WO2017050186A1 - Application permission management method and smart pos terminal - Google Patents

Application permission management method and smart pos terminal Download PDF

Info

Publication number
WO2017050186A1
WO2017050186A1 PCT/CN2016/099200 CN2016099200W WO2017050186A1 WO 2017050186 A1 WO2017050186 A1 WO 2017050186A1 CN 2016099200 W CN2016099200 W CN 2016099200W WO 2017050186 A1 WO2017050186 A1 WO 2017050186A1
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
application
system kernel
pos terminal
signature
Prior art date
Application number
PCT/CN2016/099200
Other languages
French (fr)
Chinese (zh)
Inventor
王琪
才华
张少飞
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2017050186A1 publication Critical patent/WO2017050186A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the application layer 101 is configured to run an installed application under the operating system call, and when installing, and/or modifying an application; the application invokes a signed operating system kernel, and uses an application signature certificate to install, And/or modified applications are verified, and only authenticated applications are allowed to perform operations on the POS terminal.
  • FIG. 2 the second logical structure diagram of the smart POS terminal proposed by the present invention is shown.
  • a hardware layer 103 On the basis of FIG. 1, further comprising: a hardware layer 103;
  • the operating system kernel signature certificate and the application signature certificate file are saved in the security module.
  • the two certificates are issued by different root certificates to protect different contents. Used to verify the signature of the operating system kernel and the signature of the application.
  • a trusted authority such as UnionPay
  • UnionPay will issue an operating system kernel signing certificate for each terminal manufacturer (a vendor recognized by a trusted authority) and issue an application signing certificate.
  • the intelligent POS terminal provided by the invention can conveniently and safely control the application running on the smart POS terminal safely and ensure that the operating system of the smart POS terminal is not falsified.
  • the present invention proposes an application rights management method. As shown in Figure 3, it includes:
  • the operating system kernel signing certificate and the application signing certificate involved in the method are all stored by the hardware security module of the POS terminal.
  • the application authority management method based on the intelligent POS terminal proposed by the invention adopts the operating system kernel signature verification and the application signature verification manner, and ensures the security of the operating system kernel while scalability, and the application authority is reasonable. control. Since the hardware security module is used to save the signature certificate of the terminal operating system kernel and the application's signature certificate, the certificate file can be prevented from being tampered with. In short, in this program, the traditional financial acquiring platform does not need to be changed, and the implementation is simple and compatible.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to an application permission management method and a smart POS terminal. The application permission management method comprises: signing an operating system kernel that succeeds in authentication by using an operating system kernel signature certificate; and when installing and/or repairing an application on a POS terminal that succeeds in authentication, calling a signed operating system kernel, authenticating the application by using an application signing certificate, and only allowing the application that succeeds in authentication to perform corresponding operation on the POS terminal. The present technical scheme can conveniently perform business development while meeting a traditional acquiring function. In order to ensure the security of an operating system kernel of a smart POS terminal, an application that does not succeed in signature authentication is not allowed to do any repair on the operating system kernel, thereby ensuring the security of the operating system kernel.

Description

一种应用权限管理方法以及智能POS终端Application rights management method and intelligent POS terminal
本申请要求2015年9月22日递交的申请号为201510607164.5、发明名称为“一种应用权限管理方法以及智能POS终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims the priority of the Chinese Patent Application No. 201510607164.5, filed on Sep. 22, 2015, entitled,,,,,,,,,,,,,,,,,,,,,,,,,
技术领域Technical field
本发明涉及支付终端系统技术领域,特别涉及一种应用权限管理方法以及智能POS终端。The present invention relates to the technical field of payment terminal systems, and in particular, to an application rights management method and an intelligent POS terminal.
背景技术Background technique
在国内,传统的POS终端还是采用比较落后的技术架构,每台终端在布放之前,由专业化服务机构或收单机构往POS终端中一次性烧录程序和应用,以满足业务需求。In China, traditional POS terminals still use a relatively backward technology architecture. Before each terminal is deployed, a professional service organization or an acquirer can burn programs and applications to the POS terminal at one time to meet business needs.
传统的金融POS终端在布放前,专业化服务机构或收单机构需将每台POS终端对应的程序和数据拿到安全的区域,进行程序和数据的烧录。当POS终端中的程序或数据需要更新时,也需要专业化服务机构或收单机构将该台POS终端对应的程序和数据进行重新烧录。使用该方法存在以下缺点:Before the traditional financial POS terminal is deployed, the specialized service organization or the acquiring institution needs to take the program and data corresponding to each POS terminal to a safe area to program and data. When the program or data in the POS terminal needs to be updated, the professional service organization or the acquirer also needs to re-program the program and data corresponding to the POS terminal. There are the following disadvantages when using this method:
1、专业化服务机构或收单机构对POS终端的烧录,增加了人工和运营的成本;1. The burning of POS terminals by specialized service agencies or acquirers increases the cost of labor and operations;
2、使用人工烧录的方式,整个周期较长、并且需要投入大量的人力;2, the use of manual burning, the entire cycle is long, and need to invest a lot of manpower;
3、对POS终端的更新同样周期较长且浪费人力。3. The update to the POS terminal is also a long cycle and wastes manpower.
发明内容Summary of the invention
为解决现有技术的问题,本发明提出一种应用权限管理方法以及智能POS终端。本技术方案在满足传统的收单功能的同时,可以方便、高效地进行业务的扩展。为确保智能POS终端操作系统内核的安全性,不允许未通过签名认证的应用对操作系统内核做任何的修改,保证了操作系统内核的安全性。To solve the problems of the prior art, the present invention provides an application rights management method and an intelligent POS terminal. The technical solution can expand the service conveniently and efficiently while satisfying the traditional acquiring function. In order to ensure the security of the operating system kernel of the smart POS terminal, the application that has not passed the signature authentication is not allowed to make any modifications to the operating system kernel, thereby ensuring the security of the operating system kernel.
为实现上述目的,本发明提供了一种应用权限管理方法,包括:To achieve the above objective, the present invention provides an application rights management method, including:
对认证通过的操作系统内核使用操作系统内核签名证书进行签名; The operating system kernel passed the authentication is signed using the operating system kernel signing certificate;
在认证通过的POS终端上安装、和/或修改应用时,调用已签名的操作系统内核,使用应用签名证书对所述应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。When the application is installed and/or modified on the POS terminal that passes the authentication, the signed operating system kernel is invoked, and the application is verified by using the application signature certificate. Only the authenticated application allows the corresponding operation to be performed on the POS terminal.
对应地,为实现上述目的,本发明还提供了一种智能POS终端,所述智能POS终端通过认证,包括:Correspondingly, in order to achieve the above object, the present invention further provides an intelligent POS terminal, and the smart POS terminal passes the authentication, including:
应用层和操作系统层;其中,Application layer and operating system layer; among them,
所述操作系统层,用于运行认证通过的操作系统,所述操作系统被操作系统内核签名证书已签名;The operating system layer is configured to run an operating system through which the authentication is performed, and the operating system is signed by an operating system kernel signature certificate;
所述应用层,用于在所述操作系统调用下运行已安装的应用,且在安装、和/或修改应用时;所述应用调用已签名的操作系统内核,使用应用签名证书对安装、和/或修改的应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。The application layer is configured to run an installed application under the operating system call, and when installing, and/or modifying an application; the application invokes a signed operating system kernel, using an application signature certificate to install, and / or modified application to verify, only the authenticated application allows the corresponding operation on the POS terminal.
上述技术方案具有如下有益效果:The above technical solution has the following beneficial effects:
1、采用本文所述的技术方案,专业化服务机构或收单机构对POS终端只需要进行一次烧录,将操作系统烧录至硬件设备上,对应用执行安装、修改、删除等操作时,仅针对应用区进行操作,不涉及烧录。因此,只需要在终端出厂时执行一次烧录即可。方便了POS终端的业务扩展和布放,并大大降低了运营维护的成本。1. Using the technical solution described in this paper, the professional service organization or the acquiring institution only needs to perform a burning process for the POS terminal, and then burn the operating system to the hardware device to perform installation, modification, deletion, etc. on the application. Only for the application area, does not involve burning. Therefore, it is only necessary to perform a burn once when the terminal is shipped from the factory. It facilitates service expansion and deployment of POS terminals and greatly reduces the cost of operation and maintenance.
2、在烧录终端硬件设备的操作系统时,将操作系统内核签名公钥证书和应用签名验证证书写入安全模块中(由不同的根证书签发),后续通过应用签名证书验证满足POS终端可扩展,通过验证操作系统内核的签名证书验证保护操作系统内核的安全。只需要在终端出厂的时候进行一次烧录即可保证后续的安全性。并且,使用硬件安全模块保存终端操作系统内核的签名证书与应用的签名证书,可防止证书文件被人为篡改。2. When the operating system of the terminal hardware device is burned, the operating system kernel signature public key certificate and the application signature verification certificate are written into the security module (signed by different root certificates), and subsequently verified by the application signature certificate to satisfy the POS terminal. The extension protects the security of the operating system kernel by verifying the signature certificate of the operating system kernel. Only need to perform a burn when the terminal is shipped from the factory to ensure the subsequent security. Moreover, using the hardware security module to save the signature certificate of the terminal operating system kernel and the application's signature certificate can prevent the certificate file from being tampered with.
3、采用操作系统内核签名验证和应用签名验证的方式,保证了可扩展性的同时,保证了操作系统内核的安全性,对应用的权限进行了合理的控制。3, using the operating system kernel signature verification and application signature verification, to ensure scalability, while ensuring the security of the operating system kernel, the application permissions are properly controlled.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1为本发明提出的一种智能POS终端逻辑架构图之一; 1 is a logic architecture diagram of an intelligent POS terminal according to the present invention;
图2为本发明提出的一种智能POS终端逻辑架构图之二;2 is a second schematic diagram of a logical architecture of an intelligent POS terminal according to the present invention;
图3为本发明提出的一种应用权限管理方法流程图。FIG. 3 is a flowchart of an application rights management method according to the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本技术方案的实现涉及以下几个主要组成部分:经过定制化改造的操作系统内核、由可信机构颁发的操作系统内核签名证书和应用签名证书、智能POS终端硬件安全模块。The implementation of the technical solution involves the following main components: a customized operating system kernel, an operating system kernel signing certificate and an application signing certificate issued by a trusted authority, and a smart POS terminal hardware security module.
本技术方案的核心为:通过签名将应用层与操作系统层分离开,防止签名的应用篡改操作系统,保护的是操作系统层的安全。签名需使用操作系统内核签名证书或应用签名证书。The core of the technical solution is: separating the application layer from the operating system layer by signature, preventing the application of the signature from tampering with the operating system, and protecting the security of the operating system layer. Signatures require an operating system kernel signing certificate or an application signing certificate.
操作系统内核的改造主要包括安全功能的定制和专用组件驱动的开发,定制后的操作系统内核需通过安全检测认证,以确认系统功能满足POS的收单需求。认证后的操作系统内核使用可信机构颁发的操作系统内核证书签名,确保操作系统不被轻易篡改。并且,应用只有通过应用签名证书的验证,才允许应用在智能POS终端上被安装或更新。The transformation of the operating system kernel mainly includes the customization of security functions and the development of dedicated component drivers. The customized operating system kernel needs to pass the security detection and certification to confirm that the system functions meet the POS collection requirements. The authenticated operating system kernel is signed with the operating system kernel certificate issued by the trusted authority to ensure that the operating system is not easily tampered with. Moreover, the application allows the application to be installed or updated on the smart POS terminal only by the verification of the application signature certificate.
智能POS终端的安全模块用于保存操作系统内核的签名证书和应用的签名证书,通过操作系统内核可调用安全模块进行签名的验证。只有通过操作系统内核的签名验证,才允许对操作系统内核文件进行修改,从而在满足POS终端可扩展的同时,保证了操作系统内核安全的方法。The security module of the smart POS terminal is used to save the signature certificate of the operating system kernel and the signature certificate of the application, and the security module can be used to verify the signature through the operating system kernel. Only through the signature verification of the operating system kernel, the operating system kernel file is allowed to be modified, thereby ensuring the security of the operating system kernel while satisfying the scalability of the POS terminal.
实施例一Embodiment 1
基于上述工作原理的描述,本发明提出一种智能POS终端之一。如图1所示。从逻辑架构角度出发,智能POS终端包括:Based on the above description of the working principle, the present invention proposes one of intelligent POS terminals. As shown in Figure 1. From the perspective of logical architecture, intelligent POS terminals include:
应用层101和操作系统层102;其中, Application layer 101 and operating system layer 102; wherein
所述操作系统层102,用于运行认证通过的操作系统,所述操作系统被操作系统内核签名证书已签名。The operating system layer 102 is configured to run an operating system that passes authentication, and the operating system is signed by an operating system kernel signature certificate.
从图1可知,操作系统内核处在操作系统层102中,操作系统内核由终端厂商或操作系统开发厂商定制。对于智能POS终端来说,至少应包含传统POS终端所必须的功 能如外置密码键盘、打印机、磁条卡/IC卡读卡器等,还可以支持新型支付手段如非接支付、二维码支付等。定制的操作系统内核的终端需由专业的安全检测机构进行认证,以确认此终端可用于金融POS收单。操作系统内核可进行读操作和修改操作,通过认证的操作系统内核由可信机构颁发的操作系统内核签名证书进行签名,确保认证的系统内核不会轻易篡改。As can be seen from FIG. 1, the operating system kernel is in the operating system layer 102, and the operating system kernel is customized by the terminal manufacturer or the operating system developer. For smart POS terminals, at least the work necessary for traditional POS terminals should be included. Can be like external password keyboard, printer, magnetic stripe card / IC card reader, etc., can also support new payment methods such as non-payment, two-dimensional code payment. The terminal of the customized operating system kernel needs to be authenticated by a professional security testing organization to confirm that the terminal can be used for financial POS receipt. The operating system kernel can perform read and modify operations, and the certified operating system kernel is signed by the operating system kernel signature certificate issued by the trusted authority to ensure that the certified system kernel is not easily falsified.
所述应用层101,用于在所述操作系统调用下运行已安装的应用,且在安装、和/或修改应用时;所述应用调用已签名的操作系统内核,使用应用签名证书对安装、和/或修改的应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。The application layer 101 is configured to run an installed application under the operating system call, and when installing, and/or modifying an application; the application invokes a signed operating system kernel, and uses an application signature certificate to install, And/or modified applications are verified, and only authenticated applications are allowed to perform operations on the POS terminal.
智能POS终端的应用层上运行安装了POS终端的各类应用。应用客户端在通过安全检测后,由可信机构颁发的应用签名证书为应用客户端签名。只有使用应用签名验证通过的应用客户端才允许被安装至智能POS终端上。应用可通过调用操作系统内核驱动来使用终端内置/或外置的设备,但需要遵守相关的规范。Various applications of the POS terminal are installed on the application layer of the smart POS terminal. After the application client passes the security check, the application signing certificate issued by the trusted authority signs the application client. Only application clients that pass the application signature verification are allowed to be installed on the smart POS terminal. Applications can use terminal built-in and/or external devices by calling the operating system kernel driver, but they need to comply with the relevant specifications.
如图2所示,为本发明提出的一种智能POS终端逻辑架构图之二。在图1的基础上,还包括:硬件层103;As shown in FIG. 2, the second logical structure diagram of the smart POS terminal proposed by the present invention is shown. On the basis of FIG. 1, further comprising: a hardware layer 103;
所述硬件层103,包括安全模块,用于存储所述操作系统内核签名证书、所述应用签名证书。The hardware layer 103 includes a security module, configured to store the operating system kernel signature certificate and the application signature certificate.
在智能POS终端布放前,将操作系统内核签名证书、应用签名证书文件保存在安全模块中,两个证书由不同的根证书签发,保护不同的内容。分别用于验证操作系统内核的签名和应用的签名。可信机构(例如银联)会为每一家终端厂商(可信机构认可的厂商)颁发操作系统内核签名证书,并统一颁发应用签名证书。Before the intelligent POS terminal is deployed, the operating system kernel signature certificate and the application signature certificate file are saved in the security module. The two certificates are issued by different root certificates to protect different contents. Used to verify the signature of the operating system kernel and the signature of the application. A trusted authority (such as UnionPay) will issue an operating system kernel signing certificate for each terminal manufacturer (a vendor recognized by a trusted authority) and issue an application signing certificate.
采用本发明提出的一种智能POS终端,可以方便、安全地控制智能POS终端上的应用安全地运行,并保证智能POS终端的操作系统不会被篡改。The intelligent POS terminal provided by the invention can conveniently and safely control the application running on the smart POS terminal safely and ensure that the operating system of the smart POS terminal is not falsified.
实施例二Embodiment 2
基于上述工作原理的描述,本发明提出的一种应用权限管理方法。如图3所示,包括:Based on the description of the above working principle, the present invention proposes an application rights management method. As shown in Figure 3, it includes:
步骤301):对认证通过的操作系统内核使用操作系统内核签名证书进行签名;Step 301): sign the operating system kernel that is authenticated by using an operating system kernel signature certificate;
步骤302):在认证通过的POS终端上安装、和/或修改应用时,调用已签名的操作系统内核,使用应用签名证书对所述应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。 Step 302): When the application is installed and/or modified on the POS terminal that passes the authentication, the signed operating system kernel is invoked, and the application is verified by using the application signature certificate, and only the verified application is allowed on the POS terminal. Take the appropriate action.
本方法中涉及的操作系统内核签名证书、应用签名证书均通过POS终端的硬件安全模块进行存储。The operating system kernel signing certificate and the application signing certificate involved in the method are all stored by the hardware security module of the POS terminal.
对于本方法来说,所述操作系统内核允许读操作和修改操作。在发生操作系统更改时,需要验证写入的文件数据的签名与所述操作系统内核签名证书的一致性,只有一致性时才允许操作系统内核进行相应更改。For the present method, the operating system kernel allows read operations and modify operations. When an operating system change occurs, it is necessary to verify the consistency of the signature of the written file data with the operating system kernel signing certificate, and only allow the operating system kernel to make corresponding changes when the consistency is reached.
本发明实施例还提供了一种包括计算机可读指令的计算机可读存储介质,该计算机可读指令在被执行时使处理器至少执行以下操作:对认证通过的操作系统内核使用操作系统内核签名证书进行签名;在认证通过的POS终端上安装、和/或修改应用时,调用已签名的操作系统内核,使用应用签名证书对所述应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。Embodiments of the present invention also provide a computer readable storage medium comprising computer readable instructions, when executed, causing a processor to perform at least the following operations: using an operating system kernel signature for an operating system kernel that passes authentication The certificate is signed; when the application is installed and/or modified on the POS terminal that passes the authentication, the signed operating system kernel is invoked, and the application is verified by using the application signature certificate, and only the verified application is allowed on the POS terminal. Take the appropriate action.
在实际中,POS终端应用权限管理流程如下:In practice, the POS terminal application rights management process is as follows:
1、厂商按照智能POS终端相关规范定制智能POS终端硬件与操作系统内核;1. The manufacturer customizes the intelligent POS terminal hardware and operating system kernel according to the relevant specifications of the intelligent POS terminal;
智能POS终端的硬件和操作系统均需要定制,保证可以开展POS业务,同时保证安全性。例如像智能手机是不能作为POS终端使用的。The hardware and operating system of the smart POS terminal need to be customized to ensure that POS services can be carried out while ensuring security. For example, a smartphone cannot be used as a POS terminal.
2、第三方认证机构对厂商提交的智能POS终端与操作系统内核进行安全检测认证;2. The third-party certification body performs security detection and authentication on the smart POS terminal and the operating system kernel submitted by the manufacturer;
3、认证通过后,可信机构为智能POS终端颁发操作系统内核证书和应用签名证书;3. After the certification is passed, the trusted authority issues an operating system kernel certificate and an application signing certificate for the smart POS terminal;
4、可信机构为操作系统内核进行签名,并由将系统内核证书、应用签名证书预置于安全模块,用于验证签名;4. The trusted authority signs the operating system kernel, and presets the system kernel certificate and the application signature certificate to the security module for verifying the signature;
5、终端安装应用时,会调用操作系统内核,使用安全模块中的应用签名证书验证应用签名;5. When the terminal installs the application, the operating system kernel is invoked, and the application signature is verified by using the application signature certificate in the security module;
6、终端上的应用运行时,如需修改操作系统内核,将触发操作系统内核验证程序,验证操作系统内核签名;如验证通过,允许修改,否则,不允许修改操作系统内核;6. When the application on the terminal is running, if the operating system kernel needs to be modified, the operating system kernel verification program will be triggered to verify the operating system kernel signature; if the verification is passed, the modification is allowed; otherwise, the operating system kernel is not allowed to be modified;
7、流程结束。7. The process ends.
当终端出厂后(操作系统内核签名证书已烧录进安全模块中),应用的安装、升级等操作均需验证应用签名与安全模块中的应用签名证书的一致性,仅验证一致时准许安装与升级。将合规应用安装至智能POS终端时,操作系统通过验证应用签名与安全模块中应用签名证书的一致性,如一致,则允许应用被安装;如不一致,则应用不允许安装至终端。 After the terminal is shipped from the factory (the operating system kernel signature certificate has been burned into the security module), the installation and upgrade operations of the application need to verify the consistency between the application signature and the application signature certificate in the security module. Only when the verification is consistent, the installation is permitted. upgrade. When the compliant application is installed on the smart POS terminal, the operating system verifies the consistency between the application signature and the application signature certificate in the security module. If the application is consistent, the application is allowed to be installed. If the application is inconsistent, the application is not allowed to be installed to the terminal.
随着终端的推广,应用的增多,不可避免有隐藏问题的应用被安装至终端,此时,如果应用运行时发生修改操作系统内核的操作,则需要验证要写入的文件数据的签名与安全模块中的操作系统内核签名证书的一致性,仅有一致时允许进行操作系统内核更新,保证操作系统内核可更新;否则,不允许操作系统内核被修改,起到了防止操作系统内核被篡改的作用。With the promotion of the terminal and the increase of the application, it is inevitable that the application with hidden problems is installed to the terminal. At this time, if the operation of modifying the operating system kernel occurs during the application running, it is necessary to verify the signature and security of the file data to be written. The consistency of the operating system kernel signing certificate in the module is only allowed to update the operating system kernel to ensure that the operating system kernel can be updated; otherwise, the operating system kernel is not allowed to be modified, which prevents the operating system kernel from being tampered with. .
本发明提出的基于智能POS终端的应用权限管理方法,采用操作系统内核签名验证和应用签名验证的方式,在可扩展性的同时,保证了操作系统内核的安全性,对应用的权限进行了合理的控制。由于使用硬件安全模块保存终端操作系统内核的签名证书与应用的签名证书,可防止证书文件被人为篡改。总之,在本方案中,传统的金融收单平台不需做任何改动,实现简洁,兼容性好。The application authority management method based on the intelligent POS terminal proposed by the invention adopts the operating system kernel signature verification and the application signature verification manner, and ensures the security of the operating system kernel while scalability, and the application authority is reasonable. control. Since the hardware security module is used to save the signature certificate of the terminal operating system kernel and the application's signature certificate, the certificate file can be prevented from being tampered with. In short, in this program, the traditional financial acquiring platform does not need to be changed, and the implementation is simple and compatible.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The specific embodiments of the present invention have been described in detail with reference to the preferred embodiments of the present invention. All modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (10)

  1. 一种应用权限管理方法,其特征在于,包括:An application rights management method, which is characterized by comprising:
    对认证通过的操作系统内核使用操作系统内核签名证书进行签名;The operating system kernel passed the authentication is signed using the operating system kernel signing certificate;
    在认证通过的POS终端上安装、和/或修改应用时,调用已签名的操作系统内核,使用应用签名证书对所述应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。When the application is installed and/or modified on the POS terminal that passes the authentication, the signed operating system kernel is invoked, and the application is verified by using the application signature certificate. Only the authenticated application allows the corresponding operation to be performed on the POS terminal.
  2. 如权利要求1所述的方法,其特征在于,所述操作系统内核签名证书、所述应用签名证书均通过POS终端的硬件安全模块进行存储。The method of claim 1, wherein the operating system kernel signature certificate and the application signature certificate are all stored by a hardware security module of the POS terminal.
  3. 如权利要求1所述的方法,其特征在于,所述操作系统内核允许读操作和修改操作。The method of claim 1 wherein said operating system kernel allows read operations and modify operations.
  4. 如权利要求3所述的方法,其特征在于,在发生操作系统更改时,需要验证写入的文件数据的签名与所述操作系统内核签名证书的一致性,只有一致性时才允许操作系统内核进行相应更改。The method according to claim 3, wherein when an operating system change occurs, it is necessary to verify the consistency of the signature of the written file data with the operating system kernel signature certificate, and the operating system kernel is allowed only when the consistency is obtained. Make the appropriate changes.
  5. 如权利要求1~3任一权利要求所述的方法,其特征在于,所述POS终端的硬件、所述操作系统内核均为定制的。The method according to any one of claims 1 to 3, wherein the hardware of the POS terminal and the operating system kernel are all customized.
  6. 一种智能POS终端,其特征在于,所述智能POS终端通过认证,包括:An intelligent POS terminal, wherein the smart POS terminal passes the authentication, including:
    应用层和操作系统层;其中,Application layer and operating system layer; among them,
    所述操作系统层,用于运行认证通过的操作系统,所述操作系统被操作系统内核签名证书已签名;The operating system layer is configured to run an operating system through which the authentication is performed, and the operating system is signed by an operating system kernel signature certificate;
    所述应用层,用于在所述操作系统调用下运行已安装的应用,且在安装、和/或修改应用时;所述应用调用已签名的操作系统内核,使用应用签名证书对安装、和/或修改的应用进行验证,只有通过验证的应用才允许在POS终端上执行相应操作。The application layer is configured to run an installed application under the operating system call, and when installing, and/or modifying an application; the application invokes a signed operating system kernel, using an application signature certificate to install, and / or modified application to verify, only the authenticated application allows the corresponding operation on the POS terminal.
  7. 如权利要求6所述的智能POS终端,其特征在于,还包括:硬件层;The smart POS terminal according to claim 6, further comprising: a hardware layer;
    所述硬件层,包括安全模块,用于存储所述操作系统内核签名证书、所述应用签名证书。The hardware layer includes a security module, configured to store the operating system kernel signature certificate and the application signature certificate.
  8. 如权利要求6所述的智能POS终端,其特征在于,所述操作系统层还用于允许对所述操作系统内核进行读操作和修改操作。The intelligent POS terminal according to claim 6, wherein the operating system layer is further configured to allow a read operation and a modify operation on the operating system kernel.
  9. 如权利要求8所述的智能POS终端,其特征在于,所述操作系统层还用于在发生操作系统更改时,需要验证写入的文件数据的签名与所述操作系统内核签名证书的一致性,只有一致性时才允许操作系统内核进行相应更改。 The smart POS terminal according to claim 8, wherein the operating system layer is further configured to verify that the signature of the written file data is consistent with the operating system kernel signature certificate when an operating system change occurs. The operating system kernel is allowed to change only when there is consistency.
  10. 如权利要求6~9任一权利要求所述的智能POS终端,其特征在于,所述POS终端的硬件、所述操作系统内核均为定制的。 The smart POS terminal according to any one of claims 6 to 9, wherein the hardware of the POS terminal and the operating system kernel are all customized.
PCT/CN2016/099200 2015-09-22 2016-09-18 Application permission management method and smart pos terminal WO2017050186A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510607164.5A CN105931042A (en) 2015-09-22 2015-09-22 Application authority management method and intelligent POS terminal
CN201510607164.5 2015-09-22

Publications (1)

Publication Number Publication Date
WO2017050186A1 true WO2017050186A1 (en) 2017-03-30

Family

ID=56839883

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/099200 WO2017050186A1 (en) 2015-09-22 2016-09-18 Application permission management method and smart pos terminal

Country Status (2)

Country Link
CN (1) CN105931042A (en)
WO (1) WO2017050186A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210319139A1 (en) * 2021-03-23 2021-10-14 Intel Corporation Connectionless trusted computing base recovery

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105931042A (en) * 2015-09-22 2016-09-07 中国银联股份有限公司 Application authority management method and intelligent POS terminal
CN106713321A (en) * 2016-12-26 2017-05-24 中国银联股份有限公司 Authority management method and device for debugging function of point of sale
CN108496323B (en) * 2018-03-21 2020-01-21 福建联迪商用设备有限公司 Certificate importing method and terminal
CN109063480A (en) * 2018-07-25 2018-12-21 郑州云海信息技术有限公司 A kind of the executable file starting control method and system of oneself signature
CN109326061B (en) * 2018-09-10 2021-10-26 惠尔丰(中国)信息系统有限公司 Anti-cutting method of intelligent POS

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739624A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment network system
CN103902915A (en) * 2014-04-17 2014-07-02 中国科学院信息工程研究所 Trustable industrial control terminal and establishing method thereof
CN104753670A (en) * 2013-12-27 2015-07-01 中国银联股份有限公司 Multi-application safety management system based on an intelligent POS (Point of Sale) terminal and method thereof
CN105931042A (en) * 2015-09-22 2016-09-07 中国银联股份有限公司 Application authority management method and intelligent POS terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236100A1 (en) * 2005-04-19 2006-10-19 Guruprasad Baskaran System and method for enhanced layer of security to protect a file system from malicious programs
CN1743992A (en) * 2005-09-29 2006-03-08 浪潮电子信息产业股份有限公司 Computer operating system safety protecting method
CN102402820B (en) * 2010-09-13 2014-06-11 中国移动通信有限公司 Electronic transaction method and terminal equipment
US9503268B2 (en) * 2013-01-22 2016-11-22 Amazon Technologies, Inc. Securing results of privileged computing operations
CN103745155A (en) * 2014-01-03 2014-04-23 东信和平科技股份有限公司 Credible Key and safe operation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739624A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment network system
CN104753670A (en) * 2013-12-27 2015-07-01 中国银联股份有限公司 Multi-application safety management system based on an intelligent POS (Point of Sale) terminal and method thereof
CN103902915A (en) * 2014-04-17 2014-07-02 中国科学院信息工程研究所 Trustable industrial control terminal and establishing method thereof
CN105931042A (en) * 2015-09-22 2016-09-07 中国银联股份有限公司 Application authority management method and intelligent POS terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210319139A1 (en) * 2021-03-23 2021-10-14 Intel Corporation Connectionless trusted computing base recovery
US11734460B2 (en) * 2021-03-23 2023-08-22 Intel Corporation Connectionless trusted computing base recovery

Also Published As

Publication number Publication date
CN105931042A (en) 2016-09-07

Similar Documents

Publication Publication Date Title
WO2017050186A1 (en) Application permission management method and smart pos terminal
US11080405B2 (en) Securing operating system configuration using hardware
US11048824B2 (en) Method for improving security of trusted application
CN104995627B (en) Cipher key revocation in system-on-chip apparatus
US7788730B2 (en) Secure bytecode instrumentation facility
WO2017166561A1 (en) Method of downloading android apk and system thereof
CN103888252A (en) UID, PID, and APPID-based control application access permission method
CN102663320A (en) Method for terminal identification developers and dividing developers with different permissions
CN103473498B (en) Application security verification method and terminal
CN107466455B (en) POS machine security verification method and device
CN110018841A (en) A kind of UEFI BIOS upgrade method, system and relevant apparatus
CN106156635A (en) Method for starting terminal and device
CN104123481A (en) Method and device for preventing application program from being tampered
US20090287917A1 (en) Secure software distribution
JP7021239B2 (en) Remote management of initial operating system setup options
WO2017008728A1 (en) Method and system for classifying development mode and product mode for terminal
CN104408371A (en) Implementation method of high security application system based on trusted execution environment
CN112558946A (en) Method, device and equipment for generating code and computer readable storage medium
CN104573527A (en) UEFI system updating method based on updating security mechanism
US9659171B2 (en) Systems and methods for detecting tampering of an information handling system
US20230334127A1 (en) System and method for protecting software licensing information via a trusted platform module
CN111414612A (en) Security protection method and device for operating system mirror image and electronic equipment
WO2019178763A1 (en) Certificate importing method and terminal
TW202004635A (en) Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
WO2015007184A1 (en) Multi-application smart card and multi-application management method for smart card

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16848067

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16848067

Country of ref document: EP

Kind code of ref document: A1