CN103746800B - TMK (terminal master key) safe downloading method and system - Google Patents

TMK (terminal master key) safe downloading method and system Download PDF

Info

Publication number
CN103746800B
CN103746800B CN201310740537.7A CN201310740537A CN103746800B CN 103746800 B CN103746800 B CN 103746800B CN 201310740537 A CN201310740537 A CN 201310740537A CN 103746800 B CN103746800 B CN 103746800B
Authority
CN
China
Prior art keywords
key
terminal
mtms
kms
systems
Prior art date
Application number
CN201310740537.7A
Other languages
Chinese (zh)
Other versions
CN103746800A (en
Inventor
洪逸轩
苏文龙
孟陆强
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN2013100846538A priority Critical patent/CN103237005A/en
Priority to CN2013100846716A priority patent/CN103220270A/en
Priority to CN201310084673.5 priority
Priority to CN2013100846735A priority patent/CN103220271A/en
Priority to CN2013100843972 priority
Priority to CN201310084653.8 priority
Priority to CN2013100846735 priority
Priority to CN2013100843972A priority patent/CN103237004A/en
Priority to CN2013100846716 priority
Priority to CN2013100846538 priority
Priority to CN201310084671.6 priority
Priority to CN201310084397.2 priority
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to CN201310740537.7A priority patent/CN103746800B/en
Publication of CN103746800A publication Critical patent/CN103746800A/en
Application granted granted Critical
Publication of CN103746800B publication Critical patent/CN103746800B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Abstract

The invention discloses a TMK (terminal master key) safe downloading method and a TMK safe downloading system. Through adopting a method for remotely downloading TMK, the distribution and arrangement of a payment terminal to a commercial tenant after the integrated downloading of the TMK is avoided, and the logistics cost and the integrated downloading maintenance cost are reduced. The method for remotely downloading TMK realizes the encryption protection on the TMK through uploading a TK (transmission key), in addition, the ciphertext transmission is adopted in the whole process, great convenience is brought to the collection, management and uploading of the TK through an operation terminal and an MTMS (material tracking management system), in order to ensure the legal identities of the operation terminal, the MTMS and a KMS (key management system), the identities of the two parties can be transmitted through the CA (certificate authority) center for authentication, and the accurate receiving and sending of the ciphertext are ensured. The two-way authentication between the two parities is also carried out between transmission master keys between the payment terminal and the KMS, and the downloading security of the master key is further improved.

Description

A kind of terminal master key TMK safety downloading method and systems

Technical field

The present invention relates to pay field by mails, more particularly to a kind of terminal master key TMK safety downloading method and systems.

Background technology

Bank card(BANK Card)Increasingly popularize as the means of payment, common bank card paying system includes sale Point terminal(Point Of Sale, POS), POS receive single system(POSP), code keypad(PIN PAD)With hardware encryption equipment (Hardware and Security Module, HSM).Wherein POS terminal can receive bank card information, with communication work( Can, and receive the instruction of teller and complete financial transaction information and the equipment for exchanging for information about;POS receives single system to POS terminal Managed concentratedly, including parameter is downloaded, key is downloaded, and receives, processes or forward the transaction request of POS terminal, and to POS ends End loopback transaction results information, is the system of centralized management and trading processing;Code keypad(PIN PAD)It is that various finance are handed over Easily related key carries out safe storage protection, and the safety equipment that protection is encrypted to PIN;Hardware encryption equipment(HSM) It is the peripheral hardware devices that transmission data is encrypted, for the encryption and decryption of PIN, checking message and document source just True property and storage key.Personal identification code(Personal Identification Number, PIN), i.e. personal identification number is The data message of holder's identity legitimacy is recognized in on-line transaction, any link does not permit in cyber-net system Perhaps occur in clear text manner;Terminal master key(Terminal Master Key, TMK), it is close to working when POS terminal works The master key that key is encrypted, encrypting storing is in system database;POS terminal is widely used in bank card and pays occasion, than Such as manufacturer's shopping, hotel accommodations, are a kind of indispensable modernization means of payment, have incorporated the various fields of people's life Close.Bank card, particularly debit card, are typically all provided with PIN by holder, and in payment process is carried out, POS terminal is except upper Send outside the data such as the magnetic track information of bank card, also want holder input PIN that the identity legitimacy of holder is verified for issuing bank, Guarantee bank card safety of payment, protect the property safety of holder.In order to prevent PIN reveal or be cracked, it is desirable to from terminal to In the whole information interactive process of issuing bank, whole process carries out safe encipherment protection to PIN, not in computer network system Any link, PIN occurs in clear text manner, therefore the POS terminal of the PIN of acceptance input at present requires outfit key management body System.

The key code system of POS terminal is divided into two grades:Terminal master key(TMK)And working key(WK).Wherein TMK in WK more During new, protection is encrypted to WK.Unique TMK is shared between every POS terminal and POS, it is necessary to have safeguard protection, Ensure can only write device and participate in calculate, it is impossible to read;TMK is a very crucial root key, if TMK is intercepted, work Make key to be just easier to be cracked, will seriously threaten bank card safety of payment.So TMK can be safely downloaded to POS terminal, Become the key of whole POS terminal safety.

To take precautions against terminal master key TMK disclosure risks, the download of terminal master key TMK must control the pipe in acquirer The safe machine room at reason center is carried out, therefore must pass through artificial concentration POS terminal, and download terminal master key.So as to bring dimension Shield central machine room workload is big;Equipment needs to transport to the safe machine room download key of administrative center after dispatching from the factory can just be deployed to business Family, cost of transportation rises;In order to concentrate lower dress terminal master key, substantial amounts of staff and working time are needed, maintenance cost is big, dimension The problems such as shield cycle is long.

It is similar to POS terminal, ATM terminal, the intellective IC card, the mobile phone terminal with payment function that use for payment It is required for being concentrated and download terminal master key by artificial etc. payment terminal, equally exists cost of transportation height, concentrates lower dress terminal Master key needs substantial amounts of staff and working time, the problems such as maintenance cost is big, maintenance period is long.

The content of the invention

To solve above-mentioned technical problem, one aspect of the present invention is:

A kind of terminal master key TMK method for safely downloading, including step:S1, MTMS system will be reached under public key Pu_mtms The flow process of payment terminal;S2, payment terminal are using public key Pu_mtms encrypted transmissions cipher key T K and are uploaded to the flow process of KMS systems; The flow process of the master key TMK that S3, payment terminal are encrypted from KMS system downloads through transmission cipher key T K;Wherein, step S1 is specifically walked Suddenly include:The operation terminal digital certificate Crt_optm that S11, operation terminal preset CA are centrally generated, in MTMS system intialization CA MTMS system digits certificate Crt_mtms, the KMS system digits certificate Crt_ that KMS system intialization CA are centrally generated that the heart is generated kms;S12, MTMS system calls the first hardware encryption equipment, KMS systems to call the second hardware encryption equipment, adds in the first hardware respectively By MTMS System Privileges component and KMS System Privileges component synthesis protection key PK and MAC in close machine and the second hardware encryption equipment Key MAK, and the protection key PK and MAC key MAK is stored in in the lump the first hardware encryption equipment and the second hardware adds In close machine;S13, operation terminal and MTMS systems carry out two-way authentication by CA centers;After S14, certification pass through, MTMS systems will Public key Pu_mtms sends to payment terminal and is stored in code keypad by operating terminal;Step S2 concrete steps include: S21, payment terminal call code keypad to produce transmission cipher key T K, and transmission cipher key T K includes transmission encryption key TEK and biography Defeated certification key A UK;S22, payment terminal are called code keypad to use public key Pu_mtms encrypted transmissions cipher key T K to generate first and are passed Defeated key ciphertext Ctk_Pu;S23, operation terminal send the first transmission key ciphertext Ctk_Pu and terminal serial number SN to MTMS System;S24, when receive KMS transmission TK obtain request when, MTMS systems call the first hardware encryption equipment use private key Pr_ Mtms decryption first transmits key ciphertext Ctk_Pu and obtains transmission cipher key T K, then using protection key PK encrypted transmission cipher key Ts K Ciphertext TK is obtained, using MAC keys MAK the MAC value of ciphertext TK is calculated, the MAC value of ciphertext TK and ciphertext TK is merged and generates the Two transmission key ciphertexts Ctk_pk;S25, MTMS system and KMS systems carry out two-way authentication by CA centers;S26, certification pass through Afterwards, terminal serial number SN and the second transmission key ciphertext Ctk_pk are sent to KMS systems by MTMS systems;S3 concrete steps bags Include:S31, payment terminal send terminal serial number SN and download master key application to KMS systems;S32, KMS system is received Terminal serial number SN and download after master key application that payment terminal sends, inquire about the second transmission corresponding with terminal serial number SN Key ciphertext Ctk_pk;S33, KMS system calls second transmission of the second hardware encryption equipment using MAC keys MAK to inquiring Key ciphertext Ctk_pk verifies MAC legitimacies, if verification passes through, using protection key PK decryption second key ciphertext is transmitted Ctk_pk obtains transmission cipher key T K and stores it in the second hardware encryption equipment;S34, KMS system obtains transmission key The second hardware encryption equipment is called to carry out two-way authentication using certification key A UK and payment terminal after TK;If S35, certification pass through, KMS systems call the second hardware encryption equipment to generate master key ciphertext using transmission encryption key TEK ciphering terminal master keys TMK Ctmk simultaneously sends master key ciphertext Ctmk to payment terminal;S36, payment terminal call code keypad to use transmission encryption key TEK decryption master key ciphertexts Ctmk obtain terminal master key TMK and terminal master key TMK are stored in code keypad.

Another technical solution used in the present invention is:

A kind of safe download system of terminal master key TMK, including the first hardware encryption equipment, the second hardware encryption equipment, pay Terminal, operation terminal, MTMS systems, CA centers and KMS systems;The payment terminal includes transmission module on a TK, TMK requests Module, two-way authentication A modules, TMK receiver modules, the operation terminal includes transmission module on the 2nd TK, the MTMS systems bag Transmission module on arranging key A modules, public key sending module, TK ask respond modules, the 3rd TK is included, the KMS systems include association Business's key B modules, TMK ask respond modules, two-way authentication B modules, TMK sending modules, the CA centers include that certificate is preset Module, ca authentication module;The operation terminal digital certificate Crt_optm that certificate preset module is used to be centrally generated CA is preset in Operation terminal, the MTMS system digits certificate Crt_mtms that CA is centrally generated are preset in MTMS systems, CA are centrally generated KMS system digits certificate Crt_kms are preset in KMS systems;Arranging key A modules and arranging key B modules are used to call first Hardware encryption equipment and the second hardware encryption equipment, respectively weigh MTMS systems in the first hardware encryption equipment and the second hardware encryption equipment Limit component and KMS System Privileges component synthesis protection key PK and MAC key MAK, and protection the key PK and MAC is close Key MAK is stored in the lump in the first hardware encryption equipment and the second hardware encryption equipment;Ca authentication module be used for operate terminal with MTMS systems carry out two-way authentication by CA centers;Public key sending module is used for after ca authentication certification passes through, by public key Pu_ Mtms sends to payment terminal and is stored in code keypad by operating terminal;Transmission module is used to call cryptographic key on first TK Disk produces transmission cipher key T K, and transmission cipher key T K includes transmission encryption key TEK and certified transmission key A UK;On first TK Transmission module is used to call code keypad to use public key Pu_mtms encrypted transmissions cipher key T K to generate the first transmission key ciphertext Ctk_ Pu;Transmission module is used to the first transmission key ciphertext Ctk_Pu and terminal serial number SN are sent to MTMS systems on 2nd TK;TK Ask respond module is used for when the TK for receiving the transmission of KMS systems obtains request, calls the first hardware encryption equipment to use private key Pr_mtms decryption first transmits key ciphertext Ctk_Pu and obtains transmission cipher key T K, for close using protection key PK encrypted transmissions Key TK obtains ciphertext TK, and for calculating the MAC value of ciphertext TK using MAC keys MAK, and for by ciphertext TK and ciphertext TK MAC value merge generate second transmit key ciphertext Ctk_pk;Ca authentication module is additionally operable to MTMS systems and passes through CA with KMS systems Center carries out two-way authentication;Transmission module is used for after MTMS systems and KMS system authentications pass through, by terminal serial number on 3rd TK The transmission of SN and second key ciphertext Ctk_pk is sent to KMS systems;TMK request modules are used for terminal serial number SN and download master Key application is sent to KMS systems;TMK ask respond modules are used for when KMS systems receive the terminal sequence of payment terminal transmission After row number SN and download master key application, the second transmission key ciphertext Ctk_pk corresponding with terminal serial number SN is inquired about;TMK please Respond module is asked to be additionally operable to call the second hardware encryption equipment to transmit key ciphertext to inquire second using MAC keys MAK Ctk_pk verifies MAC legitimacies, and for after the verification passes through, transmitting key using protection key PK decryption second close Literary Ctk_pk obtains transmission cipher key T K and stores it in the second hardware encryption equipment;Two-way authentication A modules and two-way recognize Card B modules are used for after KMS systems obtain transmission cipher key T K, call the second hardware encryption equipment to use certification key A UK and pay Terminal carries out two-way authentication;TMK sending modules are used for after KMS systems and payment terminal two-way authentication pass through, and call second hard Part encryption equipment generates master key ciphertext Ctmk and by master key ciphertext using transmission encryption key TEK ciphering terminal master keys TMK Ctmk is sent to payment terminal;TMK receiver modules are used to call code keypad close using transmission encryption key TEK decryption master keys Literary Ctmk obtains terminal master key TMK and terminal master key TMK is stored in code keypad.

Beneficial effects of the present invention are:By payment terminal upload transfers cipher key T K, after TK ciphering terminal master key TMK Payment terminal is sent to, realizes payment terminal remote download terminal master key, it is to avoid to download master close by concentrating for payment terminal Again cloth is put into trade company after key, reduces logistics cost and KMS systems concentrate the maintenance cost downloaded, wherein, remote download master is close Key TMK overall processes are all transmitted using ciphertext, to be transmitted between payment terminal and KMS and also carried out the two-way of both sides between master key Certification, improves the transmission safety of master key.Further, in the present embodiment by operating terminal realization transmission cipher key T K Collection and upload, improve terminal and upload the time efficiency of TK, while also greatly facilitate different type and model paying eventually The collection and upload of end transmission cipher key T K.The collection and upload for transmitting cipher key T K by operation terminal control payment terminal makes payment end End is responsible for producing and transmitting the hardware resource of cipher key T K part and is released, and the hardware resource for enabling payment terminal is more closed The optimization of reason is used.Further, the various payment terminals to different geographical point plant produced can be realized by MTMS systems Transmission cipher key T K carry out unifying to store and concentrate to be sent to corresponding KMS systems, it is to avoid the scattered upload transfers of payment terminal Mistake and the work load to KMS systems that cipher key T K is likely to result in.Further, during transmission cipher key T K is transmitted Authentication is carried out to the receiving-transmitting sides of transmission data by CA centers, it is ensured that operation terminal, MTMS systems and KMS systems are conjunction Method identity, it is ensured that ciphertext will not be stolen by pseudo-terminal.

Description of the drawings

Fig. 1 is a kind of structured flowchart of the safe download system of terminal master key TMK in an embodiment of the present invention;

Fig. 2 is the structured flowchart of two-way authentication A modules in Fig. 1;

Fig. 3 is the structured flowchart of two-way authentication B modules in Fig. 1;

Fig. 4 is a kind of method flow diagram of terminal master key TMK method for safely downloading in an embodiment of the present invention;

Fig. 5 is the particular flow sheet of step S1 in Fig. 4;

Fig. 6 is the particular flow sheet of step S2 in Fig. 4;

Fig. 7 is the particular flow sheet of step S3 in Fig. 4.

Main element symbol description:

10:Payment terminal;20:Operation terminal;30:KMS systems;40:MTMS systems;50:CA centers;60:First hardware Encryption equipment;70:Second hardware encryption equipment;101:Transmission module on first TK;102:TMK request modules;103:Two-way authentication A moulds Block;104:TMK receiver modules;201:Transmission module on 2nd TK;301:Arranging key B modules;302:TMK sending modules;303: TMK ask respond modules;304:Two-way authentication B modules;401:Arranging key A modules;402:TK ask respond modules;403:It is public Key sending module;404:Transmission module on 3rd TK;501:Certificate preset module;502:Ca authentication module;1031:First random number Generation unit;1032:First data transceiving unit;1033:First encryption/decryption element;1034:First judging unit;3041:The Two random number generation units;3042:Second data transceiving unit;3043:Second encryption/decryption element;3044:Second judging unit.

Specific embodiment

To describe technology contents of the invention, structural features in detail, purpose and effect being realized, below in conjunction with embodiment And coordinate accompanying drawing to be explained in detail.

First, abbreviation according to the present invention and Key Term are defined and are illustrated:

AUK:The abbreviation of Authentication Key, authentication authorization and accounting key, for PINPAD and key management system KMS it Between two-way authentication;

CA centers:So-called CA(Certificate Authority)Center, it is to adopt PKI(Public Key Infrastructure)Public key infrastructure technology, it is special that network ID authentication service is provided, it is responsible for signing and issuing and managing number Word certificate, and with third party's trust authority of authoritative and fairness, card is issued in acting like for it in our actual lives The company of part, such as passport handle mechanism;

HSM:The abbreviation of High Security Machine, high safety equipment is within the system hardware encryption equipment;

KMS systems:Key Management System, key management system, for management terminal master key TMK;

MAK:The abbreviation of Mac Key, i.e. MAC computation keys, consult to determine 24 byte symmetric keys, for MTMS with client The MAC value of TK is calculated between system and KMS systems;

MTMS:Full name Material Tracking Management System, Tracing Material management system mainly exists Use during plant produced;

PIK:The abbreviation of Pin Key, i.e. Pin encryption keys, are one kind of working key;

PINPAD:Code keypad;

PK:The abbreviation of Protect Key, that is, protect key, consults to determine with client, 24 byte symmetric keys.For The encrypted transmission of TK between MTMS/TCS and KMS;

POS:The abbreviation of Point Of Sale, i.e. point-of-sale terminal

SNpinpad:The serial number of code keypad, it is consistent with POS terminal serial number SNpos when PINPAD is built-in;

SN:The serial number of payment terminal;

TEK:The abbreviation of Transmission Encrypt Key, that is, transmit encryption key, and 24 byte symmetric keys are used for The encrypted transmission of TMK between PINPAD and key management system KMS;

TK:The abbreviation of Transmission Key, that is, transmit key.Transmission key is by transmission encryption key TEK and double To certification key A UK composition;

TMS:The abbreviation of Terminal Management System, i.e. terminal management system, for completing payment terminal The function such as information management, software and parameter configuration, remote download, the management of terminal running state information, remote diagnosis;

TMK:The abbreviation of Terminal Master Key, i.e. terminal master key, for payment terminal and payment single system is received Between working key encrypted transmission;

Safe house:With higher security level not, for the room of service device, the room needs ability after authentication Enter.

Intellective IC card:For CPU card, the integrated circuit in card includes central processor CPU, programmable read only memory EEPROM, random access memory ram and card internal operating system COS (the Chip Operating being solidificated in read only memory ROM System), data are divided into outside reading and inter-process part in card.

Symmetric key:Sending and receiving the both sides of data must encrypt and decrypt fortune using identical key to plaintext Calculate.Symmetric key encryption algorithm mainly includes:DES, 3DES, IDEA, FEAL, BLOWFISH etc..

Unsymmetrical key:Rivest, shamir, adelman needs two keys:Public-key cryptography(Private key Public key)With it is privately owned Key(Public key Private key).Public-key cryptography and private cipher key are a pair, if be encrypted to data with public-key cryptography, Only could be decrypted with corresponding private cipher key;If be encrypted with private cipher key pair data, then only use corresponding public affairs Opening key could decrypt.Because encryption uses two different keys, this algorithm to be called asymmetric adding with decryption Close algorithm.Rivest, shamir, adelman realizes that the basic process that confidential information is exchanged is:Party A generates a pair of secret keys and will be therein One open to other sides as Public key;The Party B for obtaining the Public key is encrypted using the key to confidential information After be then forwarded to Party A;Party A is decrypted private key to the information after encryption again with oneself the another of preservation.Party A can Party B is then forwarded to after being encrypted to confidential information with the public key using Party B;Party B again with the private spoon of oneself to encryption after Information is decrypted.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(Elliptic curve encryption algorithm).

RSA:A kind of asymmetric key algorithm.RSA public key encryption algorithms are 1977 by Ron Rivest, Adi Shamirh and Len Adleman exist(Massachusetts Institute Technology)Exploitation.RSA is named from the name for developing their threes. RSA is current most influential public key encryption algorithm, and it can resist up to the present known all cryptographic attacks, by ISO is recommended as public key data encryption standard.RSA Algorithm is true based on a foolproof number theory:Two Big primes are multiplied It is very easy.RSA Algorithm is first and can be also easy to understand and operate while be used for the algorithm of encrypted and digitally signed.RSA is Be studied widest public key algorithm, from three ten years till now are proposed, experienced the test of various attacks, gradually for People receive, and are widely considered to be one of current classic public key scheme.

TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is based on the encryption of DES Algorithm, its key is 16 bytes or 24 bytes.TDES/3DES is the abbreviated expression of English TripleDES(I.e. triple data encryption marks It is accurate), DES is then English Data Encryption Standard(Number encryption standard)Abbreviated expression.DES is that a kind of symmetric key adds Close algorithm, i.e. data encryption key and decruption key identical AES.DES is developed by IBM Corporation in 20 century 70s And it is open, it is subsequently U.S. government's employing, and recognized by NBS and ANSI (ANSI). TDES/3DES is a kind of pattern of des encryption algorithm, and it carries out Tertiary infilling using the data key of 3 64.It is DES A safer deformation.

2nd, technical scheme is described in detail as follows:

To solve technical problem present in background technology, the present invention adopts a kind of new master key download scenarios, passes through Payment terminal randomly generates TK(Transmission Key, transmit key), the TK after generation is stored in into the close of payment terminal In code key disk, and TK is sent to into KMS by transmission means required under various application scenarios(Key Management System, key management system, for management terminal master key TMK)In.

As payment terminal application download terminal master key TMK, KMS systems use TK ciphering terminal master key TMK, and will Terminal master key ciphertext after encryption is sent to payment terminal, and payment terminal is decrypted with TK after receiving to master key ciphertext, Terminal master key TMK is obtained, and terminal master key TMK is stored in code keypad.

Thus, by TK ciphering terminal master key TMK, enabling TMK to carry out remote transmission, facilitate the safety download of TMK.

In some scenarios, the TK for being produced using operation terminal collection payment terminal, and be responsible for passing TK by operation terminal It is defeated by MTMS systems(Material Tracking Management System, Tracing Material system, mainly in plant produced Used in), TK is managed by MTMS systematic unities, and TK is sent to into corresponding KMS systems.Adopt the operation terminal collection TK can be with Facilitate the acquisition operations of TK(Can realize that a key is gathered)With the rights management of TK collections;Can facilitate right using MTMS systems TK is managed collectively, and the data search of payment terminal and download, can realize pressing by MTMS systems during convenient after-sales service later Single bulk transfer TK of production, facilitates the transfer management of TK, prevents TK from misinformating to wrong object.

TMK is encrypted above by sending to bank end after payment terminal collection transmission cipher key T K, then by paying Terminal remote downloads the method for the TMK Jing after TK encryptions and can realize the remote download of TMK.But, upload in TK and TMK downloaded During be related to more terminal and system, therefore easily there is pseudo-terminal and steal TMK.Safety is downloaded in order to improve TMK, is needed Want a kind of method of the terminal master key TMK safety downloads that can conveniently verify each terminal and system identity.

Just the technical scheme of the problems referred to above is overcome to be described in detail the present invention below.The theory of the present invention is described TK and TMK course of conveying is by CA centers(Certificate Authority, certificate authority, using Public Key Infrastructure public key infrastructure technologies, it is special that network ID authentication service is provided, it is responsible for signing and issuing and managing number Word certificate, and with third party's trust authority of authoritative and fairness)Differentiate operation terminal, MTMS systems and KMS systems Identity, prevents pseudo-terminal and puppet KMS systems from stealing TK by introducing CA centers.

Fig. 1 is referred to, is a kind of structural frames of the safe download system of terminal master key TMK in an embodiment of the present invention Figure, the safe download systems of terminal master key TMK include the first hardware encryption equipment 50, the second hardware encryption equipment 60, payment terminal 10th, terminal 20, MTMS systems 40, CA centers 50 and KMS systems 30 are operated;The payment terminal 10 includes transmission module on a TK 101st, TMK request modules 102, two-way authentication A modules 103, TMK receiver modules 104, the operation terminal 20 is included on the 2nd TK Transmission module 201, the MTMS systems 40 include arranging key A modules 401, public key sending module 403, TK ask respond modules 402nd, transmission module 404 on the 3rd TK, the KMS systems 30 include arranging key B modules 301, TMK ask respond modules 303, double To certification B modules 304, TMK sending modules 302, the CA centers 50 include certificate preset module 501, ca authentication module 502.

The operation terminal digital certificate Crt_optm that certificate preset module 501 is used to generate at CA centers 50 is preset in operation Terminal 20, the MTMS system digits certificate Crt_mtms that CA centers 50 are generated are preset in MTMS systems 40, and CA centers 50 are given birth to Into KMS system digits certificate Crt_kms be preset in KMS systems 30;

Arranging key A modules 401 and arranging key B modules 301 are used to call the first hardware encryption equipment 60 and the second hardware Encryption equipment 70, respectively by the authority component of MTMS systems 40 and KMS in the first hardware encryption equipment 60 and the second hardware encryption equipment 70 The authority component of system 30 synthesis protection key PK and MAC key MAK, and by the protection key PK and MAC key MAK in the lump In being stored in the first hardware encryption equipment 60 and the second hardware encryption equipment 70;

Ca authentication module 50 is used for operating terminal 20 and MTMS systems 40 to carry out two-way authentication by CA centers 50;

Public key sending module 403 is used for after ca authentication certification passes through, and public key Pu_mtms is sent by operation terminal 20 To payment terminal 10 and it is stored in code keypad;

Transmission module 101 is used to call code keypad to produce transmission cipher key T K on first TK, and transmission cipher key T K includes passing Defeated encryption key TEK and certified transmission key A UK;

Transmission module 101 is used to call code keypad to use public key Pu_mtms encrypted transmissions cipher key T K to generate the on first TK One transmission key ciphertext Ctk_Pu;

Transmission module 201 is used to the first transmission key ciphertext Ctk_Pu and terminal serial number SN are sent to MTMS on 2nd TK System 40;

TK ask respond modules 402 are used for when the TK for receiving the transmission of KMS systems 30 obtains request, call the first hardware Encryption equipment 60 transmits key ciphertext Ctk_Pu and obtains transmission cipher key T K using private key Pr_mtms decryption first, for using protection Key PK encrypted transmissions cipher key T K obtains ciphertext TK, and for calculating the MAC value of ciphertext TK using MAC keys MAK, and be used for The MAC value of ciphertext TK and ciphertext TK is merged and generates the second transmission key ciphertext Ctk_pk;

Ca authentication module 502 is additionally operable to MTMS systems 40 and carries out two-way authentication by CA centers 50 with KMS systems;

Transmission module 404 is used for after MTMS systems 40 and the certification of KMS systems 30 pass through, by terminal serial number SN on 3rd TK KMS systems 30 are sent to the second transmission key ciphertext Ctk_pk;

TMK request modules 102 are used to terminal serial number SN and download master key application are sent to KMS systems 30;

TMK ask respond modules 303 be used for when KMS systems 30 receive payment terminal 10 transmission terminal serial number SN and After downloading master key application, the second transmission key ciphertext Ctk_pk corresponding with terminal serial number SN is inquired about;

TMK ask respond modules 303 are additionally operable to call the second hardware encryption equipment 70 using MAC keys MAK to inquiring Second transmission key ciphertext Ctk_pk verification MAC legitimacies, and for after the verification passes through, using protection key PK solutions Close second transmission key ciphertext Ctk_pk obtains transmission cipher key T K and stores it in the second hardware encryption equipment 70;

Two-way authentication A modules 103 and two-way authentication B modules 304 are used for after KMS systems 30 obtain transmission cipher key T K, adjust Two-way authentication is carried out with the second hardware encryption equipment 60 using certification key A UK and payment terminal;

TMK sending modules 302 are used for after KMS systems 30 and the two-way authentication of payment terminal 10 pass through, and call the second hardware Encryption equipment 70 generates master key ciphertext Ctmk and by master key ciphertext using transmission encryption key TEK ciphering terminal master keys TMK Ctmk is sent to payment terminal 10;

TMK receiver modules 104 are used to call code keypad to obtain using transmission encryption key TEK decryption master key ciphertext Ctmk Obtain terminal master key TMK and terminal master key TMK is stored in code keypad.

Wherein, the certificate preset module at the CA centers 50 include operation terminal digital certificate Crt_optm generation modules, MTMS system digits certificate Crt_mtms generation modules and KMS system digits certificate Crt_kms generation modules.

The digital certificate Crt_optm generation modules of the operation terminal 10 are used for call operation terminal and generate public private key pair Pu and Pr, is signed using root certificate corresponding private key to public key Pu and operation terminal identification information, generates digital certificate Crt_ Optm is simultaneously operated in terminal 20 for sending and being stored in the digital certificate Crt_optm of generation;

The digital certificate Crt_mtms generation modules of the MTMS systems 40 are used to call the first hardware encryption equipment 60 to produce Public private key pair Pr_mtms and Pu_mtms, are entered using root certificate corresponding private key to public key Pu_mtms and MTMS system identification information Row signature, generates digital certificate Crt_mtms and for sending and being stored in MTMS systems 40 Crt_mtms of generation;

The digital certificate Crt_kms generation modules of the KMS systems 30 are public and private for calling the second hardware encryption equipment 70 to produce Key is signed using root certificate corresponding private key to Pr_kms and Pu_kms to public key Pu_kms and KMS system identification information, raw Into digital certificate Crt_kms and for sending and being stored in KMS systems 30 Crt_kms.

Wherein, the operation terminal 20 also includes operator's card and manager's card;The certificate at the CA centers 50 is preset Module 501 is additionally operable to produce operator's card certificate and manager's card certificate, and for operator's card certificate to be stored in into operator It is stored in management card in card and by manager's card certificate;

Operator's card and manager block the operator's card for being inserted in operation terminal when operation terminal reading and manage Reason person blocks, and when carrying out legitimacy certification to operator's certificate and administrator certificate by CA centers 50 and passing through, authorizes to operation eventually End 20 is operated.

Wherein, transmission module 201 also includes packaged unit on the 2nd TK, the packaged unit be used for receive the One transmission key ciphertext Ctk_Pu and terminal serial number SN are packed and are signed using operator's card;

Transmission module 404 also includes verification unit on 3rd TK of the MTMS systems 40, and the verification unit connects for working as When receiving first transmission key ciphertext Ctk_Pu and terminal serial number SN of the TK collecting units transmission, the pack slip is verified The legitimacy of the signature of unit, and for when the inspection is legal, by terminal serial number SN and the first transmission key ciphertext Ctk_Pu is associatedly stored in the data base of MTMS systems.

Wherein, Fig. 2 is referred to, is the structured flowchart of two-way authentication A modules in Fig. 1, the two-way authentication A modules 103 are wrapped Include the first random number generation unit 1031, the first data transceiving unit 1032, the first encryption/decryption element 1033, the first judging unit 1034, Fig. 3 is referred to, it is the structured flowchart of two-way authentication B modules in Fig. 1, the two-way authentication B modules include the second random number Generation unit 3041, the second data transceiving unit 3042, the second encryption/decryption element 3043, the second judging unit 3044.

First random number generation unit 1031 is used to produce the first random number R nd1;First data transceiving unit 1032 is used for The first random number R nd1 for producing is sent to KMS systems 30;Second data transceiving unit 3042 is used to receive the first random number Rnd1;Second random number generation unit 3041 is used to, when the first random number R nd1 is received, produce the Rnd2 of random number the 2nd;The Two encryption/decryption elements 3043 are used to, when the first random number R nd1 is received, call the second hardware encryption equipment 70 to use certified transmission Key A UK is encrypted the first random number R nd1 and obtains the first random number ciphertext Crnd1;Second data transceiving unit 3042 is used for the One random number ciphertext Crnd1 and the second random number R nd2 are sent to payment terminal 10;

First encryption/decryption element 1033 is used for when the first random number ciphertext Crnd1 and the second random number R nd2 is received, The first random number ciphertext Crnd1 received using the decryption of certified transmission key A UK obtains the 3rd random number R nd1 ';First sentences Disconnected unit is used to judge the 3rd random number R nd1 ' it is whether consistent with the first random number R nd1;

First encryption/decryption element 1033 is used for when first judging unit judges the 3rd random number R nd1 ' it is random with first When number Rnd1 is consistent, encrypts the second random number R nd2 using certified transmission key A UK and generate the second random number ciphertext Crnd2;The One data transceiving unit is used to for the second random number ciphertext Crnd2 to be sent to KMS systems 30;

Second encryption/decryption element 3043 is used to, when the second random number ciphertext Crnd2 is received, call the second hardware to encrypt Machine 70 obtains the 4th random number R nd2 using the second random number ciphertext Crnd2 that the decryption of certified transmission key A UK is received ', the Two judging units 3044 are used to judge the 4th random number R nd2 ' it is whether consistent with the second random number R nd2, and ought judgement the 4th with When machine number Rnd2 ' is consistent with the second random number R nd2, confirm that the two-way authentication between KMS systems 30 and payment terminal 10 passes through.

Wherein, the payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.

In the present embodiment, the safe download systems of the terminal master key TMK realize payment terminal 10 from KMS systems 40 Remote download terminal master key TMK.Terminal master key TMK must be transmitted in the form of ciphertext during remote download, each Payment terminal 10 generates at random transmission cipher key T K, and transmission cipher key T K is stored in code keypad, and transmission cipher key T K is sent KMS systems 40, KMS systems 40 with transmission cipher key T K ciphering terminal master key TMK after payment terminal is transferred in the form of ciphertext 10, payment terminal 10 obtains terminal master key in plain text with transmission cipher key T K decryption, so as to realize terminal master key TMK it is long-range under Carry.

Because POS, intellective IC card, mobile phone terminal and ATM terminal can be used with payment work, and it is required for Terminal master key TMK is encrypted protection to working key, therefore, the payment terminal 10 can be POS terminal, intelligent IC Card, mobile phone terminal or ATM terminal, wherein, POS terminal, intellective IC card, mobile phone terminal, ATM terminal can have it is various not Same model.

For convenience different type, transmission cipher key T K of the payment terminal of different model 10 are generated and uploaded, and are provided with behaviour Make terminal 20 and generate for controlling payment terminal 10, gather and upload transfers cipher key T K.The operation terminal 20 can be changed The POS entered, the operation terminal 20 is connected by Serial Port Line or USB line with payment terminal 10, and operation terminal 20 is provided with many It is individual to produce the function key that transmission cipher key T K, collection transmit cipher key T K and upload transfers cipher key T K for controlling payment terminal 10.When When the payment terminal 10 is intellective IC card, intellective IC card is connected by card insertion base with operation terminal 20.

In the present embodiment, the payment terminal 10 can be different types and model, different payment terminals 10 It is also likely to be to be produced by different subsidiary factories, therefore is also provided with MTMS systems 30 in the present embodiment, the MTMS systems 30 It is sent to accordingly for being managed collectively transmission cipher key T K that each payment terminal 10 of each producer is generated, and transmission cipher key T K being concentrated KMS systems 40.Because the download of the upload and terminal master key TMK of transmitting cipher key T K is all carried out by remote mode, it is Prevent from occurring pseudo-terminal in transmitting procedure to steal transmission cipher key T K or terminal master key TMK, be provided with present embodiment CA centers 50, are authenticated by CA centers 50 to the identity of data transmitting transceiver both sides.

Fig. 4 is referred to, is a kind of main flow chart of terminal master key TMK method for safely downloading in one embodiment of the invention. Terminal master key TMK method for safely downloading is applied in the safe download systems of the terminal master key TMK, and the method includes step Suddenly:

S1, MTMS system will reach the flow process of payment terminal under public key Pu_mtms;

S2, payment terminal are using public key Pu_mtms encrypted transmissions cipher key T K and are uploaded to the flow process of KMS systems;

The flow process of the master key TMK that S3, payment terminal are encrypted from KMS system downloads through transmission cipher key T K;

Fig. 5 is referred to, is step S1 concrete steps flow chart, step S1 includes:

The operation terminal digital certificate Crt_optm that S11, operation terminal preset CA are centrally generated, in MTMS system intialization CA MTMS system digits certificate Crt_mtms, the KMS system digits certificate Crt_ that KMS system intialization CA are centrally generated that the heart is generated kms;

S12, MTMS system calls the first hardware encryption equipment, KMS systems to call the second hardware encryption equipment, hard first respectively In part encryption equipment and the second hardware encryption equipment by MTMS System Privileges component and KMS System Privileges component synthesis protection key PK and MAC key MAK, and the protection key PK and MAC key MAK is stored in in the lump the first hardware encryption equipment and the second hardware In encryption equipment;

S13, operation terminal and MTMS systems carry out two-way authentication by CA centers;

After S14, certification pass through, public key Pu_mtms is sent to payment terminal and is stored by MTMS systems by operating terminal In code keypad;

Fig. 6 is referred to, is step S2 concrete steps flow chart, step S2 includes:

S21, payment terminal call code keypad to produce transmission cipher key T K, and transmission cipher key T K includes transmission encryption key TEK and certified transmission key A UK;

S22, payment terminal call code keypad to use public key Pu_mtms encrypted transmissions cipher key T K to generate first and transmit key Ciphertext Ctk_Pu;

S23, operation terminal send the first transmission key ciphertext Ctk_Pu and terminal serial number SN to MTMS systems;

S24, when receive KMS transmission TK obtain request when, MTMS systems call the first hardware encryption equipment to use private key Pr_mtms decryption first transmits key ciphertext Ctk_Pu and obtains transmission cipher key T K, then close using protection key PK encrypted transmissions Key TK obtains ciphertext TK, and using MAC keys MAK the MAC value of ciphertext TK is calculated, and the MAC value of ciphertext TK and ciphertext TK is merged into life Into the second transmission key ciphertext Ctk_pk;

S25, MTMS system and KMS systems carry out two-way authentication by CA centers;

After S26, certification pass through, MTMS systems are sent to terminal serial number SN and the second transmission key ciphertext Ctk_pk KMS systems;

Fig. 7 is referred to, is step S3 particular flow sheet, step S3 includes:

S31, payment terminal send terminal serial number SN and download master key application to KMS systems;

S32, KMS system receive payment terminal transmission terminal serial number SN and download master key application after, inquiry with Corresponding second transmission key ciphertext Ctk_pk of terminal serial number SN;

S33, KMS system calls the second hardware encryption equipment to transmit key ciphertext to inquire second using MAC keys MAK Ctk_pk verifies MAC legitimacies, if verification passes through, transmits key ciphertext Ctk_pk using protection key PK decryption second and obtains Transmission cipher key T K is simultaneously stored it in the second hardware encryption equipment;

S34, KMS system is obtained calls the second hardware encryption equipment to use certification key A UK and pay eventually after transmission cipher key T K End carries out two-way authentication;

If S35, certification pass through, KMS systems call the second hardware encryption equipment to use transmission encryption key TEK ciphering terminals Master key TMK generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;

S36, payment terminal call code keypad to obtain terminal using transmission encryption key TEK decryption master key ciphertexts Ctmk Master key TMK is simultaneously stored in terminal master key TMK in code keypad.

It is wherein, described that " the operation terminal digital certificate Crt_optm that operation terminal preset CA is centrally generated, MTMS systems are pre- Put the MTMS system digits certificate Crt_mtms that CA is centrally generated, the KMS system digits certificates that KMS system intialization CA are centrally generated Crt_kms " is specifically included:

Operation terminal generates public private key pair Pu and Pr, public key Pu and operation terminal identification information is issued into CA centers, in CA The heart is signed using root certificate corresponding private key to public key Pu and operation terminal identification information, generates digital certificate Crt_optm simultaneously The digital certificate Crt_optm of generation is sent to into operation terminal, terminal storage digital certificate Crt_optm is operated;

MTMS systems call the first hardware encryption equipment to produce public private key pair Pr_mtms and Pu_mtms, by public key Pu_mtms CA centers are issued with MTMS identification informations, CA centers are using root certificate corresponding private key to public key Pu_mtms and MTMS system banner Information is signed, and generates digital certificate Crt_mtms and the Crt_mtms of generation is sent to into MTMS systems, and MTMS systems are deposited Storage digital certificate Crt_mtms;

KMS systems call the second hardware encryption equipment to produce public private key pair Pr_kms and Pu_kms, by public key Pu_kms and KMS Identification information issues CA centers, and CA centers are carried out using root certificate corresponding private key to public key Pu_kms and KMS system identification information Signature, generates digital certificate Crt_kms and Crt_kms is sent to into KMS systems, KMS system digital certificates Crt_kms.

Wherein, the step of also including Authorized operation person's card and manager's card to operating terminal to operate, specifically include:

Public private key pair is produced respectively for operator's card and manager's card;

The public key of generation is issued into CA centers, operator's card certificate and manager's card certificate are generated respectively;

Operator's card certificate is stored in operator's card and manager's card certificate is stored in management card;

Operation terminal reads the operator's card and manager's card being inserted in operation terminal, by CA centers to operator's certificate Carry out legitimacy certification with administrator certificate, and when certification by after allow to operating terminal to operate.

It is wherein, described that " operation terminal carries out two-way authentication with MTMS systems by CA centers;After certification passes through, MTMS systems Public key Pu_mtms is sent to payment terminal and is stored in code keypad by system by operating terminal " specifically include:

MTMS systems send digital certificate Crt_mtms to operation terminal;

Operation terminal verifies the legitimacy of work certificate Crt_mtms using root certificate HsmRCRT for burning piece prepackage, and works as Public key Pu_mtms is extracted after being verified from work certificate Crt_mtms to send to payment terminal and be stored in code keypad.

It is wherein, described that " operation terminal sends the first transmission key ciphertext Ctk_Pu and terminal serial number SN to MTMS systems System " specifically includes step:

First transmission key ciphertext Ctk_Pu and terminal serial number SN are issued operation terminal by payment terminal;

The first transmission key ciphertext Ctk_Pu and terminal serial number SN that operation end-on is received is packed and is used Operator card signed, and by through signature first transmission key ciphertext Ctk_Pu and terminal serial number SN send to MTMS systems;

Elder generation's signature verification is legal when MTMS systems receive the first transmission key ciphertext Ctk_Pu and terminal serial number SN Property, if legal, terminal serial number SN and the first transmission key ciphertext Ctk_Pu are associatedly stored in into the data of MTMS systems Storehouse.

Wherein, it is described " KMS systems obtain transmission cipher key T K after call the second hardware encryption equipment use certification key A UK with Payment terminal carries out two-way authentication " specifically include:

Payment terminal produces the first random number R nd1 and the first random number R nd1 is sent to KMS systems;

KMS systems to be received and produce the second random number R nd2 after the first random number R nd1, call the second hardware encryption equipment to use Certification key A UK is encrypted the first random number R nd1 and obtains the first random number ciphertext Crnd1, by the first random number ciphertext Crnd1 and Second random number R nd2 is sent to payment terminal;

Payment terminal obtains the 3rd random number using the first random number ciphertext Crnd1 that the decryption of certification key A UK is received Rnd1 ', judges the 3rd random number R nd1 ' it is whether consistent with the first random number R nd1:

If the 3rd random number R nd1 ' it is consistent with the first random number R nd1, payment terminal uses certification key A UK encryption the Two random number Rs nd2 generate the second random number ciphertext Crnd2, and the second random number ciphertext Crnd2 is sent to into KMS systems;

KMS systems call the second random number ciphertext that the second hardware encryption equipment is received using the decryption of certification key A UK Crnd2 obtains the 4th random number R nd2 ', judge the 4th random number R nd2 ' whether consistent with the second random number R nd2;

If the 4th random number R nd2 ' it is consistent with the second random number R nd2, KMS systems pass through with payment terminal certification.

Wherein, the payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.

In the present invention, the original uncommon Kazakhstan value that TK is calculated when cipher key T K is produced is transmitted, when storing, transmit or use TK every time When first verify the uncommon Kazakhstan value of TK, TK can be just used after upchecking.Can prevent storage from setting by verifying the uncommon Kazakhstan value of TK The standby abnormal error in data for causing to store, determines whether key is correct.

Beneficial effects of the present invention are:By payment terminal upload transfers cipher key T K, after TK ciphering terminal master key TMK Payment terminal is sent to, realizes payment terminal remote download terminal master key, it is to avoid to download master close by concentrating for payment terminal Again cloth is put into trade company after key, reduces logistics cost and KMS systems concentrate the maintenance cost downloaded, wherein, remote download master is close Key TMK overall processes are all transmitted using ciphertext, to be transmitted between payment terminal and KMS and also carried out the two-way of both sides between master key Certification, improves the transmission safety of master key.Further, master key TMK of the present invention is generated by KMS systems, therefore side Just follow-up maintenance and management of the KMS systems to master key TMK.Further, in the present embodiment by operating terminal realization Transmission cipher key T K collection and upload, improve terminal upload TK time efficiency, while also greatly facilitate different type and The collection and upload of model payment terminal transmission cipher key T K.By operation terminal control payment terminal transmit cipher key T K collection and on Biography is released the hardware resource that payment terminal is responsible for producing and transmitting cipher key T K part, makes the hardware resource of payment terminal Can be used by more reasonably optimization.Further, can be realized to each of different geographical point plant produced by MTMS systems Transmission cipher key T K of kind of payment terminal carries out unifying to store and concentrate to be sent to corresponding KMS systems, it is to avoid payment terminal zero Mistake and the work load to KMS systems that scattered upload transfers cipher key T K is likely to result in.Further, pass in transmission cipher key T K Authentication is carried out to the receiving-transmitting sides of transmission data by CA centers in defeated process, it is ensured that operation terminal, MTMS systems and KMS systems are legal identity, it is ensured that ciphertext will not be stolen by pseudo-terminal.

Heretofore described operation terminal is only blocked while being inserted in operation terminal, and grasp in operator's card and manager Work person blocks and manager blocks after CA center certifications, can just carry out TK acquisition operations, therefore the operator for only specifying Transmission cipher key T K of payment terminal could be gathered in the case where manager authorizes, the operating right pipe of operation terminal is improve Reason, effectively ensure that the verity and effectiveness of operation terminal upload transfers cipher key T K.

The present invention carries out beating by operating first transmission key ciphertext Ctk_Pu and terminal serial number SN of terminal-pair collection Bag and sign, therefore it is who operator to operate generation by that can review the first transmission key ciphertext with signing messages, can be with Judge whether are the first transmission key ciphertext Ctk_Pu for uploading and terminal serial number SN according to the legitimacy for verifying the signature It is legal, strengthens the collection transfer management to transmitting cipher key T K, prevents pseudo-terminal from uploading pseudo- transmission cipher key T K.

Payment terminal of the present invention and KMS systems use certified transmission by two-way authentication A unit two-way authentication unit Bs Key A UK carries out the authentication of both sides, and KMS systems just most add at last only in the case where the authentication of both sides all passes through Terminal master key after close is sent to payment terminal.The serial number SN and certified transmission key A UK of every payment terminal is not With, certified transmission key A UK of the every payment terminal that is stored with KMS systems, thus it is two-way by two-way authentication A units Certification unit B is able to ensure that payment terminal and KMS systems both sides all using the authentication that certified transmission key A UK carries out both sides It is legal identity, it is ensured that terminal master key TMK comes to corresponding KMS systems, is both and also ensures that TMK downloads to corresponding Pay lane terminal.

Embodiments of the invention are the foregoing is only, the scope of the claims of the present invention is not thereby limited, it is every using this Equivalent structure or equivalent flow conversion that bright description and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (13)

1. a kind of terminal master key TMK method for safely downloading, it is characterised in that including step:
S1, MTMS system will reach the flow process of payment terminal under public key Pu_mtms;
S2, payment terminal are using public key Pu_mtms encrypted transmissions cipher key T K and are uploaded to the flow process of KMS systems;
The flow process of the master key TMK that S3, payment terminal are encrypted from KMS system downloads through transmission cipher key T K;
Wherein, step S1 concrete steps include:
The operation terminal digital certificate Crt_optm that S11, operation terminal preset CA are centrally generated, the life of MTMS system intialization CA centers Into MTMS system digits certificate Crt_mtms, the KMS system digits certificate Crt_kms that KMS system intialization CA are centrally generated;
S12, MTMS system calls the first hardware encryption equipment, KMS systems to call the second hardware encryption equipment, adds in the first hardware respectively By MTMS System Privileges component and KMS System Privileges component synthesis protection key PK and MAC in close machine and the second hardware encryption equipment Key MAK, and the protection key PK and MAC key MAK is stored in in the lump the first hardware encryption equipment and the second hardware adds In close machine;
S13, operation terminal and MTMS systems carry out two-way authentication by CA centers;
After S14, certification pass through, public key Pu_mtms is sent to payment terminal and is stored in close by MTMS systems by operating terminal In code key disk;
Step S2 concrete steps include:
S21, payment terminal call code keypad to produce transmission cipher key T K, and transmission cipher key T K includes transmission encryption key TEK With certified transmission key A UK;
S22, payment terminal call code keypad to use public key Pu_mtms encrypted transmissions cipher key T K to generate first and transmit key ciphertext Ctk_Pu;
S23, operation terminal send the first transmission key ciphertext Ctk_Pu and terminal serial number SN to MTMS systems;
S24, when receive KMS transmission TK obtain request when, MTMS systems call the first hardware encryption equipment use private key Pr_ Mtms decryption first transmits key ciphertext Ctk_Pu and obtains transmission cipher key T K, then using protection key PK encrypted transmission cipher key Ts K Ciphertext TK is obtained, using MAC keys MAK the MAC value of ciphertext TK is calculated, the MAC value of ciphertext TK and ciphertext TK is merged and generates the Two transmission key ciphertexts Ctk_pk;
S25, MTMS system and KMS systems carry out two-way authentication by CA centers;
After S26, certification pass through, terminal serial number SN and the second transmission key ciphertext Ctk_pk are sent to KMS systems by MTMS systems System;
S3 concrete steps include:
S31, payment terminal send terminal serial number SN and download master key application to KMS systems;
S32, KMS system receives terminal serial number SN of payment terminal transmission and downloads after master key application, inquires about and terminal Corresponding second transmission key ciphertexts Ctk_pk of serial number SN;
S33, KMS system calls the second hardware encryption equipment to transmit key ciphertext Ctk_ to inquire second using MAC keys MAK Pk verifies MAC legitimacies, if verification passes through, transmits key ciphertext Ctk_pk using protection key PK decryption second and is transmitted Cipher key T K is simultaneously stored it in the second hardware encryption equipment;
S34, KMS system is obtained and call the second hardware encryption equipment to be entered using certification key A UK and payment terminal after transmission cipher key T K Row two-way authentication;
If S35, certification pass through, KMS systems call the second hardware encryption equipment close using transmission encryption key TEK ciphering terminal masters Key TMK generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment terminal;
It is close that S36, payment terminal call code keypad to obtain terminal master using transmission encryption key TEK decryption master key ciphertexts Ctmk Key TMK is simultaneously stored in terminal master key TMK in code keypad.
2. terminal master key TMK method for safely downloading according to claim 1, it is characterised in that described " operation terminal is pre- The operation terminal digital certificate Crt_optm that CA is centrally generated is put, the MTMS system digits card that MTMS system intialization CA are centrally generated The KMS system digits certificate Crt_kms that book Crt_mtms, KMS system intialization CA is centrally generated " are specifically included:
Operation terminal generates public private key pair Pu and Pr, and public key Pu and operation terminal identification information are issued into CA centers, and CA centers make Public key Pu and operation terminal identification information are signed with root certificate corresponding private key, generating digital certificate Crt_optm simultaneously will be raw Into digital certificate Crt_optm be sent to operation terminal, operate terminal storage digital certificate Crt_optm;
MTMS systems call the first hardware encryption equipment to produce public private key pair Pr_mtms and Pu_mtms, by public key Pu_mtms and MTMS identification informations issue CA centers, and CA centers are believed public key Pu_mtms and MTMS system banner using root certificate corresponding private key Breath is signed, and generates digital certificate Crt_mtms and the Crt_mtms of generation is sent to into MTMS systems, the storage of MTMS systems Digital certificate Crt_mtms;
KMS systems call the second hardware encryption equipment to produce public private key pair Pr_kms and Pu_kms, by public key Pu_kms and KMS mark Information issues CA centers, and CA centers are signed using root certificate corresponding private key to public key Pu_kms and KMS system identification information, Generate digital certificate Crt_kms and Crt_kms is sent to into KMS systems, KMS system digital certificates Crt_kms.
3. terminal master key TMK method for safely downloading according to claim 1, it is characterised in that also including Authorized operation The step of member's card and manager's card are to operating terminal to operate, specifically includes:
Public private key pair is produced respectively for operator's card and manager's card;
The public key of generation is issued into CA centers, operator's card certificate and manager's card certificate are generated respectively;
Operator's card certificate is stored in operator's card and manager's card certificate is stored in management card;
Operation terminal reads the operator's card and manager's card being inserted in operation terminal, by CA centers to operator's certificate and pipe Reason person's certificate carries out legitimacy certification, and when certification by after allow to operating terminal to operate.
4. terminal master key TMK method for safely downloading according to claim 2, it is characterised in that it is described " operation terminal with MTMS systems carry out two-way authentication by CA centers;After certification passes through, MTMS systems send out public key Pu_mtms by operation terminal Deliver to payment terminal and be stored in code keypad " specifically include:
MTMS systems send digital certificate Crt_mtms to operation terminal;
Operation terminal verifies the legitimacy of work certificate Crt_mtms using root certificate HsmRCRT for burning piece prepackage, and when checking Public key Pu_mtms is extracted by after from work certificate Crt_mtms to send to payment terminal and be stored in code keypad.
5. terminal master key TMK method for safely downloading according to claim 3, it is characterised in that described " operation terminal will First transmission key ciphertext Ctk_Pu and terminal serial number SN are sent to MTMS systems " specifically include step:
First transmission key ciphertext Ctk_Pu and terminal serial number SN are issued operation terminal by payment terminal;
The first transmission key ciphertext Ctk_Pu and terminal serial number SN that operation end-on is received is packed and is used operation Member's card is signed, and will be sent to MTMS systems through the first of signature the transmission key ciphertext Ctk_Pu and terminal serial number SN System;
MTMS systems receive the legitimacy of first signature verification when the first transmission key ciphertext Ctk_Pu and terminal serial number SN, such as It is really legal, terminal serial number SN and the first transmission key ciphertext Ctk_Pu are associatedly stored in into the data base of MTMS systems.
6. terminal master key TMK method for safely downloading according to claim 1, it is characterised in that described " KMS systems are obtained Must transmit and call the second hardware encryption equipment to carry out two-way authentication using certification key A UK and payment terminal after cipher key T K " concrete bag Include:
Payment terminal produces the first random number R nd1 and the first random number R nd1 is sent to KMS systems;
KMS systems to be received and produce the second random number R nd2 after the first random number R nd1, call the second hardware encryption equipment to use certification Key A UK is encrypted the first random number R nd1 and obtains the first random number ciphertext Crnd1, by the first random number ciphertext Crnd1 and second Random number R nd2 is sent to payment terminal;
Payment terminal obtains the 3rd random number using the first random number ciphertext Crnd1 that the decryption of certification key A UK is received Rnd1 ', judges the 3rd random number R nd1 ' it is whether consistent with the first random number R nd1;
If the 3rd random number R nd1 ' it is consistent with the first random number R nd1, payment terminal using certification key A UK encryption second with Machine number Rnd2 generates the second random number ciphertext Crnd2, and the second random number ciphertext Crnd2 is sent to into KMS systems;
KMS systems call the second hardware encryption equipment to obtain using the second random number ciphertext Crnd2 that the decryption of certification key A UK is received Obtain the 4th random number R nd2 ', judge the 4th random number R nd2 ' whether consistent with the second random number R nd2;
If the 4th random number R nd2 ' it is consistent with the second random number R nd2, KMS systems pass through with payment terminal certification.
7. the terminal master key TMK method for safely downloading according to claim 1 to 6 any one, it is characterised in that described Payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
8. safe download systems of a kind of terminal master key TMK, it is characterised in that add including the first hardware encryption equipment, the second hardware Close machine, payment terminal, operation terminal, MTMS systems, CA centers and KMS systems;The payment terminal includes that a TK uploads mould Block, TMK request modules, two-way authentication A modules, TMK receiver modules,
The operation terminal includes transmission module on the 2nd TK,
The MTMS systems include transmission module on arranging key A modules, public key sending module, TK ask respond modules, the 3rd TK,
The KMS systems include arranging key B modules, TMK ask respond modules, two-way authentication B modules, TMK sending modules,
The CA centers include certificate preset module, ca authentication module;
The operation terminal digital certificate Crt_optm that certificate preset module is used to be centrally generated CA is preset in operation terminal, by CA The MTMS system digits certificate Crt_mtms being centrally generated are preset in MTMS systems, the KMS system digits card that CA is centrally generated Book Crt_kms is preset in KMS systems;
Arranging key A modules and arranging key B modules are used to call the first hardware encryption equipment and the second hardware encryption equipment, exist respectively It is in first hardware encryption equipment and the second hardware encryption equipment that MTMS System Privileges component and the synthesis protection of KMS System Privileges component is close Key PK and MAC key MAK, and the protection key PK and MAC key MAK is stored in in the lump the first hardware encryption equipment and In two hardware encryption equipments;
Ca authentication module is used for operating terminal and MTMS systems to carry out two-way authentication by CA centers;
Public key sending module is used for after ca authentication certification passes through, and public key Pu_mtms is whole to paying by operating terminal to send Hold and be stored in code keypad;
Transmission module is used to call code keypad to produce transmission cipher key T K on first TK, and transmission cipher key T K includes that transmission encryption is close Key TEK and certified transmission key A UK;
Transmission module is used to call code keypad to use the transmission of public key Pu_mtms encrypted transmissions cipher key T K generation first close on first TK Key ciphertext Ctk_Pu;
Transmission module is used to the first transmission key ciphertext Ctk_Pu and terminal serial number SN are sent to MTMS systems on 2nd TK;
TK ask respond modules are used for when the TK for receiving the transmission of KMS systems obtains request, call the first hardware encryption equipment to make Key ciphertext Ctk_Pu is transmitted with private key Pr_mtms decryption first and obtain transmission cipher key T K, for using the PK encryptions of protection key Transmission cipher key T K obtains ciphertext TK, and for calculating the MAC value of ciphertext TK using MAC keys MAK, and for by ciphertext TK and The MAC value of ciphertext TK merges generation second and transmits key ciphertext Ctk_pk;
Ca authentication module is additionally operable to MTMS systems and carries out two-way authentication by CA centers with KMS systems;
Transmission module is used for after MTMS systems and KMS system authentications pass through on 3rd TK, by terminal serial number SN and the second transmission Key ciphertext Ctk_pk is sent to KMS systems;
TMK request modules are used to terminal serial number SN and download master key application are sent to KMS systems;
TMK ask respond modules are used for when KMS systems receive terminal serial number SN of payment terminal transmission and download master key After application, the second transmission key ciphertext Ctk_pk corresponding with terminal serial number SN is inquired about;
TMK ask respond modules are additionally operable to call the second hardware encryption equipment close to the second transmission for inquiring using MAC keys MAK Key ciphertext Ctk_pk verifies MAC legitimacies, and for after the verification passes through, being transmitted using protection key PK decryption second Key ciphertext Ctk_pk obtains transmission cipher key T K and stores it in the second hardware encryption equipment;
Two-way authentication A modules and two-way authentication B modules are used for after KMS systems obtain transmission cipher key T K, call the second hardware to add Close machine carries out two-way authentication using certification key A UK and payment terminal;
TMK sending modules are used for after KMS systems and payment terminal two-way authentication pass through, and call the second hardware encryption equipment to use biography Defeated encryption key TEK ciphering terminal master keys TMK generates master key ciphertext Ctmk and master key ciphertext Ctmk is sent to payment Terminal;
TMK receiver modules are used to call code keypad to obtain terminal using transmission encryption key TEK decryption master key ciphertexts Ctmk Master key TMK is simultaneously stored in terminal master key TMK in code keypad.
9. safe download systems of terminal master key TMK according to claim 8, it is characterised in that the card at the CA centers Book preset module includes that operation terminal digital certificate Crt_optm generation modules, MTMS system digits certificates Crt_mtms produce mould Block and KMS system digits certificate Crt_kms generation modules;
The digital certificate Crt_optm generation modules of the operation terminal are used for call operation terminal and generate public private key pair Pu and Pr, Public key Pu and operation terminal identification information are signed using root certificate corresponding private key, is generated digital certificate Crt_optm and is used in combination Send and be stored in operation terminal in the digital certificate Crt_optm by generation;
The digital certificate Crt_mtms generation modules of the MTMS systems are used to call the first hardware encryption equipment to produce public private key pair Pr_mtms and Pu_mtms, is signed using root certificate corresponding private key to public key Pu_mtms and MTMS system identification information, raw Into digital certificate Crt_mtms and for sending and being stored in MTMS systems the Crt_mtms of generation;
The KMS system digits certificate Crt_kms generation modules are used to call the second hardware encryption equipment to produce public private key pair Pr_ Kms and Pu_kms, is signed using root certificate corresponding private key to public key Pu_kms and KMS system identification information, generates numeral Certificate Crt_kms simultaneously is used to that Crt_kms to be sent and is stored in KMS systems.
10. safe download systems of terminal master key TMK according to claim 8, it is characterised in that the operation terminal is also Include operator's card and manager's card;
The certificate preset module at the CA centers is additionally operable to produce operator's card certificate and manager's card certificate, and for operating Member's card certificate is stored in operator's card and manager's card certificate is stored in management card;
Operator's card and manager block for when operation terminal reads the operator's card and manager that are inserted in operation terminal Card, when carrying out legitimacy certification to operator's certificate and administrator certificate by CA centers and passing through, authorizes to operating terminal to carry out Operation.
The safe download systems of 11. terminal master key TMK according to claim 10, it is characterised in that on the 2nd TK Transmission module also includes packaged unit, and the packaged unit is used for the first transmission key ciphertext Ctk_Pu and terminal sequence to receiving Row number SN is packed and is signed using operator's card;
Transmission module also includes verification unit on 3rd TK of the MTMS systems, and the verification unit is used for when receiving described the When two TK upload first transmission key ciphertext Ctk_Pu and terminal serial number SN of module transfer, the label of the packaged unit are verified The legitimacy of name, and for when the check results of the legitimacy are legal, terminal serial number SN and the first transmission is close Key ciphertext Ctk_Pu is associatedly stored in the data base of MTMS systems.
The safe download systems of 12. terminal master key TMK according to claim 9, it is characterised in that the two-way authentication A Module includes the first random number generation unit, the first data transceiving unit, the first encryption/decryption element and the first judging unit, institute Two-way authentication B modules are stated including the second random number generation unit, the second data transceiving unit, the second encryption/decryption element and second Judging unit;
First random number generation unit is used to produce the first random number R nd1;First data transceiving unit is used for first for producing Random number R nd1 is sent to KMS systems;Second data transceiving unit is used to receive the first random number R nd1;Second random number is produced Unit is used for when the first random number R nd1 is received, and produces the Rnd2 of random number the 2nd;Second encryption/decryption element is used to receive During to the first random number R nd1, call the second hardware encryption equipment to encrypt the first random number R nd1 using certified transmission key A UK and obtain Obtain the first random number ciphertext Crnd1;Second data transceiving unit is used for the first random number ciphertext Crnd1 and the second random number Rnd2 is sent to payment terminal;
First encryption/decryption element is used for when the first random number ciphertext Crnd1 and the second random number R nd2 is received, using transmission The first random number ciphertext Crnd1 that the decryption of certification key A UK is received obtains the 3rd random number R nd1 ';First judging unit is used In judging the 3rd random number R nd1 ' it is whether consistent with the first random number R nd1;
First encryption/decryption element is used for when first judging unit judges the 3rd random number R nd1 ' and the first random number R nd1 mono- During cause, encrypt the second random number R nd2 using certified transmission key A UK and generate the second random number ciphertext Crnd2;First data are received Bill unit is used to for the second random number ciphertext Crnd2 to be sent to KMS systems;
Second encryption/decryption element is used for when the second random number ciphertext Crnd2 is received, and calls the second hardware encryption equipment to use biography The second random number ciphertext Crnd2 that defeated certification key A UK decryption is received obtains the 4th random number R nd2 ', the second judging unit For judging the 4th random number R nd2 ' it is whether consistent with the second random number R nd2, and when the 4th random number R nd2 of judgement ' and second When random number R nd2 is consistent, confirm that the two-way authentication between KMS systems and payment terminal passes through.
The 13. safe download systems of terminal master key TMK according to claim 8 to 12 any one, it is characterised in that institute Payment terminal is stated for POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
CN201310740537.7A 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system CN103746800B (en)

Priority Applications (13)

Application Number Priority Date Filing Date Title
CN201310084673.5 2013-03-15
CN2013100846735A CN103220271A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN2013100843972 2013-03-15
CN201310084653.8 2013-03-15
CN2013100846735 2013-03-15
CN2013100843972A CN103237004A (en) 2013-03-15 2013-03-15 Key download method, key management method, method, device and system for download management
CN2013100846716 2013-03-15
CN2013100846538 2013-03-15
CN201310084671.6 2013-03-15
CN201310084397.2 2013-03-15
CN2013100846538A CN103237005A (en) 2013-03-15 2013-03-15 Method and system for key management
CN2013100846716A CN103220270A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN201310740537.7A CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310740537.7A CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
PCT/CN2014/073205 WO2014139403A1 (en) 2013-03-15 2014-03-11 Method and system for securely downloading terminal master keys

Publications (2)

Publication Number Publication Date
CN103746800A CN103746800A (en) 2014-04-23
CN103746800B true CN103746800B (en) 2017-05-03

Family

ID=50363015

Family Applications (28)

Application Number Title Priority Date Filing Date
CN201310742991.6A CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740226.0A CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310740360.0A CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310742886.2A CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740380.8A CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310742681.4A CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310740567.8A CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740308.5A CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740100.3A CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310741948.8A CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310740430.2A CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310742661.7A CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys
CN201310740158.8A CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742648.1A CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal
CN201310740540.9A CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740264.6A CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740644.XA CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310740410.5A CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication
CN201310740574.8A CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310742713.0A CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310740537.7A CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742686.7A CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310740285.8A CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740231.1A CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310741949.2A CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740188.9A CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems

Family Applications Before (21)

Application Number Title Priority Date Filing Date
CN201310742991.6A CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740226.0A CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310740360.0A CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310742886.2A CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740380.8A CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310742681.4A CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310740567.8A CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740308.5A CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740100.3A CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310741948.8A CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310740430.2A CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310742661.7A CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys
CN201310740158.8A CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742648.1A CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal
CN201310740540.9A CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740264.6A CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740644.XA CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310740410.5A CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication
CN201310740574.8A CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310742713.0A CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K

Family Applications After (6)

Application Number Title Priority Date Filing Date
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742686.7A CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310740285.8A CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740231.1A CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310741949.2A CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740188.9A CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems

Country Status (2)

Country Link
CN (28) CN103714641B (en)
WO (5) WO2014139406A1 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103714641B (en) * 2013-03-15 2016-03-30 福建联迪商用设备有限公司 A kind of terminal master key TMK method for safely downloading and system
CN105281896B (en) * 2014-07-17 2018-11-27 深圳华智融科技股份有限公司 A kind of key POS machine Activiation method and system based on elliptic curve
CN104270346B (en) * 2014-09-12 2017-10-13 北京天行网安信息技术有限责任公司 The methods, devices and systems of two-way authentication
CN104363090A (en) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 Secret key distribution device and method for enhancing safety of banking terminal equipment
CN105681263B (en) * 2014-11-20 2019-02-12 广东华大互联网股份有限公司 A kind of secrete key of smart card remote application method and application system
CN104486323B (en) * 2014-12-10 2017-10-31 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
CN104410641B (en) * 2014-12-10 2017-12-08 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
US9485250B2 (en) * 2015-01-30 2016-11-01 Ncr Corporation Authority trusted secure system component
CN106204034B (en) * 2015-04-29 2019-07-23 中国电信股份有限公司 Using the mutual authentication method and system of interior payment
CN105117665B (en) * 2015-07-16 2017-10-31 福建联迪商用设备有限公司 A kind of end product pattern and the method and system of development mode handoff-security
CN105260884A (en) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 POS machine key distributing method and device
CN105530241B (en) * 2015-12-07 2018-12-28 咪付(广西)网络技术有限公司 The authentication method of mobile intelligent terminal and POS terminal
CN105574722A (en) * 2015-12-11 2016-05-11 福建新大陆支付技术有限公司 Authorization IC card based remote online authorization method for payment terminal
CN105930718A (en) * 2015-12-29 2016-09-07 中国银联股份有限公司 Method and apparatus for switching point-of-sale (POS) terminal modes
CN105656669B (en) * 2015-12-31 2019-01-01 福建联迪商用设备有限公司 The remote repairing method of electronic equipment, is repaired equipment and system at equipment
CN105681032B (en) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 Method for storing cipher key, key management method and device
CN105743654A (en) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 POS machine secret key remote downloading service system and secret key downloading method
CN105790934B (en) * 2016-03-04 2019-03-15 中国银联股份有限公司 A kind of adaptive POS terminal configuration method configures power assignment method with it
CN105978856B (en) * 2016-04-18 2019-01-25 随行付支付有限公司 A kind of POS machine key downloading method, apparatus and system
CN106059771A (en) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 Intelligent POS machine secret key management system and method
CN106097608B (en) * 2016-06-06 2018-07-27 福建联迪商用设备有限公司 Remote cipher key method for down loading and system, acquirer and target POS terminal
CN106127461A (en) * 2016-06-16 2016-11-16 中国银联股份有限公司 Bi-directional verification method of mobile payment and system
CN106027247A (en) * 2016-07-29 2016-10-12 宁夏丝路通网络支付有限公司北京分公司 Method for remotely issuing POS key
CN106100854A (en) * 2016-08-16 2016-11-09 黄朝 The reverse authentication method of terminal unit based on authority's main body and system
CN106571915A (en) * 2016-11-15 2017-04-19 中国银联股份有限公司 Terminal master key setting method and apparatus
CN106603496B (en) * 2016-11-18 2019-05-21 新智数字科技有限公司 A kind of guard method, smart card, server and the communication system of data transmission
CN106656488A (en) * 2016-12-07 2017-05-10 百富计算机技术(深圳)有限公司 Key downloading method and device of POS terminal
CN106712939A (en) * 2016-12-27 2017-05-24 百富计算机技术(深圳)有限公司 Offline key transmission method and device
US10432730B1 (en) 2017-01-25 2019-10-01 United States Of America As Represented By The Secretary Of The Air Force Apparatus and method for bus protection
CN106953731A (en) * 2017-02-17 2017-07-14 福建魔方电子科技有限公司 The authentication method and system of a kind of terminal management person
US10296477B2 (en) 2017-03-30 2019-05-21 United States of America as represented by the Secretary of the AirForce Data bus logger
CN106997533A (en) * 2017-04-01 2017-08-01 福建实达电脑设备有限公司 A kind of POS terminal product safety production authentication management system and method
CN107094138B (en) * 2017-04-11 2019-09-13 郑州信大捷安信息技术股份有限公司 A kind of smart home safe communication system and communication means
CN107070925A (en) * 2017-04-18 2017-08-18 上海赛付网络科技有限公司 A kind of terminal applies and the anti-tamper method of background service communication packet
CN107104795A (en) * 2017-04-25 2017-08-29 上海汇尔通信息技术有限公司 Method for implanting, framework and the system of RSA key pair and certificate
CN107360652A (en) * 2017-05-31 2017-11-17 江苏普世祥光电技术有限公司 A kind of control method of square landscape lamp
CN107301437A (en) * 2017-05-31 2017-10-27 江苏普世祥光电技术有限公司 A kind of control system of square landscape lamp
CN107358441A (en) * 2017-06-26 2017-11-17 北京明华联盟科技有限公司 Method, system and the mobile device and safety certificate equipment of payment verification
CN107666420A (en) * 2017-08-30 2018-02-06 宁波梦居智能科技有限公司 A kind of intelligent domestic gateway production control and identity mirror method for distinguishing
CN107392591A (en) * 2017-08-31 2017-11-24 恒宝股份有限公司 Online recharge method, system and the bluetooth read-write equipment of trading card
CN107995985A (en) * 2017-10-27 2018-05-04 福建联迪商用设备有限公司 Financial payment terminal Activiation method and its system
WO2019178762A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Method, server, and system for verifying validity of terminal
WO2019178763A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Certificate importing method and terminal
WO2019200530A1 (en) * 2018-04-17 2019-10-24 福建联迪商用设备有限公司 Remote distribution method and system for terminal master key

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631305A (en) * 2009-07-28 2010-01-20 交通银行股份有限公司 Encryption method and system
CN101930644A (en) * 2009-06-25 2010-12-29 中国银联股份有限公司 Method for safely downloading master key automatically in bank card payment system and system thereof

Family Cites Families (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH033276B2 (en) * 1981-03-24 1991-01-18 Sharp Kk
JP2993833B2 (en) * 1993-11-29 1999-12-27 富士通株式会社 Pos system
JPH10112883A (en) * 1996-10-07 1998-04-28 Hitachi Ltd Radio communication exchange system, exchange, public key management device, mobile terminal and mobile terminal recognizing method
US6630603B1 (en) * 1999-03-22 2003-10-07 Purac Biochem B.V. Method of industrial-scale purification of lactic acid
CN1127033C (en) * 2000-07-20 2003-11-05 天津南开戈德集团有限公司 Radio mobile network sale point terminal system
US7110986B1 (en) * 2001-04-23 2006-09-19 Diebold, Incorporated Automated banking machine system and method
KR100641824B1 (en) * 2001-04-25 2006-11-06 주식회사 하렉스인포텍 A payment information input method and mobile commerce system using symmetric cipher system
JP2002366285A (en) * 2001-06-05 2002-12-20 Matsushita Electric Ind Co Ltd Pos terminal
GB2404126B (en) * 2002-01-17 2005-04-06 Toshiba Res Europ Ltd Data transmission links
JP2003217028A (en) * 2002-01-24 2003-07-31 Tonfuu:Kk Operation situation monitoring system for pos terminal device
US7395427B2 (en) * 2003-01-10 2008-07-01 Walker Jesse R Authenticated key exchange based on pairwise master key
JP2005117511A (en) * 2003-10-10 2005-04-28 Nec Corp Quantum cipher communication system and quantum cipher key distributing method used therefor
KR101282972B1 (en) * 2004-03-22 2013-07-08 삼성전자주식회사 Authentication between a device and a portable storage
US20060093149A1 (en) * 2004-10-30 2006-05-04 Shera International Ltd. Certified deployment of applications on terminals
DE102005022019A1 (en) * 2005-05-12 2007-02-01 Giesecke & Devrient Gmbh Secure processing of data
KR100652125B1 (en) * 2005-06-03 2006-11-23 삼성전자주식회사 Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof
CN100583743C (en) * 2005-07-22 2010-01-20 华为技术有限公司 Distributing method for transmission key
AU2007284296A1 (en) * 2006-02-22 2008-02-21 Hypercom Corporation Secure electronic transaction system
JP2007241351A (en) * 2006-03-06 2007-09-20 Cela System:Kk Customer/commodity integrated management system by customer/commodity/purchase management system (including pos) and mobile terminal
EP1833009B1 (en) * 2006-03-09 2019-05-08 First Data Corporation Secure transaction computer network
US7818264B2 (en) * 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
CN101064695A (en) * 2007-05-16 2007-10-31 杭州看吧科技有限公司 P2P(Peer to Peer) safe connection method
CN101145913B (en) * 2007-10-25 2010-06-16 东软集团股份有限公司 A method and system for network security communication
WO2009070041A2 (en) * 2007-11-30 2009-06-04 Electronic Transaction Services Limited Payment system and method of operation
CN101541002A (en) * 2008-03-21 2009-09-23 展讯通信(上海)有限公司 Web server-based method for downloading software license of mobile terminal
CN101615322B (en) * 2008-06-25 2012-09-05 上海富友金融网络技术有限公司 Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function
JP4666240B2 (en) * 2008-07-14 2011-04-06 ソニー株式会社 Information processing apparatus, information processing method, program, and information processing system
CN101686225A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Methods of data encryption and key generation for on-line payment
KR20100052668A (en) * 2008-11-11 2010-05-20 노틸러스효성 주식회사 Method for on-line sharing of tmk(terminal master key) between atm and host
JP5329184B2 (en) * 2008-11-12 2013-10-30 株式会社日立製作所 Public key certificate verification method and verification server
CN101425208B (en) * 2008-12-05 2010-11-10 浪潮齐鲁软件产业有限公司 Method for safely downloading cipher key of finance tax-controlling cashing machine
CN101527714B (en) * 2008-12-31 2012-09-05 飞天诚信科技股份有限公司 Method, device and system for accreditation
CN101719895A (en) * 2009-06-26 2010-06-02 中兴通讯股份有限公司 Data processing method and system for realizing secure communication of network
CN101593389B (en) * 2009-07-01 2012-04-18 中国建设银行股份有限公司 Key management method and key management system for POS terminal
CN101656007B (en) * 2009-08-14 2011-02-16 通联支付网络服务股份有限公司 Safe system realizing one machine with multiple ciphers on POS machine and method thereof
CN102064939B (en) * 2009-11-13 2013-06-12 福建联迪商用设备有限公司 Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN101710436B (en) * 2009-12-01 2011-12-14 中国建设银行股份有限公司 Pos method of controlling a terminal, a system and a terminal management apparatus pos
CN101807994B (en) * 2009-12-18 2012-07-25 北京握奇数据系统有限公司 Method and system for application data transmission of IC card
CN102148799B (en) * 2010-02-05 2014-10-22 中国银联股份有限公司 Key downloading method and system
CN201656997U (en) * 2010-04-28 2010-11-24 中国工商银行股份有限公司 Device for generating transmission key
CN101807997B (en) * 2010-04-28 2012-08-22 中国工商银行股份有限公司 Device and method for generating transmission key
CN102262760A (en) * 2010-05-28 2011-11-30 杨筑平 Trade secret method, reception device and submission software
US8856509B2 (en) * 2010-08-10 2014-10-07 Motorola Mobility Llc System and method for cognizant transport layer security (CTLS)
CN101938520B (en) * 2010-09-07 2015-01-28 中兴通讯股份有限公司 Mobile terminal signature-based remote payment system and method
CN101976403A (en) * 2010-10-29 2011-02-16 北京拉卡拉网络技术有限公司 Phone number payment platform, payment trading system and method thereof
CN102013982B (en) * 2010-12-01 2012-07-25 银联商务有限公司 Long-distance encryption method, management method, as well as encryption management method, device and system
CN102903189A (en) * 2011-07-25 2013-01-30 上海昂贝电子科技有限公司 Terminal transaction method and device
CN102394749B (en) * 2011-09-26 2014-03-05 深圳市文鼎创数据科技有限公司 Line protection method, system, information safety equipment and application equipment for data transmission
CN102521935B (en) * 2011-12-15 2013-12-11 福建联迪商用设备有限公司 Method and apparatus for state detection of POS machine
CN102592369A (en) * 2012-01-14 2012-07-18 福建联迪商用设备有限公司 Method for self-service terminal access to financial transaction center
CN102624711B (en) * 2012-02-27 2015-06-03 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102624710B (en) * 2012-02-27 2015-03-11 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102647274B (en) * 2012-04-12 2014-10-08 福建联迪商用设备有限公司 POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof
CN102707972B (en) * 2012-05-02 2016-03-09 银联商务有限公司 A kind of POS terminal method for updating program and system
CN102768744B (en) * 2012-05-11 2016-03-16 福建联迪商用设备有限公司 A kind of remote safe payment method and system
CN102868521B (en) * 2012-09-12 2015-03-04 成都卫士通信息产业股份有限公司 Method for enhancing secret key transmission of symmetrical secret key system
CN103116505B (en) * 2012-11-16 2016-05-25 福建联迪商用设备有限公司 A kind of method that Auto-matching is downloaded
CN103117855B (en) * 2012-12-19 2016-07-06 福建联迪商用设备有限公司 A kind of method of the method generating digital certificate and backup and recovery private key
CN103237004A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Key download method, key management method, method, device and system for download management
CN103714641B (en) * 2013-03-15 2016-03-30 福建联迪商用设备有限公司 A kind of terminal master key TMK method for safely downloading and system
CN103220271A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103269266B (en) * 2013-04-27 2016-07-06 北京宏基恒信科技有限责任公司 The safety certifying method of dynamic password and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101930644A (en) * 2009-06-25 2010-12-29 中国银联股份有限公司 Method for safely downloading master key automatically in bank card payment system and system thereof
CN101631305A (en) * 2009-07-28 2010-01-20 交通银行股份有限公司 Encryption method and system

Also Published As

Publication number Publication date
CN103716167A (en) 2014-04-09
CN103701812A (en) 2014-04-02
CN103729945A (en) 2014-04-16
CN103714640B (en) 2016-02-03
CN103716320B (en) 2017-08-01
CN103729940A (en) 2014-04-16
CN103729941B (en) 2016-06-15
CN103731259A (en) 2014-04-16
CN103701610A (en) 2014-04-02
CN103716167B (en) 2017-01-11
CN103729940B (en) 2016-06-15
CN103716153B (en) 2017-08-01
CN103729943B (en) 2015-12-30
CN103716320A (en) 2014-04-09
CN103716321A (en) 2014-04-09
CN103714636B (en) 2015-12-02
CN103745351B (en) 2017-09-29
CN103714635B (en) 2015-11-11
CN103714633A (en) 2014-04-09
CN103701610B (en) 2018-04-17
CN103729942B (en) 2016-01-13
CN103714638B (en) 2015-09-30
CN103701812B (en) 2017-01-25
CN103746800A (en) 2014-04-23
CN103714635A (en) 2014-04-09
CN103714634A (en) 2014-04-09
CN103729944A (en) 2014-04-16
CN103716155A (en) 2014-04-09
CN103716154B (en) 2017-08-01
WO2014139406A1 (en) 2014-09-18
CN103714638A (en) 2014-04-09
CN103714639B (en) 2016-05-04
CN103716153A (en) 2014-04-09
CN103714637B (en) 2016-03-16
CN103714640A (en) 2014-04-09
CN103701609A (en) 2014-04-02
CN103729941A (en) 2014-04-16
CN103729942A (en) 2014-04-16
CN103729944B (en) 2015-09-30
CN103716154A (en) 2014-04-09
CN103714636A (en) 2014-04-09
WO2014139408A1 (en) 2014-09-18
CN103729943A (en) 2014-04-16
WO2014139403A1 (en) 2014-09-18
WO2014139411A1 (en) 2014-09-18
CN103714633B (en) 2016-05-04
CN103729945B (en) 2015-11-18
CN103714641B (en) 2016-03-30
CN103714634B (en) 2016-06-15
CN103701609B (en) 2016-09-28
CN103716155B (en) 2016-08-17
CN103745351A (en) 2014-04-23
CN103714639A (en) 2014-04-09
CN103731260B (en) 2016-09-28
CN103731259B (en) 2017-08-01
CN103714637A (en) 2014-04-09
CN103731260A (en) 2014-04-16
CN103714641A (en) 2014-04-09
WO2014139412A1 (en) 2014-09-18
CN103716321B (en) 2017-08-29

Similar Documents

Publication Publication Date Title
US10389533B2 (en) Methods for secure cryptogram generation
US5664017A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
CA2753039C (en) System and methods for online authentication
CA2256881C (en) An automatic safe public communication system
US6560581B1 (en) System and method for secure electronic commerce transaction
JP5260523B2 (en) Radio frequency identification (RFID) authentication and key distribution system therefor
CA2289452C (en) Initial secret key establishment including facilities for verification of identity
EP0567610B1 (en) Value transfer system
RU2663476C2 (en) Remote payment transactions protected processing, including authentication of consumers
CA2742694C (en) System and methods for online authentication
DE60315552T2 (en) IC card and method for authentication in an electronic ticket distribution system
US20170221056A1 (en) Secure remote payment transaction processing using a secure element
US5689565A (en) Cryptography system and method for providing cryptographic services for a computer application
US5745576A (en) Method and apparatus for initialization of cryptographic terminal
DE60104411T2 (en) Method for transmitting a payment information between a terminal and a third device
US5852665A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
JP4156129B2 (en) Device that generates survey information for products
CN103745351B (en) A kind of acquisition method and system for transmitting cipher key T K
US20020073045A1 (en) Off-line generation of limited-use credit card numbers
DE60023705T2 (en) Secure distribution and protection of key information
JPWO2002087149A1 (en) Terminal communication system
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
US6487660B1 (en) Two way authentication protocol
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
TWI497336B (en) Data security devices and computer program

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
CB03 Change of inventor or designer information

Inventor after: Hong Yixuan

Inventor after: Su Wenlong

Inventor after: Meng Luqiang

Inventor before: Su Wenlong

Inventor before: Meng Luqiang

C53 Correction of patent for invention or patent application
COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: SU WENLONG MENG LUQIANG TO: HONG YIXUAN SU WENLONG MENG LUQIANG

GR01 Patent grant
GR01 Patent grant