CN103731259A - Method and system for safe downloading of TMK - Google Patents

Method and system for safe downloading of TMK Download PDF

Info

Publication number
CN103731259A
CN103731259A CN201310740642.0A CN201310740642A CN103731259A CN 103731259 A CN103731259 A CN 103731259A CN 201310740642 A CN201310740642 A CN 201310740642A CN 103731259 A CN103731259 A CN 103731259A
Authority
CN
China
Prior art keywords
key
random number
terminal
ciphertext
kms
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310740642.0A
Other languages
Chinese (zh)
Other versions
CN103731259B (en
Inventor
苏文龙
孟陆强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN2013100843972A external-priority patent/CN103237004A/en
Priority claimed from CN2013100846735A external-priority patent/CN103220271A/en
Priority claimed from CN2013100846716A external-priority patent/CN103220270A/en
Priority claimed from CN2013100846538A external-priority patent/CN103237005A/en
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201310740642.0A priority Critical patent/CN103731259B/en
Priority to PCT/CN2014/073215 priority patent/WO2014139406A1/en
Publication of CN103731259A publication Critical patent/CN103731259A/en
Application granted granted Critical
Publication of CN103731259B publication Critical patent/CN103731259B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a method and system for safe downloading of a TMK. The method comprises the steps that a TK is generated through a payment terminal; after the TK is encrypted in a transferred mode by a distributor key management system, the TK is transmitted to the payment terminal; the TK which is encrypted in the transferred mode is collected by an operation terminal and transmitted to a KMS; identity authentication is conducted on the KMS and a payment system; after authentication is passed, the TMK is transmitted to the payment terminal by the KMS through the operation terminal. The method has the advantages that TK uploading and TMK downloading are both conducted through the operation terminal, the TMK downloading process directly follows the TK uploading process, and therefore the TMK downloading time efficiency is greatly improved.

Description

A kind of terminal master key TMK method for safely downloading and system
Technical field
The present invention relates to E-Payment field, relate in particular to a kind of terminal master key TMK method for safely downloading and system.
Background technology
(BANK Card) is more and more universal as the means of payment for bank card, common bank card paying system comprises point of sales terminal (Point Of Sale, POS), POS receives single system (POSP), code keypad (PIN PAD) and hardware encipher machine (Hardware and Security Module, HSM).Wherein POS terminal can be accepted bank card information, has communication function, and the instruction of accepting teller completes financial transaction information and the equipment of exchange for information about; POS receives single system POS terminal is managed concentratedly, comprises parameter downloads, and key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback transaction results information, is the system of centralized management and trading processing; Code keypad (PIN PAD) is that the relevant key of various financial transactions is carried out to safe storage protection, and the safety means that PIN are encrypted to protection; Hardware encipher machine (HSM) is to the peripheral hardware equipment that is encrypted of transmission data, for correctness and the storage key of encryption and decryption, checking message and the document source of PIN.Personal identification code (Personal Identification Number, PIN), personal identification number, is the data message of identifying holder's identity legitimacy in on-line transaction, in cyber-net system, any link does not allow to occur in mode expressly; Terminal master key (Terminal Master Key, TMK), during POS terminal works, the master key that working key is encrypted, encrypting storing is in system database; POS terminal is widely used in bank card and pays occasion, such as manufacturer's shopping, hotel's lodging etc., is a kind of indispensable modernization means of payment, has incorporated the various occasions of people's life.Bank card; debit card particularly; generally all by holder, be provided with PIN; in carrying out payment process; POS terminal is except above sending the data such as magnetic track information of bank card; also want holder to input the checking holder's of PINGong issuing bank identity legitimacy, guarantee bank card safety of payment, protection holder's property safety.In order to prevent that PIN from revealing or being cracked; requirement is from terminal to issuing bank in whole information interactive process; whole process is carried out safety encipher protection to PIN; do not allow any link in computer network system; PIN occurs in mode expressly, so the POS terminal of the PIN of acceptance input at present all requires to be equipped with key management system.
The key code system of POS terminal is divided into secondary: terminal master key (TMK) and working key (WK).Wherein TMK is encrypted protection to WK.Every POS terminal has unique TMK, must have safeguard protection, and assurance can only also participate in calculating by write device, can not read; TMK is a very crucial root key, if TMK is intercepted, working key is just cracked than being easier to, by serious threat bank card safety of payment.So can secure download TMK to POS terminal, become the key of whole POS terminal security.
In order to guarantee the downloading in POS terminal of terminal master key TMK safety, the safe machine room that the download of terminal master key TMK must be controlled at the administrative center of acquirer carries out, and therefore essentially will concentrate POS terminal by artificial, and download terminal master key TMK.Thereby bring maintenance centre's machine room workload large; After equipment dispatches from the factory, need to be transported to administrative center's safe machine room download key and just can be deployed to trade company, cost of transportation rises; In order to concentrate lower dress key, need a large amount of staff and operating time, the problem such as maintenance cost is large, maintenance period is long.
Summary of the invention
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is: a kind of terminal master key TMK method for safely downloading, comprises step: S1, payment terminal produce transmission security key TK and generating transmission key ciphertext; S2, payment terminal upload transfers key ciphertext and download master key TMK; Wherein step S1 comprises: S11, vendor key management system are called the first hardware encipher machine, KMS system call the second hardware encipher machine, respectively at the first hardware encipher machine and the second hardware encipher Ji Zhongjiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine and the second hardware encipher machine in the lump; S12, vendor key management system are called the first hardware encipher machine and are produced public private key pair Pu_hsm, Pr_hsm, and PKI Pu_hsm is sent to payment terminal; S13, payment terminal are called code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK; S14, payment terminal are called the code keypad Pu_hsm that uses public-key and are encrypted TK, generate the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system; S15, vendor key management system are called the first hardware encipher machine and are used private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK; S16, vendor key management system are called the first hardware encipher machine and are used Protective Key PK encrypted transmission cipher key T K and use MAC key MAK to calculate MAC value, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal; Wherein step S2 comprises: S21, operating terminal gather the second transmission security key ciphertext Ctk_pk of payment terminal; Between S22, operating terminal and KMS system, by CA center, carry out authentication, authentication sends to KMS system by the second transmission security key ciphertext Ctk_pk after passing through; S23, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; After S24, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication; If S25 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; S26, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
Another technical scheme provided by the invention is:
A terminal master key TMK secure download system, comprises the first hardware encipher machine, the second hardware encipher machine, vendor key management system, payment terminal, CA center, operating terminal and KMS system; Described vendor key management system comprises arranging key A module, PKI generation module, turns encrypting module, payment terminal comprises TK generation module, two-way authentication A module, TMK receiver module, operating terminal comprises TK acquisition module, the upper transmission module of TK, ca authentication A module, and KMS system comprises arranging key B module, TK receiver module, ca authentication B module, two-way authentication B module, TMK sending module; Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, respectively at the first hardware encipher machine and the second hardware encipher Ji Zhongjiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine and the second hardware encipher machine in the lump; PKI generation module is used for calling the first hardware encipher machine and produces public private key pair Pu_hsm, Pr_hsm, and PKI Pu_hsm is sent to payment terminal; TK generation module is used for calling code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK; TK generation module is also encrypted TK for calling the code keypad Pu_hsm that uses public-key, and generates the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system; Turning encrypting module uses private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK for calling the first hardware encipher machine; Turn encrypting module and also for calling the first hardware encipher machine, use Protective Key PK encrypted transmission cipher key T K and use MAC key MAK to calculate MAC value, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal; TK acquisition module is for gathering the second transmission security key ciphertext Ctk_pk of payment terminal; Ca authentication A module and ca authentication B module are for carrying out authentication by CA center between operating terminal and KMS system; The upper transmission module of TK, for after passing through when authentication, sends to KMS system by the second transmission security key ciphertext Ctk_pk; TK receiver module is used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, also, for when verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication; TMK sending module is for after passing through when the authentication of KMS system and payment terminal, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.
Beneficial effect of the present invention is: the present invention is by payment terminal upload transfers cipher key T K, by transmission security key, TMK is encrypted to transmission, realize payment terminal remote download terminal master key TMK, wherein, TK comprises traffic encryption key TEK and certified transmission key A UK, payment terminal and KMS system are first carried out bidirectional identity authentication through authenticate key AUK, and authentication is encrypted terminal master key TMK by the asymmetric traffic encryption key TEK of rear use and transmitted, and have improved the transmission of TMK and have downloaded safety.Further, described master key TMK download and transmission security key TK upload in the lump and carry out, and all by operating terminal, are undertaken, and have therefore greatly improved the time efficiency that TMK downloads.Simultaneously in payment terminal, dispatch from the factory before throwing in to trade company and just can unify to carry out master key TMK download by operating terminal, owing to carrying out authentication by CA center between operating terminal and KMS system, and TMK concentrates and downloads, therefore greatly reduce master key TMK and downloaded risk, and trade company takes payment terminal and just can directly use, greatly facilitate the use of trade company.Further; described vendor key management system and KMS system store respectively Protective Key PK and MAC key MAK; the transmission security key TK that payment terminal produces uploads after being encrypted by the Protective Key PK of vendor key management system and MAC key MAK; therefore operating terminal is without TK is turned to encryption further; greatly simplify the encryption in TK upload procedure, under the prerequisite that guarantees TK safe transmission, improved the time efficiency that TK uploads.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of a kind of terminal master key TMK secure download system in an embodiment of the present invention;
Fig. 2 is the structured flowchart of two-way authentication A module in Fig. 1;
Fig. 3 is the structured flowchart of two-way authentication B module in Fig. 1;
Fig. 4 is the method flow diagram of a kind of terminal master key TMK of an embodiment of the present invention method for safely downloading;
Fig. 5 is the concrete steps flow chart of the step S1 in Fig. 4;
Fig. 6 is the concrete steps flow chart of the step S2 in Fig. 4.
Main element symbol description:
10: payment terminal; 20: operating terminal; 30:KMS system; 40: vendor key management system; 50:CA center; 60: the first hardware encipher machines; 70: the second hardware encipher machines; 101:TK generation module; 102:TMK receiver module; 103: two-way authentication A module; The upper transmission module of 201:TK; 202:TK acquisition module; 203:CA authentication A module; 301: arranging key B module; 302:TK receiver module; 303:CA authentication B module; 304: two-way authentication B module; 305:TMK sending module; 401: arranging key A module; 402: turn encrypting module; 403: PKI generation module; 501: certificate preset module;
Embodiment
By describing technology contents of the present invention, structural feature in detail, being realized object and effect, below in conjunction with execution mode and coordinate accompanying drawing to be explained in detail.
First, the abbreviation the present invention relates to and Key Term are defined and are illustrated:
HSM_VENDOR: supplier's hardware encipher machine;
The abbreviation of AUK:Authentication Key, authentication authorization and accounting key, for the two-way authentication between PINPAD and key management system KMS;
CA center: so-called CA(Certificate Authority) center, it is to adopt PKI(Public Key Infrastructure) public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and third party's trust authority with authoritative and fairness, its effect is just as the company of issue certificates in our actual life, as passport is handled mechanism;
The abbreviation of HSM:High Security Machine, high safety means are hardware encipher machine in this system;
KMS system: Key Management System, key management system, for office terminal master key TMK;
The abbreviation of MAK:Mac Key, MAC computation key, consults to determine 24 byte symmetric keys with client, for the MAC value of TK between MTMS system and KMS system, calculates;
MTMS: full name Material Tracking Management System, Tracing Material management system is mainly used when plant produced;
The abbreviation of PIK:Pin Key, Pin encryption key, is a kind of of working key;
PINPAD: code keypad;
The abbreviation of PK:Protect Key, Protective Key, consults to determine with client, 24 byte symmetric keys.Encrypted transmission for TK between MTMS/TCS and KMS;
The abbreviation of POS:Point Of Sale, i.e. point-of-sale terminal
SNpinpad: the sequence number of code keypad, when PINPAD is built-in, SNpos is consistent with POS terminal serial number;
The sequence number of SN:POS terminal;
The abbreviation of TEK:Transmission Encrypt Key, i.e. traffic encryption key, 24 byte symmetric keys, for the encrypted transmission of TMK between PINPAD and key management system KMS;
The abbreviation of TK:Transmission Key, i.e. transmission security key.Transmission security key is comprised of traffic encryption key TEK and two-way authentication key A UK;
The abbreviation of TMS:Terminal Management System, i.e. terminal management system, for completing the functions such as the management of POS end message, software and parameter configuration, remote download, the management of terminal running state information, remote diagnosis;
The abbreviation of TMK:Terminal Master Key, i.e. terminal master key, for POS terminal with pay the encrypted transmission of receiving working key between single system;
Safe house: have higher security level other, for the room of service device, this room needs just can enter after authentication.
Intellective IC card: be CPU card, integrated circuit in card comprises central processor CPU, programmable read only memory EEPROM, random access memory ram and is solidificated in the card internal operating system COS (Chip Operating System) in read only memory ROM, and in card, data are divided into outside and read and inter-process part.
Symmetric key: the both sides that transmit and receive data must use identical key to being expressly encrypted and decrypt operation.Symmetric key encryption algorithm mainly comprises: DES, 3DES, IDEA, FEAL, BLOWFISH etc.
Unsymmetrical key: rivest, shamir, adelman needs two keys: public-key cryptography (private key Public key) and private cipher key (PKI Private key).Public-key cryptography and private cipher key are a pair of, if data are encrypted with public-key cryptography, only have with corresponding private cipher key and could decipher; If data are encrypted with private cipher key, only have so with corresponding public-key cryptography and could decipher.Because what encryption and decryption were used is two different keys, so this algorithm is called rivest, shamir, adelman.The basic process that rivest, shamir, adelman is realized confidential information exchange is: Party A generates a pair of secret keys handle wherein is open as Public key to other side; After using this key to be encrypted confidential information, the Party B who obtains this Public key sends to again Party A; Another private key that Party A preserves with oneself is again decrypted the information after encrypting.Party A sends to Party B after can using Party B's PKI to be encrypted confidential information again; Party B is decrypted the information after encrypting with the private spoon of oneself again.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(elliptic curve encryption algorithm).
RSA: a kind of asymmetric key algorithm.RSA public key encryption algorithm is by Ron Rivest, Adi Shamirh and Len Adleman, in (Massachusetts Institute Technology), to be developed for 1977.RSA is named the name from they three of exploitation.RSA is the most influential public key encryption algorithm at present, and it can resist up to the present known all cryptographic attacks, by ISO, is recommended as public key data encryption standard.RSA Algorithm is true based on a foolproof number theory: two large prime numbers are multiplied each other very easy.RSA Algorithm be first can be simultaneously for encrypting the algorithm with digital signature, also easy to understand and operation.RSA is studied public key algorithm the most widely, from proposing three ten years till now, has experienced the test of various attack, for people accept, generally believes it is one of current classic PKI scheme gradually.
TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is the cryptographic algorithm based on DES, and its key is 16 bytes or 24 bytes.TDES/3DES is the abbreviated expression (being triple DES) of English TripleDES, and DES is that English Data Encryption Standard(counts encryption standard) abbreviated expression.DES is a kind of symmetric key encryption algorithm, i.e. the data encryption key cryptographic algorithm identical with decruption key.DESYou IBM Corporation develops and discloses at 20 century 70s, and for U.S. government adopts, Bing Bei NBS and ANSI (ANSI) are admitted subsequently.TDES/3DES is a kind of pattern of des encryption algorithm, and it uses the key of 3 64 to carry out three encryptions to data.It is a safer distortion of DES.
For solving the technical problem existing in background technology, the present invention adopts a kind of new master key download scenarios, by POS terminal, produce at random TK(Transmission Key, transmission security key), TK after producing is stored in the code keypad of POS terminal, and TK is sent to KMS(Key Management System by transmission means required under various application scenarioss, key management system, for office terminal master key TMK).
When POS terminal to apply download terminal master key TMK, KMS system is used TK to encrypt terminal master key TMK, and the terminal master key ciphertext after encrypting is sent to POS terminal, POS terminal is decrypted master key ciphertext with TK after receiving, obtain terminal master key TMK, and terminal master key TMK is kept in code keypad.
So, by TK, encrypt terminal master key TMK, make TMK can carry out remote transmission, facilitate the secure download of TMK.
Above-mentionedly by POS terminal, gather and to be sent to bank's end after transmission security key TK TMK is encrypted, then by the method that POS terminal remote is downloaded the TMK after TK encrypts, can realize the remote download of TMK.But, above-mentioned TMK method for down loading TMK downloads to upload to separate with TK and carries out, generally that POS terminal produces and upload TK when manufacturer, after being issued to each trade company at POS terminal, carry out again TMK download, therefore the download of TMK is scattered carrying out, time efficiency is low, the workload of KMS system is large, and POS terminal renders to and carry out TMK after each trade company again to download uncertain factor more, and the download risk of TMK is higher.Therefore need a kind of time efficiency higher, download safer terminal master key TMK method for safely downloading.
Below just the present invention is overcome to the problems referred to above technical scheme be elaborated.
Refer to Fig. 1, for the structured flowchart of a kind of terminal master key TMK of an embodiment of the present invention secure download system, this system comprises the first hardware encipher machine 60, the second hardware encipher machine 70, vendor key management system 40, payment terminal 10, CA center 50, operating terminal 20 and KMS system 30; Described vendor key management system 40 comprises arranging key A module 401, PKI generation module 403, turns encrypting module 402, payment terminal 10 comprises TK generation module 101, two-way authentication A module 103, TMK receiver module 102, operating terminal 20 comprises TK acquisition module 202, the upper transmission module 201 of TK, ca authentication A module 203, and KMS system 30 comprises arranging key B module 301, TK receiver module 302, ca authentication B module 303, two-way authentication B module 304, TMK sending module 305.
Arranging key A module 401 and arranging key B module 301 are for calling the first hardware encipher machine 60 and the second hardware encipher machine 70, respectively at the first hardware encipher machine 60 and the second hardware encipher Ji70Zhong Jiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine 60 and the second hardware encipher machine 70 in the lump;
PKI generation module 403 produces public private key pair Pu_hsm, Pr_hsm for calling the first hardware encipher machine 60, and PKI Pu_hsm is sent to payment terminal 10;
TK generation module 101 is for calling code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK;
TK generation module 101 is also encrypted TK for calling the code keypad Pu_hsm that uses public-key, and generates the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system 40;
Turning encrypting module 402 uses private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK for calling the first hardware encipher machine 60;
Turning encrypting module 402 also uses Protective Key PK encrypted transmission cipher key T K and uses MAC key MAK to calculate MAC value for calling the first hardware encipher machine 60, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal 10;
TK acquisition module 202 is for gathering the second transmission security key ciphertext Ctk_pk of payment terminal;
Ca authentication A module 203 and ca authentication B module 304 are for carrying out authentication by CA center 50 between operating terminal 20 and KMS system 30; The upper transmission module 201 of TK, for after passing through when authentication, sends to KMS system 30 by the second transmission security key ciphertext Ctk_pk;
TK receiver module 302 is used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine 70, also, for when verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine 70;
Two-way authentication A module 103 is with two-way authentication B module 304 for obtaining after transmission security key TK when KMS system 30, and the second hardware encipher machine 70 that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;
TMK sending module 305 is for after passing through when KMS system 30 and payment terminal 10 authentications, and the second hardware encipher machine 70 that calls uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal 10;
TMK receiver module 102 is used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad for calling code keypad.
Wherein, described ca authentication A module comprises the first random number generation unit, the first data transmit-receive unit, the first encryption/decryption element, the first judging unit, ca authentication B module comprises the second random number generation unit, the second data transmit-receive unit, the second encryption/decryption element, the second judging unit, and CA center comprises certificate preset module.
Certificate preset module generates public private key pair Pu_optm and Pr_optm for call operation terminal, and by PKI Pu_optm and operating terminal identification information to issuing CA center, CA center generates root certificate AuthRCRT_optm and corresponding private key OptmWCRT_Prk, and for the PKI Pu_optm receiving and operating terminal identification information are used to private key OptmWCRT_Prk signature generating digital certificate OptmWCRT, and be stored in operating terminal for digital certificate OptmWCRT and private key OptmWCRT_Prk, root certificate AuthRCRT_optm is stored in to KMS system;
Certificate preset module is used for calling the second hardware encipher machine and produces public private key pair Pr_kms and Pu_kms, and PKI Pu_kms and KMS identification information are issued to CA center, CA center generates root certificate AuthRCRT_kms and corresponding private key ServerWCRT_Prk, and for the PKI Pu_kms receiving and KMS system identification information are used to private key ServerWCRT_Prk signature generating digital certificate ServerWCRT, and for digital certificate ServerWCRT and corresponding private key ServerWCRT_Prk are stored in to KMS system, root certificate AuthRCRT_kms is stored in to operating terminal,
The second data transmit-receive unit is for sending to operating terminal by digital certificate ServerWCRT;
The first judging unit is for being used the legitimacy of root certificate AuthRCRT_kms checking digital certificate ServerWCRT; The first random number generation unit, for after described digital certificate ServerWCRT is verified, generates the first random number AT1, and for the first random number AT1 is sent to KMS system;
The second encryption/decryption element is used for using the private key ServerWCRT_Prk first random number AT1 that signs to generate the first random number ciphertext Sign1, and the first random number ciphertext Sign1 is sent to operating terminal;
The first judging unit is for being used digital certificate ServerWCRT to verify the legitimacy of the first random number ciphertext Sign1, and the first data transmit-receive unit, for after the first random number ciphertext Sign1 is verified, sends to KMS system by digital certificate OptmWCRT;
The second judging unit is for being used the legitimacy of root certificate AuthRCRT_optm checking digital certificate OptmWCRT, the second random number generation unit is for after digital certificate OptmWCRT is verified, generate the second random number AT2, and the second random number is sent to operating terminal;
The first encryption/decryption element is used for using private key OptmWCRT_Prk to encrypt second random number AT2 generation the second random ciphertext Sign2, and the second random ciphertext Sign2 is sent to KMS system;
The second judging unit is for using the legitimacy of digital certificate OptmWCRT checking the second random ciphertext Sign2, and after being verified, KMS system and operating terminal authentication are passed through.
Refer to Fig. 2 and Fig. 3, wherein, Fig. 2 is the structured flowchart of described two-way authentication A module 103, Fig. 3 is the structured flowchart of described two-way authentication B module 304, described two-way authentication A module 103 comprises the 3rd random number generation unit, the 3rd data transmit-receive unit, the 3rd encryption/decryption element and the 3rd judging unit, and described two-way authentication B module comprises the 4th random number generation unit, the 4th data transmit-receive unit, the 4th encryption/decryption element and the 4th judging unit;
The 3rd random number generation unit is for generation of the 3rd random number AT3; The 3rd data transmit-receive unit is for being sent to KMS system by the 3rd random number AT3 producing; The 4th data transmit-receive unit is used for receiving the 3rd random number AT3; The 4th random number generation unit, for when receiving the 3rd random number AT3, produces the 4th random number AT4; The 4th encryption/decryption element is for when receiving the 3rd random number AT3, and the 4th hardware encipher machine that calls uses certified transmission key A UK to encrypt the 3rd random number AT3 and obtains the 3rd random number ciphertext Sign3; The 4th data transmit-receive unit is for sending to payment terminal by the 3rd random number ciphertext Sign3 and the 4th random number AT4;
The 3rd encryption/decryption element is for when receiving the 3rd random number ciphertext Sign3 and the 4th random number AT4, and the 3rd random number ciphertext Sign3 that uses certified transmission key A UK deciphering to receive obtains the 5th random number AT3 '; The 3rd judging unit is used for judging that whether the 5th random number AT3 ' is consistent with the 3rd random number AT3;
The 3rd encryption/decryption element is for when consistent, being used certified transmission key A UK encryption the 4th random number AT4 generation the 4th random number ciphertext Sign4 with the 3rd random number AT3 as the 5th random number AT3 '; The 3rd data transmit-receive unit is for sending to KMS system by the 4th random number ciphertext Sign4;
The 4th encryption/decryption element is for when receiving the 4th random number ciphertext Sign4, the 4th random number ciphertext Sign4 that the second hardware encipher machine that calls uses certified transmission key A UK deciphering to receive obtains the 6th random number AT4 ', the 4th judging unit is used for judging that whether the 6th random number AT4 ' is consistent with the 4th random number AT4, and when judging that the 6th random number AT4 ' is with the 4th random number AT4 when consistent, the two-way authentication between confirmation KMS system and payment terminal is passed through.
Wherein, described operating terminal also includes operator's card and keeper's card;
The certificate preset module at described CA center also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;
Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when operator's certificate and administrator certificate being carried out legitimacy authentication and passed through by CA center, mandate operates operating terminal.
Wherein, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
Referring to Fig. 4, is a kind of terminal master key TMK method for safely downloading in an embodiment of the present invention, and the method comprising the steps of:
S1, payment terminal produce transmission security key TK and generating transmission key ciphertext;
S2, payment terminal upload transfers key ciphertext and download master key TMK;
Referring to Fig. 5, is the concrete steps flow chart of step S1 in Fig. 4, and wherein, step S1 comprises:
S11, vendor key management system are called the first hardware encipher machine, KMS system call the second hardware encipher machine, respectively at the first hardware encipher machine and the second hardware encipher Ji Zhongjiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine and the second hardware encipher machine in the lump;
S12, vendor key management system are called the first hardware encipher machine and are produced public private key pair Pu_hsm, Pr_hsm, and PKI Pu_hsm is sent to payment terminal;
S13, payment terminal are called code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK;
S14, payment terminal are called the code keypad Pu_hsm that uses public-key and are encrypted TK, generate the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system;
S15, vendor key management system are called the first hardware encipher machine and are used private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK;
S16, vendor key management system are called the first hardware encipher machine and are used Protective Key PK encrypted transmission cipher key T K and use MAC key MAK to calculate MAC value, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal;
Referring to Fig. 6, is the concrete steps flow chart of step S2 in Fig. 4, and wherein, step S2 comprises:
S21, operating terminal gather the second transmission security key ciphertext Ctk_pk of payment terminal;
Between S22, operating terminal and KMS system, by CA center, carry out authentication, authentication sends to KMS system by the second transmission security key ciphertext Ctk_pk after passing through;
S23, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
After S24, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication;
If S25 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
S26, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
Wherein, described step S22 is specially:
Operating terminal generates public private key pair Pu_optm and Pr_optm, PKI Pu_optm and operating terminal identification information are issued to CA center, CA center generates root certificate AuthRCRT_optm and corresponding private key OptmWCRT_Prk, and the PKI Pu_optm receiving and operating terminal identification information are used to private key OptmWCRT_Prk signature generating digital certificate OptmWCRT, digital certificate OptmWCRT and private key OptmWCRT_Prk are stored in operating terminal, root certificate AuthRCRT_optm is stored in to KMS system;
KMS system call the second hardware encipher machine produces public private key pair Pr_kms and Pu_kms, PKI Pu_kms and KMS system identification information are issued to CA center, CA center generates root certificate AuthRCRT_kms and corresponding private key ServerWCRT_Prk, and the PKI Pu_kms receiving and KMS system identification information are used to private key ServerWCRT_Prk signature generating digital certificate ServerWCRT, digital certificate ServerWCRT and corresponding private key ServerWCRT_Prk are stored in to KMS system, root certificate AuthRCRT_kms is stored in to operating terminal;
KMS system sends to operating terminal by digital certificate ServerWCRT;
Operating terminal is used the legitimacy of root certificate AuthRCRT_kms checking digital certificate ServerWCRT, and if the verification passes, operating terminal generates the first random number AT1, and the first random number AT1 is sent to KMS system;
KMS system is used the private key ServerWCRT_Prk first random number AT1 that signs to generate the first random number ciphertext Sign1, and the first random number ciphertext Sign1 is sent to operating terminal;
Operating terminal is used digital certificate ServerWCRT to verify the legitimacy of the first random number ciphertext Sign1, after being verified, digital certificate OptmWCRT is sent to KMS system;
KMS system is used the legitimacy of root certificate AuthRCRT_optm checking digital certificate OptmWCRT, after being verified, generating the second random number AT2, and the second random number AT2 is sent to operating terminal;
Operating terminal is used private key OptmWCRT_Prk to encrypt the second random number AT2 and generates the second random ciphertext Sign2, and the second random ciphertext Sign2 is sent to KMS system;
KMS system is used the legitimacy of digital certificate OptmWCRT checking the second random ciphertext Sign2, and after being verified, KMS system and operating terminal authentication are passed through.
Wherein, described step S24 specifically comprises:
Payment terminal produces the 3rd random number AT3 and the 3rd random number AT3 is sent to KMS system;
KMS system produces the 4th random number AT4 after receiving the 3rd random number AT3, the second hardware encipher machine that calls uses authenticate key AUK to encrypt the 3rd random number AT3 and obtains the 3rd random number ciphertext Sign3, and the 3rd random number ciphertext Sign3 and the 4th random number AT4 are sent to payment terminal;
The 3rd random number ciphertext Sign3 that payment terminal is used authenticate key AUK deciphering to receive obtains the 5th random number AT3 ', judges that whether the 5th random number AT3 ' is consistent with the 3rd random number AT3:
If the 5th random number AT3 ' is consistent with the 3rd random number AT3, payment terminal is used authenticate key AUK to encrypt the 4th random number AT4 and is generated the 4th random number ciphertext Sign4, and the 4th random number ciphertext Sign4 is sent to KMS system;
The 4th random number ciphertext Sign4 that KMS system call the second hardware encipher machine uses authenticate key AUK deciphering to receive obtains the 6th random number AT4 ', judges that whether the 6th random number AT4 ' is consistent with the 4th random number AT4;
If the 6th random number AT4 ' is consistent with the 4th random number AT4, KMS system and payment terminal authentication are passed through.
Wherein, to the operation of described operating terminal, must block mandate through operator's card and keeper, specifically comprise:
Operator's card and keeper's card produce respectively public private key pair, and PKI are issued to CA center respectively, and generating run person blocks certificate and keeper blocks certificate, and respectively operator are blocked to certificate storage, in operator's card, keeper is blocked to certificate storage in control card;
Operator's card and keeper's card are inserted on operating terminal, after ca authentication, allow the operation to operating terminal.
Wherein, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
In the present invention, transmission security key TK calculates the original uncommon Kazakhstan value of TK while producing, and when each storage, transmission or use TK, the uncommon Kazakhstan value of first verification TK just can be used TK after upchecking.Uncommon Kazakhstan value by verification TK can prevent that memory device from causing the error in data of storage extremely, determines that whether key is correct.
Beneficial effect of the present invention is: the present invention is by payment terminal upload transfers cipher key T K, by transmission security key, TMK is encrypted to transmission, realize payment terminal remote download terminal master key TMK, wherein, TK comprises traffic encryption key TEK and certified transmission key A UK, payment terminal and KMS system are first carried out bidirectional identity authentication through authenticate key AUK, and authentication is encrypted terminal master key TMK by the asymmetric traffic encryption key TEK of rear use and transmitted, and have improved the transmission of TMK and have downloaded safety.Further, master key TMK of the present invention is generated by KMS system, therefore facilitates KMS system to the follow-up maintenance of master key TMK and management.Further, described master key TMK download and transmission security key TK upload in the lump and carry out, and all by operating terminal, are undertaken, and have therefore greatly improved the time efficiency that TMK downloads.Simultaneously in payment terminal, dispatch from the factory before throwing in to trade company and just can unify to carry out master key TMK download by operating terminal, owing to carrying out authentication by CA center between operating terminal and KMS system, and TMK concentrates and downloads, therefore greatly reduce master key TMK and downloaded risk, and trade company takes payment terminal and just can directly use, greatly facilitate the use of trade company.Further; described vendor key management system and KMS system store respectively Protective Key PK and MAC key MAK; the transmission security key TK that payment terminal produces uploads after being encrypted by the Protective Key PK of vendor key management system and MAC key MAK; therefore operating terminal is without TK is turned to encryption further; greatly simplify the encryption in TK upload procedure, under the prerequisite that guarantees TK safe transmission, improved the time efficiency that TK uploads.
In the present invention, operating terminal is uploaded the health that carries out both sides with KMS system by CA center before TK and is authenticated, thereby guarantees that TK sends correct receipts list KMS system to, prevents that pseudo-KMS system from stealing TK information.
In the present invention, KMS system, before issuing master key TMK, is carried out both sides' authentication by authenticate key AUK, effectively prevents that pseudo-payment terminal from stealing TMK, and guarantees that payment terminal is from correct KMS system downloads TMK.
In the present invention, described operating terminal is also provided with operator card and keeper's card, only in the situation that operator's card and keeper block all mandates, could operate operating terminal, has effectively guaranteed authenticity and the validity of each TK of uploading.
The foregoing is only embodiments of the invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or conversion of equivalent flow process that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.

Claims (10)

1. a terminal master key TMK method for safely downloading, is characterized in that, comprises step:
S1, payment terminal produce transmission security key TK and generating transmission key ciphertext;
S2, payment terminal upload transfers key ciphertext and download master key TMK;
Wherein step S1 comprises:
S11, vendor key management system are called the first hardware encipher machine, KMS system call the second hardware encipher machine, respectively at the first hardware encipher machine and the second hardware encipher Ji Zhongjiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine and the second hardware encipher machine in the lump;
S12, vendor key management system are called the first hardware encipher machine and are produced public private key pair Pu_hsm, Pr_hsm, and PKI Pu_hsm is sent to payment terminal;
S13, payment terminal are called code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK;
S14, payment terminal are called the code keypad Pu_hsm that uses public-key and are encrypted TK, generate the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system;
S15, vendor key management system are called the first hardware encipher machine and are used private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK;
S16, vendor key management system are called the first hardware encipher machine and are used Protective Key PK encrypted transmission cipher key T K and use MAC key MAK to calculate MAC value, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal;
Wherein step S2 comprises:
S21, operating terminal gather the second transmission security key ciphertext Ctk_pk of payment terminal;
Between S22, operating terminal and KMS system, by CA center, carry out authentication, authentication sends to KMS system by the second transmission security key ciphertext Ctk_pk after passing through;
S23, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
After S24, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication;
If S25 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
S26, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
2. secure download terminal master key TMK method according to claim 1, is characterized in that, described step S22 is specially:
Operating terminal generates public private key pair Pu_optm and Pr_optm, PKI Pu_optm and operating terminal identification information are issued to CA center, CA center generates root certificate AuthRCRT_optm and corresponding private key OptmWCRT_Prk, and the PKI Pu_optm receiving and operating terminal identification information are used to private key OptmWCRT_Prk signature generating digital certificate OptmWCRT, digital certificate OptmWCRT and private key OptmWCRT_Prk are stored in operating terminal, root certificate AuthRCRT_optm is stored in to KMS system;
KMS system call the second hardware encipher machine produces public private key pair Pr_kms and Pu_kms, PKI Pu_kms and KMS system identification information are issued to CA center, CA center generates root certificate AuthRCRT_kms and corresponding private key ServerWCRT_Prk, and the PKI Pu_kms receiving and KMS system identification information are used to private key ServerWCRT_Prk signature generating digital certificate ServerWCRT, digital certificate ServerWCRT and corresponding private key ServerWCRT_Prk are stored in to KMS system, root certificate AuthRCRT_kms is stored in to operating terminal;
KMS system sends to operating terminal by digital certificate ServerWCRT;
Operating terminal is used the legitimacy of root certificate AuthRCRT_kms checking digital certificate ServerWCRT, and if the verification passes, operating terminal generates the first random number AT1, and the first random number AT1 is sent to KMS system;
KMS system is used the private key ServerWCRT_Prk first random number AT1 that signs to generate the first random number ciphertext Sign1, and the first random number ciphertext Sign1 is sent to operating terminal;
Operating terminal is used digital certificate ServerWCRT to verify the legitimacy of the first random number ciphertext Sign1, after being verified, digital certificate OptmWCRT is sent to KMS system;
KMS system is used the legitimacy of root certificate AuthRCRT_optm checking digital certificate OptmWCRT, after being verified, generating the second random number AT2, and the second random number AT2 is sent to operating terminal;
Operating terminal is used private key OptmWCRT_Prk to encrypt the second random number AT2 and generates the second random ciphertext Sign2, and the second random ciphertext Sign2 is sent to KMS system;
KMS system is used the legitimacy of digital certificate OptmWCRT checking the second random ciphertext Sign2, and after being verified, KMS system and operating terminal authentication are passed through.
3. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, described step S24 specifically comprises:
Payment terminal produces the 3rd random number AT3 and the 3rd random number AT3 is sent to KMS system;
KMS system produces the 4th random number AT4 after receiving the 3rd random number AT3, the second hardware encipher machine that calls uses authenticate key AUK to encrypt the 3rd random number AT3 and obtains the 3rd random number ciphertext Sign3, and the 3rd random number ciphertext Sign3 and the 4th random number AT4 are sent to payment terminal;
The 3rd random number ciphertext Sign3 that payment terminal is used authenticate key AUK deciphering to receive obtains the 5th random number AT3 ', judges that whether the 5th random number AT3 ' is consistent with the 3rd random number AT3:
If the 5th random number AT3 ' is consistent with the 3rd random number AT3, payment terminal is used authenticate key AUK to encrypt the 4th random number AT4 and is generated the 4th random number ciphertext Sign4, and the 4th random number ciphertext Sign4 is sent to KMS system;
The 4th random number ciphertext Sign4 that KMS system call the second hardware encipher machine uses authenticate key AUK deciphering to receive obtains the 6th random number AT4 ', judges that whether the 6th random number AT4 ' is consistent with the 4th random number AT4;
If the 6th random number AT4 ' is consistent with the 4th random number AT4, KMS system and payment terminal authentication are passed through.
4. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, to the operation of described operating terminal, must block mandate through operator's card and keeper, specifically comprises:
Operator's card and keeper's card produce respectively public private key pair, and PKI are issued to CA center respectively, and generating run person blocks certificate and keeper blocks certificate, and respectively operator are blocked to certificate storage, in operator's card, keeper is blocked to certificate storage in control card;
Operator's card and keeper's card are inserted on operating terminal, after ca authentication, allow the operation to operating terminal.
5. terminal master key TMK method for safely downloading according to claim 4, is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
6. a terminal master key TMK secure download system, is characterized in that, comprises the first hardware encipher machine, the second hardware encipher machine, vendor key management system, payment terminal, CA center, operating terminal and KMS system; Described vendor key management system comprises arranging key A module, PKI generation module, turns encrypting module,
Payment terminal comprises TK generation module, two-way authentication A module, TMK receiver module,
Operating terminal comprises TK acquisition module, the upper transmission module of TK, ca authentication A module,
KMS system comprises arranging key B module, TK receiver module, ca authentication B module, two-way authentication B module, TMK sending module;
Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, respectively at the first hardware encipher machine and the second hardware encipher Ji Zhongjiang supplier authority component and the synthetic Protective Key PK of KMS System Privileges component and MAC key MAK, and described Protective Key PK and MAC key MAK are stored in respectively in the first hardware encipher machine and the second hardware encipher machine in the lump;
PKI generation module is used for calling the first hardware encipher machine and produces public private key pair Pu_hsm, Pr_hsm, and PKI Pu_hsm is sent to payment terminal;
TK generation module is used for calling code keypad generating transmission key TK, and described TK comprises traffic encryption key TEK and certified transmission key A UK;
TK generation module is also encrypted TK for calling the code keypad Pu_hsm that uses public-key, and generates the first transmission security key ciphertext Ctk_Pu, and the first transmission security key ciphertext Ctk_Pu is sent to vendor key management system;
Turning encrypting module uses private key Pr_hsm to decipher the first transmission security key ciphertext Ctk_Pu acquisition transmission security key TK for calling the first hardware encipher machine;
Turn encrypting module and also for calling the first hardware encipher machine, use Protective Key PK encrypted transmission cipher key T K and use MAC key MAK to calculate MAC value, generate the second transmission security key ciphertext Ctk_pk, and the second transmission security key ciphertext Ctk_pk is sent to payment terminal;
TK acquisition module is for gathering the second transmission security key ciphertext Ctk_pk of payment terminal;
Ca authentication A module and ca authentication B module are for carrying out authentication by CA center between operating terminal and KMS system; The upper transmission module of TK, for after passing through when authentication, sends to KMS system by the second transmission security key ciphertext Ctk_pk;
TK receiver module is used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, also, for when verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;
TMK sending module is for after passing through when the authentication of KMS system and payment terminal, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.
7. terminal master key TMK secure download system according to claim 6, is characterized in that, described ca authentication A module comprises the first random number generation unit, the first data transmit-receive unit, the first encryption/decryption element, the first judging unit,
Ca authentication B module comprises the second random number generation unit, the second data transmit-receive unit, the second encryption/decryption element, the second judging unit,
CA center comprises certificate preset module;
Certificate preset module generates public private key pair Pu_optm and Pr_optm for call operation terminal, and by PKI Pu_optm and operating terminal identification information to issuing CA center, CA center generates root certificate AuthRCRT_optm and corresponding private key OptmWCRT_Prk, and for the PKI Pu_optm receiving and operating terminal identification information are used to private key OptmWCRT_Prk signature generating digital certificate OptmWCRT, and be stored in operating terminal for digital certificate OptmWCRT and private key OptmWCRT_Prk, root certificate AuthRCRT_optm is stored in to KMS system;
Certificate preset module is used for calling the second hardware encipher machine and produces public private key pair Pr_kms and Pu_kms, and PKI Pu_kms and KMS identification information are issued to CA center, CA center generates root certificate AuthRCRT_kms and corresponding private key ServerWCRT_Prk, and for the PKI Pu_kms receiving and KMS system identification information are used to private key ServerWCRT_Prk signature generating digital certificate ServerWCRT, and for digital certificate ServerWCRT and corresponding private key ServerWCRT_Prk are stored in to KMS system, root certificate AuthRCRT_kms is stored in to operating terminal,
The second data transmit-receive unit is for sending to operating terminal by digital certificate ServerWCRT;
The first judging unit is for being used the legitimacy of root certificate AuthRCRT_kms checking digital certificate ServerWCRT; The first random number generation unit, for after described digital certificate ServerWCRT is verified, generates the first random number AT1, and for the first random number AT1 is sent to KMS system;
The second encryption/decryption element is used for using the private key ServerWCRT_Prk first random number AT1 that signs to generate the first random number ciphertext Sign1, and the first random number ciphertext Sign1 is sent to operating terminal;
The first judging unit is for being used digital certificate ServerWCRT to verify the legitimacy of the first random number ciphertext Sign1, and the first data transmit-receive unit, for after the first random number ciphertext Sign1 is verified, sends to KMS system by digital certificate OptmWCRT;
The second judging unit is for being used the legitimacy of root certificate AuthRCRT_optm checking digital certificate OptmWCRT, the second random number generation unit is for after digital certificate OptmWCRT is verified, generate the second random number AT2, and the second random number is sent to operating terminal;
The first encryption/decryption element is used for using private key OptmWCRT_Prk to encrypt second random number AT2 generation the second random ciphertext Sign2, and the second random ciphertext Sign2 is sent to KMS system;
The second judging unit is for using the legitimacy of digital certificate OptmWCRT checking the second random ciphertext Sign2, and after being verified, KMS system and operating terminal authentication are passed through.
8. terminal master key TMK secure download system according to claim 6, it is characterized in that, described two-way authentication A module comprises the 3rd random number generation unit, the 3rd data transmit-receive unit, the 3rd encryption/decryption element and the 3rd judging unit, and described two-way authentication B module comprises the 4th random number generation unit, the 4th data transmit-receive unit, the 4th encryption/decryption element and the 4th judging unit;
The 3rd random number generation unit is for generation of the 3rd random number AT3; The 3rd data transmit-receive unit is for being sent to KMS system by the 3rd random number AT3 producing; The 4th data transmit-receive unit is used for receiving the 3rd random number AT3; The 4th random number generation unit, for when receiving the 3rd random number AT3, produces the 4th random number AT4; The 4th encryption/decryption element is for when receiving the 3rd random number AT3, and the 4th hardware encipher machine that calls uses certified transmission key A UK to encrypt the 3rd random number AT3 and obtains the 3rd random number ciphertext Sign3; The 4th data transmit-receive unit is for sending to payment terminal by the 3rd random number ciphertext Sign3 and the 4th random number AT4;
The 3rd encryption/decryption element is for when receiving the 3rd random number ciphertext Sign3 and the 4th random number AT4, and the 3rd random number ciphertext Sign3 that uses certified transmission key A UK deciphering to receive obtains the 5th random number AT3 '; The 3rd judging unit is used for judging that whether the 5th random number AT3 ' is consistent with the 3rd random number AT3;
The 3rd encryption/decryption element is for when consistent, being used certified transmission key A UK encryption the 4th random number AT4 generation the 4th random number ciphertext Sign4 with the 3rd random number AT3 as the 5th random number AT3 '; The 3rd data transmit-receive unit is for sending to KMS system by the 4th random number ciphertext Sign4;
The 4th encryption/decryption element is for when receiving the 4th random number ciphertext Sign4, the 4th random number ciphertext Sign4 that the second hardware encipher machine that calls uses certified transmission key A UK deciphering to receive obtains the 6th random number AT4 ', the 4th judging unit is used for judging that whether the 6th random number AT4 ' is consistent with the 4th random number AT4, and when judging that the 6th random number AT4 ' is with the 4th random number AT4 when consistent, the two-way authentication between confirmation KMS system and payment terminal is passed through.
9. terminal master key TMK secure download system according to claim 6, is characterized in that, described operating terminal also includes operator's card and keeper's card;
The certificate preset module at described CA center also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;
Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when operator's certificate and administrator certificate being carried out legitimacy authentication and passed through by CA center, mandate operates operating terminal.
10. according to the terminal master key TMK secure download system described in claim 6 to 9, it is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
CN201310740642.0A 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems Active CN103731259B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
PCT/CN2014/073215 WO2014139406A1 (en) 2013-03-15 2014-03-11 Method and system for safely downloading terminal master key (tmr)

Applications Claiming Priority (13)

Application Number Priority Date Filing Date Title
CN2013100843972A CN103237004A (en) 2013-03-15 2013-03-15 Key download method, key management method, method, device and system for download management
CN2013100846735 2013-03-15
CN2013100846735A CN103220271A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN201310084397.2 2013-03-15
CN201310084653.8 2013-03-15
CN2013100846538 2013-03-15
CN2013100846716A CN103220270A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN2013100843972 2013-03-15
CN201310084673.5 2013-03-15
CN201310084671.6 2013-03-15
CN2013100846716 2013-03-15
CN2013100846538A CN103237005A (en) 2013-03-15 2013-03-15 Method and system for key management
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems

Publications (2)

Publication Number Publication Date
CN103731259A true CN103731259A (en) 2014-04-16
CN103731259B CN103731259B (en) 2017-08-01

Family

ID=50363015

Family Applications (28)

Application Number Title Priority Date Filing Date
CN201310740308.5A Active CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740537.7A Active CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
CN201310741948.8A Active CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310742686.7A Active CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310742713.0A Active CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310742886.2A Active CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740430.2A Active CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310740644.XA Active CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310742661.7A Active CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys
CN201310740285.8A Active CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740360.0A Active CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310740100.3A Active CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310742648.1A Active CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal
CN201310742681.4A Active CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310741949.2A Active CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740264.6A Active CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740231.1A Active CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310740158.8A Active CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740188.9A Active CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems
CN201310740540.9A Active CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740226.0A Active CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310742991.6A Active CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740410.5A Active CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A Active CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication
CN201310740642.0A Active CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740574.8A Active CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740380.8A Active CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310740567.8A Active CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key

Family Applications Before (24)

Application Number Title Priority Date Filing Date
CN201310740308.5A Active CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740537.7A Active CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
CN201310741948.8A Active CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310742686.7A Active CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310742713.0A Active CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310742886.2A Active CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740430.2A Active CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310740644.XA Active CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310742661.7A Active CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys
CN201310740285.8A Active CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740360.0A Active CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310740100.3A Active CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310742648.1A Active CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal
CN201310742681.4A Active CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310741949.2A Active CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740264.6A Active CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740231.1A Active CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310740158.8A Active CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740188.9A Active CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems
CN201310740540.9A Active CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740226.0A Active CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310742991.6A Active CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740410.5A Active CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A Active CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication

Family Applications After (3)

Application Number Title Priority Date Filing Date
CN201310740574.8A Active CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740380.8A Active CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310740567.8A Active CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key

Country Status (2)

Country Link
CN (28) CN103729941B (en)
WO (5) WO2014139411A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363090A (en) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 Secret key distribution device and method for enhancing safety of banking terminal equipment
CN105681263A (en) * 2014-11-20 2016-06-15 广东华大互联网股份有限公司 Smart card key remote application method and application system
CN105989472A (en) * 2015-03-06 2016-10-05 华立科技股份有限公司 Wireless mobile configuration, wireless payment configuration and wireless payment configuration method of electric energy measurement system, and public commodity wireless payment configuration
CN106097608A (en) * 2016-06-06 2016-11-09 福建联迪商用设备有限公司 Remote cipher key method for down loading and system, acquirer and target POS terminal
CN108513704A (en) * 2018-04-17 2018-09-07 福建联迪商用设备有限公司 The remote distribution method and its system of terminal master key
CN110061848A (en) * 2019-04-17 2019-07-26 飞天诚信科技股份有限公司 A kind of safety imports method, payment terminal and the system of payment terminal key
CN111132154A (en) * 2019-12-26 2020-05-08 飞天诚信科技股份有限公司 Method and system for negotiating session key
CN113708923A (en) * 2021-07-29 2021-11-26 银盛支付服务股份有限公司 Method and system for remotely downloading master key

Families Citing this family (107)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103729941B (en) * 2013-03-15 2016-06-15 福建联迪商用设备有限公司 A kind of main cipher key T MK method for safely downloading of terminal and system
CN105281896B (en) * 2014-07-17 2018-11-27 深圳华智融科技股份有限公司 A kind of key POS machine Activiation method and system based on elliptic curve
CN104270346B (en) * 2014-09-12 2017-10-13 北京天行网安信息技术有限责任公司 The methods, devices and systems of two-way authentication
CN105991536A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction system
CN104486323B (en) * 2014-12-10 2017-10-31 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
CN104410641B (en) * 2014-12-10 2017-12-08 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
US9485250B2 (en) * 2015-01-30 2016-11-01 Ncr Corporation Authority trusted secure system component
CN106204034B (en) * 2015-04-29 2019-07-23 中国电信股份有限公司 Using the mutual authentication method and system of interior payment
CN105117665B (en) * 2015-07-16 2017-10-31 福建联迪商用设备有限公司 A kind of end product pattern and the method and system of development mode handoff-security
CN105184121A (en) * 2015-09-02 2015-12-23 上海繁易电子科技有限公司 Hardware authorization system and method using remote server
CN106559218A (en) * 2015-09-29 2017-04-05 中国电力科学研究院 A kind of safe acquisition method of intelligent substation continuous data
CN105243542B (en) * 2015-11-13 2021-07-02 咪付(广西)网络技术有限公司 Dynamic electronic certificate authentication method
CN105260884A (en) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 POS machine key distributing method and device
CN105530241B (en) * 2015-12-07 2018-12-28 咪付(广西)网络技术有限公司 The authentication method of mobile intelligent terminal and POS terminal
CN105574722A (en) * 2015-12-11 2016-05-11 福建新大陆支付技术有限公司 Authorization IC card based remote online authorization method for payment terminal
CN105930718A (en) * 2015-12-29 2016-09-07 中国银联股份有限公司 Method and apparatus for switching point-of-sale (POS) terminal modes
CN105656669B (en) * 2015-12-31 2019-01-01 福建联迪商用设备有限公司 The remote repairing method of electronic equipment, is repaired equipment and system at equipment
CN105681032B (en) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 Method for storing cipher key, key management method and device
CN105743654A (en) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 POS machine secret key remote downloading service system and secret key downloading method
CN105790934B (en) * 2016-03-04 2019-03-15 中国银联股份有限公司 A kind of adaptive POS terminal configuration method configures power assignment method with it
CN107294722A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 A kind of terminal identity authentication method, apparatus and system
CN105978856B (en) * 2016-04-18 2019-01-25 随行付支付有限公司 A kind of POS machine key downloading method, apparatus and system
CN106059771A (en) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 Intelligent POS machine secret key management system and method
CN106127461A (en) * 2016-06-16 2016-11-16 中国银联股份有限公司 Bi-directional verification method of mobile payment and system
CN107563712A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 A kind of mobile terminal punch card method, device, equipment and system
CN106027247A (en) * 2016-07-29 2016-10-12 宁夏丝路通网络支付有限公司北京分公司 Method for remotely issuing POS key
CN106100854A (en) * 2016-08-16 2016-11-09 黄朝 The reverse authentication method of terminal unit based on authority's main body and system
CN107800538B (en) * 2016-09-01 2021-01-29 中电长城(长沙)信息技术有限公司 Remote key distribution method for self-service equipment
US11018860B2 (en) 2016-10-28 2021-05-25 Microsoft Technology Licensing, Llc Highly available and reliable secret distribution infrastructure
CN106571915A (en) * 2016-11-15 2017-04-19 中国银联股份有限公司 Terminal master key setting method and apparatus
CN106603496B (en) * 2016-11-18 2019-05-21 新智数字科技有限公司 A kind of guard method, smart card, server and the communication system of data transmission
CN106656488B (en) * 2016-12-07 2020-04-03 百富计算机技术(深圳)有限公司 Key downloading method and device for POS terminal
CN106712939A (en) * 2016-12-27 2017-05-24 百富计算机技术(深圳)有限公司 Offline key transmission method and device
US10432730B1 (en) 2017-01-25 2019-10-01 United States Of America As Represented By The Secretary Of The Air Force Apparatus and method for bus protection
CN106953731B (en) * 2017-02-17 2020-05-12 福建魔方电子科技有限公司 Authentication method and system for terminal administrator
CN107466455B (en) * 2017-03-15 2021-05-04 深圳大趋智能科技有限公司 POS machine security verification method and device
US10296477B2 (en) 2017-03-30 2019-05-21 United States of America as represented by the Secretary of the AirForce Data bus logger
CN106997533B (en) * 2017-04-01 2020-10-13 福建实达电脑设备有限公司 POS terminal product safety production authorization management system and method
CN107094138B (en) * 2017-04-11 2019-09-13 郑州信大捷安信息技术股份有限公司 A kind of smart home safe communication system and communication means
CN107070925A (en) * 2017-04-18 2017-08-18 上海赛付网络科技有限公司 A kind of terminal applies and the anti-tamper method of background service communication packet
CN107104795B (en) * 2017-04-25 2020-09-04 上海汇尔通信息技术有限公司 Method, framework and system for injecting RSA key pair and certificate
CN107360652A (en) * 2017-05-31 2017-11-17 江苏普世祥光电技术有限公司 A kind of control method of square landscape lamp
CN107301437A (en) * 2017-05-31 2017-10-27 江苏普世祥光电技术有限公司 A kind of control system of square landscape lamp
CN107358441B (en) * 2017-06-26 2020-12-18 北京明华联盟科技有限公司 Payment verification method and system, mobile device and security authentication device
CN107637014B (en) * 2017-08-02 2020-11-24 福建联迪商用设备有限公司 Configurable POS machine key pair generation method and storage medium
CN107666420B (en) * 2017-08-30 2020-12-15 宁波梦居智能科技有限公司 Method for production control and identity authentication of intelligent home gateway
CN107392591B (en) * 2017-08-31 2020-02-07 恒宝股份有限公司 Online recharging method and system for industry card and Bluetooth read-write device
CN107888379A (en) * 2017-10-25 2018-04-06 百富计算机技术(深圳)有限公司 A kind of method of secure connection, POS terminal and code keypad
CN107995985B (en) * 2017-10-27 2020-05-05 福建联迪商用设备有限公司 Financial payment terminal activation method and system
CN107835170B (en) * 2017-11-04 2021-04-20 上海动联信息技术股份有限公司 Intelligent Pos equipment safety authorization dismantling system and method
CN107993062A (en) * 2017-11-27 2018-05-04 百富计算机技术(深圳)有限公司 POS terminal method of commerce, device, computer equipment and readable storage medium storing program for executing
CN107944250B (en) * 2017-11-28 2021-04-13 艾体威尔电子技术(北京)有限公司 Key acquisition method applied to POS machine
CN107919962B (en) * 2017-12-22 2021-01-15 国民认证科技(北京)有限公司 Internet of things equipment registration and authentication method
CN108365950A (en) * 2018-01-03 2018-08-03 深圳怡化电脑股份有限公司 The generation method and device of financial self-service equipment key
CN108390851B (en) * 2018-01-05 2020-07-03 郑州信大捷安信息技术股份有限公司 Safe remote control system and method for industrial equipment
CN108235807B (en) * 2018-01-15 2020-08-04 福建联迪商用设备有限公司 Software encryption terminal, payment terminal, software package encryption and decryption method and system
WO2019153119A1 (en) * 2018-02-06 2019-08-15 福建联迪商用设备有限公司 Method for transmitting key, receiving terminal and distribution terminal
CN108446539B (en) * 2018-03-16 2023-01-13 福建深空信息技术有限公司 Software authorization method and software authorization file generation system
CN108496323B (en) * 2018-03-21 2020-01-21 福建联迪商用设备有限公司 Certificate importing method and terminal
CN108496194A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A kind of method, server-side and the system of verification terminal legality
CN108737106B (en) * 2018-05-09 2021-06-01 深圳壹账通智能科技有限公司 User authentication method and device on block chain system, terminal equipment and storage medium
CN108833088A (en) * 2018-05-22 2018-11-16 珠海爱付科技有限公司 A kind of POS terminal Activiation method
CN110581829A (en) * 2018-06-08 2019-12-17 中国移动通信集团有限公司 Communication method and device
CN109218293B (en) * 2018-08-21 2021-09-21 西安得安信息技术有限公司 Use method of distributed password service platform key management
CN109347625B (en) * 2018-08-31 2020-04-24 阿里巴巴集团控股有限公司 Password operation method, work key creation method, password service platform and equipment
CN109326061B (en) * 2018-09-10 2021-10-26 惠尔丰(中国)信息系统有限公司 Anti-cutting method of intelligent POS
CN109274684B (en) * 2018-10-31 2020-12-29 中国—东盟信息港股份有限公司 Internet of things terminal system based on integration of eSIM communication and navigation service and implementation method thereof
CN109547208B (en) * 2018-11-16 2021-11-09 交通银行股份有限公司 Online distribution method and system for master key of financial electronic equipment
CN109670289B (en) * 2018-11-20 2020-12-15 福建联迪商用设备有限公司 Method and system for identifying legality of background server
CN109508995A (en) * 2018-12-12 2019-03-22 福建新大陆支付技术有限公司 A kind of off line authorization method and payment terminal based on payment terminal
CN109510711B (en) * 2019-01-08 2022-04-01 深圳市网心科技有限公司 Network communication method, server, client and system
CN111627174A (en) * 2019-02-28 2020-09-04 南京摩铂汇信息技术有限公司 Bluetooth POS equipment and payment system
CN110011794B (en) * 2019-04-11 2021-08-13 北京智芯微电子科技有限公司 Cipher machine key attribute testing method
CN109995532A (en) * 2019-04-11 2019-07-09 晏福平 A kind of online management method and system of terminal master key
CN110545542B (en) * 2019-06-13 2023-03-14 银联商务股份有限公司 Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN112532567A (en) * 2019-09-19 2021-03-19 中国移动通信集团湖南有限公司 Transaction encryption method and POSP system
CN110855442A (en) * 2019-10-10 2020-02-28 北京握奇智能科技有限公司 PKI (public key infrastructure) technology-based inter-device certificate verification method
CN111193748B (en) * 2020-01-06 2021-12-03 惠州市德赛西威汽车电子股份有限公司 Interactive key security authentication method and system
CN111275440B (en) * 2020-01-19 2023-11-10 中钞科堡现金处理技术(北京)有限公司 Remote key downloading method and system
TWI775061B (en) * 2020-03-30 2022-08-21 尚承科技股份有限公司 Protection system and method for soft/firmware or data
CN111597512B (en) * 2020-03-31 2023-10-31 尚承科技股份有限公司 Soft firmware or data protection system and protection method
CN111526013B (en) * 2020-04-17 2023-05-05 中国人民银行清算总中心 Key distribution method and system
CN111884804A (en) * 2020-06-15 2020-11-03 上海祥承通讯技术有限公司 Remote key management method
CN111815811B (en) * 2020-06-22 2022-09-06 合肥智辉空间科技有限责任公司 Electronic lock safety coefficient
CN111950999B (en) * 2020-07-28 2024-06-04 银盛支付服务股份有限公司 Method and system for realizing key filling safety based on IC card on POS machine
CN111931206A (en) * 2020-07-31 2020-11-13 银盛支付服务股份有限公司 Data encryption method based on APP
CN112134849B (en) * 2020-08-28 2024-02-20 国电南瑞科技股份有限公司 Dynamic trusted encryption communication method and system for intelligent substation
CN112182599B (en) * 2020-09-15 2024-06-11 中信银行股份有限公司 Automatic loading method and device for master key, electronic equipment and readable storage medium
CN112311528B (en) * 2020-10-17 2023-06-23 深圳市德卡科技股份有限公司 Data security transmission method based on cryptographic algorithm
CN112291232B (en) * 2020-10-27 2021-06-04 中国联合网络通信有限公司深圳市分公司 Safety capability and safety service chain management platform based on tenants
CN112332978B (en) * 2020-11-10 2022-09-20 上海商米科技集团股份有限公司 Remote key injection method based on key agreement
CN112396416A (en) * 2020-11-18 2021-02-23 上海商米科技集团股份有限公司 Method for loading certificate of intelligent POS equipment
CN112560058B (en) * 2020-12-17 2022-12-30 山东华芯半导体有限公司 SSD partition encryption storage system based on intelligent password key and implementation method thereof
CN112968776B (en) * 2021-02-02 2022-09-02 中钞科堡现金处理技术(北京)有限公司 Method, storage medium and electronic device for remote key exchange
CN113037494B (en) * 2021-03-02 2023-05-23 福州汇思博信息技术有限公司 Burning piece mirror image file signature method and terminal
CN113450511A (en) * 2021-03-25 2021-09-28 深圳怡化电脑科技有限公司 Transaction method of acceptance terminal equipment and bank system and acceptance terminal equipment
CN113132980B (en) * 2021-04-02 2023-10-13 四川省计算机研究院 Key management system method and device applied to Beidou navigation system
CN113328851B (en) * 2021-04-21 2022-01-14 北京连山科技股份有限公司 Method and system for randomly transmitting secret key under multilink condition
CN113645221A (en) * 2021-08-06 2021-11-12 中国工商银行股份有限公司 Encryption method, device, equipment, storage medium and computer program
CN113810391A (en) * 2021-09-01 2021-12-17 杭州视洞科技有限公司 Cross-machine-room communication bidirectional authentication and encryption method
CN113612612A (en) * 2021-09-30 2021-11-05 阿里云计算有限公司 Data encryption transmission method, system, equipment and storage medium
CN114423003B (en) * 2021-12-29 2024-01-30 中国航空工业集团公司西安飞机设计研究所 Airplane key comprehensive management method and system
CN114499891B (en) * 2022-03-21 2024-05-31 宁夏凯信特信息科技有限公司 Signature server system and signature verification method
CN114726521A (en) * 2022-04-14 2022-07-08 广东好太太智能家居有限公司 Intelligent lock temporary password generation method and electronic equipment
CN115632769A (en) * 2022-10-12 2023-01-20 北京捷文科技股份有限公司 Payment terminal comprehensive key management method, system and computer readable storage medium
CN117176339B (en) * 2023-08-31 2024-06-18 深圳手付通科技有限公司 Method and system for online updating of pos terminal equipment master key TMK
CN116865966B (en) * 2023-09-04 2023-12-05 中量科(南京)科技有限公司 Encryption method, device and storage medium for generating working key based on quantum key

Family Cites Families (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS57157371A (en) * 1981-03-24 1982-09-28 Sharp Corp Electronic cash register
JP2993833B2 (en) * 1993-11-29 1999-12-27 富士通株式会社 POS system
JPH10112883A (en) * 1996-10-07 1998-04-28 Hitachi Ltd Radio communication exchange system, exchange, public key management device, mobile terminal and mobile terminal recognizing method
JP2002540090A (en) * 1999-03-22 2002-11-26 ピユラク・バイオケム・ベー・ブイ How to purify lactic acid on an industrial scale
CN1127033C (en) * 2000-07-20 2003-11-05 天津南开戈德集团有限公司 Radio mobile network point of sale (POS) terminal system and operation method thereof
US7110986B1 (en) * 2001-04-23 2006-09-19 Diebold, Incorporated Automated banking machine system and method
KR100641824B1 (en) * 2001-04-25 2006-11-06 주식회사 하렉스인포텍 A payment information input method and mobile commerce system using symmetric cipher system
JP2002366285A (en) * 2001-06-05 2002-12-20 Matsushita Electric Ind Co Ltd Pos terminal
GB2404126B (en) * 2002-01-17 2005-04-06 Toshiba Res Europ Ltd Data transmission links
JP2003217028A (en) * 2002-01-24 2003-07-31 Tonfuu:Kk Operation situation monitoring system for pos terminal device
US7395427B2 (en) * 2003-01-10 2008-07-01 Walker Jesse R Authenticated key exchange based on pairwise master key
JP2005117511A (en) * 2003-10-10 2005-04-28 Nec Corp Quantum cipher communication system and quantum cipher key distributing method used therefor
KR101282972B1 (en) * 2004-03-22 2013-07-08 삼성전자주식회사 Authentication between a device and a portable storage
US20060093149A1 (en) * 2004-10-30 2006-05-04 Shera International Ltd. Certified deployment of applications on terminals
DE102005022019A1 (en) * 2005-05-12 2007-02-01 Giesecke & Devrient Gmbh Secure processing of data
KR100652125B1 (en) * 2005-06-03 2006-12-01 삼성전자주식회사 Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof
CN100583743C (en) * 2005-07-22 2010-01-20 华为技术有限公司 Distributing method for transmission key
MX2008010705A (en) * 2006-02-22 2009-03-02 Hypercom Corp Secure electronic transaction system.
JP2007241351A (en) * 2006-03-06 2007-09-20 Cela System:Kk Customer/commodity integrated management system by customer/commodity/purchase management system (including pos) and mobile terminal
EP1833009B1 (en) * 2006-03-09 2019-05-08 First Data Corporation Secure transaction computer network
US7818264B2 (en) * 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
CN101064695A (en) * 2007-05-16 2007-10-31 杭州看吧科技有限公司 P2P(Peer to Peer) safe connection method
CN101145913B (en) * 2007-10-25 2010-06-16 东软集团股份有限公司 A method and system for network security communication
WO2009070041A2 (en) * 2007-11-30 2009-06-04 Electronic Transaction Services Limited Payment system and method of operation
CN101541002A (en) * 2008-03-21 2009-09-23 展讯通信(上海)有限公司 Web server-based method for downloading software license of mobile terminal
CN101615322B (en) * 2008-06-25 2012-09-05 上海富友金融网络技术有限公司 Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function
JP4666240B2 (en) * 2008-07-14 2011-04-06 ソニー株式会社 Information processing apparatus, information processing method, program, and information processing system
CN101686225A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Methods of data encryption and key generation for on-line payment
KR20100052668A (en) * 2008-11-11 2010-05-20 노틸러스효성 주식회사 Method for on-line sharing of tmk(terminal master key) between atm and host
JP5329184B2 (en) * 2008-11-12 2013-10-30 株式会社日立製作所 Public key certificate verification method and verification server
CN101425208B (en) * 2008-12-05 2010-11-10 浪潮齐鲁软件产业有限公司 Method for safely downloading cipher key of finance tax-controlling cashing machine
CN101527714B (en) * 2008-12-31 2012-09-05 飞天诚信科技股份有限公司 Method, device and system for accreditation
CN101930644B (en) * 2009-06-25 2014-04-16 中国银联股份有限公司 Method for safely downloading master key automatically in bank card payment system and system thereof
CN101719895A (en) * 2009-06-26 2010-06-02 中兴通讯股份有限公司 Data processing method and system for realizing secure communication of network
CN101593389B (en) * 2009-07-01 2012-04-18 中国建设银行股份有限公司 Key management method and key management system for POS terminal
CN101631305B (en) * 2009-07-28 2011-12-07 交通银行股份有限公司 Encryption method and system
CN101656007B (en) * 2009-08-14 2011-02-16 通联支付网络服务股份有限公司 Safe system realizing one machine with multiple ciphers on POS machine and method thereof
CN102064939B (en) * 2009-11-13 2013-06-12 福建联迪商用设备有限公司 Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN101710436B (en) * 2009-12-01 2011-12-14 中国建设银行股份有限公司 Method and system for controlling POS terminal and POS terminal management equipment
CN101807994B (en) * 2009-12-18 2012-07-25 北京握奇数据系统有限公司 Method and system for application data transmission of IC card
CN102148799B (en) * 2010-02-05 2014-10-22 中国银联股份有限公司 Key downloading method and system
CN101807997B (en) * 2010-04-28 2012-08-22 中国工商银行股份有限公司 Device and method for generating transmission key
CN201656997U (en) * 2010-04-28 2010-11-24 中国工商银行股份有限公司 Device for generating transmission key
CN102262760A (en) * 2010-05-28 2011-11-30 杨筑平 Transaction secrecy method, acceptance apparatus and submission software
WO2012021662A2 (en) * 2010-08-10 2012-02-16 General Instrument Corporation System and method for cognizant transport layer security (ctls)
CN101938520B (en) * 2010-09-07 2015-01-28 中兴通讯股份有限公司 Mobile terminal signature-based remote payment system and method
CN101976403A (en) * 2010-10-29 2011-02-16 北京拉卡拉网络技术有限公司 Phone number payment platform, payment trading system and method thereof
CN102013982B (en) * 2010-12-01 2012-07-25 银联商务有限公司 Long-distance encryption method, management method, as well as encryption management method, device and system
CN102903189A (en) * 2011-07-25 2013-01-30 上海昂贝电子科技有限公司 Terminal transaction method and device
CN102394749B (en) * 2011-09-26 2014-03-05 深圳市文鼎创数据科技有限公司 Line protection method, system, information safety equipment and application equipment for data transmission
CN102521935B (en) * 2011-12-15 2013-12-11 福建联迪商用设备有限公司 Method and apparatus for state detection of POS machine
CN102592369A (en) * 2012-01-14 2012-07-18 福建联迪商用设备有限公司 Method for self-service terminal access to financial transaction center
CN102624711B (en) * 2012-02-27 2015-06-03 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102624710B (en) * 2012-02-27 2015-03-11 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102647274B (en) * 2012-04-12 2014-10-08 福建联迪商用设备有限公司 POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof
CN102707972B (en) * 2012-05-02 2016-03-09 银联商务有限公司 A kind of POS terminal method for updating program and system
CN102768744B (en) * 2012-05-11 2016-03-16 福建联迪商用设备有限公司 A kind of remote safe payment method and system
CN102868521B (en) * 2012-09-12 2015-03-04 成都卫士通信息产业股份有限公司 Method for enhancing secret key transmission of symmetrical secret key system
CN103116505B (en) * 2012-11-16 2016-05-25 福建联迪商用设备有限公司 A kind of method that Auto-matching is downloaded
CN103117855B (en) * 2012-12-19 2016-07-06 福建联迪商用设备有限公司 A kind of method of the method generating digital certificate and backup and recovery private key
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103220271A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103237004A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Key download method, key management method, method, device and system for download management
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103729941B (en) * 2013-03-15 2016-06-15 福建联迪商用设备有限公司 A kind of main cipher key T MK method for safely downloading of terminal and system
CN103269266B (en) * 2013-04-27 2016-07-06 北京宏基恒信科技有限责任公司 The safety certifying method of dynamic password and system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363090A (en) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 Secret key distribution device and method for enhancing safety of banking terminal equipment
CN105681263A (en) * 2014-11-20 2016-06-15 广东华大互联网股份有限公司 Smart card key remote application method and application system
CN105681263B (en) * 2014-11-20 2019-02-12 广东华大互联网股份有限公司 A kind of secrete key of smart card remote application method and application system
CN105989472A (en) * 2015-03-06 2016-10-05 华立科技股份有限公司 Wireless mobile configuration, wireless payment configuration and wireless payment configuration method of electric energy measurement system, and public commodity wireless payment configuration
CN106097608A (en) * 2016-06-06 2016-11-09 福建联迪商用设备有限公司 Remote cipher key method for down loading and system, acquirer and target POS terminal
CN106097608B (en) * 2016-06-06 2018-07-27 福建联迪商用设备有限公司 Remote cipher key method for down loading and system, acquirer and target POS terminal
CN108513704A (en) * 2018-04-17 2018-09-07 福建联迪商用设备有限公司 The remote distribution method and its system of terminal master key
CN108513704B (en) * 2018-04-17 2021-01-19 福建联迪商用设备有限公司 Remote distribution method and system of terminal master key
CN110061848A (en) * 2019-04-17 2019-07-26 飞天诚信科技股份有限公司 A kind of safety imports method, payment terminal and the system of payment terminal key
CN110061848B (en) * 2019-04-17 2021-09-14 飞天诚信科技股份有限公司 Method for safely importing secret key of payment terminal, payment terminal and system
CN111132154A (en) * 2019-12-26 2020-05-08 飞天诚信科技股份有限公司 Method and system for negotiating session key
CN113708923A (en) * 2021-07-29 2021-11-26 银盛支付服务股份有限公司 Method and system for remotely downloading master key

Also Published As

Publication number Publication date
CN103729945B (en) 2015-11-18
CN103701609A (en) 2014-04-02
CN103714638B (en) 2015-09-30
CN103745351B (en) 2017-09-29
CN103701610A (en) 2014-04-02
CN103729944A (en) 2014-04-16
CN103714636A (en) 2014-04-09
CN103714640B (en) 2016-02-03
CN103729944B (en) 2015-09-30
WO2014139411A1 (en) 2014-09-18
CN103714635B (en) 2015-11-11
CN103729940B (en) 2016-06-15
CN103701812A (en) 2014-04-02
WO2014139406A1 (en) 2014-09-18
CN103745351A (en) 2014-04-23
WO2014139403A1 (en) 2014-09-18
CN103716154A (en) 2014-04-09
CN103729940A (en) 2014-04-16
CN103716154B (en) 2017-08-01
CN103746800B (en) 2017-05-03
CN103716155B (en) 2016-08-17
CN103714635A (en) 2014-04-09
CN103714639A (en) 2014-04-09
CN103716320B (en) 2017-08-01
CN103716167A (en) 2014-04-09
CN103714634B (en) 2016-06-15
CN103716320A (en) 2014-04-09
CN103716321A (en) 2014-04-09
CN103716167B (en) 2017-01-11
CN103716155A (en) 2014-04-09
CN103746800A (en) 2014-04-23
CN103731259B (en) 2017-08-01
CN103714636B (en) 2015-12-02
CN103729941A (en) 2014-04-16
CN103729943B (en) 2015-12-30
CN103716153B (en) 2017-08-01
CN103714634A (en) 2014-04-09
CN103714640A (en) 2014-04-09
CN103716153A (en) 2014-04-09
CN103714637B (en) 2016-03-16
CN103731260B (en) 2016-09-28
WO2014139408A1 (en) 2014-09-18
CN103716321B (en) 2017-08-29
CN103729945A (en) 2014-04-16
CN103714639B (en) 2016-05-04
CN103714641B (en) 2016-03-30
CN103729943A (en) 2014-04-16
CN103701609B (en) 2016-09-28
CN103701610B (en) 2018-04-17
CN103729942B (en) 2016-01-13
CN103714637A (en) 2014-04-09
CN103714641A (en) 2014-04-09
CN103714638A (en) 2014-04-09
CN103729942A (en) 2014-04-16
CN103714633B (en) 2016-05-04
CN103731260A (en) 2014-04-16
CN103729941B (en) 2016-06-15
CN103701812B (en) 2017-01-25
CN103714633A (en) 2014-04-09
WO2014139412A1 (en) 2014-09-18

Similar Documents

Publication Publication Date Title
CN103731259B (en) A kind of terminal master key TMK safety downloading method and systems
CN103716168B (en) Secret key management method and system
CN103714642B (en) Key downloading method, management method, downloading management method and device and system
EP3022700B1 (en) Secure remote payment transaction processing
CN103716322A (en) Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system
US20160036793A1 (en) Key downloading method, management method, downloading management method, device and system
KR20180089952A (en) Method and system for processing transaction of electronic cash

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB03 Change of inventor or designer information

Inventor after: Hong Yixuan

Inventor after: Su Wenlong

Inventor after: Meng Luqiang

Inventor before: Su Wenlong

Inventor before: Meng Luqiang

COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: SU WENLONG MENG LUQIANG TO: HONG YIXUAN SU WENLONG MENG LUQIANG

GR01 Patent grant
GR01 Patent grant