CN105957276B - Based on android system intelligence POS security systems and startup, data management-control method - Google Patents

Based on android system intelligence POS security systems and startup, data management-control method Download PDF

Info

Publication number
CN105957276B
CN105957276B CN201610323596.8A CN201610323596A CN105957276B CN 105957276 B CN105957276 B CN 105957276B CN 201610323596 A CN201610323596 A CN 201610323596A CN 105957276 B CN105957276 B CN 105957276B
Authority
CN
China
Prior art keywords
cpu
safe
data
android system
touch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610323596.8A
Other languages
Chinese (zh)
Other versions
CN105957276A (en
Inventor
黄建新
林国兵
黄源旦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Original Assignee
FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd filed Critical FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Priority to CN201610323596.8A priority Critical patent/CN105957276B/en
Publication of CN105957276A publication Critical patent/CN105957276A/en
Application granted granted Critical
Publication of CN105957276B publication Critical patent/CN105957276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0009Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0018Constructional details, e.g. of drawer, printing means, input means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

The present invention relates to one kind to be based on android system intelligence POS security systems and startup, data management-control method.The system is included using the CPU and safe CPU for applying CPU to be connected with this, also be connected using CPU with communication module, display screen, memory storage, safe CPU also with touch-screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect.The present invention effectively protects the transaction sensitive informations such as bank's encryption and decryption key, user cipher and account data; and contacting for these sensitive datas and android system has been effectively isolated it; simultaneously; integrality and legitimacy that signature verification mechanism effectively protects android system and APP program are provided, ensure that the payment safety of the intelligent POS based on android system.

Description

Based on android system intelligence POS security systems and startup, data management-control method
Technical field
The present invention relates to e-payment field, more particularly to one kind based on android system intelligence POS security systems and to open Dynamic, data management-control method.
Background technology
Traditional point of sale terminal, i.e., traditional POS, it is market, a kind of wide variety of Electronic Finance payment and settlement of supermarket Device.Software systems of the traditional POS based on special hardware platform and closing, it is defeated to carry out password using physical keyboard Enter, be only capable of completing financial payment function that is conventional or customizing.Such as purchase market, supermarket commodity when, cashier using should Class POS inputs payment, and consumer swipes the card in such POS and realizes payment function, it is impossible to be used in purchase train ticket, flies The clouds such as air ticket pay application.Although the stable safety of traditional POS, system is backward, poor performance, Consumer's Experience, opening and expansion Malleability is also all poor, and the functional requirement of the emerging payment transactions such as cloud payment can not be met in its hardware and software platform performance.
For relatively conventional POS, Android operation system is intelligent operating system, possesses abundant function, is used well Family experience, scalability, opening.Intelligent POS terminal based on Android operation system, has merged traditional POS payment terminal Possessed payment function, there is good Consumer's Experience and scalability again, be especially suitable for the emerging payment transactions such as cloud payment Functional requirement.But due to the opening of android system hardware and software platform, all exist in application, system and hardware view Security breaches, as APP is easily embedded into back door, there is leak in operating system security, ROOT authorities are easily tampered, and these are all Very big challenge is brought to payment safety.
According to financial industry safety standard requirements, the account of the user such as bank's encryption and decryption key, user cipher, magnetic stripe/IC-card Number is required for by strict protection.But the application model and security flaw that android system is intrinsic, based on this The complete continuous defence line of system constructing one is extremely difficult.For example during most basic Password Input, hacker can be easily Using security breaches existing for android system application layer, ccf layer, driving layer or hardware layer, in touch-screen input, display, guarantor Deposit, transmit links, intercept related data;Possess the Android applications of Root authority, all core data bags can be obtained Include bank's encryption and decryption key etc..Therefore, the intelligent POS being implemented on Android open systems, it is difficult to meet that financial industry is pacified Full code requirement.
Some intelligent POS products strengthen the security of operating system bottom using customization android system, forbid Root, forbid the APP that unsigns to install and loading, will pay related application and lift safety the methods of other application is isolated Property, but lost Android operation system opening, even scalability, Consumer's Experience, exploitation and safety certification cycle are grown, Moreover, security risk still unavoidably be present.
The content of the invention
It is an object of the invention to provide it is a kind of solve the above problems based on android system intelligence POS security systems And start, data management-control method, the system effectively protects the transaction such as bank's encryption and decryption key, user cipher and account data quick Feel information, and be effectively isolated contacting for these sensitive datas and android system, simultaneously, there is provided signature verification mechanism is effective The integrality and legitimacy of android system and APP program are protected, ensures that the intelligence based on android system POS payment safety.
To achieve the above object, the technical scheme is that:One kind is based on android system intelligence POS security systems, Including application CPU and with this apply the CPU safe CPU that is connected, the application CPU also with communication module, display screen, memory storage Device connect, the safe CPU also with touch-screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physics Safety circuit connects;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:The physics is driven to pacify Whole circuit, to protect the physical attacks to equipment;Read by the contact IC-card card reader, non-contact IC card reader, magnetic card Card device obtains user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, it is defeated to obtain user PIN Enter, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be in user After PIN input processes terminate, the touch-screen being connected with safe CPU is accessed.
In an embodiment of the present invention, in addition to a backup battery being connected with the safe CPU, in order to safe CPU Uninterrupted power supply.
In an embodiment of the present invention, the physical attacks to equipment include tear open mechanical, electrical road distort, signal detection, ring The attack that border condition and condition of work change.
In an embodiment of the present invention, the application CPU can also access touch-screen by safe CPU, implement Journey is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen The touch information that touch-screen returns;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to application by safe CPU CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only works as PIN After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
Present invention also offers a kind of using the startup side described above based on android system intelligence POS security systems Method, comprise the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application CPU unique startup source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to should Started with CPU;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is deposited to being stored in internal memory The two level startup program and two level public key of reservoir carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in memory storage Android system program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key is distinguished corresponding to use Signature verification is carried out to the APP for being stored in memory storage or download;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and for using CPU Sensitive service is provided.
In an embodiment of the present invention, the signature verification uses SHA256 data summarization algorithms, and using RSA2048 or RSA4096 data signature algorithms.
In an embodiment of the present invention, the signature verification uses SM3 data summarization algorithms, and uses SM2 data signatures Algorithm.
Present invention also offers a kind of using the data pipe described above based on android system intelligence POS security systems Prosecutor method, comprises the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and apply CPU Do not store, do not manage any encryption and decryption key;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:Read by safe CPU from contact IC-card Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, it is secret using data encryption immediately Computing is encrypted to account data and produces account data ciphertext and stores the ciphertext for key, returns and reads success status to application CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN numbers According to, while numerical ciphers keyboard layout and positional information are transmitted to safe CPU;Safe CPU adapters touch-screen controls and obtains use Family PIN is inputted, and computing generation PIN data ciphertext is encrypted using PIN encryptions secret key pair PIN data immediately and stores, returns Reading success status is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, includes branch Terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data are paid, MAC calculating is carried out using MAC encryption keys, Transaction message is formed, is returned to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
In an embodiment of the present invention, the encryption and decryption key is secret including at least account data encryption key, PIN encryptions Key, MAC encryption keys, enciphering and deciphering algorithm is 3DES or SM4 algorithms.
In an embodiment of the present invention, the numerical ciphers keyboard for PIN inputs, using out of order, random alignment number Word code keypad.
Compared to prior art, the invention has the advantages that:
First, key data obtain physical isolation and protection, safe;Safe CPU storage and to manage whole encryption and decryption secret Key, do not stored using CPU, do not manage any encryption and decryption key, physically isolate the connection of key data and android system System, android system or application is avoided to obtain the risk of key data;
2nd, sensitive data and sensitive service obtain physical isolation and protection, safe;The PIN inputs and encryption of user Calculating, the account data of user is read and computations are all carried out inside safe CPU, does not handle these sensitive numbers using CPU According to and sensitive service, be merely responsible for transmit ciphertext data, physically isolate PIN data, account information, sensitive service with The contact of android system, android system or application is avoided to obtain the risk of sensitive data;
3rd, illegal program can not be run, safe;It is controlled by safe CPU using CPU startup programs, and with top public affairs Key etc. verifies the integrality and legitimacy of android system and application program step by step, so as to prevent the operation of illegal program, it is ensured that Equipment and the safety paid;
Therefore, the present invention can systematicness evade security risk existing for android system, ideally solve be based on Safety problem existing for the intelligent POS of android system.
Brief description of the drawings
Fig. 1 is the electrical block diagram of android system intelligence POS equipment of the present invention.
Fig. 2 is the safe starting method flow chart using CPU.
Fig. 3 is a kind of sensitive data management-control method flow chart.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
One kind of the present invention is based on android system intelligence POS security systems, including connects using CPU and with this using CPU The safe CPU connect, the application CPU are also connected with communication module, display screen, memory storage, the safe CPU also with touch Screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:The physics is driven to pacify Whole circuit, to protect the physical attacks to equipment;Read by the contact IC-card card reader, non-contact IC card reader, magnetic card Card device obtains user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, it is defeated to obtain user PIN Enter, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be in user After PIN input processes terminate, the touch-screen being connected with safe CPU is accessed.
Also include a backup battery being connected with the safe CPU, in order to safe CPU uninterrupted power supplies.
The physical attacks to equipment are distorted including tearing mechanical, electrical road open, signal detection, environmental condition and condition of work change Attack.
The application CPU can also access touch-screen by safe CPU, and specific implementation process is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen The touch information that touch-screen returns;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to application by safe CPU CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only works as PIN After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
Present invention also offers a kind of using the startup side described above based on android system intelligence POS security systems Method, comprise the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application CPU unique startup source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to should Started with CPU;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is deposited to being stored in internal memory The two level startup program and two level public key of reservoir carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in memory storage Android system program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key is distinguished corresponding to use Signature verification is carried out to the APP for being stored in memory storage or download;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and for using CPU Sensitive service is provided.
The signature verification uses SHA256 data summarization algorithms, and is calculated using RSA2048 or RSA4096 data signatures Method.Or the signature verification uses SM3 data summarization algorithms, and use SM2 data signature algorithms.
Present invention also offers a kind of using the data pipe described above based on android system intelligence POS security systems Prosecutor method, comprises the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and apply CPU Do not store, do not manage any encryption and decryption key;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:Read by safe CPU from contact IC-card Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, it is secret using data encryption immediately Computing is encrypted to account data and produces account data ciphertext and stores the ciphertext for key, returns and reads success status to application CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN numbers According to, while numerical ciphers keyboard layout and positional information are transmitted to safe CPU;Safe CPU adapters touch-screen controls and obtains use Family PIN is inputted, and computing generation PIN data ciphertext is encrypted using PIN encryptions secret key pair PIN data immediately and stores, returns Reading success status is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, includes branch Terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data are paid, MAC calculating is carried out using MAC encryption keys, Transaction message is formed, is returned to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
The encryption and decryption key comprises at least account data encryption key, PIN encryptions key, MAC encryption keys, encryption and decryption Algorithm is 3DES or SM4 algorithms.
For the numerical ciphers keyboard of PIN inputs, using out of order, random alignment numerical ciphers keyboard.
It is below the concrete application example of the present invention.
It refer to shown in Fig. 1, Fig. 1 is the circuit knot of android system intelligence POS equipment provided in an embodiment of the present invention Structure schematic diagram.
In the present embodiment, the circuit structure of android system intelligence POS equipment specifically includes communication module, application CPU, memory storage, display screen, touch-screen, safe CPU, contact IC-card card reader, non-contact IC card reader, magnetic card Card Reader Device, physical security circuit, backup battery.
Described communication module, memory storage, display screen are connected with described using CPU;Described touch-screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery and described safe CPU connect Connect;Described is connected using CPU with described safe CPU.
Described application CPU is used to run android system and pays APP;Described safe CPU is used for security protection simultaneously Safety-related data are handled, are specifically included:The described physical security circuit of driving, for preventing equipment physical attacks Shield, prevent from tearing the attack that mechanical, electrical road is distorted, signal detection, environmental condition and condition of work change open;Storage and management encryption and decryption are secret Key;From contact IC-card card reader, non-contact IC card reader or magnetic card reader, account data and the friendship of user's bank card are obtained Easy parameter, and by described touch-screen, obtain user PIN inputs, PIN encryptions, user account are completed inside safe CPU Data encryption, transaction message signature, are transferred to bank transaction management and are put down by application CPU and its communication module connected afterwards Platform completes payment transaction.
Described backup battery, under equipment off-mode, working power is provided for safe CPU, make equipment by between not Disconnected protection.
Described touch-screen, managed by safe CPU, in user's PIN input processes, it is defeated that PIN is directly obtained by safe CPU Enter data, using CPU inaccessibles, only after PIN input processes terminate, touch-screen can be accessed using CPU.
Especially, described touch-screen, managed by safe CPU, to provide access path using CPU, access and touch using CPU Touch screen and include three steps.
Step 1, safe CPU is issued a command to by the communication interface being connected with safe CPU using CPU;
Step 2, application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen The touch information that touch-screen returns;
Step 3, safe CPU is sent to application by the touch information of acquisition by the communication interface being connected with using CPU CPU。
In user's PIN input processes, safe CPU has taken over touch-screen and has controlled and obtain user PIN inputs, only works as PIN After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
The android system intelligence POS circuitry structure provided in the present embodiment, inputs the PIN of user, and The account data of the user's bank card obtained from contact IC-card card reader, non-contact IC card reader or magnetic card reader, by pacifying Full CPU direct drives and management, not directly access using CPU, physically isolate PIN data, account information and Android The contact of system, android system or application is avoided to obtain the risk of sensitive data.
It refer to shown in Fig. 2, Fig. 2 is application of embodiment of the present invention CPU safe starting method flow chart.
In the present embodiment, there is provided a kind of safe starting method using CPU, comprise the following steps:
Step 1, when equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application CPU unique startup source, and control is allowed to start using CPU;
Step 2, after the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to answer Started with CPU;
Step 3, startup program is performed using CPU, and the top public key that CPU safe to use is provided is to being stored in memory storage The two level startup program and two level public key of device carry out signature verification, if signature verification is not by returning to " sign test mistake " to peace Full CPU, program endless loop.
Step 4, two level startup program is then performed using CPU, and with two level public key to being stored in memory storage Android system program and multiple three-level public keys carry out signature verification.If signature verification is not by returning to " sign test mistake " and giving Safe CPU, program endless loop.
Step 5, the android system program for then performing using CPU memory storage, and three-level public key point corresponding to using It is other to carry out signature verification to being stored in memory storage or newly downloaded APP.The APP that only signature verification passes through allows to perform, The APP that signature verification does not pass through does not allow to load or download.
Step 6, safe cpu monitor application CPU clean boot information, if receiving " sign test mistake ", termination device starts. If signature verification is correct, safe CPU then handles all sensitive datas of payment transaction and to provide sensitive service using CPU.
Above-mentioned " signature verification " algorithm, SHA256 algorithms can be used to obtain data summarization, then with RSA2048 or RSA4096 algorithms calculate signature numerical value to data summarization, then are compared with the signature numerical value stored in memory storage, with true Recognize the correctness of signature;SM3 algorithms can also be used to obtain data summarization, then number of signature is calculated to data summarization with SM2 algorithms Value, then be compared with the signature numerical value stored in memory storage, to confirm the correctness of signature.
The safe starting method using CPU provided in the present embodiment, it is controlled by safe CPU using CPU startup programs, and The integrality and legitimacy of android system and application program are verified step by step with top public key etc., so as to prevent illegal program Operation and download, for equipment and the safe basic condition for providing key paid.
It refer to shown in Fig. 3, Fig. 3 is sensitive data management-control method flow chart of the embodiment of the present invention.
In the present embodiment, there is provided one kind is based on android system intelligence POS sensitive data management-control methods, including following control Step processed:
Step 1, when bank key is downloaded, store and manage whole encryption and decryption keys by safe CPU, and apply CPU not Storage, any encryption and decryption key is not managed;
Step 2, android system program and APP are run in application CPU, when needing e-payment, using CPU processing Application flow and user interface prompt, issue a command to safe CPU and read user account data;Read by safe CPU from contact IC-card Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, is added immediately using account data Close secret key pair account data is encrypted computing and produces account data ciphertext and store the ciphertext, and return reading success status is given should Use CPU;
Step 3, user's PIN input processes, prompt to input PIN on a display screen using CPU, show numerical ciphers keyboard, Issue a command to safe CPU and obtain user's PIN data, while transmit numerical ciphers keyboard layout and positional information to safe CPU;Peace Full CPU adapter touch-screens control and obtain user PIN inputs, and computing is encrypted using PIN encryptions secret key pair PIN data immediately Produce PIN data ciphertext and store, return reading success status is applied CPU;After PIN ends of input, safe CPU releases touch The control of screen;
Step 4, issue a command to safe CPU using CPU and obtain transaction message;Safe CPU integrates the payment terminal of this transaction The data such as parameter, account data ciphertext, dealing money, PIN data ciphertext, MAC calculating is carried out using MAC encryption keys, formed Transaction message, return to using CPU;
Step 5, pass through connected communication module using CPU and bank transaction service platform is communicated, complete to pay Transaction.
Above-mentioned encryption and decryption key, symmetrical key can be used, it is secret including at least account data encryption key, PIN encryptions Key, MAC encryption keys, AES is 3DES or SM4 algorithms.
Above-mentioned application CPU shown numerical ciphers keyboards on a display screen, can be normal sequence, the numeral of stationary arrangement Code keypad or out of order, random alignment numerical ciphers keyboard.
The sensitive data management-control method provided in the present embodiment, the PIN inputs of user and computations, the account number of user All carried out according to reading and computations inside safe CPU, do not handle these sensitive datas and sensitive service using CPU, it is only negative Duty transmits ciphertext data, physically isolates contacting for PIN data, account information, sensitive service and android system, avoids Android system or application obtain the risk of sensitive data.
Pay attention to, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious changes, Readjust and substitute without departing from protection scope of the present invention.Therefore, it is all done according to scope of the present invention patent it is equal Deng change and modification, it should all belong to covering scope of the invention.

Claims (9)

1. one kind is based on android system intelligence POS security systems, it is characterised in that:CPU is applied including application CPU and with this The safe CPU of connection, the application CPU are also connected with communication module, display screen, memory storage, and the safe CPU is also with touching Touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:Drive the physical security electricity Road, to protect the physical attacks to equipment;Pass through the contact IC-card card reader, non-contact IC card reader, magnetic card reader Obtain user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, user PIN inputs are obtained, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be defeated in user PIN Enter after process terminates, access the touch-screen being connected with safe CPU;
The application CPU can also access touch-screen by safe CPU, and specific implementation process is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, is obtained and touched by safe CPU by the communication interface with touch-screen Shield the touch information returned;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to using CPU by safe CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only when PIN is inputted After process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
2. according to claim 1 be based on android system intelligence POS security systems, it is characterised in that:Also include one with The backup battery of the safe CPU connections, in order to safe CPU uninterrupted power supplies.
3. according to claim 1 be based on android system intelligence POS security systems, it is characterised in that:It is described to equipment Physical attacks include tear open mechanical, electrical road distort, signal detection, environmental condition and condition of work change attack.
A kind of 4. startup method based on android system intelligence POS security systems, it is characterised in that:One is provided to be based on Android system intelligence POS security systems, including using the CPU and safe CPU being connected with this using CPU, it is described to apply CPU Also be connected with communication module, display screen, memory storage, the safe CPU also with touch-screen, contact IC-card card reader, non-connect Touch IC-card card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:Drive the physical security electricity Road, to protect the physical attacks to equipment;Pass through the contact IC-card card reader, non-contact IC card reader, magnetic card reader Obtain user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, user PIN inputs are obtained, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be defeated in user PIN Enter after process terminates, access the touch-screen being connected with safe CPU;
The startup method based on android system intelligence POS security systems, comprises the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as using CPU's It is unique to start source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to apply CPU starts;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is to being stored in memory storage Two level startup program and two level public key carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in the Android systems of memory storage System program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key corresponding to use is respectively to depositing The APP for being stored in memory storage or download carries out signature verification;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and to be provided using CPU Sensitive service.
5. the startup method according to claim 4 based on android system intelligence POS security systems, it is characterised in that:Institute State signature verification and use SHA256 data summarization algorithms, and use RSA2048 or RSA4096 data signature algorithms.
6. the startup method according to claim 4 based on android system intelligence POS security systems, it is characterised in that:Institute State signature verification and use SM3 data summarization algorithms, and use SM2 data signature algorithms.
7. a kind of data management-control method using based on android system intelligence POS security systems described in claim 1, it is special Sign is:Comprise the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and are not deposited using CPU Storage, any encryption and decryption key is not managed;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:By safe CPU from contact IC-card card reader, Non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, immediately using data encryption secret key pair Account data is encrypted computing and produces account data ciphertext and store the ciphertext, and return reading success status is applied CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN data, together When transmit numerical ciphers keyboard layout and positional information and give safe CPU;Safe CPU adapters touch-screen controls and obtains user PIN Input, is encrypted computing using PIN encryptions secret key pair PIN data immediately and produces and PIN data ciphertext and store, return read into Work(state is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, to be included paying eventually Parameter, account data ciphertext, dealing money, PIN data ciphertext data are held, MAC calculating is carried out using MAC encryption keys, formed Transaction message, return to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
8. the data management-control method according to claim 7 based on android system intelligence POS security systems, its feature exist In:The encryption and decryption key comprises at least account data encryption key, PIN encryptions key, MAC encryption keys, enciphering and deciphering algorithm For 3DES or SM4 algorithms.
9. the data management-control method according to claim 7 based on android system intelligence POS security systems, its feature exist In:For the numerical ciphers keyboard of PIN inputs, using out of order, random alignment numerical ciphers keyboard.
CN201610323596.8A 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method Active CN105957276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610323596.8A CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610323596.8A CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Publications (2)

Publication Number Publication Date
CN105957276A CN105957276A (en) 2016-09-21
CN105957276B true CN105957276B (en) 2018-01-02

Family

ID=56911692

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610323596.8A Active CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Country Status (1)

Country Link
CN (1) CN105957276B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529931A (en) * 2016-11-30 2017-03-22 广州云移信息科技有限公司 Intelligent POS payment safety management system
CN106558155A (en) * 2016-11-30 2017-04-05 广州云移信息科技有限公司 A kind of intelligent POS terminal of detection application program
CN108629186A (en) * 2017-03-23 2018-10-09 惠尔丰(中国)信息系统有限公司 A kind of embedded-type security applied to Android system pays POS machine and method
CN108985767A (en) * 2017-05-31 2018-12-11 广州云移信息科技有限公司 A kind of PIN data secured inputting method and terminal
CN107392589B (en) * 2017-07-01 2023-08-01 武汉天喻信息产业股份有限公司 Android system intelligent POS system, security verification method and storage medium
CN107274185A (en) * 2017-08-15 2017-10-20 鼎讯网络安全技术有限公司 Safe and intelligent POS and method for secure transactions
CN108665651B (en) * 2018-04-09 2021-02-02 厦门夏新移动通讯有限公司 Safe and intelligent anti-disassembly system applied to payment equipment and payment equipment
CN108597154B (en) * 2018-04-09 2020-11-17 厦门夏新移动通讯有限公司 Safe starting system and starting method for communication module of Internet of things and POS machine
CN108595981B (en) * 2018-05-09 2021-07-20 深圳市桑格尔科技股份有限公司 Method for encrypting android system
CN108875382B (en) * 2018-05-24 2022-05-10 深圳鼎智通讯股份有限公司 Protection method for permanent anti-cutting machine of intelligent POS terminal
CN109903020A (en) * 2019-01-24 2019-06-18 北京银联金卡科技有限公司 Internet of Things secure payment platform and clean boot, defence, method of payment
CN110992047A (en) * 2019-11-29 2020-04-10 福建新大陆支付技术有限公司 Full-touch-screen POS terminal PIN safe input method
CN111027047B (en) * 2019-11-29 2024-04-02 安天科技集团股份有限公司 Application sensitive information management and control method and device, electronic equipment and storage medium
CN111597560B (en) * 2020-05-18 2023-05-09 国网电力科学研究院有限公司 Safe and reliable module starting method and system
CN112462980B (en) * 2020-12-15 2021-07-20 深圳市捷诚技术服务有限公司 Password interception preventing method and device and POS machine
CN113611059A (en) * 2021-08-09 2021-11-05 浙江理工大学科技与艺术学院 High-safety wireless POS machine system

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201289667Y (en) * 2008-10-21 2009-08-12 东莞市建邦计算机软件有限公司 Electronic payment and settlement self-help terminal
CN201732442U (en) * 2010-07-19 2011-02-02 福建联迪商用设备有限公司 POS (point of sale) of mobile phone
CN102103775A (en) * 2009-12-22 2011-06-22 爱特维尔株式会社 Mobile POS terminal
CN202205287U (en) * 2011-09-07 2012-04-25 福建鑫诺通讯技术有限公司 Wireless handheld POS machine
CN202268922U (en) * 2011-09-28 2012-06-06 福建联迪商用设备有限公司 Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure
CN103530963A (en) * 2013-09-25 2014-01-22 江苏智联天地科技有限公司 Password safety protecting device and method of intelligent touch screen POS (point of sale) machine
CN103955653A (en) * 2014-04-17 2014-07-30 福建鼎恩协创电子科技有限公司 Anti-cracking security system, POS (Point Of Sale) machine and method
CN104954521A (en) * 2015-07-09 2015-09-30 南京星霸科技有限公司 POS (point of sale) terminal and mobile phone integrated equipment circuit structure
CN104952162A (en) * 2015-07-20 2015-09-30 上海行哲信息技术有限公司 Integrated financial security device
CN105488924A (en) * 2015-12-11 2016-04-13 福建新大陆支付技术有限公司 POS high-end application system and solving method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004240787A (en) * 2003-02-07 2004-08-26 Nec Infrontia Corp Key entry method for touch panel in pos system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201289667Y (en) * 2008-10-21 2009-08-12 东莞市建邦计算机软件有限公司 Electronic payment and settlement self-help terminal
CN102103775A (en) * 2009-12-22 2011-06-22 爱特维尔株式会社 Mobile POS terminal
CN201732442U (en) * 2010-07-19 2011-02-02 福建联迪商用设备有限公司 POS (point of sale) of mobile phone
CN202205287U (en) * 2011-09-07 2012-04-25 福建鑫诺通讯技术有限公司 Wireless handheld POS machine
CN202268922U (en) * 2011-09-28 2012-06-06 福建联迪商用设备有限公司 Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure
CN103530963A (en) * 2013-09-25 2014-01-22 江苏智联天地科技有限公司 Password safety protecting device and method of intelligent touch screen POS (point of sale) machine
CN103955653A (en) * 2014-04-17 2014-07-30 福建鼎恩协创电子科技有限公司 Anti-cracking security system, POS (Point Of Sale) machine and method
CN104954521A (en) * 2015-07-09 2015-09-30 南京星霸科技有限公司 POS (point of sale) terminal and mobile phone integrated equipment circuit structure
CN104952162A (en) * 2015-07-20 2015-09-30 上海行哲信息技术有限公司 Integrated financial security device
CN105488924A (en) * 2015-12-11 2016-04-13 福建新大陆支付技术有限公司 POS high-end application system and solving method

Also Published As

Publication number Publication date
CN105957276A (en) 2016-09-21

Similar Documents

Publication Publication Date Title
CN105957276B (en) Based on android system intelligence POS security systems and startup, data management-control method
US11393300B2 (en) Secure point of sale terminal and associated methods
CN103544599B (en) Embedded-type security element for authenticating, storing and trading in mobile terminal
CN110249586B (en) Method for securely storing sensitive data on a smart card and smart card
CN108027926A (en) The Verification System and method of payment based on service
CN110555706A (en) Face payment security method and platform based on security unit and trusted execution environment
CN106465112A (en) Offline authentication
CN105164694A (en) Trusted terminal platform
CN205656721U (en) Based on intelligence POS safety circuit of android system
CN107133512A (en) POS terminal control method and device
CN110249358A (en) High value material is exported based on 1 evidences of title of ring
CN105989477A (en) Data interaction method
CN105991527A (en) Data interaction system
CN105989475A (en) Data interaction method
CN105991530A (en) Data interaction system
Král Akceptace platebních karet na zařízeních s OS Android
CN105991538A (en) Data interaction method and system
CN105991532A (en) Data interaction method
CN105991544A (en) Data interaction method
Franklin et al. LEVEL 3 SECURITY POLICY for SafeNet Luna EFT
CN105991543A (en) Data interaction method
CN105991531A (en) Data interaction system
CN105991541A (en) Data interaction system
CN105989480A (en) Data interaction system
CN105991549A (en) Data interaction system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant