CN108235807B - Software encryption terminal, payment terminal, software package encryption and decryption method and system - Google Patents
Software encryption terminal, payment terminal, software package encryption and decryption method and system Download PDFInfo
- Publication number
- CN108235807B CN108235807B CN201880000009.9A CN201880000009A CN108235807B CN 108235807 B CN108235807 B CN 108235807B CN 201880000009 A CN201880000009 A CN 201880000009A CN 108235807 B CN108235807 B CN 108235807B
- Authority
- CN
- China
- Prior art keywords
- key
- software package
- encryption
- software
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention provides a software encryption terminal, a payment terminal, a software package encryption and decryption method and a system, wherein the method comprises the following steps: obtaining a symmetric key; encrypting a preset software package according to the symmetric key to obtain an encrypted software package; uploading the encrypted software package to a server; the fourth processor, when executing the program, implements the steps of: downloading an encrypted software package from a server; and according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain the software package. By the method, the software package is not easy to be attacked in the transmission process, the key used by the encrypted software package conforms to the key safety management rule, and the risk of key leakage does not exist.
Description
Technical Field
The invention relates to the technical field of software, in particular to a software encryption terminal, a payment terminal, a software package encryption and decryption method and a software package encryption and decryption system.
Background
With the rapid development of the electronic payment industry, particularly the rise of intelligent POS, the updating software of the payment terminal is more and more frequent and important, and no matter whether the problem is repaired or the function is newly added, more and more new versions of the software are released, and how to safely install the new software to the payment terminal, the following two processing methods are generally adopted: firstly, local downloading, namely connecting the payment terminal with a local PC (personal computer) and downloading new software through a local PC tool; and secondly, remote updating, namely pushing new software to the payment terminal in an online mode, and completing installation after the payment terminal receives the software. Local downloading requires that payment terminals are collected first, and then downloading is performed one by one, which requires more manpower and material resources. The remote updating method is more and more popular among developers and users due to the characteristic of rapidness and convenience. However, the remote update is very vulnerable to various attacks on the network due to the characteristics of participation of the management background and online transmission. How to ensure the secure transmission of software to a payment terminal generally includes the following ways:
the first method is as follows: a background directly pushes a plaintext software package to a terminal;
the second method comprises the following steps: encrypting the software package by using a simple key, for example, encrypting by using an appointed key, and simultaneously solidifying the appointed key by using a terminal code for decryption;
the third method comprises the following steps: the software package is encrypted by using the random key, but the plaintext of the random key is issued along with the encrypted software package, and the terminal extracts the key and then decrypts the encrypted software package.
The above method has the following disadvantages:
disadvantage 1:
the plaintext software package is transmitted on the network and is extremely easy to disassemble and crack, and an attacker can even implant malicious codes to generate new software and download the new software to the terminal.
And (2) disadvantage:
the key used by the encryption software package does not comply with the key security management regulation, the risk of key leakage exists, and any unauthorized terminal developer can obtain the software encryption key.
Disadvantage 3:
the plaintext transmission of the key is extremely unsafe to transmit on the network and does not conform to the safety management regulation of the key, and the safety degree is equal to the direct transmission of the plaintext software package.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the invention provides a software encryption terminal, a payment terminal, a software package encryption and decryption method and a software package encryption and decryption system, which improve the security of software package transmission to the payment terminal and avoid the problem that a user brings huge loss due to malicious attack on a software package installed by the user.
In order to solve the technical problem, the invention provides a software package encryption method, which comprises the following steps:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: and uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package.
The invention also provides a software package decryption method, which comprises the following steps:
s4: obtaining an encrypted software package;
s5: and decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain the software package.
The invention also provides a software package encryption and decryption method, which comprises the following steps:
s1: the software encryption terminal obtains a symmetric key;
s2: according to the symmetric key, the software encryption terminal encrypts a preset software package to obtain an encrypted software package;
s3: the software encryption terminal uploads the encryption software package to a server;
s4: the payment terminal downloads the encrypted software package from the server;
s5: and according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain the software package.
The invention provides a software encryption terminal, which comprises a first memory, a first processor and a first computer program which is stored on the first memory and can run on the first processor, wherein the first processor realizes the following steps when executing the first computer program:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: and uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package.
The invention provides a payment terminal, which comprises a second memory, a second processor and a second computer program which is stored on the second memory and can run on the second processor, wherein the second processor realizes the following steps when executing the second computer program:
s4: obtaining an encrypted software package;
s5: and decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain the software package.
The invention provides a software package encryption and decryption system, which comprises a software encryption terminal and a payment terminal, wherein the software encryption terminal comprises a third memory, a third processor and a third computer program which is stored in the third memory and can run on the third processor; the payment terminal comprises a fourth memory, a fourth processor and a fourth computer program stored on the fourth memory and executable on the fourth processor, the third processor implementing the following steps when executing the third computer program:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: uploading the encrypted software package to a server;
the fourth processor, when executing the fourth computer program, implements the steps of:
s4: downloading an encrypted software package from a server;
s5: and according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain the software package.
The invention has the beneficial effects that:
the invention provides a software encryption terminal, a payment terminal, a software package encryption and decryption method and a software package decryption system, wherein a symmetric key is obtained on the software encryption terminal, a preset software package is encrypted on the software encryption terminal to obtain an encrypted software package, the symmetric key is pre-imported into the payment terminal, when the payment terminal downloads the encrypted software package, the encrypted software package is decrypted according to the symmetric key to obtain the software package, and the software package is installed on the payment terminal; the invention encrypts the plaintext software package through the software encryption terminal, the operation is completed in the software encryption terminal, so that the outside cannot contact the encryption key used at this time, and decryption is performed according to the symmetric key preset by the payment terminal.
Drawings
FIG. 1 is a diagram illustrating the main steps of a software package encryption method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the main steps of a software package decryption method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating the main steps of a software package encryption and decryption method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a software encryption terminal according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a payment terminal according to an embodiment of the present invention;
FIG. 6 is a block diagram of a software package encryption and decryption system according to an embodiment of the present invention;
description of reference numerals:
1. a first memory; 2. a first processor; 3. a second memory; 4. a second processor; 5. a software encryption terminal; 6. a payment terminal; 7. a third memory; 8. a third processor; 9. a fourth memory; 10. and a fourth processor.
Detailed Description
The most key concept of the invention is as follows: the software encryption terminal encrypts a preset software package according to the acquired symmetric key to obtain an encrypted software package; and uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package.
Referring to fig. 1, the present invention provides a software package encryption method, including the following steps:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: and uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package.
As can be seen from the above description, according to the software package encryption and decryption method provided by the present invention, a symmetric key is obtained from a software encryption terminal, a preset software package is encrypted on the software encryption terminal to obtain an encrypted software package, the symmetric key is pre-imported into a payment terminal, when the payment terminal downloads the encrypted software package, the encrypted software package is decrypted according to the symmetric key to obtain the software package, and the software package is installed on the payment terminal; the invention encrypts the plaintext software package through the software encryption terminal, the operation is completed in the software encryption terminal, so that the outside cannot contact the encryption key used at this time, and decryption is performed according to the symmetric key preset by the payment terminal.
Further, the S2 specifically includes:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number; the key serial number corresponds to the software package;
s23: and encrypting the software package through the first encryption key to obtain an encrypted software package.
From the above description, the encryption key generated by the DUKPT algorithm derives different encryption keys because each encryption uses different key serial numbers, so that one-time pad is achieved, uniqueness of a software ciphertext is ensured, and safety and reliability of an encryption software package in a transmission process are ensured.
Further, the S23 is preceded by:
acquiring password information input by a user, and verifying the password information; if the password information passes the verification, step S23 is executed.
From the above description, when the software package needs to be encrypted, the authority of the user needs to be verified, so that the security of the software package encryption is improved.
Further, the S22 specifically includes:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key includes a data encryption key and a MAC key.
Further, the S23 specifically includes:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
According to the above description, the information stored in the first domain and the second domain of the description information is convenient for the payment terminal to verify the first software ciphertext data, so that the security of the first software ciphertext data encrypted by the software package in the transmission process is ensured, and the encrypted data is prevented from being tampered.
Further, the S1 specifically includes:
randomly generating a symmetric key through a key generation algorithm;
or:
and obtaining the symmetric key by a key downloading method.
By the method, the security of the symmetric key obtained by the software encryption terminal can be ensured.
Referring to fig. 2, the present invention provides a software package decryption method, including the following steps:
s4: obtaining an encrypted software package;
s5: and decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain the software package.
Further, the S5 specifically includes:
obtaining a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
From the above description, by the above method, security verification is performed on the first software ciphertext data through the preset symmetric key and the information stored in the first domain and the second domain of the description information, so that security of the first software ciphertext data encrypted by the software package in the transmission process is ensured, and the encrypted data is prevented from being tampered.
Referring to fig. 3, a method for encrypting and decrypting a software package includes the following steps:
s1: the software encryption terminal obtains a symmetric key;
s2: according to the symmetric key, the software encryption terminal encrypts a preset software package to obtain an encrypted software package;
s3: the software encryption terminal uploads the encryption software package to a server;
s4: the payment terminal downloads the encrypted software package from the server;
s5: and according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain the software package.
Further, the S2 specifically includes:
the software encryption terminal acquires a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
Further, the S5 specifically includes:
the payment terminal obtains a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 4, the present invention provides a software encryption terminal, including a first memory 1, a first processor 2 and a first computer program stored in the first memory 1 and operable on the first processor 2, wherein the first processor 2 implements the following steps when executing the first computer program:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: and uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package.
Further, in the software encryption terminal, the S2 is specifically:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number;
s23: and encrypting the software package through the first encryption key to obtain an encrypted software package.
Further, the software encryption terminal described above, before the S23, further includes:
acquiring password information input by a user, and verifying the password information; if the password information passes the verification, step S23 is executed.
Further, in the software encryption terminal, the S22 is specifically:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key includes a data encryption key and a MAC key.
Further, in the software encryption terminal, the S23 is specifically:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
Referring to fig. 5, the present invention provides a payment terminal, including a second memory 3, a second processor 4 and a second computer program stored in the second memory 3 and operable on the second processor 4, wherein the second processor 4 implements the following steps when executing the second computer program:
s4: obtaining an encrypted software package;
s5: and decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain the software package.
Further, in the payment terminal, the S5 specifically is:
obtaining a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 6, the present invention provides a software package encryption and decryption system, including a software encryption terminal 5 and a payment terminal 6, where the software encryption terminal 5 includes a third memory 7, a third processor 8, and a third computer program stored in the third memory 7 and capable of running on the third processor 8; the payment terminal 6 comprises a fourth memory 9, a fourth processor 10 and a fourth computer program stored on the fourth memory 9 and executable on the fourth processor 10, the third processor 8, when executing the third computer program, implementing the steps of:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: uploading the encrypted software package to a server;
the fourth processor 10, when executing the fourth computer program, implements the steps of:
s4: downloading an encrypted software package from a server;
s5: and according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain the software package.
Further, in the software package encryption and decryption system, the step S2 is specifically:
acquiring a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
The S5 specifically includes:
obtaining a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 1, a first embodiment of the present invention is:
the invention provides a software package encryption method, which comprises the following steps:
s1: obtaining a symmetric key;
wherein, the S1 can be implemented by any one of the following methods:
1. and the software encryption terminal for importing the symmetric key is completed by manually inputting the component of the symmetric key. If the method is used, a safety house needs to be built, and the operation is completed in the safety house;
2. randomly generating a symmetric key through a key generation algorithm;
3. the symmetric key is obtained by a key downloading method (needing to pass through a key downloading device).
S2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
the S2 specifically includes:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number; the key serial number corresponds to the software package, namely different software packages are encrypted and different key serial numbers are preset;
s23: acquiring password information input by a user, and verifying the password information; if the password information passes the verification, executing step S24;
s24: and encrypting the software package through the first encryption key to obtain an encrypted software package.
Wherein, the S22 specifically is:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key includes a data encryption key and a MAC key.
Wherein, the S23 specifically is:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
S3: and uploading the encrypted software package to a server, so that the payment terminal decrypts the encrypted software package downloaded from the server according to the imported symmetric key to obtain the software package.
Referring to fig. 2, the second embodiment of the present invention is:
the invention provides a software package decryption method, which comprises the following steps:
s4: obtaining an encrypted software package;
the S4 specifically includes:
and downloading the encrypted software package uploaded by the software encryption terminal from the server to obtain the encrypted software package.
S5: decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain a software package;
the S5 specifically includes:
obtaining a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 3, a third embodiment of the present invention is:
the invention provides a software package encryption and decryption method, which comprises the following steps:
s1: the software encryption terminal obtains a symmetric key;
s2: according to the symmetric key, the software encryption terminal encrypts a preset software package to obtain an encrypted software package;
the S2 specifically includes:
the software encryption terminal acquires a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
S3: the software encryption terminal uploads the encryption software package to a server;
s4: the payment terminal downloads the encrypted software package from the server;
s5: according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain a software package;
the S5 specifically includes:
acquiring a symmetric key imported from a software encryption terminal to a payment terminal;
the payment terminal obtains a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 4, a fourth embodiment of the present invention is:
the invention provides a software encryption terminal, which comprises a first memory, a first processor and a first computer program which is stored on the first memory and can run on the first processor, wherein the first processor realizes the following steps when executing the first computer program:
s1: obtaining a symmetric key;
wherein, the S1 can be implemented by any one of the following methods:
1. and the software encryption terminal for importing the symmetric key is completed by manually inputting the component of the symmetric key. If the method is used, a safety house needs to be built, and the operation is completed in the safety house;
2. randomly generating a symmetric key through a key generation algorithm;
3. the symmetric key is obtained by a key downloading method (needing to pass through a key downloading device).
S2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
the S2 specifically includes:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number;
s23: acquiring password information input by a user, and verifying the password information; if the password information passes the verification, executing step S24;
s24: and encrypting the software package through the first encryption key to obtain an encrypted software package.
Wherein, the S22 specifically is:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key includes a data encryption key and a MAC key.
Wherein, the S23 specifically is:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
S3: and uploading the encrypted software package to a server, so that the payment terminal decrypts the encrypted software package downloaded from the server according to the imported symmetric key to obtain the software package.
Referring to fig. 5, a fifth embodiment of the present invention is:
the invention provides a payment terminal, which comprises a second memory, a second processor and a second computer program which is stored on the second memory and can run on the second processor, wherein the second processor realizes the following steps when executing the second computer program:
s4: obtaining an encrypted software package;
the S4 specifically includes:
and downloading the encrypted software package uploaded by the software encryption terminal from the server to obtain the encrypted software package.
S5: decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain a software package;
the S5 specifically includes:
obtaining a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Referring to fig. 6, a sixth embodiment of the present invention is:
the invention provides a software package encryption and decryption system, which comprises a software encryption terminal and a payment terminal, wherein the software encryption terminal comprises a third memory, a third processor and a third computer program which is stored in the third memory and can run on the third processor; the payment terminal comprises a fourth memory, a fourth processor and a fourth computer program stored on the fourth memory and executable on the fourth processor; the third processor, when executing the third computer program, performs the steps of:
s1: the software encryption terminal obtains a symmetric key;
s2: according to the symmetric key, the software encryption terminal encrypts a preset software package to obtain an encrypted software package;
the S2 specifically includes:
the software encryption terminal acquires a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
S3: the software encryption terminal uploads the encryption software package to a server;
the fourth processor, when executing the fourth computer program, implements the steps of:
s4: the payment terminal downloads the encrypted software package from the server;
s5: according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain a software package;
the S5 specifically includes:
acquiring a symmetric key imported from a software encryption terminal to a payment terminal;
