一种改进的智能卡数据传输安全策略

针对传统智能卡进行数据传输时仅支持单一模式的缺点，提出一种改进的基于模式控制字的数据传输安全策略。此模式控制字支持多种数据传输模式，数据可以采用明文、密文、明文MAC、密文MAC中的任一种方式进行传输，并通过基本文件(包含透明文件、线性文件)的读、写模式控制字，来规定文件进行读、写操作需要满足的传输安全条件。同时，还提出使用禁止添加、或禁止更新这两种写属性来限制基本文件的写入方式。用户可以根据自己的需求，将同一文件的读命令，和写命令采用的传输方式设置成不一样，从而选择不同的数据传输方式，进而提高数据传输的灵活性和安全性。

An improved security strategy of smart card data transmission

To overcome the shortcoming that only a single mode is supported when the traditional smart card transmits data,an improved security strategy based on mode control word for IC card data transmission is proposed.The mode control word supports multiple data transmission modes, while data can be transmitted in plain text,ciphertext, plaintext MAC,ciphertext MAC. Read and write mode control word of the basic file (including transparent file, linear file) is used to regulate transmission security conditions for reading and writing documents.Meanwhile, we propose to use the two write attributes ("prohibited append" or "prohibited update" ) to restrict the write operation of the basic file.According to their demands,users can configure different data transmission settings for read command and write command thus improving the flexibility and the security of data transmission.