CN106408298A - Method for clearing attack alarm for terminal through authorization and system thereof - Google Patents

Method for clearing attack alarm for terminal through authorization and system thereof Download PDF

Info

Publication number
CN106408298A
CN106408298A CN201610768865.1A CN201610768865A CN106408298A CN 106408298 A CN106408298 A CN 106408298A CN 201610768865 A CN201610768865 A CN 201610768865A CN 106408298 A CN106408298 A CN 106408298A
Authority
CN
China
Prior art keywords
service
data
terminal
certification
certified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610768865.1A
Other languages
Chinese (zh)
Inventor
陈菲菲
彭波涛
孟陆强
林晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201610768865.1A priority Critical patent/CN106408298A/en
Publication of CN106408298A publication Critical patent/CN106408298A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Abstract

The invention provides a method for clearing attack alarm for a terminal through authorization and a system thereof, and belongs to the technical field of communication. The method for clearing attack alarm for the terminal through authorization comprises the steps that a server side acquires an authentication account and judges that the authentication account has attack clearing authority; then the server side transmits first data under authentication to an attack clearing tool; the attack clearing tool encrypts the first data under authentication so that first authentication data are generated; the server side authenticates the first authentication data; if authentication is passed, the terminal transmits second data under authentication to the server side; the sever side authenticates the second data under authentication, and if authentication is passed, the second data under authentication are encrypted and second authentication data are generated and the second authentication data are transmitted to the terminal; and if the terminal passes authentication of the second authentication data, the terminal clears attack alarm prompting. The whole process adopts dual-factor authentication so that the security can be ensured. Besides, clearing attack alarm prompting for the terminal is a legal behavior approved by the server side so that the legality of attack clearing operation can be ensured.

Description

A kind of mandate removes attack alarm method and system to terminal
Technical field
The present invention relates to communication technical field, particularly to a kind of mandate, attack alarm method and system are removed to terminal.
Background technology
Financial payment field, for ensureing the safety of terminal unit, after terminal unit is under attack, terminal unit can enter Enter under fire state, can constantly show attack alarm, and equipment cannot be carried out normal payment transaction, need to remove terminal Attack and report to the police, to be keeped in repair, removing attack warning and seeming particularly significant and urgent, and being close using fixation in prior art Code is attacked it is easy to allow some lawless persons to break a code clearly, completes clear attack operation, and the safety of terminal unit will be caused Greatly potential problem.
Content of the invention
For this reason, it may be necessary to provide a kind of mandate that terminal is removed with attack alarm method, under attack in order to solve terminal unit Afterwards, can constantly show attack alarm, equipment cannot be carried out normal payment transaction, and remove attack using fixed password and report to the police The relatively low problem of processing safety.
For achieving the above object, inventor provide a kind of mandate and the method attacking warning, technical scheme are removed to terminal As follows:
A kind of mandate removes, to terminal, the method attacking warning, including step:
Service end obtains certification account, and service end judges whether described certification account has removing to attack authority;If having, service End sends the first data to be certified to removing attack tool, and described removing attack tool obtains operator's certificate from U-KEY, described U-KEY includes:Operator's private key;Remove attack tool to carry out adding using the first data to be certified described in described operator's private key pair Close, generate the first authentication data, remove attack tool and send described operator's certificate and described first authentication data to service end; Service end is authenticated to the first authentication data;If certification is passed through, terminal sends the second data to be certified to removing attack tool, Remove attack tool and send the described second data to be certified to service end;Service end receives the described second data to be certified, service End is authenticated to the described second data to be certified, if certification is passed through, service end is to be certified using described in certification private key pair second Data is encrypted generation the second authentication data, and service end sends described second authentication data to terminal;Terminal uses certification public Key is authenticated to described second authentication data, if certification is passed through, removes attack tool and sends instructions to terminal;Terminal receives institute State instruction, terminal is removed and attacked alarm.
Further, before service end obtains certification account, also include step:Service end generates public private key pair, described public affairs Private key pair includes:Certification public key and certification private key, service end authentication storage private key, service end sends described certification public key to eventually End;Terminal receives described certification public key.
Further, terminal is authenticated to described second authentication data using certification public key, including step:Terminal uses Described certification public key is decrypted to described second authentication data, and the data to be certified obtaining in described second authentication data is bright Literary composition, whether the data clear text to be certified comparing in described second authentication data is consistent with the described second data to be certified, if unanimously, Certification is passed through.
Further, service end is authenticated to the first authentication data, including step:Service end receives described operator's card Book, service end extracts the public key in described operator's certificate, and service end is carried out to described first authentication data using described public key Deciphering, obtains the data clear text to be certified in described first authentication data, compares the number to be certified in described first authentication data Whether consistent with the described first data to be certified according to plaintext, if unanimously, certification is passed through.
Further, described first data to be certified is random number, and described second data to be certified at least includes:Terminal sequence Row number, mainboard condition code and random number.
For achieving the above object, inventor additionally provides a kind of mandate and terminal is removed with attack warning system, technical scheme As follows:
A kind of mandate removes attack warning system to terminal, including:Service end, terminal, removing attack tool;Described service Hold and be used for:Service end obtains certification account, and service end judges whether described certification account has removing to attack authority, if having, service End sends the first data to be certified to removing attack tool;Described removing attack tool is used for:Obtain operator's card from U-KEY Book, described U-KEY includes:Operator's private key, and be encrypted using the first data to be certified described in described operator's private key pair, Generate the first authentication data, remove attack tool and send described operator's certificate and described first authentication data to service end;Institute State service end to be additionally operable to:First authentication data is authenticated;If certification is passed through, described terminal is used for:Send second to be certified Data is given and is removed attack tool;Described removing attack tool is additionally operable to:Send the described second data to be certified to service end;Described Service end is additionally operable to:Service end receives the described second data to be certified, and service end is authenticated to the described second data to be certified, If certification is passed through, service end is encrypted generation the second authentication data, clothes using the second data to be certified described in certification private key pair Business end sends described second authentication data to terminal;Described terminal is additionally operable to:Terminal uses certification public key to described second certification Data is authenticated;If certification is passed through, described removing attack tool is additionally operable to:Send instructions to terminal;Described terminal is additionally operable to: Terminal receives described instruction, and terminal is removed and attacked alarm.
Further, described service end is used for:Before service end obtains certification account, service end generates public private key pair, institute State public private key pair to include:Certification public key and certification private key, service end authentication storage private key, service end send described certification public key to Terminal;Described terminal is additionally operable to:Receive described certification public key.
Further, described terminal is additionally operable to:Terminal is solved to described second authentication data using described certification public key Close, obtain the data clear text to be certified in described second authentication data, compare the data to be certified in described second authentication data Whether consistent with the described second data to be certified in plain text, if unanimously, certification is passed through.
Further, described service end is additionally operable to:Service end receives described operator's certificate, and service end extracts described operation Public key in member's certificate, service end is decrypted to described first authentication data using described public key, obtains described first certification Data clear text to be certified in data, the data clear text to be certified comparing in described first authentication data is to be certified with described first Whether data is consistent, if unanimously, certification is passed through.
Further, described first data to be certified is random number, and described second data to be certified at least includes:Terminal sequence Row number, mainboard condition code and random number.
The invention has the beneficial effects as follows:By using account login authentication, whether service end judges this account to maintainer Have permission removing to attack, if having permission removing attacked.Then use U-KEY, the conjunction of this U-KEY of server side authentication using operator Method, if certification U-KEY is legal, service end obtains the second data to be certified according to from terminal, generates the second certification Data, after terminal-pair second authentication data is passed through, just allows terminal is purged attack operation, whole process adopts dual factors Certification, significantly ensure that safety, and terminal is removed with the lawful acts that attack alarm is through service end accreditation, really Protect the legitimacy removing attack operation.
Brief description
Fig. 1 is that a kind of mandate of the present invention removes, to terminal, the flow chart attacking alarm method;
Fig. 2 is that a kind of mandate of the present invention removes, to terminal, the module map attacking warning system.
Description of reference numerals:
10th, service end,
20th, terminal,
30th, remove attack tool,
40th, U-KEY,
401st, operator's certificate,
402nd, operator's private key.
Specific embodiment
By the technology contents of detailed description technical scheme, structural features, realized purpose and effect, below in conjunction with concrete reality Apply example and coordinate accompanying drawing to be explained in detail.
Refer to Fig. 1, in the present embodiment, U-KEY is inserted into removing on attack tool, in the present embodiment, removes and attacks Instrument is PC, and be stored with wherein U-KEY operator's certificate and operator's private key, after U-KEY is inserted on removing attack tool, Remove and on attack tool, interactive software is installed so that removing attack tool operator's certificate and directly can be obtained from U-KEY Connect using operator's private key.Secondly in the present embodiment, specific APP is provided with PC, in APP login interface, need repairing people Member's input account number cipher login system;By account number cipher login system, service end account number cipher can be done authority judge it is ensured that The legitimacy of account.
In other embodiments it is also possible to directly input specific network address by browser, also need repairing people Member's input account number cipher login system.
Specific implementation step is as follows:Step S101:Generate public private key pair Pr, Pu.We be sure that first terminal, service end and Remove attack tool will network, after networking, service end can generate public private key pair Pr, Pu, and described public private key pair includes:Certification public key Pu, certification private key Pr, and certification public key Pu is sent to terminal, both steps S102:Preset certification public key Pu is in terminal.
By pre-setting certification public key Pu in terminal, it is for step S103- step S106 account authority and U- After KEY legitimacy certification is all passed through, enter step S107 service end and obtain the second data to be certified from terminal, service end judges the The legitimacy of two data to be certified, after confirmation is legal, service end can be entered to the second data to be certified using described certification private key Pr Row encryption, generates the second authentication data, and step S108 service end returns described second authentication data to terminal, step S109 terminal Whether certification second authentication data is passed through, both terminal can with using the certification public key Pu preseting in advance come to the second certification number According to being decrypted, get the plaintext of the second authentication data, compare plaintext and second number to be certified of described second authentication data Unanimously whether according to, if unanimously, certification is passed through.After certification is passed through, step S110:Send to remove and attack alarm command, both clearly Attack alarm command except attack tool sends to remove to terminal, terminal receives described instruction, terminal stopping display being attacked warning and carried Show.
In whole process, first judging whether the account of maintainer has removing to attack authority, if having, then judging operator's The legitimacy of U-KEY, the certification of account and U-KEY dual factors, significantly ensure that and remove the safety attacking alarm command, and To terminal remove attack alarm be through service end accreditation lawful acts it is ensured that remove attack operation legitimacy.
Step S103 is specific as follows:Account login authentication.Remove in the present embodiment and be provided with specifically on attack tool APP, in APP login interface, maintainer inputs account number cipher login system.
Wherein service end is stored with all legal account number ciphers, also includes the authority corresponding to these accounts.Step Whether S104 account has permission removing is attacked, and comprises the following steps that:Maintainer inputs account number cipher, and service end obtains maintenance people The account number cipher of member's input, judges whether this account number cipher is stored in service end, if in service end, maintainer Successful log system, simultaneously service end also can go to obtain the authority of this account further, judge whether this account has permission removing Attack.By service end to the purview certification of account number cipher it is ensured that the legitimacy of subsequent operation.
After service end checking account has authority removing attack, enter step S105:Authentication operation person's U-KEY legitimacy. Comprise the following steps that:Remove attack tool and obtain the first data to be certified from service end;Service end oneself generates first and treats first Authentication data, in the present embodiment, the first data to be certified is 16 byte randoms number it is ensured that each random number producing is different, Remove attack tool to go again to obtain the first data to be certified from service end.After removing attack tool receives the first data to be certified, Remove attack tool to be encrypted using operator's private key pair first data to be certified of storage in U-KEY, after encryption, generate the One authentication data.Operator's private key pair first data to be certified by using storage in U-KEY is encrypted it is ensured that generating The first authentication data will not be intercepted by other illegal U-KEY during data transfer, go to pretend to be really legal U- KEY, causes safety issue.
After generating the first authentication data, the first authentication data and operator's certificate are issued service end and are entered by removing attack tool Row certification, both steps S106:Whether U-KEY is legal;The certification of this side refers to that service end is passed through to the first certification number receiving According to being decrypted, obtain in plain text, compare whether data to be certified with the first of service end is identical in plain text, if identical, U-KEY Passed through the certification of service end, obtained the accreditation of service end, that is, U-KEY achieve can from service end obtain information and to Service end sends the authority of information.Contain inside the operator's certificate wherein here being sent and can decipher the first authentication data Public key, is the public key that can extract the inside after service end receives for convenience, then goes to decipher the first authentication data.Such as first Data to be certified is:D1, is encrypted to it using operator private key S, generates the first authentication data:D2, operator's private key S pair The public key answered is G, removes the certificate transmission D2 with containing G for the attack tool and gives service end, service end extracts G from certificate, Go to decipher D2 with G again, get the cleartext information of D2, whether D1 is consistent with the cleartext information of D2 for comparison, if unanimously, U-KEY Pass through the certification of service end;If inconsistent, U-KEY is not by the certification of service end.
After service end confirms that U-KEY is legal, enter step S107:Obtain the second data to be certified, comprise the following steps that:
Remove attack tool and obtain the second data to be certified from terminal;Terminal generates the second data to be certified, this reality first Apply the combination that the second data to be certified in example is terminal serial number, mainboard condition code and random number, the terminal serial number of this side and Mainboard condition code has uniqueness, can be with one terminal of unique mark.Random number is 16 byte randoms number in the present embodiment, In other embodiment, random number can be the letter of other digits or character can.By using there is unique mark eventually The terminal serial number at end, mainboard condition code and random number combine it is ensured that the uniqueness of the second data to be certified.
After terminal generates the second data to be certified, remove attack tool and just go to obtain the second data to be certified.
After removing attack tool acquisition the second data to be certified, send the described second data to be certified to service end, service End, by being authenticated to the second data to be certified, to judge whether terminal device information is legal, if legal.Service end uses Certification private key (the private key Pr both having preset) is encrypted to the second data to be certified, generates the second authentication data.
In the present embodiment, for the consideration that security requirement is higher, because the certification public key that each terminal uses is Different, therefore when service end judges end message, not only judge its legitimacy, believe also according to this terminal simultaneously Breath, is encrypted using certification private key pair corresponding with this terminal data to be certified.By using certification private key pair number to be certified According to being encrypted it is ensured that the authentication data generating will not be intercepted by other illegal persons during data transfer, go to pretend to be Really legal service end, cheats to terminal, causes safety issue.
And in some other embodiments, for the consideration of convenience and versatility, the certification that each terminal uses is public Key is the same, and therefore service end only need to judge the legitimacy of end message, and service end is treated with general certification private key Authentication data is encrypted.
Step S108:Return the second authentication data, specific as follows:Service end is passed through to remove attack tool second generating Authentication data is sent to terminal, terminal-pair its be authenticated, both steps S109:Whether certification second authentication data is passed through, specifically As follows:Terminal is decrypted to the second authentication data using the certification public key Pu preseting in step S102, obtains the second certification The plaintext of data, whether the plaintext comparing described second authentication data is consistent with the second data to be certified, if unanimously, certification Pass through.
If certification is passed through, both meaned that service end had also passed through the accreditation of terminal, then the U-KEY approving by service end Holder just have permission and can send instructions to terminal using removing attack tool, instruction at least includes:Terminal is closed Alarm operation is attacked in the removing of method, it is to avoid illegal operation, and after U-KEY passes through server side authentication, follow-up Step can be automatically performed, and substantially increase and remove the speed attacking alarm.
In step s 110:Send to remove and attack alarm command.After certification is passed through, remove attack tool and send removing attack To terminal, terminal stops display and attacks alarm alarm command.
In certain embodiments it may be necessary to the interim authority to account is modified, or some terminals do not allow into Row removes attack operation, then can be as desired by the authority being directly turned on and off some accounts in service end.In addition Because terminal serial number can be with one terminal of unique mark, therefore service end can also limit some according to terminal serial number Terminal does not allow to be purged attack operation, and whole operation is simply portable quick.
Refer to Fig. 2, in certain embodiments, a kind of mandate of the present invention removes the scheme attacking warning system such as to terminal Under:
System includes:Service end 10, terminal 20 and removing attack tool 30, U-KEY40 includes:Operator's private key 402, this In embodiment, removing attack tool 30 is PC, and be stored with wherein U-KEY40 operator's certificate 401 and operator's private key 402, After U-KEY40 is inserted on removing attack tool 30, removes and on attack tool 30, interactive software is installed so that removing attack work Tool 30 can get operator's certificate 401 by interactive software and directly use operator's private key 402.
Specific as follows:
Service end 10 is used for:Generate public private key pair Pr, Pu, and certification public key Pu is sent to terminal 20.After sending well.
Remove in the present embodiment, on attack tool 30, specific APP is installed, in APP login interface, maintainer inputs Account number cipher login system.
Wherein service end 10 is stored with all legal account number ciphers, also includes the authority corresponding to these accounts.Maintenance Personnel input account number cipher, and service end 10 obtains the account number cipher of maintainer input, judges whether this account number cipher is stored in In service end 10, if in service end 10, maintainer successful log system, simultaneously service end 10 also can go further Obtain the authority of this account, judge whether this account has permission removing and attack.By service end 10, the authority of account number cipher is recognized Card is it is ensured that the legitimacy of subsequent operation.
After service end 10 checking account has authority removing attack, authentication operation person's U-KEY40 legitimacy.Specific as follows:
Remove attack tool 30 and obtain the first data to be certified from service end 10;Service end 10 oneself generates first and treats first Authentication data, in the present embodiment, the first data to be certified is 16 byte randoms number, removes attack tool 30 and goes from service end 10 again Obtain the first data to be certified.
Removing attack tool 30 uses U-KEY to generate the first authentication data;It is to be certified that removing attack tool 30 receives first After data, remove attack tool 30 and using operator's private key 402 of storage in U-KEY, the first data to be certified be encrypted, The first authentication data is generated after encryption.Operator's private key 402 by using storage in U-KEY is carried out to the first data to be certified Encryption, it is ensured that the first authentication data generating will not be intercepted by other illegal U-KEY40 during data transfer, is gone Pretend to be really legal U-KEY40, cause safety issue.
After generating the first authentication data, remove attack tool 30 and first authentication data and operator's certificate 401 are issued clothes Business end 10 is authenticated;The certification of this side refers to that service end 10 passes through the first authentication data receiving is decrypted, and obtains In plain text, compare whether data to be certified with the first of service end 10 is identical in plain text, if identical, U-KEY40 has passed through to service End 10 certification, obtain the accreditation of service end 10, both U-KEY40 achieve can from service end 10 acquisition information and to clothes Business end 10 sends the authority of information.
After service end 10 confirms that U-KEY40 is legal, removing attack tool 30 obtains 20 from terminal and takes the second data to be certified; Similarly, terminal 20 generates the second data to be certified, and in the present embodiment, the second data to be certified is terminal serial number, mainboard feature Code and the combination of random number, the terminal serial number of this side and mainboard condition code have uniqueness, can be with one terminal of unique mark 20.By using having the terminal serial number of unique mark terminal, mainboard condition code is combined it is ensured that second treats with random number The uniqueness of authentication data.
After terminal 20 generates the second data to be certified, remove attack tool 30 and just go to obtain the second data to be certified.
Remove after attack tool 30 obtains the second data to be certified, send the described second data to be certified and end message to Service end 10, service end 10, by being authenticated to the second data to be certified, to judge whether terminal device information is legal, if Legal.Service end 10 is encrypted to the second data to be certified using certification private key (the private key Pr both having preset), generates second Authentication data.
Service end 10 is sent to terminal 20 by removing 30 the second authentication datas of attack tool, and terminal 20 is recognized to it Card, specific as follows:Terminal 20 is decrypted to the second authentication data using the certification public key Pu preseting, and obtains the second certification number According to plaintext, whether the plaintext comparing described second authentication data consistent with the second data to be certified, if unanimously, certification is logical Cross.
If certification is passed through, both meaned that service end 10 had also passed through the accreditation of terminal 20, then approve by service end 10 The holder of U-KEY40 just have permission and terminal 20 can be carried out with legal removing attack reporting to the police using removing attack tool 30 Prompting operation, it is to avoid illegal operation, and after U-KEY40 passes through service end 10 certification, follow-up step can from The dynamic speed completing, substantially increasing removing attack alarm.
After certification is passed through, remove attack tool 30 and send removing attack alarm command to terminal 20, terminal 20 stops display Attack alarm.
In all embodiments of the invention, if certification is illegal or account does not have corresponding authority, method is tied in advance Bundle, the data flow in system also would not flow to next module.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation are made a distinction with another entity or operation, and not necessarily require or imply these entities or deposit between operating In any this actual relation or order.And, term " inclusion ", "comprising" or its any other variant are intended to The comprising of nonexcludability, so that include a series of process of key elements, method, article or terminal unit not only include those Key element, but also include other key elements being not expressly set out, or also include for this process, method, article or end The intrinsic key element of end equipment.In the absence of more restrictions, limited by sentence " including ... " or " comprising ... " It is not excluded that also there is other key element in process, method, article or the terminal unit including described key element in key element.This Outward, herein, " more than ", " less than ", " exceeding " etc. be interpreted as not including this number;" more than ", " below ", " within " etc. understand It is including this number.
Those skilled in the art are it should be appreciated that the various embodiments described above can be provided as method, device or computer program product Product.These embodiments can be using complete hardware embodiment, complete software embodiment or the embodiment combining software and hardware aspect Form.All or part of step in the method that the various embodiments described above are related to can be instructed by program correlation hardware Lai Complete, described program can be stored in the storage medium that computer equipment can read, for executing the various embodiments described above side All or part of step described in method.Described computer equipment, including but not limited to:Personal computer, server, general-purpose computations Machine, special-purpose computer, the network equipment, embedded device, programmable device, intelligent mobile terminal, intelligent home device, Wearable Smart machine, vehicle intelligent equipment etc.;Described storage medium, including but not limited to:RAM, ROM, magnetic disc, tape, CD, sudden strain of a muscle Deposit, USB flash disk, portable hard drive, storage card, memory stick, webserver storage, network cloud storage etc..
The various embodiments described above are with reference to the method according to embodiment, equipment (system) and computer program Flow chart and/or block diagram are describing.It should be understood that can be by every in computer program instructions flowchart and/or block diagram Flow process in one flow process and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computers can be provided Programmed instruction to computer equipment processor to produce a machine so that by the finger of the computing device of computer equipment Order produces and is used for what realization was specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame The device of function.
These computer program instructions may be alternatively stored in and the computer that computer equipment works in a specific way can be guided to set So that the instruction being stored in this computer equipment readable memory produces the manufacture including command device in standby readable memory Product, this command device is realized in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame middle finger Fixed function.
These computer program instructions also can be loaded on computer equipment so that executing a series of on a computing device Operating procedure is to produce computer implemented process, thus the instruction executing on a computing device is provided for realizing in flow process The step of the function of specifying in one flow process of figure or multiple flow process and/or one square frame of block diagram or multiple square frame.
Although being described to the various embodiments described above, those skilled in the art once know basic wound The property made concept, then can make other change and modification to these embodiments, so the foregoing is only embodiments of the invention, Not thereby the equivalent structure that the scope of patent protection of the restriction present invention, every utilization description of the invention and accompanying drawing content are made Or equivalent flow conversion, or directly or indirectly it is used in other related technical fields, all include the patent in the present invention in the same manner Within protection domain.

Claims (10)

1. a kind of mandate removes the method for attack warning it is characterised in that including step to terminal:
Service end obtains certification account, and service end judges whether described certification account has removing to attack authority;
If having, service end sends the first data to be certified to removing attack tool, and described removing attack tool obtains behaviour from U-KEY Work person's certificate, described U-KEY includes:Operator's private key;
Remove attack tool to be encrypted using the first data to be certified described in described operator's private key pair, generate the first certification number According to removing attack tool sends described operator's certificate and described first authentication data to service end;
Service end is authenticated to the first authentication data;
If certification is passed through, terminal sends the second data to be certified to removing attack tool, removes attack tool and sends described second Data to be certified is to service end;
Service end receives the described second data to be certified, and service end is authenticated to the described second data to be certified, if certification is led to Cross, service end is encrypted generation the second authentication data using the second data to be certified described in certification private key pair, service end sends Described second authentication data is to terminal;
Terminal is authenticated to described second authentication data using certification public key, if certification is passed through, removes attack tool transmission and refers to Make to terminal;
Terminal receives described instruction, and terminal is removed and attacked alarm.
2. a kind of mandate according to claim 1 removes attack alarm method it is characterised in that obtaining in service end to terminal Before taking certification account, also include step:
Service end generates public private key pair, and described public private key pair includes:Certification public key and certification private key, service end authentication storage is private Key, service end sends described certification public key to terminal;
Terminal receives described certification public key.
3. according to claim 2 a kind of authorize terminal is removed attack alarm method it is characterised in that
Terminal is authenticated to described second authentication data using certification public key, including step:
Terminal is decrypted to described second authentication data using described certification public key, obtains treating in described second authentication data Authentication data in plain text, compares data clear text to be certified in described second authentication data and described second data to be certified whether Cause, if unanimously, certification is passed through.
4. according to claim 1 a kind of authorize terminal is removed attack alarm method it is characterised in that
Service end is authenticated to the first authentication data, including step:
Service end receives described operator's certificate, and service end extracts the public key in described operator's certificate, and service end uses described Public key is decrypted to described first authentication data, obtains the data clear text to be certified in described first authentication data, compares institute Whether the data clear text to be certified stated in the first authentication data is consistent with the described first data to be certified, if unanimously, certification is passed through.
5. according to claim 1 a kind of authorize terminal is removed attack alarm method it is characterised in that
Described first data to be certified is random number, and described second data to be certified at least includes:Terminal serial number, mainboard feature Code and random number.
6. a kind of mandate removes attack warning system to terminal it is characterised in that including:Work is attacked in service end, terminal, removing Tool;
Described service end is used for:Service end obtains certification account, and service end judges whether described certification account has removing to attack power Limit, if having, service end sends the first data to be certified to removing attack tool;
Described removing attack tool is used for:Obtain operator's certificate from U-KEY, described U-KEY includes:Operator's private key, and make It is encrypted with the first data to be certified described in described operator's private key pair, generates the first authentication data, remove attack tool and send out Send described operator's certificate and described first authentication data to service end;
Described service end is additionally operable to:First authentication data is authenticated;
If certification is passed through, described terminal is used for:Send the second data to be certified to removing attack tool;
Described removing attack tool is additionally operable to:Send the described second data to be certified to service end;
Described service end is additionally operable to:Service end receives the described second data to be certified, and service end is to the described second data to be certified It is authenticated, if certification is passed through, service end is encrypted generation second using the second data to be certified described in certification private key pair and recognizes Card data, service end sends described second authentication data to terminal;
Described terminal is additionally operable to:Terminal is authenticated to described second authentication data using certification public key;
If certification is passed through, described removing attack tool is additionally operable to:Send instructions to terminal;
Described terminal is additionally operable to:Terminal receives described instruction, and terminal is removed and attacked alarm.
7. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described service end is used for:Before service end obtains certification account, service end generates public private key pair, described public private key pair bag Include:Certification public key and certification private key, service end authentication storage private key, service end sends described certification public key to terminal;Described end End is additionally operable to:Receive described certification public key.
8. according to claim 7 a kind of authorize terminal is removed attack warning system it is characterised in that
Described terminal is additionally operable to:Terminal is decrypted to described second authentication data using described certification public key, obtains described the Data clear text to be certified in two authentication datas, compares the data clear text to be certified and described second in described second authentication data Whether data to be certified is consistent, if unanimously, certification is passed through.
9. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described service end is additionally operable to:Service end receives described operator's certificate, and service end extracts the public affairs in described operator's certificate Key, service end is decrypted to described first authentication data using described public key, obtains treating in described first authentication data and recognizes Card data clear text, compares data clear text to be certified and described first data to be certified in described first authentication data whether Cause, if unanimously, certification is passed through.
10. according to claim 6 a kind of authorize terminal is removed attack warning system it is characterised in that
Described first data to be certified is random number, and described second data to be certified at least includes:Terminal serial number, mainboard feature Code and random number.
CN201610768865.1A 2016-08-30 2016-08-30 Method for clearing attack alarm for terminal through authorization and system thereof Pending CN106408298A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610768865.1A CN106408298A (en) 2016-08-30 2016-08-30 Method for clearing attack alarm for terminal through authorization and system thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610768865.1A CN106408298A (en) 2016-08-30 2016-08-30 Method for clearing attack alarm for terminal through authorization and system thereof
PCT/CN2017/096829 WO2018040881A1 (en) 2016-08-30 2017-08-10 Method and system for authorizing to clear attack alarm for terminal

Publications (1)

Publication Number Publication Date
CN106408298A true CN106408298A (en) 2017-02-15

Family

ID=58002130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610768865.1A Pending CN106408298A (en) 2016-08-30 2016-08-30 Method for clearing attack alarm for terminal through authorization and system thereof

Country Status (2)

Country Link
CN (1) CN106408298A (en)
WO (1) WO2018040881A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018040881A1 (en) * 2016-08-30 2018-03-08 福建联迪商用设备有限公司 Method and system for authorizing to clear attack alarm for terminal
CN108416952A (en) * 2018-03-09 2018-08-17 上海商米科技有限公司 The alarm release method of POS terminal and apply its POS terminal, server and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server
US20140046789A1 (en) * 2012-08-09 2014-02-13 Ebay, Inc. Fast Transactions
CN103716794A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Two-way safety verification method and system based on portable device
CN103944728A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127111A (en) * 2006-08-18 2008-02-20 中信银行 Internet bank U disc KEY ciphering, authentication device and method
US20100031316A1 (en) * 2008-07-30 2010-02-04 International Business Machines Corporation System access log monitoring and reporting system
TW201108696A (en) * 2009-08-21 2011-03-01 Kinpo Elect Inc Account identification system, method and peripheral device of performing function thereof
CN105871915A (en) * 2016-06-07 2016-08-17 得理电子(上海)有限公司 Software network authentication binding method and system
CN106408298A (en) * 2016-08-30 2017-02-15 福建联迪商用设备有限公司 Method for clearing attack alarm for terminal through authorization and system thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server
US20140046789A1 (en) * 2012-08-09 2014-02-13 Ebay, Inc. Fast Transactions
CN103716794A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Two-way safety verification method and system based on portable device
CN103944728A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018040881A1 (en) * 2016-08-30 2018-03-08 福建联迪商用设备有限公司 Method and system for authorizing to clear attack alarm for terminal
CN108416952A (en) * 2018-03-09 2018-08-17 上海商米科技有限公司 The alarm release method of POS terminal and apply its POS terminal, server and system
CN108416952B (en) * 2018-03-09 2020-07-24 上海商米科技集团股份有限公司 Alarm relieving method of POS terminal, server and system applying alarm relieving method

Also Published As

Publication number Publication date
WO2018040881A1 (en) 2018-03-08

Similar Documents

Publication Publication Date Title
CN106372531B (en) A kind of mandate obtains terminal attack warning message log approach and system
CN104322003B (en) Cryptographic authentication and identification method using real-time encryption
CN101262349A (en) SMS-based identity authentication method and device
CN105933119A (en) Authentication method and device
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN102789607A (en) Network transaction method and system
CN103036681B (en) A kind of password safety keyboard device and system
CN101662469A (en) Method and system based on USBKey online banking trade information authentication
CN103914913A (en) Intelligent card application scene recognition method and system
WO2018133674A1 (en) Method of verifying and feeding back bank payment permission authentication information
CN104393993A (en) A security chip for electricity selling terminal and the realizing method
CN102468962A (en) Method for personal identity authentication utilizing a personal cryptographic device
CN106789024A (en) A kind of remote de-locking method, device and system
CN103944724A (en) User identity identification card
CN102281143B (en) Remote unlocking system of intelligent card
CN108323230B (en) Method for transmitting key, receiving terminal and distributing terminal
CN101140605A (en) Data safety reading method and safety storage apparatus thereof
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN106408298A (en) Method for clearing attack alarm for terminal through authorization and system thereof
CN106330877B (en) It is a kind of to authorize the method and system converted to the SOT state of termination
CN102571341B (en) A kind of Verification System based on dynamic image and authentication method
CN106357624B (en) A kind of security setting terminal system time method and system
CN103888259B (en) A kind of subscriber identification card
CN111181960A (en) Safety credit granting and signature system based on terminal equipment block chain application
KR101277198B1 (en) Secret key of password generating system and method using 2 dimensional barcode

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170215

RJ01 Rejection of invention patent application after publication