CN106961326A - POS terminal remote cipher key more new system and update method - Google Patents
POS terminal remote cipher key more new system and update method Download PDFInfo
- Publication number
- CN106961326A CN106961326A CN201611197724.5A CN201611197724A CN106961326A CN 106961326 A CN106961326 A CN 106961326A CN 201611197724 A CN201611197724 A CN 201611197724A CN 106961326 A CN106961326 A CN 106961326A
- Authority
- CN
- China
- Prior art keywords
- key
- pos terminal
- terminal
- remote cipher
- cipher key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/202—Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/206—Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The present invention relates to POS terminal remote cipher key more new system and update method.The system possesses:POS terminal and remote cipher key management system, POS terminal is used to provide terminal device information and merchant information and for generating transmission public key and transmission private key and transmission public key being supplied into remote cipher key management system to remote cipher key management system in registration phase, it is used for the more new key that terminal device information and merchant information are submitted to remote cipher key management system and issued when receiving the more new key issued using transmission private key decryption in the more new stage, remote cipher key management system is used to generate terminal device fingerprint according to terminal device information in registration phase, and public key will be transmitted, device-fingerprint information and merchant information three set up binding relationship, it is used for the legitimacy that POS terminal is judged according to the binding relationship in the more new stage, in the case where judging POS terminal to be legal, public key encryption more new key and sent using transmission to POS terminal.
Description
Technical field
The present invention relates to computer communication technology, more particularly to POS terminal remote cipher key more new system and renewal side
Method.
Background technology
With the technology progress of POS terminal, the function and performance of POS terminal, which have, greatly to be lifted, but in POS
Terminal key management aspect still uses traditional management mode, and the production and distribution to POS terminal cause inconvenience.
The following several ways of main method of current POS terminal key updating:
(1)POS terminal master key based on female POS is downloaded;
(2)The factory mode of master key is injected when being produced by POS terminal manufacturer;
(3)The remote cipher key of injection transmission key updates when being produced by POS terminal manufacturer.
There are following weak points in these modes:
(1)Based on female POS scheme, live it can only be completed by manual type, efficiency is low, and subsequent upgrade inconvenience;
(2)It is injection master key by the POS terminal manufacturer production era, has strict demand to POS terminal production environment, and require
POS terminal determines that the use object of terminal finally, and subsequent upgrade inconvenience in production;
(3)It is injection transmission key by the POS terminal manufacturer production era, has strict demand to POS terminal production environment, and need
POS terminal manufacturer production system and POS terminal issuer system docking.
The content of the invention
In order to solve the above problems, it is an object of the invention to propose a kind of independent of POS terminal manufacturer and terminal hair
The POS terminal remote cipher key more new system and update method of the participation of row mechanism.
The POS terminal remote cipher key update method of the present invention, this method is real by POS terminal and remote cipher key management system
It is existing, it is characterised in that including:
Registration phase, POS terminal provides terminal device information and merchant information, remote cipher key management to remote cipher key management system
System generates terminal device fingerprint according to terminal device information, and POS terminal generation transmits public key and transmission private key and will transmission public affairs
Key is supplied to remote cipher key management system, wherein, remote cipher key management system will transmit public key, device-fingerprint information and trade company's letter
Breath three sets up binding relationship;And
Terminal device information and merchant information are submitted to remote cipher key management system, remote cipher key pipe by more new stage, POS terminal
Reason system judges the legitimacy of the POS terminal according to the binding relationship, is judging the POS terminal as legal situation
Under, using the transmission public key encryption more new key and send to POS terminal, POS terminal is using under the transmission private key decryption
The more new key of hair.
Preferably, the registration phase includes:
Two-way authentication step, POS terminal sets up escape way with remote cipher key management system through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key management system by device-fingerprint information generation step, POS terminal
System, remote cipher key management system is based on terminal device information and generates device-fingerprint information;And
Key is transmitted step, POS terminal generation transmission public key and transmission private key are provided and transmission public key is supplied into remote cipher key
The transmission public key received, device-fingerprint information and merchant information three are set up and tied up by management system, remote cipher key management system
Determine relation.
Preferably, the more new stage includes:
Two-way authentication step, POS terminal sets up escape way with remote cipher key management system through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key management system by equipment validity determination step, POS terminal,
Remote cipher key management system judges the legitimacy of the POS terminal according to the stored binding relationship;
Delivering key step is updated, in the case where judging the POS terminal to be legal, remote cipher key management system is using transmission
Public key encryption more new key is simultaneously handed down to POS terminal;And
Update secret key decryption step, the more new key that POS terminal is issued using transmission private key decryption.
Preferably, in the device-fingerprint information generation step, remote cipher key management system is based on terminal device information
Device-fingerprint information is generated using regulation algorithm and device-fingerprint information bank is set up, wherein, the device-fingerprint information is used for only
One mark POS terminal.
Preferably, step is provided in the transmission key, transmission public key and biography is generated at random in the security module of POS terminal
Defeated private key, remote cipher key management system is supplied to by the transmission public key, and the transmission private key is stored to the safe mould of POS terminal
The secure storage areas of block.
Preferably, the equipment validity determination step includes following sub-steps:
Terminal device information and merchant information are uploaded to remote cipher key management system by POS terminal;
Remote cipher key management system obtains terminal device fingerprint according to facility information;
The merchant information corresponding to terminal device fingerprint is searched in the device-fingerprint information bank;
Judge whether the merchant information uploaded is consistent with the corresponding merchant information of terminal device fingerprint stored, if unanimously
Then legal POS terminal, is otherwise determined as illegal POS terminal.
The POS terminal remote cipher key more new system of the present invention, the system possesses:POS terminal and remote cipher key management system,
Characterized in that,
The POS terminal registration phase be used for remote cipher key management system provide terminal device information and merchant information and
For generating transmission public key and transmission private key and transmission public key being supplied into remote cipher key management system, being used in the more new stage will
Terminal device information and merchant information are submitted to remote cipher key management system and are receiving what remote cipher key management system was issued
The more new key issued during more new key using the transmission private key decryption,
The remote cipher key management system is used to generate terminal device fingerprint according to terminal device information in registration phase, and will
Transmission public key, device-fingerprint information and merchant information three set up binding relationship, are used to be closed according to the binding in the more new stage
System judges the legitimacy of the POS terminal, in the case where judging the POS terminal to be legal, using transmission public key encryption more
New key is simultaneously sent to POS terminal.
Preferably, the remote cipher key management system receives the terminal device information that POS terminal transmission comes in registration phase
It is submitted to remote cipher key management system with merchant information and generates device-fingerprint information according to terminal device information and set up equipment and refers to
Line information bank, wherein, the device-fingerprint information is used for unique mark POS terminal.
Preferably, the POS terminal possesses:
First safety communication service module, for carrying out two-way authentication between remote cipher key management system;
Terminal information acquisition module, the western information related to terminal device fingerprint end message and merchant information for gathering;With
And
Terminal key management module, generation and transmission and the download of more new key and decryption for realizing transmission key,
The remote cipher key management system possesses:
Second safety communication service module, for carrying out two-way authentication between POS terminal;
Remote cipher key management module, for realizing the management of transmission key and encryption and the download management of more new key;And
Device management module, the device authentication based on terminal device fingerprint for collection terminal information and realization.
Preferably, the terminal key management module possesses:
Terminal transmission key management submodule, generation and transmission for realizing transmission key;And
Terminal updates key management module, for the download and decryption of more new key,
The remote cipher key management module possesses:
Remote transmission key management submodule, the management for realizing transmission key;And
It is long-range to update key management submodule, the encryption of more new key and download management.
Preferably, the terminal key management module is arranged on the security module of POS terminal.
The POS terminal of the present invention, communication can be carried out between remote cipher key management system and carries out remote cipher key renewal, its
It is characterised by possessing:
First safety communication service module, for carrying out two-way authentication between remote cipher key management system;
Terminal information acquisition module, for acquisition terminal device-fingerprint information and merchant information;And
Terminal key management module, generation and transmission and the download of more new key and decryption for realizing transmission key.
Preferably, the terminal key management module is arranged on the security module in POS terminal.
The terminal key management module possesses:
Terminal transmission key management submodule, generation and transmission for realizing transmission key;And
Terminal updates key management module, download and decryption for more new key.
As described above, the POS terminal remote cipher key more new system and POS terminal remote cipher key update method of the present invention
In, terminal device fingerprint is generated using based on POS terminal information, unique identification is carried out to POS terminal with terminal device fingerprint,
Binding relationship is set up by terminal device fingerprint, merchant information and transmission public key three, can effectively solve the problem that pseudo-terminal is recognized
The problem of.Remote cipher key is used as by the terminal key management module random asymmetries key in its security module in POS terminal
Encrypted transmission key(Above referred to as transmit key), the terminal key of remote download is encrypted by asymmetric public key, by POS
Terminal key management module is decrypted by asymmetric privacy keys in the security module of terminal, and the key in key download procedure adds
Close and transmission needs not rely on the support of manufacturer terminal and terminal issuer so that terminal distribution process is more flexible,
It is easy to follow-up terminal key updating maintenance.
Brief description of the drawings
Fig. 1 is the organigram for representing the POS terminal remote cipher key more new system of the present invention.
Fig. 2 is the flow chart for an embodiment for representing the POS terminal remote cipher key update method of the present invention.
Embodiment
What is be described below is the certain applications scene in multiple embodiments of the invention, it is desirable to provide to the base of the present invention
This understanding.It is not intended as the crucial or conclusive key element for confirming the present invention or limits scope of the claimed.
The present invention proposes a kind of POS terminal remote cipher key more new system and update method.The POS terminal of the present invention is remote
The POS terminal that journey key updating system includes remote cipher key management system and supports remote cipher key to download.POS terminal and long-range close
Key management system sets up escape way by bidirectional identity authentication, and it is soft that POS terminal provides POS terminal to remote cipher key management system
Hardware information, remote cipher key management system sets up POS terminal device-fingerprint storehouse according to POS terminal software and hardware information, and POS terminal is led to
Remote cipher key download could be carried out after the registration of remote cipher key management system by crossing device-fingerprint, and POS terminal is managed in remote cipher key
During system registry, random asymmetries key is generated as remote cipher key encrypted transmission key by POS terminal security module, it is asymmetric
Transmission public key is supplied to remote cipher key management system, and asymmetric transmission secret key and private key is stored in security module by POS terminal
Secure storage areas, when needing to carry out the renewal of POS terminal remote cipher key, terminal key is passed through POS by remote cipher key management system
POS terminal is transmitted to by escape way after the corresponding asymmetric transmission public key encryption of terminal, by POS terminal using asymmetric
The secure storage areas of security module is stored in after transmission secret key and private key decryption.
It is specifically described below for the construction of the POS terminal remote cipher key more new system of the present invention.
Fig. 1 is the organigram for representing the POS terminal remote cipher key more new system of the present invention.
As shown in figure 1, the POS terminal remote cipher key more new system of the present invention possesses:POS terminal 100 and remote cipher key pipe
Reason system 200.
POS terminal 100 is used to provide terminal device information to remote cipher key management system 200 in registration phase and trade company believes
Cease and for generating transmission public key and transmission private key and transmission public key being supplied into remote cipher key management system 200, updating
Stage is used to terminal device information and merchant information are submitted into remote cipher key management system 200 and remote cipher key pipe is being received
The more new key issued during the more new key that reason system 200 is issued using transmission private key decryption.
Remote cipher key management system 200 is used for according to the terminal device information generation from POS terminal 100 in registration phase
Terminal device fingerprint simultaneously sets up device-fingerprint information bank, wherein, the device-fingerprint information is used for unique mark POS terminal, and
And transmission public key, device-fingerprint information and merchant information three are set up into binding relationship, it is used to tie up according in the more new stage
The legitimacy that relation judges POS terminal is determined, in the case where judging POS terminal to be legal, using transmission public key encryption more Xinmi City
Key is simultaneously sent to POS terminal.
POS terminal possesses 100:First safety communication service module 110, between remote cipher key management system 200
Carry out two-way authentication;Terminal information acquisition module 120, for acquisition terminal device-fingerprint information and merchant information;And terminal
Key management module 130, for transmitting the generation and transmission of key and the download and decryption of more new key.
Wherein, the terminal key management module 130 is arranged in the safety zone in POS terminal 100.The terminal is close
Key management module 130 possesses:Terminal transmission key management submodule 131, generation and transmission for realizing transmission key;And
Terminal updates key management submodule 132, download and decryption for more new key.
Remote cipher key management system 200 possesses:Second safety communication service module 210, between POS terminal 100
Carry out two-way authentication;Device management module 220, for collection terminal information and realization, the equipment based on terminal device fingerprint is recognized
Card;And remote cipher key management module 230, for realizing that the management of transmission key and the encryption of more new key are managed with downloading
Reason.
Wherein, device management module 220 possesses:End message for collecting with management terminal information manages submodule
221 and for realizing the device authentication submodule 222 of the device authentication based on terminal device fingerprint.
Remote cipher key management module 230 possesses:For the transmission key management submodule 231 for the management for realizing transmission key
And for realizing the encryption of more new key and the key download management submodule 232 of download management.
The POS terminal remote cipher key update method to the present invention is illustrated below.The POS terminal remote cipher key of the present invention
Update method can substantially be divided into for two megastages:
(1)Registration phase
POS terminal 100 provides terminal device information and merchant information, remote cipher key management system to remote cipher key management system 200
System 200 generates terminal device fingerprint according to terminal device information, and POS terminal 100 generates asymmetrical transmission public key and transmission is private
Transmission public key is simultaneously supplied to remote cipher key management system 200 by key, wherein, remote cipher key management system 200 will be transmitted public key, be set
Standby finger print information and merchant information three set up binding relationship;And
(2)The more new stage
Terminal device information and merchant information are submitted to remote cipher key management system 200, remote cipher key management by POS terminal 100
System 200 judges the legitimacy of POS terminal 100 according to above-mentioned binding relationship, in the case where judging POS terminal to be legal, adopts
With transmitting public key encryption more new key and sending to POS terminal 100, POS terminal 100 decrypts the renewal issued using transmission private key
Key, completes the renewal of key.
Wherein, comprise the steps in registration phase:
Two-way authentication step, POS terminal 100 sets up escape way with remote cipher key management system 200 through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key and managed by device-fingerprint information generation step, POS terminal 100
System 200, remote cipher key management system 200 is based on terminal device information and generates device-fingerprint information and set up device-fingerprint information
Storehouse, wherein, the device-fingerprint information is used for unique mark POS terminal;And
Transmit key and step is provided, POS terminal 100 generates asymmetrical transmission public key and transmission private key and provides transmission public key
To remote cipher key management system 200, remote cipher key management system 200 is by the transmission public key received, device-fingerprint information and business
Family information three sets up binding relationship.
Comprise the steps in the more new stage:
Two-way authentication step, POS terminal 100 sets up escape way with remote cipher key management system 200 through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key management system by equipment validity determination step, POS terminal 100
System 200, remote cipher key management system 200 judges the legitimacy of the POS terminal according to the stored binding relationship;
Delivering key step is updated, in the case where judging the POS terminal to be legal, remote cipher key management system 200 is used
Transmission public key encryption more new key is simultaneously handed down to POS terminal 100;And
Update secret key decryption step, the more new key that POS terminal 100 is issued using transmission private key decryption.
Fig. 2 is the flow chart for an embodiment for representing the POS terminal remote cipher key update method of the present invention.Then,
Reference picture 2 is illustrated for the idiographic flow of an embodiment of the POS terminal remote cipher key update method of the present invention.
As shown in Fig. 2 in the step s 100, the request of POS terminal 100 carries out authentication, in step S101, it is long-range close
Key management system 200 waits the connection of terminal.In step s 102, body of the remote cipher key management system 200 to POS terminal 100
Part is verified, if entering step S104 if by authentication in step s 103, otherwise terminates flow and enters step
Rapid S111.
In step S04, POS terminal 100 submits end message to remote cipher key management system 200(Including terminal device
Fingerprint)And merchant information.In step S105, remote cipher key management system 200 receives the end message from POS terminal
(Include terminal device fingerprint), judge whether terminal device fingerprint has been registered, it is no into step S109 if having registered
Then enter step S106.
In step s 106, end message is added device-fingerprint storehouse and asks POS terminal by remote cipher key management system 200
100 upload transfers keys.Then, into step S107.
In step S107, the generation asymmetric transmission public key of POS terminal 100 and private key, and asymmetric public key is submitted to
Remote cipher key management system 200.Then, in step S108, terminal device fingerprint and terminal merchant information and transmission are completed
The foundation of the binding relationship of public key.
In step S109, the terminal device information that remote cipher key management system 200 is uploaded based on POS terminal 100 is at end
Corresponding binding relationship is searched in end equipment fingerprint base(The device-fingerprint information that is stored in remote cipher key management system 200, business
Family information and the binding relationship of asymmetric transmission public key three), found according to binding relationship corresponding to the terminal device fingerprint
Merchant information, the merchant information that the checking POS terminal 100 of remote cipher key management system 200 is uploaded whether with the trade company bound
Information is consistent, and step S110 is entered if consistent, and flow is terminated into step S113 if inconsistent.
In step s 110, remote cipher key management system 200 uses asymmetric transmission corresponding with the device-fingerprint information
Terminal key of the public key for POS terminal 100 to be handed down to(Alternatively referred to as more new key)It is encrypted.Then, in step
In S111, the terminal key for the encryption that POS terminal 100 is issued by asymmetric transmission private key to remote cipher key management system 200
It is decrypted and is stored in the safety zone of POS terminal 100.Terminate flow in step S112.
The present invention POS terminal remote cipher key more new system and POS terminal remote cipher key update method in, using based on
POS terminal information generates terminal device fingerprint, carries out unique identification to POS terminal with terminal device fingerprint, is set by terminal
Standby fingerprint, merchant information and transmission public key three set up binding relationship, can effectively solve the problem that the problem of pseudo-terminal is recognized.
It is close as remote cipher key encrypted transmission by the terminal key management module random asymmetries key in its security module in POS terminal
Key(Above referred to as transmit key), the terminal key of remote download is encrypted by asymmetric public key, by the safety of POS terminal
Terminal key management module is decrypted by asymmetric privacy keys in module, and the key encryption and transmission in key download procedure are not
Need the support of dependence manufacturer terminal and terminal issuer so that terminal distribution process is more flexible, also allows for follow-up end
Key updating is held to safeguard.
Wherein, in registration phase and more new stage, POS terminal and remote cipher key management system need to carry out two-way to recognize
Card, therefore ensures that the safety of communication.Moreover, carrying out registration phase in POS terminal, POS terminal is carried to remote cipher key management system
For terminal device information and merchant information, the asymmetrical transmission public key of POS terminal generation simultaneously uploads to remote cipher key management system.
That is, in registration phase, trade company first using terminal when be automatically performed registration, independent of manufacturer or mechanism, it is not necessary to
Factory pre-set certificate, key etc., or completed by institution staff, any restrictive condition is not present in terminal distribution.Moreover,
When terminal master key is downloaded, by the asymmetric-key encryption of registration phase, POS terminal is issued to, POS terminal receives rear root
Decrypted according to the unsymmetrical key of registration phase, storage so that terminal distribution process is more flexible, safety.
Example above primarily illustrates the POS terminal remote cipher key more new system and POS terminal remote cipher key of the present invention
Update method.Although only the embodiment to some of present invention is described, ordinary skill people
Member is it is to be appreciated that the present invention can be without departing from its spirit with implementing in scope in many other forms.Therefore, shown
Example is considered as illustrative and not restrictive with embodiment, is not departing from this hair as defined in appended claims
In the case of bright spirit and scope, the present invention may cover various modifications and replacement.
Claims (13)
1. a kind of POS terminal remote cipher key update method, this method realizes that it is special by POS terminal and remote cipher key management system
Levy and be, including:
Registration phase, POS terminal provides terminal device information and merchant information, remote cipher key management to remote cipher key management system
System generates terminal device fingerprint according to terminal device information, and POS terminal generation transmits public key and transmission private key and will transmission public affairs
Key is supplied to remote cipher key management system, wherein, remote cipher key management system will transmit public key, device-fingerprint information and trade company's letter
Breath three sets up binding relationship;And
Terminal device information and merchant information are submitted to remote cipher key management system, remote cipher key pipe by more new stage, POS terminal
Reason system judges the legitimacy of the POS terminal according to the binding relationship, is judging the POS terminal as legal situation
Under, using the transmission public key encryption more new key and send to POS terminal, POS terminal is using under the transmission private key decryption
The more new key of hair.
2. POS terminal remote cipher key update method as claimed in claim 1, it is characterised in that
The registration phase includes:
Two-way authentication step, POS terminal sets up escape way with remote cipher key management system through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key management system by device-fingerprint information generation step, POS terminal
System, remote cipher key management system is based on terminal device information and generates device-fingerprint information;And
Key is transmitted step, POS terminal generation transmission public key and transmission private key are provided and transmission public key is supplied into remote cipher key
The transmission public key received, device-fingerprint information and merchant information three are set up and tied up by management system, remote cipher key management system
Determine relation.
3. POS terminal remote cipher key update method as claimed in claim 2, it is characterised in that
The more new stage includes:
Two-way authentication step, POS terminal sets up escape way with remote cipher key management system through two-way authentication;
Terminal device information and merchant information are submitted to remote cipher key management system by equipment validity determination step, POS terminal,
Remote cipher key management system judges the legitimacy of the POS terminal according to the stored binding relationship;
Delivering key step is updated, in the case where judging the POS terminal to be legal, remote cipher key management system is using transmission
Public key encryption more new key is simultaneously handed down to POS terminal;And
Update secret key decryption step, the more new key that POS terminal is issued using transmission private key decryption.
4. POS terminal remote cipher key update method as claimed in claim 3, it is characterised in that
In the device-fingerprint information generation step, remote cipher key management system is based on terminal device information using regulation algorithm
Generation device-fingerprint information simultaneously sets up device-fingerprint information bank, wherein, it is whole that the device-fingerprint information is used for unique mark POS
End.
5. POS terminal remote cipher key update method as claimed in claim 5, it is characterised in that
Step is provided in the transmission key, transmission public key and transmission private key are generated at random in the security module of POS terminal, by institute
State transmission public key and be supplied to remote cipher key management system, the safety of the security module of the transmission private key storage POS terminal is deposited
Storage area.
6. POS terminal remote cipher key update method as claimed in claim 3, it is characterised in that
The equipment validity determination step includes following sub-steps:
Terminal device information and merchant information are uploaded to remote cipher key management system by POS terminal;
Remote cipher key management system obtains terminal device fingerprint according to facility information;
The merchant information corresponding to terminal device fingerprint is searched in the device-fingerprint information bank;
Judge whether the merchant information uploaded is consistent with the corresponding merchant information of terminal device fingerprint stored, if unanimously
Then legal POS terminal, is otherwise determined as illegal POS terminal.
7. a kind of POS terminal remote cipher key more new system, the system possesses:POS terminal and remote cipher key management system, its feature
It is,
The POS terminal registration phase be used for remote cipher key management system provide terminal device information and merchant information and
For generating transmission public key and transmission private key and transmission public key being supplied into remote cipher key management system, being used in the more new stage will
Terminal device information and merchant information are submitted to remote cipher key management system and are receiving what remote cipher key management system was issued
The more new key issued during more new key using the transmission private key decryption,
The remote cipher key management system is used to generate terminal device fingerprint according to terminal device information in registration phase, and will
Transmission public key, device-fingerprint information and merchant information three set up binding relationship, are used to be closed according to the binding in the more new stage
System judges the legitimacy of the POS terminal, in the case where judging the POS terminal to be legal, using transmission public key encryption more
New key is simultaneously sent to POS terminal.
8. POS terminal remote cipher key more new system as claimed in claim 7, it is characterised in that
The remote cipher key management system receives the next terminal device information of POS terminal transmission in registration phase and merchant information is carried
Remote cipher key management system is sent to generate device-fingerprint information according to terminal device information and set up device-fingerprint information bank, its
In, the device-fingerprint information is used for unique mark POS terminal.
9. POS terminal remote cipher key more new system as claimed in claim 8, it is characterised in that
The POS terminal possesses:
First safety communication service module, for carrying out two-way authentication between remote cipher key management system;
Terminal information acquisition module, the western information related to terminal device fingerprint end message and merchant information for gathering;With
And
Terminal key management module, generation and transmission and the download of more new key and decryption for realizing transmission key,
The remote cipher key management system possesses:
Second safety communication service module, for carrying out two-way authentication between POS terminal;
Remote cipher key management module, for realizing the management of transmission key and encryption and the download management of more new key;And
Device management module, the device authentication based on terminal device fingerprint for collection terminal information and realization.
10. POS terminal remote cipher key more new system as claimed in claim 9, it is characterised in that
The terminal key management module possesses:
Terminal transmission key management submodule, generation and transmission for realizing transmission key;And
Terminal renewal key management module, the download and decryption of module more new key,
The remote cipher key management module possesses:
Remote transmission key management submodule, the management for realizing transmission key;And
It is long-range to update key management submodule, the encryption of more new key and download management.
11. POS terminal remote cipher key more new system as claimed in claim 10, it is characterised in that
The terminal key management module is arranged on the security module of POS terminal.
12. a kind of POS terminal, communication can be carried out between remote cipher key management system and carries out remote cipher key renewal, its feature
It is to possess:
First safety communication service module, for carrying out two-way authentication between remote cipher key management system;
Terminal information acquisition module, for gathering and terminal device fingerprint end message and merchant information;And
Terminal key management module, generation and transmission and the download of more new key and decryption for realizing transmission key.
13. POS terminal as claimed in claim 12, it is characterised in that
The terminal key management module is arranged in the security module in POS terminal,
The terminal key management module possesses:
Terminal transmission key management submodule, generation and transmission for realizing transmission key;And
Terminal updates key management module, the download and decryption of module more new key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611197724.5A CN106961326A (en) | 2016-12-22 | 2016-12-22 | POS terminal remote cipher key more new system and update method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611197724.5A CN106961326A (en) | 2016-12-22 | 2016-12-22 | POS terminal remote cipher key more new system and update method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106961326A true CN106961326A (en) | 2017-07-18 |
Family
ID=59480889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611197724.5A Pending CN106961326A (en) | 2016-12-22 | 2016-12-22 | POS terminal remote cipher key more new system and update method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106961326A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107733647A (en) * | 2017-12-08 | 2018-02-23 | 前海联大(深圳)技术有限公司 | A kind of key updating method based on PKI security systems |
| CN109561046A (en) * | 2017-09-26 | 2019-04-02 | 中兴通讯股份有限公司 | A kind of method and device of converged communication public account content-encrypt |
| CN109617672A (en) * | 2018-12-27 | 2019-04-12 | 八维通科技有限公司 | A kind of novel filling code key method |
| CN113645221A (en) * | 2021-08-06 | 2021-11-12 | 中国工商银行股份有限公司 | Encryption method, device, equipment, storage medium and computer program |
| CN115102737A (en) * | 2022-06-15 | 2022-09-23 | 交通运输通信信息集团有限公司 | ESAM remote issuing method and system for traffic all-purpose card |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110103589A1 (en) * | 2008-05-29 | 2011-05-05 | China Iwncomm Co., Ltd. | Key distributing method, public key of key distribution centre online updating method and device |
| CN104954123A (en) * | 2014-03-28 | 2015-09-30 | 中国银联股份有限公司 | Intelligent POS terminal main key updating system and updating method |
| CN105225112A (en) * | 2014-06-20 | 2016-01-06 | 中国电信股份有限公司 | Mobile payment authorization method and server |
| CN105281896A (en) * | 2014-07-17 | 2016-01-27 | 深圳华智融科技有限公司 | Secret key POS machine activation method and system based on elliptical curve algorithm |
| CN106027247A (en) * | 2016-07-29 | 2016-10-12 | 宁夏丝路通网络支付有限公司北京分公司 | Method for remotely issuing POS key |
-
2016
- 2016-12-22 CN CN201611197724.5A patent/CN106961326A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110103589A1 (en) * | 2008-05-29 | 2011-05-05 | China Iwncomm Co., Ltd. | Key distributing method, public key of key distribution centre online updating method and device |
| CN104954123A (en) * | 2014-03-28 | 2015-09-30 | 中国银联股份有限公司 | Intelligent POS terminal main key updating system and updating method |
| CN105225112A (en) * | 2014-06-20 | 2016-01-06 | 中国电信股份有限公司 | Mobile payment authorization method and server |
| CN105281896A (en) * | 2014-07-17 | 2016-01-27 | 深圳华智融科技有限公司 | Secret key POS machine activation method and system based on elliptical curve algorithm |
| CN106027247A (en) * | 2016-07-29 | 2016-10-12 | 宁夏丝路通网络支付有限公司北京分公司 | Method for remotely issuing POS key |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109561046A (en) * | 2017-09-26 | 2019-04-02 | 中兴通讯股份有限公司 | A kind of method and device of converged communication public account content-encrypt |
| CN107733647A (en) * | 2017-12-08 | 2018-02-23 | 前海联大(深圳)技术有限公司 | A kind of key updating method based on PKI security systems |
| CN109617672A (en) * | 2018-12-27 | 2019-04-12 | 八维通科技有限公司 | A kind of novel filling code key method |
| CN113645221A (en) * | 2021-08-06 | 2021-11-12 | 中国工商银行股份有限公司 | Encryption method, device, equipment, storage medium and computer program |
| CN115102737A (en) * | 2022-06-15 | 2022-09-23 | 交通运输通信信息集团有限公司 | ESAM remote issuing method and system for traffic all-purpose card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108564353B (en) | Payment system and method based on block chain | |
| CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
| CN106059869B (en) | A kind of internet of things intelligent household equipment safety control method and system | |
| CN107113315B (en) | Identity authentication method, terminal and server | |
| US10949843B2 (en) | Methods and systems for conjugated authentication and authorization | |
| CN106961326A (en) | POS terminal remote cipher key more new system and update method | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN103067914B (en) | Be present in the mobile confidence platform (MTP) on WTRU | |
| CN100533456C (en) | Security code production method and methods of using the same, and programmable device therefor | |
| CN105162599B (en) | A kind of data transmission system and its transmission method | |
| US20140286491A1 (en) | Radio frequency identification technology incorporating cryptographics | |
| CN106330442B (en) | Identity authentication method, device and system | |
| KR20180129028A (en) | Methods and system for managing personal information based on programmable blockchain and one-id | |
| EP2448170A1 (en) | Cryptogram-key distribution system | |
| US20120155636A1 (en) | On-Demand Secure Key Generation | |
| CN105847247A (en) | Authentication system and working method thereof | |
| JP2010226336A (en) | Authentication method and authentication apparatus | |
| CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
| CN103400269A (en) | Smart community home gateway-based safety payment method | |
| CN102801730A (en) | Information protection method and device for communication and portable devices | |
| CN104301011B (en) | Method and system for realizing voice encryption communication between bluetooth devices | |
| CN101860525A (en) | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal | |
| CN109992994A (en) | A kind of personnel file management method and system based on block chain | |
| US20160357954A1 (en) | Method for controlling access to a production system of a computer system not connected to an information system of said computer system | |
| CN110045970A (en) | A kind of Distributed die on-line rewriting method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170718 |