CN109523258A - POS client public key safety certifying method, device and terminal device - Google Patents
POS client public key safety certifying method, device and terminal device Download PDFInfo
- Publication number
- CN109523258A CN109523258A CN201811277096.0A CN201811277096A CN109523258A CN 109523258 A CN109523258 A CN 109523258A CN 201811277096 A CN201811277096 A CN 201811277096A CN 109523258 A CN109523258 A CN 109523258A
- Authority
- CN
- China
- Prior art keywords
- key
- public key
- client public
- ciphertext
- fuse region
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The present invention is suitable for terminal processing techniques field, provides a kind of POS client public key safety certifying method, device and terminal device.This method comprises: generating first key at random when firmware is run for the first time;Client public key is downloaded, the first ciphertext is generated according to the first key and the client public key;It is whether correct according to client public key described in the first key, first cryptogram validation when downloading application program.The key pair client public key encryption that the present invention is generated using terminal oneself effectively avoids terminal from being modified by unauthorized person and cuts machine event caused by client public key, to prevent the other illegal payment programs of terminal operating, improves the safety of terminal.
Description
Technical field
The invention belongs to terminal processing techniques field more particularly to a kind of POS client public key safety certifying method, device and
Terminal device.
Background technique
POS (Point Of Sale, point-of-sale terminal) rents or is provided freely to quotient generally by the purchase of payment company
Family, payment company collect payment procedure expense.Since the development of domestic Third-party payment is more and swifter and more violent, competition is more and more fierce, very
More Third-party payment companies can guide the payment of trade company's Hacking Run oneself on POS by providing relatively favorable service charge
Application program is got some advantage from it, and the interests of client itself are destroyed.In the prior art, for POS there are still machine loophole is cut, safety is not high
The problem of.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of POS client public key safety certifying method, device and terminals to set
Standby, to solve, there are still cut machine loophole, the not high problem of safety by POS in the prior art.
The first aspect of the embodiment of the present invention provides a kind of POS client public key safety certifying method, comprising:
When firmware is run for the first time, first key is generated at random;
Client public key is downloaded, the first ciphertext is generated according to the first key and the client public key;
When downloading application program, whether just according to client public key described in the first key, first cryptogram validation
Really.
Optionally, the random generation first key, comprising:
The fuse region of central processing unit is accessed, and judges the fuse region with the presence or absence of data;
In the fuse region there are when data, the first key is set by the data of the fuse region;
It is random to generate first key and the fuse region is written when data are not present in the fuse region.
It is optionally, described that first ciphertext is generated according to the first key and the client public key, comprising:
The client public key is stored in the area Flash of the central processing unit;
The first key of the fuse region is obtained, and public according to the user of the first key to the area Flash
Key is encrypted, and the first ciphertext is generated;
First ciphertext is stored in the area Flash.
Optionally, described when downloading application program, according to user described in the first key, first cryptogram validation
Whether public key is correct, comprising:
When downloading application program, read the fuse region the first key and the area Flash described first
Ciphertext;
First ciphertext is decrypted according to the first key, obtains the first HASH (Hash) value;
The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;
Judge whether the first HASH value and the 2nd HASH value meet preset condition, institute is verified according to judging result
Whether correct state client public key.
The second aspect of the embodiment of the present invention provides a kind of client public key safety certification device, comprising:
Key production module, for generating first key at random when firmware is run for the first time;
Ciphertext generation module generates first according to the first key and the client public key for downloading client public key
Ciphertext;
Public key verifications module is used for when downloading application program, according under the first key, first cryptogram validation
Whether the client public key carried is correct.
Optionally, the key production module is specifically used for:
The fuse region of central processing unit is accessed, and judges the fuse region with the presence or absence of data;
In the fuse region there are when data, the first key is set by the data of the fuse region;
It is random to generate first key and the fuse region is written when data are not present in the fuse region.
Optionally, the ciphertext generation module is specifically used for:
The client public key is stored in the area Flash of the central processing unit;
The first key of the fuse region is obtained, and public according to the user of the first key to the area Flash
Key carries out encryption and generates the first ciphertext;
First ciphertext is stored in the area Flash.
Optionally, the public key verifications module is specifically used for:
When downloading application program, read the fuse region the first key and the area Flash described first
Ciphertext;
First ciphertext is decrypted according to the first key, obtains the first Hash HASH value;
The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;
Judge whether the first HASH value and the 2nd HASH value meet preset condition, institute is verified according to judging result
Whether correct state client public key.
The third aspect of the embodiment of the present invention provides a kind of terminal device, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, when the processor executes the computer program
It realizes as described in any of the above-described the step of POS client public key safety certifying method.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Medium storing computer program realizes that POS user is public as described in any of the above-described when the computer program is executed by processor
The step of key safety certifying method.
Existing beneficial effect is the embodiment of the present invention compared with prior art: random raw when firmware is run for the first time
At first key, i.e., key is generated using terminal oneself, reduce the complex operations of external injection key, while generating key
Randomness can prevent unauthorized person from looking for the rule for generating first key, and then terminal is avoided to modify user by unauthorized person
Machine event is cut caused by public key;Client public key is downloaded, the first ciphertext is generated according to the first key and the client public key,
It is whether correct according to client public key described in the first key, first cryptogram validation when downloading application program, i.e., to user
Public key is encrypted, and effectively avoids terminal from cutting machine event caused by unauthorized person modifications or substitutions client public key, to prevent
The other unauthorized applications of terminal operating improve the safety of terminal payment.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of POS client public key safety certifying method provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow schematic diagram of Fig. 1 step S101;
Fig. 3 is the specific implementation flow schematic diagram of Fig. 1 step S102;
Fig. 4 is the specific implementation flow schematic diagram of Fig. 1 step S103;
Fig. 5 is the structural schematic diagram of client public key safety certification device provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Embodiment one
Referring to Fig. 1, one embodiment implementation process schematic diagram of POS client public key safety certifying method is provided, is applicable in
In POS, the POS may include firmware and central processing unit (Central Processing Unit, central processing unit).
Details are as follows for one implementation process of POS client public key safety certifying method:
Step S101 generates first key when firmware is run for the first time at random.
For the safety of POS, before downloading application program, need to carry out the legitimacy of application program to be downloaded
Verifying only allows to download the application file authorized and is installed.Under application file refers to that installation application program needs
The file of load.User needs the application authorized using Encryption Algorithm to oneself for the application file for marking oneself to authorize
Program file is encrypted.For the Encryption Algorithm generally used for asymmetrical encryption algorithm, asymmetrical encryption algorithm includes public key
(PUK, Public key) and private key (PVK, Private key), wherein public key and private key are pairs of, for example, being added with private key
Close content can only use corresponding public key decryptions, similarly, if it is with the content of public key encryption can only with corresponding private key into
Row decryption.
When downloading application program, needs first to be signed with private key, after signature verification passes through, client public key is downloaded to
On POS, then client public key is encrypted, when downloading application program in this way, first verifies the safety of client public key, Yong Hugong
After key is verified, verifying signature is carried out to application program using client public key, only verifying signs successful application program
Can download on POS and run, i.e., guarantee client public key safety simultaneously, ensure that the safety of application program.
Specifically, firmware can generate first key when running first time at random.Illustratively, firmware is run for the first time
When, the hardware random number module in POS can be used and generate 16 byte random numbers, which can be close for 3DES
Key.Encryption key of the 3DES key as client public key, and encryption key is generated at random by POS oneself, it is possible to reduce outside note
Enter the complex operations of key, while preventing unauthorized person from looking for the rule for generating key, further increases the safety of public key verifications
Property.
In one embodiment, referring to fig. 2, the specific implementation flow packet of first key is generated described in step S101 at random
It includes:
Step S201, accesses the fuse region of central processing unit, and judges the fuse region with the presence or absence of data.
Wherein, central processing unit (CPU) may include fuse region and the area Flash.Wherein, the area fuse (fuse) is disposable
Program writing area, it is subsequent not allow to modify.
When firmware is run for the first time, the fuse region of central processing unit is accessed, and judges that the fuse region whether there is data,
Check the fuse region with the presence or absence of first key.
Step S202 sets the first key for the data of the fuse region in the fuse region there are when data.
Step S203, it is random to generate first key and the fuse region is written when data are not present in the fuse region.
Illustratively, when data are not present in the fuse region, the hardware random number module that can be used in POS generates 16
Simultaneously fuse region is written in byte random number, which is encrypted as 3DES key pair client public key, later every time
Firmware directly reads the 16 byte random number from fuse region when running, and public key is encrypted or decrypted.Wherein, 3DES is
The common name of triple data encryption algorithm block encryptions is equivalent to client public key using des encryption algorithm three times, to guarantee user's public affairs
The safety of key.
Step S102 downloads client public key, generates the first ciphertext according to the first key and the client public key.
In practical application, as long as modifications or substitutions client public key, so that it may download unauthorized applications, run POS
Unauthorized applications, to get some advantage from it, so protection client public key is particularly significant.Specifically, in the present embodiment, in user's public affairs
After the signature verification of key passes through, client public key is encrypted according to first key, obtains the first ciphertext, is i.e. client public key is close
Text prevents unauthorized person from modifying client public key.When verifying client public key, also need according to first key by decipherment algorithm to
Family public key cryptography is decrypted, the client public key HASH value (the first HASH value) after being decrypted, and then calculates Flash Qu Shangbao
The client public key HASH value (the 2nd HASH value) deposited, two client public key HASH values are that client public key is verified if they are the same,
The client public key is correct, then verifies application program using the client public key, that is, completes the downloading of application program.
Illustratively, it is encrypted using 3DES key pair client public key, obtains the first ciphertext.
In one embodiment, referring to Fig. 3, client public key is downloaded described in step S102, according to the first key and institute
State client public key generate the first ciphertext specific implementation flow include:
The client public key is stored in the area Flash of the central processing unit by step S301.
Wherein, the area Flash data when central processing unit powers off or terminal powers off will not lose, so by user
Public key is stored in the area Flash, prevents from restarting loss of data after terminal.
Step S302 obtains the first key of the fuse region, and according to the first key to the institute in the area Flash
It states client public key to be encrypted, generates the first ciphertext.
First ciphertext is stored in the area Flash by step S303.
Step S103, when downloading application program, according to the public affairs of user described in the first key, first cryptogram validation
Whether key is correct.
Illustratively, it after client A buys POS from businessman, is carried out first using public key of the private key of businessman to client A
Signature, then by the downloading public key of client A into POS, at this point, effective public key in POS terminal just switches from the public key of businessman
At the public key of client A.Why first to be signed using public key of the private key of businessman to client A, be in order to prevent without
The client of businessman's authorization is by the downloading public key of oneself into POS machine.
Wherein, the public key of businessman has been stored in advance in POS machine, instantly when the public key of carrying family A, using the public key pair of businessman
The public key of client A carries out signature verification, is verified, and downloads the public key of client A, after downloading successfully, according to giving birth at random in POS
At first key the public key of client A is encrypted to obtain the first ciphertext, when downloading applications into the POS, according to
The first ciphertext is decrypted in first key, and whether the client public key according to the client public key verifying downloading after decryption is correct, example
Such as, the client public key (public key for being stored in the client A in the area FLASH) when verifying downloading application program is with the client A's after decryption
Whether public key matches, if mismatching, illustrates that the public key of client A when currently downloading application program belongs to illegally, is tampered, this
When then refuse to download application program, client A can also be notified POS depot repair, if matching, illustrates current client's A public key
Correctly, allow to download the application program.
When client A will develop the next stage proxy client B of oneself, then visitor is acted on behalf of to next stage using the private key of client A
The public key of family B is signed, then by the downloading public key of client B into POS, similarly, after downloading successfully, according in POS with
The first key that machine generates encrypts the public key of client B to obtain the first ciphertext, when downloading applications into the POS,
Whether the public key according to the first ciphertext and the client B of first key verifying downloading is correct, i.e., only correct in the public key of client B
When, authorized applications download in the POS.
In one embodiment, when downloading application program, when obtaining less than client public key, illustrate that the application program does not have
It is encrypted after accordingly, belongs to illegal application program, directly refusal downloads the application file.
In one embodiment, referring to fig. 4, described in step S103 when downloading application program, according to the first key,
The whether correct specific implementation flow of client public key described in first cryptogram validation includes:
Step S401, when downloading the application program, read the fuse region the first key and the Flash
First ciphertext in area.
Step S402 is decrypted first ciphertext according to the first key, obtains the first HASH value.
Hash algorithm is the binary numeral that the binary numeral of random length is mapped as to shorter regular length, this
Short binary numeral is known as HASH value.HASH value is the unique and extremely compact numerical value representation of one piece of data, for one
For a character string even only changing a character in the character string, subsequent Hash will all generate different HASH values.
Specifically, first ciphertext is decrypted according to the first key, the client public key after being decrypted
HASH value is to get to the first HASH value.
Step S403 calculates the HASH value of the client public key in the area Flash, obtains the 2nd HASH value.
Step S404, judges whether the first HASH value and the 2nd HASH value meet preset condition, according to judgement
Whether client public key described in result verification is correct.
Specifically, the first HASH value and the 2nd HASH value are compared, if mismatching, illustrate described first
HASH value and the 2nd HASH value are unsatisfactory for preset condition, and it is incorrect to verify the client public key.
Illustratively, judge that the first HASH value and the 2nd HASH value are compared, verify the first HASH
Whether value and the 2nd HASH value match, if the first HASH value and the 2nd HASH value matching, verify the use
Family public key is correctly, then to verify application program using client public key, the application program is downloaded after being verified;If described
One HASH value and the 2nd HASH value mismatch, then verify the client public key be it is incorrect, i.e., apply journey downloading this
Client public key when sequence is illegally, directly by POS depot repair.
In one embodiment, common POS attack pattern may include: attacker by cracking first key, such as 3DES
Key regenerates client public key ciphertext (the first ciphertext) and the region Flash is written, and system is allow to pass through " PUK verifying stream
Journey ".In the present embodiment, since first key is that the random number generation module carried by CPU generates, first key ensure that
Truly random property, make attacker that can not find rule by big data analysis, thus first key generation be very safe.And
And key saves aspect, first key is stored in the fuse region inside CPU, and system does not provide the API of any operation fuse region
(Application Programming Interface, application programming interface), systematic difference layer does not have permission energy yet
It operates to fuse region, so the preservation of first key is very safe.In addition, 16 byte values can be used in terms of algorithm
Client public key is encrypted as first key, encryption intensity is high.It is calculated so being saved in first key encryption from first key
Method, attacker can not crack.
In one embodiment, common POS attack pattern can be with further include: attacker may attempt to the modification area Flash and save
Client public key so that unauthorized applications are verified.And in the present embodiment, with the first key generated at random to user
Public key is encrypted, and the first ciphertext is obtained, and it is corresponding can not to forge generation client public key due to not knowing first key by attacker
The first ciphertext, so it is last also due to the client public key (the first ciphertext) after client public key and the decryption of client public key ciphertext no
Matching, leads to client public key authentication failed.
In one embodiment, common POS attack pattern can be with further include: attacker may attempt to normal operation
In the data copy in the area Flash to the POS for needing to crack in POS, or the Flash in the POS for needing to crack directly is replaced,
In the present embodiment, since the first key of two POS is all randomly generated, it is identical a possibility that very little, then generated
One ciphertext also can be different, so even if the client public key of the POS of normal operation is put on the POS for needing to crack, illegal user
Public key still cannot pass through verifying.
In one embodiment, common POS attack pattern can be with further include: attacker may attempt to weld again one piece it is new
On CPU and Flash to the machine for needing to crack, make mechanical recovery to production status, it is public then to re-download a new user
Key generates new client public key ciphertext, and client public key and client public key ciphertext is saved in the area Flash simultaneously.But it is raw
The POS of occurrence state is unable to run common applications, it is necessary to which application program could be run by being switched to factory state.So although
Achieve the purpose that modify client public key in this way, but application program cannot be run, this POS attack method is
Invalid.
In the present embodiment, encrypting storing is carried out to PUK in such a way that a machine one is close, reduces answering for external injection key
Miscellaneous operation can effectively prevent PUK inside POS machine and be distorted by people and achieve the purpose that cut machine, improves the safety of POS machine
Property, it ensure that the interests of client.In addition, one key of a machine, even if this machine is cracked, other machines are also peace
Complete.
Above-mentioned POS client public key safety certifying method generates first key at random, that is, adopts when firmware is run for the first time
Key is generated with terminal oneself, reduces the complex operations of external injection key, while generating the randomness of key, can be prevented
Unauthorized person looks for the rule for generating first key, and then avoids terminal from being modified by unauthorized person and cut machine thing caused by client public key
Part;Client public key is downloaded, the first ciphertext is generated according to the first key and the client public key, when downloading application program,
It is whether correct according to client public key described in the first key, first cryptogram validation, i.e., client public key is encrypted, is had
Effect avoids terminal from cutting machine event caused by unauthorized person modifications or substitutions client public key, to prevent terminal operating other illegal
Application program improves the safety of terminal payment.
It will be understood by those skilled in the art that in above-described embodiment the size of the serial number of each step be not meant to execute it is suitable
Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention
Process constitutes any restriction.
Embodiment two
Corresponding to POS client public key safety certifying method described in above-described embodiment one, implementation of the present invention is shown in Fig. 5
The structural block diagram of client public key safety certification device in example two.For ease of description, portion related to the present embodiment is illustrated only
Point.
The device includes: key production module 110, ciphertext generation module 120 and public key verifications module 130.
Wherein, key production module 110 is used to generate first key at random when firmware is run for the first time.
Ciphertext generation module 120 generates for downloading client public key, according to the first key and the client public key
One ciphertext.
Public key verifications module 130 is used for when downloading application program, according to the first key, first cryptogram validation
Whether the client public key of downloading is correct.
In one embodiment, key production module 110 is specifically used for: accessing the fuse region of central processing unit, and judges institute
Fuse region is stated with the presence or absence of data;In the fuse region there are when data, described first is set by the data of the fuse region
Key;It is random to generate first key and the fuse region is written when data are not present in the fuse region.
In one embodiment, ciphertext generation module 120 is specifically used for: the client public key is stored in the central processing unit
The area Flash;The first key of the fuse region is obtained, and according to the first key to the user in the area Flash
Public key carries out encryption and generates the first ciphertext;First ciphertext is stored in the area Flash.
In one embodiment, public key verifications module 130 is specifically used for: when downloading application program, reading the fuse region
The first key and the area Flash first ciphertext;First ciphertext is carried out according to the first key
Decryption, obtains the first Hash HASH value;The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;
Judge whether the first HASH value and the 2nd HASH value meet preset condition, it is public to verify the user according to judging result
Whether key is correct.
Above-mentioned client public key safety certification device, key production module 110 generate the when firmware is run for the first time at random
One key generates key using terminal oneself, reduce the complex operations of external injection key, while generating the random of key
Property, it can prevent unauthorized person from looking for the rule for generating first key, and then terminal is avoided to modify client public key by unauthorized person
It is caused to cut machine event;Ciphertext generation module 120 downloads client public key, is generated according to the first key and the client public key
First ciphertext, then public key verifications module 130 is tested when downloading application program according to the first key, first ciphertext
It whether correct demonstrate,proves the client public key, i.e., client public key is encrypted, effectively avoid terminal by unauthorized person modifications or substitutions
Machine event is cut caused by client public key, to prevent the other unauthorized applications of terminal operating, improves the safety of terminal payment.
Embodiment three
Fig. 6 is the schematic diagram for the terminal device 100 that the embodiment of the present invention three provides.As shown in fig. 6, described in the embodiment
Terminal device 100 includes: processor 140, memory 150 and is stored in the memory 150 and can be in the processor
The computer program 151 run on 140, such as the program of POS client public key safety certifying method.The processor 140 is being held
The step in above-mentioned each POS client public key safety certifying method embodiment is realized when the row computer program 151, such as is schemed
Step S101 to S103 shown in 1.Alternatively, the processor 140 realizes above-mentioned each device when executing the computer program 151
The function of each module/unit in embodiment, such as the function of module 110 to 130 shown in Fig. 5.
Illustratively, the computer program 151 can be divided into one or more module/units, it is one or
Multiple module/the units of person are stored in the memory 150, and are executed by the processor 140, to complete the present invention.Institute
Stating one or more module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment
For describing implementation procedure of the computer program 151 in the terminal device 100.For example, the computer program 151
Key production module, ciphertext generation module and public key verifications module can be divided into, each module concrete function is as follows:
Key production module is used to generate first key at random when firmware is run for the first time.
Ciphertext generation module is close according to the first key and client public key generation first for downloading client public key
Text.
Public key verifications module is used for when downloading application program, according under the first key, first cryptogram validation
Whether the client public key carried is correct.
In one embodiment, the key production module is specifically used for: accessing the fuse region of central processing unit, and judges institute
Fuse region is stated with the presence or absence of data;In the fuse region there are when data, described first is set by the data of the fuse region
Key;It is random to generate first key and the fuse region is written when data are not present in the fuse region.
In one embodiment, the ciphertext generation module is specifically used for: the client public key is stored in the central processing
The area Flash of device;The first key of the fuse region is obtained, and according to the first key to the use in the area Flash
Family public key carries out encryption and generates the first ciphertext;First ciphertext is stored in the area Flash.
In one embodiment, public key verifications module is specifically used for: when downloading application program, reading the institute of the fuse region
State first ciphertext in first key and the area Flash;First ciphertext is decrypted according to the first key,
Obtain the first Hash HASH value;The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;Judgement
Whether the first HASH value and the 2nd HASH value meet preset condition, and verifying the client public key according to judging result is
It is no correct.
The terminal device 100 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The terminal device 100 may include, but be not limited only to processor 140, memory 150.Those skilled in the art can manage
Solution, Fig. 6 is only the example of terminal device 100, does not constitute the restriction to terminal device 100, may include more than illustrating
Or less component, certain components or different components are perhaps combined, such as terminal device 100 can also include that input is defeated
Equipment, network access equipment, bus etc. out.
Alleged processor 140 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 150 can be the internal storage unit of terminal device 100, for example, terminal device 100 hard disk or
Memory.What the memory 150 was also possible to be equipped on the External memory equipment of terminal device 100, such as terminal device 100 inserts
Connect formula hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash memory
Block (Flash Card) etc..Further, the memory 150 can also both include the internal storage unit of terminal device 100
It also include External memory equipment.The memory 150 is for storing needed for the computer program and terminal device 100 it
His program and data.The memory 150 can be also used for temporarily storing the data that has exported or will export.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
It may include: any entity or system, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code
Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice
Subtract, such as does not include electric carrier signal and electricity according to legislation and patent practice, computer-readable medium in certain jurisdictions
Believe signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
Including within protection scope of the present invention.
Claims (10)
1. a kind of POS client public key safety certifying method characterized by comprising
When firmware is run for the first time, first key is generated at random;
Client public key is downloaded, the first ciphertext is generated according to the first key and the client public key;
It is whether correct according to client public key described in the first key, first cryptogram validation when downloading application program.
2. POS client public key safety certifying method as described in claim 1, which is characterized in that the random generation first is close
Key, comprising:
The fuse region of central processing unit is accessed, and judges the fuse region with the presence or absence of data;
In the fuse region there are when data, the first key is set by the data of the fuse region;
It is random to generate first key and the fuse region is written when data are not present in the fuse region.
3. POS client public key safety certifying method as claimed in claim 2, which is characterized in that described close according to described first
Key and the client public key generate the first ciphertext, comprising:
The client public key is stored in the area Flash of the central processing unit;
Obtain the first key of the fuse region, and according to the first key to the client public key in the area Flash into
Row encryption, generates the first ciphertext;
First ciphertext is stored in the area Flash.
4. POS client public key safety certifying method as claimed in claim 3, which is characterized in that described in downloading application program
When, it is whether correct according to client public key described in the first key, first cryptogram validation, comprising:
When downloading application program, the first key of the fuse region and first ciphertext in the area Flash are read;
First ciphertext is decrypted according to the first key, obtains the first Hash HASH value;
The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;
Judge whether the first HASH value and the 2nd HASH value meet preset condition, the use is verified according to judging result
Whether family public key is correct.
5. a kind of client public key safety certification device characterized by comprising
Key production module, for generating first key at random when firmware is run for the first time;
Ciphertext generation module generates the first ciphertext according to the first key and the client public key for downloading client public key;
Public key verifications module, for being downloaded according to the first key, first cryptogram validation when downloading application program
Whether the client public key is correct.
6. client public key safety certification device as claimed in claim 5, which is characterized in that the key production module is specifically used
In:
The fuse region of central processing unit is accessed, and judges the fuse region with the presence or absence of data;
In the fuse region there are when data, the first key is set by the data of the fuse region;
It is random to generate first key and the fuse region is written when data are not present in the fuse region.
7. client public key safety certification device as claimed in claim 6, which is characterized in that the ciphertext generation module is specifically used
In:
The client public key is stored in the area Flash of the central processing unit;
Obtain the first key of the fuse region, and according to the first key to the client public key in the area Flash into
Row encryption generates the first ciphertext;
First ciphertext is stored in the area Flash.
8. client public key safety certification device as claimed in claim 7, which is characterized in that the public key verifications module is specifically used
In:
When downloading application program, the first key of the fuse region and first ciphertext in the area Flash are read;
First ciphertext is decrypted according to the first key, obtains the first Hash HASH value;
The HASH value for calculating the client public key in the area Flash, obtains the 2nd HASH value;
Judge whether the first HASH value and the 2nd HASH value meet preset condition, the use is verified according to judging result
Whether family public key is correct.
9. a kind of terminal device, including memory, processor and storage are in the memory and can be on the processor
The computer program of operation, which is characterized in that the processor realizes such as Claims 1-4 when executing the computer program
The step of any one the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage computer program, feature exist
In when the computer program is executed by processor the step of any one of such as Claims 1-4 of realization the method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811277096.0A CN109523258A (en) | 2018-10-30 | 2018-10-30 | POS client public key safety certifying method, device and terminal device |
| PCT/CN2019/114320 WO2020088515A1 (en) | 2018-10-30 | 2019-10-30 | Security authentication method and apparatus for pos user public key, and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811277096.0A CN109523258A (en) | 2018-10-30 | 2018-10-30 | POS client public key safety certifying method, device and terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109523258A true CN109523258A (en) | 2019-03-26 |
Family
ID=65773268
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811277096.0A Pending CN109523258A (en) | 2018-10-30 | 2018-10-30 | POS client public key safety certifying method, device and terminal device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109523258A (en) |
| WO (1) | WO2020088515A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020088515A1 (en) * | 2018-10-30 | 2020-05-07 | 百富计算机技术(深圳)有限公司 | Security authentication method and apparatus for pos user public key, and terminal device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7062045B2 (en) * | 2001-09-06 | 2006-06-13 | Clwt, Llc | Media protection system and method |
| CN107466455B (en) * | 2017-03-15 | 2021-05-04 | 深圳大趋智能科技有限公司 | POS machine security verification method and device |
| CN107194237B (en) * | 2017-04-05 | 2020-04-03 | 百富计算机技术(深圳)有限公司 | Method and device for application program security authentication, computer equipment and storage medium |
| CN109523258A (en) * | 2018-10-30 | 2019-03-26 | 百富计算机技术(深圳)有限公司 | POS client public key safety certifying method, device and terminal device |
-
2018
- 2018-10-30 CN CN201811277096.0A patent/CN109523258A/en active Pending
-
2019
- 2019-10-30 WO PCT/CN2019/114320 patent/WO2020088515A1/en active Application Filing
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020088515A1 (en) * | 2018-10-30 | 2020-05-07 | 百富计算机技术(深圳)有限公司 | Security authentication method and apparatus for pos user public key, and terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020088515A1 (en) | 2020-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101018125B (en) | Radio terminal security network and card locking method based on the ellipse curve public key cipher | |
| JP4216475B2 (en) | Cryptographic indexed key update method and device having leakage resistance | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN105427099A (en) | Network authentication method for secure electronic transactions | |
| CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| CN109743176A (en) | A kind of certificate update method, server and the POS terminal of POS terminal | |
| CN107888379A (en) | A kind of method of secure connection, POS terminal and code keypad | |
| CN108964922A (en) | mobile terminal token activation method, terminal device and server | |
| CN108683674A (en) | Verification method, device, terminal and the computer readable storage medium of door lock communication | |
| CN103944724A (en) | User identity identification card | |
| CN110708162B (en) | Resource acquisition method and device, computer readable medium and electronic equipment | |
| CN112235301B (en) | Access right verification method and device and electronic equipment | |
| CN112882750A (en) | OTA upgrade package processing method and device and electronic equipment | |
| CN112491843A (en) | Database multiple authentication method, system, terminal and storage medium | |
| CN115242553B (en) | Data exchange method and system supporting safe multi-party calculation | |
| CN107994995A (en) | A kind of method of commerce, system and the terminal device of lower security medium | |
| CN107133512A (en) | POS terminal control method and device | |
| CN113612852A (en) | Communication method, device, equipment and storage medium based on vehicle-mounted terminal | |
| CN116599669A (en) | Data processing method, device, computer equipment and storage medium | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN108965315A (en) | A kind of authentic authentication method of terminal device, device and terminal device | |
| WO2018118252A1 (en) | Cryptographic system management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |