CN106408298A - Method for clearing attack alarm for terminal through authorization and system thereof - Google Patents
Method for clearing attack alarm for terminal through authorization and system thereof Download PDFInfo
- Publication number
- CN106408298A CN106408298A CN201610768865.1A CN201610768865A CN106408298A CN 106408298 A CN106408298 A CN 106408298A CN 201610768865 A CN201610768865 A CN 201610768865A CN 106408298 A CN106408298 A CN 106408298A
- Authority
- CN
- China
- Prior art keywords
- service
- data
- terminal
- certification
- certified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000000284 extract Substances 0.000 claims description 6
- 241001269238 Data Species 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000000034 method Methods 0.000 abstract description 16
- 238000004891 communication Methods 0.000 abstract description 2
- 229920001276 Ammonium polyphosphate Polymers 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000000875 corresponding Effects 0.000 description 4
- 239000000203 mixture Substances 0.000 description 4
- 230000002452 interceptive Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 241000209202 Bromus secalinus Species 0.000 description 1
- 235000004418 Durio kutejensis Nutrition 0.000 description 1
- 210000003205 Muscles Anatomy 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006011 modification reaction Methods 0.000 description 1
- 238000011017 operating method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Abstract
The invention provides a method for clearing attack alarm for a terminal through authorization and a system thereof, and belongs to the technical field of communication. The method for clearing attack alarm for the terminal through authorization comprises the steps that a server side acquires an authentication account and judges that the authentication account has attack clearing authority; then the server side transmits first data under authentication to an attack clearing tool; the attack clearing tool encrypts the first data under authentication so that first authentication data are generated; the server side authenticates the first authentication data; if authentication is passed, the terminal transmits second data under authentication to the server side; the sever side authenticates the second data under authentication, and if authentication is passed, the second data under authentication are encrypted and second authentication data are generated and the second authentication data are transmitted to the terminal; and if the terminal passes authentication of the second authentication data, the terminal clears attack alarm prompting. The whole process adopts dual-factor authentication so that the security can be ensured. Besides, clearing attack alarm prompting for the terminal is a legal behavior approved by the server side so that the legality of attack clearing operation can be ensured.
Description
Technical field
The present invention relates to communication technical field, particularly to a kind of mandate, attack alarm method and system are removed to terminal.
Background technology
Financial payment field, for ensureing the safety of terminal unit, after terminal unit is under attack, terminal unit can enter
Enter under fire state, can constantly show attack alarm, and equipment cannot be carried out normal payment transaction, need to remove terminal
Attack and report to the police, to be keeped in repair, removing attack warning and seeming particularly significant and urgent, and being close using fixation in prior art
Code is attacked it is easy to allow some lawless persons to break a code clearly, completes clear attack operation, and the safety of terminal unit will be caused
Greatly potential problem.
Content of the invention
For this reason, it may be necessary to provide a kind of mandate that terminal is removed with attack alarm method, under attack in order to solve terminal unit
Afterwards, can constantly show attack alarm, equipment cannot be carried out normal payment transaction, and remove attack using fixed password and report to the police
The relatively low problem of processing safety.
For achieving the above object, inventor provide a kind of mandate and the method attacking warning, technical scheme are removed to terminal
As follows:
A kind of mandate removes, to terminal, the method attacking warning, including step:
Service end obtains certification account, and service end judges whether described certification account has removing to attack authority;If having, service
End sends the first data to be certified to removing attack tool, and described removing attack tool obtains operator's certificate from U-KEY, described
U-KEY includes:Operator's private key;Remove attack tool to carry out adding using the first data to be certified described in described operator's private key pair
Close, generate the first authentication data, remove attack tool and send described operator's certificate and described first authentication data to service end;
Service end is authenticated to the first authentication data;If certification is passed through, terminal sends the second data to be certified to removing attack tool,
Remove attack tool and send the described second data to be certified to service end;Service end receives the described second data to be certified, service
End is authenticated to the described second data to be certified, if certification is passed through, service end is to be certified using described in certification private key pair second
Data is encrypted generation the second authentication data, and service end sends described second authentication data to terminal;Terminal uses certification public
Key is authenticated to described second authentication data, if certification is passed through, removes attack tool and sends instructions to terminal;Terminal receives institute
State instruction, terminal is removed and attacked alarm.
Further, before service end obtains certification account, also include step:Service end generates public private key pair, described public affairs
Private key pair includes:Certification public key and certification private key, service end authentication storage private key, service end sends described certification public key to eventually
End;Terminal receives described certification public key.
Further, terminal is authenticated to described second authentication data using certification public key, including step:Terminal uses
Described certification public key is decrypted to described second authentication data, and the data to be certified obtaining in described second authentication data is bright
Literary composition, whether the data clear text to be certified comparing in described second authentication data is consistent with the described second data to be certified, if unanimously,
Certification is passed through.
Further, service end is authenticated to the first authentication data, including step:Service end receives described operator's card
Book, service end extracts the public key in described operator's certificate, and service end is carried out to described first authentication data using described public key
Deciphering, obtains the data clear text to be certified in described first authentication data, compares the number to be certified in described first authentication data
Whether consistent with the described first data to be certified according to plaintext, if unanimously, certification is passed through.
Further, described first data to be certified is random number, and described second data to be certified at least includes:Terminal sequence
Row number, mainboard condition code and random number.
For achieving the above object, inventor additionally provides a kind of mandate and terminal is removed with attack warning system, technical scheme
As follows:
A kind of mandate removes attack warning system to terminal, including:Service end, terminal, removing attack tool;Described service
Hold and be used for:Service end obtains certification account, and service end judges whether described certification account has removing to attack authority, if having, service
End sends the first data to be certified to removing attack tool;Described removing attack tool is used for:Obtain operator's card from U-KEY
Book, described U-KEY includes:Operator's private key, and be encrypted using the first data to be certified described in described operator's private key pair,
Generate the first authentication data, remove attack tool and send described operator's certificate and described first authentication data to service end;Institute
State service end to be additionally operable to:First authentication data is authenticated;If certification is passed through, described terminal is used for:Send second to be certified
Data is given and is removed attack tool;Described removing attack tool is additionally operable to:Send the described second data to be certified to service end;Described
Service end is additionally operable to:Service end receives the described second data to be certified, and service end is authenticated to the described second data to be certified,
If certification is passed through, service end is encrypted generation the second authentication data, clothes using the second data to be certified described in certification private key pair
Business end sends described second authentication data to terminal;Described terminal is additionally operable to:Terminal uses certification public key to described second certification
Data is authenticated;If certification is passed through, described removing attack tool is additionally operable to:Send instructions to terminal;Described terminal is additionally operable to:
Terminal receives described instruction, and terminal is removed and attacked alarm.
Further, described service end is used for:Before service end obtains certification account, service end generates public private key pair, institute
State public private key pair to include:Certification public key and certification private key, service end authentication storage private key, service end send described certification public key to
Terminal;Described terminal is additionally operable to:Receive described certification public key.
Further, described terminal is additionally operable to:Terminal is solved to described second authentication data using described certification public key
Close, obtain the data clear text to be certified in described second authentication data, compare the data to be certified in described second authentication data
Whether consistent with the described second data to be certified in plain text, if unanimously, certification is passed through.
Further, described service end is additionally operable to:Service end receives described operator's certificate, and service end extracts described operation
Public key in member's certificate, service end is decrypted to described first authentication data using described public key, obtains described first certification
Data clear text to be certified in data, the data clear text to be certified comparing in described first authentication data is to be certified with described first
Whether data is consistent, if unanimously, certification is passed through.
Further, described first data to be certified is random number, and described second data to be certified at least includes:Terminal sequence
Row number, mainboard condition code and random number.
The invention has the beneficial effects as follows:By using account login authentication, whether service end judges this account to maintainer
Have permission removing to attack, if having permission removing attacked.Then use U-KEY, the conjunction of this U-KEY of server side authentication using operator
Method, if certification U-KEY is legal, service end obtains the second data to be certified according to from terminal, generates the second certification
Data, after terminal-pair second authentication data is passed through, just allows terminal is purged attack operation, whole process adopts dual factors
Certification, significantly ensure that safety, and terminal is removed with the lawful acts that attack alarm is through service end accreditation, really
Protect the legitimacy removing attack operation.
Brief description
Fig. 1 is that a kind of mandate of the present invention removes, to terminal, the flow chart attacking alarm method;
Fig. 2 is that a kind of mandate of the present invention removes, to terminal, the module map attacking warning system.
Description of reference numerals:
10th, service end,
20th, terminal,
30th, remove attack tool,
40th, U-KEY,
401st, operator's certificate,
402nd, operator's private key.
Specific embodiment
By the technology contents of detailed description technical scheme, structural features, realized purpose and effect, below in conjunction with concrete reality
Apply example and coordinate accompanying drawing to be explained in detail.
Refer to Fig. 1, in the present embodiment, U-KEY is inserted into removing on attack tool, in the present embodiment, removes and attacks
Instrument is PC, and be stored with wherein U-KEY operator's certificate and operator's private key, after U-KEY is inserted on removing attack tool,
Remove and on attack tool, interactive software is installed so that removing attack tool operator's certificate and directly can be obtained from U-KEY
Connect using operator's private key.Secondly in the present embodiment, specific APP is provided with PC, in APP login interface, need repairing people
Member's input account number cipher login system;By account number cipher login system, service end account number cipher can be done authority judge it is ensured that
The legitimacy of account.
In other embodiments it is also possible to directly input specific network address by browser, also need repairing people
Member's input account number cipher login system.
Specific implementation step is as follows:Step S101:Generate public private key pair Pr, Pu.We be sure that first terminal, service end and
Remove attack tool will network, after networking, service end can generate public private key pair Pr, Pu, and described public private key pair includes:Certification public key
Pu, certification private key Pr, and certification public key Pu is sent to terminal, both steps S102:Preset certification public key Pu is in terminal.
By pre-setting certification public key Pu in terminal, it is for step S103- step S106 account authority and U-
After KEY legitimacy certification is all passed through, enter step S107 service end and obtain the second data to be certified from terminal, service end judges the
The legitimacy of two data to be certified, after confirmation is legal, service end can be entered to the second data to be certified using described certification private key Pr
Row encryption, generates the second authentication data, and step S108 service end returns described second authentication data to terminal, step S109 terminal
Whether certification second authentication data is passed through, both terminal can with using the certification public key Pu preseting in advance come to the second certification number
According to being decrypted, get the plaintext of the second authentication data, compare plaintext and second number to be certified of described second authentication data
Unanimously whether according to, if unanimously, certification is passed through.After certification is passed through, step S110:Send to remove and attack alarm command, both clearly
Attack alarm command except attack tool sends to remove to terminal, terminal receives described instruction, terminal stopping display being attacked warning and carried
Show.
In whole process, first judging whether the account of maintainer has removing to attack authority, if having, then judging operator's
The legitimacy of U-KEY, the certification of account and U-KEY dual factors, significantly ensure that and remove the safety attacking alarm command, and
To terminal remove attack alarm be through service end accreditation lawful acts it is ensured that remove attack operation legitimacy.
Step S103 is specific as follows:Account login authentication.Remove in the present embodiment and be provided with specifically on attack tool
APP, in APP login interface, maintainer inputs account number cipher login system.
Wherein service end is stored with all legal account number ciphers, also includes the authority corresponding to these accounts.Step
Whether S104 account has permission removing is attacked, and comprises the following steps that:Maintainer inputs account number cipher, and service end obtains maintenance people
The account number cipher of member's input, judges whether this account number cipher is stored in service end, if in service end, maintainer
Successful log system, simultaneously service end also can go to obtain the authority of this account further, judge whether this account has permission removing
Attack.By service end to the purview certification of account number cipher it is ensured that the legitimacy of subsequent operation.
After service end checking account has authority removing attack, enter step S105:Authentication operation person's U-KEY legitimacy.
Comprise the following steps that:Remove attack tool and obtain the first data to be certified from service end;Service end oneself generates first and treats first
Authentication data, in the present embodiment, the first data to be certified is 16 byte randoms number it is ensured that each random number producing is different,
Remove attack tool to go again to obtain the first data to be certified from service end.After removing attack tool receives the first data to be certified,
Remove attack tool to be encrypted using operator's private key pair first data to be certified of storage in U-KEY, after encryption, generate the
One authentication data.Operator's private key pair first data to be certified by using storage in U-KEY is encrypted it is ensured that generating
The first authentication data will not be intercepted by other illegal U-KEY during data transfer, go to pretend to be really legal U-
KEY, causes safety issue.
After generating the first authentication data, the first authentication data and operator's certificate are issued service end and are entered by removing attack tool
Row certification, both steps S106:Whether U-KEY is legal;The certification of this side refers to that service end is passed through to the first certification number receiving
According to being decrypted, obtain in plain text, compare whether data to be certified with the first of service end is identical in plain text, if identical, U-KEY
Passed through the certification of service end, obtained the accreditation of service end, that is, U-KEY achieve can from service end obtain information and to
Service end sends the authority of information.Contain inside the operator's certificate wherein here being sent and can decipher the first authentication data
Public key, is the public key that can extract the inside after service end receives for convenience, then goes to decipher the first authentication data.Such as first
Data to be certified is:D1, is encrypted to it using operator private key S, generates the first authentication data:D2, operator's private key S pair
The public key answered is G, removes the certificate transmission D2 with containing G for the attack tool and gives service end, service end extracts G from certificate,
Go to decipher D2 with G again, get the cleartext information of D2, whether D1 is consistent with the cleartext information of D2 for comparison, if unanimously, U-KEY
Pass through the certification of service end;If inconsistent, U-KEY is not by the certification of service end.
After service end confirms that U-KEY is legal, enter step S107:Obtain the second data to be certified, comprise the following steps that:
Remove attack tool and obtain the second data to be certified from terminal;Terminal generates the second data to be certified, this reality first
Apply the combination that the second data to be certified in example is terminal serial number, mainboard condition code and random number, the terminal serial number of this side and
Mainboard condition code has uniqueness, can be with one terminal of unique mark.Random number is 16 byte randoms number in the present embodiment,
In other embodiment, random number can be the letter of other digits or character can.By using there is unique mark eventually
The terminal serial number at end, mainboard condition code and random number combine it is ensured that the uniqueness of the second data to be certified.
After terminal generates the second data to be certified, remove attack tool and just go to obtain the second data to be certified.
After removing attack tool acquisition the second data to be certified, send the described second data to be certified to service end, service
End, by being authenticated to the second data to be certified, to judge whether terminal device information is legal, if legal.Service end uses
Certification private key (the private key Pr both having preset) is encrypted to the second data to be certified, generates the second authentication data.
In the present embodiment, for the consideration that security requirement is higher, because the certification public key that each terminal uses is
Different, therefore when service end judges end message, not only judge its legitimacy, believe also according to this terminal simultaneously
Breath, is encrypted using certification private key pair corresponding with this terminal data to be certified.By using certification private key pair number to be certified
According to being encrypted it is ensured that the authentication data generating will not be intercepted by other illegal persons during data transfer, go to pretend to be
Really legal service end, cheats to terminal, causes safety issue.
And in some other embodiments, for the consideration of convenience and versatility, the certification that each terminal uses is public
Key is the same, and therefore service end only need to judge the legitimacy of end message, and service end is treated with general certification private key
Authentication data is encrypted.
Step S108:Return the second authentication data, specific as follows:Service end is passed through to remove attack tool second generating
Authentication data is sent to terminal, terminal-pair its be authenticated, both steps S109:Whether certification second authentication data is passed through, specifically
As follows:Terminal is decrypted to the second authentication data using the certification public key Pu preseting in step S102, obtains the second certification
The plaintext of data, whether the plaintext comparing described second authentication data is consistent with the second data to be certified, if unanimously, certification
Pass through.
If certification is passed through, both meaned that service end had also passed through the accreditation of terminal, then the U-KEY approving by service end
Holder just have permission and can send instructions to terminal using removing attack tool, instruction at least includes:Terminal is closed
Alarm operation is attacked in the removing of method, it is to avoid illegal operation, and after U-KEY passes through server side authentication, follow-up
Step can be automatically performed, and substantially increase and remove the speed attacking alarm.
In step s 110:Send to remove and attack alarm command.After certification is passed through, remove attack tool and send removing attack
To terminal, terminal stops display and attacks alarm alarm command.
In certain embodiments it may be necessary to the interim authority to account is modified, or some terminals do not allow into
Row removes attack operation, then can be as desired by the authority being directly turned on and off some accounts in service end.In addition
Because terminal serial number can be with one terminal of unique mark, therefore service end can also limit some according to terminal serial number
Terminal does not allow to be purged attack operation, and whole operation is simply portable quick.
Refer to Fig. 2, in certain embodiments, a kind of mandate of the present invention removes the scheme attacking warning system such as to terminal
Under:
System includes:Service end 10, terminal 20 and removing attack tool 30, U-KEY40 includes:Operator's private key 402, this
In embodiment, removing attack tool 30 is PC, and be stored with wherein U-KEY40 operator's certificate 401 and operator's private key 402,
After U-KEY40 is inserted on removing attack tool 30, removes and on attack tool 30, interactive software is installed so that removing attack work
Tool 30 can get operator's certificate 401 by interactive software and directly use operator's private key 402.
Specific as follows:
Service end 10 is used for:Generate public private key pair Pr, Pu, and certification public key Pu is sent to terminal 20.After sending well.
Remove in the present embodiment, on attack tool 30, specific APP is installed, in APP login interface, maintainer inputs
Account number cipher login system.
Wherein service end 10 is stored with all legal account number ciphers, also includes the authority corresponding to these accounts.Maintenance
Personnel input account number cipher, and service end 10 obtains the account number cipher of maintainer input, judges whether this account number cipher is stored in
In service end 10, if in service end 10, maintainer successful log system, simultaneously service end 10 also can go further
Obtain the authority of this account, judge whether this account has permission removing and attack.By service end 10, the authority of account number cipher is recognized
Card is it is ensured that the legitimacy of subsequent operation.
After service end 10 checking account has authority removing attack, authentication operation person's U-KEY40 legitimacy.Specific as follows:
Remove attack tool 30 and obtain the first data to be certified from service end 10;Service end 10 oneself generates first and treats first
Authentication data, in the present embodiment, the first data to be certified is 16 byte randoms number, removes attack tool 30 and goes from service end 10 again
Obtain the first data to be certified.
Removing attack tool 30 uses U-KEY to generate the first authentication data;It is to be certified that removing attack tool 30 receives first
After data, remove attack tool 30 and using operator's private key 402 of storage in U-KEY, the first data to be certified be encrypted,
The first authentication data is generated after encryption.Operator's private key 402 by using storage in U-KEY is carried out to the first data to be certified
Encryption, it is ensured that the first authentication data generating will not be intercepted by other illegal U-KEY40 during data transfer, is gone
Pretend to be really legal U-KEY40, cause safety issue.
After generating the first authentication data, remove attack tool 30 and first authentication data and operator's certificate 401 are issued clothes
Business end 10 is authenticated;The certification of this side refers to that service end 10 passes through the first authentication data receiving is decrypted, and obtains
In plain text, compare whether data to be certified with the first of service end 10 is identical in plain text, if identical, U-KEY40 has passed through to service
End 10 certification, obtain the accreditation of service end 10, both U-KEY40 achieve can from service end 10 acquisition information and to clothes
Business end 10 sends the authority of information.
After service end 10 confirms that U-KEY40 is legal, removing attack tool 30 obtains 20 from terminal and takes the second data to be certified;
Similarly, terminal 20 generates the second data to be certified, and in the present embodiment, the second data to be certified is terminal serial number, mainboard feature
Code and the combination of random number, the terminal serial number of this side and mainboard condition code have uniqueness, can be with one terminal of unique mark
20.By using having the terminal serial number of unique mark terminal, mainboard condition code is combined it is ensured that second treats with random number
The uniqueness of authentication data.
After terminal 20 generates the second data to be certified, remove attack tool 30 and just go to obtain the second data to be certified.
Remove after attack tool 30 obtains the second data to be certified, send the described second data to be certified and end message to
Service end 10, service end 10, by being authenticated to the second data to be certified, to judge whether terminal device information is legal, if
Legal.Service end 10 is encrypted to the second data to be certified using certification private key (the private key Pr both having preset), generates second
Authentication data.
Service end 10 is sent to terminal 20 by removing 30 the second authentication datas of attack tool, and terminal 20 is recognized to it
Card, specific as follows:Terminal 20 is decrypted to the second authentication data using the certification public key Pu preseting, and obtains the second certification number
According to plaintext, whether the plaintext comparing described second authentication data consistent with the second data to be certified, if unanimously, certification is logical
Cross.
If certification is passed through, both meaned that service end 10 had also passed through the accreditation of terminal 20, then approve by service end 10
The holder of U-KEY40 just have permission and terminal 20 can be carried out with legal removing attack reporting to the police using removing attack tool 30
Prompting operation, it is to avoid illegal operation, and after U-KEY40 passes through service end 10 certification, follow-up step can from
The dynamic speed completing, substantially increasing removing attack alarm.
After certification is passed through, remove attack tool 30 and send removing attack alarm command to terminal 20, terminal 20 stops display
Attack alarm.
In all embodiments of the invention, if certification is illegal or account does not have corresponding authority, method is tied in advance
Bundle, the data flow in system also would not flow to next module.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation are made a distinction with another entity or operation, and not necessarily require or imply these entities or deposit between operating
In any this actual relation or order.And, term " inclusion ", "comprising" or its any other variant are intended to
The comprising of nonexcludability, so that include a series of process of key elements, method, article or terminal unit not only include those
Key element, but also include other key elements being not expressly set out, or also include for this process, method, article or end
The intrinsic key element of end equipment.In the absence of more restrictions, limited by sentence " including ... " or " comprising ... "
It is not excluded that also there is other key element in process, method, article or the terminal unit including described key element in key element.This
Outward, herein, " more than ", " less than ", " exceeding " etc. be interpreted as not including this number;" more than ", " below ", " within " etc. understand
It is including this number.
Those skilled in the art are it should be appreciated that the various embodiments described above can be provided as method, device or computer program product
Product.These embodiments can be using complete hardware embodiment, complete software embodiment or the embodiment combining software and hardware aspect
Form.All or part of step in the method that the various embodiments described above are related to can be instructed by program correlation hardware Lai
Complete, described program can be stored in the storage medium that computer equipment can read, for executing the various embodiments described above side
All or part of step described in method.Described computer equipment, including but not limited to:Personal computer, server, general-purpose computations
Machine, special-purpose computer, the network equipment, embedded device, programmable device, intelligent mobile terminal, intelligent home device, Wearable
Smart machine, vehicle intelligent equipment etc.;Described storage medium, including but not limited to:RAM, ROM, magnetic disc, tape, CD, sudden strain of a muscle
Deposit, USB flash disk, portable hard drive, storage card, memory stick, webserver storage, network cloud storage etc..
The various embodiments described above are with reference to the method according to embodiment, equipment (system) and computer program
Flow chart and/or block diagram are describing.It should be understood that can be by every in computer program instructions flowchart and/or block diagram
Flow process in one flow process and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computers can be provided
Programmed instruction to computer equipment processor to produce a machine so that by the finger of the computing device of computer equipment
Order produces and is used for what realization was specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame
The device of function.
These computer program instructions may be alternatively stored in and the computer that computer equipment works in a specific way can be guided to set
So that the instruction being stored in this computer equipment readable memory produces the manufacture including command device in standby readable memory
Product, this command device is realized in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame middle finger
Fixed function.
These computer program instructions also can be loaded on computer equipment so that executing a series of on a computing device
Operating procedure is to produce computer implemented process, thus the instruction executing on a computing device is provided for realizing in flow process
The step of the function of specifying in one flow process of figure or multiple flow process and/or one square frame of block diagram or multiple square frame.
Although being described to the various embodiments described above, those skilled in the art once know basic wound
The property made concept, then can make other change and modification to these embodiments, so the foregoing is only embodiments of the invention,
Not thereby the equivalent structure that the scope of patent protection of the restriction present invention, every utilization description of the invention and accompanying drawing content are made
Or equivalent flow conversion, or directly or indirectly it is used in other related technical fields, all include the patent in the present invention in the same manner
Within protection domain.
Claims (10)
1. a kind of mandate removes the method for attack warning it is characterised in that including step to terminal:
Service end obtains certification account, and service end judges whether described certification account has removing to attack authority;
If having, service end sends the first data to be certified to removing attack tool, and described removing attack tool obtains behaviour from U-KEY
Work person's certificate, described U-KEY includes:Operator's private key;
Remove attack tool to be encrypted using the first data to be certified described in described operator's private key pair, generate the first certification number
According to removing attack tool sends described operator's certificate and described first authentication data to service end;
Service end is authenticated to the first authentication data;
If certification is passed through, terminal sends the second data to be certified to removing attack tool, removes attack tool and sends described second
Data to be certified is to service end;
Service end receives the described second data to be certified, and service end is authenticated to the described second data to be certified, if certification is led to
Cross, service end is encrypted generation the second authentication data using the second data to be certified described in certification private key pair, service end sends
Described second authentication data is to terminal;
Terminal is authenticated to described second authentication data using certification public key, if certification is passed through, removes attack tool transmission and refers to
Make to terminal;
Terminal receives described instruction, and terminal is removed and attacked alarm.
2. a kind of mandate according to claim 1 removes attack alarm method it is characterised in that obtaining in service end to terminal
Before taking certification account, also include step:
Service end generates public private key pair, and described public private key pair includes:Certification public key and certification private key, service end authentication storage is private
Key, service end sends described certification public key to terminal;
Terminal receives described certification public key.
3. according to claim 2 a kind of authorize terminal is removed attack alarm method it is characterised in that
Terminal is authenticated to described second authentication data using certification public key, including step:
Terminal is decrypted to described second authentication data using described certification public key, obtains treating in described second authentication data
Authentication data in plain text, compares data clear text to be certified in described second authentication data and described second data to be certified whether
Cause, if unanimously, certification is passed through.
4. according to claim 1 a kind of authorize terminal is removed attack alarm method it is characterised in that
Service end is authenticated to the first authentication data, including step:
Service end receives described operator's certificate, and service end extracts the public key in described operator's certificate, and service end uses described
Public key is decrypted to described first authentication data, obtains the data clear text to be certified in described first authentication data, compares institute
Whether the data clear text to be certified stated in the first authentication data is consistent with the described first data to be certified, if unanimously, certification is passed through.
5. according to claim 1 a kind of authorize terminal is removed attack alarm method it is characterised in that
Described first data to be certified is random number, and described second data to be certified at least includes:Terminal serial number, mainboard feature
Code and random number.
6. a kind of mandate removes attack warning system to terminal it is characterised in that including:Work is attacked in service end, terminal, removing
Tool;
Described service end is used for:Service end obtains certification account, and service end judges whether described certification account has removing to attack power
Limit, if having, service end sends the first data to be certified to removing attack tool;
Described removing attack tool is used for:Obtain operator's certificate from U-KEY, described U-KEY includes:Operator's private key, and make
It is encrypted with the first data to be certified described in described operator's private key pair, generates the first authentication data, remove attack tool and send out
Send described operator's certificate and described first authentication data to service end;
Described service end is additionally operable to:First authentication data is authenticated;
If certification is passed through, described terminal is used for:Send the second data to be certified to removing attack tool;
Described removing attack tool is additionally operable to:Send the described second data to be certified to service end;
Described service end is additionally operable to:Service end receives the described second data to be certified, and service end is to the described second data to be certified
It is authenticated, if certification is passed through, service end is encrypted generation second using the second data to be certified described in certification private key pair and recognizes
Card data, service end sends described second authentication data to terminal;
Described terminal is additionally operable to:Terminal is authenticated to described second authentication data using certification public key;
If certification is passed through, described removing attack tool is additionally operable to:Send instructions to terminal;
Described terminal is additionally operable to:Terminal receives described instruction, and terminal is removed and attacked alarm.
7. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described service end is used for:Before service end obtains certification account, service end generates public private key pair, described public private key pair bag
Include:Certification public key and certification private key, service end authentication storage private key, service end sends described certification public key to terminal;Described end
End is additionally operable to:Receive described certification public key.
8. according to claim 7 a kind of authorize terminal is removed attack warning system it is characterised in that
Described terminal is additionally operable to:Terminal is decrypted to described second authentication data using described certification public key, obtains described the
Data clear text to be certified in two authentication datas, compares the data clear text to be certified and described second in described second authentication data
Whether data to be certified is consistent, if unanimously, certification is passed through.
9. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described service end is additionally operable to:Service end receives described operator's certificate, and service end extracts the public affairs in described operator's certificate
Key, service end is decrypted to described first authentication data using described public key, obtains treating in described first authentication data and recognizes
Card data clear text, compares data clear text to be certified and described first data to be certified in described first authentication data whether
Cause, if unanimously, certification is passed through.
10. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described first data to be certified is random number, and described second data to be certified at least includes:Terminal serial number, mainboard feature
Code and random number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610768865.1A CN106408298A (en) | 2016-08-30 | 2016-08-30 | Method for clearing attack alarm for terminal through authorization and system thereof |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610768865.1A CN106408298A (en) | 2016-08-30 | 2016-08-30 | Method for clearing attack alarm for terminal through authorization and system thereof |
| PCT/CN2017/096829 WO2018040881A1 (en) | 2016-08-30 | 2017-08-10 | Method and system for authorizing to clear attack alarm for terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106408298A true CN106408298A (en) | 2017-02-15 |
Family
ID=58002130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610768865.1A Pending CN106408298A (en) | 2016-08-30 | 2016-08-30 | Method for clearing attack alarm for terminal through authorization and system thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106408298A (en) |
| WO (1) | WO2018040881A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018040881A1 (en) * | 2016-08-30 | 2018-03-08 | 福建联迪商用设备有限公司 | Method and system for authorizing to clear attack alarm for terminal |
| CN108416952A (en) * | 2018-03-09 | 2018-08-17 | 上海商米科技有限公司 | The alarm release method of POS terminal and apply its POS terminal, server and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102271042A (en) * | 2011-08-25 | 2011-12-07 | 北京神州绿盟信息安全科技股份有限公司 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
| US20140046789A1 (en) * | 2012-08-09 | 2014-02-13 | Ebay, Inc. | Fast Transactions |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103944728A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| US20100031316A1 (en) * | 2008-07-30 | 2010-02-04 | International Business Machines Corporation | System access log monitoring and reporting system |
| TW201108696A (en) * | 2009-08-21 | 2011-03-01 | Kinpo Elect Inc | Account identification system, method and peripheral device of performing function thereof |
| CN105871915A (en) * | 2016-06-07 | 2016-08-17 | 得理电子(上海)有限公司 | Software network authentication binding method and system |
| CN106408298A (en) * | 2016-08-30 | 2017-02-15 | 福建联迪商用设备有限公司 | Method for clearing attack alarm for terminal through authorization and system thereof |
-
2016
- 2016-08-30 CN CN201610768865.1A patent/CN106408298A/en active Pending
-
2017
- 2017-08-10 WO PCT/CN2017/096829 patent/WO2018040881A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340437A (en) * | 2008-08-19 | 2009-01-07 | 北京飞天诚信科技有限公司 | Time source regulating method and system |
| CN102271042A (en) * | 2011-08-25 | 2011-12-07 | 北京神州绿盟信息安全科技股份有限公司 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
| US20140046789A1 (en) * | 2012-08-09 | 2014-02-13 | Ebay, Inc. | Fast Transactions |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103944728A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018040881A1 (en) * | 2016-08-30 | 2018-03-08 | 福建联迪商用设备有限公司 | Method and system for authorizing to clear attack alarm for terminal |
| CN108416952A (en) * | 2018-03-09 | 2018-08-17 | 上海商米科技有限公司 | The alarm release method of POS terminal and apply its POS terminal, server and system |
| CN108416952B (en) * | 2018-03-09 | 2020-07-24 | 上海商米科技集团股份有限公司 | Alarm relieving method of POS terminal, server and system applying alarm relieving method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018040881A1 (en) | 2018-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106372531B (en) | A kind of mandate obtains terminal attack warning message log approach and system | |
| CN104322003B (en) | Cryptographic authentication and identification method using real-time encryption | |
| CN101262349A (en) | SMS-based identity authentication method and device | |
| CN105933119A (en) | Authentication method and device | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| CN102789607A (en) | Network transaction method and system | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN101662469A (en) | Method and system based on USBKey online banking trade information authentication | |
| CN103914913A (en) | Intelligent card application scene recognition method and system | |
| WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
| CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
| CN102468962A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN103944724A (en) | User identity identification card | |
| CN102281143B (en) | Remote unlocking system of intelligent card | |
| CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
| CN101140605A (en) | Data safety reading method and safety storage apparatus thereof | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN106408298A (en) | Method for clearing attack alarm for terminal through authorization and system thereof | |
| CN106330877B (en) | It is a kind of to authorize the method and system converted to the SOT state of termination | |
| CN102571341B (en) | A kind of Verification System based on dynamic image and authentication method | |
| CN106357624B (en) | A kind of security setting terminal system time method and system | |
| CN103888259B (en) | A kind of subscriber identification card | |
| CN111181960A (en) | Safety credit granting and signature system based on terminal equipment block chain application | |
| KR101277198B1 (en) | Secret key of password generating system and method using 2 dimensional barcode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| C06 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| C10 | Entry into substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170215 |
|
| RJ01 | Rejection of invention patent application after publication |