CN105957276B - Based on android system intelligence POS security systems and startup, data management-control method - Google Patents
Based on android system intelligence POS security systems and startup, data management-control method Download PDFInfo
- Publication number
- CN105957276B CN105957276B CN201610323596.8A CN201610323596A CN105957276B CN 105957276 B CN105957276 B CN 105957276B CN 201610323596 A CN201610323596 A CN 201610323596A CN 105957276 B CN105957276 B CN 105957276B
- Authority
- CN
- China
- Prior art keywords
- cpu
- safe
- data
- android system
- touch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0009—Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0018—Constructional details, e.g. of drawer, printing means, input means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to one kind to be based on android system intelligence POS security systems and startup, data management-control method.The system is included using the CPU and safe CPU for applying CPU to be connected with this, also be connected using CPU with communication module, display screen, memory storage, safe CPU also with touch-screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect.The present invention effectively protects the transaction sensitive informations such as bank's encryption and decryption key, user cipher and account data; and contacting for these sensitive datas and android system has been effectively isolated it; simultaneously; integrality and legitimacy that signature verification mechanism effectively protects android system and APP program are provided, ensure that the payment safety of the intelligent POS based on android system.
Description
Technical field
The present invention relates to e-payment field, more particularly to one kind based on android system intelligence POS security systems and to open
Dynamic, data management-control method.
Background technology
Traditional point of sale terminal, i.e., traditional POS, it is market, a kind of wide variety of Electronic Finance payment and settlement of supermarket
Device.Software systems of the traditional POS based on special hardware platform and closing, it is defeated to carry out password using physical keyboard
Enter, be only capable of completing financial payment function that is conventional or customizing.Such as purchase market, supermarket commodity when, cashier using should
Class POS inputs payment, and consumer swipes the card in such POS and realizes payment function, it is impossible to be used in purchase train ticket, flies
The clouds such as air ticket pay application.Although the stable safety of traditional POS, system is backward, poor performance, Consumer's Experience, opening and expansion
Malleability is also all poor, and the functional requirement of the emerging payment transactions such as cloud payment can not be met in its hardware and software platform performance.
For relatively conventional POS, Android operation system is intelligent operating system, possesses abundant function, is used well
Family experience, scalability, opening.Intelligent POS terminal based on Android operation system, has merged traditional POS payment terminal
Possessed payment function, there is good Consumer's Experience and scalability again, be especially suitable for the emerging payment transactions such as cloud payment
Functional requirement.But due to the opening of android system hardware and software platform, all exist in application, system and hardware view
Security breaches, as APP is easily embedded into back door, there is leak in operating system security, ROOT authorities are easily tampered, and these are all
Very big challenge is brought to payment safety.
According to financial industry safety standard requirements, the account of the user such as bank's encryption and decryption key, user cipher, magnetic stripe/IC-card
Number is required for by strict protection.But the application model and security flaw that android system is intrinsic, based on this
The complete continuous defence line of system constructing one is extremely difficult.For example during most basic Password Input, hacker can be easily
Using security breaches existing for android system application layer, ccf layer, driving layer or hardware layer, in touch-screen input, display, guarantor
Deposit, transmit links, intercept related data;Possess the Android applications of Root authority, all core data bags can be obtained
Include bank's encryption and decryption key etc..Therefore, the intelligent POS being implemented on Android open systems, it is difficult to meet that financial industry is pacified
Full code requirement.
Some intelligent POS products strengthen the security of operating system bottom using customization android system, forbid
Root, forbid the APP that unsigns to install and loading, will pay related application and lift safety the methods of other application is isolated
Property, but lost Android operation system opening, even scalability, Consumer's Experience, exploitation and safety certification cycle are grown,
Moreover, security risk still unavoidably be present.
The content of the invention
It is an object of the invention to provide it is a kind of solve the above problems based on android system intelligence POS security systems
And start, data management-control method, the system effectively protects the transaction such as bank's encryption and decryption key, user cipher and account data quick
Feel information, and be effectively isolated contacting for these sensitive datas and android system, simultaneously, there is provided signature verification mechanism is effective
The integrality and legitimacy of android system and APP program are protected, ensures that the intelligence based on android system
POS payment safety.
To achieve the above object, the technical scheme is that:One kind is based on android system intelligence POS security systems,
Including application CPU and with this apply the CPU safe CPU that is connected, the application CPU also with communication module, display screen, memory storage
Device connect, the safe CPU also with touch-screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physics
Safety circuit connects;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:The physics is driven to pacify
Whole circuit, to protect the physical attacks to equipment;Read by the contact IC-card card reader, non-contact IC card reader, magnetic card
Card device obtains user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, it is defeated to obtain user PIN
Enter, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be in user
After PIN input processes terminate, the touch-screen being connected with safe CPU is accessed.
In an embodiment of the present invention, in addition to a backup battery being connected with the safe CPU, in order to safe CPU
Uninterrupted power supply.
In an embodiment of the present invention, the physical attacks to equipment include tear open mechanical, electrical road distort, signal detection, ring
The attack that border condition and condition of work change.
In an embodiment of the present invention, the application CPU can also access touch-screen by safe CPU, implement
Journey is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen
The touch information that touch-screen returns;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to application by safe CPU
CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only works as PIN
After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
Present invention also offers a kind of using the startup side described above based on android system intelligence POS security systems
Method, comprise the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application
CPU unique startup source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to should
Started with CPU;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is deposited to being stored in internal memory
The two level startup program and two level public key of reservoir carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in memory storage
Android system program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key is distinguished corresponding to use
Signature verification is carried out to the APP for being stored in memory storage or download;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and for using CPU
Sensitive service is provided.
In an embodiment of the present invention, the signature verification uses SHA256 data summarization algorithms, and using RSA2048 or
RSA4096 data signature algorithms.
In an embodiment of the present invention, the signature verification uses SM3 data summarization algorithms, and uses SM2 data signatures
Algorithm.
Present invention also offers a kind of using the data pipe described above based on android system intelligence POS security systems
Prosecutor method, comprises the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and apply CPU
Do not store, do not manage any encryption and decryption key;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:Read by safe CPU from contact IC-card
Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, it is secret using data encryption immediately
Computing is encrypted to account data and produces account data ciphertext and stores the ciphertext for key, returns and reads success status to application
CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN numbers
According to, while numerical ciphers keyboard layout and positional information are transmitted to safe CPU;Safe CPU adapters touch-screen controls and obtains use
Family PIN is inputted, and computing generation PIN data ciphertext is encrypted using PIN encryptions secret key pair PIN data immediately and stores, returns
Reading success status is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, includes branch
Terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data are paid, MAC calculating is carried out using MAC encryption keys,
Transaction message is formed, is returned to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
In an embodiment of the present invention, the encryption and decryption key is secret including at least account data encryption key, PIN encryptions
Key, MAC encryption keys, enciphering and deciphering algorithm is 3DES or SM4 algorithms.
In an embodiment of the present invention, the numerical ciphers keyboard for PIN inputs, using out of order, random alignment number
Word code keypad.
Compared to prior art, the invention has the advantages that:
First, key data obtain physical isolation and protection, safe;Safe CPU storage and to manage whole encryption and decryption secret
Key, do not stored using CPU, do not manage any encryption and decryption key, physically isolate the connection of key data and android system
System, android system or application is avoided to obtain the risk of key data;
2nd, sensitive data and sensitive service obtain physical isolation and protection, safe;The PIN inputs and encryption of user
Calculating, the account data of user is read and computations are all carried out inside safe CPU, does not handle these sensitive numbers using CPU
According to and sensitive service, be merely responsible for transmit ciphertext data, physically isolate PIN data, account information, sensitive service with
The contact of android system, android system or application is avoided to obtain the risk of sensitive data;
3rd, illegal program can not be run, safe;It is controlled by safe CPU using CPU startup programs, and with top public affairs
Key etc. verifies the integrality and legitimacy of android system and application program step by step, so as to prevent the operation of illegal program, it is ensured that
Equipment and the safety paid;
Therefore, the present invention can systematicness evade security risk existing for android system, ideally solve be based on
Safety problem existing for the intelligent POS of android system.
Brief description of the drawings
Fig. 1 is the electrical block diagram of android system intelligence POS equipment of the present invention.
Fig. 2 is the safe starting method flow chart using CPU.
Fig. 3 is a kind of sensitive data management-control method flow chart.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
One kind of the present invention is based on android system intelligence POS security systems, including connects using CPU and with this using CPU
The safe CPU connect, the application CPU are also connected with communication module, display screen, memory storage, the safe CPU also with touch
Screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:The physics is driven to pacify
Whole circuit, to protect the physical attacks to equipment;Read by the contact IC-card card reader, non-contact IC card reader, magnetic card
Card device obtains user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, it is defeated to obtain user PIN
Enter, and PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be in user
After PIN input processes terminate, the touch-screen being connected with safe CPU is accessed.
Also include a backup battery being connected with the safe CPU, in order to safe CPU uninterrupted power supplies.
The physical attacks to equipment are distorted including tearing mechanical, electrical road open, signal detection, environmental condition and condition of work change
Attack.
The application CPU can also access touch-screen by safe CPU, and specific implementation process is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen
The touch information that touch-screen returns;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to application by safe CPU
CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only works as PIN
After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
Present invention also offers a kind of using the startup side described above based on android system intelligence POS security systems
Method, comprise the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application
CPU unique startup source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to should
Started with CPU;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is deposited to being stored in internal memory
The two level startup program and two level public key of reservoir carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in memory storage
Android system program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key is distinguished corresponding to use
Signature verification is carried out to the APP for being stored in memory storage or download;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and for using CPU
Sensitive service is provided.
The signature verification uses SHA256 data summarization algorithms, and is calculated using RSA2048 or RSA4096 data signatures
Method.Or the signature verification uses SM3 data summarization algorithms, and use SM2 data signature algorithms.
Present invention also offers a kind of using the data pipe described above based on android system intelligence POS security systems
Prosecutor method, comprises the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and apply CPU
Do not store, do not manage any encryption and decryption key;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:Read by safe CPU from contact IC-card
Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, it is secret using data encryption immediately
Computing is encrypted to account data and produces account data ciphertext and stores the ciphertext for key, returns and reads success status to application
CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN numbers
According to, while numerical ciphers keyboard layout and positional information are transmitted to safe CPU;Safe CPU adapters touch-screen controls and obtains use
Family PIN is inputted, and computing generation PIN data ciphertext is encrypted using PIN encryptions secret key pair PIN data immediately and stores, returns
Reading success status is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, includes branch
Terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data are paid, MAC calculating is carried out using MAC encryption keys,
Transaction message is formed, is returned to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
The encryption and decryption key comprises at least account data encryption key, PIN encryptions key, MAC encryption keys, encryption and decryption
Algorithm is 3DES or SM4 algorithms.
For the numerical ciphers keyboard of PIN inputs, using out of order, random alignment numerical ciphers keyboard.
It is below the concrete application example of the present invention.
It refer to shown in Fig. 1, Fig. 1 is the circuit knot of android system intelligence POS equipment provided in an embodiment of the present invention
Structure schematic diagram.
In the present embodiment, the circuit structure of android system intelligence POS equipment specifically includes communication module, application
CPU, memory storage, display screen, touch-screen, safe CPU, contact IC-card card reader, non-contact IC card reader, magnetic card Card Reader
Device, physical security circuit, backup battery.
Described communication module, memory storage, display screen are connected with described using CPU;Described touch-screen, contact
IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery and described safe CPU connect
Connect;Described is connected using CPU with described safe CPU.
Described application CPU is used to run android system and pays APP;Described safe CPU is used for security protection simultaneously
Safety-related data are handled, are specifically included:The described physical security circuit of driving, for preventing equipment physical attacks
Shield, prevent from tearing the attack that mechanical, electrical road is distorted, signal detection, environmental condition and condition of work change open;Storage and management encryption and decryption are secret
Key;From contact IC-card card reader, non-contact IC card reader or magnetic card reader, account data and the friendship of user's bank card are obtained
Easy parameter, and by described touch-screen, obtain user PIN inputs, PIN encryptions, user account are completed inside safe CPU
Data encryption, transaction message signature, are transferred to bank transaction management and are put down by application CPU and its communication module connected afterwards
Platform completes payment transaction.
Described backup battery, under equipment off-mode, working power is provided for safe CPU, make equipment by between not
Disconnected protection.
Described touch-screen, managed by safe CPU, in user's PIN input processes, it is defeated that PIN is directly obtained by safe CPU
Enter data, using CPU inaccessibles, only after PIN input processes terminate, touch-screen can be accessed using CPU.
Especially, described touch-screen, managed by safe CPU, to provide access path using CPU, access and touch using CPU
Touch screen and include three steps.
Step 1, safe CPU is issued a command to by the communication interface being connected with safe CPU using CPU;
Step 2, application CPU instruction is passed to touch-screen, obtained by safe CPU by the communication interface with touch-screen
The touch information that touch-screen returns;
Step 3, safe CPU is sent to application by the touch information of acquisition by the communication interface being connected with using CPU
CPU。
In user's PIN input processes, safe CPU has taken over touch-screen and has controlled and obtain user PIN inputs, only works as PIN
After input process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
The android system intelligence POS circuitry structure provided in the present embodiment, inputs the PIN of user, and
The account data of the user's bank card obtained from contact IC-card card reader, non-contact IC card reader or magnetic card reader, by pacifying
Full CPU direct drives and management, not directly access using CPU, physically isolate PIN data, account information and Android
The contact of system, android system or application is avoided to obtain the risk of sensitive data.
It refer to shown in Fig. 2, Fig. 2 is application of embodiment of the present invention CPU safe starting method flow chart.
In the present embodiment, there is provided a kind of safe starting method using CPU, comprise the following steps:
Step 1, when equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as application
CPU unique startup source, and control is allowed to start using CPU;
Step 2, after the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to answer
Started with CPU;
Step 3, startup program is performed using CPU, and the top public key that CPU safe to use is provided is to being stored in memory storage
The two level startup program and two level public key of device carry out signature verification, if signature verification is not by returning to " sign test mistake " to peace
Full CPU, program endless loop.
Step 4, two level startup program is then performed using CPU, and with two level public key to being stored in memory storage
Android system program and multiple three-level public keys carry out signature verification.If signature verification is not by returning to " sign test mistake " and giving
Safe CPU, program endless loop.
Step 5, the android system program for then performing using CPU memory storage, and three-level public key point corresponding to using
It is other to carry out signature verification to being stored in memory storage or newly downloaded APP.The APP that only signature verification passes through allows to perform,
The APP that signature verification does not pass through does not allow to load or download.
Step 6, safe cpu monitor application CPU clean boot information, if receiving " sign test mistake ", termination device starts.
If signature verification is correct, safe CPU then handles all sensitive datas of payment transaction and to provide sensitive service using CPU.
Above-mentioned " signature verification " algorithm, SHA256 algorithms can be used to obtain data summarization, then with RSA2048 or
RSA4096 algorithms calculate signature numerical value to data summarization, then are compared with the signature numerical value stored in memory storage, with true
Recognize the correctness of signature;SM3 algorithms can also be used to obtain data summarization, then number of signature is calculated to data summarization with SM2 algorithms
Value, then be compared with the signature numerical value stored in memory storage, to confirm the correctness of signature.
The safe starting method using CPU provided in the present embodiment, it is controlled by safe CPU using CPU startup programs, and
The integrality and legitimacy of android system and application program are verified step by step with top public key etc., so as to prevent illegal program
Operation and download, for equipment and the safe basic condition for providing key paid.
It refer to shown in Fig. 3, Fig. 3 is sensitive data management-control method flow chart of the embodiment of the present invention.
In the present embodiment, there is provided one kind is based on android system intelligence POS sensitive data management-control methods, including following control
Step processed:
Step 1, when bank key is downloaded, store and manage whole encryption and decryption keys by safe CPU, and apply CPU not
Storage, any encryption and decryption key is not managed;
Step 2, android system program and APP are run in application CPU, when needing e-payment, using CPU processing
Application flow and user interface prompt, issue a command to safe CPU and read user account data;Read by safe CPU from contact IC-card
Card device, non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, is added immediately using account data
Close secret key pair account data is encrypted computing and produces account data ciphertext and store the ciphertext, and return reading success status is given should
Use CPU;
Step 3, user's PIN input processes, prompt to input PIN on a display screen using CPU, show numerical ciphers keyboard,
Issue a command to safe CPU and obtain user's PIN data, while transmit numerical ciphers keyboard layout and positional information to safe CPU;Peace
Full CPU adapter touch-screens control and obtain user PIN inputs, and computing is encrypted using PIN encryptions secret key pair PIN data immediately
Produce PIN data ciphertext and store, return reading success status is applied CPU;After PIN ends of input, safe CPU releases touch
The control of screen;
Step 4, issue a command to safe CPU using CPU and obtain transaction message;Safe CPU integrates the payment terminal of this transaction
The data such as parameter, account data ciphertext, dealing money, PIN data ciphertext, MAC calculating is carried out using MAC encryption keys, formed
Transaction message, return to using CPU;
Step 5, pass through connected communication module using CPU and bank transaction service platform is communicated, complete to pay
Transaction.
Above-mentioned encryption and decryption key, symmetrical key can be used, it is secret including at least account data encryption key, PIN encryptions
Key, MAC encryption keys, AES is 3DES or SM4 algorithms.
Above-mentioned application CPU shown numerical ciphers keyboards on a display screen, can be normal sequence, the numeral of stationary arrangement
Code keypad or out of order, random alignment numerical ciphers keyboard.
The sensitive data management-control method provided in the present embodiment, the PIN inputs of user and computations, the account number of user
All carried out according to reading and computations inside safe CPU, do not handle these sensitive datas and sensitive service using CPU, it is only negative
Duty transmits ciphertext data, physically isolates contacting for PIN data, account information, sensitive service and android system, avoids
Android system or application obtain the risk of sensitive data.
Pay attention to, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious changes,
Readjust and substitute without departing from protection scope of the present invention.Therefore, it is all done according to scope of the present invention patent it is equal
Deng change and modification, it should all belong to covering scope of the invention.
Claims (9)
1. one kind is based on android system intelligence POS security systems, it is characterised in that:CPU is applied including application CPU and with this
The safe CPU of connection, the application CPU are also connected with communication module, display screen, memory storage, and the safe CPU is also with touching
Touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:Drive the physical security electricity
Road, to protect the physical attacks to equipment;Pass through the contact IC-card card reader, non-contact IC card reader, magnetic card reader
Obtain user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, user PIN inputs are obtained, and
PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be defeated in user PIN
Enter after process terminates, access the touch-screen being connected with safe CPU;
The application CPU can also access touch-screen by safe CPU, and specific implementation process is as follows:
Step 1:Using CPU by the communication interface being connected with safe CPU, safe CPU is issued a command to;
Step 2:Application CPU instruction is passed to touch-screen, is obtained and touched by safe CPU by the communication interface with touch-screen
Shield the touch information returned;
Step 3:The touch information of acquisition by the communication interface being connected with using CPU, is sent to using CPU by safe CPU;
And in user's PIN input processes, safe CPU adapters touch-screen controls and obtains user PIN inputs, only when PIN is inputted
After process terminates, the dependent instruction that touch-screen is accessed using CPU is just effective.
2. according to claim 1 be based on android system intelligence POS security systems, it is characterised in that:Also include one with
The backup battery of the safe CPU connections, in order to safe CPU uninterrupted power supplies.
3. according to claim 1 be based on android system intelligence POS security systems, it is characterised in that:It is described to equipment
Physical attacks include tear open mechanical, electrical road distort, signal detection, environmental condition and condition of work change attack.
A kind of 4. startup method based on android system intelligence POS security systems, it is characterised in that:One is provided to be based on
Android system intelligence POS security systems, including using the CPU and safe CPU being connected with this using CPU, it is described to apply CPU
Also be connected with communication module, display screen, memory storage, the safe CPU also with touch-screen, contact IC-card card reader, non-connect
Touch IC-card card reader, magnetic card reader, the connection of physical security circuit;
The safe CPU is used to realize security protection and handle safety-relevant data, specifically included:Drive the physical security electricity
Road, to protect the physical attacks to equipment;Pass through the contact IC-card card reader, non-contact IC card reader, magnetic card reader
Obtain user's bank card account number data;Storage and management encryption and decryption key;By the touch-screen, user PIN inputs are obtained, and
PIN encryptions, user account data encryption, transaction message signature are completed inside safe CPU;
The application CPU is used to realize:Run android system and pay APP;The application CPU can also be defeated in user PIN
Enter after process terminates, access the touch-screen being connected with safe CPU;
The startup method based on android system intelligence POS security systems, comprises the following steps,
Step S1:When equipment starts, safe CPU first starts, and control is using CPU and safe CPU interface as using CPU's
It is unique to start source, and control is allowed to start using CPU;
Step S2:After the completion of the safe self-tests of safe CPU, to provide startup program and top public key using CPU, it is allowed to apply
CPU starts;
Step S3:Startup program is performed using CPU, and the top public key that CPU safe to use is provided is to being stored in memory storage
Two level startup program and two level public key carry out signature verification;
Step S4:Two level startup program is performed using CPU, and with two level public key to being stored in the Android systems of memory storage
System program and multiple three-level public keys carry out signature verification;
Step S5:The android system program of memory storage is performed using CPU, and three-level public key corresponding to use is respectively to depositing
The APP for being stored in memory storage or download carries out signature verification;
Step S6:APP is performed using CPU, safe CPU then handles all sensitive datas of payment transaction and to be provided using CPU
Sensitive service.
5. the startup method according to claim 4 based on android system intelligence POS security systems, it is characterised in that:Institute
State signature verification and use SHA256 data summarization algorithms, and use RSA2048 or RSA4096 data signature algorithms.
6. the startup method according to claim 4 based on android system intelligence POS security systems, it is characterised in that:Institute
State signature verification and use SM3 data summarization algorithms, and use SM2 data signature algorithms.
7. a kind of data management-control method using based on android system intelligence POS security systems described in claim 1, it is special
Sign is:Comprise the following steps,
Step S01:When bank's key is downloaded, whole encryption and decryption keys are stored and managed by safe CPU, and are not deposited using CPU
Storage, any encryption and decryption key is not managed;
Step S02:Safe CPU, which is issued a command to, using CPU reads user account data:By safe CPU from contact IC-card card reader,
Non-contact IC card reader or magnetic card reader, the account data of user's bank card is obtained, immediately using data encryption secret key pair
Account data is encrypted computing and produces account data ciphertext and store the ciphertext, and return reading success status is applied CPU;
Step S03:Numerical ciphers keyboard is shown in display screen using CPU, safe CPU is issued a command to and obtains user's PIN data, together
When transmit numerical ciphers keyboard layout and positional information and give safe CPU;Safe CPU adapters touch-screen controls and obtains user PIN
Input, is encrypted computing using PIN encryptions secret key pair PIN data immediately and produces and PIN data ciphertext and store, return read into
Work(state is applied CPU;After PIN ends of input, the control of safe CPU releases touch-screen;
Step S04:Safe CPU, which is issued a command to, using CPU obtains transaction message;Safe CPU, which integrates this transaction, to be included paying eventually
Parameter, account data ciphertext, dealing money, PIN data ciphertext data are held, MAC calculating is carried out using MAC encryption keys, formed
Transaction message, return to using CPU;
Step S05:Communicated using CPU by communication module and bank transaction service platform, complete payment transaction.
8. the data management-control method according to claim 7 based on android system intelligence POS security systems, its feature exist
In:The encryption and decryption key comprises at least account data encryption key, PIN encryptions key, MAC encryption keys, enciphering and deciphering algorithm
For 3DES or SM4 algorithms.
9. the data management-control method according to claim 7 based on android system intelligence POS security systems, its feature exist
In:For the numerical ciphers keyboard of PIN inputs, using out of order, random alignment numerical ciphers keyboard.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610323596.8A CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610323596.8A CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105957276A CN105957276A (en) | 2016-09-21 |
CN105957276B true CN105957276B (en) | 2018-01-02 |
Family
ID=56911692
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610323596.8A Active CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105957276B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106529931A (en) * | 2016-11-30 | 2017-03-22 | 广州云移信息科技有限公司 | Intelligent POS payment safety management system |
CN106558155A (en) * | 2016-11-30 | 2017-04-05 | 广州云移信息科技有限公司 | A kind of intelligent POS terminal of detection application program |
CN108629186A (en) * | 2017-03-23 | 2018-10-09 | 惠尔丰(中国)信息系统有限公司 | A kind of embedded-type security applied to Android system pays POS machine and method |
CN108985767A (en) * | 2017-05-31 | 2018-12-11 | 广州云移信息科技有限公司 | A kind of PIN data secured inputting method and terminal |
CN107392589B (en) * | 2017-07-01 | 2023-08-01 | 武汉天喻信息产业股份有限公司 | Android system intelligent POS system, security verification method and storage medium |
CN107274185A (en) * | 2017-08-15 | 2017-10-20 | 鼎讯网络安全技术有限公司 | Safe and intelligent POS and method for secure transactions |
CN108665651B (en) * | 2018-04-09 | 2021-02-02 | 厦门夏新移动通讯有限公司 | Safe and intelligent anti-disassembly system applied to payment equipment and payment equipment |
CN108597154B (en) * | 2018-04-09 | 2020-11-17 | 厦门夏新移动通讯有限公司 | Safe starting system and starting method for communication module of Internet of things and POS machine |
CN108595981B (en) * | 2018-05-09 | 2021-07-20 | 深圳市桑格尔科技股份有限公司 | Method for encrypting android system |
CN108875382B (en) * | 2018-05-24 | 2022-05-10 | 深圳鼎智通讯股份有限公司 | Protection method for permanent anti-cutting machine of intelligent POS terminal |
CN109903020A (en) * | 2019-01-24 | 2019-06-18 | 北京银联金卡科技有限公司 | Internet of Things secure payment platform and clean boot, defence, method of payment |
CN110992047A (en) * | 2019-11-29 | 2020-04-10 | 福建新大陆支付技术有限公司 | Full-touch-screen POS terminal PIN safe input method |
CN111027047B (en) * | 2019-11-29 | 2024-04-02 | 安天科技集团股份有限公司 | Application sensitive information management and control method and device, electronic equipment and storage medium |
CN111597560B (en) * | 2020-05-18 | 2023-05-09 | 国网电力科学研究院有限公司 | Safe and reliable module starting method and system |
CN112462980B (en) * | 2020-12-15 | 2021-07-20 | 深圳市捷诚技术服务有限公司 | Password interception preventing method and device and POS machine |
CN113611059A (en) * | 2021-08-09 | 2021-11-05 | 浙江理工大学科技与艺术学院 | High-safety wireless POS machine system |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201289667Y (en) * | 2008-10-21 | 2009-08-12 | 东莞市建邦计算机软件有限公司 | Electronic payment and settlement self-help terminal |
CN201732442U (en) * | 2010-07-19 | 2011-02-02 | 福建联迪商用设备有限公司 | POS (point of sale) of mobile phone |
CN102103775A (en) * | 2009-12-22 | 2011-06-22 | 爱特维尔株式会社 | Mobile POS terminal |
CN202205287U (en) * | 2011-09-07 | 2012-04-25 | 福建鑫诺通讯技术有限公司 | Wireless handheld POS machine |
CN202268922U (en) * | 2011-09-28 | 2012-06-06 | 福建联迪商用设备有限公司 | Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure |
CN103530963A (en) * | 2013-09-25 | 2014-01-22 | 江苏智联天地科技有限公司 | Password safety protecting device and method of intelligent touch screen POS (point of sale) machine |
CN103955653A (en) * | 2014-04-17 | 2014-07-30 | 福建鼎恩协创电子科技有限公司 | Anti-cracking security system, POS (Point Of Sale) machine and method |
CN104954521A (en) * | 2015-07-09 | 2015-09-30 | 南京星霸科技有限公司 | POS (point of sale) terminal and mobile phone integrated equipment circuit structure |
CN104952162A (en) * | 2015-07-20 | 2015-09-30 | 上海行哲信息技术有限公司 | Integrated financial security device |
CN105488924A (en) * | 2015-12-11 | 2016-04-13 | 福建新大陆支付技术有限公司 | POS high-end application system and solving method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004240787A (en) * | 2003-02-07 | 2004-08-26 | Nec Infrontia Corp | Key entry method for touch panel in pos system |
-
2016
- 2016-05-17 CN CN201610323596.8A patent/CN105957276B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201289667Y (en) * | 2008-10-21 | 2009-08-12 | 东莞市建邦计算机软件有限公司 | Electronic payment and settlement self-help terminal |
CN102103775A (en) * | 2009-12-22 | 2011-06-22 | 爱特维尔株式会社 | Mobile POS terminal |
CN201732442U (en) * | 2010-07-19 | 2011-02-02 | 福建联迪商用设备有限公司 | POS (point of sale) of mobile phone |
CN202205287U (en) * | 2011-09-07 | 2012-04-25 | 福建鑫诺通讯技术有限公司 | Wireless handheld POS machine |
CN202268922U (en) * | 2011-09-28 | 2012-06-06 | 福建联迪商用设备有限公司 | Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure |
CN103530963A (en) * | 2013-09-25 | 2014-01-22 | 江苏智联天地科技有限公司 | Password safety protecting device and method of intelligent touch screen POS (point of sale) machine |
CN103955653A (en) * | 2014-04-17 | 2014-07-30 | 福建鼎恩协创电子科技有限公司 | Anti-cracking security system, POS (Point Of Sale) machine and method |
CN104954521A (en) * | 2015-07-09 | 2015-09-30 | 南京星霸科技有限公司 | POS (point of sale) terminal and mobile phone integrated equipment circuit structure |
CN104952162A (en) * | 2015-07-20 | 2015-09-30 | 上海行哲信息技术有限公司 | Integrated financial security device |
CN105488924A (en) * | 2015-12-11 | 2016-04-13 | 福建新大陆支付技术有限公司 | POS high-end application system and solving method |
Also Published As
Publication number | Publication date |
---|---|
CN105957276A (en) | 2016-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105957276B (en) | Based on android system intelligence POS security systems and startup, data management-control method | |
US11393300B2 (en) | Secure point of sale terminal and associated methods | |
CN103544599B (en) | Embedded-type security element for authenticating, storing and trading in mobile terminal | |
CN110249586B (en) | Method for securely storing sensitive data on a smart card and smart card | |
CN108027926A (en) | The Verification System and method of payment based on service | |
CN110555706A (en) | Face payment security method and platform based on security unit and trusted execution environment | |
CN106465112A (en) | Offline authentication | |
CN105164694A (en) | Trusted terminal platform | |
CN205656721U (en) | Based on intelligence POS safety circuit of android system | |
CN107133512A (en) | POS terminal control method and device | |
CN110249358A (en) | High value material is exported based on 1 evidences of title of ring | |
CN105989477A (en) | Data interaction method | |
CN105991527A (en) | Data interaction system | |
CN105989475A (en) | Data interaction method | |
CN105991530A (en) | Data interaction system | |
Král | Akceptace platebních karet na zařízeních s OS Android | |
CN105991538A (en) | Data interaction method and system | |
CN105991532A (en) | Data interaction method | |
CN105991544A (en) | Data interaction method | |
Franklin et al. | LEVEL 3 SECURITY POLICY for SafeNet Luna EFT | |
CN105991543A (en) | Data interaction method | |
CN105991531A (en) | Data interaction system | |
CN105991541A (en) | Data interaction system | |
CN105989480A (en) | Data interaction system | |
CN105991549A (en) | Data interaction system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |