CN105957276A - Android system-based intelligent POS security system, starting method and data management control method - Google Patents
Android system-based intelligent POS security system, starting method and data management control method Download PDFInfo
- Publication number
- CN105957276A CN105957276A CN201610323596.8A CN201610323596A CN105957276A CN 105957276 A CN105957276 A CN 105957276A CN 201610323596 A CN201610323596 A CN 201610323596A CN 105957276 A CN105957276 A CN 105957276A
- Authority
- CN
- China
- Prior art keywords
- cpu
- safe
- application
- data
- android system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0009—Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0018—Constructional details, e.g. of drawer, printing means, input means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to an Android system-based intelligent POS security system, a starting method and a data management control method. The system comprises an application CPU and a security CPU connected with the application CPU, the application CPU is also connected with a communication module, a display screen and an internal memory, and the security CPU is also connected with a touch screen, a contact IC card reader, a non-contact IC card reader, a magnetic card reader and a physical security circuit. According to the present invention, the transaction sensitive information, such as the bank encryption/decryption secret keys, the user ciphers, the account data, etc., is protected effectively, the contact of the sensitive data and an Android system is isolated effectively, at the same time, a signature verification mechanisms is provided to protect the integrity and the legality of the Android system and the APP programs effectively, thereby guaranteeing the payment security of the Android system-based intelligent POS.
Description
Technical field
The present invention relates to E-Payment field, particularly relate to a kind of based on android system intelligence POS security system and startup, data management-control method.
Background technology
Traditional point of sale terminal, i.e. tradition POS, be market, the wide variety of a kind of Electronic Finance payment and settlement device in supermarket.This tradition POS, based on special hardware platform and the software system of closing, uses physical keyboard to carry out Password Input, has been only capable of the financial payment function of routine or customization.Such as when buying the commodity in market, supermarket, cashier uses such POS to input payment, and consumer swipes the card in such POS and realizes payment function, it is impossible to is used for buying the cloud such as train ticket, plane ticket and pays application.Although tradition POS stablizes safety, but system falls behind, poor performance, and Consumer's Experience, opening and autgmentability are the most poor, and its hardware and software platform performance cannot meet the functional requirement of the emerging payment transactions such as cloud payment.
For relatively conventional POS, Android operation system is intelligent operating system, possesses abundant function, good Consumer's Experience, extensibility, opening.Intelligent POS terminal based on Android operation system, has merged the payment function that traditional POS payment terminal is possessed, has had again good Consumer's Experience and extensibility, be especially suitable for the functional requirement of the emerging payment transactions such as cloud payment.But the opening due to android system hardware and software platform, all there are security breaches at application, system and hardware view, be easily embedded into back door such as APP, there is leak in operating system security, ROOT authority is easily tampered, and these all bring the biggest challenge to payment safety.
According to financial industry safety standard requirements, the account data of the users such as bank's encryption and decryption key, user cipher, magnetic stripe/IC-card is required for by strict protection.But, application model that android system is intrinsic and security flaw, extremely difficult based on the complete continuous print defence line of this system constructing one.Such as, during most basic Password Input, hacker can utilize the security breaches that android system application layer, ccf layer, driving layer or hardware layer exist easily, in touch-screen input, shows, preserves, transmits links, intercepts related data;Possesses the Android application of Root authority, it is possible to obtain all core datas include bank's encryption and decryption key etc..Therefore, it is implemented in the intelligent POS on Android open systems, is difficult to meet financial industry safety standard requirements.
Some intelligence POS product uses customization android system to strengthen the safety of operating system bottom, forbid Root, forbid that unsigned APP installs and loads, the methods such as payment related application and other application isolation are promoted safety, but by lost Android operation system opening, extensibility, even Consumer's Experience, exploitation and safety certification cycle are long, and, the most unavoidably there is security risk.
Summary of the invention
It is an object of the invention to provide a kind of solve the problems referred to above based on android system intelligence POS security system and startup, data management-control method; this system effectively protects the transaction sensitive information such as bank's encryption and decryption key, user cipher and account data; and it has been effectively isolated contacting of these sensitive datas and android system; simultaneously; integrity and the legitimacy of the machine-processed program effectively protecting android system and APP of signature verification are provided, ensure that the payment safety of intelligent POS based on android system.
For achieving the above object, the technical scheme is that a kind of based on android system intelligence POS security system, including applying CPU and the safe CPU being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
In an embodiment of the present invention, a backup battery being connected with described safe CPU is also included, in order to safe CPU uninterrupted power supply.
In an embodiment of the present invention, the described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
In an embodiment of the present invention, described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
Present invention also offers and a kind of use startup method based on android system intelligence POS security system described above, comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
In an embodiment of the present invention, described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.
In an embodiment of the present invention, described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
Present invention also offers and a kind of use data management-control method based on android system intelligence POS security system described above, comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
In an embodiment of the present invention, described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
In an embodiment of the present invention, for the numerical ciphers keyboard of PIN input, numerical ciphers keyboard out of order, random alignment is used.
Compared to prior art, the method have the advantages that
One, key data obtain physical isolation and protection, and safety is high;Safe CPU storage and manage whole encryption and decryption key, application CPU do not stores, do not manage any encryption and decryption key, physically the contacting of isolation key data and android system, it is to avoid android system or the risk of application acquisition key data;
Two, sensitive data and sensitive service obtain physical isolation and protection, and safety is high;The account data of the PIN input of user and computations, user reads and computations is all carried out inside safe CPU, application CPU does not process these sensitive datas and sensitive service, it is merely responsible for transmitting ciphertext data, isolate PIN data physically, account information, sensitive service contact with android system, it is to avoid android system or application obtain the risk of sensitive data;
Three, illegal program can not run, and safety is high;Application CPU starts program and is controlled by safe CPU, and verifies android system and the integrity of application program and legitimacy step by step with top PKI etc., thus stops the operation of illegal program, it is ensured that equipment and the safety of payment;
Therefore, the present invention systematicness can evade the security risk that android system exists, and ideally solves the safety problem that intelligent POS based on android system exists.
Accompanying drawing explanation
Fig. 1 is the electrical block diagram of android system intelligence POS equipment of the present invention.
Fig. 2 is the safe starting method flow chart of application CPU.
Fig. 3 is a kind of sensitive data management-control method flow chart.
Detailed description of the invention
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
The one of the present invention is based on android system intelligence POS security system, including applying CPU and the safe CPU being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
Also include a backup battery being connected with described safe CPU, in order to safe CPU uninterrupted power supply.
The described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
Described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
Present invention also offers and a kind of use startup method based on android system intelligence POS security system described above, comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
Described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.Or described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
Present invention also offers and a kind of use data management-control method based on android system intelligence POS security system described above, comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
Described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
For the numerical ciphers keyboard of PIN input, use numerical ciphers keyboard out of order, random alignment.
It it is below the concrete application example of the present invention.
Refer to shown in Fig. 1, the electrical block diagram of the android system intelligence POS equipment that Fig. 1 provides for the embodiment of the present invention.
In the present embodiment, the circuit structure of android system intelligence POS equipment specifically includes communication module, application CPU, memory storage, display screen, touch screen, safe CPU, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery.
Described communication module, memory storage, display screen are connected with described application CPU;Described touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit, backup battery are connected with described safe CPU;Described application CPU is connected with described safe CPU.
Described application CPU is used for running android system and paying APP;Described safe CPU is for security protection and processes safety-related data, specifically include: the physical security circuit described in driving, for equipment physical attacks is protected, prevent from tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change;Storage and management encryption and decryption key;From contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain account data and the parameter transaction of user's bank card, and by described touch screen, obtain user PIN input, inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature, be transferred to bank transaction management platform by application CPU and the communication module that connected thereof afterwards and complete payment transaction.
Described backup battery, under equipment off-mode, provides working power for safe CPU, makes equipment by continual protection.
Described touch screen, is managed by safe CPU, in user's PIN input process, safe CPU directly obtains PIN and inputs data, apply CPU inaccessible, and only after PIN input process terminates, application CPU can access touch screen.
Especially, described touch screen, safe CPU manage, provide access path, application CPU to access touch screen for application CPU and comprise three steps.
Step 1, CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2, the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3, the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU.
In user's PIN input process, safe CPU has taken over touch screen and has controlled and obtain user PIN input, and only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
The android system intelligence POS circuitry structure provided in the present embodiment, the PIN making user inputs, and the account data of the user's bank card from contact IC-card card reader, non-contact IC card reader or magnetic card reader acquisition, directly driven by safe CPU and manage, application CPU not directly accesses, isolate PIN data physically, account information contacts with android system, it is to avoid android system or application obtain the risk of sensitive data.
Refer to shown in Fig. 2, Fig. 2 is the safe starting method flow chart of embodiment of the present invention application CPU.
In the present embodiment, it is provided that a kind of safe starting method applying CPU, comprise the steps of:
Step 1, when equipment starts, safe CPU first starts, and controls the interface of application CPU and safe CPU and uniquely starts source as application CPU, and controls application CPU and be allowed to start;
Step 2, after the safe self-inspection of safe CPU completes, provide startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step 3, application CPU perform startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage, if signature verification is not passed through, then return " sign test mistake " to safe CPU, program endless loop.
Step 4, application CPU then perform two grades of startup programs, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage are carried out signature verification.If signature verification is not passed through, then return " sign test mistake " to safe CPU, program endless loop.
Step 5, application CPU then perform the android system program of memory storage, and with three grades of PKIs of correspondence respectively to being stored in memory storage or newly downloaded APP carries out signature verification.The APP that only signature verification is passed through allows to perform, and the APP that signature verification is not passed through does not allows to load or download.
Step 6, safe cpu monitor application CPU clean boot information, if receiving " sign test mistake ", then termination device starts.If signature verification is correct, safe CPU then processes all of sensitive data of payment transaction and provides sensitive service for application CPU.
Above-mentioned " signature verification " algorithm, can use SHA256 algorithm to obtain data summarization, then with RSA2048 or RSA4096 algorithm, data summarization calculate signature numerical value, then compare with the signature numerical value of storage in memory storage, to confirm the correctness of signature;SM3 algorithm can also be used to obtain data summarization, then with SM2 algorithm, data summarization calculated signature numerical value, then compare with the signature numerical value of storage in memory storage, to confirm the correctness of signature.
The safe starting method of the application CPU provided in the present embodiment, application CPU starts program and is controlled by safe CPU, and verify android system and the integrity of application program and legitimacy step by step with top PKI etc., thus stop operation and the download of illegal program, for equipment and the basic condition safely providing key of payment.
Refer to shown in Fig. 3, Fig. 3 is embodiment of the present invention sensitive data management-control method flow chart.
In the present embodiment, it is provided that a kind of based on android system intelligence POS sensitive data management-control method, including following rate-determining steps:
Step 1, when bank key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step 2, android system program and APP run at application CPU, and when needs are paid by mails, application CPU processes application flow and user interface prompt, issues a command to safe CPU and reads user account data;By safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use account data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step 3, user's PIN input process, application CPU points out input PIN, display digit code keypad on a display screen, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step 4, application CPU issue a command to safe CPU and obtain transaction message;Safe CPU integrates the data such as the payment terminal parameter of this transaction, account data ciphertext, dealing money, PIN data ciphertext, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step 5, application CPU pass through connected communication module and carry out communication with bank transaction service platform, complete payment transaction.
Above-mentioned encryption and decryption key, can use symmetrical key, at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and AES is 3DES, it is also possible to be SM4 algorithm.
Above-mentioned application CPU shown numerical ciphers keyboard on a display screen, can be the numerical ciphers keyboard of normal sequence, stationary arrangement, it is also possible to be out of order, random alignment numerical ciphers keyboard.
The sensitive data management-control method provided in the present embodiment, the account data of the PIN input of user and computations, user reads and computations is all carried out inside safe CPU, application CPU does not process these sensitive datas and sensitive service, it is merely responsible for transmitting ciphertext data, isolate PIN data physically, account information, sensitive service contact with android system, it is to avoid android system or application obtain the risk of sensitive data.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that and the invention is not restricted to specific embodiment described here, various obvious change can be carried out for a person skilled in the art, readjust and substitute without departing from protection scope of the present invention.Therefore, all impartial changes done according to scope of the present invention patent and modification, all should belong to the covering scope of the present invention.
Claims (10)
1. one kind based on android system intelligence POS security system, it is characterized in that: include the safe CPU applying CPU and being connected with this application CPU, described application CPU is also connected with communication module, display screen, memory storage, described safe CPU also with touch screen, contact IC-card card reader, non-contact IC card reader, magnetic card reader, physical security circuit connect;
Described safe CPU is used for realizing security protection and processing safety-relevant data, specifically includes: drive described physical security circuit, with the protection physical attacks to equipment;User's bank card account number data are obtained by described contact IC-card card reader, non-contact IC card reader, magnetic card reader;Storage and management encryption and decryption key;By described touch screen, obtain user PIN input, and inside safe CPU, complete PIN encryption, user account data encryption, transaction message signature;
Described application CPU is used for realizing: runs android system and pays APP;Described application CPU can also access, after user's PIN input process terminates, the touch screen being connected with safe CPU.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: also include a backup battery being connected with described safe CPU, in order to safe CPU uninterrupted power supply.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: the described physical attacks to equipment includes tearing open the attack that mechanical, electrical road is distorted, acquisition of signal, environmental condition and working condition change.
It is the most according to claim 1 based on android system intelligence POS security system, it is characterised in that: described application CPU can also access touch screen by safe CPU, implements process as follows:
Step 1: CPU is by the communication interface being connected with safe CPU in application, issues a command to safe CPU;
Step 2: the instruction of application CPU, by the communication interface with touch screen, is passed to touch screen, obtains the touch information that touch screen returns by safe CPU;
Step 3: the touch information obtained by the communication interface being connected with application CPU, is sent to apply CPU by safe CPU;
And in user's PIN input process, safe CPU adapter touch screen controls and obtains user PIN input, only after PIN input process terminates, the dependent instruction that application CPU accesses touch screen is just effective.
5. one kind uses startup method based on android system intelligence POS security system described in claim 1, it is characterised in that: comprise the steps,
Step S1: when equipment starts, safe CPU first starts, and the interface of control application CPU and safe CPU is as applying CPU's uniquely to start source, and controls to apply CPU to be allowed to start;
Step S2: after the safe self-inspection of safe CPU completes, provides startup program and top PKI for application CPU, it is allowed to application CPU starts;
Step S3: application CPU performs startup program, and the top PKI using safe CPU to provide carries out signature verification to the two grades of startup programs and two grades of PKIs that are stored in memory storage;
Step S4: application CPU performs two grades and starts program, and with two grades of PKIs, the android system program and multiple three grades of PKIs that are stored in memory storage is carried out signature verification;
Step S5: application CPU performs the android system program of memory storage, and respectively the APP being stored in memory storage or download is carried out signature verification with three grades of corresponding PKIs;
Step S6: application CPU performs APP, safe CPU and then processes all of sensitive data of payment transaction and provide sensitive service for application CPU.
Startup method based on android system intelligence POS security system the most according to claim 5, it is characterised in that: described signature verification uses SHA256 data summarization algorithm, and uses RSA2048 or RSA4096 data signature algorithm.
Startup method based on android system intelligence POS security system the most according to claim 5, it is characterised in that: described signature verification uses SM3 data summarization algorithm, and uses SM2 data signature algorithm.
8. one kind uses data management-control method based on android system intelligence POS security system described in claim 1, it is characterised in that: comprise the steps,
Step S01: when bank's key is downloaded, safe CPU store and manage whole encryption and decryption key, and apply CPU not store, do not manage any encryption and decryption key;
Step S02: application CPU issues a command to safe CPU and reads user account data: by safe CPU from contact IC-card card reader, non-contact IC card reader or magnetic card reader, obtain the account data of user's bank card, use data encryption secret key pair account data to be encrypted computing immediately produce account data ciphertext and store this ciphertext, return and read success status to application CPU;
Step S03: CPU is at display screen display digit code keypad in application, issues a command to safe CPU and obtains user's PIN data, and transmission numerical ciphers keyboard layout and positional information give safe CPU simultaneously;Safe CPU adapter touch screen controls and obtains user PIN input, uses PIN encryption secret key pair PIN data to be encrypted computing immediately and produces PIN data ciphertext and store, and returns and reads success status to application CPU;After PIN end of input, the control of safe CPU release touch screen;
Step S04: application CPU issues a command to safe CPU and obtains transaction message;Safe CPU integrates this transaction and includes payment terminal parameter, account data ciphertext, dealing money, PIN data ciphertext data, uses MAC encryption key to carry out MAC calculating, forms transaction message, returns to apply CPU;
Step S05: application CPU carries out communication by communication module and bank transaction service platform, completes payment transaction.
Data management-control method based on android system intelligence POS security system the most according to claim 8, it is characterized in that: described encryption and decryption key at least includes that account data encryption key, PIN encryption key, MAC encrypt key, and enciphering and deciphering algorithm is 3DES or SM4 algorithm.
Data management-control method based on android system intelligence POS security system the most according to claim 8, it is characterised in that: for the numerical ciphers keyboard of PIN input, use numerical ciphers keyboard out of order, random alignment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610323596.8A CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610323596.8A CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105957276A true CN105957276A (en) | 2016-09-21 |
CN105957276B CN105957276B (en) | 2018-01-02 |
Family
ID=56911692
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610323596.8A Active CN105957276B (en) | 2016-05-17 | 2016-05-17 | Based on android system intelligence POS security systems and startup, data management-control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105957276B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106529931A (en) * | 2016-11-30 | 2017-03-22 | 广州云移信息科技有限公司 | Intelligent POS payment safety management system |
CN106558155A (en) * | 2016-11-30 | 2017-04-05 | 广州云移信息科技有限公司 | A kind of intelligent POS terminal of detection application program |
CN107274185A (en) * | 2017-08-15 | 2017-10-20 | 鼎讯网络安全技术有限公司 | Safe and intelligent POS and method for secure transactions |
CN107392589A (en) * | 2017-07-01 | 2017-11-24 | 武汉天喻信息产业股份有限公司 | Android system intelligence POS system, safe verification method, storage medium |
CN108597154A (en) * | 2018-04-09 | 2018-09-28 | 厦门夏新移动通讯有限公司 | A kind of Internet of Things communication module group secure startup system and start method and POS machine |
CN108595981A (en) * | 2018-05-09 | 2018-09-28 | 深圳市桑格尔科技股份有限公司 | The method for encrypting Android system |
CN108629186A (en) * | 2017-03-23 | 2018-10-09 | 惠尔丰(中国)信息系统有限公司 | A kind of embedded-type security applied to Android system pays POS machine and method |
CN108665651A (en) * | 2018-04-09 | 2018-10-16 | 厦门夏新移动通讯有限公司 | A kind of safe and intelligent tamper unloading system and payment devices applied to payment devices |
CN108875382A (en) * | 2018-05-24 | 2018-11-23 | 深圳鼎智通讯股份有限公司 | A kind of intelligence POS terminal permanently prevents cutting the guard method of machine |
CN108985767A (en) * | 2017-05-31 | 2018-12-11 | 广州云移信息科技有限公司 | A kind of PIN data secured inputting method and terminal |
CN109903020A (en) * | 2019-01-24 | 2019-06-18 | 北京银联金卡科技有限公司 | Internet of Things secure payment platform and clean boot, defence, method of payment |
CN110992047A (en) * | 2019-11-29 | 2020-04-10 | 福建新大陆支付技术有限公司 | Full-touch-screen POS terminal PIN safe input method |
CN111027047A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Application program sensitive information control method and device, electronic equipment and storage medium |
CN111597560A (en) * | 2020-05-18 | 2020-08-28 | 国网电力科学研究院有限公司 | Secure trusted module starting method and system |
CN112462980A (en) * | 2020-12-15 | 2021-03-09 | 深圳市捷诚技术服务有限公司 | Password interception preventing method and device and POS machine |
CN113611059A (en) * | 2021-08-09 | 2021-11-05 | 浙江理工大学科技与艺术学院 | High-safety wireless POS machine system |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050235205A1 (en) * | 2003-02-07 | 2005-10-20 | Nec Infrontia Corporation | Touch panel key input system for POS system |
CN201289667Y (en) * | 2008-10-21 | 2009-08-12 | 东莞市建邦计算机软件有限公司 | Electronic payment and settlement self-help terminal |
CN201732442U (en) * | 2010-07-19 | 2011-02-02 | 福建联迪商用设备有限公司 | POS (point of sale) of mobile phone |
CN102103775A (en) * | 2009-12-22 | 2011-06-22 | 爱特维尔株式会社 | Mobile POS terminal |
CN202205287U (en) * | 2011-09-07 | 2012-04-25 | 福建鑫诺通讯技术有限公司 | Wireless handheld POS machine |
CN202268922U (en) * | 2011-09-28 | 2012-06-06 | 福建联迪商用设备有限公司 | Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure |
CN103530963A (en) * | 2013-09-25 | 2014-01-22 | 江苏智联天地科技有限公司 | Password safety protecting device and method of intelligent touch screen POS (point of sale) machine |
CN103955653A (en) * | 2014-04-17 | 2014-07-30 | 福建鼎恩协创电子科技有限公司 | Anti-cracking security system, POS (Point Of Sale) machine and method |
CN104952162A (en) * | 2015-07-20 | 2015-09-30 | 上海行哲信息技术有限公司 | Integrated financial security device |
CN104954521A (en) * | 2015-07-09 | 2015-09-30 | 南京星霸科技有限公司 | POS (point of sale) terminal and mobile phone integrated equipment circuit structure |
CN105488924A (en) * | 2015-12-11 | 2016-04-13 | 福建新大陆支付技术有限公司 | POS high-end application system and solving method |
-
2016
- 2016-05-17 CN CN201610323596.8A patent/CN105957276B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050235205A1 (en) * | 2003-02-07 | 2005-10-20 | Nec Infrontia Corporation | Touch panel key input system for POS system |
CN201289667Y (en) * | 2008-10-21 | 2009-08-12 | 东莞市建邦计算机软件有限公司 | Electronic payment and settlement self-help terminal |
CN102103775A (en) * | 2009-12-22 | 2011-06-22 | 爱特维尔株式会社 | Mobile POS terminal |
CN201732442U (en) * | 2010-07-19 | 2011-02-02 | 福建联迪商用设备有限公司 | POS (point of sale) of mobile phone |
CN202205287U (en) * | 2011-09-07 | 2012-04-25 | 福建鑫诺通讯技术有限公司 | Wireless handheld POS machine |
CN202268922U (en) * | 2011-09-28 | 2012-06-06 | 福建联迪商用设备有限公司 | Point-of-sale (POS) terminal and mobile phone integral equipment circuit structure |
CN103530963A (en) * | 2013-09-25 | 2014-01-22 | 江苏智联天地科技有限公司 | Password safety protecting device and method of intelligent touch screen POS (point of sale) machine |
CN103955653A (en) * | 2014-04-17 | 2014-07-30 | 福建鼎恩协创电子科技有限公司 | Anti-cracking security system, POS (Point Of Sale) machine and method |
CN104954521A (en) * | 2015-07-09 | 2015-09-30 | 南京星霸科技有限公司 | POS (point of sale) terminal and mobile phone integrated equipment circuit structure |
CN104952162A (en) * | 2015-07-20 | 2015-09-30 | 上海行哲信息技术有限公司 | Integrated financial security device |
CN105488924A (en) * | 2015-12-11 | 2016-04-13 | 福建新大陆支付技术有限公司 | POS high-end application system and solving method |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106558155A (en) * | 2016-11-30 | 2017-04-05 | 广州云移信息科技有限公司 | A kind of intelligent POS terminal of detection application program |
CN106529931A (en) * | 2016-11-30 | 2017-03-22 | 广州云移信息科技有限公司 | Intelligent POS payment safety management system |
CN108629186A (en) * | 2017-03-23 | 2018-10-09 | 惠尔丰(中国)信息系统有限公司 | A kind of embedded-type security applied to Android system pays POS machine and method |
CN108985767A (en) * | 2017-05-31 | 2018-12-11 | 广州云移信息科技有限公司 | A kind of PIN data secured inputting method and terminal |
CN107392589A (en) * | 2017-07-01 | 2017-11-24 | 武汉天喻信息产业股份有限公司 | Android system intelligence POS system, safe verification method, storage medium |
CN107392589B (en) * | 2017-07-01 | 2023-08-01 | 武汉天喻信息产业股份有限公司 | Android system intelligent POS system, security verification method and storage medium |
CN107274185A (en) * | 2017-08-15 | 2017-10-20 | 鼎讯网络安全技术有限公司 | Safe and intelligent POS and method for secure transactions |
CN108597154A (en) * | 2018-04-09 | 2018-09-28 | 厦门夏新移动通讯有限公司 | A kind of Internet of Things communication module group secure startup system and start method and POS machine |
CN108665651A (en) * | 2018-04-09 | 2018-10-16 | 厦门夏新移动通讯有限公司 | A kind of safe and intelligent tamper unloading system and payment devices applied to payment devices |
CN108597154B (en) * | 2018-04-09 | 2020-11-17 | 厦门夏新移动通讯有限公司 | Safe starting system and starting method for communication module of Internet of things and POS machine |
CN108595981A (en) * | 2018-05-09 | 2018-09-28 | 深圳市桑格尔科技股份有限公司 | The method for encrypting Android system |
CN108595981B (en) * | 2018-05-09 | 2021-07-20 | 深圳市桑格尔科技股份有限公司 | Method for encrypting android system |
CN108875382A (en) * | 2018-05-24 | 2018-11-23 | 深圳鼎智通讯股份有限公司 | A kind of intelligence POS terminal permanently prevents cutting the guard method of machine |
CN108875382B (en) * | 2018-05-24 | 2022-05-10 | 深圳鼎智通讯股份有限公司 | Protection method for permanent anti-cutting machine of intelligent POS terminal |
CN109903020A (en) * | 2019-01-24 | 2019-06-18 | 北京银联金卡科技有限公司 | Internet of Things secure payment platform and clean boot, defence, method of payment |
CN111027047A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Application program sensitive information control method and device, electronic equipment and storage medium |
CN110992047A (en) * | 2019-11-29 | 2020-04-10 | 福建新大陆支付技术有限公司 | Full-touch-screen POS terminal PIN safe input method |
CN111027047B (en) * | 2019-11-29 | 2024-04-02 | 安天科技集团股份有限公司 | Application sensitive information management and control method and device, electronic equipment and storage medium |
CN111597560A (en) * | 2020-05-18 | 2020-08-28 | 国网电力科学研究院有限公司 | Secure trusted module starting method and system |
CN111597560B (en) * | 2020-05-18 | 2023-05-09 | 国网电力科学研究院有限公司 | Safe and reliable module starting method and system |
CN112462980A (en) * | 2020-12-15 | 2021-03-09 | 深圳市捷诚技术服务有限公司 | Password interception preventing method and device and POS machine |
CN113611059A (en) * | 2021-08-09 | 2021-11-05 | 浙江理工大学科技与艺术学院 | High-safety wireless POS machine system |
Also Published As
Publication number | Publication date |
---|---|
CN105957276B (en) | 2018-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105957276A (en) | Android system-based intelligent POS security system, starting method and data management control method | |
US11276093B2 (en) | Trusted remote attestation agent (TRAA) | |
US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
US10120993B2 (en) | Secure identity binding (SIB) | |
CN103544599B (en) | Embedded-type security element for authenticating, storing and trading in mobile terminal | |
AU2018214800B2 (en) | Methods and systems for securely storing sensitive data on smart cards | |
CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
US8650614B2 (en) | Interactive phishing detection (IPD) | |
CN205656721U (en) | Based on intelligence POS safety circuit of android system | |
US20150019442A1 (en) | Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions | |
US20100306076A1 (en) | Trusted Integrity Manager (TIM) | |
CN106465112A (en) | Offline authentication | |
CN106688004A (en) | Transaction authentication method, device, mobile terminal, POS terminal and server | |
Cheng et al. | A secure and practical key management mechanism for NFC read-write mode | |
US20160027011A1 (en) | Transaction terminal device, transaction processing method, and transaction processing system | |
CN205091758U (en) | Card reader and CPU card transaction system | |
CN107133512A (en) | POS terminal control method and device | |
CN201185082Y (en) | Mobile memory with high safety | |
CN107197025B (en) | Remote management system and method of intelligent POS | |
CN108460597A (en) | A kind of key management system and method | |
CN104835038A (en) | Networking payment device and networking payment method | |
CN110417557A (en) | Intelligent terminal peripheral data method of controlling security and device | |
US11663584B2 (en) | System and method for indicating entry of personal identification number | |
CN105989489B (en) | A kind of method and payment terminal of IC card networking certification | |
Brandt et al. | Don’t push it: breaking iButton security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |