CN103746800A - TMK (terminal master key) safe downloading method and system - Google Patents
TMK (terminal master key) safe downloading method and system Download PDFInfo
- Publication number
- CN103746800A CN103746800A CN201310740537.7A CN201310740537A CN103746800A CN 103746800 A CN103746800 A CN 103746800A CN 201310740537 A CN201310740537 A CN 201310740537A CN 103746800 A CN103746800 A CN 103746800A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- mtms
- kms
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
The invention discloses a TMK (terminal master key) safe downloading method and a TMK safe downloading system. Through adopting a method for remotely downloading TMK, the distribution and arrangement of a payment terminal to a commercial tenant after the integrated downloading of the TMK is avoided, and the logistics cost and the integrated downloading maintenance cost are reduced. The method for remotely downloading TMK realizes the encryption protection on the TMK through uploading a TK (transmission key), in addition, the ciphertext transmission is adopted in the whole process, great convenience is brought to the collection, management and uploading of the TK through an operation terminal and an MTMS (material tracking management system), in order to ensure the legal identities of the operation terminal, the MTMS and a KMS (key management system), the identities of the two parties can be transmitted through the CA (certificate authority) center for authentication, and the accurate receiving and sending of the ciphertext are ensured. The two-way authentication between the two parities is also carried out between transmission master keys between the payment terminal and the KMS, and the downloading security of the master key is further improved.
Description
Technical field
The present invention relates to E-Payment field, relate in particular to a kind of terminal master key TMK method for safely downloading and system.
Background technology
(BANK Card) is more and more universal as the means of payment for bank card, common bank card paying system comprises point of sales terminal (Point Of Sale, POS), POS receives single system (POSP), code keypad (PIN PAD) and hardware encipher machine (Hardware and Security Module, HSM).Wherein POS terminal can be accepted bank card information, has communication function, and the instruction of accepting teller completes financial transaction information and the equipment of exchange for information about; POS receives single system POS terminal is managed concentratedly, comprises parameter downloads, and key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback transaction results information, is the system of centralized management and trading processing; Code keypad (PIN PAD) is that the relevant key of various financial transactions is carried out to safe storage protection, and the safety means that PIN are encrypted to protection; Hardware encipher machine (HSM) is to the peripheral hardware equipment that is encrypted of transmission data, for correctness and the storage key of encryption and decryption, checking message and the document source of PIN.Personal identification code (Personal Identification Number, PIN), personal identification number, is the data message of identifying holder's identity legitimacy in on-line transaction, in cyber-net system, any link does not allow to occur in mode expressly; Terminal master key (Terminal Master Key, TMK), during POS terminal works, the master key that working key is encrypted, encrypting storing is in system database; POS terminal is widely used in bank card and pays occasion, such as manufacturer's shopping, hotel's lodging etc., is a kind of indispensable modernization means of payment, has incorporated the various occasions of people's life.Bank card; debit card particularly; generally all by holder, be provided with PIN; in carrying out payment process; POS terminal is except above sending the data such as magnetic track information of bank card; also want holder to input the checking holder's of PINGong issuing bank identity legitimacy, guarantee bank card safety of payment, protection holder's property safety.In order to prevent that PIN from revealing or being cracked; requirement is from terminal to issuing bank in whole information interactive process; whole process is carried out safety encipher protection to PIN; do not allow any link in computer network system; PIN occurs in mode expressly, so the POS terminal of the PIN of acceptance input at present all requires to be equipped with key management system.
The key code system of POS terminal is divided into secondary: terminal master key (TMK) and working key (WK).Wherein TMK, in WK renewal process, is encrypted protection to WK.Between every POS terminal and POS, share unique TMK, must have safeguard protection, assurance can only write device and is participated in calculating, and can not read; TMK is a very crucial root key, if TMK is intercepted, working key is just cracked than being easier to, by serious threat bank card safety of payment.So can secure download TMK to POS terminal, become the key of whole POS terminal security.
For taking precautions against terminal master key TMK disclosure risk, the safe machine room that the download of terminal master key TMK must be controlled at the administrative center of acquirer carries out, therefore essential by manually concentrating POS terminal download terminal master key.Thereby bring maintenance centre's machine room workload large; After equipment dispatches from the factory, need to be transported to administrative center's safe machine room download key and just can be deployed to trade company, cost of transportation rises; In order to concentrate lower dress terminal master key, need a large amount of staff and operating time, the problem such as maintenance cost is large, maintenance period is long.
Similar to POS terminal, ATM terminal, for paying the intellective IC card of use, the payment terminals such as mobile phone terminal with payment function all need to concentrate and download terminal master key by artificial, exist equally cost of transportation high, concentrate the problems such as lower dress terminal master key needs a large amount of staff and operating time, and maintenance cost is large, maintenance period is long.
Summary of the invention
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is:
A terminal master key TMK method for safely downloading, comprises step: S1, MTMS system will reach the flow process of payment terminal under PKI Pu_mtms; Use public-key Pu_mtms encrypted transmission cipher key T K be uploaded to the flow process of KMS system of S2, payment terminal; The flow process of the master key TMK that S3, payment terminal are encrypted through transmission security key TK from KMS system downloads; Wherein, step S1 concrete steps comprise: the operating terminal digital certificate Crt_optm that S11, the preset CA of operating terminal center generate, the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates; S12, MTMS system call the first hardware encipher machine, KMS system call the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump; S13, operating terminal and MTMS system are carried out two-way authentication by CA center; After S14, authentication are passed through, MTMS system is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad; Step S2 concrete steps comprise: S21, payment terminal are called code keypad and produced transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK; S22, payment terminal are called the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and are generated the first transmission security key ciphertext Ctk_Pu; S23, operating terminal are sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN; S24, when receiving TK that KMS sends and obtain request, MTMS system call the first hardware encipher machine uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, then use Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, use MAC key MAK to calculate the MAC value of ciphertext TK, the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk; S25, MTMS system and KMS system are carried out two-way authentication by CA center; After S26, authentication are passed through, MTMS system sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk; S3 concrete steps comprise: S31, payment terminal are sent to KMS system by terminal serial number SN and the application of download master key; S32, KMS system receive the terminal serial number SN of payment terminal transmission and download after master key application, inquire about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN; S33, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; After S34, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication; If S35 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; S36, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
Another technical solution used in the present invention is:
A terminal master key TMK secure download system, comprises the first hardware encipher machine, the second hardware encipher machine, payment terminal, operating terminal, MTMS system, CA center and KMS system; Described payment terminal comprises the upper transmission module of a TK, TMK request module, two-way authentication A module, TMK receiver module, described operating terminal comprises the upper transmission module of the 2nd TK, described MTMS system comprises arranging key A module, PKI sending module, TK request respond module, the upper transmission module of the 3rd TK, described KMS system comprises arranging key B module, TMK request respond module, two-way authentication B module, TMK sending module, and described CA center comprises certificate preset module, ca authentication module; The operating terminal digital certificate Crt_optm that certificate preset module generates for JiangCA center is preset in operating terminal, the MTMS system digits certificate Crt_mtms that JiangCA center generates is preset in MTMS system, and the KMS system digits certificate Crt_kms that JiangCA center generates is preset in KMS system; Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump; Ca authentication module is for carrying out two-way authentication to operating terminal and MTMS system by CA center; PKI sending module, for after passing through when ca authentication authentication, is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad; The upper transmission module of the one TK is used for calling code keypad and produces transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK; The upper transmission module of the one TK is used for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and generates the first transmission security key ciphertext Ctk_Pu; The upper transmission module of the 2nd TK is for being sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN; TK request respond module is for obtaining while asking when receiving TK that KMS system sends, the first hardware encipher machine that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk; Ca authentication module is also carried out two-way authentication for MTMS system and KMS system by CA center; The upper transmission module of the 3rd TK, for after MTMS system and KMS system authentication are passed through, sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk; TMK request module is for being sent to KMS system by terminal serial number SN and the application of download master key; TMK request respond module, for receiving the terminal serial number SN of payment terminal transmission when KMS system and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN; TMK request respond module is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication; TMK sending module is for after KMS system and payment terminal two-way authentication are passed through, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.
Beneficial effect of the present invention is: by payment terminal upload transfers cipher key T K, after encrypting terminal master key TMK by TK, be sent to payment terminal, realize payment terminal remote download terminal master key, after having avoided payment terminal by concentrated download master key, cloth is put into trade company again, reduce logistics cost and KMS system and concentrated the maintenance cost of downloading, wherein, remote download master key TMK overall process all adopts ciphertext transmission, between payment terminal and KMS, transmit the two-way authentication of also having carried out both sides between master key, improved the transmission security of master key.Further, by operating terminal, realize the collection of transmission security key TK and upload in the present embodiment, having improved the time efficiency that terminal is uploaded TK, also greatly facilitate the collection of dissimilar and model payment terminal transmission security key TK simultaneously and upload.By operating terminal, control the collection of payment terminal transmission security key TK and upload and make payment terminal be responsible for producing and the hardware resource of transmission security key TK part is released, make the hardware resource of payment terminal more reasonably be optimized use.Further, by MTMS system, can realize the transmission security key TK of the various payment terminals of different geographical minute plant produced to unify to store and concentrate sending to corresponding KMS system, the wrong and work load to KMS system of having avoided the scattered upload transfers cipher key T of payment terminal K to cause.Further, in the process of transmission security key TK transmission, by CA center, the receiving-transmitting sides of transmission data is carried out to authentication, guarantee that operating terminal, MTMS system and KMS system are legal identity, guarantee can not stolen by pseudo-terminal of ciphertext.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of a kind of terminal master key TMK secure download system in an embodiment of the present invention;
Fig. 2 is the structured flowchart of two-way authentication A module in Fig. 1;
Fig. 3 is the structured flowchart of two-way authentication B module in Fig. 1;
Fig. 4 is the method flow diagram of a kind of terminal master key TMK method for safely downloading in an embodiment of the present invention;
Fig. 5 is the particular flow sheet of step S1 in Fig. 4;
Fig. 6 is the particular flow sheet of step S2 in Fig. 4;
Fig. 7 is the particular flow sheet of step S3 in Fig. 4.
Main element symbol description:
10: payment terminal; 20: operating terminal; 30:KMS system; 40:MTMS system; 50:CA center; 60: the first hardware encipher machines; 70: the second hardware encipher machines; 101: the upper transmission modules of a TK; 102:TMK request module; 103: two-way authentication A module; 104:TMK receiver module; 201: the upper transmission modules of two TK; 301: arranging key B module; 302:TMK sending module; 303:TMK asks respond module; 304: two-way authentication B module; 401: arranging key A module; 402:TK asks respond module; 403: PKI sending module; 404: the upper transmission modules of three TK; 501: certificate preset module; 502:CA authentication module; 1031: the first random number generation units; 1032: the first data transmit-receive unit; 1033: the first encryption/decryption elements; 1034: the first judging units; 3041: the second random number generation units; 3042: the second data transmit-receive unit; 3043: the second encryption/decryption elements; 3044: the second judging units.
Embodiment
By describing technology contents of the present invention, structural feature in detail, being realized object and effect, below in conjunction with execution mode and coordinate accompanying drawing to be explained in detail.
One, the abbreviation the present invention relates to and Key Term are defined and are illustrated:
The abbreviation of AUK:Authentication Key, authentication authorization and accounting key, for the two-way authentication between PINPAD and key management system KMS;
CA center: so-called CA(Certificate Authority) center, it is to adopt PKI(Public Key Infrastructure) public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and third party's trust authority with authoritative and fairness, its effect is just as the company of issue certificates in our actual life, as passport is handled mechanism;
The abbreviation of HSM:High Security Machine, high safety means are hardware encipher machine in this system;
KMS system: Key Management System, key management system, for office terminal master key TMK;
The abbreviation of MAK:Mac Key, MAC computation key, consults to determine 24 byte symmetric keys with client, for the MAC value of TK between MTMS system and KMS system, calculates;
MTMS: full name Material Tracking Management System, Tracing Material management system is mainly used when plant produced;
The abbreviation of PIK:Pin Key, Pin encryption key, is a kind of of working key;
PINPAD: code keypad;
The abbreviation of PK:Protect Key, Protective Key, consults to determine with client, 24 byte symmetric keys.Encrypted transmission for TK between MTMS/TCS and KMS;
The abbreviation of POS:Point Of Sale, i.e. point-of-sale terminal
SNpinpad: the sequence number of code keypad, when PINPAD is built-in, SNpos is consistent with POS terminal serial number;
SN: the sequence number of payment terminal;
The abbreviation of TEK:Transmission Encrypt Key, i.e. traffic encryption key, 24 byte symmetric keys, for the encrypted transmission of TMK between PINPAD and key management system KMS;
The abbreviation of TK:Transmission Key, i.e. transmission security key.Transmission security key is comprised of traffic encryption key TEK and two-way authentication key A UK;
The abbreviation of TMS:Terminal Management System, i.e. terminal management system, for completing the functions such as payment terminal information management, software and parameter configuration, remote download, the management of terminal running state information, remote diagnosis;
The abbreviation of TMK:Terminal Master Key, i.e. terminal master key, for payment terminal with pay the encrypted transmission of receiving working key between single system;
Safe house: have higher security level other, for the room of service device, this room needs just can enter after authentication.
Intellective IC card: be CPU card, integrated circuit in card comprises central processor CPU, programmable read only memory EEPROM, random access memory ram and is solidificated in the card internal operating system COS (Chip Operating System) in read only memory ROM, and in card, data are divided into outside and read and inter-process part.
Symmetric key: the both sides that transmit and receive data must use identical key to being expressly encrypted and decrypt operation.Symmetric key encryption algorithm mainly comprises: DES, 3DES, IDEA, FEAL, BLOWFISH etc.
Unsymmetrical key: rivest, shamir, adelman needs two keys: public-key cryptography (private key Public key) and private cipher key (PKI Private key).Public-key cryptography and private cipher key are a pair of, if data are encrypted with public-key cryptography, only have with corresponding private cipher key and could decipher; If data are encrypted with private cipher key, only have so with corresponding public-key cryptography and could decipher.Because what encryption and decryption were used is two different keys, so this algorithm is called rivest, shamir, adelman.The basic process that rivest, shamir, adelman is realized confidential information exchange is: Party A generates a pair of secret keys handle wherein is open as Public key to other side; After using this key to be encrypted confidential information, the Party B who obtains this Public key sends to again Party A; Another private key that Party A preserves with oneself is again decrypted the information after encrypting.Party A sends to Party B after can using Party B's PKI to be encrypted confidential information again; Party B is decrypted the information after encrypting with the private spoon of oneself again.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(elliptic curve encryption algorithm).
RSA: a kind of asymmetric key algorithm.RSA public key encryption algorithm is by Ron Rivest, Adi Shamirh and Len Adleman, in (Massachusetts Institute Technology), to be developed for 1977.RSA is named the name from they three of exploitation.RSA is the most influential public key encryption algorithm at present, and it can resist up to the present known all cryptographic attacks, by ISO, is recommended as public key data encryption standard.RSA Algorithm is true based on a foolproof number theory: two large prime numbers are multiplied each other very easy.RSA Algorithm be first can be simultaneously for encrypting the algorithm with digital signature, also easy to understand and operation.RSA is studied public key algorithm the most widely, from proposing three ten years till now, has experienced the test of various attack, for people accept, generally believes it is one of current classic PKI scheme gradually.
TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is the cryptographic algorithm based on DES, and its key is 16 bytes or 24 bytes.TDES/3DES is the abbreviated expression (being triple DES) of English TripleDES, and DES is that English Data Encryption Standard(counts encryption standard) abbreviated expression.DES is a kind of symmetric key encryption algorithm, i.e. the data encryption key cryptographic algorithm identical with decruption key.DESYou IBM Corporation develops and discloses at 20 century 70s, and for U.S. government adopts, Bing Bei NBS and ANSI (ANSI) are admitted subsequently.TDES/3DES is a kind of pattern of des encryption algorithm, and it uses the key of 3 64 to carry out three encryptions to data.It is a safer distortion of DES.
Two, to technical scheme of the present invention, be described in detail as follows:
For solving the technical problem existing in background technology, the present invention adopts a kind of new master key download scenarios, by payment terminal, produce at random TK(Transmission Key, transmission security key), TK after producing is stored in the code keypad of payment terminal, and TK is sent to KMS(Key Management System by transmission means required under various application scenarioss, key management system, for office terminal master key TMK).
When payment terminal application download terminal master key TMK, KMS system is used TK to encrypt terminal master key TMK, and the terminal master key ciphertext after encrypting is sent to payment terminal, payment terminal is decrypted master key ciphertext with TK after receiving, obtain terminal master key TMK, and terminal master key TMK is kept in code keypad.
So, by TK, encrypt terminal master key TMK, make TMK can carry out remote transmission, facilitate the secure download of TMK.
Under some scene, adopt operating terminal to gather the TK that payment terminal produces, and be responsible for TK to be transferred to MTMS system (Material Tracking Management System by operating terminal, Tracing Material system, mainly in plant produced, use), by MTMS systematic unity management TK, and TK is sent to corresponding KMS system.Adopt operating terminal to gather TK and can facilitate the acquisition operations (can realize a key collection etc.) of TK and the rights management that TK gathers; Employing MTMS system can be conveniently to TK unified management, and during convenient after-sales service later, data search and the download of payment terminal, can realize by manufacture order bulk transfer TK by MTMS system, facilitates the transfer management of TK, prevents that TK from misinformating to wrong object.
Above-mentionedly by payment terminal, gather and be sent to bank's end after transmission security key TK TMK is encrypted, then the method for the TMK after TK encrypts can realize the remote download of TMK by payment terminal remote download.But, TK upload with TMK downloading process in relate to more terminal and system, therefore easily occur that pseudo-terminal steals TMK.In order to improve TMK, download safety, need a kind of method that can conveniently verify the terminal master key TMK secure download of each terminal and system identity.
Below just the present invention is overcome to the problems referred to above technical scheme be elaborated.Theory of the present invention is at described TK and TMK course of conveying YouCA center (Certificate Authority, certificate granting center, adopt Public Key Infrastructure public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and third party's trust authority with authoritative and fairness) differentiate the identity of operating terminal, MTMS system and KMS system, by introducing CA center, prevent that pseudo-terminal and pseudo-KMS system from stealing TK.
Refer to Fig. 1, for the structured flowchart of a kind of terminal master key TMK secure download system in an embodiment of the present invention, this terminal master key TMK secure download system comprises the first hardware encipher machine 50, the second hardware encipher machine 60, payment terminal 10, operating terminal 20, MTMS system 40, CA center 50 and KMS system 30, described payment terminal 10 comprises the upper transmission module 101 of a TK, TMK request module 102, two-way authentication A module 103, TMK receiver module 104, described operating terminal 20 comprises the upper transmission module 201 of the 2nd TK, described MTMS system 40 comprises arranging key A module 401, PKI sending module 403, TK asks respond module 402, the upper transmission module 404 of the 3rd TK, described KMS system 30 comprises arranging key B module 301, TMK asks respond module 303, two-way authentication B module 304, TMK sending module 302, described CA center 50 comprises certificate preset module 501, ca authentication module 502.
The operating terminal digital certificate Crt_optm that certificate preset module 501 generates for JiangCA center 50 is preset in operating terminal 20, the MTMS system digits certificate Crt_mtms that JiangCA center 50 generates is preset in MTMS system 40, and the KMS system digits certificate Crt_kms that JiangCA center 50 generates is preset in KMS system 30;
Arranging key A module 401 and arranging key B module 301 are for calling the first hardware encipher machine 60 and the second hardware encipher machine 70, in the first hardware encipher machine 60 and the second hardware encipher machine 70, MTMS system 40 authority components and KMS system 30 authority components are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine 60 and the second hardware encipher machine 70 in the lump;
PKI sending module 403, for after passing through when ca authentication authentication, is sent to PKI Pu_mtms payment terminal 10 and is stored in code keypad by operating terminal 20;
The upper transmission module 101 of the one TK produces transmission security key TK for calling code keypad, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;
The upper transmission module 101 of the one TK generates the first transmission security key ciphertext Ctk_Pu for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key;
The upper transmission module 201 of the 2nd TK is for being sent to MTMS system 40 by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
TK request respond module 402 is for obtaining while asking when receiving TK that KMS system 30 sends, the first hardware encipher machine 60 that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;
Ca authentication module 502 is also carried out two-way authentication for MTMS system 40 and KMS system by CA center 50;
The upper transmission module 404 of the 3rd TK, for after passing through when MTMS system 40 and 30 authentications of KMS system, sends to KMS system 30 by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;
TMK request respond module 303, for receiving the terminal serial number SN of payment terminal 10 transmissions when KMS system 30 and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;
TMK request respond module 303 is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine 70, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine 70;
Two-way authentication A module 103 and two-way authentication B module 304 are for obtaining after transmission security key TK when KMS system 30, and the second hardware encipher machine 60 that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;
Wherein, the certificate preset module at described CA center 50 comprises operating terminal digital certificate Crt_optm generation module, MTMS system digits certificate Crt_mtms generation module and KMS system digits certificate Crt_kms generation module.
The digital certificate Crt_optm generation module of described operating terminal 10 generates public private key pair Pu and Pr for call operation terminal, use root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm for the digital certificate Crt_optm of generation is sent and be stored in operating terminal 20;
The digital certificate Crt_mtms generation module of described MTMS system 40 is used for calling the first hardware encipher machine 60 and produces public private key pair Pr_mtms and Pu_mtms, use root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms for the Crt_mtms of generation is sent and be stored in MTMS system 40;
Described KMS system 30 digital certificate Crt_kms generation modules are used for calling the second hardware encipher machine 70 and produce public private key pair Pr_kms and Pu_kms, use root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms for Crt_kms is sent and be stored in KMS system 30.
Wherein, described operating terminal 20 also includes operator's card and keeper's card; The certificate preset module 501 at described CA center 50 also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;
Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when being carried out legitimacy authentication and passed through by 50 pairs, CA center operator's certificate and administrator certificate, mandate operates operating terminal 20.
Wherein, the upper transmission module 201 of described the 2nd TK also comprises packaged unit, and described packaged unit is for packing and use operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN;
The upper transmission module 404 of the 3rd TK of described MTMS system 40 also comprises verification unit, described verification unit is for when receiving the first transmission security key ciphertext Ctk_Pu that described TK collecting unit transmits and terminal serial number SN, the legitimacy of the signature of packaged unit described in verification, and for when described check is legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.
Wherein, described two-way authentication A module 103 comprises the first random number generation unit 1031, the first data transmit-receive unit 1032, the first encryption/decryption element 1033, the first judging unit 1034, and described two-way authentication B module comprises the second random number generation unit 3041, the second data transmit-receive unit 3042, the second encryption/decryption element 3043, the second judging unit 3044.
The first random number generation unit 1031 is for generation of the first random number R nd1; The first data transmit-receive unit 1032 is for being sent to KMS system 30 by the first random number R nd1 producing; The second data transmit-receive unit 3042 is for receiving the first random number R nd1; The second random number generation unit 3041, for when receiving the first random number R nd1, produces random number the 2nd Rnd2; The second encryption/decryption element 3043 is for when receiving the first random number R nd1, and the second hardware encipher machine 70 that calls uses certified transmission key A UK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1; The second data transmit-receive unit 3042 is for sending to payment terminal 10 by the first random number ciphertext Crnd1 and the second random number R nd2;
The first encryption/decryption element 1033 is for when receiving the first random number ciphertext Crnd1 and the second random number R nd2, and the first random number ciphertext Crnd1 that uses certified transmission key A UK deciphering to receive obtains the 3rd random number R nd1 '; The first judging unit is used for judging that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1;
The first encryption/decryption element 1033 is for judging that when described the first judging unit the 3rd random number R nd1 ' is with the first random number R nd1 when consistent, and use certified transmission key A UK encrypts the second random number R nd2 and generates the second random number ciphertext Crnd2; The first data transmit-receive unit is for sending to KMS system 30 by the second random number ciphertext Crnd2;
The second encryption/decryption element 3043 is for when receiving the second random number ciphertext Crnd2, the second random number ciphertext Crnd2 that the second hardware encipher machine 70 that calls uses certified transmission key A UK deciphering to receive obtains the 4th random number R nd2 ', whether the second judging unit 3044 is consistent with the second random number R nd2 for judging the 4th random number R nd2 ', and when judging that the 4th random number R nd2 ' is with the second random number R nd2 when consistent, the two-way authentication between confirmation KMS system 30 and payment terminal 10 is passed through.
Wherein, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
In the present embodiment, described terminal master key TMK secure download system realizes payment terminal 10 from KMS system 40 remote download terminal master key TMK.In remote download process, terminal master key TMK must be with the form transmission of ciphertext, the random generating transmission key TK of each payment terminal 10, transmission security key TK is kept in code keypad, and transmission security key TK is sent to KMS system 40, form with ciphertext after KMS system 40 use transmission security key TK encryption terminal master key TMK is transferred to payment terminal 10, payment terminal 10 use transmission security key TK deciphering obtain terminal master key expressly, thereby realize the remote download of terminal master key TMK.
Because POS machine, intellective IC card, mobile phone terminal and ATM terminal can be used with payment work; and all need terminal master key TMK to be encrypted protection to working key; therefore; described payment terminal 10 can be POS terminal, intellective IC card, mobile phone terminal or ATM terminal; wherein, POS terminal, intellective IC card, mobile phone terminal, ATM terminal can have multiple different model.
The transmission security key TK of the payment terminal 10 of, different model dissimilar in order to facilitate generates and uploads, and is provided with operating terminal 20 and generates, gathers and upload transfers cipher key T K for controlling payment terminal 10.Described operating terminal 20 can be an improved POS machine, described operating terminal 20 is connected with payment terminal 10 by Serial Port Line or USB line, and operating terminal 20 is provided with a plurality of function keys that produce transmission security key TK, gather transmission security key TK and upload transfers cipher key T K for controlling payment terminal 10.When described payment terminal 10 is intellective IC card, intellective IC card is connected with operating terminal 20 by card insertion base.
In the present embodiment, described payment terminal 10 can be different type and model, different payment terminals 10 may be also to be produced by different subsidiary factories, therefore be also provided with in the present embodiment MTMS system 30, the transmission security key TK that described MTMS system 30 generates for each payment terminal 10 of each producer of unified management, and transmission security key TK is concentrated to the corresponding KMS system 40 that sends to.Because uploading with the download of terminal master key TMK of transmission security key TK all undertaken by remote mode, in order to prevent from occurring pseudo-terminal in transmitting procedure, steal transmission security key TK or terminal master key TMK, in present embodiment, be provided with CA center 50, the identity by the 50 pairs of transfer of data receiving-transmitting sides in CA center authenticates.
Referring to Fig. 4, is the main flow chart of a kind of terminal master key TMK method for safely downloading in one embodiment of the invention.This terminal master key TMK method for safely downloading is applied in described terminal master key TMK secure download system, and the method comprising the steps of:
S1, MTMS system will reach the flow process of payment terminal under PKI Pu_mtms;
Use public-key Pu_mtms encrypted transmission cipher key T K be uploaded to the flow process of KMS system of S2, payment terminal;
The flow process of the master key TMK that S3, payment terminal are encrypted through transmission security key TK from KMS system downloads;
Referring to Fig. 5, is step S1 concrete steps flow chart, and step S1 comprises:
The operating terminal digital certificate Crt_optm that S11, the preset CA of operating terminal center generate, the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates;
S12, MTMS system call the first hardware encipher machine, KMS system call the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump;
S13, operating terminal and MTMS system are carried out two-way authentication by CA center;
After S14, authentication are passed through, MTMS system is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad;
Referring to Fig. 6, is step S2 concrete steps flow chart, and step S2 comprises:
S21, payment terminal are called code keypad and are produced transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;
S22, payment terminal are called the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and are generated the first transmission security key ciphertext Ctk_Pu;
S23, operating terminal are sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
S24, when receiving TK that KMS sends and obtain request, MTMS system call the first hardware encipher machine uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, then use Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, use MAC key MAK to calculate the MAC value of ciphertext TK, the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;
S25, MTMS system and KMS system are carried out two-way authentication by CA center;
After S26, authentication are passed through, MTMS system sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;
Referring to Fig. 7, is step S3 particular flow sheet, and step S3 comprises:
S31, payment terminal are sent to KMS system by terminal serial number SN and the application of download master key;
S32, KMS system receive the terminal serial number SN of payment terminal transmission and download after master key application, inquire about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;
S33, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
After S34, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication;
If S35 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
S36, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
Wherein, described " the operating terminal digital certificate Crt_optm that the preset CA of operating terminal center generates; the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates " specifically comprises:
Operating terminal generates public private key pair Pu and Pr, PKI Pu and operating terminal identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm also sends to operating terminal by the digital certificate Crt_optm of generation, operating terminal storage digital certificate Crt_optm;
MTMS system call the first hardware encipher machine produces public private key pair Pr_mtms and Pu_mtms, PKI Pu_mtms and MTMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms also sends to MTMS system by the Crt_mtms of generation, MTMS system storage digital certificate Crt_mtms;
KMS system call the second hardware encipher machine produces public private key pair Pr_kms and Pu_kms, PKI Pu_kms and KMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms also sends to KMS system by Crt_kms, KMS system storage digital certificate Crt_kms.
Wherein, also comprise the step that Authorized operation person's card and keeper's card operate operating terminal, specifically comprise:
For operator's card and keeper's card, produce respectively public private key pair;
The PKI of generation is issued to CA center, and generating run person blocks certificate and keeper blocks certificate respectively;
Operator is blocked to certificate storage in operator card and keeper is blocked to certificate storage in control card;
Operating terminal reads operator card and the keeper's card being inserted on operating terminal, by CA center, operator's certificate and administrator certificate is carried out to legitimacy authentication, and when authenticate by after permission operating terminal is operated.
It is wherein, described that " operating terminal and MTMS system are carried out two-way authentication by CA center; After authentication is passed through, MTMS system is sent to PKI Pu_mtms payment terminal and is stored in code keypad by operating terminal " specifically comprise:
MTMS system is sent to operating terminal by digital certificate Crt_mtms;
The legitimacy of the root certificate HsmRCRT checking work certificate Crt_mtms of sheet prepackage is burnt in operating terminal use, and from work certificate Crt_mtms extraction PKI Pu_mtms, is sent to payment terminal and is stored in code keypad after being verified.
Wherein, described " operating terminal is sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN " specifically comprises step:
Payment terminal is issued operating terminal by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
Operating terminal is packed and uses operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN, and the first transmission security key ciphertext Ctk_Pu and terminal serial number SN through signature are sent to MTMS system;
The legitimacy of first signature verification when MTMS system receives the first transmission security key ciphertext Ctk_Pu and terminal serial number SN, if legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.
Wherein, described " after KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication " specifically comprises:
Payment terminal produces the first random number R nd1 and the first random number R nd1 is sent to KMS system;
KMS system produces the second random number R nd2 after receiving the first random number R nd1, the second hardware encipher machine that calls uses authenticate key AUK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1, and the first random number ciphertext Crnd1 and the second random number R nd2 are sent to payment terminal;
The first random number ciphertext Crnd1 that payment terminal is used authenticate key AUK deciphering to receive obtains the 3rd random number R nd1 ', judges that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1:
If the 3rd random number R nd1 ' is consistent with the first random number R nd1, payment terminal is used authenticate key AUK to encrypt the second random number R nd2 and is generated the second random number ciphertext Crnd2, and the second random number ciphertext Crnd2 is sent to KMS system;
The second random number ciphertext Crnd2 that KMS system call the second hardware encipher machine uses authenticate key AUK deciphering to receive obtains the 4th random number R nd2 ', judges that whether the 4th random number R nd2 ' is consistent with the second random number R nd2;
If the 4th random number R nd2 ' is consistent with the second random number R nd2, KMS system and payment terminal authentication are passed through.
Wherein, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
In the present invention, transmission security key TK calculates the original uncommon Kazakhstan value of TK while producing, and when each storage, transmission or use TK, the uncommon Kazakhstan value of first verification TK just can be used TK after upchecking.Uncommon Kazakhstan value by verification TK can prevent that memory device from causing the error in data of storage extremely, determines that whether key is correct.
Beneficial effect of the present invention is: by payment terminal upload transfers cipher key T K, after encrypting terminal master key TMK by TK, be sent to payment terminal, realize payment terminal remote download terminal master key, after having avoided payment terminal by concentrated download master key, cloth is put into trade company again, reduce logistics cost and KMS system and concentrated the maintenance cost of downloading, wherein, remote download master key TMK overall process all adopts ciphertext transmission, between payment terminal and KMS, transmit the two-way authentication of also having carried out both sides between master key, improved the transmission security of master key.Further, master key TMK of the present invention is generated by KMS system, therefore facilitates KMS system to the follow-up maintenance of master key TMK and management.Further, by operating terminal, realize the collection of transmission security key TK and upload in the present embodiment, having improved the time efficiency that terminal is uploaded TK, also greatly facilitate the collection of dissimilar and model payment terminal transmission security key TK simultaneously and upload.By operating terminal, control the collection of payment terminal transmission security key TK and upload and make payment terminal be responsible for producing and the hardware resource of transmission security key TK part is released, make the hardware resource of payment terminal more reasonably be optimized use.Further, by MTMS system, can realize the transmission security key TK of the various payment terminals of different geographical minute plant produced to unify to store and concentrate sending to corresponding KMS system, the wrong and work load to KMS system of having avoided the scattered upload transfers cipher key T of payment terminal K to cause.Further, in the process of transmission security key TK transmission, by CA center, the receiving-transmitting sides of transmission data is carried out to authentication, guarantee that operating terminal, MTMS system and KMS system are legal identity, guarantee can not stolen by pseudo-terminal of ciphertext.
Operating terminal described in the present invention is only inserted on operating terminal at operator's card and keeper's card simultaneously, and operator's card and keeper's card all pass through after CA center certification, just can carry out TK acquisition operations, therefore only have the operating personnel of appointment could gather the transmission security key TK of payment terminal in the situation that keeper authorizes, improve the operating right management of operating terminal, effectively guaranteed authenticity and the validity of operating terminal upload transfers cipher key T K.
The present invention is packed and signs the first transmission security key ciphertext Ctk_Pu and the terminal serial number SN that gather by operating terminal, therefore can signing messages review this first transmission security key ciphertext and who operator to operate generation by, can judge whether the first transmission security key ciphertext Ctk_Pu and the terminal serial number SN that upload are legal according to the legitimacy of the described signature of checking, strengthened the collection transfer management to transmission security key TK, prevented that pseudo-terminal from uploading pseudo-transmission security key TK.
Payment terminal of the present invention and KMS system are used certified transmission key A UK to carry out both sides' authentication by two-way authentication A unit two-way authentication B unit, only in the situation that the terminal master key that both sides' authentication is all passed through after KMS system is just encrypted the most at last sends to payment terminal.The sequence number SN of every payment terminal and certified transmission key A UK are different, in KMS system, store the certified transmission key A UK of every payment terminal, therefore the authentication of using certified transmission key A UK to carry out both sides by two-way authentication A unit two-way authentication B unit can guarantee that payment terminal and KMS system both sides are legal identity, guarantee that terminal master key TMK comes, to corresponding KMS system, to be both and also to guarantee that TMK downloads in corresponding payment terminal.
The foregoing is only embodiments of the invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or conversion of equivalent flow process that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (13)
1. a terminal master key TMK method for safely downloading, is characterized in that, comprises step:
S1, MTMS system will reach the flow process of payment terminal under PKI Pu_mtms;
Use public-key Pu_mtms encrypted transmission cipher key T K be uploaded to the flow process of KMS system of S2, payment terminal;
The flow process of the master key TMK that S3, payment terminal are encrypted through transmission security key TK from KMS system downloads;
Wherein, step S1 concrete steps comprise:
The operating terminal digital certificate Crt_optm that S11, the preset CA of operating terminal center generate, the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates;
S12, MTMS system call the first hardware encipher machine, KMS system call the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump;
S13, operating terminal and MTMS system are carried out two-way authentication by CA center;
After S14, authentication are passed through, MTMS system is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad;
Step S2 concrete steps comprise:
S21, payment terminal are called code keypad and are produced transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;
S22, payment terminal are called the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and are generated the first transmission security key ciphertext Ctk_Pu;
S23, operating terminal are sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
S24, when receiving TK that KMS sends and obtain request, MTMS system call the first hardware encipher machine uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, then use Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, use MAC key MAK to calculate the MAC value of ciphertext TK, the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;
S25, MTMS system and KMS system are carried out two-way authentication by CA center;
After S26, authentication are passed through, MTMS system sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;
S3 concrete steps comprise:
S31, payment terminal are sent to KMS system by terminal serial number SN and the application of download master key;
S32, KMS system receive the terminal serial number SN of payment terminal transmission and download after master key application, inquire about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;
S33, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
After S34, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication;
If S35 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
S36, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.
2. terminal master key TMK method for safely downloading according to claim 1, it is characterized in that, described " the operating terminal digital certificate Crt_optm that the preset CA of operating terminal center generates; the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates " specifically comprises:
Operating terminal generates public private key pair Pu and Pr, PKI Pu and operating terminal identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm also sends to operating terminal by the digital certificate Crt_optm of generation, operating terminal storage digital certificate Crt_optm;
MTMS system call the first hardware encipher machine produces public private key pair Pr_mtms and Pu_mtms, PKI Pu_mtms and MTMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms also sends to MTMS system by the Crt_mtms of generation, MTMS system storage digital certificate Crt_mtms;
KMS system call the second hardware encipher machine produces public private key pair Pr_kms and Pu_kms, PKI Pu_kms and KMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms also sends to KMS system by Crt_kms, KMS system storage digital certificate Crt_kms.
3. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, also comprises the step that Authorized operation person's card and keeper's card operate operating terminal, specifically comprises:
For operator's card and keeper's card, produce respectively public private key pair;
The PKI of generation is issued to CA center, and generating run person blocks certificate and keeper blocks certificate respectively;
Operator is blocked to certificate storage in operator card and keeper is blocked to certificate storage in control card;
Operating terminal reads operator card and the keeper's card being inserted on operating terminal, by CA center, operator's certificate and administrator certificate is carried out to legitimacy authentication, and when authenticate by after permission operating terminal is operated.
4. terminal master key TMK method for safely downloading according to claim 2, is characterized in that, described " operating terminal and MTMS system are carried out two-way authentication by CA center; After authentication is passed through, MTMS system is sent to PKI Pu_mtms payment terminal and is stored in code keypad by operating terminal " specifically comprise:
MTMS system is sent to operating terminal by digital certificate Crt_mtms;
The legitimacy of the root certificate HsmRCRT checking work certificate Crt_mtms of sheet prepackage is burnt in operating terminal use, and from work certificate Crt_mtms extraction PKI Pu_mtms, is sent to payment terminal and is stored in code keypad after being verified.
5. terminal master key TMK method for safely downloading according to claim 3, is characterized in that, described " operating terminal is sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN " specifically comprises step:
Payment terminal is issued operating terminal by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
Operating terminal is packed and uses operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN, and the first transmission security key ciphertext Ctk_Pu and terminal serial number SN through signature are sent to MTMS system;
The legitimacy of first signature verification when MTMS system receives the first transmission security key ciphertext Ctk_Pu and terminal serial number SN, if legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.
6. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, described " after KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication " specifically comprises:
Payment terminal produces the first random number R nd1 and the first random number R nd1 is sent to KMS system;
KMS system produces the second random number R nd2 after receiving the first random number R nd1, the second hardware encipher machine that calls uses authenticate key AUK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1, and the first random number ciphertext Crnd1 and the second random number R nd2 are sent to payment terminal;
The first random number ciphertext Crnd1 that payment terminal is used authenticate key AUK deciphering to receive obtains the 3rd random number R nd1 ', judges that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1:
If the 3rd random number R nd1 ' is consistent with the first random number R nd1, payment terminal is used authenticate key AUK to encrypt the second random number R nd2 and is generated the second random number ciphertext Crnd2, and the second random number ciphertext Crnd2 is sent to KMS system;
The second random number ciphertext Crnd2 that KMS system call the second hardware encipher machine uses authenticate key AUK deciphering to receive obtains the 4th random number R nd2 ', judges that whether the 4th random number R nd2 ' is consistent with the second random number R nd2;
If the 4th random number R nd2 ' is consistent with the second random number R nd2, KMS system and payment terminal authentication are passed through.
7. according to the terminal master key TMK method for safely downloading described in claim 1 to 6, it is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
8. a terminal master key TMK secure download system, is characterized in that, comprises the first hardware encipher machine, the second hardware encipher machine, payment terminal, operating terminal, MTMS system, CA center and KMS system; Described payment terminal comprises the upper transmission module of a TK, TMK request module, two-way authentication A module, TMK receiver module,
Described operating terminal comprises the upper transmission module of the 2nd TK,
Described MTMS system comprises arranging key A module, PKI sending module, TK request respond module, the upper transmission module of the 3rd TK,
Described KMS system comprises arranging key B module, TMK request respond module, two-way authentication B module, TMK sending module,
Described CA center comprises certificate preset module, ca authentication module;
The operating terminal digital certificate Crt_optm that certificate preset module generates for JiangCA center is preset in operating terminal, the MTMS system digits certificate Crt_mtms that JiangCA center generates is preset in MTMS system, and the KMS system digits certificate Crt_kms that JiangCA center generates is preset in KMS system;
Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump;
Ca authentication module is for carrying out two-way authentication to operating terminal and MTMS system by CA center;
PKI sending module, for after passing through when ca authentication authentication, is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad;
The upper transmission module of the one TK is used for calling code keypad and produces transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;
The upper transmission module of the one TK is used for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and generates the first transmission security key ciphertext Ctk_Pu;
The upper transmission module of the 2nd TK is for being sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;
TK request respond module is for obtaining while asking when receiving TK that KMS system sends, the first hardware encipher machine that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;
Ca authentication module is also carried out two-way authentication for MTMS system and KMS system by CA center;
The upper transmission module of the 3rd TK, for after MTMS system and KMS system authentication are passed through, sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;
TMK request module is for being sent to KMS system by terminal serial number SN and the application of download master key;
TMK request respond module, for receiving the terminal serial number SN of payment terminal transmission when KMS system and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;
TMK request respond module is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;
Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;
TMK sending module is for after KMS system and payment terminal two-way authentication are passed through, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.
9. terminal master key TMK secure download system according to claim 8, it is characterized in that, the certificate preset module at described CA center comprises operating terminal digital certificate Crt_optm generation module, MTMS system digits certificate Crt_mtms generation module and KMS system digits certificate Crt_kms generation module;
The digital certificate Crt_optm generation module of described operating terminal generates public private key pair Pu and Pr for call operation terminal, use root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm for the digital certificate Crt_optm of generation is sent and be stored in operating terminal;
The digital certificate Crt_mtms generation module of described MTMS system is used for calling the first hardware encipher machine and produces public private key pair Pr_mtms and Pu_mtms, use root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms for the Crt_mtms of generation is sent and be stored in MTMS system;
Described KMS system digits certificate Crt_kms generation module is used for calling the second hardware encipher machine and produces public private key pair Pr_kms and Pu_kms, use root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms for Crt_kms is sent and be stored in KMS system.
10. terminal master key TMK secure download system according to claim 8, is characterized in that, described operating terminal also includes operator's card and keeper's card;
The certificate preset module at described CA center also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;
Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when operator's certificate and administrator certificate being carried out legitimacy authentication and passed through by CA center, mandate operates operating terminal.
11. terminal master key TMK secure download systems according to claim 10, it is characterized in that, the upper transmission module of described the 2nd TK also comprises packaged unit, and described packaged unit is for packing and use operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN;
The upper transmission module of the 3rd TK of described MTMS system also comprises verification unit, described verification unit is for when receiving the first transmission security key ciphertext Ctk_Pu that described TK collecting unit transmits and terminal serial number SN, the legitimacy of the signature of packaged unit described in verification, and for when described check is legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.
12. terminal master key TMK secure download systems according to claim 9, it is characterized in that, described two-way authentication A module comprises the first random number generation unit, the first data transmit-receive unit, the first encryption/decryption element and the first judging unit, and described two-way authentication B module comprises the second random number generation unit, the second data transmit-receive unit, the second encryption/decryption element and the second judging unit;
The first random number generation unit is for generation of the first random number R nd1; The first data transmit-receive unit is for being sent to KMS system by the first random number R nd1 producing; The second data transmit-receive unit is used for receiving the first random number R nd1; The second random number generation unit, for when receiving the first random number R nd1, produces random number the 2nd Rnd2; The second encryption/decryption element is for when receiving the first random number R nd1, and the second hardware encipher machine that calls uses certified transmission key A UK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1; The second data transmit-receive unit is for sending to payment terminal by the first random number ciphertext Crnd1 and the second random number R nd2;
The first encryption/decryption element is for when receiving the first random number ciphertext Crnd1 and the second random number R nd2, and the first random number ciphertext Crnd1 that uses certified transmission key A UK deciphering to receive obtains the 3rd random number R nd1 '; The first judging unit is used for judging that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1;
The first encryption/decryption element is for judging that when described the first judging unit the 3rd random number R nd1 ' is with the first random number R nd1 when consistent, and use certified transmission key A UK encrypts the second random number R nd2 and generates the second random number ciphertext Crnd2; The first data transmit-receive unit is for sending to KMS system by the second random number ciphertext Crnd2;
The second encryption/decryption element is for when receiving the second random number ciphertext Crnd2, the second random number ciphertext Crnd2 that the second hardware encipher machine that calls uses certified transmission key A UK deciphering to receive obtains the 4th random number R nd2 ', the second judging unit is used for judging that whether the 4th random number R nd2 ' is consistent with the second random number R nd2, and when judging that the 4th random number R nd2 ' is with the second random number R nd2 when consistent, the two-way authentication between confirmation KMS system and payment terminal is passed through.
Terminal master key TMK secure download system described in 13. according to Claim 8 to 12, is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310740537.7A CN103746800B (en) | 2013-03-15 | 2013-12-27 | TMK (terminal master key) safe downloading method and system |
PCT/CN2014/073205 WO2014139403A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for securely downloading terminal master keys |
Applications Claiming Priority (13)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310084673.5 | 2013-03-15 | ||
CN2013100846716A CN103220270A (en) | 2013-03-15 | 2013-03-15 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN201310084397.2 | 2013-03-15 | ||
CN2013100843972A CN103237004A (en) | 2013-03-15 | 2013-03-15 | Key download method, key management method, method, device and system for download management |
CN2013100846735A CN103220271A (en) | 2013-03-15 | 2013-03-15 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN2013100846716 | 2013-03-15 | ||
CN201310084671.6 | 2013-03-15 | ||
CN2013100843972 | 2013-03-15 | ||
CN2013100846538 | 2013-03-15 | ||
CN201310084653.8 | 2013-03-15 | ||
CN2013100846538A CN103237005A (en) | 2013-03-15 | 2013-03-15 | Method and system for key management |
CN2013100846735 | 2013-03-15 | ||
CN201310740537.7A CN103746800B (en) | 2013-03-15 | 2013-12-27 | TMK (terminal master key) safe downloading method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103746800A true CN103746800A (en) | 2014-04-23 |
CN103746800B CN103746800B (en) | 2017-05-03 |
Family
ID=50363015
Family Applications (28)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310740188.9A Active CN103716153B (en) | 2013-03-15 | 2013-12-27 | Terminal master key TMK safety downloading method and systems |
CN201310741948.8A Active CN103714639B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system that realize the operation of POS terminal security |
CN201310740540.9A Active CN103716154B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310740226.0A Active CN103714634B (en) | 2013-03-15 | 2013-12-27 | A kind of method of main key of secure download terminal and system |
CN201310740100.3A Active CN103714633B (en) | 2013-03-15 | 2013-12-27 | A kind of method of safe generating transmission key and POS terminal |
CN201310741949.2A Active CN103731260B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and system |
CN201310742648.1A Active CN103716155B (en) | 2013-03-15 | 2013-12-27 | A kind of method of automated maintenance POS terminal and operation terminal |
CN201310740537.7A Active CN103746800B (en) | 2013-03-15 | 2013-12-27 | TMK (terminal master key) safe downloading method and system |
CN201310742686.7A Active CN103745351B (en) | 2013-03-15 | 2013-12-27 | A kind of acquisition method and system for transmitting cipher key T K |
CN201310740308.5A Active CN103729941B (en) | 2013-03-15 | 2013-12-27 | A kind of main cipher key T MK method for safely downloading of terminal and system |
CN201310740360.0A Active CN103714636B (en) | 2013-03-15 | 2013-12-27 | A kind of method of batch capture and upload transfers cipher key T K data and operating terminal |
CN201310740285.8A Active CN103729940B (en) | 2013-03-15 | 2013-12-27 | A kind of main cipher key T MK method for safely downloading of terminal and system |
CN201310740231.1A Active CN103714635B (en) | 2013-03-15 | 2013-12-27 | A kind of POS terminal and terminal master key downloading mode collocation method thereof |
CN201310742661.7A Active CN103716167B (en) | 2013-03-15 | 2013-12-27 | Method and device for safely collecting and distributing transmission keys |
CN201310740244.9A Active CN103701609B (en) | 2013-03-15 | 2013-12-27 | A kind of server and the method and system operating terminal two-way authentication |
CN201310740158.8A Active CN103716320B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310740410.5A Active CN103729942B (en) | 2013-03-15 | 2013-12-27 | Transmission security key is transferred to the method and system of key server from terminal server |
CN201310740264.6A Active CN103701812B (en) | 2013-03-15 | 2013-12-27 | TMK (Terminal Master Key) secure downloading method and system |
CN201310740642.0A Active CN103731259B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310742713.0A Active CN103701610B (en) | 2013-03-15 | 2013-12-27 | A kind of acquisition method and system for transmitting cipher key T K |
CN201310742886.2A Active CN103716321B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310742991.6A Active CN103714641B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK method for safely downloading and system |
CN201310740574.8A Active CN103729945B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of secure download terminal master key |
CN201310740430.2A Active CN103729943B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system transmission security key being imported KMS system |
CN201310740567.8A Active CN103729944B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of secure download terminal master key |
CN201310742681.4A Active CN103714640B (en) | 2013-03-15 | 2013-12-27 | A kind of sending method of transmission security key and system |
CN201310740380.8A Active CN103714637B (en) | 2013-03-15 | 2013-12-27 | A kind of transmission security key sending method and system, operating terminal |
CN201310740644.XA Active CN103714638B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of quick position terminal master key failed download |
Family Applications Before (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310740188.9A Active CN103716153B (en) | 2013-03-15 | 2013-12-27 | Terminal master key TMK safety downloading method and systems |
CN201310741948.8A Active CN103714639B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system that realize the operation of POS terminal security |
CN201310740540.9A Active CN103716154B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310740226.0A Active CN103714634B (en) | 2013-03-15 | 2013-12-27 | A kind of method of main key of secure download terminal and system |
CN201310740100.3A Active CN103714633B (en) | 2013-03-15 | 2013-12-27 | A kind of method of safe generating transmission key and POS terminal |
CN201310741949.2A Active CN103731260B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and system |
CN201310742648.1A Active CN103716155B (en) | 2013-03-15 | 2013-12-27 | A kind of method of automated maintenance POS terminal and operation terminal |
Family Applications After (20)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310742686.7A Active CN103745351B (en) | 2013-03-15 | 2013-12-27 | A kind of acquisition method and system for transmitting cipher key T K |
CN201310740308.5A Active CN103729941B (en) | 2013-03-15 | 2013-12-27 | A kind of main cipher key T MK method for safely downloading of terminal and system |
CN201310740360.0A Active CN103714636B (en) | 2013-03-15 | 2013-12-27 | A kind of method of batch capture and upload transfers cipher key T K data and operating terminal |
CN201310740285.8A Active CN103729940B (en) | 2013-03-15 | 2013-12-27 | A kind of main cipher key T MK method for safely downloading of terminal and system |
CN201310740231.1A Active CN103714635B (en) | 2013-03-15 | 2013-12-27 | A kind of POS terminal and terminal master key downloading mode collocation method thereof |
CN201310742661.7A Active CN103716167B (en) | 2013-03-15 | 2013-12-27 | Method and device for safely collecting and distributing transmission keys |
CN201310740244.9A Active CN103701609B (en) | 2013-03-15 | 2013-12-27 | A kind of server and the method and system operating terminal two-way authentication |
CN201310740158.8A Active CN103716320B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310740410.5A Active CN103729942B (en) | 2013-03-15 | 2013-12-27 | Transmission security key is transferred to the method and system of key server from terminal server |
CN201310740264.6A Active CN103701812B (en) | 2013-03-15 | 2013-12-27 | TMK (Terminal Master Key) secure downloading method and system |
CN201310740642.0A Active CN103731259B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310742713.0A Active CN103701610B (en) | 2013-03-15 | 2013-12-27 | A kind of acquisition method and system for transmitting cipher key T K |
CN201310742886.2A Active CN103716321B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK safety downloading method and systems |
CN201310742991.6A Active CN103714641B (en) | 2013-03-15 | 2013-12-27 | A kind of terminal master key TMK method for safely downloading and system |
CN201310740574.8A Active CN103729945B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of secure download terminal master key |
CN201310740430.2A Active CN103729943B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system transmission security key being imported KMS system |
CN201310740567.8A Active CN103729944B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of secure download terminal master key |
CN201310742681.4A Active CN103714640B (en) | 2013-03-15 | 2013-12-27 | A kind of sending method of transmission security key and system |
CN201310740380.8A Active CN103714637B (en) | 2013-03-15 | 2013-12-27 | A kind of transmission security key sending method and system, operating terminal |
CN201310740644.XA Active CN103714638B (en) | 2013-03-15 | 2013-12-27 | A kind of method and system of quick position terminal master key failed download |
Country Status (2)
Country | Link |
---|---|
CN (28) | CN103716153B (en) |
WO (5) | WO2014139403A1 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104270346A (en) * | 2014-09-12 | 2015-01-07 | 北京天行网安信息技术有限责任公司 | Bidirectional authentication method, device and system |
CN105243542A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | System and method of dynamic electronic certificate authentication |
CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
CN105844469A (en) * | 2015-01-30 | 2016-08-10 | Ncr公司 | Authority trusted secure system component |
CN106097608A (en) * | 2016-06-06 | 2016-11-09 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN106571915A (en) * | 2016-11-15 | 2017-04-19 | 中国银联股份有限公司 | Terminal master key setting method and apparatus |
CN106953731A (en) * | 2017-02-17 | 2017-07-14 | 福建魔方电子科技有限公司 | The authentication method and system of a kind of terminal management person |
CN107392591A (en) * | 2017-08-31 | 2017-11-24 | 恒宝股份有限公司 | Online recharge method, system and the bluetooth read-write equipment of trading card |
CN107800538A (en) * | 2016-09-01 | 2018-03-13 | 中电长城(长沙)信息技术有限公司 | A kind of self-service device remote cipher key distribution method |
CN108235807A (en) * | 2018-01-15 | 2018-06-29 | 福建联迪商用设备有限公司 | Software cryptography terminal, payment terminal, software package encryption and decryption method and system |
CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
CN111193748A (en) * | 2020-01-06 | 2020-05-22 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
Families Citing this family (103)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103716153B (en) * | 2013-03-15 | 2017-08-01 | 福建联迪商用设备有限公司 | Terminal master key TMK safety downloading method and systems |
CN105281896B (en) * | 2014-07-17 | 2018-11-27 | 深圳华智融科技股份有限公司 | A kind of key POS machine Activiation method and system based on elliptic curve |
CN110458551A (en) * | 2014-11-07 | 2019-11-15 | 天地融科技股份有限公司 | Data interaction system |
CN104363090A (en) * | 2014-11-19 | 2015-02-18 | 成都卫士通信息产业股份有限公司 | Secret key distribution device and method for enhancing safety of banking terminal equipment |
CN105681263B (en) * | 2014-11-20 | 2019-02-12 | 广东华大互联网股份有限公司 | A kind of secrete key of smart card remote application method and application system |
CN104486323B (en) * | 2014-12-10 | 2017-10-31 | 福建联迪商用设备有限公司 | A kind of POS terminal controlled networking activation method and device safely |
CN104410641B (en) * | 2014-12-10 | 2017-12-08 | 福建联迪商用设备有限公司 | A kind of POS terminal controlled networking activation method and device safely |
CN105989472A (en) * | 2015-03-06 | 2016-10-05 | 华立科技股份有限公司 | Wireless mobile configuration, wireless payment configuration and wireless payment configuration method of electric energy measurement system, and public commodity wireless payment configuration |
CN106204034B (en) * | 2015-04-29 | 2019-07-23 | 中国电信股份有限公司 | Using the mutual authentication method and system of interior payment |
CN105117665B (en) * | 2015-07-16 | 2017-10-31 | 福建联迪商用设备有限公司 | A kind of end product pattern and the method and system of development mode handoff-security |
CN105184121A (en) * | 2015-09-02 | 2015-12-23 | 上海繁易电子科技有限公司 | Hardware authorization system and method using remote server |
CN106559218A (en) * | 2015-09-29 | 2017-04-05 | 中国电力科学研究院 | A kind of safe acquisition method of intelligent substation continuous data |
CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
CN105530241B (en) * | 2015-12-07 | 2018-12-28 | 咪付(广西)网络技术有限公司 | The authentication method of mobile intelligent terminal and POS terminal |
CN105574722A (en) * | 2015-12-11 | 2016-05-11 | 福建新大陆支付技术有限公司 | Authorization IC card based remote online authorization method for payment terminal |
CN105930718A (en) * | 2015-12-29 | 2016-09-07 | 中国银联股份有限公司 | Method and apparatus for switching point-of-sale (POS) terminal modes |
CN105656669B (en) * | 2015-12-31 | 2019-01-01 | 福建联迪商用设备有限公司 | The remote repairing method of electronic equipment, is repaired equipment and system at equipment |
CN105681032B (en) * | 2016-01-08 | 2017-09-12 | 腾讯科技(深圳)有限公司 | Method for storing cipher key, key management method and device |
CN105790934B (en) * | 2016-03-04 | 2019-03-15 | 中国银联股份有限公司 | A kind of adaptive POS terminal configuration method configures power assignment method with it |
CN107294722A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of terminal identity authentication method, apparatus and system |
CN105978856B (en) * | 2016-04-18 | 2019-01-25 | 随行付支付有限公司 | A kind of POS machine key downloading method, apparatus and system |
CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
CN106127461A (en) * | 2016-06-16 | 2016-11-16 | 中国银联股份有限公司 | Bi-directional verification method of mobile payment and system |
CN107563712A (en) * | 2016-06-30 | 2018-01-09 | 中兴通讯股份有限公司 | A kind of mobile terminal punch card method, device, equipment and system |
CN106027247A (en) * | 2016-07-29 | 2016-10-12 | 宁夏丝路通网络支付有限公司北京分公司 | Method for remotely issuing POS key |
CN106100854A (en) * | 2016-08-16 | 2016-11-09 | 黄朝 | The reverse authentication method of terminal unit based on authority's main body and system |
US11018860B2 (en) | 2016-10-28 | 2021-05-25 | Microsoft Technology Licensing, Llc | Highly available and reliable secret distribution infrastructure |
CN106603496B (en) * | 2016-11-18 | 2019-05-21 | 新智数字科技有限公司 | A kind of guard method, smart card, server and the communication system of data transmission |
CN106656488B (en) * | 2016-12-07 | 2020-04-03 | 百富计算机技术(深圳)有限公司 | Key downloading method and device for POS terminal |
CN106712939A (en) * | 2016-12-27 | 2017-05-24 | 百富计算机技术(深圳)有限公司 | Offline key transmission method and device |
US10432730B1 (en) | 2017-01-25 | 2019-10-01 | United States Of America As Represented By The Secretary Of The Air Force | Apparatus and method for bus protection |
CN107466455B (en) * | 2017-03-15 | 2021-05-04 | 深圳大趋智能科技有限公司 | POS machine security verification method and device |
US10296477B2 (en) | 2017-03-30 | 2019-05-21 | United States of America as represented by the Secretary of the AirForce | Data bus logger |
CN106997533B (en) * | 2017-04-01 | 2020-10-13 | 福建实达电脑设备有限公司 | POS terminal product safety production authorization management system and method |
CN107094138B (en) * | 2017-04-11 | 2019-09-13 | 郑州信大捷安信息技术股份有限公司 | A kind of smart home safe communication system and communication means |
CN107070925A (en) * | 2017-04-18 | 2017-08-18 | 上海赛付网络科技有限公司 | A kind of terminal applies and the anti-tamper method of background service communication packet |
CN107104795B (en) * | 2017-04-25 | 2020-09-04 | 上海汇尔通信息技术有限公司 | Method, framework and system for injecting RSA key pair and certificate |
CN107301437A (en) * | 2017-05-31 | 2017-10-27 | 江苏普世祥光电技术有限公司 | A kind of control system of square landscape lamp |
CN107360652A (en) * | 2017-05-31 | 2017-11-17 | 江苏普世祥光电技术有限公司 | A kind of control method of square landscape lamp |
CN107358441B (en) * | 2017-06-26 | 2020-12-18 | 北京明华联盟科技有限公司 | Payment verification method and system, mobile device and security authentication device |
CN107637014B (en) * | 2017-08-02 | 2020-11-24 | 福建联迪商用设备有限公司 | Configurable POS machine key pair generation method and storage medium |
CN107666420B (en) * | 2017-08-30 | 2020-12-15 | 宁波梦居智能科技有限公司 | Method for production control and identity authentication of intelligent home gateway |
CN107888379A (en) * | 2017-10-25 | 2018-04-06 | 百富计算机技术(深圳)有限公司 | A kind of method of secure connection, POS terminal and code keypad |
CN107995985B (en) * | 2017-10-27 | 2020-05-05 | 福建联迪商用设备有限公司 | Financial payment terminal activation method and system |
CN107835170B (en) * | 2017-11-04 | 2021-04-20 | 上海动联信息技术股份有限公司 | Intelligent Pos equipment safety authorization dismantling system and method |
CN107993062A (en) * | 2017-11-27 | 2018-05-04 | 百富计算机技术(深圳)有限公司 | POS terminal method of commerce, device, computer equipment and readable storage medium storing program for executing |
CN107944250B (en) * | 2017-11-28 | 2021-04-13 | 艾体威尔电子技术(北京)有限公司 | Key acquisition method applied to POS machine |
CN107919962B (en) * | 2017-12-22 | 2021-01-15 | 国民认证科技(北京)有限公司 | Internet of things equipment registration and authentication method |
CN108365950A (en) * | 2018-01-03 | 2018-08-03 | 深圳怡化电脑股份有限公司 | The generation method and device of financial self-service equipment key |
WO2019153119A1 (en) * | 2018-02-06 | 2019-08-15 | 福建联迪商用设备有限公司 | Method for transmitting key, receiving terminal and distribution terminal |
CN108446539B (en) * | 2018-03-16 | 2023-01-13 | 福建深空信息技术有限公司 | Software authorization method and software authorization file generation system |
CN108496194A (en) * | 2018-03-21 | 2018-09-04 | 福建联迪商用设备有限公司 | A kind of method, server-side and the system of verification terminal legality |
CN108496323B (en) * | 2018-03-21 | 2020-01-21 | 福建联迪商用设备有限公司 | Certificate importing method and terminal |
WO2019200530A1 (en) * | 2018-04-17 | 2019-10-24 | 福建联迪商用设备有限公司 | Remote distribution method and system for terminal master key |
CN108737106B (en) * | 2018-05-09 | 2021-06-01 | 深圳壹账通智能科技有限公司 | User authentication method and device on block chain system, terminal equipment and storage medium |
CN108833088A (en) * | 2018-05-22 | 2018-11-16 | 珠海爱付科技有限公司 | A kind of POS terminal Activiation method |
CN110581829A (en) * | 2018-06-08 | 2019-12-17 | 中国移动通信集团有限公司 | Communication method and device |
CN109218293B (en) * | 2018-08-21 | 2021-09-21 | 西安得安信息技术有限公司 | Use method of distributed password service platform key management |
CN109347625B (en) * | 2018-08-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Password operation method, work key creation method, password service platform and equipment |
CN109326061B (en) * | 2018-09-10 | 2021-10-26 | 惠尔丰(中国)信息系统有限公司 | Anti-cutting method of intelligent POS |
CN109274500B (en) * | 2018-10-15 | 2020-06-02 | 百富计算机技术(深圳)有限公司 | Secret key downloading method, client, password equipment and terminal equipment |
CN109274684B (en) * | 2018-10-31 | 2020-12-29 | 中国—东盟信息港股份有限公司 | Internet of things terminal system based on integration of eSIM communication and navigation service and implementation method thereof |
CN109547208B (en) * | 2018-11-16 | 2021-11-09 | 交通银行股份有限公司 | Online distribution method and system for master key of financial electronic equipment |
CN109670289B (en) * | 2018-11-20 | 2020-12-15 | 福建联迪商用设备有限公司 | Method and system for identifying legality of background server |
CN109508995A (en) * | 2018-12-12 | 2019-03-22 | 福建新大陆支付技术有限公司 | A kind of off line authorization method and payment terminal based on payment terminal |
CN109510711B (en) * | 2019-01-08 | 2022-04-01 | 深圳市网心科技有限公司 | Network communication method, server, client and system |
CN111627174A (en) * | 2019-02-28 | 2020-09-04 | 南京摩铂汇信息技术有限公司 | Bluetooth POS equipment and payment system |
CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
CN110011794B (en) * | 2019-04-11 | 2021-08-13 | 北京智芯微电子科技有限公司 | Cipher machine key attribute testing method |
CN110061848B (en) * | 2019-04-17 | 2021-09-14 | 飞天诚信科技股份有限公司 | Method for safely importing secret key of payment terminal, payment terminal and system |
CN110545542B (en) * | 2019-06-13 | 2023-03-14 | 银联商务股份有限公司 | Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment |
CN112532567A (en) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | Transaction encryption method and POSP system |
CN110855442A (en) * | 2019-10-10 | 2020-02-28 | 北京握奇智能科技有限公司 | PKI (public key infrastructure) technology-based inter-device certificate verification method |
CN111132154B (en) * | 2019-12-26 | 2022-10-21 | 飞天诚信科技股份有限公司 | Method and system for negotiating session key |
CN111275440B (en) * | 2020-01-19 | 2023-11-10 | 中钞科堡现金处理技术(北京)有限公司 | Remote key downloading method and system |
TWI775061B (en) * | 2020-03-30 | 2022-08-21 | 尚承科技股份有限公司 | Protection system and method for soft/firmware or data |
CN111597512B (en) * | 2020-03-31 | 2023-10-31 | 尚承科技股份有限公司 | Soft firmware or data protection system and protection method |
CN111526013B (en) * | 2020-04-17 | 2023-05-05 | 中国人民银行清算总中心 | Key distribution method and system |
CN111884804A (en) * | 2020-06-15 | 2020-11-03 | 上海祥承通讯技术有限公司 | Remote key management method |
CN111815811B (en) * | 2020-06-22 | 2022-09-06 | 合肥智辉空间科技有限责任公司 | Electronic lock safety coefficient |
CN111950999B (en) * | 2020-07-28 | 2024-06-04 | 银盛支付服务股份有限公司 | Method and system for realizing key filling safety based on IC card on POS machine |
CN111931206A (en) * | 2020-07-31 | 2020-11-13 | 银盛支付服务股份有限公司 | Data encryption method based on APP |
CN112134849B (en) * | 2020-08-28 | 2024-02-20 | 国电南瑞科技股份有限公司 | Dynamic trusted encryption communication method and system for intelligent substation |
CN112182599B (en) * | 2020-09-15 | 2024-06-11 | 中信银行股份有限公司 | Automatic loading method and device for master key, electronic equipment and readable storage medium |
CN112311528B (en) * | 2020-10-17 | 2023-06-23 | 深圳市德卡科技股份有限公司 | Data security transmission method based on cryptographic algorithm |
CN112291232B (en) * | 2020-10-27 | 2021-06-04 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
CN112332978B (en) * | 2020-11-10 | 2022-09-20 | 上海商米科技集团股份有限公司 | Remote key injection method based on key agreement |
CN112396416A (en) * | 2020-11-18 | 2021-02-23 | 上海商米科技集团股份有限公司 | Method for loading certificate of intelligent POS equipment |
CN112560058B (en) * | 2020-12-17 | 2022-12-30 | 山东华芯半导体有限公司 | SSD partition encryption storage system based on intelligent password key and implementation method thereof |
CN112968776B (en) * | 2021-02-02 | 2022-09-02 | 中钞科堡现金处理技术(北京)有限公司 | Method, storage medium and electronic device for remote key exchange |
CN113037494B (en) * | 2021-03-02 | 2023-05-23 | 福州汇思博信息技术有限公司 | Burning piece mirror image file signature method and terminal |
CN113450511A (en) * | 2021-03-25 | 2021-09-28 | 深圳怡化电脑科技有限公司 | Transaction method of acceptance terminal equipment and bank system and acceptance terminal equipment |
CN113132980B (en) * | 2021-04-02 | 2023-10-13 | 四川省计算机研究院 | Key management system method and device applied to Beidou navigation system |
CN113328851B (en) * | 2021-04-21 | 2022-01-14 | 北京连山科技股份有限公司 | Method and system for randomly transmitting secret key under multilink condition |
CN113708923A (en) * | 2021-07-29 | 2021-11-26 | 银盛支付服务股份有限公司 | Method and system for remotely downloading master key |
CN113645221A (en) * | 2021-08-06 | 2021-11-12 | 中国工商银行股份有限公司 | Encryption method, device, equipment, storage medium and computer program |
CN113810391A (en) * | 2021-09-01 | 2021-12-17 | 杭州视洞科技有限公司 | Cross-machine-room communication bidirectional authentication and encryption method |
CN113612612A (en) * | 2021-09-30 | 2021-11-05 | 阿里云计算有限公司 | Data encryption transmission method, system, equipment and storage medium |
CN114423003B (en) * | 2021-12-29 | 2024-01-30 | 中国航空工业集团公司西安飞机设计研究所 | Airplane key comprehensive management method and system |
CN114499891B (en) * | 2022-03-21 | 2024-05-31 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
CN114726521A (en) * | 2022-04-14 | 2022-07-08 | 广东好太太智能家居有限公司 | Intelligent lock temporary password generation method and electronic equipment |
CN117176339B (en) * | 2023-08-31 | 2024-06-18 | 深圳手付通科技有限公司 | Method and system for online updating of pos terminal equipment master key TMK |
CN116865966B (en) * | 2023-09-04 | 2023-12-05 | 中量科(南京)科技有限公司 | Encryption method, device and storage medium for generating working key based on quantum key |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101631305A (en) * | 2009-07-28 | 2010-01-20 | 交通银行股份有限公司 | Encryption method and system |
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
Family Cites Families (64)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS57157371A (en) * | 1981-03-24 | 1982-09-28 | Sharp Corp | Electronic cash register |
JP2993833B2 (en) * | 1993-11-29 | 1999-12-27 | 富士通株式会社 | POS system |
JPH10112883A (en) * | 1996-10-07 | 1998-04-28 | Hitachi Ltd | Radio communication exchange system, exchange, public key management device, mobile terminal and mobile terminal recognizing method |
DE60014047T2 (en) * | 1999-03-22 | 2006-02-23 | Purac Biochem B.V. | PROCESS FOR PURIFYING MILKYLIC ACID ON INDUSTRIAL BASIS |
CN1127033C (en) * | 2000-07-20 | 2003-11-05 | 天津南开戈德集团有限公司 | Radio mobile network point of sale (POS) terminal system and operation method thereof |
US7110986B1 (en) * | 2001-04-23 | 2006-09-19 | Diebold, Incorporated | Automated banking machine system and method |
KR100641824B1 (en) * | 2001-04-25 | 2006-11-06 | 주식회사 하렉스인포텍 | A payment information input method and mobile commerce system using symmetric cipher system |
JP2002366285A (en) * | 2001-06-05 | 2002-12-20 | Matsushita Electric Ind Co Ltd | Pos terminal |
GB2384402B (en) * | 2002-01-17 | 2004-12-22 | Toshiba Res Europ Ltd | Data transmission links |
JP2003217028A (en) * | 2002-01-24 | 2003-07-31 | Tonfuu:Kk | Operation situation monitoring system for pos terminal device |
US7395427B2 (en) * | 2003-01-10 | 2008-07-01 | Walker Jesse R | Authenticated key exchange based on pairwise master key |
JP2005117511A (en) * | 2003-10-10 | 2005-04-28 | Nec Corp | Quantum cipher communication system and quantum cipher key distributing method used therefor |
KR101282972B1 (en) * | 2004-03-22 | 2013-07-08 | 삼성전자주식회사 | Authentication between a device and a portable storage |
US20060093149A1 (en) * | 2004-10-30 | 2006-05-04 | Shera International Ltd. | Certified deployment of applications on terminals |
DE102005022019A1 (en) * | 2005-05-12 | 2007-02-01 | Giesecke & Devrient Gmbh | Secure processing of data |
KR100652125B1 (en) * | 2005-06-03 | 2006-12-01 | 삼성전자주식회사 | Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof |
CN100583743C (en) * | 2005-07-22 | 2010-01-20 | 华为技术有限公司 | Distributing method for transmission key |
BRPI0708201A2 (en) * | 2006-02-22 | 2012-01-17 | Hypercom Corp | method for processing transactions electronically |
JP2007241351A (en) * | 2006-03-06 | 2007-09-20 | Cela System:Kk | Customer/commodity integrated management system by customer/commodity/purchase management system (including pos) and mobile terminal |
EP1833009B1 (en) * | 2006-03-09 | 2019-05-08 | First Data Corporation | Secure transaction computer network |
US7818264B2 (en) * | 2006-06-19 | 2010-10-19 | Visa U.S.A. Inc. | Track data encryption |
CN101064695A (en) * | 2007-05-16 | 2007-10-31 | 杭州看吧科技有限公司 | P2P(Peer to Peer) safe connection method |
CN101145913B (en) * | 2007-10-25 | 2010-06-16 | 东软集团股份有限公司 | A method and system for network security communication |
WO2009070041A2 (en) * | 2007-11-30 | 2009-06-04 | Electronic Transaction Services Limited | Payment system and method of operation |
CN101541002A (en) * | 2008-03-21 | 2009-09-23 | 展讯通信(上海)有限公司 | Web server-based method for downloading software license of mobile terminal |
CN101615322B (en) * | 2008-06-25 | 2012-09-05 | 上海富友金融网络技术有限公司 | Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function |
JP4666240B2 (en) * | 2008-07-14 | 2011-04-06 | ソニー株式会社 | Information processing apparatus, information processing method, program, and information processing system |
CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
KR20100052668A (en) * | 2008-11-11 | 2010-05-20 | 노틸러스효성 주식회사 | Method for on-line sharing of tmk(terminal master key) between atm and host |
JP5329184B2 (en) * | 2008-11-12 | 2013-10-30 | 株式会社日立製作所 | Public key certificate verification method and verification server |
CN101425208B (en) * | 2008-12-05 | 2010-11-10 | 浪潮齐鲁软件产业有限公司 | Method for safely downloading cipher key of finance tax-controlling cashing machine |
CN101527714B (en) * | 2008-12-31 | 2012-09-05 | 飞天诚信科技股份有限公司 | Method, device and system for accreditation |
CN101719895A (en) * | 2009-06-26 | 2010-06-02 | 中兴通讯股份有限公司 | Data processing method and system for realizing secure communication of network |
CN101593389B (en) * | 2009-07-01 | 2012-04-18 | 中国建设银行股份有限公司 | Key management method and key management system for POS terminal |
CN101656007B (en) * | 2009-08-14 | 2011-02-16 | 通联支付网络服务股份有限公司 | Safe system realizing one machine with multiple ciphers on POS machine and method thereof |
CN102064939B (en) * | 2009-11-13 | 2013-06-12 | 福建联迪商用设备有限公司 | Method for authenticating point of sail (POS) file and method for maintaining authentication certificate |
CN101710436B (en) * | 2009-12-01 | 2011-12-14 | 中国建设银行股份有限公司 | Method and system for controlling POS terminal and POS terminal management equipment |
CN101807994B (en) * | 2009-12-18 | 2012-07-25 | 北京握奇数据系统有限公司 | Method and system for application data transmission of IC card |
CN102148799B (en) * | 2010-02-05 | 2014-10-22 | 中国银联股份有限公司 | Key downloading method and system |
CN201656997U (en) * | 2010-04-28 | 2010-11-24 | 中国工商银行股份有限公司 | Device for generating transmission key |
CN101807997B (en) * | 2010-04-28 | 2012-08-22 | 中国工商银行股份有限公司 | Device and method for generating transmission key |
CN102262760A (en) * | 2010-05-28 | 2011-11-30 | 杨筑平 | Transaction secrecy method, acceptance apparatus and submission software |
WO2012021662A2 (en) * | 2010-08-10 | 2012-02-16 | General Instrument Corporation | System and method for cognizant transport layer security (ctls) |
CN101938520B (en) * | 2010-09-07 | 2015-01-28 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
CN101976403A (en) * | 2010-10-29 | 2011-02-16 | 北京拉卡拉网络技术有限公司 | Phone number payment platform, payment trading system and method thereof |
CN102013982B (en) * | 2010-12-01 | 2012-07-25 | 银联商务有限公司 | Long-distance encryption method, management method, as well as encryption management method, device and system |
CN102903189A (en) * | 2011-07-25 | 2013-01-30 | 上海昂贝电子科技有限公司 | Terminal transaction method and device |
CN102394749B (en) * | 2011-09-26 | 2014-03-05 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
CN102521935B (en) * | 2011-12-15 | 2013-12-11 | 福建联迪商用设备有限公司 | Method and apparatus for state detection of POS machine |
CN102592369A (en) * | 2012-01-14 | 2012-07-18 | 福建联迪商用设备有限公司 | Method for self-service terminal access to financial transaction center |
CN102624711B (en) * | 2012-02-27 | 2015-06-03 | 福建联迪商用设备有限公司 | Sensitive information transmission method and sensitive information transmission system |
CN102624710B (en) * | 2012-02-27 | 2015-03-11 | 福建联迪商用设备有限公司 | Sensitive information transmission method and sensitive information transmission system |
CN102647274B (en) * | 2012-04-12 | 2014-10-08 | 福建联迪商用设备有限公司 | POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof |
CN102707972B (en) * | 2012-05-02 | 2016-03-09 | 银联商务有限公司 | A kind of POS terminal method for updating program and system |
CN102768744B (en) * | 2012-05-11 | 2016-03-16 | 福建联迪商用设备有限公司 | A kind of remote safe payment method and system |
CN102868521B (en) * | 2012-09-12 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method for enhancing secret key transmission of symmetrical secret key system |
CN103116505B (en) * | 2012-11-16 | 2016-05-25 | 福建联迪商用设备有限公司 | A kind of method that Auto-matching is downloaded |
CN103117855B (en) * | 2012-12-19 | 2016-07-06 | 福建联迪商用设备有限公司 | A kind of method of the method generating digital certificate and backup and recovery private key |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
CN103220271A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN103237004A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Key download method, key management method, method, device and system for download management |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN103716153B (en) * | 2013-03-15 | 2017-08-01 | 福建联迪商用设备有限公司 | Terminal master key TMK safety downloading method and systems |
CN103269266B (en) * | 2013-04-27 | 2016-07-06 | 北京宏基恒信科技有限责任公司 | The safety certifying method of dynamic password and system |
-
2013
- 2013-12-27 CN CN201310740188.9A patent/CN103716153B/en active Active
- 2013-12-27 CN CN201310741948.8A patent/CN103714639B/en active Active
- 2013-12-27 CN CN201310740540.9A patent/CN103716154B/en active Active
- 2013-12-27 CN CN201310740226.0A patent/CN103714634B/en active Active
- 2013-12-27 CN CN201310740100.3A patent/CN103714633B/en active Active
- 2013-12-27 CN CN201310741949.2A patent/CN103731260B/en active Active
- 2013-12-27 CN CN201310742648.1A patent/CN103716155B/en active Active
- 2013-12-27 CN CN201310740537.7A patent/CN103746800B/en active Active
- 2013-12-27 CN CN201310742686.7A patent/CN103745351B/en active Active
- 2013-12-27 CN CN201310740308.5A patent/CN103729941B/en active Active
- 2013-12-27 CN CN201310740360.0A patent/CN103714636B/en active Active
- 2013-12-27 CN CN201310740285.8A patent/CN103729940B/en active Active
- 2013-12-27 CN CN201310740231.1A patent/CN103714635B/en active Active
- 2013-12-27 CN CN201310742661.7A patent/CN103716167B/en active Active
- 2013-12-27 CN CN201310740244.9A patent/CN103701609B/en active Active
- 2013-12-27 CN CN201310740158.8A patent/CN103716320B/en active Active
- 2013-12-27 CN CN201310740410.5A patent/CN103729942B/en active Active
- 2013-12-27 CN CN201310740264.6A patent/CN103701812B/en active Active
- 2013-12-27 CN CN201310740642.0A patent/CN103731259B/en active Active
- 2013-12-27 CN CN201310742713.0A patent/CN103701610B/en active Active
- 2013-12-27 CN CN201310742886.2A patent/CN103716321B/en active Active
- 2013-12-27 CN CN201310742991.6A patent/CN103714641B/en active Active
- 2013-12-27 CN CN201310740574.8A patent/CN103729945B/en active Active
- 2013-12-27 CN CN201310740430.2A patent/CN103729943B/en active Active
- 2013-12-27 CN CN201310740567.8A patent/CN103729944B/en active Active
- 2013-12-27 CN CN201310742681.4A patent/CN103714640B/en active Active
- 2013-12-27 CN CN201310740380.8A patent/CN103714637B/en active Active
- 2013-12-27 CN CN201310740644.XA patent/CN103714638B/en active Active
-
2014
- 2014-03-11 WO PCT/CN2014/073205 patent/WO2014139403A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073220 patent/WO2014139408A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073225 patent/WO2014139412A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073215 patent/WO2014139406A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073224 patent/WO2014139411A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN101631305A (en) * | 2009-07-28 | 2010-01-20 | 交通银行股份有限公司 | Encryption method and system |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104270346B (en) * | 2014-09-12 | 2017-10-13 | 北京天行网安信息技术有限责任公司 | The methods, devices and systems of two-way authentication |
CN104270346A (en) * | 2014-09-12 | 2015-01-07 | 北京天行网安信息技术有限责任公司 | Bidirectional authentication method, device and system |
CN105844469B (en) * | 2015-01-30 | 2019-11-29 | Ncr公司 | Authorize credible and secure system unit |
CN105844469A (en) * | 2015-01-30 | 2016-08-10 | Ncr公司 | Authority trusted secure system component |
CN105243542A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | System and method of dynamic electronic certificate authentication |
CN105243542B (en) * | 2015-11-13 | 2021-07-02 | 咪付(广西)网络技术有限公司 | Dynamic electronic certificate authentication method |
CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
CN106097608A (en) * | 2016-06-06 | 2016-11-09 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN106097608B (en) * | 2016-06-06 | 2018-07-27 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN107800538B (en) * | 2016-09-01 | 2021-01-29 | 中电长城(长沙)信息技术有限公司 | Remote key distribution method for self-service equipment |
CN107800538A (en) * | 2016-09-01 | 2018-03-13 | 中电长城(长沙)信息技术有限公司 | A kind of self-service device remote cipher key distribution method |
CN106571915A (en) * | 2016-11-15 | 2017-04-19 | 中国银联股份有限公司 | Terminal master key setting method and apparatus |
CN106953731B (en) * | 2017-02-17 | 2020-05-12 | 福建魔方电子科技有限公司 | Authentication method and system for terminal administrator |
CN106953731A (en) * | 2017-02-17 | 2017-07-14 | 福建魔方电子科技有限公司 | The authentication method and system of a kind of terminal management person |
CN107392591B (en) * | 2017-08-31 | 2020-02-07 | 恒宝股份有限公司 | Online recharging method and system for industry card and Bluetooth read-write device |
CN107392591A (en) * | 2017-08-31 | 2017-11-24 | 恒宝股份有限公司 | Online recharge method, system and the bluetooth read-write equipment of trading card |
CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
CN108390851B (en) * | 2018-01-05 | 2020-07-03 | 郑州信大捷安信息技术股份有限公司 | Safe remote control system and method for industrial equipment |
CN108235807A (en) * | 2018-01-15 | 2018-06-29 | 福建联迪商用设备有限公司 | Software cryptography terminal, payment terminal, software package encryption and decryption method and system |
CN108235807B (en) * | 2018-01-15 | 2020-08-04 | 福建联迪商用设备有限公司 | Software encryption terminal, payment terminal, software package encryption and decryption method and system |
CN111193748A (en) * | 2020-01-06 | 2020-05-22 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
CN111193748B (en) * | 2020-01-06 | 2021-12-03 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103746800B (en) | TMK (terminal master key) safe downloading method and system | |
CN103716168B (en) | Secret key management method and system | |
CN103714642B (en) | Key downloading method, management method, downloading management method and device and system | |
CN103729946B (en) | Key downloading method, management method, downloading management method and device and system | |
CN103716322A (en) | Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system | |
KR20180089952A (en) | Method and system for processing transaction of electronic cash |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent of invention or patent application | ||
CB03 | Change of inventor or designer information |
Inventor after: Hong Yixuan Inventor after: Su Wenlong Inventor after: Meng Luqiang Inventor before: Su Wenlong Inventor before: Meng Luqiang |
|
COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: SU WENLONG MENG LUQIANG TO: HONG YIXUAN SU WENLONG MENG LUQIANG |
|
GR01 | Patent grant | ||
GR01 | Patent grant |