the payment terminal obtains a second computer file and the second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
The seventh embodiment of the invention is:
s1: the symmetric key is safely imported into a software encryption terminal (SED);
step S1, in order to import the symmetric key into the SED, one of the following three ways can be used (step S11 requires building a secure house, and the other ways do not require):
the injection of the symmetric key is completed by manually inputting the symmetric key component, as selected in step S11. If the method is used, a safety house needs to be built, and the operation is completed in the safety house;
selecting step S12, adopting L KI Key download scheme (L KI: L occual Key download, local Key download, which is a common and mature Key download scheme, namely, firstly loading a Key through K L D equipment (K L D: Key L loader Device, Key download equipment), and then downloading the Key to a target terminal, wherein the security implementation scheme of each manufacturer is slightly different, and the common scheme ensures the security of the download process through bidirectional authentication and negotiation session Key between K L D and the target terminal, wherein the SED is used as the target terminal, and symmetric keys are injected into the SED through other K L D (Key download equipment) equipment;
step S13 is selected, the symmetric key is not imported from the outside, but the symmetric key is generated by the random algorithm of the SED;
s2: transmitting the plaintext software package to the SED through external equipment such as a PC tool or a U disk to complete encryption of the software package to obtain an encrypted software package;
the S2 specifically includes:
s201: the clear text software package is transmitted to the SED for encryption by an external device (PC tool, usb disk, etc.) that can interact with the SED. The encryption Key is derived from a symmetric Key and KSN (Key Serial Number, applied to DUKPT) (derivation rule refers to the DUKPT Key management method), which is managed by SED. The step can be finished off-line, the control of double passwords can be added to the PC tool, the password control of an operator can be added to the SED when the USB flash disk is used, namely, only authorized people can encrypt the software package;
s202: and after the SED finishes encrypting the software, outputting an encrypted software package. The encrypted software package consists of description information and software ciphertext. Wherein the description information can be defined as fixed-length data (such as 4K or other values), the field describes the relevant information of the current encryption, including descriptive information, original software packet length, encrypted software ciphertext packet length, KSN used by the current encryption of the DUKPT key, initial vector IV using CBC algorithm, MAC value calculated after hash value is calculated on the software ciphertext, and the like, and the description information includes a first field (KSN field) and a second field (MAC field); the encryption process is as follows:
1) the SED generates the KSN used by the encryption and writes the KSN into a 'KSN domain' of the description information;
2) deriving a Data encryption Key Data Key and an MAC Key MAC Key (derivation rule refers to DUKPT Key derivation rule) used for the encryption according to the symmetric Key and the KSN;
3) encrypting original software by using a Data Key to obtain software ciphertext Data, namely Encrypted file;
4) calculating a Hash value of the software ciphertext data, namely Encrypted file, by using a Hash algorithm;
5) calculating MAC (first hash value encryption information) by using the hash value in the MAC Key pair 4), and writing the MAC into an MAC domain of the description information;
6) storing the description information as a file of ini, TXT or other format, and packaging the description information and the Encrypted file into a final Encrypted software package; or writing the description information and the Encrypted file into the same file, wherein the description information is used as the first half part of the file, the Encrypted file is used as the second half part of the file, and the file is the final encryption software package;
s3: uploading the encrypted software package to a server;
s4: the SED safely injects the symmetric key into the payment terminal;
the S4 specifically includes:
adopting an L KI key downloading scheme, wherein a payment terminal is used as a target terminal, and a symmetric key is safely injected into the terminal through SED for decrypting a ciphertext software package by the terminal;
l local Key Injection, downloading local Key, which is a common and mature Key downloading scheme, namely, firstly loading the Key through K L D equipment, and then downloading the Key to the target terminal, the security realization scheme of each manufacturer is slightly different, and the common scheme ensures the security of the downloading process through the mutual authentication and negotiation session Key between K L D and the target terminal;
s5: downloading the encrypted software package from the server to the payment terminal;
the S5 specifically includes:
and the final encrypted software package is released and uploaded to the server, so that the encrypted software package is downloaded to the payment terminal in a remote updating mode.
S6: and according to the symmetric key, the payment terminal decrypts the encrypted software package to obtain the software package.
The S6 specifically includes:
the payment terminal completes decryption of the software ciphertext data according to the content of the description information of the encrypted software package, and the specific decryption process is as follows:
1) calculating a Hash value of the software ciphertext data, namely Encrypted file, by using a Hash algorithm; if the encryption flow is in the form of packaging the description information and the Encrypted file used in the step 6 in the step 202, directly decompressing to extract the Encrypted file; if the description information and Encrypted file are naturally spliced into the form of Encrypted software package, subtracting the description information with fixed length from the Encrypted software package to obtain the Encrypted file;
2) and extracting the domain values of the description information in the ciphertext software package, such as extracting the domain values of the KSN domain and the MAC domain. Because the length and the format in the description information are fixed, extracting each domain value is feasible;
3) deriving a Data encryption Key Data Key and a MAC Key MACKey according to the symmetric Key and the KSN (derivation rule refers to a DUKPT Key derivation rule);
4) calculating the MAC of the hash value calculated in the step S6 in the step 1) by using the MAC Key, comparing the calculated MAC with the MAC extracted in the step S6 in the step 2), and if the calculated MAC is not equal to the MAC extracted in the step S6, returning an error and failing to decrypt;
5) decrypting the Encrypted file by using the Data Key to obtain the plain text file of the Plaintext software.
And (4) safety analysis:
confidentiality of software packages
The content to be protected in the scheme is a software package transmitted among different devices or terminals, the software package is encrypted through a symmetric key, and the software transmitted in the remote updating process is in a ciphertext form.
The confidentiality of the software package also comprises the confidentiality of the software encryption process, namely, the external equipment transmits the plaintext software package to the SED, the encryption operation is completed in the SED, and then the ciphertext software package is output. The encryption key used at this time cannot be touched or obtained from the outside.
Key management security
The encryption software package uses symmetric key encryption, the transmission process of the symmetric key is to synthesize the symmetric key by manual input in a secure house or inject the symmetric key into other K L D equipment or generate the symmetric key randomly by the SED, and then the symmetric key is safely injected into the payment terminal by the SED, the key injection safety is ensured by a L KI key downloading scheme, and bidirectional authentication and negotiation between the SED and the terminal are common, and a temporary session key is also commonly used.
The SED and the payment terminal are respectively encrypted and stored by a top-level encryption key in respective security areas, and after the security area is subjected to attack alarm, the security area data can attack self-destruction.
The generation, transmission and storage processes of the symmetric key all meet the requirement of key safety management.
Uniqueness of software package ciphertext
The DUKPT key management method is used for the software package encryption key, and different KSN are used for encryption each time, so that different encryption keys are correspondingly derived, one-time pad is achieved, and the uniqueness of a software ciphertext is guaranteed.
Authenticity of software packages
The scheme adopts an MAC (media access control) verification method to ensure that the ciphertext data cannot be tampered. And verifying the software ciphertext by adopting an MAC algorithm. After the terminal receives the software ciphertext, the terminal firstly checks the integrity of the data by using the specific MAC key and then carries out subsequent decryption operation, thereby ensuring the integrity of the software.
In summary, according to the software encryption terminal, the payment terminal, and the software package encryption and decryption method and system provided by the present invention, the symmetric key is obtained from the software encryption terminal, the preset software package is encrypted on the software encryption terminal to obtain the encrypted software package, the symmetric key is imported in advance into the payment terminal, when the payment terminal downloads the encrypted software package, the encrypted software package is decrypted according to the symmetric key to obtain the software package, and the software package is installed on the payment terminal; the invention encrypts the plaintext software package through the software encryption terminal, the operation is completed in the software encryption terminal, so that the outside cannot contact the encryption key used at this time, and decryption is performed according to the symmetric key preset by the payment terminal. The invention improves the security of transmitting the software package to the payment terminal and avoids the problem of huge loss caused by the installation of the software package which is maliciously attacked by a user.
Claims (9)
1. A software package encryption method, comprising the steps of:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package;
the S2 specifically includes:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number;
s23: encrypting the software package through the first encryption key to obtain an encrypted software package;
the S22 specifically includes:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
the S23 specifically includes:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
2. The software package encryption method according to claim 1, wherein said S23 is preceded by:
acquiring password information input by a user, and verifying the password information; if the password information passes the verification, step S23 is executed.
3. The software package encryption method according to claim 1, wherein the S1 specifically is:
randomly generating a symmetric key through a key generation algorithm;
or:
and obtaining the symmetric key by a key downloading method.
4. A software package decryption method, comprising the steps of:
s4: a software package encryption method according to any one of claims 1 to 3, obtaining an encrypted software package;
s5: decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain a software package;
the S5 specifically includes:
obtaining a second computer file and second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
5. A software package encryption and decryption method is characterized by comprising the following steps:
s1: the software encryption terminal obtains a symmetric key;
s2: according to the symmetric key, the software encryption terminal encrypts a preset software package to obtain an encrypted software package;
s3: the software encryption terminal uploads the encryption software package to a server;
s4: the payment terminal downloads the encrypted software package from the server;
s5: according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain a software package;
the S2 specifically includes:
the software encryption terminal acquires a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
obtaining an encrypted software package according to the first computer file and the first software ciphertext data;
the S5 specifically includes:
the payment terminal obtains a second computer file and second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
6. A software encryption terminal comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, wherein the first processor implements the following steps when executing the first computer program:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
s3: uploading the encrypted software package so that the payment terminal decrypts the downloaded encrypted software package according to the imported symmetric key to obtain the software package;
the S2 specifically includes:
s21: acquiring a software package transmitted by external storage equipment;
s22: generating a first encryption key through a DUKPT algorithm according to the symmetric key and a preset key serial number;
s23: encrypting the software package through the first encryption key to obtain an encrypted software package;
the S22 specifically includes:
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
the S23 specifically includes:
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
and obtaining an encrypted software package according to the first computer file and the first software ciphertext data.
7. The software encryption terminal according to claim 6, wherein said S23 is preceded by:
acquiring password information input by a user, and verifying the password information; if the password information passes the verification, step S23 is executed.
8. A payment terminal comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, wherein the second processor when executing the second computer program implements the steps of:
s4: a software package encryption method according to any one of claims 1 to 3, obtaining an encrypted software package;
s5: decrypting the encrypted software package according to the symmetric key imported to the payment terminal to obtain a software package;
the S5 specifically includes:
obtaining a second computer file and second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
9. A software package encryption and decryption system comprises a software encryption terminal and a payment terminal, wherein the software encryption terminal comprises a third memory, a third processor and a third computer program which is stored on the third memory and can run on the third processor; the payment terminal comprises a fourth memory, a fourth processor and a fourth computer program stored on the fourth memory and executable on the fourth processor, wherein the third processor implements the following steps when executing the third computer program:
s1: obtaining a symmetric key;
s2: encrypting a preset software package according to the symmetric key to obtain an encrypted software package;
the S2 specifically includes:
acquiring a software package transmitted by external storage equipment;
presetting description information, wherein the description information comprises a first domain and a second domain;
generating a key serial number;
writing the key sequence number into a first field of the description information;
generating a first encryption key through a DUKPT algorithm according to the symmetric key and the key serial number; the first encryption key comprises a data encryption key and a MAC key;
encrypting the software package through the data encryption key to obtain first software ciphertext data;
calculating a hash value of the first software ciphertext data through a hash algorithm to obtain a first hash value;
encrypting the first hash value through the MAC key to obtain first hash value encryption information;
writing the first hash value encryption information into a second field in the description information;
storing the description information to obtain a first computer file;
obtaining an encrypted software package according to the first computer file and the first software ciphertext data;
s3: uploading the encrypted software package to a server;
the fourth processor, when executing the fourth computer program, implements the steps of:
s4: downloading an encrypted software package from a server;
s5: according to the symmetric key led into the payment terminal, the payment terminal decrypts the encrypted software package to obtain a software package;
the S5 specifically includes:
obtaining a second computer file and second software ciphertext data according to the encryption software package;
calculating a hash value of the second software ciphertext data through a hash algorithm to obtain a second hash value;
extracting information of a first domain and a second domain in the second computer file to obtain a first key serial number and second hash value encryption information;
generating a first data encryption key and a first MAC key through a DUKPT algorithm according to the first key serial number and the symmetric key;
decrypting the second hash value encryption information according to the first MAC key to obtain a third hash value;
judging whether the second hash value and the third hash value are the same;
if not, the output decryption fails;
and otherwise, decrypting the second software ciphertext data through the first data encryption key to obtain the software package.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/072556 WO2019136736A1 (en) | 2018-01-15 | 2018-01-15 | Software encryption terminal, payment terminal, and software package encryption and decryption method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108235807A CN108235807A (en) | 2018-06-29 |
CN108235807B true CN108235807B (en) | 2020-08-04 |
Family
ID=62657714
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880000009.9A Active CN108235807B (en) | 2018-01-15 | 2018-01-15 | Software encryption terminal, payment terminal, software package encryption and decryption method and system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108235807B (en) |
WO (1) | WO2019136736A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115147967B (en) * | 2022-06-02 | 2023-12-15 | 福建新大陆通信科技股份有限公司 | Information verification method and system based on CTID and super SIM card |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217363A (en) * | 2007-12-28 | 2008-07-09 | 北京深思洛克数据保护中心 | A remote upgrading method realized by shared secret key |
CN103746800A (en) * | 2013-03-15 | 2014-04-23 | 福建联迪商用设备有限公司 | TMK (terminal master key) safe downloading method and system |
CN106533663A (en) * | 2016-11-01 | 2017-03-22 | 广东浪潮大数据研究有限公司 | Data encryption method, encryption party device, data decryption method, and decryption party device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US8479008B2 (en) * | 2010-12-15 | 2013-07-02 | Microsoft Corporation | Providing security services on the cloud |
US9418229B2 (en) * | 2013-10-28 | 2016-08-16 | Disney Enterprises, Inc. | Firmware security |
CN105656859B (en) * | 2014-11-18 | 2020-08-11 | 航天信息股份有限公司 | Tax control equipment software safety online upgrading method and system |
CN107026830A (en) * | 2016-02-02 | 2017-08-08 | 上海格尔软件股份有限公司 | The safety method that a kind of application program is upgraded automatically |
-
2018
- 2018-01-15 CN CN201880000009.9A patent/CN108235807B/en active Active
- 2018-01-15 WO PCT/CN2018/072556 patent/WO2019136736A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217363A (en) * | 2007-12-28 | 2008-07-09 | 北京深思洛克数据保护中心 | A remote upgrading method realized by shared secret key |
CN103746800A (en) * | 2013-03-15 | 2014-04-23 | 福建联迪商用设备有限公司 | TMK (terminal master key) safe downloading method and system |
CN106533663A (en) * | 2016-11-01 | 2017-03-22 | 广东浪潮大数据研究有限公司 | Data encryption method, encryption party device, data decryption method, and decryption party device |
Non-Patent Citations (1)
Title |
---|
一种改进DUKPT密钥管理系统的单片机设计;陈章余;《电子器件》;20150430;第38卷(第02期);386-391 * |
Also Published As
Publication number | Publication date |
---|---|
CN108235807A (en) | 2018-06-29 |
WO2019136736A1 (en) | 2019-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107566407B (en) | Bidirectional authentication data secure transmission and storage method based on USBKey | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
CN108512846B (en) | Bidirectional authentication method and device between terminal and server | |
Biham et al. | Rogue7: Rogue engineering-station attacks on s7 simatic plcs | |
CN108377190B (en) | Authentication equipment and working method thereof | |
KR100670005B1 (en) | Apparatus for verifying memory integrity remotely for mobile platform and system thereof and method for verifying integrity | |
CN101350718B (en) | Method for protecting play content authority range base on user identification module | |
KR101753859B1 (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
CN102595213B (en) | Security certificate method and system of credible TV terminal | |
CN108768963B (en) | Communication method and system of trusted application and secure element | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
CN110971593B (en) | Database secure network access method | |
CN107944234B (en) | Machine refreshing control method for Android equipment | |
CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
CN111143856A (en) | PLC remote firmware upgrading system and method | |
CN105872848A (en) | Credible two-way authentication method applicable to asymmetric resource environment | |
CN108777673B (en) | Bidirectional identity authentication method in block chain | |
CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
CN111124453B (en) | Method for upgrading firmware program of terminal equipment | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
CN107968764B (en) | Authentication method and device | |
EP3292654A1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
CN108235807B (en) | Software encryption terminal, payment terminal, software package encryption and decryption method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |