CN107980135A - The method and system that a kind of terminal random number occurs - Google Patents
The method and system that a kind of terminal random number occurs Download PDFInfo
- Publication number
- CN107980135A CN107980135A CN201780001454.2A CN201780001454A CN107980135A CN 107980135 A CN107980135 A CN 107980135A CN 201780001454 A CN201780001454 A CN 201780001454A CN 107980135 A CN107980135 A CN 107980135A
- Authority
- CN
- China
- Prior art keywords
- random number
- terminal
- true
- occurs
- seed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides the method and system that a kind of terminal random number occurs, and method includes:True random number is produced by hardware random number generator;True random number described in safe transmission is to terminal;Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.The present invention produces true random number by external hardware randomizer, and disperses substantial amounts of random number by pseudorandom number generator in this, as random number seed by its safe transmission to terminal, terminal.The present invention has and significantly reduces terminal cost, ensures the advantages that random number meets the requirement of unpredictability and randomness.
Description
Technical field
The present invention relates to terminal security field, particularly relates to the method and system that a kind of terminal random number occurs.
Background technology
Financial payment terminal is frequently necessary to use random number, such as:1. for generating key pair, according to Key Management Specification
Generating random number must be used, it is ensured that the content of key is unpredictable and can not detect;2. the process for encryption data
Data are filled, it is ensured that same be-encrypted data, the result encrypted every time is all different, so as to prevent playback from attacking
Hit;3. being used for identity authorization system, the opposing party of communication is sent to using random number as the challenge factor, it is desirable to which the opposing party returns
Correct response.The problem of effect of random number is to ensure that each challenge is " random ".
Common randomizer includes two kinds:Pseudorandom number generator and hardware random number generator.
Pseudorandom number generator, is to be realized by a kind of algorithm of pure software, according to the random number seed of input, presses
According to certain create-rule, to produce random number sequence.What the algorithm of this randomizer was usually fixed, such as standard
The pseudo random number function that C storehouses carry, if seed is fixed, the random number sequence generated is also fixed.
Hardware random number generator (English:Hardware random number generator), also it is true random number
Maker (English:True Random Number Generator, TRNG) be one kind by physical process rather than computer
Program generates the equipment of random digit, and such equipment, which is normally based on some, can generate that inferior grade, statistics are random " makes an uproar
The microphenomenon of sound " signal, such as thermodynamics noise, photoelectric effect and quantum appearance.These physical processes are complete in theory
It is uncertain, and have been obtained for the confirmation of experiment.These random signals, a series of random number by repeated sampling
Generated.
For the higher terminal of security requirement, for financial POS machine, no matter using pseudorandom number generator or hard
Part randomizer produces random number, all there are it is certain the defects of, be embodied in:
(1) pseudorandom number generator, is changeless since it produces the algorithm of random number and sequence, as long as energy
The random number seed of first time is enough got, then all random number sequences subsequently produced can be derived in theory, because hereafter
The characteristic of the random number " unpredictable " of continuous generation can not just be met.It is and " unpredictable in order to ensure random number seed
Property ", then need to be used as seed using random number, material is thus formed the antinomy of " first having chicken still first to have egg ".
Therefore, pseudo random number is usually applied to not be particularly severe occasion to security requirement, is arbitrarily set by software
A seed (such as using system time as seed) is put, but this seed can be analyzed and.It is whole for financial POS
For the higher equipment of security requirement such as end, then it can not meet the requirements.
(2) hardware random number generator, has the disadvantage that:
A. special hardware is needed as support, therefore can improve the hardware cost of terminal device;
B. hardware random number generator is sometimes not sufficiently stable, it is impossible to which the random number for ensuring to produce every time is all sufficiently random
, because the random signal such as noise of nature is not always so random always.It is sufficiently stable in order to ensure collecting
Random signal, generally require to carry out frequency reducing to CPU to realize, the speed of service of terminal can be influenced when generating random number.
The content of the invention
The technical problems to be solved by the invention are:There is provided the method and system that a kind of terminal random number occurs, it is ensured that institute
The unpredictability and randomness of the random number of generation.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
A kind of method that terminal random number occurs, including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
Another technical solution provided by the invention is:
The system that a kind of terminal random number occurs, including hardware random number generator, safe transmission module, and terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
The beneficial effects of the present invention are:The present invention by external hardware randomizer produce true random number, and by its
Safe transmission to terminal, terminal disperses substantial amounts of random number in this, as random number seed by pseudorandom number generator, full
Sufficient daily use demand.Terminal is using aforesaid way generation random number sequence, for manufacturer terminal, it is not necessary to again per station terminal
All built in hardware randomizers, need to only configure a hardware random number generator altogether can meet the requirements, so that significantly
Reduce the cost of terminal;Meanwhile random number seed and terminal evidence can ensure that as the random number seed of terminal using true random number
The unpredictability of the random number sequence of this generation;Further, the safety of random number seed is realized using safety communication technology
Injection, can ensure that the random number seed of every station terminal is all unpredictable and can not detect, so as to significantly improve random several
The security of son.The present invention has higher practicality in the higher terminal system of security requirement.
Brief description of the drawings
Fig. 1 is the flow diagram for the method that a kind of terminal random number of the present invention occurs;
Fig. 2 is the general diagram of random-number-generating system of the present invention;
Fig. 3 is the method flow schematic diagram of the embodiment of the present invention one;
Fig. 4 is the flow diagram of an embodiment of random number safe transmission in the embodiment of the present invention one;
Fig. 5 is that the terminal of the embodiment of the present invention two produces the concrete mode flow diagram of a large amount of random numbers;
Fig. 6 is the interaction schematic diagram between the modules of the random-number-generating system of the embodiment of the present invention four.
Label declaration:
1st, hardware random number generator;2nd, POS terminal;3rd, encrypting module;4th, communication module;
41st, communication module A;42nd, communication module B;
5th, deciphering module;6th, pseudorandom number generator;7th, random number sequence uses module.
Embodiment
The design of most critical of the present invention is:True random number is produced by external hardware randomizer, and by its safety
Terminal is transmitted to, terminal disperses substantial amounts of random number in this, as random number seed by pseudorandom number generator.The present invention
With terminal cost is significantly reduced, ensure the advantages that random number meets the requirement of unpredictability and randomness.
Fig. 1 and Fig. 2 is refer to, the present invention provides a kind of method that terminal random number occurs, including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
Further, true random number described in the safe transmission is specially to terminal storage:
Encrypt the true random number;
Terminal downloads obtain encrypted true random number;
Encrypted true random number described in terminal deciphering, obtains the true random number.
Seen from the above description, terminal is transferred to by way of coded communication, it is ensured that the peace of random number seed in terminal
Full property and unpredictability.
Further, true random number described in the safe transmission is specially to terminal:
Before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
Seen from the above description, true random number is just being obtained before terminal is dispatched from the factory under safe controlled environment, not to illegal point
The chance that son is stolen, is further ensured that the security and unpredictability of random number seed.
Further, it is described that true random number is produced by hardware random number generator, be specially:
The number of foundation terminal, by the true random number of hardware random number generator generation corresponding number and per station terminal only
One corresponds to.
Seen from the above description, for manufacturer terminal, saving every station terminal all needs built in hardware randomizer
The cost of module, only needs a set of hardware random number generator dedicated for producing the random number seed of all terminals, so that
Substantially reduce the hardware cost and maintenance cost of terminal.
Further, the true random number is the initial random number seed of terminal;
The method further includes:
The random number of predetermined word joint number is intercepted from the random number sequence as new random number seed;
Terminal produces new random number sequence by pseudorandom number generator according to the new random number seed.
Seen from the above description, self feed back pattern is employed, when terminal generates random number, from the random number generated first
Choose new seed of the random number of predetermined word joint number as generation random number next time in sequence, so constantly self feed back,
The process that whole random number produces can be allowed to become more random and unpredictable.
Further, the byte number for the random number sequence that terminal is produced according to the true random number is more than or equal to described default
Byte number.
Further, the predetermined word joint number is 8 bytes.
Seen from the above description, the random number sequence at least producing predetermined word joint number comes out, and can meet daily use, again
New random number seed can be obtained accordingly.
Further, further include:
Hardware random number generator and terminal obtain under safe controlled environment and store transmission protection key;
Hardware random number generator protects the true random number of plaintext version caused by key encryption using the transmission, obtains
To the true random number of ciphertext form.
Further, the terminal is produced by pseudorandom number generator using the true random number received as random number seed
Raw random number sequence, is specially:
Terminal receives the true random number of ciphertext form;
Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains in plain text
The true random number of form;
Terminal produces random number by pseudorandom number generator by random number seed of the true random number of the plaintext version
Sequence.
It can be seen from the above, make use of coded communication technology, that realizes random number seed safety is injected into terminal, it is ensured that every
The random number seed of terminal is unpredictable and can not detect, and ensure that the security of random number seed.
Further, the terminal is financial POS terminal.
It can be seen from the above, before the present invention has utilization well in the more demanding financial POS terminal of safety grades
Scape.
The present invention cleverly make use of the mode of " soft ", " hard " combination to produce random number, overcome existing pseudo random number
The drawbacks of generator and hardware random number generator, it is embodied in:
(1) since random number seed is derived from the hardware random number generator of outside, and communication process have passed through and add
Close processing, therefore the characteristic of " unpredictable " is met, solve the problems, such as that seed is detectable in pseudorandom number generator;
(2) a large amount of random numbers needed for terminal applies process, are mainly realized by software algorithm, and true random number is simply made
For seed, the shortcomings that hardware random number is unstable is thus overcome.For random number seed, since each terminal only needs to note
Enter once, be not the commission of especially severe on the time, therefore can carry out down conversion process to exterior real random number generator completely,
Allow it to collect sufficiently random signal and be used as seed, so that the further randomness of true random number caused by lifting.
(3) self feed back pattern is employed.When terminal generates random number sequence, chosen from newly-generated random number sequence
8 byte random numbers (if newly-generated random number sequence less than 8 bytes, also at least produces 8 byte random number sequences and comes out,
The part of needs is supplied to user), as the new seed for producing random number next time, so constantly self feed back can
To allow the process that whole random number produces to become more random and unpredictable.
(4) by the technology of the present invention, the random number sequence for the 128M bit being generated by it is acquired to terminal, passes through state
Dedicated random number analysis tool (such as STS-1.8 instruments of NIST) carries out analysis test on border, can test and pass through, thus
Demonstrate the validity of the randomizer.
Another technical solution provided by the invention is:
The system that a kind of terminal random number occurs, including hardware random number generator, safe transmission module, and terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
Further, the safe transmission module includes:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
Further, the safe transmission module, specifically for before terminal is dispatched from the factory, is downloaded pair by coded communication mode
The true random number answered is to terminal.
Further, the number of the terminal is more than two;
The hardware random number generator, specifically for the number according to terminal, is produced by hardware random number generator
The true random number of corresponding number is uniquely corresponding with per station terminal.
Further, the true random number that the hardware random number generator produces is the initial random number seed of terminal;
The terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as newly random several
Son;
The pseudorandom number generator, is additionally operable to produce new random number sequence according to the new random number seed.
Further, the pseudorandom number generator, specifically for according to the true random number produce byte number be more than etc.
In the random number sequence of the predetermined word joint number.
Further, the predetermined word joint number is 8 bytes.
Further, the hardware random number generator, is additionally operable to that transmission guarantor is obtained and stored under safe controlled environment
Key is protected, and the true random number of plaintext version caused by key encryption is protected using the transmission, obtains ciphertext form
True random number;
The terminal, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment.
Further, the terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for being solved using pre-stored transmission protection key to the true random number of the ciphertext form
It is close, obtain the true random number of plaintext version;
The pseudorandom number generator, specifically for using the true random number of the plaintext version as random number seed produce with
Machine Number Sequence.
Further, the terminal is financial POS terminal.
Embodiment one
Fig. 3 and Fig. 4 are refer to, the present embodiment provides a kind of method that terminal random number occurs, suitable for safety grades
More demanding terminal, such as financial POS terminal, for ensure the unpredictability of random number of terminal generation, randomness and
Validity;Meanwhile and terminal hardware cost and maintenance cost can be significantly reduced.
The present embodiment is illustrated so that terminal is financial POS terminal as an example.
The method of the present embodiment is based on an external hardware randomizer and some POS terminals are realized.Specifically
, including:
S1:True random number is produced by exterior hardware random number generator.
Specifically, the number of counterpart terminal, it is unique right to be responsible for every POS terminal generation by hardware random number generator
The random number seed answered, as initial random number seed.In the present embodiment, a POS terminal only need one it is initial random several
Son, negligible amounts, time are also looser.It is therefore preferable that carrying out down conversion process to the hardware random number generator, it is allowed to gather
Initial random number seed to sufficiently random signal as POS terminal, ensures the height random of initial random number seed with this
Property.
Preferably, exterior hardware random number generator once generates more than two true random numbers, to meet batch POS
The demand of terminal, rises to the efficiency of terminal distribution random number seed.
S2:True random number described in safe transmission is to terminal.
Preferably, the true random number that hardware random number generator produces is transferred to by POS terminal by coded communication mode,
To ensure the unpredictable of the initial random number seed of POS terminal and can not detect, ensure the security of initial random number seed.
Optionally, can be accomplished in the following manner:
S21:Hardware random number generator and terminal are obtained under safe controlled environment and secure storage transmission protection key.
Specifically, as shown in figure 4, under the controlled environment of safety, hardware random number generator and target POS terminal it
Between the identical transmission protection key Kp for meeting TDES (triple DES) requirements is set.Such as the POS of some banks
Need to give target POS (terminal of the present embodiment) download payment transactions under safe controlled environment using a mother POS by bank
Required key, can will protect key Kp for encrypting the TDES of initial random number seed transmission in passing during this time
Download together, to ensure the tight security and reliability of encrypted random number seed key.
S22:Hardware random number generator protects the truly random of plaintext version caused by key encryption using the transmission
Number, obtains the true random number of ciphertext form.
Specifically, as shown in figure 4, in exterior hardware random number generator (such as mother POS), transmitted using above-mentioned TDES
Key Kp is protected, using TDES Encryption Algorithm, the true random number (abbreviation plaintext P) of plaintext version is encrypted, after encryption
The true random number (abbreviation ciphertext C) of obtained ciphertext form is sent to target POS, the initial random number seed as target POS;
Wherein, C=TDES (Encrypt, Kp, P).
S23:Before terminal is dispatched from the factory, safety downloads corresponding encrypted true random number to terminal.
Optionally, corresponding S21 to S23, i.e., before target POS dispatches from the factory, safety downloads ciphertext C, and secure storage.
S3:Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed
Row.
Preferably, after terminal receives encrypted true random number, by decryption processing, true random number is obtained.
Optionally, corresponding S21 to S23, can be accomplished in the following manner:
S31:Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains
The true random number of plaintext version.
Specifically, as shown in figure 4, after target POS receives ciphertext C, protection key Kp is transmitted using TDES, utilizes TDES
Received ciphertext C is decrypted in decipherment algorithm, and data P1 is obtained after decryption (successful decryption is above-mentioned plaintext P);Wherein,
P1=TDES (Decrypt, Kp, C).
S32:Terminal by pseudorandom number generator, using the true random number of the plaintext version as random number seed produce with
Machine Number Sequence.
Specifically, using data P1 as the initial random number seed of this target POS, produced by software algorithm substantial amounts of
Random number, meets the needs of application.
Embodiment two
Fig. 5 is refer to, the present embodiment corresponds to embodiment one and further expands, and increase terminal produces the specific of a large amount of random numbers
Mode.
In the present embodiment, the step S32 of embodiment one is specifically included:
S321:Terminal produces a random number sequence using true random number as initial random number seed.
Specifically, using data P1 as initial random number seed, corresponding random number sequence is produced by software algorithm.It is preferred that
The total bytes of caused random number sequence are more than or equal to preset byte, such as 8 bytes.The installation warrants random number of preset byte
Depending on byte number needed for seed.
S322:The random number of the predetermined word joint number is intercepted from above-mentioned random number sequence as new random number seed.
If practice and the random number that predetermined word joint number need not be used, the required byte number of application is only provided
Random number.
S323:Terminal produces new random number sequence by pseudorandom number generator according to above-mentioned new random number seed.
In the present embodiment, i.e., the seed obtained from external hardware random number occurrence of equipment is used when producing first,
8 bytes directly are intercepted as new seed from the random number sequence of last time generation during follow-up generation, then utilize software algorithm
Carry out decentralized processing, the batch random number sequence needed.Continuous self feed back in this way, can allow whole random number to be produced
Century-old more random and unpredictable of raw process.
Embodiment three
The present embodiment corresponds to embodiment one, there is provided the system that a kind of terminal random number occurs, including a hardware random number
Generator, safe transmission module, and the terminal of some.Here, it is by the more demanding POS machine of safety grades of terminal
Example illustrates.
The hardware random number generator, for producing true random number;The true random number is initial random several for terminal
Son;
Preferably, the hardware random number generator, specifically for the number according to terminal, is occurred by hardware random number
The true random number that device produces corresponding number is uniquely corresponding with per station terminal.
Optionally, the hardware random number generator, is additionally operable to that transmission protection is obtained and stored under safe controlled environment
Key, and the true random number using plaintext version caused by the transmission protection key encryption, obtain the true of ciphertext form
Random number;
The safe transmission module, for true random number described in safe transmission to terminal;
Preferably, the safe transmission module, specifically for before terminal is dispatched from the factory, correspondence is downloaded by coded communication mode
True random number to terminal.
Optionally, the safe transmission module, specifically includes:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received;
Optionally, the terminal is additionally operable to that transmission protection key is obtained and stored under safe controlled environment;
The terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for being solved using pre-stored transmission protection key to the true random number of the ciphertext form
It is close, obtain the true random number of plaintext version;
The pseudorandom number generator, specifically for using the true random number of the plaintext version as random number seed produce with
Machine Number Sequence.
Optionally, the pseudorandom number generator, is additionally operable to produce new random number according to the new random number seed
Sequence.It is preferred that produce the random number sequence that byte number is more than or equal to the predetermined word joint number.The further preferred preset byte
Number is 8 bytes.
Optionally, the terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as newly random several
Son.
Example IV
The present embodiment corresponds to embodiment one and embodiment two, there is provided a random number system.
The system comprises the hardware random number occurrence of equipment and some POS terminals 2 of an outside.
As shown in fig. 6, whole random-number-generating system includes following several modules:
1st, exterior hardware random number occurrence of equipment
Included inside the equipment:
Hardware random number generator 1:It is responsible for producing random number seed by hardware, is then transmitted to encrypting module;
Encrypting module 3:The module is responsible for random number seed being encrypted, and obtains encrypted random number seed, then
The communication module A41 being transferred in communication module 4;
Communication module A 41:The module is responsible for encrypted random number seed being sent to every POS terminal;
2nd, POS terminal
The terminal inner includes:
Communication module B 42:The module is responsible for receiving encrypted random number seed from external random number occurrence of equipment, so
The deciphering module of POS terminal is transferred to afterwards;
Deciphering module 5:The module is responsible for that behaviour is decrypted to the encrypted random number seed obtained from communication module B
Make, obtain random number seed in plain text;
Pseudorandom number generator 6:The random number seed for being responsible for reading exterior write-in (is used from outside when producing first
The seed that random number occurrence of equipment obtains, directly 8 byte conducts are intercepted when subsequently producing from the random number sequence of last time generation
New seed), then decentralized processing, the batch random number sequence needed are carried out using software algorithm;
Random number sequence uses module 7:The module is responsible for that module reading batch random number sequence occurs from software random number,
The occasion being applied to.
In conclusion the method and system that a kind of terminal random number provided by the invention occurs, not only substantially reduce terminal
The hardware cost and maintenance cost of random number occurs;And ensure random number seed and the random number sequence that terminal accordingly generates
Unpredictability;Further, random number generating process realizes the Safety Injection of random number seed using safety communication technology,
It can ensure that the random number seed of every station terminal is all unpredictable and can not detect, significantly improve the peace of random number seed again
Quan Xing;Further, by self feed back pattern, the process that whole random number produces is allowed to become more random and unpredictable,
It is final to realize that terminal uses the height random of random number and unpredictable.The present invention is in the higher terminal system of security requirement
With higher practicality.
Claims (20)
1. a kind of method that terminal random number occurs, it is characterised in that including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
2. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that true described in the safe transmission
Random number is specially to terminal storage:
Encrypt the true random number;
Terminal downloads obtain encrypted true random number;
Encrypted true random number described in terminal deciphering, obtains the true random number.
3. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that true described in the safe transmission
Random number is specially to terminal:
Before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
4. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that described to pass through hardware random number
Generator produces true random number, is specially:
It is uniquely right by the true random number and every station terminal of hardware random number generator generation corresponding number according to the number of terminal
Should.
5. the method that a kind of terminal random number as described in claim 1 or 4 occurs, it is characterised in that the true random number is
The initial random number seed of terminal;
The method further includes:
The random number of predetermined word joint number is intercepted from the random number sequence as new random number seed;
Terminal produces new random number sequence by pseudorandom number generator according to the new random number seed.
6. the method that a kind of terminal random number as claimed in claim 5 occurs, it is characterised in that terminal is according to described truly random
The byte number for the random number sequence that number produces is more than or equal to the predetermined word joint number.
7. the method that a kind of terminal random number as described in claim 5 or 6 occurs, it is characterised in that the predetermined word joint number
For 8 bytes.
8. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that further include:
Hardware random number generator and terminal obtain under safe controlled environment and store transmission protection key;
Hardware random number generator protects the true random number of plaintext version caused by key encryption using the transmission, obtains close
The true random number of literary form.
9. the method that a kind of terminal random number as claimed in claim 8 occurs, it is characterised in that the terminal passes through pseudorandom
Number generator, produces random number sequence as random number seed using the true random number received, is specially:
Terminal receives the true random number of ciphertext form;
Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains plaintext version
True random number;
Terminal produces random number sequence by pseudorandom number generator by random number seed of the true random number of the plaintext version
Row.
10. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that the terminal is financial POS
Terminal.
A kind of 11. system that terminal random number occurs, it is characterised in that including hardware random number generator, safe transmission module,
And terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
12. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the safe transmission module
Including:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
13. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the safe transmission mould
Block, specifically for before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
14. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the number of the terminal is
More than two;
The hardware random number generator, specifically for the number according to terminal, correspondence is produced by hardware random number generator
The true random number of quantity is uniquely corresponding with per station terminal.
15. the system that a kind of terminal random number as described in claim 11 or 14 occurs, it is characterised in that the hardware is random
The true random number that number generator produces is the initial random number seed of terminal;
The terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as new random number seed;
The pseudorandom number generator, is additionally operable to produce new random number sequence according to the new random number seed.
16. the system that a kind of terminal random number as claimed in claim 15 occurs, it is characterised in that the pseudo random number occurs
Device, specifically for producing random number sequence of the byte number more than or equal to the predetermined word joint number according to the true random number.
17. the system that a kind of terminal random number as described in claim 15 or 16 occurs, it is characterised in that the preset byte
Number is 8 bytes.
18. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the hardware random number hair
Raw device, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment, and protects key to add using the transmission
The true random number of plaintext version, obtains the true random number of ciphertext form caused by close;
The terminal, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment.
19. the system that a kind of terminal random number as claimed in claim 18 occurs, it is characterised in that the terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for the true random number of the ciphertext form to be decrypted using pre-stored transmission protection key, is obtained
To the true random number of plaintext version;
The pseudorandom number generator, specifically for producing random number by random number seed of the true random number of the plaintext version
Sequence.
20. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the terminal is finance
POS terminal.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/108072 WO2019080109A1 (en) | 2017-10-27 | 2017-10-27 | Terminal random number generation method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107980135A true CN107980135A (en) | 2018-05-01 |
CN107980135B CN107980135B (en) | 2021-11-09 |
Family
ID=62006123
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201780001454.2A Active CN107980135B (en) | 2017-10-27 | 2017-10-27 | Method and system for generating random number of terminal |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107980135B (en) |
WO (1) | WO2019080109A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495266A (en) * | 2018-12-25 | 2019-03-19 | 北京字节跳动网络技术有限公司 | Data ciphering method and device based on random number |
CN111708762A (en) * | 2020-06-18 | 2020-09-25 | 北京金山云网络技术有限公司 | Authority authentication method and device and server equipment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124370B (en) * | 2021-10-14 | 2024-07-09 | 阿里云计算有限公司 | Key generation method and device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101097510A (en) * | 2006-06-26 | 2008-01-02 | 索尼株式会社 | Random number generating apparatus, random number generating control method, memory access control apparatus, and communication apparatus |
US20100030958A1 (en) * | 2007-12-23 | 2010-02-04 | Hitachi Global Storage Technologies Netherlands, B.V. | Random Number Generation For a Host System Using a Hard Disk Drive |
CN102566968A (en) * | 2010-12-10 | 2012-07-11 | 上海华虹集成电路有限责任公司 | Method for generating true random number |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN104317551A (en) * | 2014-10-17 | 2015-01-28 | 北京德加才科技有限公司 | Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system |
CN104636115A (en) * | 2013-11-14 | 2015-05-20 | 国家电网公司 | Post processing device and method for true random numbers |
CN104699451A (en) * | 2015-03-30 | 2015-06-10 | 河海大学 | True random number generation method |
CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
CN107133015A (en) * | 2017-04-11 | 2017-09-05 | 上海汇尔通信息技术有限公司 | A kind of random digit generation method and system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007026287A1 (en) * | 2005-08-30 | 2007-03-08 | Koninklijke Philips Electronics N.V. | Method and device for generating random number generator seeds |
CN100583754C (en) * | 2005-11-07 | 2010-01-20 | 北京浦奥得数码技术有限公司 | Pseudo-random number generation method |
CN105763327A (en) * | 2014-12-16 | 2016-07-13 | 上海华虹集成电路有限责任公司 | Safe random number generation method in intelligent card |
CN105426158B (en) * | 2015-12-09 | 2018-05-01 | 福州瑞芯微电子股份有限公司 | A kind of random-number generating method and its device |
-
2017
- 2017-10-27 WO PCT/CN2017/108072 patent/WO2019080109A1/en active Application Filing
- 2017-10-27 CN CN201780001454.2A patent/CN107980135B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101097510A (en) * | 2006-06-26 | 2008-01-02 | 索尼株式会社 | Random number generating apparatus, random number generating control method, memory access control apparatus, and communication apparatus |
US20100030958A1 (en) * | 2007-12-23 | 2010-02-04 | Hitachi Global Storage Technologies Netherlands, B.V. | Random Number Generation For a Host System Using a Hard Disk Drive |
CN102566968A (en) * | 2010-12-10 | 2012-07-11 | 上海华虹集成电路有限责任公司 | Method for generating true random number |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN104636115A (en) * | 2013-11-14 | 2015-05-20 | 国家电网公司 | Post processing device and method for true random numbers |
CN104317551A (en) * | 2014-10-17 | 2015-01-28 | 北京德加才科技有限公司 | Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system |
CN104699451A (en) * | 2015-03-30 | 2015-06-10 | 河海大学 | True random number generation method |
CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
CN107133015A (en) * | 2017-04-11 | 2017-09-05 | 上海汇尔通信息技术有限公司 | A kind of random digit generation method and system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495266A (en) * | 2018-12-25 | 2019-03-19 | 北京字节跳动网络技术有限公司 | Data ciphering method and device based on random number |
CN109495266B (en) * | 2018-12-25 | 2022-07-22 | 北京字节跳动网络技术有限公司 | Data encryption method and device based on random number |
CN111708762A (en) * | 2020-06-18 | 2020-09-25 | 北京金山云网络技术有限公司 | Authority authentication method and device and server equipment |
CN111708762B (en) * | 2020-06-18 | 2023-09-01 | 北京金山云网络技术有限公司 | Authority authentication method and device and server device |
Also Published As
Publication number | Publication date |
---|---|
CN107980135B (en) | 2021-11-09 |
WO2019080109A1 (en) | 2019-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1248100C (en) | Encryption communication system for generating passwords on basis of start information on both parties of communication | |
CN101355422B (en) | Novel authentication mechanism for encrypting vector | |
US8000473B2 (en) | Method and apparatus for generating cryptographic sets of instructions automatically and code generator | |
CN109104724B (en) | A kind of data ciphering method and device for device upgrade | |
US11728967B2 (en) | Dynamic masking | |
CN109067522B (en) | Random number verifiable secret sharing method | |
CN102138300A (en) | Message authentication code pre-computation with applications to secure memory | |
CN103532707A (en) | System and method for defining programmable processing steps applied when protecting the data | |
CN107980135A (en) | The method and system that a kind of terminal random number occurs | |
CN103532701A (en) | Encryption and decryption method for numeric type data | |
CN106664204A (en) | Differential power analysis countermeasures | |
KR20180037254A (en) | How to secure transactions from non-secure terminals | |
CN105978686A (en) | Key management method and system | |
CN100583754C (en) | Pseudo-random number generation method | |
CN101394398A (en) | Content protecting method and system oriented to terminal digital interface | |
CN104252604B (en) | Database based building block system type dynamic encryption method | |
CN100369017C (en) | Encrypt device and method for static RAM programmable gate array chip | |
CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
CN104392153A (en) | Software protection method and system | |
CN201655334U (en) | Nonvolatile memory protection system | |
CN103259646A (en) | Method for decrypting information based on satellite navigation system | |
CN109347630A (en) | A kind of tax controlling equipment cryptographic key distribution method and system | |
CN103729602B (en) | Utilize the method that power source management controller is encrypted protection to system | |
CN115102721B (en) | Encryption method for remote communication of intelligent internet of things meter | |
CN117850700B (en) | Method for controlling read-write of mobile storage medium file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |