CN108496336A - A kind of method and POS terminal of transmission key - Google Patents
A kind of method and POS terminal of transmission key Download PDFInfo
- Publication number
- CN108496336A CN108496336A CN201880000197.5A CN201880000197A CN108496336A CN 108496336 A CN108496336 A CN 108496336A CN 201880000197 A CN201880000197 A CN 201880000197A CN 108496336 A CN108496336 A CN 108496336A
- Authority
- CN
- China
- Prior art keywords
- key
- pos terminal
- working
- recipient
- obtains
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Abstract
The present invention relates to data security arts more particularly to the methods and POS terminal of a kind of transmission key.The present invention obtains the first protection key corresponding with sender by a POS terminal;One POS terminal obtains the second protection key corresponding with recipient;One POS terminal protects first working key ciphertext of the secret key decryption from described sender according to described first, obtains working key in plain text;One POS terminal protects key to encrypt the working key in plain text according to described second, obtains the second working key ciphertext;One POS terminal sends the second working key ciphertext to the recipient.Realize the convenience for improving setting for the protection key of safe transmission working key.
Description
Technical field
The present invention relates to data security arts more particularly to the methods and POS terminal of a kind of transmission key.
Background technology
In financial transaction system, in order to transmit working key, both parties usually require to negotiate protection key, also known as
Zone master key (ZMK).Wherein, protection key between sender and recipient for safely transmitting working key.Currently,
In order to ensure the safety of ZMK, it is common practice to which then the component of each one ZMK of self-generating of both parties arranges specially
The safe house of key administrator to other side are respectively completed key injection.Or 2 key components are generated by a side, then arrive other side
Key injection is carried out in the hardware security module (HSM) of safe house.
Above-mentioned common protection key agreement mode is required for operating personnel's walk curstomer's site to complete protection key note
Enter.It needs to trust the security management and control flow of other side each other in injection protection cipher key processes, and during subsequent transaction, if there is
When protecting key inconsistence problems, relatively complicated confirmation flow is needed, human cost expense is big, and it is numerous to develop debugging flow
It is trivial.For POS terminal manufacturer, using the above scheme, the protection key for managing multiple clients is needed, to meet different clients
Different demands for security needs the safety devices of higher level and special key management team to carry out O&M, increases and set
The operation cost of standby manufacturer.
Invention content
The technical problem to be solved by the present invention is to:How setting protection key for safe transmission working key is improved
Convenience.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
The present invention provides a kind of method of transmission key, including:
S1, a POS terminal obtain the first protection key corresponding with sender;
S2, a POS terminal obtain the second protection key corresponding with recipient;
S3, a POS terminal protect first working key of the secret key decryption from described sender according to described first
Ciphertext obtains working key in plain text;
S4, a POS terminal protect key to encrypt the working key in plain text according to described second, obtain the second work
Key ciphertext;
S5, a POS terminal send the second working key ciphertext to the recipient.
The present invention also provides a kind of POS terminal, including one or more processors and memory, the memory is stored with
Program, and be configured to execute following steps by one or more of processors:
S1, acquisition the first protection key corresponding with sender;
S2, acquisition the second protection key corresponding with recipient;
S3, first working key ciphertext of the secret key decryption from described sender is protected according to described first, obtains work
Key plain;
S4, it protects key to encrypt the working key in plain text according to described second, obtains the second working key ciphertext;
S5, the second working key ciphertext is sent to the recipient.
The beneficial effects of the present invention are:POS terminal has the security module Jing Guo safety certification, also has attack detecting
With the self-destructed characteristic of cipher key attacks, the present invention is forwarded to using a POS terminal as by the working key of sender in recipient
Being situated between has higher safety.Sender is by way of safety toward POS terminal injection the first protection key so that work
Making key can safely transmit between sender and a POS terminal.Hereafter, sender can be by a POS terminal
Recipient is delivered in a manner of other physical transportations such as mailing, recipient is injected by way of safety toward a POS terminal
Second protection key.One POS terminal uses the first protection key after the working key ciphertext for receiving sender's transmission
Obtain working key in plain text, and in plain text using the second protection key cryptographic work key so that working key can be in a POS
Safe transmission between terminal and recipient, and recipient can obtain working key in plain text according to the second protection key.Wherein, exist
Conversion is encrypted in the safety zone of POS terminal has higher safety.Being different from the prior art sender and need to connect
After debit consults protection key, then it is close in the injection protection of the safe house of sender and recipient respectively by key management personnel
Key, in the present invention sender and recipient without negotiating protection key, respectively use the protection key of itself ensure can with it is described
Working key, therefore the method and POS terminal of transmission key provided by the present invention are safely transmitted between one POS terminal
Negotiate protection key between sender and recipient without special key administrator, and the POS terminal as intermediary has
Higher safety, in protecting cipher key processes in injection, the security management and control mechanism loophole of other side's safe house is to protection
The influence of key safety has higher convenience and safety.In addition, sender is not necessarily to manage the protection of different recipients
Key, recipient can replace the second protection key to improve the safety of working key transmission at any time as needed.
Description of the drawings
Fig. 1 is a kind of flow diagram of the specific implementation mode of the method for transmission key provided by the invention;
Fig. 2 is a kind of structure diagram of the specific implementation mode of POS terminal provided by the invention;
Label declaration:
1, processor;2, memory.
Specific implementation mode
The technical concept of most critical of the present invention is:The present invention turns using a POS terminal as by the working key of sender
It is sent to the intermediary of recipient, and it is close by sender and recipient the protection of safety-oriented data transfer between POS terminal to be respectively set
Key improves convenience of the setting for the protection key of safe transmission working key.
Fig. 1 and Fig. 2 is please referred to,
As shown in Figure 1, the present invention provides a kind of method of transmission key, including:
S1, a POS terminal obtain the first protection key corresponding with sender;
S2, a POS terminal obtain the second protection key corresponding with recipient;
S3, a POS terminal protect first working key of the secret key decryption from described sender according to described first
Ciphertext obtains working key in plain text;
S4, a POS terminal protect key to encrypt the working key in plain text according to described second, obtain the second work
Key ciphertext;
S5, a POS terminal send the second working key ciphertext to the recipient.
Further, the S1 is specially:
LAN corresponding with described sender is added in one POS terminal;
One POS terminal receives the first protection key from described sender.
Seen from the above description, the first protection key is injected POS terminal by sender using safely transmission mode so that
Working key can be safely transmitted to POS terminal.
Further, the S2 is specially:
LAN corresponding with the recipient is added in one POS terminal;
One POS terminal receives the second protection key from the recipient.
Seen from the above description, the second protection key is injected POS terminal by recipient using safely transmission mode so that
Working key safely can be transmitted to recipient by POS terminal.
Further, the S3 is specially:
The first protection key includes first key component and the second key components;
One POS terminal obtains the first data message corresponding with the first working key ciphertext;
One POS terminal is obtained from described sender MAC value corresponding with first data message, obtains the
One MAC value;
One POS terminal carries out MAC operation according to the first key component to first data message, obtains the
Two MAC values;
When first MAC value is identical as second MAC value, a POS terminal is according to second key point
Amount decrypts the first working key ciphertext, obtains working key in plain text.
Seen from the above description, POS terminal is verified the integrality for verifying the data message that sender sends by MAC and can
Authentication property, the data message to prevent carrying working key in transmission process are tampered, and are conducive to improve transmission working key
Safety.
Further, the S4 is specially:
The second protection key includes the 4th key components;
One POS terminal encrypts the working key in plain text according to the 4th key components, and it is close to obtain the second work
Key ciphertext.
Further, the S5 is specially:
The second protection key further includes third key components;
One POS terminal generates the second data message corresponding with the second working key ciphertext;
One POS terminal carries out MAC operation according to the third key components to second data message, obtains the
Three MAC values;
One POS terminal sends second data message to the recipient;
One POS terminal sends the third MAC value to the recipient, so that the reception is according to the third
MAC value verifies the integrality of second data message.
Seen from the above description, POS terminal uses the third key components arranged in advance with recipient to calculate the second data
The MAC value of message so that recipient can be used third key components and verify the second data packet after receiving the second data message
The integrality and confirmability of text, the second data message to prevent carrying working key are tampered in transmission process, are conducive to
Improve the safety of transmission working key.
Further, further include:
One POS terminal carries out MAC operation using X9.19 algorithms.
Seen from the above description, in financial payment field, symmetric key algorithm generally uses X9.9 or X9.19 algorithms to carry out
MAC operation, and algorithm complexity highers of the X9.19 with respect to X9.9, the difficulty bigger being cracked are conducive to improve verify data report
The accuracy whether text is tampered.
Further, further include:
One POS terminal adds IP address corresponding with described sender;
One POS terminal adds IP address corresponding with the recipient.
Seen from the above description, make a POS terminal can be with sender by the IP address of sender and recipient
Communication connection is established between recipient with transmission data.
As shown in Fig. 2, the present invention also provides a kind of POS terminal, including one or more processors 1 and memory 2, it is described
Memory 2 has program stored therein, and is configured to execute following steps by one or more of processors 1:
S1, acquisition the first protection key corresponding with sender;
S2, acquisition the second protection key corresponding with recipient;
S3, first working key ciphertext of the secret key decryption from described sender is protected according to described first, obtains work
Key plain;
S4, it protects key to encrypt the working key in plain text according to described second, obtains the second working key ciphertext;
S5, the second working key ciphertext is sent to the recipient.
Further, the S1 is specially:
LAN corresponding with described sender is added;
Receive the first protection key from described sender.
Further, the S2 is specially:
LAN corresponding with the recipient is added;
Receive the second protection key from the recipient.
Further, the S3 is specially:
The first protection key includes first key component and the second key components;
Obtain the first data message corresponding with the first working key ciphertext;
It obtains from described sender MAC value corresponding with first data message, obtains the first MAC value;
MAC operation is carried out to first data message according to the first key component, obtains the second MAC value;
When first MAC value is identical as second MAC value, described first is decrypted according to second key components
Working key ciphertext obtains working key in plain text.
Further, the S4 is specially:
The second protection key includes the 4th key components;
The working key is encrypted according to the 4th key components in plain text, obtains the second working key ciphertext.
Further, the S5 is specially:
The second protection key further includes third key components;
Generate the second data message corresponding with the second working key ciphertext;
MAC operation is carried out to second data message according to the third key components, obtains third MAC value;
Second data message is sent to the recipient;
The third MAC value is sent to the recipient, so that described receive according to third MAC value verification described the
The integrality of two data messages.
Further, further include:
MAC operation is carried out using X9.19 algorithms.
Further, further include:
Addition IP address corresponding with described sender;
Addition IP address corresponding with the recipient.
The embodiment of the present invention one is:
The present embodiment provides a kind of methods of transmission key, including:
S1, a POS terminal obtain the first protection key corresponding with sender.Specially:
LAN corresponding with described sender is added in one POS terminal;One POS terminal, which receives, comes from the hair
First protection key of the side of sending.
S2, a POS terminal add IP address corresponding with described sender.
Wherein, POS manufacturers (sender) prepare key mother POS (POS terminal), and are injected separately into 2 keys point
Amount, key mother POS synthesizes the first final protection key PK1 in safety zone, and is stored in secure storage areas;Then setting is visited
Ask the IP address of vendor system.After ready, key mother POS is mailed to client.
S3, a POS terminal obtain the second protection key corresponding with recipient.Specially:
LAN corresponding with the recipient is added in one POS terminal;One POS terminal is received to be connect from described
The second protection key of debit.
S4, a POS terminal add IP address corresponding with the recipient.
Wherein, it after client (recipient) receives female POS, checks whether equipment is under attack and (checks whether POS appearances damage
Bad, if there is attack, the interfaces electrifying startup stepmother POS have apparent attack prompt messages), it is raw after confirming safety
At 2 key components, it is injected separately into female POS, key mother POS synthesizes the second final protection key PK2 in safety zone,
And it is stored in secure storage areas;Subsequent client needs the IP address that its reception cipher key system is arranged.
S5, a POS terminal protect first working key of the secret key decryption from described sender according to described first
Ciphertext obtains working key in plain text.Specially:
The first protection key includes first key component and the second key components;
One POS terminal obtains the first data message corresponding with the first working key ciphertext;
One POS terminal is obtained from described sender MAC value corresponding with first data message, obtains the
One MAC value;
One POS terminal carries out MAC operation according to the first key component to first data message, obtains the
Two MAC values;
When first MAC value is identical as second MAC value, a POS terminal is according to second key point
Amount decrypts the first working key ciphertext, obtains working key in plain text.
Wherein, PK1 is derived 2 keys, PK1_TEK (the second key components) and PK1_MAK (first by key mother POS
Key components), transaction request then is initiated to POS manufacturers, the key management system for being connected to POS manufacturers obtains working key,
PK1_TEK is used for cryptographic work key, it is ensured that the confidentiality of key;PK1_MAK is by using based on X9.19 algorithms data message
Calculate check value MAC, it is ensured that the integrality and confirmability of transaction message.
S6, a POS terminal protect key to encrypt the working key in plain text according to described second, obtain the second work
Key ciphertext.Specially:
The second protection key includes third key components and the 4th key components;
One POS terminal encrypts the working key in plain text according to the 4th key components, and it is close to obtain the second work
Key ciphertext.
S7, a POS terminal send the second working key ciphertext to the recipient.Specially:
One POS terminal generates the second data message corresponding with the second working key ciphertext;
One POS terminal carries out MAC operation according to the third key components to second data message, obtains the
Three MAC values;
One POS terminal sends second data message to the recipient;
One POS terminal sends the third MAC value to the recipient, so that the reception is according to the third
MAC value verifies the integrality of second data message.
Wherein, key mother POS derives PK2, obtains 2 key PK2_TEK (the 4th key components) and PK2_MAK
(third key components), and working key is switched into PK2_TEK encryptions by PK1_TEK encryptions in local safety zone, turn to add
Whether the check value for verifying working key during close simultaneously is correct, then calculates X9.19MAC values using PK2_MAK to message;
The key management that key mother POS will use transaction form that will be sent to client using the encrypted working key ciphertexts of PK2_TEK
System;The key management system of client in the same way, the integrality of key data that is received using PK2 verifications and true
Property, confirm and is stored in database after check value is errorless.
Optionally, MAC operation is carried out using X9.19 algorithms.
Seen from the above description, the present embodiment stores 2 protection keys, key mother POS difference by a key mother POS
Escape way is established with the both sides of transaction, key mother POS can transmit key automatically in this escape way, eliminate big
Partial manual operation, this be it is truly feasible, effectively.
The present embodiment has dedicated key to be protected in 3 stages of cipher key delivery.Key mother POS is from manufacturer
When key management system obtains key, protected using PK1, PK1 is the key (PK1 that mother POS injects in the form of key components in manufacturer
Belong to zone master key, should be generated and note by the form of at least two key components according to the management principle of zone master key
Enter);Working key turns encrypting stage, is carried out in the safety zone of key mother POS, and the attack self-destruction and strick precaution of POS itself is various
The characteristic of attack ensure that the safety in the stage;It is sent to the key management system stage of client on working key, uses client
Protection key PK2 encryption, PK2 is the protection key that client is injected into female POS in oneself location with component form.In key
In each stage stored and transmitted, it is satisfied by the requirement of safety, and is reduced to the full extent to the dependence to method, system.
The present embodiment calculates MAC using the MAK that PK1 and PK2 are derived to transaction message, ensures in data transmission procedure
Integrality and confirmability.To key part, also ensure that by the mode of keycheck value (Key Check Value, KCV)
The consistency of key.
The embodiment of the present invention two is:
The present embodiment provides a kind of POS terminals, including one or more processors 1 and memory 2, the memory 2 to deposit
Program is contained, and is configured to execute following steps by one or more of processors 1:
S1, acquisition the first protection key corresponding with sender.Specially:Local corresponding with described sender is added
Net;Receive the first protection key from described sender.
S2, addition IP address corresponding with described sender.
S3, acquisition the second protection key corresponding with recipient.Specially:Local corresponding with the recipient is added
Net;Receive the second protection key from the recipient.
S4, addition IP address corresponding with the recipient.
S5, first working key ciphertext of the secret key decryption from described sender is protected according to described first, obtains work
Key plain.Specially:
The first protection key includes first key component and the second key components;
Obtain the first data message corresponding with the first working key ciphertext;
It obtains from described sender MAC value corresponding with first data message, obtains the first MAC value;
MAC operation is carried out to first data message according to the first key component, obtains the second MAC value;
When first MAC value is identical as second MAC value, described first is decrypted according to second key components
Working key ciphertext obtains working key in plain text.
S6, it protects key to encrypt the working key in plain text according to described second, obtains the second working key ciphertext.Specifically
For:
The second protection key includes third key components and the 4th key components;
The working key is encrypted according to the 4th key components in plain text, obtains the second working key ciphertext.
S7, the second working key ciphertext is sent to the recipient.Specially:
Generate the second data message corresponding with the second working key ciphertext;
MAC operation is carried out to second data message according to the third key components, obtains third MAC value;
Second data message is sent to the recipient;
The third MAC value is sent to the recipient, so that described receive according to third MAC value verification described the
The integrality of two data messages.
Optionally, MAC operation is carried out using X9.19 algorithms.
In conclusion the method and POS terminal of a kind of transmission key provided by the invention, sender and reception in the present invention
Fang Wuxu negotiates protection key, respectively uses the protection key guarantee of itself that can safely be transmitted between a POS terminal
Working key, therefore the method for transmission key provided by the present invention and POS terminal exist without special key administrator
Between sender and recipient negotiate protection key, and as the POS terminal of intermediary have higher safety, without having to worry about
In injection protection cipher key processes, the security management and control mechanism loophole of other side's safe house to protecting the influence of key safety, have compared with
High convenience and safety.In addition, sender is not necessarily to manage the protection key of different recipients, recipient can as needed with
Shi Genghuan second protects key to improve the safety of working key transmission.Further, sender is using safely transmission side
First protection key is injected POS terminal by formula so that can working key be safely transmitted to POS terminal.Further, it receives
Safely the second protection key is injected POS terminal to Fang Caiyong by transmission mode so that POS terminal can safely pass working key
Transport to recipient.Further, POS terminal verifies the integrality for the data message that verification sender sends by MAC and can recognize
Card property, the data message to prevent carrying working key in transmission process are tampered, and are conducive to the peace for improving transmission working key
Quan Xing.Further, POS terminal uses the MAC for third key components the second data message of calculating arranged in advance with recipient
Value so that recipient can be used third key components and verify the complete of the second data packet text after receiving the second data message
Property and confirmability, to prevent carry working key the second data message be tampered in transmission process, be conducive to improve transmission
The safety of working key.Further, in financial payment field, symmetric key algorithm generally uses X9.9 or X9.19 algorithms
Progress MAC operation, and algorithm complexity highers of the X9.19 with respect to X9.9, the difficulty bigger being cracked, are conducive to improve verification number
The accuracy whether being tampered according to message.Further, a POS terminal is made by the IP address of sender and recipient
Communication connection can be established between sender and recipient with transmission data.
Claims (16)
1. a kind of method of transmission key, which is characterized in that including:
S1, a POS terminal obtain the first protection key corresponding with sender;
S2, a POS terminal obtain the second protection key corresponding with recipient;
S3, a POS terminal protect first working key ciphertext of the secret key decryption from described sender according to described first,
Obtain working key in plain text;
S4, a POS terminal protect key to encrypt the working key in plain text according to described second, obtain the second working key
Ciphertext;
S5, a POS terminal send the second working key ciphertext to the recipient.
2. the method for transmission key according to claim 1, which is characterized in that the S1 is specially:
LAN corresponding with described sender is added in one POS terminal;
One POS terminal receives the first protection key from described sender.
3. the method for transmission key according to claim 1, which is characterized in that the S2 is specially:
LAN corresponding with the recipient is added in one POS terminal;
One POS terminal receives the second protection key from the recipient.
4. the method for transmission key according to claim 1, which is characterized in that the S3 is specially:
The first protection key includes first key component and the second key components;
One POS terminal obtains the first data message corresponding with the first working key ciphertext;
One POS terminal is obtained from described sender MAC value corresponding with first data message, obtains first
MAC value;
One POS terminal carries out MAC operation according to the first key component to first data message, obtains second
MAC value;
When first MAC value is identical as second MAC value, a POS terminal is according to the second key components solution
The close first working key ciphertext obtains working key in plain text.
5. the method for transmission key according to claim 1, which is characterized in that the S4 is specially:
The second protection key includes the 4th key components;
One POS terminal encrypts the working key in plain text according to the 4th key components, and it is close to obtain the second working key
Text.
6. the method for transmission key according to claim 5, which is characterized in that the S5 is specially:
The second protection key further includes third key components;
One POS terminal generates the second data message corresponding with the second working key ciphertext;
One POS terminal carries out MAC operation according to the third key components to second data message, obtains third
MAC value;
One POS terminal sends second data message to the recipient;
One POS terminal sends the third MAC value to the recipient, so that the reception is according to the third MAC value
Verify the integrality of second data message.
7. the method for the transmission key according to claim 4 or 6, which is characterized in that further include:
One POS terminal carries out MAC operation using X9.19 algorithms.
8. the method for transmission key according to claim 1, which is characterized in that further include:
One POS terminal adds IP address corresponding with described sender;
One POS terminal adds IP address corresponding with the recipient.
9. a kind of POS terminal, which is characterized in that including one or more processors and memory, the memory is stored with journey
Sequence, and be configured to execute following steps by one or more of processors:
S1, acquisition the first protection key corresponding with sender;
S2, acquisition the second protection key corresponding with recipient;
S3, first working key ciphertext of the secret key decryption from described sender is protected according to described first, obtains working key
In plain text;
S4, it protects key to encrypt the working key in plain text according to described second, obtains the second working key ciphertext;
S5, the second working key ciphertext is sent to the recipient.
10. POS terminal according to claim 9, which is characterized in that the S1 is specially:
LAN corresponding with described sender is added;
Receive the first protection key from described sender.
11. POS terminal according to claim 9, which is characterized in that the S2 is specially:
LAN corresponding with the recipient is added;
Receive the second protection key from the recipient.
12. POS terminal according to claim 9, which is characterized in that the S3 is specially:
The first protection key includes first key component and the second key components;
Obtain the first data message corresponding with the first working key ciphertext;
It obtains from described sender MAC value corresponding with first data message, obtains the first MAC value;
MAC operation is carried out to first data message according to the first key component, obtains the second MAC value;
When first MAC value is identical as second MAC value, according to second key components decryption, first work
Key ciphertext obtains working key in plain text.
13. POS terminal according to claim 9, which is characterized in that the S4 is specially:
The second protection key includes the 4th key components;
The working key is encrypted according to the 4th key components in plain text, obtains the second working key ciphertext.
14. POS terminal according to claim 13, which is characterized in that the S5 is specially:
The second protection key further includes third key components;
Generate the second data message corresponding with the second working key ciphertext;
MAC operation is carried out to second data message according to the third key components, obtains third MAC value;
Second data message is sent to the recipient;
The third MAC value is sent to the recipient, so that described receive according to third MAC value verification second number
According to the integrality of message.
15. the POS terminal according to claim 12 or 14, which is characterized in that further include:
MAC operation is carried out using X9.19 algorithms.
16. POS terminal according to claim 9, which is characterized in that further include:
Addition IP address corresponding with described sender;
Addition IP address corresponding with the recipient.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2018/079727 WO2019178760A1 (en) | 2018-03-21 | 2018-03-21 | Method for transmitting key and pos terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108496336A true CN108496336A (en) | 2018-09-04 |
Family
ID=63343455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201880000197.5A Pending CN108496336A (en) | 2018-03-21 | 2018-03-21 | A kind of method and POS terminal of transmission key |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108496336A (en) |
| WO (1) | WO2019178760A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109792380A (en) * | 2018-12-27 | 2019-05-21 | 福建联迪商用设备有限公司 | A kind of method, terminal and system for transmitting key |
| CN110795743A (en) * | 2019-09-12 | 2020-02-14 | 连连银通电子支付有限公司 | Data writing, reading and encrypting method and device and data transmission system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039728A (en) * | 2021-12-24 | 2022-02-11 | 中电长城(长沙)信息技术有限公司 | Message encryption and decryption method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752309A (en) * | 2005-04-22 | 2012-10-24 | 汤姆森特许公司 | Method for performing safety anonymous accessing on wireless local area network by mobile equipment |
| CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
| CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
| CN105978856A (en) * | 2016-04-18 | 2016-09-28 | 随行付支付有限公司 | POS (point of sale) machine key downloading method, device and system |
| CN107070653A (en) * | 2017-05-05 | 2017-08-18 | 长沙卡友信息服务股份有限公司 | A kind of POS transaction encryptions system, method, POSP front servers and POS terminal |
| CN107733639A (en) * | 2017-08-24 | 2018-02-23 | 上海壹账通金融科技有限公司 | Key management method, device and readable storage medium storing program for executing |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060093149A1 (en) * | 2004-10-30 | 2006-05-04 | Shera International Ltd. | Certified deployment of applications on terminals |
| CN101841809B (en) * | 2010-03-31 | 2013-04-03 | 候万春 | Mobile phone terminal supporting simulated POS transactions and system |
| CN106357394A (en) * | 2016-08-29 | 2017-01-25 | 福建新大陆支付技术有限公司 | Secure method of filling key for Parent POS |
-
2018
- 2018-03-21 WO PCT/CN2018/079727 patent/WO2019178760A1/en active Application Filing
- 2018-03-21 CN CN201880000197.5A patent/CN108496336A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752309A (en) * | 2005-04-22 | 2012-10-24 | 汤姆森特许公司 | Method for performing safety anonymous accessing on wireless local area network by mobile equipment |
| CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
| CN105978856A (en) * | 2016-04-18 | 2016-09-28 | 随行付支付有限公司 | POS (point of sale) machine key downloading method, device and system |
| CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
| CN107070653A (en) * | 2017-05-05 | 2017-08-18 | 长沙卡友信息服务股份有限公司 | A kind of POS transaction encryptions system, method, POSP front servers and POS terminal |
| CN107733639A (en) * | 2017-08-24 | 2018-02-23 | 上海壹账通金融科技有限公司 | Key management method, device and readable storage medium storing program for executing |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109792380A (en) * | 2018-12-27 | 2019-05-21 | 福建联迪商用设备有限公司 | A kind of method, terminal and system for transmitting key |
| CN109792380B (en) * | 2018-12-27 | 2022-08-16 | 福建联迪商用设备有限公司 | Method, terminal and system for transmitting secret key |
| CN110795743A (en) * | 2019-09-12 | 2020-02-14 | 连连银通电子支付有限公司 | Data writing, reading and encrypting method and device and data transmission system |
| CN110795743B (en) * | 2019-09-12 | 2022-03-25 | 连连银通电子支付有限公司 | Data writing, reading and encrypting method and device and data transmission system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019178760A1 (en) | 2019-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109728909B (en) | Identity authentication method and system based on USBKey | |
| CN109309565B (en) | Security authentication method and device | |
| CN103716167B (en) | Method and device for safely collecting and distributing transmission keys | |
| US9686072B2 (en) | Storing a key in a remote security module | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN108768930A (en) | A kind of encrypted transmission method of data | |
| JP2010522488A (en) | Secure electronic messaging system requiring key retrieval to distribute decryption key | |
| CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
| CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
| CN113346995B (en) | Method and system for preventing falsification in mail transmission process based on quantum security key | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| CN113452687B (en) | Method and system for encrypting sent mail based on quantum security key | |
| CN106712939A (en) | Offline key transmission method and device | |
| CN108496336A (en) | A kind of method and POS terminal of transmission key | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| CN113507372A (en) | Bidirectional authentication method for interface request | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
| CN108551391A (en) | A kind of authentication method based on USB-key | |
| CN109792380B (en) | Method, terminal and system for transmitting secret key | |
| CN113438074B (en) | Decryption method of received mail based on quantum security key | |
| CN104579692A (en) | Information processing method on basis of intelligent card | |
| CN108809656A (en) | A kind of Key Exchange Protocol building method based on double authentication protection signature | |
| CN105049433A (en) | Identified card number information transmission verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180904 |
|
| RJ01 | Rejection of invention patent application after publication |