CN111290884A - Data backup method and device for cash register equipment - Google Patents
Data backup method and device for cash register equipment Download PDFInfo
- Publication number
- CN111290884A CN111290884A CN202010102050.6A CN202010102050A CN111290884A CN 111290884 A CN111290884 A CN 111290884A CN 202010102050 A CN202010102050 A CN 202010102050A CN 111290884 A CN111290884 A CN 111290884A
- Authority
- CN
- China
- Prior art keywords
- key
- cash register
- data
- encrypted
- backed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a data backup method and a device of cash register equipment, wherein the method comprises the following steps: receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a transmission mode; acquiring a second key, wherein the second key and the first key are symmetric keys; encrypting second off-line cash register data generated by the equipment by using a second key to obtain second encrypted cash register data; storing the first encrypted cashier data and the second encrypted cashier data; and in response to the data reading instruction, decrypting the stored encrypted cash register data by using the second key. Therefore, according to the scheme of the invention, the symmetric key is obtained, the cash register data generated by the equipment can be encrypted, the second encrypted cash register data obtained by encryption and the first encrypted cash register data sent by the cash register equipment to be backed up are decrypted, and the data in the cash register equipment to be backed up is stored and the cash register processing is carried out by using the equipment instead of the cash register equipment to be backed up.
Description
Technical Field
The invention relates to the technical field of data backup, in particular to a data backup method and device of cash register equipment.
Background
The cash register devices may be used for cash register processing and cash register data storage in various business entities, and in practice, in some internal cash register networks of large merchants, many cash register devices may not be directly or rarely connected to the internet (hereinafter referred to as offline cash register devices), and the critical cash register data is stored in local storage of some main offline cash register devices for a long time. Meanwhile, when the offline cash register needs to be repaired or replaced, the safe backup of the internal cash register data is a serious problem.
In the prior art, these offline cash register devices store the cash register data in a compressed form, and when the data is backed up, these plain text data are directly copied and then stored in another offline cash register device. However, the storage and copy method in the prior art is very easy to cause data theft, and the security of the cash register data is reduced.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a data backup method and apparatus for a cash register device that overcomes or at least partially solves the above problems.
According to an aspect of an embodiment of the present invention, there is provided a data backup method for a cash register device, including:
receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a close-range wireless transmission mode; the first encrypted cashier data is obtained by encrypting a first secret key;
acquiring a second key, wherein the second key and the first key are symmetric keys; encrypting second off-line cash register data generated by the equipment by using a second key to obtain second encrypted cash register data;
storing the first encrypted cashier data and the second encrypted cashier data;
and in response to a data reading instruction, decrypting the stored encrypted cash register data by using the second key.
Optionally, after the obtaining the second key, the method further includes:
checking whether the second key and/or the first encrypted cashier data are correct or not according to the second key and/or the first encrypted cashier data;
the encrypting the second offline cash register data generated by the device by using the second key to obtain second encrypted cash register data further comprises: and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
Optionally, the checking whether the second key and/or the first encrypted cashier data are correct according to the second key and/or the first encrypted cashier data further includes:
decrypting the preset encrypted value by using the second key, and if the decryption is successful, determining that the second key is correct; and/or the presence of a gas in the gas,
and decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct.
Optionally, a first key is stored in the cashier device to be backed up;
the first secret key is written into a storage area of a trusted execution environment of the cash register device to be backed up before the cash register device to be backed up leaves a factory; alternatively, the first and second electrodes may be,
the first secret key is obtained by sending an initialization secret key issuing request carrying an equipment identifier to a server or a cipher machine through a trusted service management agent of the cashier equipment to be backed up and receiving an initialization secret key which is distributed by the server or the cipher machine and is associated with the equipment identifier.
Optionally, the obtaining the second key further includes:
and acquiring a second key preset in a storage area of the trusted execution environment of the equipment.
Optionally, a trusted service management agent is preset in the device, and the obtaining the second key further includes:
the method comprises the steps that a trusted service management agent obtains an equipment identifier of a cashier device to be backed up;
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the server or the cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request;
the trusted service management agent receives a second key issued by the server or the cipher machine according to the query result;
and the trusted service management agent sends the second key to a secure storage module of the device for storage.
Optionally, the sending, by the trusted service management agent, a backup key issuing request carrying the device identifier to a server or a cryptographic machine, so that the server or the cryptographic machine queries a second key associated with the device identifier according to the backup key issuing request, further includes:
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to a server or a cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request and the counted issuing times of the second key associated with the equipment identifier; and if the issuing times reach preset times, the association between the equipment identifier and the second key is released.
Optionally, the receiving the second key issued by the server or the cryptographic machine according to the query result further includes:
and receiving a second key associated with the equipment identifier, which is issued after the server or the cipher machine inquires the second key associated with the equipment identifier.
Optionally, the sending, by the trusted service management agent to the server or the cryptographic machine, the backup key issuing request carrying the device identifier further includes:
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the cipher machine in a near field communication mode;
the step of receiving a second key issued by the server or the cryptographic machine according to the query result by the trusted service management agent further comprises: and the trusted service management agent receives a second key which is issued by the cipher machine in a near field communication mode and is associated with the equipment identifier.
Optionally, the device identifier is device model information or product serial number information.
According to another aspect of the embodiments of the present invention, there is provided a data backup apparatus for a cash register device, including:
the receiving module is suitable for receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a short-distance wireless transmission mode; the first encrypted cashier data is obtained by encrypting a first secret key;
the acquisition module is suitable for acquiring a second secret key, and the second secret key and the first secret key are symmetric secret keys;
the encryption module is suitable for encrypting second offline cash register data generated by the equipment by using a second secret key to obtain second encrypted cash register data;
a storage module adapted to store the first encrypted cashier data and the second encrypted cashier data;
and the reading module is suitable for responding to a data reading instruction and decrypting the stored encrypted cash register data by using the second key.
Optionally, the apparatus further comprises:
the checking module is suitable for checking whether the second key and/or the first encrypted cash register data are correct or not according to the second key and/or the first encrypted cash register data;
the encryption module is further adapted to: and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
Optionally, the checking module is further adapted to:
decrypting the preset encrypted value by using the second key, and if the decryption is successful, determining that the second key is correct; and/or the presence of a gas in the gas,
and decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct.
Optionally, a first key is stored in the cashier device to be backed up;
the first secret key is written into a storage area of a trusted execution environment of the cash register device to be backed up before the cash register device to be backed up leaves a factory; alternatively, the first and second electrodes may be,
the first secret key is obtained by sending an initialization secret key issuing request carrying an equipment identifier to a server or a cipher machine through a trusted service management agent of the cashier equipment to be backed up and receiving an initialization secret key which is distributed by the server or the cipher machine and is associated with the equipment identifier.
Optionally, the obtaining module is further adapted to:
and acquiring a second key preset in a storage area of the trusted execution environment of the equipment.
Optionally, a trusted service management agent is preset in the device, and the obtaining module further includes: the trusted service management agent is suitable for acquiring the equipment identifier of the cash register equipment to be backed up; sending a backup key issuing request carrying the equipment identifier to a server or a cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request; receiving a second key issued by the server or the cipher machine according to the query result; and sending the second key to a secure storage module of the device for storage.
Optionally, the trusted service management agent is further adapted to:
sending a backup key issuing request carrying the equipment identifier to a server or a password machine, so that the server or the password machine can inquire a second key associated with the equipment identifier according to the backup key issuing request and the counted issuing times of the second key associated with the equipment identifier; and if the issuing times reach preset times, the association between the equipment identifier and the second key is released.
Optionally, the trusted service management agent is further adapted to:
and receiving a second key associated with the equipment identifier, which is issued after the server or the cipher machine inquires the second key associated with the equipment identifier.
Optionally, the trusted service management agent is further adapted to:
sending a backup key issuing request carrying the equipment identifier to a cipher machine in a near field communication mode;
and receiving a second key which is issued by the cipher machine in a near field communication mode and is associated with the equipment identifier.
Optionally, the device identifier is device model information or product serial number information.
According to still another aspect of an embodiment of the present invention, there is provided a computing device including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the data backup method of the cash register device.
According to a further aspect of the embodiments of the present invention, there is provided a computer storage medium, in which at least one executable instruction is stored, and the executable instruction causes a processor to execute an operation corresponding to the data backup method of the cash register device.
According to the data backup method and device of the cash register device, the device can encrypt the second off-line cash register data generated by the device by acquiring the second key to obtain the second encrypted cash register data; on the other hand, the received first encrypted cash register data transmitted by the cash register device to be backed up and/or the second encrypted cash register data generated and encrypted by the cash register device to be backed up can be decrypted and provided to the data reading party in response to the data reading instruction. Therefore, according to the scheme of the invention, the symmetric key of the first key, namely the second key, used when the first offline cash register data is encrypted by the cash register device to be backed up is obtained, so that the device can be used for backing up the first encrypted cash register data of the cash register device to be backed up and can be subsequently decrypted and provided for a data reader, thereby realizing the safe backup of the cash register data in the cash register device to be backed up and avoiding the data from being stolen due to the direct copy of the plaintext data; and the second key can be used for encrypting and decrypting the cash register data generated by the equipment, so that the equipment completes the safe storage and reading of the cash register data of the cash register equipment to be backed up and the equipment by using the same key, and the safety of the cash register data is maintained while the convenience of maintaining the safety of the data is improved.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the embodiments of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the embodiments of the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a flowchart of a data backup method of a cash register device according to an embodiment of the present invention;
fig. 2 shows a flowchart of a data backup method of the cash register device according to another embodiment of the present invention;
fig. 3 shows a schematic diagram of an implementation of a data backup method of a cash register device in a specific example;
fig. 4 is a schematic structural diagram of a data backup device of a cash register device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computing device provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flowchart of a data backup method of a cash register device according to an embodiment of the present invention. According to the method, the cash register device with the cash register capacity is used for backing up the cash register data in another cash register device to be backed up, and the cash register device with the cash register capacity is used for continuing cash register processing. As shown in fig. 1, the method comprises the steps of:
step S110: receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a close-range wireless transmission mode; wherein the first encrypted cashier data is encrypted by a first key.
The cash register device to be backed up is an offline cash register device which needs to back up the cash register data stored in the cash register device due to maintenance or replacement.
Specifically, first encrypted cash registration data sent by the cash registration device to be backed up is received by another cash registration device (hereinafter referred to as the present device) other than the cash registration device to be backed up, where the first encrypted cash registration data is obtained by encrypting the cash registration device to be backed up with a first key, that is: the device receives encrypted cash register data instead of plaintext data, and data security is guaranteed.
Step S120: acquiring a second key, wherein the second key and the first key are symmetric keys; and encrypting the second off-line cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
The device obtains a second key, and the second key and the first key are symmetric keys.
In practice, the device, as a device that stores the cash register data in place of the to-be-backed up cash register device and is used for the cash register process, may generate the second offline cash register data during the cash register process, and may encrypt the second offline cash register data with the obtained second key to complete the encryption of the second offline cash register data generated by the device.
Step S130: storing the first encrypted cashier data and the second encrypted cashier data; and in response to the data reading instruction, decrypting the stored encrypted cash register data by using the second key.
The device stores the first encrypted cash register data in a local storage after receiving the first encrypted data, and stores the second encrypted cash register data in the local storage after encrypting the second offline cash register data generated by the device to obtain the second encrypted cash register data.
In practice, the device will provide the corresponding cash register data to the data reader according to the received external data reading instruction, and correspondingly, the device will decrypt the encrypted cash register data in the local storage by using the second key in response to the data reading instruction and provide the decrypted cash register data to the data reader.
It should be noted that, in the embodiment of the present invention, the present device and the cash register device to be backed up only play a role of receiving and storing the data to be backed up and a role of providing the data to be backed up in a specific cash register data backup process, and the two devices may be different in composition structure and form, or may be the same. For example, if there are a plurality of offline cash register devices with the same structure, any one or more of the offline cash register devices may be used as the cash register device to be backed up, and the remaining offline cash register devices may be used as the local device for backup.
According to the data backup method for the cash register device provided by the embodiment, the device can encrypt the second offline cash register data generated by the device on one hand by acquiring the second key, so as to obtain the second encrypted cash register data; on the other hand, the received first encrypted cash register data transmitted by the cash register device to be backed up and/or the second encrypted cash register data generated and encrypted by the cash register device to be backed up can be decrypted and provided to the data reading party in response to the data reading instruction. Therefore, according to the scheme of the invention, the symmetric key of the first key, namely the second key, used when the first offline cash register data is encrypted by the cash register device to be backed up is obtained, so that the device can be used for backing up the first encrypted cash register data of the cash register device to be backed up and can be subsequently decrypted and provided for a data reader, thereby realizing the safe backup of the cash register data in the cash register device to be backed up and avoiding the data from being stolen due to the direct copy of the plaintext data; and the second key can be used for encrypting and decrypting the cash register data generated by the equipment, so that the equipment completes the safe storage and reading of the cash register data of the cash register equipment to be backed up and the equipment by using the same key, and the safety of the cash register data is maintained while the convenience of maintaining the safety of the data is improved.
Fig. 2 shows a flowchart of a data backup method of a cash register device according to another embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
step S210: receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a close-range wireless transmission mode; wherein the first encrypted cashier data is encrypted by a first key.
Specifically, when the cash register device to be backed up has a backup requirement, first encrypted cash register data obtained by encrypting the local storage of the device by using a first key is transmitted to the device in a short-distance wireless transmission mode. For example, when the cash register device to be backed up needs to be repaired or replaced, the first encrypted cash register data is transmitted to the device.
Further, a first key is stored in the cashier device to be backed up, and the first key is written into a storage area of a TEE (Trusted Execution Environment) of the cashier device to be backed up before the cashier device to be backed up leaves a factory, so that the first key is prevented from being illegally stolen, and the security of the first encrypted cashier data can be further improved.
Or, the first key is obtained by sending an initialization key issuing request carrying an equipment identifier to a server or a cryptographic machine through a TSM agent (Trusted service manager agent) of the cash register device to be backed up, and receiving an initialized key associated with the equipment identifier and allocated by the server or the cryptographic machine, where the equipment identifier is equipment model information or product serial number information. The cashier equipment to be backed up is provided with a trusted service management agent, a secret key can be dynamically requested from a server or a cipher machine through the trusted service management agent without being written into the cashier equipment to be backed up in advance, the flexibility of the configuration of the first secret key is improved, and meanwhile, the security of the secret key can be ensured through the dynamic request of the trusted service management agent; and after receiving an initialization key issuing request carrying the device identifier of the cash register device to be backed up, the server or the cryptographic machine allocates an initialization key, namely a first key, to the cash register device to be backed up, wherein a first mapping table of the association relationship between the device model information, the manufacturer information and/or the product batch information and the initialization key (first key) is maintained in the server or the cryptographic machine, and after receiving the initialization key issuing request carrying the device identifier, the server or the cryptographic machine queries the device model, the manufacturer and/or the production batch corresponding to the device identifier and returns the associated first key to the request end.
Step S220: and acquiring a second key, wherein the second key and the first key are symmetric keys.
Specifically, the device acquires the second key, where the second key and the first key are symmetric keys, that is, the first key and the second key are the same, and if the second key and the first key are the same, the device acquires the initialized key corresponding to the device identifier of the cash register device to be backed up.
Further, there are two ways for the device to obtain the second key:
in the first mode, a second key preset in a storage area of a trusted execution environment of the device is acquired. The second secret key is written into a storage area of the trusted execution environment before the device leaves a factory, and symmetric first secret key and second secret key are written into a safe storage area of the trusted execution environment of the device and the cash register device to be backed up according to information which can establish association such as device model, manufacturer information, production batch information and the like, so that the first secret key and the second secret key are ensured to be the same, and the device can be used for backing up and decrypting the encrypted cash register device to be backed up to obtain first encrypted cash register data. For example, the same key is preset for the same model of the cash register devices, and any one of the cash register devices of the same model can be used to backup and decrypt the first encrypted cash register data transmitted by other cash register devices.
And secondly, a trusted service management agent is preset in the equipment, and a second secret key can be dynamically issued to a server or a cipher machine through the trusted service management agent, so that the flexibility of obtaining the secret key is improved. Specifically, the process of obtaining the second key by the trusted service management agent is as follows: the method comprises the steps that a trusted service management agent obtains an equipment identifier of a cash register device to be backed up, wherein the equipment identifier of the cash register device to be backed up can be simultaneously transmitted to the equipment by the cash register device to be backed up and first encrypted cash register data, and a TSM agent obtains the equipment identifier of the cash register device to be backed up from transmitted information or can obtain the equipment identifier by receiving equipment identifiers input by a user; the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the server or the cipher machine, for the server or the cipher machine to issue a request to inquire the second key associated with the device identifier according to the backup key, wherein, different from the situation that the cashier device to be backed up dynamically requests the first key, when the device requests the second key, sending a backup key issuing request to the server or the cipher machine, wherein the identifier carried in the request is the device identifier of the cash register device to be backed up, but not the device identification of the device itself, so that the server or the cipher machine can distinguish the initialization key issuing from the backup key issuing, and can return the second key associated with the cash register device to be backed up to the device, and the device can further complete the decryption of the first encrypted cash register data transmitted by the cash register device to be backed up by using the second key associated with the cash register device to be backed up. And then, the trusted service management agent receives a second key issued by the server or the cryptographic machine according to the query result, and the second key is sent to the secure storage module of the device for storage, wherein the secure storage module can be SE (secure element) storage, and the security of key storage can be increased while the flexibility of key acquisition is improved by using a TSM agent request in combination with SE storage.
Furthermore, in the second mode, the trusted service management agent sends a backup key issuing request carrying the device identifier to the server or the cryptographic machine, so that the server or the cryptographic machine queries the second key associated with the device identifier according to the backup key issuing request and the counted issuing times of the second key associated with the device identifier; and if the issuing times reach the preset times, the association between the equipment identifier and the second key is released. And maintaining a second mapping table with the device identifier and a second key in the server or the cryptographic machine, wherein the second key is the first key stored in the cash register device to be backed up, and may be a key preset in the device to be backed up or an initialization key dynamically issued to the cash register device to be backed up. And in the process of maintaining the second mapping table, the server or the cipher machine updates the issuing times of the second key associated with the equipment identifier in the second mapping table when a second key associated with the equipment identifier of a certain cash register to be backed up is issued once for each time, and releases the association relationship between the equipment identifier and the second key in the second mapping table when the issuing times reach the preset times. Correspondingly, the receiving of the second key issued by the server or the cryptographic machine by the TSM agent further includes receiving the second key issued by the server or the cryptographic machine after querying the second key associated with the device identifier, querying whether the association relationship between the device identifier and the second key is recorded in the second mapping table by the server or the cryptographic machine, and if so, returning the associated second key to the TSM agent, wherein for the second key which has been disassociated, the associated second key cannot be queried, and at this time, returning a message that the key is not queried to the TSM agent. By the maintenance of the second mapping table and the query, the number of times of issuing the associated second key as the backup key for the device identifier can be limited, and the reduction of the security of the cash register data caused by issuing one copy of the second key to too many devices can be avoided. In general, the preset number of times is set to 1, that is, the second key is limited to be issued to only one cash register device for use as a backup key.
For example, if the preset number of times is 1, the association relationship between the device identifier 1 of the device a and the second key AAA is recorded in the second mapping table maintained by the server, when a backup key issuing request carrying the device identifier 1 is received for the first time, the associated second key AAA may be queried in the second mapping table, the requesting end may acquire the second key AAA, and thereafter, the number of times of issuing the second key AAA associated with the updated device identifier 1 is 1, which reaches the preset number of times 1, and the association relationship between the device identifier 1 and the second key AAA in the second mapping table is released. When a backup key issuing request carrying the device identifier 1 is received for the second time, the association relation containing the device identifier 1 cannot be inquired in the second mapping table, and the second key is not inquired.
Furthermore, when the TSM agent dynamically requests the second key to the cryptographic machine, the trusted service management agent sends a backup key issuing request carrying the device identifier to the cryptographic machine in a Near Field Communication (NFC) manner, where the TSM agent and the cryptographic machine both support an NFC function, and when the device is close to the cryptographic machine, the backup key issuing request may be sent to the cryptographic machine based on the obtained device identifier; correspondingly, the trusted service management agent receives a second key which is issued by the cipher machine in a near field communication mode and is associated with the equipment identifier. Through the NFC request and the issuing of the second secret key, the stability of the process of obtaining the second secret key can be improved.
It should be noted that, the manners of acquiring the first key by the cashier device to be backed up and acquiring the second key by the device are both preset and dynamic requests, and in the actual implementation process, the two manners may be combined to be used for acquiring the first key by the cashier device to be backed up and the second key by the device according to the actual requirements on flexibility and security. For example, in consideration of flexibility of obtaining the key, the cashier device to be backed up and the device may both obtain the key in a dynamic request manner, wherein the TSM agent of the cashier device to be backed up may request to obtain the first key by sending an initialization key issuing request carrying the device identifier of the device to be backed up to the server or the cryptographic machine, and the TSM agent of the device may request to obtain the second key by sending a backup key issuing request carrying the device identifier of the device to be backed up from the first encrypted cashier data source to the server or the cryptographic machine.
Step S230: checking whether the second key and/or the first encrypted cashier data are correct according to the second key and/or the first encrypted cashier data.
Specifically, after the second key is obtained, whether the second key is correct or not is checked, the second key is used to decrypt a preset encrypted value, and if the decryption is successful, the second key is determined to be correct, wherein the preset encrypted value is an encrypted value obtained by encrypting with the correct second key, the preset encrypted value and the second key can be issued to the device at the same time, and the second key is checked to be correct or not and the second key is obtained again when the preset encrypted value is incorrect, so that the situation that the first encrypted cash register data cannot be decrypted due to the fact that the second key is incorrect is avoided, and the correct second key can be used to decrypt the first encrypted cash register data.
And after the first encrypted cash register data is obtained, checking the correctness of the first encrypted cash register data, decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct. The decryption operation is only a memory action, and no storage action exists, so that substantial decryption is not performed. In this way, it is possible to avoid the data security from being threatened by substantially decrypting the data while verifying whether the first encrypted cashier data and the second key match.
In an embodiment of checking the correctness of both the second key and the first encrypted cash register data, preferably, the correctness of the second key may be checked first, and after the second key is checked correctly, the received first encrypted cash register data is further decrypted by using the correct second key to check the correctness of the first encrypted cash register data, so that the correctness of the second key and the first encrypted cash register data can be checked accurately.
Step S240: and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
Step S250: storing the first encrypted cashier data and the second encrypted cashier data; and in response to the data reading instruction, decrypting the stored encrypted cash register data by using the second key.
In the above steps S240 and S250, after the first encrypted cashier data and the second key are checked to be correct, on one hand, the first encrypted cashier data checked to be correct may be decrypted by using the second key checked to be correct and provided to the data reader, so as to implement the backup of the cashier data of the cashier device to be backed up for decryption; on the other hand, the second offline cash register data is encrypted and decrypted by using the second key which is checked to be correct, so that the device can encrypt and decrypt the cash register data generated by the device by using the key related to the device identifier of the cash register device to be backed up.
Fig. 3 shows an implementation diagram of a data backup method of the cash register device in a specific example. As shown in fig. 3, 1, before the device a (cash register device to be backed up) and the device B (the device) leave the factory, a key is preset, so that a preset symmetric key a is stored in TEE of the device a and the device B; 2. the device A encrypts the generated offline cashier data by using a symmetric key to obtain encrypted data; 3. when the data of the device A needs to be backed up, the encrypted data in the device A is transmitted to the device B for backup; 4. the device B may restore the obtained encrypted data by using the preset symmetric key a and provide the restored data to the data reader. It should be noted that, in the example of fig. 3, only the first key and the second key are preset, but in actual implementation, the device a and the device B may also obtain the first key and the second key respectively in a dynamic issuing manner.
According to the data backup method for the cash register device provided by the embodiment, the device can encrypt the second offline cash register data generated by the device on one hand by acquiring the second key, so as to obtain the second encrypted cash register data; on the other hand, in response to a data reading instruction, the received first encrypted cash register data transmitted by the cash register device to be backed up and/or the second encrypted cash register data generated and encrypted by the device per se can be decrypted and provided to a data reading party, so that the safe backup of the cash register data in the cash register device to be backed up is realized, the data theft caused by directly copying plaintext data is avoided, the cash register data generated by the device is also encrypted and decrypted by using the second key, the device completes the safe storage and reading of the cash register device to be backed up and the cash register data of the device to be backed up by using the same key, and the convenience of maintaining the data safety is improved while the safety of the cash register data is maintained. And the equipment can dynamically request a second key from the server or the cipher machine through the TSM agent, flexibly establish the association between the equipment identifier and the second key according to the key actually stored in the cash register equipment to be backed up, and issue the association to the equipment so as to improve the flexibility of obtaining the key. Moreover, by checking the correctness of the first encrypted cash register data and/or the second key, the accurate backup and decryption of the cash register device to be backed up by the device can be improved, and the problem that the backup error or the backed-up data cannot be decrypted and provided for a data reader for use due to the fact that the data or the key is incorrect is avoided.
Fig. 4 shows a schematic structural diagram of a data backup device of a cash register device according to an embodiment of the present invention.
As shown in fig. 4, the apparatus includes:
the receiving module 410 is adapted to receive first encrypted cash registering data transmitted by the cash registering device to be backed up in a short-distance wireless transmission manner; the first encrypted cashier data is obtained by encrypting a first secret key;
an obtaining module 420, adapted to obtain a second key, where the second key and the first key are symmetric keys;
the encryption module 430 is adapted to encrypt the second offline cash register data generated by the device by using a second key to obtain second encrypted cash register data;
a storage module 440 adapted to store the first and second encrypted cashier data;
the reading module 450 is adapted to decrypt the stored encrypted cash register data with the second key in response to the data reading instruction.
In an optional manner, the apparatus further comprises:
the checking module is suitable for checking whether the second key and/or the first encrypted cash register data are correct or not according to the second key and/or the first encrypted cash register data;
the encryption module is further adapted to: and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
In an optional manner, the verification module is further adapted to:
decrypting the preset encrypted value by using the second key, and if the decryption is successful, determining that the second key is correct; and/or the presence of a gas in the gas,
and decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct.
In an optional manner, a first key is stored in the cashier device to be backed up;
the first secret key is written into a storage area of a trusted execution environment of the cash register device to be backed up before the cash register device to be backed up leaves a factory; alternatively, the first and second electrodes may be,
the first secret key is obtained by sending an initialization secret key issuing request carrying an equipment identifier to a server or a cipher machine through a trusted service management agent of the cashier equipment to be backed up and receiving an initialization secret key which is distributed by the server or the cipher machine and is associated with the equipment identifier.
In an optional manner, the obtaining module is further adapted to:
and acquiring a second key preset in a storage area of the trusted execution environment of the equipment.
In an optional manner, a trusted service management agent is preset in the device, and the obtaining module further includes: the trusted service management agent is suitable for acquiring the equipment identifier of the cash register equipment to be backed up; sending a backup key issuing request carrying the equipment identifier to a server or a cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request; receiving a second key issued by the server or the cipher machine according to the query result; and sending the second key to a secure storage module of the device for storage.
In an alternative form, the trusted service management agent is further adapted to:
sending a backup key issuing request carrying the equipment identifier to a server or a password machine, so that the server or the password machine can inquire a second key associated with the equipment identifier according to the backup key issuing request and the counted issuing times of the second key associated with the equipment identifier; and if the issuing times reach preset times, the association between the equipment identifier and the second key is released.
In an alternative form, the trusted service management agent is further adapted to:
and receiving a second key associated with the equipment identifier, which is issued after the server or the cipher machine inquires the second key associated with the equipment identifier.
In an alternative form, the trusted service management agent is further adapted to:
sending a backup key issuing request carrying the equipment identifier to a cipher machine in a near field communication mode;
and receiving a second key which is issued by the cipher machine in a near field communication mode and is associated with the equipment identifier.
In an alternative, the device identifier is device model information or product serial number information.
The embodiment of the invention provides a nonvolatile computer storage medium, wherein the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the data backup method of the cash register device in any method embodiment.
Fig. 5 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device.
As shown in fig. 5, the computing device may include: a processor (processor)502, a Communications Interface 504, a memory 506, and a communication bus 508.
Wherein: the processor 502, communication interface 504, and memory 506 communicate with one another via a communication bus 508. A communication interface 504 for communicating with network elements of other devices, such as clients or other servers. The processor 502 is configured to execute the program 510, and may specifically execute the relevant steps in the embodiment of the data backup method for the cash register device of the computing device.
In particular, program 510 may include program code that includes computer operating instructions.
The processor 502 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may specifically be used to cause the processor 502 to perform the following operations:
receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a close-range wireless transmission mode; the first encrypted cashier data is obtained by encrypting a first secret key;
acquiring a second key, wherein the second key and the first key are symmetric keys; encrypting second off-line cash register data generated by the equipment by using a second key to obtain second encrypted cash register data;
storing the first encrypted cashier data and the second encrypted cashier data;
and in response to a data reading instruction, decrypting the stored encrypted cash register data by using the second key.
In an alternative, the program 510 further causes the processor 502 to:
checking whether the second key and/or the first encrypted cashier data are correct or not according to the second key and/or the first encrypted cashier data;
and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
In an alternative, the program 510 further causes the processor 502 to:
decrypting the preset encrypted value by using the second key, and if the decryption is successful, determining that the second key is correct; and/or the presence of a gas in the gas,
and decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct.
In an optional manner, a first key is stored in the cashier device to be backed up;
the first secret key is written into a storage area of a trusted execution environment of the cash register device to be backed up before the cash register device to be backed up leaves a factory; alternatively, the first and second electrodes may be,
the first secret key is obtained by sending an initialization secret key issuing request carrying an equipment identifier to a server or a cipher machine through a trusted service management agent of the cashier equipment to be backed up and receiving an initialization secret key which is distributed by the server or the cipher machine and is associated with the equipment identifier.
In an alternative, the program 510 further causes the processor 502 to:
and acquiring a second key preset in a storage area of the trusted execution environment of the equipment.
In an alternative, a trusted service management agent is pre-configured in the device, and the program 510 further causes the processor 502 to:
the method comprises the steps that a trusted service management agent obtains an equipment identifier of a cashier device to be backed up;
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the server or the cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request;
the trusted service management agent receives a second key issued by the server or the cipher machine according to the query result;
and the trusted service management agent sends the second key to a secure storage module of the device for storage.
In an alternative, the program 510 further causes the processor 502 to:
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to a server or a cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request and the counted issuing times of the second key associated with the equipment identifier; and if the issuing times reach preset times, the association between the equipment identifier and the second key is released.
In an alternative, the program 510 further causes the processor 502 to:
and receiving a second key associated with the equipment identifier, which is issued after the server or the cipher machine inquires the second key associated with the equipment identifier.
In an alternative, the program 510 further causes the processor 502 to:
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the cipher machine in a near field communication mode;
and the trusted service management agent receives a second key which is issued by the cipher machine in a near field communication mode and is associated with the equipment identifier.
In an alternative, the device identifier is device model information or product serial number information.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of embodiments of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best modes of embodiments of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that is, the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components according to embodiments of the present invention. Embodiments of the invention may also be implemented as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing embodiments of the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. Embodiments of the invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.
Claims (10)
1. A data backup method of a cash register device, comprising:
receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a close-range wireless transmission mode; the first encrypted cashier data is obtained by encrypting a first secret key;
acquiring a second key, wherein the second key and the first key are symmetric keys; encrypting second off-line cash register data generated by the equipment by using a second key to obtain second encrypted cash register data;
storing the first encrypted cashier data and the second encrypted cashier data;
and in response to a data reading instruction, decrypting the stored encrypted cash register data by using the second key.
2. The method of claim 1, wherein after the obtaining the second key, the method further comprises:
checking whether the second key and/or the first encrypted cashier data are correct or not according to the second key and/or the first encrypted cashier data;
the encrypting the second offline cash register data generated by the device by using the second key to obtain second encrypted cash register data further comprises: and if the second key and/or the first encrypted cash register data are correct, encrypting second offline cash register data generated by the equipment by using the second key to obtain second encrypted cash register data.
3. The method of claim 2, wherein the checking whether the second key and/or first encrypted cashier data is correct according to the second key and/or first encrypted cashier data further comprises:
decrypting the preset encrypted value by using the second key, and if the decryption is successful, determining that the second key is correct; and/or the presence of a gas in the gas,
and decrypting the first encrypted cash register data by using the second key, and if the decryption is successful, determining that the first encrypted cash register data is correct.
4. The method according to any one of claims 1 to 3, wherein the cashier device to be backed up has a first key stored therein;
the first secret key is written into a storage area of a trusted execution environment of the cash register device to be backed up before the cash register device to be backed up leaves a factory; alternatively, the first and second electrodes may be,
the first secret key is obtained by sending an initialization secret key issuing request carrying an equipment identifier to a server or a cipher machine through a trusted service management agent of the cashier equipment to be backed up and receiving an initialization secret key which is distributed by the server or the cipher machine and is associated with the equipment identifier.
5. The method of any of claims 1-4, wherein the obtaining a second key further comprises:
and acquiring a second key preset in a storage area of the trusted execution environment of the equipment.
6. The method according to any one of claims 1 to 4, wherein a trusted service management agent is pre-configured in the present device, and the obtaining the second key further includes:
the method comprises the steps that a trusted service management agent obtains an equipment identifier of a cashier device to be backed up;
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to the server or the cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request;
the trusted service management agent receives a second key issued by the server or the cipher machine according to the query result;
and the trusted service management agent sends the second key to a secure storage module of the device for storage.
7. The method of claim 6, wherein the sending, by the trusted service management agent to a server or a cryptographic machine, a backup key issuing request carrying the device identifier, so that the server or the cryptographic machine queries a second key associated with the device identifier according to the backup key issuing request further comprises:
the trusted service management agent sends a backup key issuing request carrying the equipment identifier to a server or a cipher machine, so that the server or the cipher machine can inquire a second key associated with the equipment identifier according to the backup key issuing request and the counted issuing times of the second key associated with the equipment identifier; and if the issuing times reach preset times, the association between the equipment identifier and the second key is released.
8. A data backup apparatus of a cash register device, comprising:
the receiving module is suitable for receiving first encrypted cash registering data transmitted by the cash registering device to be backed up in a short-distance wireless transmission mode; the first encrypted cashier data is obtained by encrypting a first secret key;
the acquisition module is suitable for acquiring a second secret key, and the second secret key and the first secret key are symmetric secret keys;
the encryption module is suitable for encrypting second offline cash register data generated by the equipment by using a second secret key to obtain second encrypted cash register data;
a storage module adapted to store the first encrypted cashier data and the second encrypted cashier data;
and the reading module is suitable for responding to a data reading instruction and decrypting the stored encrypted cash register data by using the second key.
9. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the data backup method of the cash register device as claimed in any one of claims 1-7.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the data backup method of the cash register device according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010102050.6A CN111290884A (en) | 2020-02-19 | 2020-02-19 | Data backup method and device for cash register equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010102050.6A CN111290884A (en) | 2020-02-19 | 2020-02-19 | Data backup method and device for cash register equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111290884A true CN111290884A (en) | 2020-06-16 |
Family
ID=71026809
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010102050.6A Pending CN111290884A (en) | 2020-02-19 | 2020-02-19 | Data backup method and device for cash register equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111290884A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158201A (en) * | 2021-02-26 | 2021-07-23 | 云码智能(海南)科技有限公司 | Information safety backup method and device |
| CN115129518A (en) * | 2022-08-25 | 2022-09-30 | 北京百度网讯科技有限公司 | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) stored data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103039035A (en) * | 2010-06-22 | 2013-04-10 | 郭舜日 | Short-range secure data communication method based on sound wave or audio, and apparatus thereof |
| CN105204962A (en) * | 2015-09-25 | 2015-12-30 | 北京金山安全软件有限公司 | Data backup method and device and server |
| CN106464973A (en) * | 2014-04-25 | 2017-02-22 | 三星电子株式会社 | Mobile device and method of sharing content |
| CN106934616A (en) * | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | A kind of service implementation method and device based on NFC technique |
| CN109379190A (en) * | 2018-12-19 | 2019-02-22 | 世纪龙信息网络有限责任公司 | Method for distributing key, device, computer equipment and storage medium |
| CN109544827A (en) * | 2018-11-27 | 2019-03-29 | 福州市台江区金科电子科技有限公司 | Cash register and its application method with data backup device |
-
2020
- 2020-02-19 CN CN202010102050.6A patent/CN111290884A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103039035A (en) * | 2010-06-22 | 2013-04-10 | 郭舜日 | Short-range secure data communication method based on sound wave or audio, and apparatus thereof |
| CN106464973A (en) * | 2014-04-25 | 2017-02-22 | 三星电子株式会社 | Mobile device and method of sharing content |
| CN105204962A (en) * | 2015-09-25 | 2015-12-30 | 北京金山安全软件有限公司 | Data backup method and device and server |
| CN106934616A (en) * | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | A kind of service implementation method and device based on NFC technique |
| CN109544827A (en) * | 2018-11-27 | 2019-03-29 | 福州市台江区金科电子科技有限公司 | Cash register and its application method with data backup device |
| CN109379190A (en) * | 2018-12-19 | 2019-02-22 | 世纪龙信息网络有限责任公司 | Method for distributing key, device, computer equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158201A (en) * | 2021-02-26 | 2021-07-23 | 云码智能(海南)科技有限公司 | Information safety backup method and device |
| CN115129518A (en) * | 2022-08-25 | 2022-09-30 | 北京百度网讯科技有限公司 | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) stored data |
| CN115129518B (en) * | 2022-08-25 | 2022-12-13 | 北京百度网讯科技有限公司 | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) internal storage data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109961292B (en) | Block chain verification code application method, equipment and storage medium | |
| US10439804B2 (en) | Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes | |
| CN106790156B (en) | Intelligent device binding method and device | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| CN111327637B (en) | Service key management method and system | |
| CN111241564B (en) | Memory page exchange method and security processor | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN111625829A (en) | Application activation method and device based on trusted execution environment | |
| CN108810017B (en) | Service processing security verification method and device | |
| JPH1185499A (en) | Data distribution system using open network for program or the like | |
| CN106657152A (en) | Authentication method, server and access control device | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| US11924270B2 (en) | Method and system for transferring data | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| CN112596740A (en) | Program deployment method and device | |
| CN108471403B (en) | Account migration method and device, terminal equipment and storage medium | |
| CN112433817A (en) | Information configuration method, direct storage access method and related device | |
| CN111290884A (en) | Data backup method and device for cash register equipment | |
| WO2002005475A2 (en) | Generation and use of digital signatures | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| US11399015B2 (en) | Data security tool | |
| CN112633884A (en) | Local private key recovery method and device for transaction main body identity certificate | |
| US10218713B2 (en) | Global attestation procedure | |
| CN112418850A (en) | Transaction method and device based on block chain and electronic equipment | |
| CN114222288B (en) | Equipment identifier generation method, equipment identifier verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200616 |