CN103746800A

CN103746800A - TMK (terminal master key) safe downloading method and system

Info

Publication number: CN103746800A
Application number: CN201310740537.7A
Authority: CN
Inventors: 苏文龙; 孟陆强
Original assignee: Fujian Landi Commercial Equipment Co Ltd
Current assignee: Fujian Landi Commercial Equipment Co Ltd
Priority date: 2013-03-15
Filing date: 2013-12-27
Publication date: 2014-04-23
Anticipated expiration: 2033-12-27
Also published as: CN103714639A; CN103701609B; CN103746800B; CN103714633A; CN103716153A; WO2014139408A1; CN103716154B; CN103745351A; CN103716154A; CN103714640B; CN103716167B; WO2014139403A1; CN103716155B; CN103716153B; CN103729943B; CN103716320B; CN103714635A; CN103714636B; CN103714633B; CN103731259B

Abstract

The invention discloses a TMK (terminal master key) safe downloading method and a TMK safe downloading system. Through adopting a method for remotely downloading TMK, the distribution and arrangement of a payment terminal to a commercial tenant after the integrated downloading of the TMK is avoided, and the logistics cost and the integrated downloading maintenance cost are reduced. The method for remotely downloading TMK realizes the encryption protection on the TMK through uploading a TK (transmission key), in addition, the ciphertext transmission is adopted in the whole process, great convenience is brought to the collection, management and uploading of the TK through an operation terminal and an MTMS (material tracking management system), in order to ensure the legal identities of the operation terminal, the MTMS and a KMS (key management system), the identities of the two parties can be transmitted through the CA (certificate authority) center for authentication, and the accurate receiving and sending of the ciphertext are ensured. The two-way authentication between the two parities is also carried out between transmission master keys between the payment terminal and the KMS, and the downloading security of the master key is further improved.

Description

A kind of terminal master key TMK method for safely downloading and system

Technical field

The present invention relates to E-Payment field, relate in particular to a kind of terminal master key TMK method for safely downloading and system.

Background technology

(BANK Card) is more and more universal as the means of payment for bank card, common bank card paying system comprises point of sales terminal (Point Of Sale, POS), POS receives single system (POSP), code keypad (PIN PAD) and hardware encipher machine (Hardware and Security Module, HSM).Wherein POS terminal can be accepted bank card information, has communication function, and the instruction of accepting teller completes financial transaction information and the equipment of exchange for information about; POS receives single system POS terminal is managed concentratedly, comprises parameter downloads, and key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback transaction results information, is the system of centralized management and trading processing; Code keypad (PIN PAD) is that the relevant key of various financial transactions is carried out to safe storage protection, and the safety means that PIN are encrypted to protection; Hardware encipher machine (HSM) is to the peripheral hardware equipment that is encrypted of transmission data, for correctness and the storage key of encryption and decryption, checking message and the document source of PIN.Personal identification code (Personal Identification Number, PIN), personal identification number, is the data message of identifying holder's identity legitimacy in on-line transaction, in cyber-net system, any link does not allow to occur in mode expressly; Terminal master key (Terminal Master Key, TMK), during POS terminal works, the master key that working key is encrypted, encrypting storing is in system database; POS terminal is widely used in bank card and pays occasion, such as manufacturer's shopping, hotel's lodging etc., is a kind of indispensable modernization means of payment, has incorporated the various occasions of people's life.Bank card; debit card particularly; generally all by holder, be provided with PIN; in carrying out payment process; POS terminal is except above sending the data such as magnetic track information of bank card; also want holder to input the checking holder's of PINGong issuing bank identity legitimacy, guarantee bank card safety of payment, protection holder's property safety.In order to prevent that PIN from revealing or being cracked; requirement is from terminal to issuing bank in whole information interactive process; whole process is carried out safety encipher protection to PIN; do not allow any link in computer network system; PIN occurs in mode expressly, so the POS terminal of the PIN of acceptance input at present all requires to be equipped with key management system.

The key code system of POS terminal is divided into secondary: terminal master key (TMK) and working key (WK).Wherein TMK, in WK renewal process, is encrypted protection to WK.Between every POS terminal and POS, share unique TMK, must have safeguard protection, assurance can only write device and is participated in calculating, and can not read; TMK is a very crucial root key, if TMK is intercepted, working key is just cracked than being easier to, by serious threat bank card safety of payment.So can secure download TMK to POS terminal, become the key of whole POS terminal security.

For taking precautions against terminal master key TMK disclosure risk, the safe machine room that the download of terminal master key TMK must be controlled at the administrative center of acquirer carries out, therefore essential by manually concentrating POS terminal download terminal master key.Thereby bring maintenance centre's machine room workload large; After equipment dispatches from the factory, need to be transported to administrative center's safe machine room download key and just can be deployed to trade company, cost of transportation rises; In order to concentrate lower dress terminal master key, need a large amount of staff and operating time, the problem such as maintenance cost is large, maintenance period is long.

Similar to POS terminal, ATM terminal, for paying the intellective IC card of use, the payment terminals such as mobile phone terminal with payment function all need to concentrate and download terminal master key by artificial, exist equally cost of transportation high, concentrate the problems such as lower dress terminal master key needs a large amount of staff and operating time, and maintenance cost is large, maintenance period is long.

Summary of the invention

For solving the problems of the technologies described above, the technical scheme that the present invention adopts is:

A terminal master key TMK method for safely downloading, comprises step: S1, MTMS system will reach the flow process of payment terminal under PKI Pu_mtms; Use public-key Pu_mtms encrypted transmission cipher key T K be uploaded to the flow process of KMS system of S2, payment terminal; The flow process of the master key TMK that S3, payment terminal are encrypted through transmission security key TK from KMS system downloads; Wherein, step S1 concrete steps comprise: the operating terminal digital certificate Crt_optm that S11, the preset CA of operating terminal center generate, the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates; S12, MTMS system call the first hardware encipher machine, KMS system call the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump; S13, operating terminal and MTMS system are carried out two-way authentication by CA center; After S14, authentication are passed through, MTMS system is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad; Step S2 concrete steps comprise: S21, payment terminal are called code keypad and produced transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK; S22, payment terminal are called the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and are generated the first transmission security key ciphertext Ctk_Pu; S23, operating terminal are sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN; S24, when receiving TK that KMS sends and obtain request, MTMS system call the first hardware encipher machine uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, then use Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, use MAC key MAK to calculate the MAC value of ciphertext TK, the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk; S25, MTMS system and KMS system are carried out two-way authentication by CA center; After S26, authentication are passed through, MTMS system sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk; S3 concrete steps comprise: S31, payment terminal are sent to KMS system by terminal serial number SN and the application of download master key; S32, KMS system receive the terminal serial number SN of payment terminal transmission and download after master key application, inquire about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN; S33, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; After S34, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication; If S35 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; S36, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.

Another technical solution used in the present invention is:

A terminal master key TMK secure download system, comprises the first hardware encipher machine, the second hardware encipher machine, payment terminal, operating terminal, MTMS system, CA center and KMS system; Described payment terminal comprises the upper transmission module of a TK, TMK request module, two-way authentication A module, TMK receiver module, described operating terminal comprises the upper transmission module of the 2nd TK, described MTMS system comprises arranging key A module, PKI sending module, TK request respond module, the upper transmission module of the 3rd TK, described KMS system comprises arranging key B module, TMK request respond module, two-way authentication B module, TMK sending module, and described CA center comprises certificate preset module, ca authentication module; The operating terminal digital certificate Crt_optm that certificate preset module generates for JiangCA center is preset in operating terminal, the MTMS system digits certificate Crt_mtms that JiangCA center generates is preset in MTMS system, and the KMS system digits certificate Crt_kms that JiangCA center generates is preset in KMS system; Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump; Ca authentication module is for carrying out two-way authentication to operating terminal and MTMS system by CA center; PKI sending module, for after passing through when ca authentication authentication, is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad; The upper transmission module of the one TK is used for calling code keypad and produces transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK; The upper transmission module of the one TK is used for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and generates the first transmission security key ciphertext Ctk_Pu; The upper transmission module of the 2nd TK is for being sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN; TK request respond module is for obtaining while asking when receiving TK that KMS system sends, the first hardware encipher machine that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk; Ca authentication module is also carried out two-way authentication for MTMS system and KMS system by CA center; The upper transmission module of the 3rd TK, for after MTMS system and KMS system authentication are passed through, sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk; TMK request module is for being sent to KMS system by terminal serial number SN and the application of download master key; TMK request respond module, for receiving the terminal serial number SN of payment terminal transmission when KMS system and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN; TMK request respond module is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine; Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication; TMK sending module is for after KMS system and payment terminal two-way authentication are passed through, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal; TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.

Beneficial effect of the present invention is: by payment terminal upload transfers cipher key T K, after encrypting terminal master key TMK by TK, be sent to payment terminal, realize payment terminal remote download terminal master key, after having avoided payment terminal by concentrated download master key, cloth is put into trade company again, reduce logistics cost and KMS system and concentrated the maintenance cost of downloading, wherein, remote download master key TMK overall process all adopts ciphertext transmission, between payment terminal and KMS, transmit the two-way authentication of also having carried out both sides between master key, improved the transmission security of master key.Further, by operating terminal, realize the collection of transmission security key TK and upload in the present embodiment, having improved the time efficiency that terminal is uploaded TK, also greatly facilitate the collection of dissimilar and model payment terminal transmission security key TK simultaneously and upload.By operating terminal, control the collection of payment terminal transmission security key TK and upload and make payment terminal be responsible for producing and the hardware resource of transmission security key TK part is released, make the hardware resource of payment terminal more reasonably be optimized use.Further, by MTMS system, can realize the transmission security key TK of the various payment terminals of different geographical minute plant produced to unify to store and concentrate sending to corresponding KMS system, the wrong and work load to KMS system of having avoided the scattered upload transfers cipher key T of payment terminal K to cause.Further, in the process of transmission security key TK transmission, by CA center, the receiving-transmitting sides of transmission data is carried out to authentication, guarantee that operating terminal, MTMS system and KMS system are legal identity, guarantee can not stolen by pseudo-terminal of ciphertext.

Accompanying drawing explanation

Fig. 1 is the structured flowchart of a kind of terminal master key TMK secure download system in an embodiment of the present invention;

Fig. 2 is the structured flowchart of two-way authentication A module in Fig. 1;

Fig. 3 is the structured flowchart of two-way authentication B module in Fig. 1;

Fig. 4 is the method flow diagram of a kind of terminal master key TMK method for safely downloading in an embodiment of the present invention;

Fig. 5 is the particular flow sheet of step S1 in Fig. 4;

Fig. 6 is the particular flow sheet of step S2 in Fig. 4;

Fig. 7 is the particular flow sheet of step S3 in Fig. 4.

Main element symbol description:

10: payment terminal; 20: operating terminal; 30:KMS system; 40:MTMS system; 50:CA center; 60: the first hardware encipher machines; 70: the second hardware encipher machines; 101: the upper transmission modules of a TK; 102:TMK request module; 103: two-way authentication A module; 104:TMK receiver module; 201: the upper transmission modules of two TK; 301: arranging key B module; 302:TMK sending module; 303:TMK asks respond module; 304: two-way authentication B module; 401: arranging key A module; 402:TK asks respond module; 403: PKI sending module; 404: the upper transmission modules of three TK; 501: certificate preset module; 502:CA authentication module; 1031: the first random number generation units; 1032: the first data transmit-receive unit; 1033: the first encryption/decryption elements; 1034: the first judging units; 3041: the second random number generation units; 3042: the second data transmit-receive unit; 3043: the second encryption/decryption elements; 3044: the second judging units.

Embodiment

By describing technology contents of the present invention, structural feature in detail, being realized object and effect, below in conjunction with execution mode and coordinate accompanying drawing to be explained in detail.

One, the abbreviation the present invention relates to and Key Term are defined and are illustrated:

The abbreviation of AUK:Authentication Key, authentication authorization and accounting key, for the two-way authentication between PINPAD and key management system KMS;

CA center: so-called CA(Certificate Authority) center, it is to adopt PKI(Public Key Infrastructure) public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and third party's trust authority with authoritative and fairness, its effect is just as the company of issue certificates in our actual life, as passport is handled mechanism;

The abbreviation of HSM:High Security Machine, high safety means are hardware encipher machine in this system;

KMS system: Key Management System, key management system, for office terminal master key TMK;

The abbreviation of MAK:Mac Key, MAC computation key, consults to determine 24 byte symmetric keys with client, for the MAC value of TK between MTMS system and KMS system, calculates;

MTMS: full name Material Tracking Management System, Tracing Material management system is mainly used when plant produced;

The abbreviation of PIK:Pin Key, Pin encryption key, is a kind of of working key;

PINPAD: code keypad;

The abbreviation of PK:Protect Key, Protective Key, consults to determine with client, 24 byte symmetric keys.Encrypted transmission for TK between MTMS/TCS and KMS;

The abbreviation of POS:Point Of Sale, i.e. point-of-sale terminal

SNpinpad: the sequence number of code keypad, when PINPAD is built-in, SNpos is consistent with POS terminal serial number;

SN: the sequence number of payment terminal;

The abbreviation of TEK:Transmission Encrypt Key, i.e. traffic encryption key, 24 byte symmetric keys, for the encrypted transmission of TMK between PINPAD and key management system KMS;

The abbreviation of TK:Transmission Key, i.e. transmission security key.Transmission security key is comprised of traffic encryption key TEK and two-way authentication key A UK;

The abbreviation of TMS:Terminal Management System, i.e. terminal management system, for completing the functions such as payment terminal information management, software and parameter configuration, remote download, the management of terminal running state information, remote diagnosis;

The abbreviation of TMK:Terminal Master Key, i.e. terminal master key, for payment terminal with pay the encrypted transmission of receiving working key between single system;

Safe house: have higher security level other, for the room of service device, this room needs just can enter after authentication.

Intellective IC card: be CPU card, integrated circuit in card comprises central processor CPU, programmable read only memory EEPROM, random access memory ram and is solidificated in the card internal operating system COS (Chip Operating System) in read only memory ROM, and in card, data are divided into outside and read and inter-process part.

Symmetric key: the both sides that transmit and receive data must use identical key to being expressly encrypted and decrypt operation.Symmetric key encryption algorithm mainly comprises: DES, 3DES, IDEA, FEAL, BLOWFISH etc.

Unsymmetrical key: rivest, shamir, adelman needs two keys: public-key cryptography (private key Public key) and private cipher key (PKI Private key).Public-key cryptography and private cipher key are a pair of, if data are encrypted with public-key cryptography, only have with corresponding private cipher key and could decipher; If data are encrypted with private cipher key, only have so with corresponding public-key cryptography and could decipher.Because what encryption and decryption were used is two different keys, so this algorithm is called rivest, shamir, adelman.The basic process that rivest, shamir, adelman is realized confidential information exchange is: Party A generates a pair of secret keys handle wherein is open as Public key to other side; After using this key to be encrypted confidential information, the Party B who obtains this Public key sends to again Party A; Another private key that Party A preserves with oneself is again decrypted the information after encrypting.Party A sends to Party B after can using Party B's PKI to be encrypted confidential information again; Party B is decrypted the information after encrypting with the private spoon of oneself again.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(elliptic curve encryption algorithm).

RSA: a kind of asymmetric key algorithm.RSA public key encryption algorithm is by Ron Rivest, Adi Shamirh and Len Adleman, in (Massachusetts Institute Technology), to be developed for 1977.RSA is named the name from they three of exploitation.RSA is the most influential public key encryption algorithm at present, and it can resist up to the present known all cryptographic attacks, by ISO, is recommended as public key data encryption standard.RSA Algorithm is true based on a foolproof number theory: two large prime numbers are multiplied each other very easy.RSA Algorithm be first can be simultaneously for encrypting the algorithm with digital signature, also easy to understand and operation.RSA is studied public key algorithm the most widely, from proposing three ten years till now, has experienced the test of various attack, for people accept, generally believes it is one of current classic PKI scheme gradually.

TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is the cryptographic algorithm based on DES, and its key is 16 bytes or 24 bytes.TDES/3DES is the abbreviated expression (being triple DES) of English TripleDES, and DES is that English Data Encryption Standard(counts encryption standard) abbreviated expression.DES is a kind of symmetric key encryption algorithm, i.e. the data encryption key cryptographic algorithm identical with decruption key.DESYou IBM Corporation develops and discloses at 20 century 70s, and for U.S. government adopts, Bing Bei NBS and ANSI (ANSI) are admitted subsequently.TDES/3DES is a kind of pattern of des encryption algorithm, and it uses the key of 3 64 to carry out three encryptions to data.It is a safer distortion of DES.

Two, to technical scheme of the present invention, be described in detail as follows:

For solving the technical problem existing in background technology, the present invention adopts a kind of new master key download scenarios, by payment terminal, produce at random TK(Transmission Key, transmission security key), TK after producing is stored in the code keypad of payment terminal, and TK is sent to KMS(Key Management System by transmission means required under various application scenarioss, key management system, for office terminal master key TMK).

When payment terminal application download terminal master key TMK, KMS system is used TK to encrypt terminal master key TMK, and the terminal master key ciphertext after encrypting is sent to payment terminal, payment terminal is decrypted master key ciphertext with TK after receiving, obtain terminal master key TMK, and terminal master key TMK is kept in code keypad.

So, by TK, encrypt terminal master key TMK, make TMK can carry out remote transmission, facilitate the secure download of TMK.

Under some scene, adopt operating terminal to gather the TK that payment terminal produces, and be responsible for TK to be transferred to MTMS system (Material Tracking Management System by operating terminal, Tracing Material system, mainly in plant produced, use), by MTMS systematic unity management TK, and TK is sent to corresponding KMS system.Adopt operating terminal to gather TK and can facilitate the acquisition operations (can realize a key collection etc.) of TK and the rights management that TK gathers; Employing MTMS system can be conveniently to TK unified management, and during convenient after-sales service later, data search and the download of payment terminal, can realize by manufacture order bulk transfer TK by MTMS system, facilitates the transfer management of TK, prevents that TK from misinformating to wrong object.

Above-mentionedly by payment terminal, gather and be sent to bank's end after transmission security key TK TMK is encrypted, then the method for the TMK after TK encrypts can realize the remote download of TMK by payment terminal remote download.But, TK upload with TMK downloading process in relate to more terminal and system, therefore easily occur that pseudo-terminal steals TMK.In order to improve TMK, download safety, need a kind of method that can conveniently verify the terminal master key TMK secure download of each terminal and system identity.

Below just the present invention is overcome to the problems referred to above technical scheme be elaborated.Theory of the present invention is at described TK and TMK course of conveying YouCA center (Certificate Authority, certificate granting center, adopt Public Key Infrastructure public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and third party's trust authority with authoritative and fairness) differentiate the identity of operating terminal, MTMS system and KMS system, by introducing CA center, prevent that pseudo-terminal and pseudo-KMS system from stealing TK.

Refer to Fig. 1, for the structured flowchart of a kind of terminal master key TMK secure download system in an embodiment of the present invention, this terminal master key TMK secure download system comprises the first hardware encipher machine 50, the second hardware encipher machine 60, payment terminal 10, operating terminal 20, MTMS system 40, CA center 50 and KMS system 30, described payment terminal 10 comprises the upper transmission module 101 of a TK, TMK request module 102, two-way authentication A module 103, TMK receiver module 104, described operating terminal 20 comprises the upper transmission module 201 of the 2nd TK, described MTMS system 40 comprises arranging key A module 401, PKI sending module 403, TK asks respond module 402, the upper transmission module 404 of the 3rd TK, described KMS system 30 comprises arranging key B module 301, TMK asks respond module 303, two-way authentication B module 304, TMK sending module 302, described CA center 50 comprises certificate preset module 501, ca authentication module 502.

The operating terminal digital certificate Crt_optm that certificate preset module 501 generates for JiangCA center 50 is preset in operating terminal 20, the MTMS system digits certificate Crt_mtms that JiangCA center 50 generates is preset in MTMS system 40, and the KMS system digits certificate Crt_kms that JiangCA center 50 generates is preset in KMS system 30;

Arranging key A module 401 and arranging key B module 301 are for calling the first hardware encipher machine 60 and the second hardware encipher machine 70, in the first hardware encipher machine 60 and the second hardware encipher machine 70, MTMS system 40 authority components and KMS system 30 authority components are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine 60 and the second hardware encipher machine 70 in the lump;

Ca authentication module 50 is for carrying out two-way authentication to operating terminal 20 and MTMS system 40 by CA center 50;

PKI sending module 403, for after passing through when ca authentication authentication, is sent to PKI Pu_mtms payment terminal 10 and is stored in code keypad by operating terminal 20;

The upper transmission module 101 of the one TK produces transmission security key TK for calling code keypad, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;

The upper transmission module 101 of the one TK generates the first transmission security key ciphertext Ctk_Pu for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key;

The upper transmission module 201 of the 2nd TK is for being sent to MTMS system 40 by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;

TK request respond module 402 is for obtaining while asking when receiving TK that KMS system 30 sends, the first hardware encipher machine 60 that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;

Ca authentication module 502 is also carried out two-way authentication for MTMS system 40 and KMS system by CA center 50;

The upper transmission module 404 of the 3rd TK, for after passing through when

MTMS system

40 and 30 authentications of KMS system, sends to KMS system 30 by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;

TMK request module 102 is for being sent to KMS system 30 by terminal serial number SN and the application of download master key;

TMK request respond module 303, for receiving the terminal serial number SN of payment terminal 10 transmissions when KMS system 30 and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;

TMK request respond module 303 is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine 70, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine 70;

Two-way authentication A module 103 and two-way authentication B module 304 are for obtaining after transmission security key TK when KMS system 30, and the second hardware encipher machine 60 that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;

TMK sending module 302 is for after passing through when KMS system 30 and payment terminal 10 two-way authentications, and the second hardware encipher machine 70 that calls uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal 10;

TMK receiver module 104 is used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad for calling code keypad.

Wherein, the certificate preset module at described CA center 50 comprises operating terminal digital certificate Crt_optm generation module, MTMS system digits certificate Crt_mtms generation module and KMS system digits certificate Crt_kms generation module.

The digital certificate Crt_optm generation module of described operating terminal 10 generates public private key pair Pu and Pr for call operation terminal, use root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm for the digital certificate Crt_optm of generation is sent and be stored in operating terminal 20;

The digital certificate Crt_mtms generation module of described MTMS system 40 is used for calling the first hardware encipher machine 60 and produces public private key pair Pr_mtms and Pu_mtms, use root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms for the Crt_mtms of generation is sent and be stored in MTMS system 40;

Described KMS system 30 digital certificate Crt_kms generation modules are used for calling the second hardware encipher machine 70 and produce public private key pair Pr_kms and Pu_kms, use root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms for Crt_kms is sent and be stored in KMS system 30.

Wherein, described operating terminal 20 also includes operator's card and keeper's card; The certificate preset module 501 at described CA center 50 also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;

Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when being carried out legitimacy authentication and passed through by 50 pairs, CA center operator's certificate and administrator certificate, mandate operates operating terminal 20.

Wherein, the upper transmission module 201 of described the 2nd TK also comprises packaged unit, and described packaged unit is for packing and use operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN;

The upper transmission module 404 of the 3rd TK of described MTMS system 40 also comprises verification unit, described verification unit is for when receiving the first transmission security key ciphertext Ctk_Pu that described TK collecting unit transmits and terminal serial number SN, the legitimacy of the signature of packaged unit described in verification, and for when described check is legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.

Wherein, described two-way authentication A module 103 comprises the first random number generation unit 1031, the first data transmit-receive unit 1032, the first encryption/decryption element 1033, the first judging unit 1034, and described two-way authentication B module comprises the second random number generation unit 3041, the second data transmit-receive unit 3042, the second encryption/decryption element 3043, the second judging unit 3044.

The first random number generation unit 1031 is for generation of the first random number R nd1; The first data transmit-receive unit 1032 is for being sent to KMS system 30 by the first random number R nd1 producing; The second data transmit-receive unit 3042 is for receiving the first random number R nd1; The second random number generation unit 3041, for when receiving the first random number R nd1, produces random number the 2nd Rnd2; The second encryption/decryption element 3043 is for when receiving the first random number R nd1, and the second hardware encipher machine 70 that calls uses certified transmission key A UK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1; The second data transmit-receive unit 3042 is for sending to payment terminal 10 by the first random number ciphertext Crnd1 and the second random number R nd2;

The first encryption/decryption element 1033 is for when receiving the first random number ciphertext Crnd1 and the second random number R nd2, and the first random number ciphertext Crnd1 that uses certified transmission key A UK deciphering to receive obtains the 3rd random number R nd1 '; The first judging unit is used for judging that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1;

The first encryption/decryption element 1033 is for judging that when described the first judging unit the 3rd random number R nd1 ' is with the first random number R nd1 when consistent, and use certified transmission key A UK encrypts the second random number R nd2 and generates the second random number ciphertext Crnd2; The first data transmit-receive unit is for sending to KMS system 30 by the second random number ciphertext Crnd2;

The second encryption/decryption element 3043 is for when receiving the second random number ciphertext Crnd2, the second random number ciphertext Crnd2 that the second hardware encipher machine 70 that calls uses certified transmission key A UK deciphering to receive obtains the 4th random number R nd2 ', whether the second judging unit 3044 is consistent with the second random number R nd2 for judging the 4th random number R nd2 ', and when judging that the 4th random number R nd2 ' is with the second random number R nd2 when consistent, the two-way authentication between confirmation KMS system 30 and payment terminal 10 is passed through.

Wherein, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.

In the present embodiment, described terminal master key TMK secure download system realizes payment terminal 10 from KMS system 40 remote download terminal master key TMK.In remote download process, terminal master key TMK must be with the form transmission of ciphertext, the random generating transmission key TK of each payment terminal 10, transmission security key TK is kept in code keypad, and transmission security key TK is sent to KMS system 40, form with ciphertext after KMS system 40 use transmission security key TK encryption terminal master key TMK is transferred to payment terminal 10, payment terminal 10 use transmission security key TK deciphering obtain terminal master key expressly, thereby realize the remote download of terminal master key TMK.

Because POS machine, intellective IC card, mobile phone terminal and ATM terminal can be used with payment work; and all need terminal master key TMK to be encrypted protection to working key; therefore; described payment terminal 10 can be POS terminal, intellective IC card, mobile phone terminal or ATM terminal; wherein, POS terminal, intellective IC card, mobile phone terminal, ATM terminal can have multiple different model.

The transmission security key TK of the payment terminal 10 of, different model dissimilar in order to facilitate generates and uploads, and is provided with operating terminal 20 and generates, gathers and upload transfers cipher key T K for controlling payment terminal 10.Described operating terminal 20 can be an improved POS machine, described operating terminal 20 is connected with payment terminal 10 by Serial Port Line or USB line, and operating terminal 20 is provided with a plurality of function keys that produce transmission security key TK, gather transmission security key TK and upload transfers cipher key T K for controlling payment terminal 10.When described payment terminal 10 is intellective IC card, intellective IC card is connected with operating terminal 20 by card insertion base.

In the present embodiment, described payment terminal 10 can be different type and model, different payment terminals 10 may be also to be produced by different subsidiary factories, therefore be also provided with in the present embodiment MTMS system 30, the transmission security key TK that described MTMS system 30 generates for each payment terminal 10 of each producer of unified management, and transmission security key TK is concentrated to the corresponding KMS system 40 that sends to.Because uploading with the download of terminal master key TMK of transmission security key TK all undertaken by remote mode, in order to prevent from occurring pseudo-terminal in transmitting procedure, steal transmission security key TK or terminal master key TMK, in present embodiment, be provided with CA center 50, the identity by the 50 pairs of transfer of data receiving-transmitting sides in CA center authenticates.

Referring to Fig. 4, is the main flow chart of a kind of terminal master key TMK method for safely downloading in one embodiment of the invention.This terminal master key TMK method for safely downloading is applied in described terminal master key TMK secure download system, and the method comprising the steps of:

S1, MTMS system will reach the flow process of payment terminal under PKI Pu_mtms;

Use public-key Pu_mtms encrypted transmission cipher key T K be uploaded to the flow process of KMS system of S2, payment terminal;

The flow process of the master key TMK that S3, payment terminal are encrypted through transmission security key TK from KMS system downloads;

Referring to Fig. 5, is step S1 concrete steps flow chart, and step S1 comprises:

The operating terminal digital certificate Crt_optm that S11, the preset CA of operating terminal center generate, the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates;

S12, MTMS system call the first hardware encipher machine, KMS system call the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump;

S13, operating terminal and MTMS system are carried out two-way authentication by CA center;

After S14, authentication are passed through, MTMS system is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad;

Referring to Fig. 6, is step S2 concrete steps flow chart, and step S2 comprises:

S21, payment terminal are called code keypad and are produced transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;

S22, payment terminal are called the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and are generated the first transmission security key ciphertext Ctk_Pu;

S23, operating terminal are sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;

S24, when receiving TK that KMS sends and obtain request, MTMS system call the first hardware encipher machine uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, then use Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, use MAC key MAK to calculate the MAC value of ciphertext TK, the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;

S25, MTMS system and KMS system are carried out two-way authentication by CA center;

After S26, authentication are passed through, MTMS system sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;

Referring to Fig. 7, is step S3 particular flow sheet, and step S3 comprises:

S31, payment terminal are sent to KMS system by terminal serial number SN and the application of download master key;

S32, KMS system receive the terminal serial number SN of payment terminal transmission and download after master key application, inquire about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;

S33, KMS system call the second hardware encipher machine use MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring, if verification is passed through, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;

After S34, KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication;

If S35 authentication is passed through, KMS system call the second hardware encipher machine uses traffic encryption key TEK to encrypt terminal master key TMK and generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;

S36, payment terminal are called code keypad and are used traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in code keypad.

Wherein, described " the operating terminal digital certificate Crt_optm that the preset CA of operating terminal center generates; the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates " specifically comprises:

Operating terminal generates public private key pair Pu and Pr, PKI Pu and operating terminal identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm also sends to operating terminal by the digital certificate Crt_optm of generation, operating terminal storage digital certificate Crt_optm;

MTMS system call the first hardware encipher machine produces public private key pair Pr_mtms and Pu_mtms, PKI Pu_mtms and MTMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms also sends to MTMS system by the Crt_mtms of generation, MTMS system storage digital certificate Crt_mtms;

KMS system call the second hardware encipher machine produces public private key pair Pr_kms and Pu_kms, PKI Pu_kms and KMS identification information are issued to CA center, CA center is used root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms also sends to KMS system by Crt_kms, KMS system storage digital certificate Crt_kms.

Wherein, also comprise the step that Authorized operation person's card and keeper's card operate operating terminal, specifically comprise:

For operator's card and keeper's card, produce respectively public private key pair;

The PKI of generation is issued to CA center, and generating run person blocks certificate and keeper blocks certificate respectively;

Operator is blocked to certificate storage in operator card and keeper is blocked to certificate storage in control card;

Operating terminal reads operator card and the keeper's card being inserted on operating terminal, by CA center, operator's certificate and administrator certificate is carried out to legitimacy authentication, and when authenticate by after permission operating terminal is operated.

It is wherein, described that " operating terminal and MTMS system are carried out two-way authentication by CA center; After authentication is passed through, MTMS system is sent to PKI Pu_mtms payment terminal and is stored in code keypad by operating terminal " specifically comprise:

MTMS system is sent to operating terminal by digital certificate Crt_mtms;

The legitimacy of the root certificate HsmRCRT checking work certificate Crt_mtms of sheet prepackage is burnt in operating terminal use, and from work certificate Crt_mtms extraction PKI Pu_mtms, is sent to payment terminal and is stored in code keypad after being verified.

Wherein, described " operating terminal is sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN " specifically comprises step:

Payment terminal is issued operating terminal by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;

Operating terminal is packed and uses operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN, and the first transmission security key ciphertext Ctk_Pu and terminal serial number SN through signature are sent to MTMS system;

The legitimacy of first signature verification when MTMS system receives the first transmission security key ciphertext Ctk_Pu and terminal serial number SN, if legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.

Wherein, described " after KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication " specifically comprises:

Payment terminal produces the first random number R nd1 and the first random number R nd1 is sent to KMS system;

KMS system produces the second random number R nd2 after receiving the first random number R nd1, the second hardware encipher machine that calls uses authenticate key AUK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1, and the first random number ciphertext Crnd1 and the second random number R nd2 are sent to payment terminal;

The first random number ciphertext Crnd1 that payment terminal is used authenticate key AUK deciphering to receive obtains the 3rd random number R nd1 ', judges that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1:

If the 3rd random number R nd1 ' is consistent with the first random number R nd1, payment terminal is used authenticate key AUK to encrypt the second random number R nd2 and is generated the second random number ciphertext Crnd2, and the second random number ciphertext Crnd2 is sent to KMS system;

The second random number ciphertext Crnd2 that KMS system call the second hardware encipher machine uses authenticate key AUK deciphering to receive obtains the 4th random number R nd2 ', judges that whether the 4th random number R nd2 ' is consistent with the second random number R nd2;

If the 4th random number R nd2 ' is consistent with the second random number R nd2, KMS system and payment terminal authentication are passed through.

In the present invention, transmission security key TK calculates the original uncommon Kazakhstan value of TK while producing, and when each storage, transmission or use TK, the uncommon Kazakhstan value of first verification TK just can be used TK after upchecking.Uncommon Kazakhstan value by verification TK can prevent that memory device from causing the error in data of storage extremely, determines that whether key is correct.

Beneficial effect of the present invention is: by payment terminal upload transfers cipher key T K, after encrypting terminal master key TMK by TK, be sent to payment terminal, realize payment terminal remote download terminal master key, after having avoided payment terminal by concentrated download master key, cloth is put into trade company again, reduce logistics cost and KMS system and concentrated the maintenance cost of downloading, wherein, remote download master key TMK overall process all adopts ciphertext transmission, between payment terminal and KMS, transmit the two-way authentication of also having carried out both sides between master key, improved the transmission security of master key.Further, master key TMK of the present invention is generated by KMS system, therefore facilitates KMS system to the follow-up maintenance of master key TMK and management.Further, by operating terminal, realize the collection of transmission security key TK and upload in the present embodiment, having improved the time efficiency that terminal is uploaded TK, also greatly facilitate the collection of dissimilar and model payment terminal transmission security key TK simultaneously and upload.By operating terminal, control the collection of payment terminal transmission security key TK and upload and make payment terminal be responsible for producing and the hardware resource of transmission security key TK part is released, make the hardware resource of payment terminal more reasonably be optimized use.Further, by MTMS system, can realize the transmission security key TK of the various payment terminals of different geographical minute plant produced to unify to store and concentrate sending to corresponding KMS system, the wrong and work load to KMS system of having avoided the scattered upload transfers cipher key T of payment terminal K to cause.Further, in the process of transmission security key TK transmission, by CA center, the receiving-transmitting sides of transmission data is carried out to authentication, guarantee that operating terminal, MTMS system and KMS system are legal identity, guarantee can not stolen by pseudo-terminal of ciphertext.

Operating terminal described in the present invention is only inserted on operating terminal at operator's card and keeper's card simultaneously, and operator's card and keeper's card all pass through after CA center certification, just can carry out TK acquisition operations, therefore only have the operating personnel of appointment could gather the transmission security key TK of payment terminal in the situation that keeper authorizes, improve the operating right management of operating terminal, effectively guaranteed authenticity and the validity of operating terminal upload transfers cipher key T K.

The present invention is packed and signs the first transmission security key ciphertext Ctk_Pu and the terminal serial number SN that gather by operating terminal, therefore can signing messages review this first transmission security key ciphertext and who operator to operate generation by, can judge whether the first transmission security key ciphertext Ctk_Pu and the terminal serial number SN that upload are legal according to the legitimacy of the described signature of checking, strengthened the collection transfer management to transmission security key TK, prevented that pseudo-terminal from uploading pseudo-transmission security key TK.

Payment terminal of the present invention and KMS system are used certified transmission key A UK to carry out both sides' authentication by two-way authentication A unit two-way authentication B unit, only in the situation that the terminal master key that both sides' authentication is all passed through after KMS system is just encrypted the most at last sends to payment terminal.The sequence number SN of every payment terminal and certified transmission key A UK are different, in KMS system, store the certified transmission key A UK of every payment terminal, therefore the authentication of using certified transmission key A UK to carry out both sides by two-way authentication A unit two-way authentication B unit can guarantee that payment terminal and KMS system both sides are legal identity, guarantee that terminal master key TMK comes, to corresponding KMS system, to be both and also to guarantee that TMK downloads in corresponding payment terminal.

The foregoing is only embodiments of the invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or conversion of equivalent flow process that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.

Claims

1. a terminal master key TMK method for safely downloading, is characterized in that, comprises step:

Wherein, step S1 concrete steps comprise:

Step S2 concrete steps comprise:

S3 concrete steps comprise:

2. terminal master key TMK method for safely downloading according to claim 1, it is characterized in that, described " the operating terminal digital certificate Crt_optm that the preset CA of operating terminal center generates; the MTMS system digits certificate Crt_mtms that MTMS system intialization CA center generates, the KMS system digits certificate Crt_kms that KMS system intialization CA center generates " specifically comprises:

3. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, also comprises the step that Authorized operation person's card and keeper's card operate operating terminal, specifically comprises:

4. terminal master key TMK method for safely downloading according to claim 2, is characterized in that, described " operating terminal and MTMS system are carried out two-way authentication by CA center; After authentication is passed through, MTMS system is sent to PKI Pu_mtms payment terminal and is stored in code keypad by operating terminal " specifically comprise:

MTMS system is sent to operating terminal by digital certificate Crt_mtms;

5. terminal master key TMK method for safely downloading according to claim 3, is characterized in that, described " operating terminal is sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN " specifically comprises step:

6. terminal master key TMK method for safely downloading according to claim 1, is characterized in that, described " after KMS system acquisition transmission security key TK, calling the second hardware encipher machine uses authenticate key AUK and payment terminal to carry out two-way authentication " specifically comprises:

7. according to the terminal master key TMK method for safely downloading described in claim 1 to 6, it is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.

8. a terminal master key TMK secure download system, is characterized in that, comprises the first hardware encipher machine, the second hardware encipher machine, payment terminal, operating terminal, MTMS system, CA center and KMS system; Described payment terminal comprises the upper transmission module of a TK, TMK request module, two-way authentication A module, TMK receiver module,

Described operating terminal comprises the upper transmission module of the 2nd TK,

Described MTMS system comprises arranging key A module, PKI sending module, TK request respond module, the upper transmission module of the 3rd TK,

Described KMS system comprises arranging key B module, TMK request respond module, two-way authentication B module, TMK sending module,

Described CA center comprises certificate preset module, ca authentication module;

The operating terminal digital certificate Crt_optm that certificate preset module generates for JiangCA center is preset in operating terminal, the MTMS system digits certificate Crt_mtms that JiangCA center generates is preset in MTMS system, and the KMS system digits certificate Crt_kms that JiangCA center generates is preset in KMS system;

Arranging key A module and arranging key B module are used for calling the first hardware encipher machine and the second hardware encipher machine, in the first hardware encipher machine and the second hardware encipher machine, MTMS System Privileges component and KMS System Privileges component are synthesized to Protective Key PK and MAC key MAK respectively, and described Protective Key PK and MAC key MAK are stored in the first hardware encipher machine and the second hardware encipher machine in the lump;

Ca authentication module is for carrying out two-way authentication to operating terminal and MTMS system by CA center;

PKI sending module, for after passing through when ca authentication authentication, is sent to payment terminal by PKI Pu_mtms by operating terminal and is stored in code keypad;

The upper transmission module of the one TK is used for calling code keypad and produces transmission security key TK, and described transmission security key TK comprises traffic encryption key TEK and certified transmission key A UK;

The upper transmission module of the one TK is used for calling the code keypad Pu_mtms encrypted transmission cipher key T K that uses public-key and generates the first transmission security key ciphertext Ctk_Pu;

The upper transmission module of the 2nd TK is for being sent to MTMS system by the first transmission security key ciphertext Ctk_Pu and terminal serial number SN;

TK request respond module is for obtaining while asking when receiving TK that KMS system sends, the first hardware encipher machine that calls uses private key Pr_mtms to decipher the first transmission security key ciphertext Ctk_Pu and obtains transmission security key TK, be used for using Protective Key PK encrypted transmission cipher key T K to obtain ciphertext TK, and for using the MAC value of MAC key MAK calculating ciphertext TK, and for the MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission security key ciphertext Ctk_pk;

Ca authentication module is also carried out two-way authentication for MTMS system and KMS system by CA center;

The upper transmission module of the 3rd TK, for after MTMS system and KMS system authentication are passed through, sends to KMS system by terminal serial number SN and the second transmission security key ciphertext Ctk_pk;

TMK request module is for being sent to KMS system by terminal serial number SN and the application of download master key;

TMK request respond module, for receiving the terminal serial number SN of payment terminal transmission when KMS system and downloading after master key application, is inquired about the second transmission security key ciphertext Ctk_pk corresponding with terminal serial number SN;

TMK request respond module is also used MAC key MAK to the second transmission security key ciphertext Ctk_pk verification MAC legitimacy inquiring for calling the second hardware encipher machine, and for after passing through when described verification, use Protective Key PK to decipher the second transmission security key ciphertext Ctk_pk and obtain transmission security key TK and be stored in described the second hardware encipher machine;

Two-way authentication A module and two-way authentication B module are for obtaining after transmission security key TK when KMS system, and the second hardware encipher machine that calls uses authenticate key AUK and payment terminal to carry out two-way authentication;

TMK sending module is for after KMS system and payment terminal two-way authentication are passed through, and the second hardware encipher machine that calls uses traffic encryption key TEK encryption terminal master key TMK generation master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;

TMK receiver module is used for calling code keypad and uses traffic encryption key TEK deciphering master key ciphertext Ctmk obtain terminal master key TMK and terminal master key TMK is stored in to code keypad.

9. terminal master key TMK secure download system according to claim 8, it is characterized in that, the certificate preset module at described CA center comprises operating terminal digital certificate Crt_optm generation module, MTMS system digits certificate Crt_mtms generation module and KMS system digits certificate Crt_kms generation module;

The digital certificate Crt_optm generation module of described operating terminal generates public private key pair Pu and Pr for call operation terminal, use root certificate corresponding private key to sign to PKI Pu and operating terminal identification information, generating digital certificate Crt_optm for the digital certificate Crt_optm of generation is sent and be stored in operating terminal;

The digital certificate Crt_mtms generation module of described MTMS system is used for calling the first hardware encipher machine and produces public private key pair Pr_mtms and Pu_mtms, use root certificate corresponding private key to sign to PKI Pu_mtms and MTMS system identification information, generating digital certificate Crt_mtms for the Crt_mtms of generation is sent and be stored in MTMS system;

Described KMS system digits certificate Crt_kms generation module is used for calling the second hardware encipher machine and produces public private key pair Pr_kms and Pu_kms, use root certificate corresponding private key to sign to PKI Pu_kms and KMS system identification information, generating digital certificate Crt_kms for Crt_kms is sent and be stored in KMS system.

10. terminal master key TMK secure download system according to claim 8, is characterized in that, described operating terminal also includes operator's card and keeper's card;

The certificate preset module at described CA center also for generation of operator, blocks certificate and keeper blocks certificate, and for operator being blocked to certificate storage in operator card and keeper being blocked to certificate storage in control card;

Described operator card and keeper's card be for read operator's card and the keeper's card being inserted on operating terminal when operating terminal, and when operator's certificate and administrator certificate being carried out legitimacy authentication and passed through by CA center, mandate operates operating terminal.

11. terminal master key TMK secure download systems according to claim 10, it is characterized in that, the upper transmission module of described the 2nd TK also comprises packaged unit, and described packaged unit is for packing and use operator to block and sign the first transmission security key ciphertext Ctk_Pu receiving and terminal serial number SN;

The upper transmission module of the 3rd TK of described MTMS system also comprises verification unit, described verification unit is for when receiving the first transmission security key ciphertext Ctk_Pu that described TK collecting unit transmits and terminal serial number SN, the legitimacy of the signature of packaged unit described in verification, and for when described check is legal, by terminal serial number SN associated with the first transmission security key ciphertext Ctk_Pu be stored in the database of MTMS system.

12. terminal master key TMK secure download systems according to claim 9, it is characterized in that, described two-way authentication A module comprises the first random number generation unit, the first data transmit-receive unit, the first encryption/decryption element and the first judging unit, and described two-way authentication B module comprises the second random number generation unit, the second data transmit-receive unit, the second encryption/decryption element and the second judging unit;

The first random number generation unit is for generation of the first random number R nd1; The first data transmit-receive unit is for being sent to KMS system by the first random number R nd1 producing; The second data transmit-receive unit is used for receiving the first random number R nd1; The second random number generation unit, for when receiving the first random number R nd1, produces random number the 2nd Rnd2; The second encryption/decryption element is for when receiving the first random number R nd1, and the second hardware encipher machine that calls uses certified transmission key A UK to encrypt the first random number R nd1 and obtains the first random number ciphertext Crnd1; The second data transmit-receive unit is for sending to payment terminal by the first random number ciphertext Crnd1 and the second random number R nd2;

The first encryption/decryption element is for when receiving the first random number ciphertext Crnd1 and the second random number R nd2, and the first random number ciphertext Crnd1 that uses certified transmission key A UK deciphering to receive obtains the 3rd random number R nd1 '; The first judging unit is used for judging that whether the 3rd random number R nd1 ' is consistent with the first random number R nd1;

The first encryption/decryption element is for judging that when described the first judging unit the 3rd random number R nd1 ' is with the first random number R nd1 when consistent, and use certified transmission key A UK encrypts the second random number R nd2 and generates the second random number ciphertext Crnd2; The first data transmit-receive unit is for sending to KMS system by the second random number ciphertext Crnd2;

The second encryption/decryption element is for when receiving the second random number ciphertext Crnd2, the second random number ciphertext Crnd2 that the second hardware encipher machine that calls uses certified transmission key A UK deciphering to receive obtains the 4th random number R nd2 ', the second judging unit is used for judging that whether the 4th random number R nd2 ' is consistent with the second random number R nd2, and when judging that the 4th random number R nd2 ' is with the second random number R nd2 when consistent, the two-way authentication between confirmation KMS system and payment terminal is passed through.

Terminal master key TMK secure download system described in 13. according to Claim 8 to 12, is characterized in that, described payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.