CN110417557A - Intelligent terminal peripheral data method of controlling security and device - Google Patents
Intelligent terminal peripheral data method of controlling security and device Download PDFInfo
- Publication number
- CN110417557A CN110417557A CN201910710316.2A CN201910710316A CN110417557A CN 110417557 A CN110417557 A CN 110417557A CN 201910710316 A CN201910710316 A CN 201910710316A CN 110417557 A CN110417557 A CN 110417557A
- Authority
- CN
- China
- Prior art keywords
- peripheral hardware
- random factor
- transaction information
- call request
- peripheral
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the present application provides a kind of intelligent terminal peripheral data method of controlling security and device, and method includes: the peripheral hardware call request for receiving server and sending, and calls corresponding peripheral hardware according to the peripheral hardware call request, obtains the Transaction Information of the peripheral hardware acquisition;The second random factor that the process according to the first random factor in the peripheral hardware call request and locally generated presets private-key digital signature generates encryption key;The Transaction Information is encrypted according to the encryption key, and the server will be back to by encrypted Transaction Information, second random factor and terminal public key;The application can effectively solve the problem that presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware; it carries out malice card reading or collects the potential security risk of card transaction data; and factors cause the sensitive informations such as client trading card number information and password to protect ineffective, the risk leaked because Strategy of Data Maintenance is not perfect etc..
Description
Technical field
This application involves data security arts, and in particular to a kind of intelligent terminal peripheral data method of controlling security and dress
It sets.
Background technique
Traditional financial POS terminal is generally had by oneself using each manufacturer closed due to integrating the dedicated peripheral hardware of a variety of financial card readings
Operating system, the closed system can not load other applications, and the integrated dedicated peripheral hardware of financial card reading, which can only be also closed, is
Specific program calls in system, and safety is higher.With the development of mobile internet, the closure of traditional financial POS terminal is gradually
It is impacted by intelligent terminal.Compared to traditional financial POS terminal, financial intelligent terminal has higher hardware configuration, open intelligence
Energy operating system can load multiple business application, can be attracted to more trade companies in industrial application developed above, form payment industry
The closed loop of business.
However as the opening of financial intelligent terminal platform, integrated some financial peripheral hardwares for having sensitivity characteristic, such as
Magnetic card reader, contact/Contactless IC Card Reader etc. also can be with open platforms due to the needs of trade company's industrial application
Opening.How under the open platform quality event for guaranteeing financial intelligent terminal, control trade company APP is set using above-mentioned intelligence
Standby peripheral hardware permission avoids attacker by technological means, gets around the permission control of financial intelligent terminal platform, access financial intelligent
The focal issue of industry is configured to outside terminal.
Existing financial intelligent terminal is mostly based on Android operation system, and existing Peripheral Interface is open to be applied to trade company
After program, when calling peripheral hardware to read the sensitive informations such as card number, input password, safe handling strategy can not be protected trade company's application program
Card follows bank card security specification, it is easy to user sensitive information be caused to be leaked out during the landing of financial intelligent terminal
It goes, becomes attacker and utilize channel.
Summary of the invention
For the problems of the prior art, the application provides a kind of intelligent terminal peripheral data method of controlling security and dress
Set, can effectively solve the problem that presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware, carry out malice card reading
Or the potential security risk of card transaction data is collected, and factors lead to client trading card because Strategy of Data Maintenance is not perfect etc.
The sensitive informations such as number information and password protect ineffective, the risk leaked.
At least one of to solve the above-mentioned problems, the application the following technical schemes are provided:
In a first aspect, the application provides a kind of intelligent terminal peripheral data method of controlling security, comprising:
The peripheral hardware call request that server is sent is received, and corresponding peripheral hardware is called according to the peripheral hardware call request, is obtained
The Transaction Information acquired to the peripheral hardware;
The process according to the first random factor in the peripheral hardware call request and locally generated presets private-key digital signature
The second random factor generate encryption key;
The Transaction Information is encrypted according to the encryption key, and will be by encrypted Transaction Information, described
Second random factor and terminal public key are back to the server, so that the server is according to the terminal public key to described
Two random factors carry out signature verification, and the signature verification result be by when, according to second random factor and institute
It states the first random factor and generates decruption key, and be decrypted to described by encrypted Transaction Information.
Further, second generated in first random factor according in the peripheral hardware call request and locally with
The machine factor generates before encryption key, comprising:
Signature verification is carried out to first random factor according to the server public key in the peripheral hardware call request, is obtained
Signature verification result;
If the signature verification result is not pass through, failed encryption result is returned.
It is further, described that the Transaction Information is encrypted according to the encryption key, comprising:
Judge to whether there is in the Transaction Information of the peripheral hardware acquisition and the default sensitive number in the peripheral hardware call request
According to matched information;
If it exists, then the Transaction Information for capableing of the default sensitive data of successful match is added according to the encryption key
It is close.
Further, after the peripheral hardware call request that the reception server is sent, described according to the peripheral hardware tune
Before the corresponding peripheral hardware of request call, further includes:
Authenticity school is carried out to the server public key in the peripheral hardware call request according to pre-stored operator's root certificate
It tests, if check results are not pass through, returns to peripheral hardware malloc failure malloc result.
Second aspect, the application provide a kind of peripheral data method of controlling security, comprising:
Peripheral hardware call request is sent to intelligent terminal, so that the intelligent terminal is according to peripheral hardware call request calling pair
The peripheral hardware answered, obtains the Transaction Information of peripheral hardware acquisition, and according in the peripheral hardware call request the first random factor and
The second random factor that intelligent terminal locally generates generates encryption key, is carried out according to the encryption key to the Transaction Information
Encryption;
Receive intelligent terminal return by encrypted Transaction Information, the second random factor and terminal public key, and according to
The terminal public key carries out signature verification to second random factor;
If the result of the signature verification is to pass through, first according to second random factor and locally generated is at random
The factor generates decruption key, and is decrypted to described by encrypted Transaction Information, the Transaction Information after being decrypted.
Further, before the transmission peripheral hardware call request to intelligent terminal, comprising:
The first random factor in the peripheral hardware call request is digitally signed according to predetermined server private key.
The third aspect, the application provide a kind of intelligent terminal peripheral data method of controlling security device, comprising:
Transaction Information obtains module, calls for receiving the peripheral hardware call request of server transmission, and according to the peripheral hardware
The corresponding peripheral hardware of request call obtains the Transaction Information of the peripheral hardware acquisition;
Encryption key generation module, for what is according to the first random factor in the peripheral hardware call request and locally generated
The second random factor by presetting private-key digital signature generates encryption key;
Transaction Information encrypting module for being encrypted according to the encryption key to the Transaction Information, and will pass through
Encrypted Transaction Information, second random factor and terminal public key are back to the server, so that the server root
According to the terminal public key to second random factor carry out signature verification, and the signature verification result be by when, root
Decruption key is generated according to second random factor and first random factor, and passes through encrypted Transaction Information to described
It is decrypted.
Further, further includes:
First digital signature unit, for random to described first according to the server public key in the peripheral hardware call request
The factor carries out signature verification, obtains signature verification result;
Failed encryption return unit returns to failed encryption result if being not pass through for the signature verification result.
Further, the Transaction Information encrypting module includes:
Sensitive information matching unit, whether there is in the Transaction Information for judging peripheral hardware acquisition and the peripheral hardware tune
With the matched information of default sensitive data in request;
Sensitive information encryption unit, if for existing and the peripheral hardware call request in the Transaction Information of peripheral hardware acquisition
In the matched information of default sensitive data, then according to the encryption key to be capable of successful match preset sensitive data transaction
Information is encrypted.
Further, further includes:
Certificate verification unit, the operator root certificate pre-stored for basis is to the server in the peripheral hardware call request
Public key carries out authenticity verification, if check results are not pass through, returns to peripheral hardware malloc failure malloc result.
Fourth aspect, the application provide a kind of peripheral data method of controlling security device, comprising:
Call request sending module, for intelligent terminal send peripheral hardware call request so that the intelligent terminal according to
Corresponding peripheral hardware is called in the peripheral hardware call request, obtains the Transaction Information of the peripheral hardware acquisition, and call according to the peripheral hardware
The second random factor that the first random factor and intelligent terminal in request locally generate generates encryption key, according to the encryption
Transaction Information described in key pair is encrypted;
Signature verification module, for receive intelligent terminal return by encrypted Transaction Information, the second random factor
And terminal public key, and signature verification is carried out to second random factor according to the terminal public key;
Transaction Information deciphering module, if for the signature verification result be pass through, according to described second it is random because
Son and the first random factor locally generated generate decruption key, and are decrypted to described by encrypted Transaction Information,
Transaction Information after being decrypted.
Further, further includes:
Digital signature unit, for according to predetermined server private key to the first random factor in the peripheral hardware call request
It is digitally signed.
5th aspect, the application provides a kind of electronic equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, the processor realize the peripheral data security control when executing described program
The step of method.
6th aspect, the application provide a kind of computer readable storage medium, are stored thereon with computer program, the calculating
The step of peripheral data method of controlling security is realized when machine program is executed by processor.
As shown from the above technical solution, the application provides a kind of intelligent terminal peripheral data method of controlling security and device,
The second random factor generated by terminal to itself carries out data signature using default private key, and it is outer to combine server to send
If the first random factor in call request generates encryption key, believed by encryption key transaction collected to peripheral apparatus
Breath carries out data encryption, and will be back to by encrypted Transaction Information, second random factor and terminal public key described
Server is tested according to terminal public key sign by encrypted Transaction Information and the second random factor in the server
After card, i.e., verifying Transaction Information and the second random factor be really terminal issue after, according to the second random factor and itself first
Random factor generates decruption key, and Transaction Information is decrypted according to the decruption key, solve presently, there are it is non-
Method invader accesses intelligent terminal peripheral hardware by override mode, carries out malice card reading or collects the potential safety of card transaction data
Risk, and factors lead to the protection of the sensitive informations such as client trading card number information and password not because Strategy of Data Maintenance is not perfect etc.
Power, the risk leaked.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the application
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is one of the flow diagram of the intelligent terminal peripheral data method of controlling security in the embodiment of the present application;
Fig. 2 is the two of the flow diagram of the intelligent terminal peripheral data method of controlling security in the embodiment of the present application;
Fig. 3 is the three of the flow diagram of the intelligent terminal peripheral data method of controlling security in the embodiment of the present application;
Fig. 4 is the four of the flow diagram of the intelligent terminal peripheral data method of controlling security in the embodiment of the present application;
Fig. 5 is one of the structure chart of the intelligent terminal peripheral data safety control in the embodiment of the present application;
Fig. 6 is the two of the structure chart of the intelligent terminal peripheral data safety control in the embodiment of the present application;
Fig. 7 is the three of the structure chart of the intelligent terminal peripheral data safety control in the embodiment of the present application;
Fig. 8 is the four of the structure chart of the intelligent terminal peripheral data safety control in the embodiment of the present application;
Fig. 9 is the structural schematic diagram of the electronic equipment in the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, technical solutions in the embodiments of the present application carries out clear, complete description, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall in the protection scope of this application.
In view of existing financial intelligent terminal is mostly based on Android operation system, existing Peripheral Interface is open to quotient
After the application program of family, trade company's application program is when calling peripheral hardware to read the sensitive informations such as card number, input password, safe handling strategy
It not can guarantee and follow bank card security specification, it is easy to user sensitive information be caused to be let out during the landing of financial intelligent terminal
The problem of exposing is gone, and becomes attacker using channel, the application provide a kind of intelligent terminal peripheral data method of controlling security and
Device, the second random factor generated by terminal to itself carries out data signature using default private key, and server is combined to send out
The first random factor in the peripheral hardware call request sent generates encryption key, collected to peripheral apparatus by the encryption key
Transaction Information carries out data encryption, and will return by encrypted Transaction Information, second random factor and terminal public key
To the server, carried out according to terminal public key to by encrypted Transaction Information and the second random factor in the server
After signature verification, i.e., verifying Transaction Information and the second random factor are after terminal issues, according to the second random factor and certainly really
The first random factor of body generates decruption key, and Transaction Information is decrypted according to the decruption key, solves and deposits at present
Illegal invasion person intelligent terminal peripheral hardware is accessed by override mode, carry out malice card reading or collect the latent of card transaction data
In security risk, and because Strategy of Data Maintenance is not perfect etc., factors lead to the sensitive informations such as client trading card number information and password
Protect ineffective, to leak risk.
In order to effectively solve presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware, carry out
Malice card reading or the potential security risk for collecting card transaction data, and factors lead to visitor because Strategy of Data Maintenance is not perfect etc.
Family is traded, and the protection of the sensitive informations such as card number information and password is ineffective, and the risk leaked, the application provides a kind of intelligent terminal
The embodiment of peripheral data method of controlling security, executing subject are intelligent terminal, referring to Fig. 1, the intelligent terminal peripheral data
Method of controlling security specifically includes following content:
Step S101: the peripheral hardware call request that server is sent is received, and is called and is corresponded to according to the peripheral hardware call request
Peripheral hardware, obtain the Transaction Information of peripheral hardware acquisition.
It is understood that the peripheral hardware, which can be intelligent terminal, completes the indispensable peripheral hardware of transaction, such as integrate a variety of gold
Melt the defeated equipment such as close of dedicated card reading, and is external input device necessary to other mainstream means of payment, the intelligent terminal
It can download equipped with open type intelligent operating system and industry trade company APP is installed, and integrate the dedicated peripheral hardware packet of a variety of finance
Front end input peripheral such as IC card card reader, camera, barcode scanning gun, code keyboard, and output peripheral hardware such as printer etc. are included, except branch
It holds in addition to the means of payment such as bank card payment, the sudden strain of a muscle pair of Unionpay's cloud, other means of payment can also be integrated by APP, including but not
It is confined to: the mobile payment based on internet account such as wechat payment, Alipay payment, Baidu's wallet, Jingdone district payment, Yi Jiwei
The internet cards certificate such as letter card certificate, public comment checks and writes off the means of payment such as own two dimensional code barcode scanning payment, trading card payment.The intelligence
Terminal installation not only has the means of payment abundant, and specific form includes but is not limited to: financial intelligent terminating machine and intelligence are received
Silver-colored platform.
It is understood that after the intelligent terminal receives the peripheral hardware call request that the server is sent, according to institute
The peripheral type and model that peripheral hardware call request determines that it specifically to be called are stated, and actually calls the peripheral hardware to complete Transaction Information
Collecting work.
Step S102: the process according to the first random factor in the peripheral hardware call request and locally generated presets private key
Second random factor of digital signature generates encryption key.
It is understood that first random factor in the peripheral hardware call request can pass through for server local
Existing random number algorithm generates, and is specifically as follows a random digit, and optionally, the server can pass through itself default clothes
Business device private key is digitally signed first random factor.
Optionally, the intelligent terminal can also locally generate second random factor by existing random algorithm, and
Second random factor is digitally signed by preset terminal secret key, the intelligent terminal can be according to described first
According to available data conversion method one encryption key of generation, the available data is changed for random factor and second random factor
Calculation method is, for example, to add up and tire out to multiply, and in some other embodiment of the application, can also be converted according to other available datas
Method or data combination method carry out data processing to the first random factor and the second random factor, and then obtain encryption key.
Step S103: encrypting the Transaction Information according to the encryption key, and will pass through encrypted transaction
Information, second random factor and terminal public key are back to the server, so that the server is public according to the terminal
Key to second random factor carry out signature verification, and the signature verification result be by when, according to described second with
The machine factor and first random factor generate decruption key, and are decrypted to described by encrypted Transaction Information.
It is understood that the intelligent terminal has obtained corresponding Transaction Information by peripheral hardware, and also create
Encryption key can encrypt the Transaction Information by the encryption key, the specific encryption side of the encryption at this time
Method can using it is in the prior art any one, such as a kind of symmetric encryption method or a kind of asymmet-ric encryption method can
Use the encryption key.
It is understood that the intelligent terminal will pass through encrypted Transaction Information, second random factor and end
End public key is back to the server, wherein the terminal public key is used for second random factor Jing Guo digital signature
Carry out signature verification so that the server the signature verification result be by when, according to second random factor and
First random factor generates decruption key, and is decrypted to described by encrypted Transaction Information.
Optionally, the intelligent terminal and the server are stored with consistent data reduction method, i.e., the described intelligence is eventually
The encryption key and the server that end is generated according to first random factor and second random factor are according to described the
One random factor is consistent with the decruption key that second random factor generates, therefore the server can be according to the decryption
Key pair passes through encrypted Transaction Information successful decryption.
As can be seen from the above description, intelligent terminal peripheral data method of controlling security provided by the embodiments of the present application, Neng Goutong
It crosses the second random factor that terminal generates itself and carries out data signature, and the peripheral hardware for combining server to send using default private key
The first random factor in call request generates encryption key, by the encryption key to the collected Transaction Information of peripheral apparatus
Data encryption is carried out, and the clothes will be back to by encrypted Transaction Information, second random factor and terminal public key
Business device carries out signature verification to by encrypted Transaction Information and the second random factor according to terminal public key in the server
Afterwards, that is, verify Transaction Information and the second random factor is after terminal issues really, according to the second random factor and itself first with
The machine factor generates decruption key, and Transaction Information is decrypted according to the decruption key, solve presently, there are it is illegal
Invader accesses intelligent terminal peripheral hardware by override mode, carries out malice card reading or collects the potential safety wind of card transaction data
Danger, and factors lead to the protection of the sensitive informations such as client trading card number information and password not because Strategy of Data Maintenance is not perfect etc.
Power, the risk leaked.
In order to generate the authenticity for first verifying the first random factor before encryption key, outside the intelligent terminal of the application
If also specifically including following content referring to fig. 2 in an embodiment of data security control method:
Step S201: it is signed according to the server public key in the peripheral hardware call request to first random factor
Verifying, obtains signature verification result.
Step S202: if the signature verification result is not pass through, failed encryption result is returned to.
It is understood that the peripheral hardware tune can be extracted after the intelligent terminal receives the peripheral hardware call request
With the server public key for including in request and the first random factor, taken since first random factor passes through in server internal
Business device private key carried out digital signature, therefore can use the server public key to first random factor carry out signature test
Card, if the result of signature verification is not pass through, shows data not to determine that first random factor is that server issues really
Symbol, first random factor are not to be issued by server and its data validity is lower, then return to failed encryption at this time as a result,
No longer execute follow-up process.
In order to be encrypted to crucial sensitive information, in the intelligent terminal peripheral data security control side of the application
Also specifically include following content referring to Fig. 3 in one embodiment of method:
Step S301: judge in the Transaction Information of peripheral hardware acquisition with the presence or absence of with it is pre- in the peripheral hardware call request
If the matched information of sensitive data.
Step S302: if it exists, then the transaction for capableing of the default sensitive data of successful match is believed according to the encryption key
Breath is encrypted.
It optionally, also include default sensitive data in the peripheral hardware call request, the intelligent terminal may determine that outer
If whether containing corresponding default sensitive data in the collected Transaction Information, if so, can be only to corresponding part
Transaction Information is encrypted.
In order to carry out signature verification to server public key according to the operator's root certificate prestored, in the intelligence of the application
It also specifically include following content in one embodiment of terminal peripheral data method of controlling security: according to pre-stored operator
Root certificate carries out authenticity verification to the server public key in the peripheral hardware call request, if check results are not pass through, returns
Return peripheral hardware malloc failure malloc result.
It is understood that containing the signing messages of certificate pact in certificate, this signing messages is certificate authority machine
What structure was added.It can be verified using the public key of issuing organization.
In order to effectively solve presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware, carry out
Malice card reading or the potential security risk for collecting card transaction data, and factors lead to visitor because Strategy of Data Maintenance is not perfect etc.
Family is traded, and the protection of the sensitive informations such as card number information and password is ineffective, and the risk leaked, the application provides a kind of intelligent terminal
The embodiment of peripheral data method of controlling security, executing subject are server, referring to fig. 4, the intelligent terminal peripheral data peace
Full control method specifically includes following content:
Step S401: peripheral hardware call request is sent to intelligent terminal, so that the intelligent terminal is called according to the peripheral hardware
The corresponding peripheral hardware of request call obtains the Transaction Information of the peripheral hardware acquisition, and according to first in the peripheral hardware call request
The second random factor that random factor and intelligent terminal locally generate generates encryption key, according to the encryption key to the friendship
Easy information is encrypted.
It is understood that after the intelligent terminal receives the peripheral hardware call request that the server is sent, according to institute
The peripheral type and model that peripheral hardware call request determines that it specifically to be called are stated, and actually calls the peripheral hardware to complete Transaction Information
Collecting work.
Optionally, the intelligent terminal can be according to first random factor and second random factor according to existing
Data reduction method generates an encryption key, and the available data conversion method is, for example, to add up and tire out to multiply, the application's
In some other embodiment, can also according to other available data conversion methods or data combination method to the first random factor and
Second random factor carries out data processing, and then obtains encryption key.
Step S402: the public by encrypted Transaction Information, the second random factor and terminal of intelligent terminal return is received
Key, and signature verification is carried out to second random factor according to the terminal public key.
Step S403: if the result of the signature verification is to pass through, according to second random factor and local generation
The first random factor generate decruption key, and be decrypted to described by encrypted Transaction Information, after being decrypted
Transaction Information.
It is understood that the intelligent terminal will pass through encrypted Transaction Information, second random factor and end
End public key is back to the server, wherein the terminal public key is used for second random factor Jing Guo digital signature
Carry out signature verification so that the server the signature verification result be by when, according to second random factor and
First random factor generates decruption key, and is decrypted to described by encrypted Transaction Information.
As can be seen from the above description, intelligent terminal peripheral data method of controlling security provided by the embodiments of the present application, Neng Goutong
It crosses the second random factor that terminal generates itself and carries out data signature, and the peripheral hardware for combining server to send using default private key
The first random factor in call request generates encryption key, by the encryption key to the collected Transaction Information of peripheral apparatus
Data encryption is carried out, and the clothes will be back to by encrypted Transaction Information, second random factor and terminal public key
Business device carries out signature verification to by encrypted Transaction Information and the second random factor according to terminal public key in the server
Afterwards, that is, verify Transaction Information and the second random factor is after terminal issues really, according to the second random factor and itself first with
The machine factor generates decruption key, and Transaction Information is decrypted according to the decruption key, solve presently, there are it is illegal
Invader accesses intelligent terminal peripheral hardware by override mode, carries out malice card reading or collects the potential safety wind of card transaction data
Danger, and factors lead to the protection of the sensitive informations such as client trading card number information and password not because Strategy of Data Maintenance is not perfect etc.
Power, the risk leaked.
In order to be digitally signed the safety with improve data transfer to the first random factor, in the intelligence of the application
It also specifically include following content in one embodiment of energy terminal peripheral data method of controlling security: according to predetermined server private
Key is digitally signed the first random factor in the peripheral hardware call request.
It is understood that first random factor in the peripheral hardware call request can pass through for server local
Existing random number algorithm generates, and is specifically as follows a random digit, and optionally, the server can pass through itself default clothes
Business device private key is digitally signed first random factor.
In order to effectively solve presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware, carry out
Malice card reading or the potential security risk for collecting card transaction data, and factors lead to visitor because Strategy of Data Maintenance is not perfect etc.
Family sensitive informations such as card number information and password of trading protect ineffective, the risk leaked, the application provide it is a kind of for realizing
The intelligent terminal peripheral data security control of all or part of the content of the intelligent terminal peripheral data method of controlling security fills
The embodiment set, executing subject are intelligent terminal, and referring to Fig. 5, the intelligent terminal peripheral data safety control is specifically wrapped
Contain following content:
Transaction Information obtains module 10, for receiving the peripheral hardware call request of server transmission, and according to the peripheral hardware tune
With the corresponding peripheral hardware of request call, the Transaction Information of the peripheral hardware acquisition is obtained.
Encryption key generation module 20, for according to the first random factor in the peripheral hardware call request and locally generation
Through presetting private-key digital signature the second random factor generate encryption key.
Transaction Information encrypting module 30, for being encrypted according to the encryption key to the Transaction Information, and will be through
It crosses encrypted Transaction Information, second random factor and terminal public key and is back to the server, so that the server
According to the terminal public key to second random factor carry out signature verification, and the signature verification result be by when,
Decruption key is generated according to second random factor and first random factor, and is believed by encrypted transaction described
Breath is decrypted.
As can be seen from the above description, intelligent terminal peripheral data safety control provided by the embodiments of the present application, Neng Goutong
It crosses the second random factor that terminal generates itself and carries out data signature, and the peripheral hardware for combining server to send using default private key
The first random factor in call request generates encryption key, by the encryption key to the collected Transaction Information of peripheral apparatus
Data encryption is carried out, and the clothes will be back to by encrypted Transaction Information, second random factor and terminal public key
Business device carries out signature verification to by encrypted Transaction Information and the second random factor according to terminal public key in the server
Afterwards, that is, verify Transaction Information and the second random factor is after terminal issues really, according to the second random factor and itself first with
The machine factor generates decruption key, and Transaction Information is decrypted according to the decruption key, solve presently, there are it is illegal
Invader accesses intelligent terminal peripheral hardware by override mode, carries out malice card reading or collects the potential safety wind of card transaction data
Danger, and factors lead to the protection of the sensitive informations such as client trading card number information and password not because Strategy of Data Maintenance is not perfect etc.
Power, the risk leaked.
In order to generate the authenticity for first verifying the first random factor before encryption key, in the embodiment of the application
In, also specifically include following content referring to Fig. 6:
First digital signature unit 71, for according to the server public key in the peripheral hardware call request to described first with
The machine factor carries out signature verification, obtains signature verification result.
Failed encryption return unit 72 returns to failed encryption result if being not pass through for the signature verification result.
In order to be encrypted to crucial sensitive information, in the embodiment of the application, referring to Fig. 7, the friendship
Easy information encrypting module 30 includes:
Sensitive information matching unit 31, whether there is in the Transaction Information for judging peripheral hardware acquisition and the peripheral hardware
The matched information of default sensitive data in call request.
Sensitive information encryption unit 32, if being asked for existing in the Transaction Information of peripheral hardware acquisition with peripheral hardware calling
The matched information of default sensitive data in asking, the then friendship according to the encryption key to the default sensitive data of successful match is capable of
Easy information is encrypted.
In order to carry out signature verification to server public key according to the operator's root certificate prestored, one in the application is real
It applies in example, further includes: certificate verification unit 73, the operator root certificate pre-stored for basis is in the peripheral hardware call request
Server public key carry out authenticity verification, if check results be do not pass through, return to peripheral hardware malloc failure malloc result.
In order to effectively solve presently, there are illegal invasion person pass through override mode access intelligent terminal peripheral hardware, carry out
Malice card reading or the potential security risk for collecting card transaction data, and factors lead to visitor because Strategy of Data Maintenance is not perfect etc.
Family sensitive informations such as card number information and password of trading protect ineffective, the risk leaked, the application provide it is a kind of for realizing
The intelligent terminal peripheral data security control of all or part of the content of the intelligent terminal peripheral data method of controlling security fills
The embodiment set, executing subject are server, and referring to Fig. 8, the intelligent terminal peripheral data safety control specifically includes
There is following content:
Call request sending module 40, for sending peripheral hardware call request to intelligent terminal, so that the intelligent terminal root
Corresponding peripheral hardware is called according to the peripheral hardware call request, obtains the Transaction Information of the peripheral hardware acquisition, and according to the peripheral hardware tune
With in request the first random factor and the second random factor for locally generating of intelligent terminal generate encryption key, according to described plus
Transaction Information described in close key pair is encrypted.
Signature verification module 50, for receive intelligent terminal return by encrypted Transaction Information, second it is random because
Son and terminal public key, and signature verification is carried out to second random factor according to the terminal public key.
Transaction Information deciphering module 60, it is random according to described second if the result for the signature verification is to pass through
The factor and the first random factor locally generated generate decruption key, and solve to described by encrypted Transaction Information
It is close, the Transaction Information after being decrypted.
As can be seen from the above description, intelligent terminal peripheral data safety control provided by the embodiments of the present application, Neng Goutong
It crosses the second random factor that terminal generates itself and carries out data signature, and the peripheral hardware for combining server to send using default private key
The first random factor in call request generates encryption key, by the encryption key to the collected Transaction Information of peripheral apparatus
Data encryption is carried out, and the clothes will be back to by encrypted Transaction Information, second random factor and terminal public key
Business device carries out signature verification to by encrypted Transaction Information and the second random factor according to terminal public key in the server
Afterwards, that is, verify Transaction Information and the second random factor is after terminal issues really, according to the second random factor and itself first with
The machine factor generates decruption key, and Transaction Information is decrypted according to the decruption key, solve presently, there are it is illegal
Invader accesses intelligent terminal peripheral hardware by override mode, carries out malice card reading or collects the potential safety wind of card transaction data
Danger, and factors lead to the protection of the sensitive informations such as client trading card number information and password not because Strategy of Data Maintenance is not perfect etc.
Power, the risk leaked.
In order to be digitally signed the safety with improve data transfer to the first random factor, the one of the application
In embodiment, further includes: digital signature unit 74, for according to predetermined server private key in the peripheral hardware call request
One random factor is digitally signed.
In order to further explain this programme, the application also provides a kind of above-mentioned intelligent terminal peripheral data of application control safely
Device processed realizes the specific application example of intelligent terminal peripheral data method of controlling security, specifically includes following content:
Line process on a kind of trade company APP, specifically comprises the following steps:
1, trade company APP server generates a pair of of public private key pair, uses including but not limited to APPID, Peripheral Interface Access Column
The information groups such as table, sensitive information encryption Tag list are bundled into App publication application message, and using the privacy key to publication Shen
Please message calculate and Hash and sign, and together with the public key certificate of oneself signature, to financial intelligent terminal management platform application for registration quotient
Family APP.
2, financial intelligent terminal management platform passes through the consistency of PKI signature verification trade company APP application for registration information, verifying
Confirmation trade company APP, which is audited, by rear notice background devices Carrier Management personnel registers APP and Peripheral Interface access list, sensitivity
Information encrypts the information such as Tag.
3, after background audit passes through and authorizes, financial intelligent terminal management platform uses the root certificate of itself, for the quotient
Family APP generates signature merchant server certificate, and to the Peripheral Interface access list of trade company APP, sensitive information encryption Tag column
Table carries out Hash respectively and signs, which is returned to trade company's APP server together with signing certificate.
A kind of peripheral access control method, specifically includes following content:
1, trade company APP requests access to the peripheral hardware of financial intelligent terminal, to trade company APP server application peripheral access TOKEN,
Trade company's APP server generates disposable random number N ounce1, Peripheral Interface access list and signature, sensitive information encryption Tag column
The information such as table and signature, APPID, TOKEN validity period are assembled into TOKEN, and using trade company APP privacy key to above-mentioned
Token calculates Hash and signs.
2, trade company APP receive the Token and signature after, when calling secure peripheral service layer, be passed to the Token certificate with
The trade company's APP public key certificate and peripheral hardware request call data signed through financial intelligent terminal management platform.
3, secure peripheral service layer forwards the request to secure peripheral management module.Receiving the call request, permission
Authentication module verifies the Token information received, specifically:
The root certificate for using operator first, is attached to trade company's APP public key certificate to Token and verifies, it is ensured that the trade company
The validity and correctness of APP public key certificate, and therefrom restore to obtain the information such as trade company APPID.It specifically includes: public using trade company
Whether the signature that key certificate verifies TOKEN Hash correct whether the trade company APPID for checking trade company APPID and TOKEN consistent core
It is whether effective to TOKEN validity period check TOKEN validity period whether super maximum time it is verified using operator's root certificate sensitive
Does information encrypt Tag list and whether signature correct Peripheral Interface access list is verified using operator's root certificate and whether is signed
Correctly check the authorization interface list that interface call request is carried in Token any one of above-mentioned verifying failure, then recognize
To be unauthorized access finance peripheral hardware, refusal transaction.Above-mentioned verifying passes through, then it is assumed that the peripheral access of trade company APP requests to close
Method, Authority Verification module are instructed according to peripheral access, and the correspondence peripheral hardware of secure peripheral management module driving mounting carries out card reading, sweeps
Code, the defeated operation such as close.
A kind of sensitive data transmission method, specifically comprises the following steps:
1, secure peripheral management module drives financial peripheral hardware outer from IC card card reader, barcode scanning gun, camera, defeated close keyboard etc.
If the input data for getting financial peripheral hardware is imparted to sensitive data encrypting module.
2, sensitive data encrypting module obtains the random number of trade company APP from TOKEN, and is locally generated a random number
Nounce2, and signed using own private key to the random number, sensitive data encrypting module is raw using Token random number and locally
At one data encrypted tunnel key of generating random number.
3, the transaction data that sensitive data encrypting module reads equipment is split according to Tag, and checks corresponding number
According to Tag whether in sensitive data encryption Tag list, if there is in list, then the Tag data content is encrypted.With
For reading IC card information, when equipment reads the sensitive informations such as bis- magnetic identical, data of Tag57, Tag5A bank card number, due to above-mentioned
Sensitive information does not allow to land in terminal in trade company APP, and signature is in sensitive data encryption Tag list, then sensitive data encrypts
Module use previous step generate channel transfer key, to above-mentioned Tag carry out encrypted transmission, and to card number conceal intermediate digit into
Row deformation, returns to trade company APP.
4, trade company APP receives the information, only shows locally through deformed card number prefix and mantissa, the card number of encryption
The information such as Nounce2, signature, terminal public key give trade company's APP server.
5, trade company APP server receives the terminal public signature key certificate and Nounce2, verifies terminal signing certificate, uses
Nounce1, Nounce2 and own private key recover data encryption channel keys, and decrypt above-mentioned Tag using the key and encrypt
Information, assembling message are sent to receiving server.
Bank's card number is not landed in financial intelligent terminal whole process in this process, prevents financial sensitive information because of financial intelligence
Energy terminal itself loophole, in open operation system platform layer and trade company's APP internal leakage.
Embodiments herein also provides the intelligent terminal peripheral data security control side that can be realized in above-described embodiment
The specific embodiment of a kind of electronic equipment of Overall Steps in method, referring to Fig. 9, the electronic equipment is specifically included in following
Hold:
Processor (processor) 601, memory (memory) 602, communication interface (Communications
Interface) 603 and bus 604;
Wherein, the processor 601, memory 602, communication interface 603 complete mutual lead to by the bus 604
Letter;The communication interface 603 sets for realizing intelligent terminal peripheral data safety control, online operation system, client
Information transmission between standby and other participation mechanisms;
The processor 601 is used to call the computer program in the memory 602, and the processor executes the meter
The Overall Steps in the intelligent terminal peripheral data method of controlling security in above-described embodiment are realized when calculation machine program, for example, institute
It states when processor executes the computer program and realizes following step:
Step S101: the peripheral hardware call request that server is sent is received, and is called and is corresponded to according to the peripheral hardware call request
Peripheral hardware, obtain the Transaction Information of peripheral hardware acquisition.
Step S102: the process according to the first random factor in the peripheral hardware call request and locally generated presets private key
Second random factor of digital signature generates encryption key.
Step S103: encrypting the Transaction Information according to the encryption key, and will pass through encrypted transaction
Information, second random factor and terminal public key are back to the server, so that the server is public according to the terminal
Key to second random factor carry out signature verification, and the signature verification result be by when, according to described second with
The machine factor and first random factor generate decruption key, and are decrypted to described by encrypted Transaction Information.
As can be seen from the above description, electronic equipment provided by the embodiments of the present application, can be generated by terminal to itself
Two random factors carry out data signature using default private key, and first in the peripheral hardware call request for combining server to send is random
The factor generates encryption key, carries out data encryption to the collected Transaction Information of peripheral apparatus by the encryption key, and will be through
It crosses encrypted Transaction Information, second random factor and terminal public key and is back to the server, in the server root
According to terminal public key to after encrypted Transaction Information and the second random factor carry out signature verification, i.e., verifying Transaction Information and
Second random factor is to generate decruption key according to the second random factor and itself the first random factor after terminal issues really,
And Transaction Information is decrypted according to the decruption key, solve presently, there are illegal invasion person pass through override mode visit
It asks intelligent terminal peripheral hardware, carry out malice card reading or collects the potential security risk of card transaction data, and because of data protection plan
Slightly not perfect etc. factors cause the sensitive informations such as client trading card number information and password to protect ineffective, the risk leaked.
Embodiments herein also provides the intelligent terminal peripheral data security control side that can be realized in above-described embodiment
A kind of computer readable storage medium of Overall Steps in method is stored with computer journey on the computer readable storage medium
Sequence, the computer program realize the intelligent terminal peripheral data method of controlling security in above-described embodiment when being executed by processor
Overall Steps, for example, the processor realizes following step when executing the computer program:
Step S101: the peripheral hardware call request that server is sent is received, and is called and is corresponded to according to the peripheral hardware call request
Peripheral hardware, obtain the Transaction Information of peripheral hardware acquisition.
Step S102: the process according to the first random factor in the peripheral hardware call request and locally generated presets private key
Second random factor of digital signature generates encryption key.
Step S103: encrypting the Transaction Information according to the encryption key, and will pass through encrypted transaction
Information, second random factor and terminal public key are back to the server, so that the server is public according to the terminal
Key to second random factor carry out signature verification, and the signature verification result be by when, according to described second with
The machine factor and first random factor generate decruption key, and are decrypted to described by encrypted Transaction Information.
As can be seen from the above description, computer readable storage medium provided by the embodiments of the present application, it can be by terminal to this
The second random factor that body generates carries out data signature using default private key, and in the peripheral hardware call request for combining server to send
The first random factor generate encryption key, by the encryption key to the collected Transaction Information of peripheral apparatus carry out data add
It is close, and it will be back to the server by encrypted Transaction Information, second random factor and terminal public key, described
Server according to terminal public key to after encrypted Transaction Information and the second random factor carry out signature verification, i.e. hand over by verifying
Easy information and the second random factor are to generate solution according to the second random factor and itself the first random factor after terminal issues really
Key, and Transaction Information being decrypted according to the decruption key, solve presently, there are illegal invasion person pass through more
Power mode accesses intelligent terminal peripheral hardware, carries out malice card reading or collects the potential security risk and factor of card transaction data
According to Preservation tactics are not perfect etc., factors cause the protection of the sensitive informations such as client trading card number information and password ineffective, leak
Risk.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for hardware+
For program class embodiment, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to side
The part of method embodiment illustrates.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive
The labour for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps
One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes
To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence
The environment of reason).
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, vehicle-mounted human-computer interaction device, cellular phone, camera phone, smart phone, individual
Digital assistants, media player, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or
The combination of any equipment in these equipment of person.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It will be understood by those skilled in the art that the embodiment of this specification can provide as the production of method, system or computer program
Product.Therefore, in terms of this specification embodiment can be used complete hardware embodiment, complete software embodiment or combine software and hardware
Embodiment form.
This specification embodiment can describe in the general context of computer-executable instructions executed by a computer,
Such as program module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, journey
Sequence, object, component, data structure etc..This specification embodiment can also be practiced in a distributed computing environment, in these points
Cloth calculates in environment, by executing task by the connected remote processing devices of communication network.In distributed computing ring
In border, program module can be located in the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ",
The description of " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, structure, material
Or feature is contained at least one embodiment or example of this specification embodiment.In the present specification, to above-mentioned term
Schematic representation be necessarily directed to identical embodiment or example.Moreover, description specific features, structure, material or
Person's feature may be combined in any suitable manner in any one or more of the embodiments or examples.In addition, in not conflicting feelings
Under condition, those skilled in the art by different embodiments or examples described in this specification and different embodiment or can show
The feature of example is combined.
The foregoing is merely the embodiments of this specification, are not limited to this specification embodiment.For ability
For field technique personnel, this specification embodiment can have various modifications and variations.It is all this specification embodiment spirit and
Any modification, equivalent replacement, improvement and so within principle should be included in the scope of the claims of this specification embodiment
Within.
Claims (14)
1. a kind of intelligent terminal peripheral data method of controlling security, which is characterized in that the described method includes:
The peripheral hardware call request that server is sent is received, and corresponding peripheral hardware is called according to the peripheral hardware call request, obtains institute
State the Transaction Information of peripheral hardware acquisition;
The process according to the first random factor in the peripheral hardware call request and locally generated presets the of private-key digital signature
Two random factors generate encryption key;
The Transaction Information is encrypted according to the encryption key, and encrypted Transaction Information, described second will be passed through
Random factor and terminal public key are back to the server so that the server according to the terminal public key to described second with
The machine factor carries out signature verification, and the signature verification result be by when, according to second random factor and described the
One random factor generates decruption key, and is decrypted to described by encrypted Transaction Information.
2. intelligent terminal peripheral data method of controlling security according to claim 1, which is characterized in that described according to institute
It states before the first random factor in peripheral hardware call request and the second random factor locally generated generate encryption key, comprising:
Signature verification is carried out to first random factor according to the server public key in the peripheral hardware call request, is signed
Verification result;
If the signature verification result is not pass through, failed encryption result is returned.
3. intelligent terminal peripheral data method of controlling security according to claim 1, which is characterized in that described according to
Encryption key encrypts the Transaction Information, comprising:
Judge to whether there is and the default sensitive data in the peripheral hardware call request in the Transaction Information of the peripheral hardware acquisition
The information matched;
If it exists, then the Transaction Information for capableing of the default sensitive data of successful match is encrypted according to the encryption key.
4. intelligent terminal peripheral data method of controlling security according to claim 1, which is characterized in that taken in the reception
It is engaged in after the peripheral hardware call request that device is sent, before the corresponding peripheral hardware according to peripheral hardware call request calling, also wraps
It includes:
Authenticity verification is carried out to the server public key in the peripheral hardware call request according to pre-stored operator's root certificate, if
Check results are not pass through, then return to peripheral hardware malloc failure malloc result.
5. a kind of peripheral data method of controlling security, which is characterized in that the described method includes:
Peripheral hardware call request is sent to intelligent terminal, so that the intelligent terminal is corresponding according to peripheral hardware call request calling
Peripheral hardware obtains the Transaction Information of the peripheral hardware acquisition, and according to the first random factor and intelligence in the peripheral hardware call request
The second random factor that terminal local generates generates encryption key, is added according to the encryption key to the Transaction Information
It is close;
Receive that intelligent terminal returns by encrypted Transaction Information, the second random factor and terminal public key, and according to described
Terminal public key carries out signature verification to second random factor;
If the result of the signature verification is to pass through, the first random factor according to second random factor and locally generated
Decruption key is generated, and is decrypted to described by encrypted Transaction Information, the Transaction Information after being decrypted.
6. peripheral data method of controlling security according to claim 5, which is characterized in that sent described to intelligent terminal
Before peripheral hardware call request, comprising:
The first random factor in the peripheral hardware call request is digitally signed according to predetermined server private key.
7. a kind of intelligent terminal peripheral data safety control characterized by comprising
Transaction Information obtains module, for receiving the peripheral hardware call request of server transmission, and according to the peripheral hardware call request
Corresponding peripheral hardware is called, the Transaction Information of the peripheral hardware acquisition is obtained;
Encryption key generation module, the process for according to the first random factor in the peripheral hardware call request and locally generating
Second random factor of default private-key digital signature generates encryption key;
Transaction Information encrypting module, for being encrypted according to the encryption key to the Transaction Information, and will be by encryption
Transaction Information, second random factor and terminal public key afterwards is back to the server, so that the server is according to institute
State terminal public key to second random factor carry out signature verification, and the signature verification result be by when, according to institute
It states the second random factor and first random factor generates decruption key, and carried out to described by encrypted Transaction Information
Decryption.
8. peripheral data safety control according to claim 7, which is characterized in that further include:
First digital signature unit, for according to the server public key in the peripheral hardware call request to first random factor
Signature verification is carried out, signature verification result is obtained;
Failed encryption return unit returns to failed encryption result if being not pass through for the signature verification result.
9. peripheral data safety control according to claim 7, which is characterized in that the Transaction Information encrypting module
Include:
Sensitive information matching unit is asked with the presence or absence of with peripheral hardware calling in the Transaction Information for judging peripheral hardware acquisition
The matched information of default sensitive data in asking;
Sensitive information encryption unit, if for the peripheral hardware acquisition Transaction Information in exist in the peripheral hardware call request
The default matched information of sensitive data, then according to the encryption key to the Transaction Information for capableing of the default sensitive data of successful match
It is encrypted.
10. peripheral data safety control according to claim 7, which is characterized in that further include:
Certificate verification unit, the operator root certificate pre-stored for basis is to the server public key in the peripheral hardware call request
Authenticity verification is carried out, if check results are not pass through, returns to peripheral hardware malloc failure malloc result.
11. a kind of peripheral data safety control characterized by comprising
Call request sending module, for sending peripheral hardware call request to intelligent terminal, so that the intelligent terminal is according to
Corresponding peripheral hardware is called in peripheral hardware call request, obtains the Transaction Information of the peripheral hardware acquisition, and according to the peripheral hardware call request
In the second random factor for locally generating of the first random factor and intelligent terminal generate encryption key, according to the encryption key
The Transaction Information is encrypted;
Signature verification module, for receive intelligent terminal return by encrypted Transaction Information, the second random factor and end
Public key is held, and signature verification is carried out to second random factor according to the terminal public key;
Transaction Information deciphering module, if the result for the signature verification is to pass through, according to second random factor and
The first random factor locally generated generates decruption key, and is decrypted to described by encrypted Transaction Information, obtains
Transaction Information after decryption.
12. peripheral data safety control according to claim 11, which is characterized in that further include:
Digital signature unit, for being carried out according to predetermined server private key to the first random factor in the peripheral hardware call request
Digital signature.
13. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes peripheral hardware number as claimed in any one of claims 1 to 6 when executing described program
The step of according to method of controlling security.
14. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt
The step of processor realizes peripheral data method of controlling security as claimed in any one of claims 1 to 6 when executing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910710316.2A CN110417557B (en) | 2019-08-02 | 2019-08-02 | Intelligent terminal peripheral data security control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910710316.2A CN110417557B (en) | 2019-08-02 | 2019-08-02 | Intelligent terminal peripheral data security control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110417557A true CN110417557A (en) | 2019-11-05 |
CN110417557B CN110417557B (en) | 2022-06-10 |
Family
ID=68365370
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910710316.2A Active CN110417557B (en) | 2019-08-02 | 2019-08-02 | Intelligent terminal peripheral data security control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110417557B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112712370A (en) * | 2020-12-17 | 2021-04-27 | 宝付网络科技(上海)有限公司 | Method and system for monitoring appropriation of payment interface |
CN114338152A (en) * | 2021-12-27 | 2022-04-12 | 上海市数字证书认证中心有限公司 | Data processing method and device |
CN114780156A (en) * | 2022-04-24 | 2022-07-22 | 中国工商银行股份有限公司 | External operation equipment calling method and device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7096494B1 (en) * | 1998-05-05 | 2006-08-22 | Chen Jay C | Cryptographic system and method for electronic transactions |
CN104852911A (en) * | 2015-04-27 | 2015-08-19 | 小米科技有限责任公司 | Safety verification method, device and system |
US20150310431A1 (en) * | 2014-04-23 | 2015-10-29 | Minkasu, Inc. | Secure Payments Using a Mobile Wallet Application |
CN105023151A (en) * | 2015-07-22 | 2015-11-04 | 天地融科技股份有限公司 | Card transaction data processing method and device |
CN105023374A (en) * | 2015-07-22 | 2015-11-04 | 天地融科技股份有限公司 | Transaction system of POS machine |
CN105933119A (en) * | 2015-12-24 | 2016-09-07 | 中国银联股份有限公司 | Authentication method and device |
WO2019020824A1 (en) * | 2017-07-27 | 2019-01-31 | Sofitto Nv | Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure |
-
2019
- 2019-08-02 CN CN201910710316.2A patent/CN110417557B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7096494B1 (en) * | 1998-05-05 | 2006-08-22 | Chen Jay C | Cryptographic system and method for electronic transactions |
US20150310431A1 (en) * | 2014-04-23 | 2015-10-29 | Minkasu, Inc. | Secure Payments Using a Mobile Wallet Application |
CN104852911A (en) * | 2015-04-27 | 2015-08-19 | 小米科技有限责任公司 | Safety verification method, device and system |
CN105023151A (en) * | 2015-07-22 | 2015-11-04 | 天地融科技股份有限公司 | Card transaction data processing method and device |
CN105023374A (en) * | 2015-07-22 | 2015-11-04 | 天地融科技股份有限公司 | Transaction system of POS machine |
CN105933119A (en) * | 2015-12-24 | 2016-09-07 | 中国银联股份有限公司 | Authentication method and device |
WO2019020824A1 (en) * | 2017-07-27 | 2019-01-31 | Sofitto Nv | Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112712370A (en) * | 2020-12-17 | 2021-04-27 | 宝付网络科技(上海)有限公司 | Method and system for monitoring appropriation of payment interface |
CN114338152A (en) * | 2021-12-27 | 2022-04-12 | 上海市数字证书认证中心有限公司 | Data processing method and device |
CN114338152B (en) * | 2021-12-27 | 2024-04-12 | 上海市数字证书认证中心有限公司 | Data processing method and device |
CN114780156A (en) * | 2022-04-24 | 2022-07-22 | 中国工商银行股份有限公司 | External operation equipment calling method and device |
Also Published As
Publication number | Publication date |
---|---|
CN110417557B (en) | 2022-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111770200B (en) | Information sharing method and system | |
EP3269119B1 (en) | Mutual authentication of software layers | |
RU2537795C2 (en) | Trusted remote attestation agent (traa) | |
Basin et al. | The EMV standard: Break, fix, verify | |
RU2523304C2 (en) | Trusted integrity manager (tim) | |
ES2599985T3 (en) | Validation at any time for verification tokens | |
CN105957276B (en) | Based on android system intelligence POS security systems and startup, data management-control method | |
CN110035052A (en) | A kind of method, apparatus that checking historical transactional information and electronic equipment | |
CN105160242B (en) | Certificate loading method, certificate update method and the card reader of a kind of card reader | |
EP3017580B1 (en) | Signatures for near field communications | |
CN111770199B (en) | Information sharing method, device and equipment | |
CN106688004A (en) | Transaction authentication method, device, mobile terminal, POS terminal and server | |
CN106465112A (en) | Offline authentication | |
CN105745661A (en) | Policy-based trusted inspection of rights managed content | |
CN103051451A (en) | Encryption authentication of security service execution environment | |
WO2018144238A1 (en) | Methods and systems for securely storing sensitive data on smart cards | |
CN110417557A (en) | Intelligent terminal peripheral data method of controlling security and device | |
CN111160908B (en) | Supply chain transaction privacy protection system, method and related equipment based on blockchain | |
CN107967605B (en) | Rail transit automatic fare collection two-dimensional code credit payment encryption method | |
El Madhoun et al. | An online security protocol for NFC payment: Formally analyzed by the scyther tool | |
CN109933987A (en) | For the key generation method of block chain network, endorsement method, storage medium, calculate equipment | |
CN102664736A (en) | Electronic cipher generating method, device and equipment and electronic cipher authentication system | |
CN111818186A (en) | Information sharing method and system | |
CN110100410A (en) | Cryptographic system management | |
CN110992034A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |