted, leaked and tampered, so that the security is improved greatly.
In order to make the purpose of this invention, technical solution and advantage are more clearly understood, in conjunction with attached drawings and implementation Examples, the present disclosure will be further described in detail below.
Embodiment 1 provides a working method of a card reading terminal, as shown in
Step 100, when the card reading terminal receives the instruction sent from a host, the card reading terminal determines type of an instruction, if the instruction is a secure channel establishing instruction, execute Step S101, if the instruction is a card communicating instruction, execute Step S104.
Step 101, the card reading terminal determines whether a secure channel is established, if yes, sends information that secure channel is established successfully to the host, go back to Step S100; otherwise, execute Step S102.
Preferably, in Step 101, acquiring original card data specifically includes: the card reading terminal judges whether a first type card data exists in the secure channel establishing instruction, if yes, determines the original card data according to the first type card data, otherwise, receives the first type card data input.
Preferably, in Step 101, acquiring original card data specifically comprises: the card reading terminal acquires a second type card data from the secure channel establishing instruction, computes the second type card data to obtain original card data.
Step 102, the card reading terminal acquires card parameter of a card, determines an objective identification according to the card parameter, acquires a function package corresponding to the objective identification, acquires original card data; obtains a derived key according to a preset second parameter package, the original card data and the function package, acquires cipher text of random data from the card, obtains card random data by decrypting the cipher text of random data according to the derived key; generates random data package; obtains mapping data package according to the card random data, the random data package, a preset first parameter package and the function package; updates the first parameter package according to the mapping data package; obtains a session key package according to the random data package, the updated first parameter package and the second parameter package; execute Step S03;
Preferably, acquiring the original card data specifically comprises: the card reading terminal determines type of original card data according to the secure channel establishing instruction, if the type is a first type, determines the original card data according to a first type card data; if the type is a second type, determines the original card data according to a second type card data.
Further, that the card reading terminal determines type of the original card data according to the secure channel establishing instruction specifically is: the card reading terminal determines type of original card data according to datum of a preset byte in the secure channel establishing instruction, if the datum of the preset byte is a sixth preset data, the type of original card data is a first type; if the datum of the preset byte is a seventh preset data, the type of original card data is a second type.
Further, determining the original card data according to the first type card data specifically is: the card reading terminal receives a first type card data input, codes the first type card data to obtain the original card data.
Further, receiving the first type card data input specifically includes: the card reading terminal prompts inputting a first type card data, receives and displays the first type card data synchronously.
Further, determining the original card data according to the first type card data specifically is: the card reading terminal receives a first type card data from the secure channel establishing instruction, if the first type card data can be acquired from the secure channel establishing instruction, records the first type card data as original card data.
Further, the method further includes: if the first type card data cannot be acquired from the secure channel instruction, the card reading terminal receives the first type card data input, codes the first type card data to obtain the original card data.
Further receiving the first type card data input includes: the card reading terminal prompts inputting the first type card data, receives and displays the first type card data synchronously.
Further, acquiring the original card data specifically includes: the card reading terminal acquires a second type card data from the secure channel establishing instruction, computes the second type card data to obtain original card data.
Preferably, acquiring the original card data specifically includes: the card reading terminal receives the first type card data input, codes the first type card data to obtain the original card data.
Further, receiving the first type card data input specifically is: the card reading terminal prompts inputting the first type card data, receives and displays the first type card data input synchronously.
Preferably, Step 102 further includes: the card reading terminal sends a document selecting instruction to the card, determines type of a document selecting response, if the type is correct response, executes acquiring card parameter; if the type is error response, sends error reporting information to the host, waits for receiving a new instruction sent from the host, then goes back to Step 100.
Preferably, in Step 102, determining an objective identification according to the card parameter specifically includes: the card reading terminal sends a parameter acquiring instruction to the card, acquires card object identification zone data from a parameter acquiring response returned from the card, acquires a preset terminal objective identification list; determines an objective identification according to the card object identification zone data and the terminal objective identification list, acquires a function package corresponding to the determined objective identification.
Further, determining an objective identification according to the card object identification zone data and the terminal objective identification list, acquiring a function package corresponding to the determined objective identification specifically is: the card reading terminal determines an objective identification list according to the card object identification zone data and the terminal objective identification list, selects an objective identification, acquires a function package corresponding to the selected objective identification.
Preferably, in Step 102, before acquiring the original card data, the method further comprises: the card reading terminal sends an objective identification instruction including an objective identification to the card; and when receiving an objective identification response, executes acquiring original card data.
Step 103, the card reading terminal obtains a terminal authenticated token according to the session key package and the function package; reads a card authenticated token from the card according to the terminal authenticated token, judges whether the secure channel is established successfully according to the terminal authenticated token and the card authenticated token, if yes, identifies that secure channel is established and obtains a secure session key according to the session key package and stores the secure session key; sends information that establishing secure channel is successful to the host, goes back to Step S100, otherwise, sends information that establishing secure channel is failed to the host, then goes back to Step 100.
Preferably, in Step 103, reading the card authenticated token from the card according to the terminal authenticated token specifically is: the card reading terminal organizes an authenticated token exchanging instruction, sends the authenticated token exchanging instruction to the card; when receiving an authenticated token exchanging response returned from the card, obtains the card authenticated token from the authenticated token exchanging response.
Preferably, in Step 103, determining whether a secure channel is established successfully according to the card authenticated token and the terminal authenticated token specifically is: the card reading terminal determines whether the card authenticated token and the terminal authenticated token are identical, if yes, a secure channel is established successfully; otherwise, a secure channel is established unsuccessfully.
Step 104, the card reading terminal determines whether the secure channel is established, if yes, goes to Step 105, otherwise executes standard communication between terminal and card, then goes back to Step 100.
Step 105, the card reading terminal acquires card communication data from the card communicating instruction; acquires a stored secure session key; uses the secure session key to encrypt the card communication data to obtain cipher text of the card communication data, sends the cipher text of the card communication data to the card; uses the secure session key to decrypt a cipher text of card communication response sent from the card to obtain a card communication response, returns the card communication response to the host, then goes back to Step 100.
In Embodiment 1, the working method further includes: when detecting that the card leaves field, the card reading terminal identifies that the secure channel is not established.
Preferably, in Embodiment 1, Step 102 includes the following steps.
Corresponding, Step M01, the card reading terminal sends a parameter acquiring instruction; determines an objective identification according to a parameter acquiring response returned by the card, acquires a function package corresponding to the objective identification; and acquires original card data.
Correspondingly, Step M02, the card reading terminal obtains a derived key according to a preset second parameter package, the original card data and the function package; reads cipher text of random data from the card; and uses the derived key to decrypt the cipher text of random data so as to obtain card random data.
Further, in Step M02, that the card reading terminal obtains a derived key according to a preset second parameter package, the original card data and the function package specifically is: the card reading terminal takes a first preset parameter and the original card data as parameters to invoke a key derivation function in the function package to obtain the derived key.
Further, in Step M02, reading the cipher text of the random data from the card specifically is: the card reading terminal sends a random number exchanging instruction to the card; when receiving a random number exchanging response returned from the card, acquires the cipher text of random data form the random exchanging response.
Correspondingly, Step M03, the card reading terminal generates a first random data in the random data package; obtains a first terminal public key according to the first random data, a preset first parameter package and the function package; reads a first card public key from the card according to the first terminal public key; obtains a first mapping data package according to the first card public key, the first random data, the card random data, the first parameter package and the function package, and updates the first parameter package according to the first mapping data package.
Further, in Step M03, obtaining a first terminal public key according to the first random data, a preset first parameter package and the function package specifically is: the card reading terminal takes the first random data, the preset first parameter package as parameters to invoke a key generating function in the function package so as to obtain a first terminal public key.
Further, in Step M03, reading the first card public key from the card according to the first terminal public key specifically is: the card reading terminal organizes a first public key exchanging instruction according to the first terminal public key; sends the first public key exchanging instruction to the card; when receiving a first public key exchanging response returned from the card, acquires the first card public key from the first public key exchanging response.
Further, in Step M03, obtaining a first mapping data package according to the first card public key, the first random data, the card random data, the first parameter package and the function package specifically is: the card reading terminal obtains a first shared key according to the first card public key, the first random data, the first parameter package and the function package to obtain a first shared key; obtains a first mapping data package according to the card random data, the first random data, the first shared key and the function package.
Further, that the card reading terminal obtains a first shared key according to the first card public key, the first random data, the first parameter package and the function package to obtain the first shared key specifically is: the card reading terminal takes the first card public key, the first random data and the first parameter package as parameters to invoke a key negotiating function in the function package so as to obtain the first shared key.
Further, obtaining a first mapping data package according to the card random data, the first random data, the first shared key and the function package specifically is: the card reading terminal takes the card random data, the first random data, the first shared key and the function package as parameters to invoke a mapping function in the function package so as to obtain a first mapping data package.
Further, the mapping function is a universal mapping function or an authentication mapping function.
Further, Step M03 is substituted by: the card reading terminal generates a first random data in the random data package, obtains a second mapping data package according to the first random data, the card random data, a preset first parameter package and the function package; updates the first parameter package according to the second mapping data package.
Further, obtaining a second mapping data package according to the first random data, the card random data, a preset first parameter package and the function package; updating the first parameter package according to the second mapping data package specifically is: the card reading terminal takes the card random data and the first random data as parameters to invoke a pseudorandom function to obtain pseudorandom data; takes the pseudorandom data and a preset first parameter package as parameters to invoke a mapping function in the function package to obtain a second mapping data package; updates the first parameter package according to the second mapping data package; the mapping function is a composite mapping function.
Further, Step M03 specifically includes: the card reading terminal organizes a random data transferring instruction according to the first random data, sends the random data transferring instruction to the card; when receiving a random data transferring response, obtains a second mapping data package according to the first random data, the card random data, a preset first parameter package and the function package; updates the first parameter package according to the second mapping data package.
Correspondingly, Step M04, the card reading terminal generates a second random data in the random data package; obtains a second terminal public key according to the second random data, the updated first parameter package and the function package; reads a second card public key from the card according to the second terminal public key; obtains a second shared key according to the second card public key, the second random data, the updated first parameter package and the function package.
Further, in Step M04, obtaining the second terminal public key according to the second random data, the updated first parameter package and the function package specifically is: the card reading terminal takes the second random data and the updated first parameter as parameters to invoke a key generating function in the function package so as to obtain the second terminal public key.
Further, in Step M04, reading a second card public key from the card according to the second terminal public key specifically is: the card reading terminal organizes a second public key exchanging instruction according to the second terminal public key, sends the second public key exchanging instruction to the card; when receiving a second public key exchanging response returned from the card, and obtains a second card public key from the second public key exchanging response.
Further, in Step M04, obtaining a second shared key according to the second card public key, the second random data, the updated first parameter package and the function package specifically is: the card reading terminal takes the second card public key, the second random data and the updated first parameter package as parameters to invoke the key negotiating function in the function package to obtain the second shared key.
Correspondingly, Step M05: the card reading terminal obtains a session key package according to the second parameter package, the second shared key and the function package.
Further, Step M05 specifically is: the card reading terminal takes a second preset parameter in the second parameter package and the second shared key as parameters to invoke a key derivation function in the function package to obtain a first session key in the session key package; takes a third preset parameter in the second parameter package and the second shared key as parameters to invoke a key derivation function in the function package so as to obtain a second session key in the session key package.
Further, in Step 103, obtaining a terminal authenticated token according to the session key package and a function package specifically is: the card reading terminal invokes a token function in the function package according to the first session key in the session key package to obtain a terminal authenticated token.
Further, in Step 103, obtaining a secure session key according to the session key package and storing the secure session key specifically is: the card reading terminal takes a second session key in the session key package as a secure session key and stores the secure session key.
Embodiment 2 provides a working method of card reading terminal; as shown in
Step 201, when receiving an instruction sent from a host, the card reading terminal determines type of the instruction, if the instruction is a secure channel establishing instruction, execute Step 202; if the instruction is a card communicating instruction, execute Step 218.
Preferably, Step 201 specifically is: when receiving an instruction sent from a host, the card reading terminal obtains data from the first byte to the fourth byte and data of the sixth byte in the instruction, determines type of the instruction according to the data from the first byte to the fourth byte and data of the sixth byte, if the data from the first byte to the fourth byte is a first preset data and data of the sixth byte is a second preset data, the instruction is a secure channel establishing instruction, execute Step 202, otherwise the instruction is a card communicating instruction, execute Step 218.
For example, when receiving an instruction, i.e. 0xFFC201200C020900020006303130363234, sent from a host, the card reading terminal obtains data from the first byte to the fourth byte and data of the sixth byte in the instruction, determines type of the instruction according to the data from the first byte to the fourth byte and data of the sixth byte, if the data from the first byte to the fourth byte is the first preset data, i.e. 0xFFC20120, and data of the sixth byte is the second preset data i.e. 0x02, the instruction is a secure channel establishing instruction, execute Step 202, otherwise the instruction is a card communicating instruction, execute Step 218.
Step 202, the card reading terminal judges whether a secure channel is established according to a preset identification, if yes, sends a successful establishing response to the host and waits for receiving a new instruction, go back to Step 201; otherwise, execute Step 203.
In Embodiment 2, the card reading terminal presets a preset identification, which is for identifying whether a secure channel is established.
Preferably, Step 202 specifically is: the card reading terminal determines type of the preset identification, if the preset identification is a fourth preset data which means that a secure channel is established, the card reading terminal sends a successful establishing response to the host, waits for receiving a new instruction sent from the host, go back to Step 201; if the preset identification is a fifth preset data which means that a secure channel is not established, execute Step 203.
For example, the card reading terminal determines type of the preset identification, if the preset identification is a fourth preset data 0x01 which means that a secure channel is established, the card reading terminal sends a successful establishing response to the host, waits for receiving a new instruction sent from the host; if the preset identification is a fifth preset data 0x00 which means that a secure channel is not established, execute Step 203.
Preferably, Step 202 specifically is: the card reading terminal judges whether a preset identification is equal to a fourth preset data, if yes, it means that a secure channel is established, the card reading terminal sends a successful establishing response to the host, waits for receiving a new instruction sent from a host, go back to Step 201; if no, it means that a secure channel is not established, execute Step 203.
Preferably, Step 202 specifically is: the card reading terminal judges whether a preset identification is set, if yes, it means that a secure channel is established, the card reading terminal sends a successful establishing response to the host, waits for receiving a new instruction sent from a host, go back to Step 201; if no, it means that a secure channel is not established, execute Step 203.
Preferably, Step 202 specifically is: the card reading terminal judges whether set data of the preset identification is equal to a fifth preset data, if yes, it means that a secure channel is not established, execute Step 203; if no, it means that a secure channel is established, the card reading terminal sends a successful establishing response to the host, waits for receiving a new instruction sent from a host, then goes back to Step 201.
Preferably, the working method in Embodiment 2 further includes: if the card reading terminal detects that the card left the field, the card reading terminal sets the set data of the preset identification to be a fifth preset data.
Step 203, the card reading terminal determines type of original card data according to the secure channel instruction establishing instruction, if the type is a first type, execute Step 205; if the type is a second type, execute Step 204.
In Embodiment 2, if the type of the original card data is a first type, in the following step, original card data is obtained according to a first type of card data, if the type of the original card data is a second type, in the following step, original card data is obtained according to a second type card data; the first type of card data printed or marked on the card when the card leaves factory is used as an original factor subsequently for attending process of establishing a secure channel between the card reading terminal and the card; the second type of card data printed or marked on the card, for example, the card is an identity card which can be read by the card reading terminal, when the card leaves factory, the second type of card data is used as an original factor subsequently for attending process of establishing a secure channel between the card reading terminal and the card.
Preferably, Step 203 specifically is: the card reading terminal acquires a sixth preset byte data from the secure channel establishing instruction, judges type of the six preset byte data, if the type is a sixth preset data, the original card data is the first type, execute Step 205; if the type is a seventh preset data, the original card data is the second type, execute Step 204.
Further, Step 203 specifically is: the card reading terminal acquires a ninth byte of data in the secure channel establishing instruction and takes the acquired ninth byte of data as a sixth preset byte data, judges type of the sixth preset byte data, if the type is sixth preset data, the original card data is the first type, execute Step 205; if the type is a seventh preset data, the original card data is a second type, execute Step 204.
For example, the card reading terminal acquires a ninth byte of data in the secure channel establishing instruction and takes the acquired ninth byte of data as a sixth preset byte data, judges type of the sixth preset byte data 0x02, if the type is sixth preset data, the original card data is the first type, execute Step 205; if the type is a seventh preset data 0x01, the original card data is the second type, execute Step 204.
Step 204, the card reading terminal acquires a second type card data from the secure channel establishing instruction, computes the second type card data to obtain the original card data; execute Step 208.
For example, in Step 204 of the present Embodiment 2, if the secure channel establishing instruction is 0xFFC2012060025D0001005A493C55544F443233313435383930373C3C3C3C3C 3C3C3C3C3C3C3C3C3C3C37343038313232463132303431353955544F3C3C3C3 C3C3C3C3C3C3C3C364552494B53534F4E3C3C414E4E413C4D415249413C3C3 C3C3C3C3C3C3C3C,
Preferably, Step 204 specifically is: the card reading terminal acquires a second type card data from the secure channel establishing instruction, performs sha-1 operation on the second type card data to obtain the original card data; execute Step 208.
Preferably, the second type card data can be formed by a sequence number, a birth data and an expiration date.
Step 205, the card reading terminal judges whether a first type card data exists in the secure channel establishing instruction, if yes, execute Step 206; if no, execute Step 207.
Preferably, before Step 205, the method further includes: the card reading terminal powers up, performs initializing; executes card inquiring operating; sends ART data to the host; connects the card when receiving a card connecting instruction sent from the host, sends a successful connecting response to the host.
Further, before Step 205, the method further includes: the card reading terminal communicates with the host via USB interface.
Further, before Step 205, the method further includes: the card reading terminal communicates with the host via Bluetooth.
Preferably, Step 205 specifically is: the card reading terminal acquires a third preset byte data from the secure channel establishing instruction, judges whether original card data exists in the secure channel establishing instruction according to the third preset byte data and a third preset data, if yes, execute Step 206; if no, execute Step 207.
Further, Step 205 specifically is: the card reading terminal acquires a third preset byte data from the secure channel establishing instruction, judges whether the third preset byte data is equal to a third preset data, if yes, it means that a first type card data exists in the secure channel establishing instruction, execute Step 206; if no, it means that a first type card data does not exist in the secure channel establishing instruction, execute Step 207.
Further, Step 205 specifically is: the card reading terminal acquires data of the fifth byte of the secure channel establishing instruction and takes the data of the fifth byte of the secure channel establishing instruction as a third preset byte data, judges whether the third preset byte data is equal to a third preset data, if yes, it means that a first type card data exists in the secure channel establishing instruction, execute Step 206; if no, it means that a first type card data does not exist in the secure channel establishing instruction, execute Step 207.
For example, the card reading terminal acquires data of the fifth byte of the secure channel establishing instruction and takes the data of the fifth byte of the secure channel establishing instruction as a third preset byte data, judges whether the third preset byte data is equal to a third preset data 0x0C, if yes, it means that a first type card data exists in the secure channel establishing instruction, execute Step 206; if no, it means that a first type card data does not exist in the secure channel establishing instruction, execute Step 207.
Step 206, the card reading terminal obtains original card data from the secure channel establishing instruction, execute Step 208.
Preferably, Step 206 specifically is: the card reading terminal acquires the last six bytes of data of the secure channel establishing instruction and takes the last six bytes of data of the secure channel establishing instruction as the original card data; execute Step 207.
For example, the card reading terminal acquires the last six bytes of data, i.e. 0x303130363234 of the secure channel establishing instruction 0xFFC201200C020900020006303130363234 and takes 0x303130363234 as the original card data; execute Step 207.
Preferably, Step 206 further includes: the card reading terminal stores the original card data.
Step 207, the card reading terminal prompts a user to input a first type card data; converts the first type card data to obtain the original card data when receiving the first type card data, execute Step 208.
For example, the secure channel establishing instruction is 0xFFC2012006020300020000, Step 208 is executed.
Preferably, Step 207 specifically is: the card reading terminal prompts the user to input the first type card data via the card reading terminal; converts the decimal first type card data into hexadecimal data to obtain original card data when receiving the first type card data input, then executes Step 208.
In Embodiment 2, the card reading terminal has function of inputting, which includes many input ways, for example, voice input, keyboard input, input by scanning two dimension code, input by scanning number marked on the card, etc.
For example, the card reading terminal prompts the user to input a first type card data 010624 via the card reading terminal; when receiving the type card data 010624 input, the card reading terminal converts the decimal first type card data 010624 into hexadecimal data to obtain original card data 0x303130363234, execute Step 208.
Preferably, Step 207 further includes: the card reading terminal displays the first type card data input; in this case, when the user input the data via the keyboard the input data will be displayed via a display screen, which is easy for the user to check and amend the first type card data input.
For example, the card reading terminal displays the input first type card data 010624.
Preferably, Step 207 further includes: when the card reading terminal does not receive original card data, the card reading terminal sends information of error reporting to the host.
Preferably, Step 207 further includes: the card reading terminal stores the original card data.
Step 208, the card reading terminal sends a card selecting instruction to the card, when receiving a document selecting response from the card, the card reading terminal determines type of the document selecting response, if the type is a first type response, execute Step 209; if the type is a second type response, sends information of error reporting to the host, waits for receiving a new instruction sent from the host, then goes back to Step 201.
Preferably, Step 208 specifically is: the card reading terminal sends a document selecting instruction to the card, when receiving a document selecting response from the card, the card reading terminal judges type of the document selecting response, if the type is correct response, execute Step 209; if the type is error response, send information of error reporting to the host, waits for receiving a new instruction sent from the host, then goes back to Step 201.
For example, the card reading terminal sends a document selecting instruction 0x00A4020C02011C to the card, when receiving a document selecting response from the card, the card reading terminal judges type of the document selecting response, if the type is correct response 0x9000, execute Step 209; if the type is error response 0x00, sends information of error reporting to the host, waits for receiving a new instruction sent from the host, go back to Step 201.
Step 209, the card reading terminal sends a parameter acquiring instruction; when receiving a parameter acquiring response returned from the card, the card reading terminal determines an objective identification and a corresponding function package according to the parameter acquiring response; the function package includes a key derivation function, a mapping function, a key generating function, a key negotiating function and a token function.
Preferably, Step 209 specifically is: the card reading terminal sends a parameter acquiring instruction; when receiving a parameter acquiring response returned from the card, acquires card object identification zone data from the parameter acquiring response, acquires a preset terminal objective identification list; determines an objective identification according to the card object identification zone data and the terminal objective identification list, acquires a function package corresponding to the determined objective identification; the function package includes a key derivation function, a mapping function, a key generating function, a key negotiating function and a token function.
Preferably, Step 209 specifically is: the card reading terminal sends a parameter acquiring instruction; when receiving a parameter acquiring response returned from the card, acquire card object identification zone data from the parameter acquiring response, acquires a preset terminal objective identification list; determines an objective identification list according to the card object identification zone data and the terminal objective identification list, selects an objective identification from the objective identification list, acquires a function package corresponding to the selected objective identification; the function package includes a key derivation function, a mapping function, a key generating function, a key negotiating function and a token function.
In Step 209, when the mapping function is a second function type, the function package further includes a pseudorandom function.
In Step 209, in case that an objective identification list is determined according to the card object identification zone data and the terminal objective identification list, the common part of the card object identification zone data and the terminal objective identification list construct the objective identification list.
For example, in Step 209, the mapping function is the first function type, i.e. a universal function, the card reading terminal sends a parameter acquiring instruction 0x0060000000 to the card; when receiving a parameter acquiring response, i.e. 0x3170300D0608 04007F000702010201 0101300F060A04007F000702010302010201013012060A04007F00070201040201 02010201010D3012060A04007F0007020104020102010201010D3012060A04007F 000702010401020101020101003012060A04007F000702010401010201020101009 000, returned from the card, the card reading terminal acquires card object identification zone data from the parameter acquiring response, acquires a preset terminal objective identification list; determines an objective identification list according to the card object identification zone data and the terminal objective identification list, selects an objective identification from the objective identification list, acquires a function package corresponding to the selected objective identification; the function package includes a key derivation function, a mapping function, a key generating function, a key negotiating function and a token function.
Step 210, the card reading terminal organizes an objective identification instruction according to the objective identification, sends the objective identification instruction to the card; when receiving an objective identification response, acquires the original card data; takes a first preset parameter and the original card data as parameter and invokes the derivation function in the function package to obtain a derived key.
For example, the card reading terminal organizes an objective identification instruction 0x0022C1A412800A04007F00070201040 20183010284010D according to the objective identification, sends the objective identification instruction 0x0022C1A412800A04007F000702010 4020183 010284010D to the card; when receiving an objective identification response 0x9000, acquires the original card data 0x303130363234, takes a first preset parameter and the original card data 0x303130363234 as parameter and invokes the derivation function SHA-1 in the function package to obtain a derived key.
Preferably, Step 210 specifically is: the card reading terminal organizes an objective identification instruction according to the objective identification, sends the objective identification instruction to the card; when receiving an objective identification response, acquires the original card data; processes the original card data to obtain card processing data; takes a first preset parameter and the original card data as parameter and invokes the derivation function in the function package to obtain a derived key.
Further, the card reading terminal organizes an objective identification instruction according to the objective identification, sends the objective identification instruction to the card; when receiving an objective identification response, acquires the original card data; codes the original card data to obtain card processing data; takes a first preset parameter and the original card data as parameters and invokes the derivation function in the function package to obtain a derived key.
Step 211, the card reading terminal sends a random number exchanging instruction to the card; when receiving a random number exchanging response returned from the card, acquires cipher text of random data from the random number exchanging response, uses the derived key to decrypt the cipher text of random data to obtain card random data; generates a first random data; checks type of the mapping function in the function package, if the mapping function is a first mapping function, execute Step 212; if the mapping function is a second mapping function, execute Step 213.
In Embodiment 2, the first mapping function is universal mapping function or authentication mapping function; the second mapping function is composite mapping function.
For example, in Embodiment 2, for example, the mapping function is a first mapping function, the card reading terminal sends a random number exchanging function 0x10860000027C00 to the card; when receiving a random number exchanging response 0x7C1280102E7 E0A0A6644E81F48 B5472D3DB36E139000 returned from the card, acquires cipher text of random data from the random number exchanging response, uses the derived key to decrypt the cipher text of random data to obtain card random data; generates a first random data 0x60BC0DBD4 0B045E711A420F570AA3F9434D308F07D752FA7661545160EF33FA9, checks type of the mapping function in the function package, if the mapping function is a first mapping function, execute Step 212; if the mapping function is a second mapping function, execute Step 213.
Step 212, the card reading terminal takes the first random data and a preset first parameter package as parameters to invoke the key generating function in the function package to obtain a first terminal public key; organizes a first public key exchanging instruction according to the first terminal public key; sends the first public key exchanging instruction to the card; when receiving a first public key exchanging response returned from the card, obtains a first card public key from the first public key exchanging response; takes the first card public key, the first random data and the first parameter package as parameters to invoke the key negotiating function in the function package to obtain a first shared key; takes the card random data, the first random data and the first shared key as parameters to invoke the first mapping function to obtain a first mapping data package; updates the first parameter package according to the first mapping data package; execute Step 214.
In Embodiment 2, the first parameter package is formed by an eleventh preset data, a twelfth preset data, a thirteenth preset data and a fourteenth preset data; updating the first parameter package in a following step is updating the thirteenth preset data and the fourteenth preset data in the first parameter package.
For example, the card reading terminal takes the first random data and the first parameter package as parameters to invoke the key generating function in the function package to obtain the first terminal public key 0x6AE356BD23F037A0AAC863434D9E0A094021FDOCAOA3B51940 45BE 9D9638815246C23032CC91182B1EC93EF87ED94F02D2EC950F5FCA7A34760A3 A065D 15C22B; organizes a first public key exchanging instruction 0x108600004570438141046AE356BD23F 037A0AAC863434 D9E0A094021FDOCA0A3B5194045BE9D96388152460230320091182B1E 093EF87ED94F02D2E0950F5FCA7A34760A3A065D15022B according to the first terminal public key0x6AE356BD23F037A0AAC863434D9E0A094021 FDOCA0A3 B5194 045BE9D96388 15246C23032CC91182B1EC93EF87ED94F02D2EC950F5FCA7A34760A3A065D1 50228; sends the first public key exchanging instruction to the card;
Step 213, the card reading terminal organizes a random data transferring instruction according to the first random data, sends the random data transferring instruction to the card; when receiving a random data transferring response returned from the card, takes the card random data and the first random data as parameters to invoke the pseudorandom function in the function package to obtain pseudorandom data; takes the pseudorandom data and the first parameter package as parameters to invoke the second mapping function to obtain a second mapping data package; updates the first parameter package according to the second mapping data package; then executes Step 214.
In Embodiment 2, the function package further includes a pseudorandom function.
Step 214, the card reading terminal generates a second random data; takes the second random data and the updated first parameter package as parameters to invoke the key generating function in the function package to obtain a second terminal public key; organizes a second public key exchanging instruction according to the second terminal public key, sends the second public key exchanging instruction to the card; when receiving a second public key exchanging response returned from the card, the card reading terminal obtains a second card public key from the second public key exchanging response; takes the second card public key, the second random data and the updated first parameter package to invoke the key negotiating function in the function package to obtain a second shared key.
For example, the card reading terminal generates a second random data0x3F0614AA70D17AD566164105679370A31BF03542 49D41E1268334B59576A6CC6,
Step 215, the card reading terminal takes a second preset parameter and the second shared key as parameters to invoke the key derivation function in the function package to obtain a first session key; takes a third preset parameter and the second shared key as parameters to invoke the key derivation function in the function package so as to obtain a second session key.
Step 216, the card reading terminal obtains a terminal authenticated token according to the token function in the function package according to the first session key; organizes an authenticated token exchanging instruction according to the terminal authenticated token, sends the authenticated token exchanging instruction to the card; when receiving an authenticated token exchanging response returned from the card, obtains a card authenticated token from the authenticated token exchanging response, determines whether a secure channel is established successfully according to the card authenticated token and the terminal authenticated token, if the secure channel is established successfully, execute Step 217; if the secure channel is established unsuccessfully, sends information that the secure channel is established unsuccessfully to the host, waits for receiving a new instruction from the host, then goes back to Step 201.
Preferably, Step 216 specifically is: the card reading terminal takes the second preset parameter and the second shared key as parameters to invoke the key derivation function in the function package to obtain a first session key; takes the third preset parameter and the second shared key as parameters to invoke the key derivation function in the function package to obtain a second session key; invokes the token function in the function package according to the first session key to obtain the terminal authenticated token; invokes the token function in the function package according to the first session key to obtain the terminal authenticated token; organizes the authenticated token exchanging instruction according to the terminal authenticated token, sends the authenticated token exchanging instruction to the card; when receiving an authenticated token exchanging response from the card, the card reading terminal obtains the card authenticated token from the authenticated token exchanging response, judges whether the card authenticated token and the terminal authenticated token are identical, if yes, it means that the secure channel is established successfully, execute Step 217; otherwise, it means that the secure channel is established unsuccessfully, waits for receiving a new instruction from the host, then goes back to Step 201.
For example, the card reading terminal takes the second preset parameter and the second shared key as parameters to invoke the key derivation function in the function package to obtain a first session key; takes the third preset parameter and the second shared key as parameters to invoke the key derivation function in the function package to obtain a second session key; invokes the token function in the function package according to the first session key to obtain the terminal authenticated token; invokes the token function in the function package according to the first session key to obtain the terminal authenticated token; organizes the authenticated token exchanging instruction 0x008600000C7C0A8508A18E3DA1A1B5398C according to the terminal authenticated token, sends the authenticated token exchanging instruction to the card; when receiving an authenticated token exchanging response 0x7C0A86089CE08195081051E69000 from the card, the card reading terminal obtains the card authenticated token from the authenticated token exchanging response, judges whether the card authenticated token and the terminal authenticated token are identical, if yes, it means that the secure channel is established successfully, execute Step 217; otherwise, it means that the secure channel is established unsuccessfully, waits for receiving a new instruction from the host, then goes back to Step 201.
Step 217, the card reading terminal sets a preset identification as a fourth preset data; stores the second session key as secure session key, sends information that secure channel is established successfully to the host, waits for receiving a new instruction from the host, go back to Step 201;
For example, the card reading terminal sets the second session key as secure session key, sends information that a secure channel is established successfully to the host, waits for receiving a new instruction from the host, then goes back to Step 201.
Step 218, the card reading terminal judges whether a secure channel is established according to a preset identification, if yes, execute Step 219; otherwise, execute Step 220.
Step 219, the card reading terminal obtains card communication data from a card communicating instruction; obtains the stored secure session key, encrypts the card communication data by using the secure session key to obtain cipher text of the card communication data, sends the card communication data to the card; when receiving cipher text of a card communicating response, decrypts cipher text of the card communicating response by using the secure session key to obtain a card communicating response, sends the card communicating response to the host, waits for receiving a new instruction sent from the host, then goes back to Step 201.
Step 220, the card reading terminal sends a card communicating instruction to the card, when receiving a card communicating response sent from the card, sends a card communicating response to the host, waits for receiving a new instruction sent from the host, then goes back to Step 201.
Embodiment 3 provides a card reading terminal, as shown in
Preferably, the second determining module 305 specifically is configured to send a parameter acquiring instruction to the card, acquire card object identification zone data from a parameter acquiring response returned from the card, acquire a preset terminal objective identification list; determine an objective identification according to the card object identification zone data and the terminal objective identification list, acquire a function package corresponding to the determined objective identification.
Further, that the second determining module 305 is configured to determine an objective identification according to the card object identification zone data and the terminal objective identification list specifically is: the second determining module 305 is configured to determine an objective identification list according to the card object identification zone data and the terminal objective identification list, select an objective identification from the objective identification list, acquire a function package corresponding to the selected objective identification.
The second acquiring module 306 is configured to acquire a function package corresponding to the objective identification determined by the second determining module 305; and
Preferably, the third acquiring module 307 is specifically configured to determine type of original card data according to the secure channel establishing instruction, if the type is a first type, determine the original card data according to a first type card data; if the type is a second type, determine the original card data according to a second type card data.
That the third acquiring module 307 is configured to determine type of original card data according to the secure channel establishing instruction specifically is: the third acquiring module 307 is configured to determine type of original card data according to datum of a preset byte in the secure channel establishing instruction, if the datum of the preset byte is a sixth preset data, the type of original card data is a first type; if the datum of the preset byte is a seventh preset data, the type of original card data is a second type,
Further, that the third acquiring module 307 is configured to determine the original card data according to a first type card data specifically is: the third acquiring module 307 is configured to receive a first type card data input, code the first type card data to obtain the original card data.
Further, that the third acquiring module 307 is configured to determine the original card data according to a first type card data specifically is: the third acquiring module 307 is configured to acquire a first type card data from the secure channel establishing instruction, to record the first type card data as original card data if the first type card data can be acquired from the secure channel establishing instruction.
Further, that the third acquiring module 307 further is configured to receive a first type card data input, code the first type card data to obtain the original card data if the first type card data cannot be acquired from the secure channel establishing instruction.
Further, that the third acquiring module 307 is configured to determine the original card data according to a second type card data specifically is: the third acquiring module 307 is configured to acquire a second type card data from the secure channel establishing instruction, compute the second type card data to obtain the original card data.
Preferably, the third acquiring module 307 is specifically configured to receive a first type card data input, code the first type data to obtain the original card data.
Preferably, the third acquiring module 307 specifically is configured to judge whether a first type card data exists in the secure channel establishing instruction, if yes, determine the original card data according to the first type card data, otherwise, receiving the first type card data input.
Preferably, the third acquiring module 307 specifically is configured to acquire a second type card data from the secure channel establishing instruction, compute the second type card data to obtain original card data.
In the present embodiment 3, that the third acquiring module 307 is configured to receive a first type card data input specifically is: the third acquiring module 307 is configured to prompt inputting a first type card data, receive and display the first type card data input synchronously.
The first obtaining module 308 is configured to obtain a derived key according to a preset second parameter package, the original card data obtained by the third acquiring module 307 and the function package acquired by the second acquiring module 306.
The fourth acquiring module 309 is configured to acquire cipher text of random data from the card.
The first decrypting module 310 is configured to obtain card random data by decrypting the cipher text of random data acquired by the fourth acquiring module 309 according to the derived key acquired by the first obtaining module 308.
The generating module 311 is configured to generate random number data package.
The second obtaining module 312 is configured to obtain mapping data package according to the card random data obtained by the first decrypting module 310, the random data package generated by the generating module 311, a preset first parameter package and the function package acquired by the second acquiring module 306.
The updating module 313 is configured to update the first parameter package according to the mapping data package obtained by the second obtaining module 312.
The third obtaining module 314 is configured to obtain a session key package according to the random data package, the first parameter package updated by the updating module 313 and the second parameter package.
The fourth obtaining module 315 is configured to obtain a terminal authenticated token according to the session key package obtained by the third obtaining module 314 and the function package acquired by the second acquiring module 306.
The reading module 316 is configured to read a card authenticated token from the card according to the terminal authenticated token obtained by the fourth obtaining module 315.
The second judging module 317 is configured to judge whether the secure channel is established successfully according to the terminal authenticated token read by the reading module 316 and the card authenticated token obtained by the fourth obtaining module 315.
The identifying module 318 is configured to identify that secure channel is established if the judging result of the second judging module 317 is yes.
The fifth obtaining module 319 is configured to obtain a secure session key according to the session key package obtained by the third obtaining module 314 and store the secure session key if the judging result of the second judging module 317 is yes.
The sending module 326 is further configured to send information that establishing secure channel is successful to the host if the fifth obtaining module 319 obtains the secure session key and stores the secure session key.
The sending module 326 is further configured to send information that establishing secure channel is failed to the host if the judging result of the second judging module 317 is no.
The third judging module 320 is configured to judging whether the secure channel is established if the first determining module 302 determines that type of the instruction is card communicating instruction.
The executing module 321 is configured to execute standard communication between terminal and card if the judging result of the third judging module is no,
The fifth obtaining module 322 is configured to obtain card communication data from the card communicating instruction.
The sixth obtaining module 323 is configured to obtain the stored secure session key.
The encrypting module 324 is configured to use the secure session key to encrypt the card communication data to obtain cipher text of the card communication data if the judging result of the third judging module 320 is yes.
The sending module 326 is further configured to send the cipher text of the card communication data encrypted by the encrypting module 324 to the card.
The second decrypting module 325 is configured to use secure session key acquired by the sixth acquiring module 323 to decrypt a cipher text of card communication response sent from the card to obtain a card communication response.
The sending module 326 is further configured to return the card communication response obtained by decrypting performed by the second decrypting module 325 back to the host.
The identifying module 318 is further configured to identify that the secure channel is not established when detecting that the card leaves field.
Preferably, the sending module 326 is further configured to send a document selecting instruction to the card.
Correspondingly, the fourth judging module is configured to judge type of a document selecting response returned from the card.
Correspondingly, the first acquiring module 304 is specifically configured to acquire card parameter if the fourth judging module judges that the type of the document selecting response returned from the card is correct response.
Correspondingly, the sending module 326 is further configured to send error reporting information to the host, wait for receiving a new instruction sent from the host if the fourth judging module judges that the type of the document selecting response returned from the card is error response.
Preferably, the third obtaining module 307 is further configured to send an objective identification instruction comprising the objective identification; when receiving an objective identification response, acquire the acquired original card data.
Preferably, the sending module 326 is further configured to send a parameter acquiring instruction to the card.
Correspondingly, the first acquiring module 304 specifically is configured to acquire a parameter acquiring response returned from the card if the first judging module 303 judges that the secure channel is not established.
Correspondingly, the second determining module 305 specifically is configured to determine an objective identification according to a parameter acquiring response returned from the card.
Correspondingly, the generating module 311 comprises a first generating unit and a second generating unit.
Correspondingly, the first generating unit is configured to generate a first random data in a random data package.
Correspondingly, the second obtaining module 312 specifically is configured to obtain a first terminal public key according to the first random data generated by the first generating unit, a preset first parameter package and the function package acquired by the second acquiring module 306; read a first card public key from the card according to the first terminal public key; obtain a first mapping data package according to the first card public key, the first random data generated by the first generating unit, the card random data acquired by the fourth acquiring module 309, the first parameter package and the function package acquired by the second acquiring module 306.
Correspondingly, the updating module 313 specifically is configured to update the first parameter package according to the first mapping data package acquired by the second obtaining module 312.
Correspondingly, the second generating unit is configured to generate a second random data in the random data package.
Correspondingly, the third obtaining module 314 specifically is configured to obtaining a second terminal public key according to the second random data acquired by the second generating unit, the first parameter package updated by the updating module 313 and the function package acquired by the second acquiring module 306; read a second card public key from the card according to the second terminal public key; obtaining a second shared key according to the second card public key, the second random data generated by the second generating unit, the first parameter package updated by the updating module 313 and the function package acquired by the second acquiring module 306; obtain a session key package according to the second parameter package, the second shared key and the function package acquired by the second acquiring module 306.
Further, the first obtaining module 308 specifically is configured to take a first preset parameter in a preset second parameter package and the original card data acquired by the third acquiring module 307 as parameters and invoke the derivation function in the function package acquired by the second acquiring module 306 to obtain a derived key.
Further, the fourth acquiring module 309 specifically is configured to send a random number exchanging instruction to the card; when receiving a random number exchanging response returned from the card, to acquire cipher text of random data from the random number exchanging response.
Further, that the second obtaining module 312 is configured to obtain a first terminal public key according to the first random data generated by the first generating unit, a preset first parameter package and the function package acquired by the second acquiring module 306 specifically is: the second obtaining module 312 is configured to take the first random data and a preset first parameter package as parameters to invoke the key generating function in the function package to obtain a first terminal public key.
Further, that the second obtaining module 312 is configured to read a first card public key from a card according to the first terminal public key specifically includes: the second obtaining module 312 organizes a first public key exchanging instruction according to the first terminal public key; send the first public key exchanging instruction to the card; when receiving a first public key exchanging response returned from the card, to acquire a first card public key from the first public key exchanging response.
Further, that the second obtaining module 312 is configured to obtain a first mapping data package according to the first card public key, the first random data generated by the first generating unit, the card random data acquired by the fourth acquiring module 309, the first parameter package and the function package acquired by the second acquiring module 306 specifically is: the second obtaining module 312 is configured to obtain a first shared key according to the first card public key, the first random data generated by the first generating unit, a first parameter and the function package acquired by the second acquiring module 306; obtain a first mapping data package according to the card random data acquired by the fourth acquiring module 309, the first random data generated by the first generating unit, the first shared key and the function package acquired by the second acquiring module 306.
Further, that the second obtaining module 312 is configured to obtain a first shared key according to the first card public key, a first random data generated by the first generating unit, a first parameter and the function package acquired by the second acquiring module 306 specifically is: the second obtaining module 312 is configured to take the first card public key, the first random data generated by the first generating unit and the first parameter package as parameters to invoke the negotiating function in the function package acquired by the second acquiring module 306 to obtain the first shared key.
Further, that the second obtaining module 312 is configured to obtain a first mapping data package according to the first card public key, the first random data generated by the first generating unit, the first parameter package and the function package acquired by the second acquiring module 306 specifically is: the second obtaining module 312 is configured to take the card random data acquired by the fourth acquiring module 309, the first random data generated by the first generating unit and the first shared key as parameters to invoke the mapping function in the function package acquired by the second acquiring module 306 to obtain the first mapping data package; preferably, the mapping function is a universal mapping function or a authentication mapping function.
Further, the second acquiring module 312 further is configured to obtain a second mapping data package according to the first random data generated by the first generating unit, the card random data acquired by the fourth acquiring module 309, a preset first parameter package and the function package acquired by the second acquiring module 306.
Further and correspondingly, the updating module 313 is further configured to update the first parameter package according to the second mapping data package obtained by the second obtaining module 312.
Further, that the second acquiring module 312 is configured to obtain a second mapping data package according to the first random data generated by the first generating unit, the card random data acquired by the fourth acquiring module 309, a preset first parameter package and the function package acquired by the second acquiring module 306 specifically is: second acquiring module 312 is configured to take the card random data acquired by the fourth acquiring module 309 and the first random data as parameters to invoke the pseudorandom function in the function package acquired by the second acquiring module to obtain pseudorandom data; take the pseudorandom data and the first parameter package as parameters to invoke the mapping function in the function package acquired by the second acquiring module 306 to obtain a second mapping data package; the mapping function is a composite mapping function.
Further, the second acquiring module 312 is further configured to organize a random data transferring instruction according to the first random data generated by the first generating unit, send the random data transferring instruction to the card; when receiving a random data transferring response returned from the card, to take the card random data and the first random data as parameters to obtain a second mapping data package according to the first random data generated by the first generating unit, the card random data, a preset first parameter package and the function package acquired by the second acquiring module 306.
Further, in Step M04, obtaining the second terminal public key according to the second random data, the updated first parameter package and the function package specifically is: the card reading terminal 300 takes the second random data and the updated first parameter as parameters to invoke a key generating function in the function package so as to obtain the second terminal public key.
Further, that the third obtaining module 314 is configured to read a second card public key from the card according to the second terminal public key specifically is: the third obtaining module 314 is configured to organize a second public key exchanging instruction according to the second terminal public key, send the second public key exchanging instruction to the card; when receiving a second public key exchanging response returned from the card, to obtain a second card public key from the second public key exchanging response.
Further, that the third obtaining module 314 is configured to obtain a second shared key according to the second card public key, the second random data generated by the second generating unit, the first parameter package updated by the updating module 313 and the function package acquired by the second acquiring module 306 specifically is: the third obtaining module 314 is configured to take the second card public key, the second random data generated by the second generating unit and the first parameter package updated by the updating module 313 to invoke the key negotiating function in the function package acquired by the second acquiring module 306 to obtain the second shared key.
Further, that the third obtaining module 314 is configured to obtain a session key package according to the second parameter package, the second shared key and the function package acquired by the second acquiring module 306 specifically is: the third obtaining module 314 is configured to take a second preset parameter in the second parameter package and the second shared key as parameters to invoke the key derivation function in the function package acquired by the second acquiring module 306 to obtain a first session key in the session key package; to take a third preset parameter in the second parameter package and the second shared key as parameters to invoke the key derivation function in the function package acquired by the second acquiring module 306 to obtain the second session key in the session key package.
Further, the fourth obtaining module 315 specifically is configured to invoke the token function in the function package acquired by the second acquiring module 303 according to the first session key in the session key package obtained by the third obtaining module 314 so as to obtain the terminal authenticated token.
Further, the fifth obtaining module 319 specifically is configured to take the second session key in the session key package obtained by the third obtaining module 314 as a secure session key and store the secure session key.
Preferably, the reading module 316 is specifically configured to organize an authenticated token exchanging instruction according to the terminal authenticated token obtained by the fourth obtaining module 315, send the authenticated token exchanging instruction to the card; when receiving an authenticated token exchanging response returned from the card, to obtain the card authenticated token from the authenticated token exchanging response.
Preferably, the second determining module 317 specifically is configured to determine whether the card authenticated token read by the reading module 316 and the terminal authenticated token acquired by the fourth acquiring module 315 are identical, if yes, it means that a secure channel is established successfully; otherwise, it means that a secure channel is established unsuccessfully.
The above descriptions are only preferred specific embodiments of the present application, but the scope of protection of the present application is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in the present application should be included in the scope of protection of the present application. Therefore, the scope of protection of the present application should be subject to the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202011631183.9 | Dec 2020 | CN | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2021/135342 | 12/3/2021 | WO |
