CN105957276A - Android system-based intelligent POS security system, starting method and data management control method - Google Patents

Android system-based intelligent POS security system, starting method and data management control method Download PDF

Info

Publication number
CN105957276A
CN105957276A CN201610323596.8A CN201610323596A CN105957276A CN 105957276 A CN105957276 A CN 105957276A CN 201610323596 A CN201610323596 A CN 201610323596A CN 105957276 A CN105957276 A CN 105957276A
Authority
CN
China
Prior art keywords
cpu
safe
application
data
android system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610323596.8A
Other languages
Chinese (zh)
Other versions
CN105957276B (en
Inventor
黄建新
林国兵
黄源旦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Original Assignee
FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd filed Critical FUJIAN NEWLAND PAYMENT TECHNOLOGY Co Ltd
Priority to CN201610323596.8A priority Critical patent/CN105957276B/en
Publication of CN105957276A publication Critical patent/CN105957276A/en
Application granted granted Critical
Publication of CN105957276B publication Critical patent/CN105957276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0009Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0018Constructional details, e.g. of drawer, printing means, input means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

The present invention relates to an Android system-based intelligent POS security system, a starting method and a data management control method. The system comprises an application CPU and a security CPU connected with the application CPU, the application CPU is also connected with a communication module, a display screen and an internal memory, and the security CPU is also connected with a touch screen, a contact IC card reader, a non-contact IC card reader, a magnetic card reader and a physical security circuit. According to the present invention, the transaction sensitive information, such as the bank encryption/decryption secret keys, the user ciphers, the account data, etc., is protected effectively, the contact of the sensitive data and an Android system is isolated effectively, at the same time, a signature verification mechanisms is provided to protect the integrity and the legality of the Android system and the APP programs effectively, thereby guaranteeing the payment security of the Android system-based intelligent POS.

Description

Based on android system intelligence POS security system and startup, data management-control method
Technical field
The present invention relates to E-Payment field, particularly relate to a kind of based on android system intelligence POS security system and startup, data management-control method.
Background technology
Traditional point of sale terminal, i.e. tradition POS, be market, the wide variety of a kind of Electronic Finance payment and settlement device in supermarket.This tradition POS, based on special hardware platform and the software system of closing, uses physical keyboard to carry out Password Input, has been only capable of the financial payment function of routine or customization.Such as when buying the commodity in market, supermarket, cashier uses such POS to input payment, and consumer swipes the card in such POS and realizes payment function, it is impossible to is used for buying the cloud such as train ticket, plane ticket and pays application.Although tradition POS stablizes safety, but system falls behind, poor performance, and Consumer's Experience, opening and autgmentability are the most poor, and its hardware and software platform performance cannot meet the functional requirement of the emerging payment transactions such as cloud payment.
For relatively conventional POS, Android operation system is intelligent operating system, possesses abundant function, good Consumer's Experience, extensibility, opening.Intelligent POS terminal based on Android operation system, has merged the payment function that traditional POS payment terminal is possessed, has had again good Consumer's Experience and extensibility, be especially suitable for the functional requirement of the emerging payment transactions such as cloud payment.But the opening due to android system hardware and software platform, all there are security breaches at application, system and hardware view, be easily embedded into back door such as APP, there is leak in operating system security, ROOT authority is easily tampered, and these all bring the biggest challenge to payment safety.
According to financial industry safety standard requirements, the account data of the users such as bank's encryption and decryption key, user cipher, magnetic stripe/IC-card is required for by strict protection.But, application model that android system is intrinsic and security flaw, extremely difficult based on the complete continuous print defence line of this system constructing one.Such as, during most basic Password Input, hacker can utilize the security breaches that android system application layer, ccf layer, driving layer or hardware layer exist easily, in touch-screen input, shows, preserves, transmits links, intercepts related data;Possesses the Android application of Root authority, it is possible to obtain all core datas include bank's encryption and decryption key etc..Therefore, it is implemented in the intelligent POS on Android open systems, is difficult to meet financial industry safety standard requirements.
Some intelligence POS product uses customization android system to strengthen the safety of operating system bottom, forbid Root, forbid that unsigned APP installs and loads, the methods such as payment related application and other application isolation are promoted safety, but by lost Android operation system opening, extensibility, even Consumer's Experience, exploitation and safety certification cycle are long, and, the most unavoidably there is security risk.
Summary of the invention
It is an object of the invention to provide a kind of solve the problems referred to above based on android system intelligence POS security system and startup, data management-control method; this system effectively protects the transaction sensitive information such as bank's encryption and decryption key, user cipher and account data; and it has been effectively isolated contacting of these sensitive datas and android system; simultaneously; integrity and the legitimacy of the machine-processed program effectively protecting android system and APP of signature verification are provided, ensure that the payment safety of intelligent POS based on android system.
For achieving the above object, the technical scheme is that a kind of based on android system intelligence POS security system, including applying CPU and the safe CPU being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
In an embodiment of the present invention, a backup battery being connected with described safe CPU is also included, in order to safe CPU uninterrupted power supply.
In an embodiment of the present invention, the described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
In an embodiment of the present invention, described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
Present invention also offers and a kind of use startup method based on android system intelligence POS security system described above, comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
In an embodiment of the present invention, described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.
In an embodiment of the present invention, described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
Present invention also offers and a kind of use data management-control method based on android system intelligence POS security system described above, comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
In an embodiment of the present invention, described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
In an embodiment of the present invention, for the numerical ciphers keyboard of PIN input, numerical ciphers keyboard out of order, random alignment is used.
Compared to prior art, the method have the advantages that
One, key data obtain physical isolation and protection, and safety is high;Safe CPU storage and manage whole encryption and decryption key, application CPU do not stores, do not manage any encryption and decryption key, physically the contacting of isolation key data and android system, it is to avoid android system or the risk of application acquisition key data;
Two, sensitive data and sensitive service obtain physical isolation and protection, and safety is high;The account data of the PIN input of user and computations, user reads and computations is all carried out inside safe CPU, application CPU does not process these sensitive datas and sensitive service, it is merely responsible for transmitting ciphertext data, isolate PIN data physically, account information, sensitive service contact with android system, it is to avoid android system or application obtain the risk of sensitive data;
Three, illegal program can not run, and safety is high;Application CPU starts program and is controlled by safe CPU, and verifies android system and the integrity of application program and legitimacy step by step with top PKI etc., thus stops the operation of illegal program, it is ensured that equipment and the safety of payment;
Therefore, the present invention systematicness can evade the security risk that android system exists, and ideally solves the safety problem that intelligent POS based on android system exists.
Accompanying drawing explanation
Fig. 1 is the electrical block diagram of android system intelligence POS equipment of the present invention.
Fig. 2 is the safe starting method flow chart of application CPU.
Fig. 3 is a kind of sensitive data management-control method flow chart.
Detailed description of the invention
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
The one of the present invention is based on android system intelligence POS security system, including applying CPU and the safe CPU being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
Also include a backup battery being connected with described safe CPU, in order to safe CPU uninterrupted power supply.
The described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
Described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
Present invention also offers and a kind of use startup method based on android system intelligence POS security system described above, comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
Described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.Or described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
Present invention also offers and a kind of use data management-control method based on android system intelligence POS security system described above, comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
Described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
For the numerical ciphers keyboard of PIN input, use numerical ciphers keyboard out of order, random alignment.
It it is below the concrete application example of the present invention.
Refer to shown in Fig. 1, the electrical block diagram of the android system intelligence POS equipment that Fig. 1 provides for the embodiment of the present invention.
In the present embodiment, the circuit structure of android system intelligence POS equipment specifically includes communication module, application CPU, memory storage, display screen, touch screen, safe CPU, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery.
Described communication module, memory storage, display screen are connected with described application CPU;Described touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery are connected with described safe CPU;Described application CPU is connected with described safe CPU.
Described application CPU is used for running android system and paying APP;Described safe CPU is for security protection and processes safety-related data, specifically include: the physical security circuit described in driving, for equipment physical attacks is protected, prevent from tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change;Storage and management encryption and decryption key;From contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain account data and the parameter transaction of user's bank card, and by described touch screen, obtain user PIN input, inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature, be transferred to bank transaction management platform by application CPU and the communication module that connected thereof afterwards and complete payment transaction.
Described backup battery, under equipment off-mode, provides working power for safe CPU, makes equipment by continual protection.
Described touch screen, is managed by safe CPU, in user's PIN input process, safe CPU directly obtains PIN and inputs data, apply CPU inaccessible, and only after PIN input process terminates, application CPU can access touch screen.
Especially, described touch screen, safe CPU manage, provide access path, application CPU to access touch screen for application CPU and comprise three steps.
Step 1, CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2, the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3, the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU.
In user's PIN input process, safe CPU has taken over touch screen and has controlled and obtain user PIN input, and only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
The android system intelligence POS circuitry structure provided in the present embodiment, the PIN making user inputs, and the account data of the user's bank card from contact IC-card card reader, non-contact IC card reader or magnetic card reader acquisition, directly driven by safe CPU and manage, application CPU not directly accesses, isolate PIN data physically, account information contacts with android system, it is to avoid android system or application obtain the risk of sensitive data.
Refer to shown in Fig. 2, Fig. 2 is the safe starting method flow chart of embodiment of the present invention application CPU.
In the present embodiment, it is provided that a kind of safe starting method applying CPU, comprise the steps of:
Step 1, when equipment starts, safe CPU first starts, and controls the interface of application CPU and safe CPU and uniquely starts source as application CPU, and controls application CPU and be allowed to start;
Step 2, after the safe self-inspection of safe CPU completes, provide startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step 3, application CPU perform startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage, if signature verification is not passed through, then return " sign test mistake " to safe CPU, program endless loop.
Step 4, application CPU then perform two grades of startup programs, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage are carried out signature verification.If signature verification is not passed through, then return " sign test mistake " to safe CPU, program endless loop.
Step 5, application CPU then perform the android system program of memory storage, and with three grades of PKIs of correspondence respectively to being stored in memory storage or newly downloaded APP carries out signature verification.The APP that only signature verification is passed through allows to perform, and the APP that signature verification is not passed through does not allows to load or download.
Step 6, safe cpu monitor application CPU clean boot information, if receiving " sign test mistake ", then termination device starts.If signature verification is correct, safe CPU then processes all of sensitive data of payment transaction and provides sensitive service for application CPU.
Above-mentioned " signature verification " algorithm, can use SHA256 algorithm to obtain data summarization, then with RSA2048 or RSA4096 algorithm, data summarization calculate signature numerical value, then compare with the signature numerical value of storage in memory storage, to confirm the correctness of signature;SM3 algorithm can also be used to obtain data summarization, then with SM2 algorithm, data summarization calculated signature numerical value, then compare with the signature numerical value of storage in memory storage, to confirm the correctness of signature.
The safe starting method of the application CPU provided in the present embodiment, application CPU starts program and is controlled by safe CPU, and verify android system and the integrity of application program and legitimacy step by step with top PKI etc., thus stop operation and the download of illegal program, for equipment and the basic condition safely providing key of payment.
Refer to shown in Fig. 3, Fig. 3 is embodiment of the present invention sensitive data management-control method flow chart.
In the present embodiment, it is provided that a kind of based on android system intelligence POS sensitive data management-control method, including following rate-determining steps:
Step 1, when bank key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step 2, android system program and APP run at application CPU, and when needs are paid by mails, application CPU processes application flow and user interface prompt, issues a command to safe CPU and reads user account data;By safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use account data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step 3, user's PIN input process, application CPU points out input PIN, display digit code keypad on a display screen, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step 4, application CPU issue a command to safe CPU and obtain transaction message;Safe CPU integrates the data such as the payment terminal parameter of this transaction, account data ciphertext, dealing money, PIN data ciphertext, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step 5, application CPU pass through connected communication module and carry out communication with bank transaction service platform, complete payment transaction.
Above-mentioned encryption and decryption key, can use symmetrical key, at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and AES is 3DES, it is also possible to be SM4 algorithm.
Above-mentioned application CPU shown numerical ciphers keyboard on a display screen, can be the numerical ciphers keyboard of normal sequence, stationary arrangement, it is also possible to be out of order, random alignment numerical ciphers keyboard.
The sensitive data management-control method provided in the present embodiment, the account data of the PIN input of user and computations, user reads and computations is all carried out inside safe CPU, application CPU does not process these sensitive datas and sensitive service, it is merely responsible for transmitting ciphertext data, isolate PIN data physically, account information, sensitive service contact with android system, it is to avoid android system or application obtain the risk of sensitive data.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that and the invention is not restricted to specific embodiment described here, various obvious change can be carried out for a person skilled in the art, readjust and substitute without departing from protection scope of the present invention.Therefore, all impartial changes done according to scope of the present invention patent and modification, all should belong to the covering scope of the present invention.

Claims (10)

1. one kind based on android system intelligence POS security system, it is characterized in that: include the safe CPU applying CPU and being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: also include a backup battery being connected with described safe CPU, in order to safe CPU uninterrupted power supply.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: the described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
5. one kind uses startup method based on android system intelligence POS security system described in claim 1, it is characterised in that: comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
Startup method based on android system intelligence POS security system the most according to claim 5, it is characterised in that: described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.
Startup method based on android system intelligence POS security system the most according to claim 5, it is characterised in that: described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
8. one kind uses data management-control method based on android system intelligence POS security system described in claim 1, it is characterised in that: comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
Data management-control method based on android system intelligence POS security system the most according to claim 8, it is characterized in that: described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
Data management-control method based on android system intelligence POS security system the most according to claim 8, it is characterised in that: for the numerical ciphers keyboard of PIN input, use numerical ciphers keyboard out of order, random alignment.
CN201610323596.8A 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method Active CN105957276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610323596.8A CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610323596.8A CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Publications (2)

Publication Number Publication Date
CN105957276A true CN105957276A (en) 2016-09-21
CN105957276B CN105957276B (en) 2018-01-02

Family

ID=56911692

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610323596.8A Active CN105957276B (en) 2016-05-17 2016-05-17 Based on android system intelligence POS security systems and startup, data management-control method

Country Status (1)

Country Link
CN (1) CN105957276B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529931A (en) * 2016-11-30 2017-03-22 广州云移信息科技有限公司 Intelligent POS payment safety management system
CN106558155A (en) * 2016-11-30 2017-04-05 广州云移信息科技有限公司 A kind of intelligent POS terminal of detection application program
CN107274185A (en) * 2017-08-15 2017-10-20 鼎讯网络安全技术有限公司 Safe and intelligent POS and method for secure transactions
CN107392589A (en) * 2017-07-01 2017-11-24 武汉天喻信息产业股份有限公司 Android system intelligence POS system, safe verification method, storage medium
CN108597154A (en) * 2018-04-09 2018-09-28 厦门夏新移动通讯有限公司 A kind of Internet of Things communication module group secure startup system and start method and POS machine
CN108595981A (en) * 2018-05-09 2018-09-28 深圳市桑格尔科技股份有限公司 The method for encrypting Android system
CN108629186A (en) * 2017-03-23 2018-10-09 惠尔丰(中国)信息系统有限公司 A kind of embedded-type security applied to Android system pays POS machine and method
CN108665651A (en) * 2018-04-09 2018-10-16 厦门夏新移动通讯有限公司 A kind of safe and intelligent tamper unloading system and payment devices applied to payment devices
CN108875382A (en) * 2018-05-24 2018-11-23 深圳鼎智通讯股份有限公司 A kind of intelligence POS terminal permanently prevents cutting the guard method of machine
CN108985767A (en) * 2017-05-31 2018-12-11 广州云移信息科技有限公司 A kind of PIN data secured inputting method and terminal
CN109903020A (en) * 2019-01-24 2019-06-18 北京银联金卡科技有限公司 Internet of Things secure payment platform and clean boot, defence, method of payment
CN110992047A (en) * 2019-11-29 2020-04-10 福建新大陆支付技术有限公司 Full-touch-screen POS terminal PIN safe input method
CN111027047A (en) * 2019-11-29 2020-04-17 哈尔滨安天科技集团股份有限公司 Application program sensitive information control method and device, electronic equipment and storage medium
CN111597560A (en) * 2020-05-18 2020-08-28 国网电力科学研究院有限公司 Secure trusted module starting method and system
CN112462980A (en) * 2020-12-15 2021-03-09 深圳市捷诚技术服务有限公司 Password interception preventing method and device and POS machine
CN113611059A (en) * 2021-08-09 2021-11-05 浙江理工大学科技与艺术学院 High-safety wireless POS machine system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050235205A1 (en) * 2003-02-07 2005-10-20 Nec Infrontia Corporation Touch panel key input system for POS system
CN201289667Y (en) * 2008-10-21 2009-08-12 东莞市建邦计算机软件有限公司 Electronic payment and settlement self-help terminal
CN201732442U (en) * 2010-07-19 2011-02-02 福建联迪商用设备有限公司 POS (point of sale) of mobile phone
CN102103775A (en) * 2009-12-22 2011-06-22 爱特维尔株式会社 Mobile POS terminal
CN202205287U (en) * 2011-09-07 2012-04-25 福建鑫诺通讯技术有限公司 Wireless handheld POS machine
CN202268922U (en) * 2011-09-28 2012-06-06 福建联迪商用设备有限公司 Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure
CN103530963A (en) * 2013-09-25 2014-01-22 江苏智联天地科技有限公司 Password safety protecting device and method of intelligent touch screen POS (point of sale) machine
CN103955653A (en) * 2014-04-17 2014-07-30 福建鼎恩协创电子科技有限公司 Anti-cracking security system, POS (Point Of Sale) machine and method
CN104952162A (en) * 2015-07-20 2015-09-30 上海行哲信息技术有限公司 Integrated financial security device
CN104954521A (en) * 2015-07-09 2015-09-30 南京星霸科技有限公司 POS (point of sale) terminal and mobile phone integrated equipment circuit structure
CN105488924A (en) * 2015-12-11 2016-04-13 福建新大陆支付技术有限公司 POS high-end application system and solving method

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050235205A1 (en) * 2003-02-07 2005-10-20 Nec Infrontia Corporation Touch panel key input system for POS system
CN201289667Y (en) * 2008-10-21 2009-08-12 东莞市建邦计算机软件有限公司 Electronic payment and settlement self-help terminal
CN102103775A (en) * 2009-12-22 2011-06-22 爱特维尔株式会社 Mobile POS terminal
CN201732442U (en) * 2010-07-19 2011-02-02 福建联迪商用设备有限公司 POS (point of sale) of mobile phone
CN202205287U (en) * 2011-09-07 2012-04-25 福建鑫诺通讯技术有限公司 Wireless handheld POS machine
CN202268922U (en) * 2011-09-28 2012-06-06 福建联迪商用设备有限公司 Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure
CN103530963A (en) * 2013-09-25 2014-01-22 江苏智联天地科技有限公司 Password safety protecting device and method of intelligent touch screen POS (point of sale) machine
CN103955653A (en) * 2014-04-17 2014-07-30 福建鼎恩协创电子科技有限公司 Anti-cracking security system, POS (Point Of Sale) machine and method
CN104954521A (en) * 2015-07-09 2015-09-30 南京星霸科技有限公司 POS (point of sale) terminal and mobile phone integrated equipment circuit structure
CN104952162A (en) * 2015-07-20 2015-09-30 上海行哲信息技术有限公司 Integrated financial security device
CN105488924A (en) * 2015-12-11 2016-04-13 福建新大陆支付技术有限公司 POS high-end application system and solving method

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106558155A (en) * 2016-11-30 2017-04-05 广州云移信息科技有限公司 A kind of intelligent POS terminal of detection application program
CN106529931A (en) * 2016-11-30 2017-03-22 广州云移信息科技有限公司 Intelligent POS payment safety management system
CN108629186A (en) * 2017-03-23 2018-10-09 惠尔丰(中国)信息系统有限公司 A kind of embedded-type security applied to Android system pays POS machine and method
CN108985767A (en) * 2017-05-31 2018-12-11 广州云移信息科技有限公司 A kind of PIN data secured inputting method and terminal
CN107392589A (en) * 2017-07-01 2017-11-24 武汉天喻信息产业股份有限公司 Android system intelligence POS system, safe verification method, storage medium
CN107392589B (en) * 2017-07-01 2023-08-01 武汉天喻信息产业股份有限公司 Android system intelligent POS system, security verification method and storage medium
CN107274185A (en) * 2017-08-15 2017-10-20 鼎讯网络安全技术有限公司 Safe and intelligent POS and method for secure transactions
CN108597154A (en) * 2018-04-09 2018-09-28 厦门夏新移动通讯有限公司 A kind of Internet of Things communication module group secure startup system and start method and POS machine
CN108665651A (en) * 2018-04-09 2018-10-16 厦门夏新移动通讯有限公司 A kind of safe and intelligent tamper unloading system and payment devices applied to payment devices
CN108597154B (en) * 2018-04-09 2020-11-17 厦门夏新移动通讯有限公司 Safe starting system and starting method for communication module of Internet of things and POS machine
CN108595981A (en) * 2018-05-09 2018-09-28 深圳市桑格尔科技股份有限公司 The method for encrypting Android system
CN108595981B (en) * 2018-05-09 2021-07-20 深圳市桑格尔科技股份有限公司 Method for encrypting android system
CN108875382A (en) * 2018-05-24 2018-11-23 深圳鼎智通讯股份有限公司 A kind of intelligence POS terminal permanently prevents cutting the guard method of machine
CN108875382B (en) * 2018-05-24 2022-05-10 深圳鼎智通讯股份有限公司 Protection method for permanent anti-cutting machine of intelligent POS terminal
CN109903020A (en) * 2019-01-24 2019-06-18 北京银联金卡科技有限公司 Internet of Things secure payment platform and clean boot, defence, method of payment
CN111027047A (en) * 2019-11-29 2020-04-17 哈尔滨安天科技集团股份有限公司 Application program sensitive information control method and device, electronic equipment and storage medium
CN110992047A (en) * 2019-11-29 2020-04-10 福建新大陆支付技术有限公司 Full-touch-screen POS terminal PIN safe input method
CN111027047B (en) * 2019-11-29 2024-04-02 安天科技集团股份有限公司 Application sensitive information management and control method and device, electronic equipment and storage medium
CN111597560A (en) * 2020-05-18 2020-08-28 国网电力科学研究院有限公司 Secure trusted module starting method and system
CN111597560B (en) * 2020-05-18 2023-05-09 国网电力科学研究院有限公司 Safe and reliable module starting method and system
CN112462980A (en) * 2020-12-15 2021-03-09 深圳市捷诚技术服务有限公司 Password interception preventing method and device and POS machine
CN113611059A (en) * 2021-08-09 2021-11-05 浙江理工大学科技与艺术学院 High-safety wireless POS machine system

Also Published As

Publication number Publication date
CN105957276B (en) 2018-01-02

Similar Documents

Publication Publication Date Title
CN105957276A (en) Android system-based intelligent POS security system, starting method and data management control method
US11276093B2 (en) Trusted remote attestation agent (TRAA)
US10430616B2 (en) Systems and methods for secure processing with embedded cryptographic unit
US10120993B2 (en) Secure identity binding (SIB)
CN103544599B (en) Embedded-type security element for authenticating, storing and trading in mobile terminal
AU2018214800B2 (en) Methods and systems for securely storing sensitive data on smart cards
CN104217327B (en) A kind of financial IC card internet terminal and its method of commerce
US8650614B2 (en) Interactive phishing detection (IPD)
CN205656721U (en) Based on intelligence POS safety circuit of android system
US20150019442A1 (en) Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
US20100306076A1 (en) Trusted Integrity Manager (TIM)
CN106465112A (en) Offline authentication
CN106688004A (en) Transaction authentication method, device, mobile terminal, POS terminal and server
Cheng et al. A secure and practical key management mechanism for NFC read-write mode
US20160027011A1 (en) Transaction terminal device, transaction processing method, and transaction processing system
CN205091758U (en) Card reader and CPU card transaction system
CN107133512A (en) POS terminal control method and device
CN201185082Y (en) Mobile memory with high safety
CN107197025B (en) Remote management system and method of intelligent POS
CN108460597A (en) A kind of key management system and method
CN104835038A (en) Networking payment device and networking payment method
CN110417557A (en) Intelligent terminal peripheral data method of controlling security and device
US11663584B2 (en) System and method for indicating entry of personal identification number
CN105989489B (en) A kind of method and payment terminal of IC card networking certification
Brandt et al. Don’t push it: breaking iButton security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant