CN107980135A - The method and system that a kind of terminal random number occurs - Google Patents

The method and system that a kind of terminal random number occurs Download PDF

Info

Publication number
CN107980135A
CN107980135A CN201780001454.2A CN201780001454A CN107980135A CN 107980135 A CN107980135 A CN 107980135A CN 201780001454 A CN201780001454 A CN 201780001454A CN 107980135 A CN107980135 A CN 107980135A
Authority
CN
China
Prior art keywords
random number
terminal
true
occurs
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780001454.2A
Other languages
Chinese (zh)
Other versions
CN107980135B (en
Inventor
彭波涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Publication of CN107980135A publication Critical patent/CN107980135A/en
Application granted granted Critical
Publication of CN107980135B publication Critical patent/CN107980135B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides the method and system that a kind of terminal random number occurs, and method includes:True random number is produced by hardware random number generator;True random number described in safe transmission is to terminal;Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.The present invention produces true random number by external hardware randomizer, and disperses substantial amounts of random number by pseudorandom number generator in this, as random number seed by its safe transmission to terminal, terminal.The present invention has and significantly reduces terminal cost, ensures the advantages that random number meets the requirement of unpredictability and randomness.

Description

The method and system that a kind of terminal random number occurs
Technical field
The present invention relates to terminal security field, particularly relates to the method and system that a kind of terminal random number occurs.
Background technology
Financial payment terminal is frequently necessary to use random number, such as:1. for generating key pair, according to Key Management Specification Generating random number must be used, it is ensured that the content of key is unpredictable and can not detect;2. the process for encryption data Data are filled, it is ensured that same be-encrypted data, the result encrypted every time is all different, so as to prevent playback from attacking Hit;3. being used for identity authorization system, the opposing party of communication is sent to using random number as the challenge factor, it is desirable to which the opposing party returns Correct response.The problem of effect of random number is to ensure that each challenge is " random ".
Common randomizer includes two kinds:Pseudorandom number generator and hardware random number generator.
Pseudorandom number generator, is to be realized by a kind of algorithm of pure software, according to the random number seed of input, presses According to certain create-rule, to produce random number sequence.What the algorithm of this randomizer was usually fixed, such as standard The pseudo random number function that C storehouses carry, if seed is fixed, the random number sequence generated is also fixed.
Hardware random number generator (English:Hardware random number generator), also it is true random number Maker (English:True Random Number Generator, TRNG) be one kind by physical process rather than computer Program generates the equipment of random digit, and such equipment, which is normally based on some, can generate that inferior grade, statistics are random " makes an uproar The microphenomenon of sound " signal, such as thermodynamics noise, photoelectric effect and quantum appearance.These physical processes are complete in theory It is uncertain, and have been obtained for the confirmation of experiment.These random signals, a series of random number by repeated sampling Generated.
For the higher terminal of security requirement, for financial POS machine, no matter using pseudorandom number generator or hard Part randomizer produces random number, all there are it is certain the defects of, be embodied in:
(1) pseudorandom number generator, is changeless since it produces the algorithm of random number and sequence, as long as energy The random number seed of first time is enough got, then all random number sequences subsequently produced can be derived in theory, because hereafter The characteristic of the random number " unpredictable " of continuous generation can not just be met.It is and " unpredictable in order to ensure random number seed Property ", then need to be used as seed using random number, material is thus formed the antinomy of " first having chicken still first to have egg ".
Therefore, pseudo random number is usually applied to not be particularly severe occasion to security requirement, is arbitrarily set by software A seed (such as using system time as seed) is put, but this seed can be analyzed and.It is whole for financial POS For the higher equipment of security requirement such as end, then it can not meet the requirements.
(2) hardware random number generator, has the disadvantage that:
A. special hardware is needed as support, therefore can improve the hardware cost of terminal device;
B. hardware random number generator is sometimes not sufficiently stable, it is impossible to which the random number for ensuring to produce every time is all sufficiently random , because the random signal such as noise of nature is not always so random always.It is sufficiently stable in order to ensure collecting Random signal, generally require to carry out frequency reducing to CPU to realize, the speed of service of terminal can be influenced when generating random number.
The content of the invention
The technical problems to be solved by the invention are:There is provided the method and system that a kind of terminal random number occurs, it is ensured that institute The unpredictability and randomness of the random number of generation.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
A kind of method that terminal random number occurs, including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
Another technical solution provided by the invention is:
The system that a kind of terminal random number occurs, including hardware random number generator, safe transmission module, and terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
The beneficial effects of the present invention are:The present invention by external hardware randomizer produce true random number, and by its Safe transmission to terminal, terminal disperses substantial amounts of random number in this, as random number seed by pseudorandom number generator, full Sufficient daily use demand.Terminal is using aforesaid way generation random number sequence, for manufacturer terminal, it is not necessary to again per station terminal All built in hardware randomizers, need to only configure a hardware random number generator altogether can meet the requirements, so that significantly Reduce the cost of terminal;Meanwhile random number seed and terminal evidence can ensure that as the random number seed of terminal using true random number The unpredictability of the random number sequence of this generation;Further, the safety of random number seed is realized using safety communication technology Injection, can ensure that the random number seed of every station terminal is all unpredictable and can not detect, so as to significantly improve random several The security of son.The present invention has higher practicality in the higher terminal system of security requirement.
Brief description of the drawings
Fig. 1 is the flow diagram for the method that a kind of terminal random number of the present invention occurs;
Fig. 2 is the general diagram of random-number-generating system of the present invention;
Fig. 3 is the method flow schematic diagram of the embodiment of the present invention one;
Fig. 4 is the flow diagram of an embodiment of random number safe transmission in the embodiment of the present invention one;
Fig. 5 is that the terminal of the embodiment of the present invention two produces the concrete mode flow diagram of a large amount of random numbers;
Fig. 6 is the interaction schematic diagram between the modules of the random-number-generating system of the embodiment of the present invention four.
Label declaration:
1st, hardware random number generator;2nd, POS terminal;3rd, encrypting module;4th, communication module;
41st, communication module A;42nd, communication module B;
5th, deciphering module;6th, pseudorandom number generator;7th, random number sequence uses module.
Embodiment
The design of most critical of the present invention is:True random number is produced by external hardware randomizer, and by its safety Terminal is transmitted to, terminal disperses substantial amounts of random number in this, as random number seed by pseudorandom number generator.The present invention With terminal cost is significantly reduced, ensure the advantages that random number meets the requirement of unpredictability and randomness.
Fig. 1 and Fig. 2 is refer to, the present invention provides a kind of method that terminal random number occurs, including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
Further, true random number described in the safe transmission is specially to terminal storage:
Encrypt the true random number;
Terminal downloads obtain encrypted true random number;
Encrypted true random number described in terminal deciphering, obtains the true random number.
Seen from the above description, terminal is transferred to by way of coded communication, it is ensured that the peace of random number seed in terminal Full property and unpredictability.
Further, true random number described in the safe transmission is specially to terminal:
Before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
Seen from the above description, true random number is just being obtained before terminal is dispatched from the factory under safe controlled environment, not to illegal point The chance that son is stolen, is further ensured that the security and unpredictability of random number seed.
Further, it is described that true random number is produced by hardware random number generator, be specially:
The number of foundation terminal, by the true random number of hardware random number generator generation corresponding number and per station terminal only One corresponds to.
Seen from the above description, for manufacturer terminal, saving every station terminal all needs built in hardware randomizer The cost of module, only needs a set of hardware random number generator dedicated for producing the random number seed of all terminals, so that Substantially reduce the hardware cost and maintenance cost of terminal.
Further, the true random number is the initial random number seed of terminal;
The method further includes:
The random number of predetermined word joint number is intercepted from the random number sequence as new random number seed;
Terminal produces new random number sequence by pseudorandom number generator according to the new random number seed.
Seen from the above description, self feed back pattern is employed, when terminal generates random number, from the random number generated first Choose new seed of the random number of predetermined word joint number as generation random number next time in sequence, so constantly self feed back, The process that whole random number produces can be allowed to become more random and unpredictable.
Further, the byte number for the random number sequence that terminal is produced according to the true random number is more than or equal to described default Byte number.
Further, the predetermined word joint number is 8 bytes.
Seen from the above description, the random number sequence at least producing predetermined word joint number comes out, and can meet daily use, again New random number seed can be obtained accordingly.
Further, further include:
Hardware random number generator and terminal obtain under safe controlled environment and store transmission protection key;
Hardware random number generator protects the true random number of plaintext version caused by key encryption using the transmission, obtains To the true random number of ciphertext form.
Further, the terminal is produced by pseudorandom number generator using the true random number received as random number seed Raw random number sequence, is specially:
Terminal receives the true random number of ciphertext form;
Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains in plain text The true random number of form;
Terminal produces random number by pseudorandom number generator by random number seed of the true random number of the plaintext version Sequence.
It can be seen from the above, make use of coded communication technology, that realizes random number seed safety is injected into terminal, it is ensured that every The random number seed of terminal is unpredictable and can not detect, and ensure that the security of random number seed.
Further, the terminal is financial POS terminal.
It can be seen from the above, before the present invention has utilization well in the more demanding financial POS terminal of safety grades Scape.
The present invention cleverly make use of the mode of " soft ", " hard " combination to produce random number, overcome existing pseudo random number The drawbacks of generator and hardware random number generator, it is embodied in:
(1) since random number seed is derived from the hardware random number generator of outside, and communication process have passed through and add Close processing, therefore the characteristic of " unpredictable " is met, solve the problems, such as that seed is detectable in pseudorandom number generator;
(2) a large amount of random numbers needed for terminal applies process, are mainly realized by software algorithm, and true random number is simply made For seed, the shortcomings that hardware random number is unstable is thus overcome.For random number seed, since each terminal only needs to note Enter once, be not the commission of especially severe on the time, therefore can carry out down conversion process to exterior real random number generator completely, Allow it to collect sufficiently random signal and be used as seed, so that the further randomness of true random number caused by lifting.
(3) self feed back pattern is employed.When terminal generates random number sequence, chosen from newly-generated random number sequence 8 byte random numbers (if newly-generated random number sequence less than 8 bytes, also at least produces 8 byte random number sequences and comes out, The part of needs is supplied to user), as the new seed for producing random number next time, so constantly self feed back can To allow the process that whole random number produces to become more random and unpredictable.
(4) by the technology of the present invention, the random number sequence for the 128M bit being generated by it is acquired to terminal, passes through state Dedicated random number analysis tool (such as STS-1.8 instruments of NIST) carries out analysis test on border, can test and pass through, thus Demonstrate the validity of the randomizer.
Another technical solution provided by the invention is:
The system that a kind of terminal random number occurs, including hardware random number generator, safe transmission module, and terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
Further, the safe transmission module includes:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
Further, the safe transmission module, specifically for before terminal is dispatched from the factory, is downloaded pair by coded communication mode The true random number answered is to terminal.
Further, the number of the terminal is more than two;
The hardware random number generator, specifically for the number according to terminal, is produced by hardware random number generator The true random number of corresponding number is uniquely corresponding with per station terminal.
Further, the true random number that the hardware random number generator produces is the initial random number seed of terminal;
The terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as newly random several Son;
The pseudorandom number generator, is additionally operable to produce new random number sequence according to the new random number seed.
Further, the pseudorandom number generator, specifically for according to the true random number produce byte number be more than etc. In the random number sequence of the predetermined word joint number.
Further, the predetermined word joint number is 8 bytes.
Further, the hardware random number generator, is additionally operable to that transmission guarantor is obtained and stored under safe controlled environment Key is protected, and the true random number of plaintext version caused by key encryption is protected using the transmission, obtains ciphertext form True random number;
The terminal, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment.
Further, the terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for being solved using pre-stored transmission protection key to the true random number of the ciphertext form It is close, obtain the true random number of plaintext version;
The pseudorandom number generator, specifically for using the true random number of the plaintext version as random number seed produce with Machine Number Sequence.
Further, the terminal is financial POS terminal.
Embodiment one
Fig. 3 and Fig. 4 are refer to, the present embodiment provides a kind of method that terminal random number occurs, suitable for safety grades More demanding terminal, such as financial POS terminal, for ensure the unpredictability of random number of terminal generation, randomness and Validity;Meanwhile and terminal hardware cost and maintenance cost can be significantly reduced.
The present embodiment is illustrated so that terminal is financial POS terminal as an example.
The method of the present embodiment is based on an external hardware randomizer and some POS terminals are realized.Specifically , including:
S1:True random number is produced by exterior hardware random number generator.
Specifically, the number of counterpart terminal, it is unique right to be responsible for every POS terminal generation by hardware random number generator The random number seed answered, as initial random number seed.In the present embodiment, a POS terminal only need one it is initial random several Son, negligible amounts, time are also looser.It is therefore preferable that carrying out down conversion process to the hardware random number generator, it is allowed to gather Initial random number seed to sufficiently random signal as POS terminal, ensures the height random of initial random number seed with this Property.
Preferably, exterior hardware random number generator once generates more than two true random numbers, to meet batch POS The demand of terminal, rises to the efficiency of terminal distribution random number seed.
S2:True random number described in safe transmission is to terminal.
Preferably, the true random number that hardware random number generator produces is transferred to by POS terminal by coded communication mode, To ensure the unpredictable of the initial random number seed of POS terminal and can not detect, ensure the security of initial random number seed.
Optionally, can be accomplished in the following manner:
S21:Hardware random number generator and terminal are obtained under safe controlled environment and secure storage transmission protection key.
Specifically, as shown in figure 4, under the controlled environment of safety, hardware random number generator and target POS terminal it Between the identical transmission protection key Kp for meeting TDES (triple DES) requirements is set.Such as the POS of some banks Need to give target POS (terminal of the present embodiment) download payment transactions under safe controlled environment using a mother POS by bank Required key, can will protect key Kp for encrypting the TDES of initial random number seed transmission in passing during this time Download together, to ensure the tight security and reliability of encrypted random number seed key.
S22:Hardware random number generator protects the truly random of plaintext version caused by key encryption using the transmission Number, obtains the true random number of ciphertext form.
Specifically, as shown in figure 4, in exterior hardware random number generator (such as mother POS), transmitted using above-mentioned TDES Key Kp is protected, using TDES Encryption Algorithm, the true random number (abbreviation plaintext P) of plaintext version is encrypted, after encryption The true random number (abbreviation ciphertext C) of obtained ciphertext form is sent to target POS, the initial random number seed as target POS; Wherein, C=TDES (Encrypt, Kp, P).
S23:Before terminal is dispatched from the factory, safety downloads corresponding encrypted true random number to terminal.
Optionally, corresponding S21 to S23, i.e., before target POS dispatches from the factory, safety downloads ciphertext C, and secure storage.
S3:Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed Row.
Preferably, after terminal receives encrypted true random number, by decryption processing, true random number is obtained.
Optionally, corresponding S21 to S23, can be accomplished in the following manner:
S31:Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains The true random number of plaintext version.
Specifically, as shown in figure 4, after target POS receives ciphertext C, protection key Kp is transmitted using TDES, utilizes TDES Received ciphertext C is decrypted in decipherment algorithm, and data P1 is obtained after decryption (successful decryption is above-mentioned plaintext P);Wherein, P1=TDES (Decrypt, Kp, C).
S32:Terminal by pseudorandom number generator, using the true random number of the plaintext version as random number seed produce with Machine Number Sequence.
Specifically, using data P1 as the initial random number seed of this target POS, produced by software algorithm substantial amounts of Random number, meets the needs of application.
Embodiment two
Fig. 5 is refer to, the present embodiment corresponds to embodiment one and further expands, and increase terminal produces the specific of a large amount of random numbers Mode.
In the present embodiment, the step S32 of embodiment one is specifically included:
S321:Terminal produces a random number sequence using true random number as initial random number seed.
Specifically, using data P1 as initial random number seed, corresponding random number sequence is produced by software algorithm.It is preferred that The total bytes of caused random number sequence are more than or equal to preset byte, such as 8 bytes.The installation warrants random number of preset byte Depending on byte number needed for seed.
S322:The random number of the predetermined word joint number is intercepted from above-mentioned random number sequence as new random number seed.
If practice and the random number that predetermined word joint number need not be used, the required byte number of application is only provided Random number.
S323:Terminal produces new random number sequence by pseudorandom number generator according to above-mentioned new random number seed.
In the present embodiment, i.e., the seed obtained from external hardware random number occurrence of equipment is used when producing first, 8 bytes directly are intercepted as new seed from the random number sequence of last time generation during follow-up generation, then utilize software algorithm Carry out decentralized processing, the batch random number sequence needed.Continuous self feed back in this way, can allow whole random number to be produced Century-old more random and unpredictable of raw process.
Embodiment three
The present embodiment corresponds to embodiment one, there is provided the system that a kind of terminal random number occurs, including a hardware random number Generator, safe transmission module, and the terminal of some.Here, it is by the more demanding POS machine of safety grades of terminal Example illustrates.
The hardware random number generator, for producing true random number;The true random number is initial random several for terminal Son;
Preferably, the hardware random number generator, specifically for the number according to terminal, is occurred by hardware random number The true random number that device produces corresponding number is uniquely corresponding with per station terminal.
Optionally, the hardware random number generator, is additionally operable to that transmission protection is obtained and stored under safe controlled environment Key, and the true random number using plaintext version caused by the transmission protection key encryption, obtain the true of ciphertext form Random number;
The safe transmission module, for true random number described in safe transmission to terminal;
Preferably, the safe transmission module, specifically for before terminal is dispatched from the factory, correspondence is downloaded by coded communication mode True random number to terminal.
Optionally, the safe transmission module, specifically includes:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received;
Optionally, the terminal is additionally operable to that transmission protection key is obtained and stored under safe controlled environment;
The terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for being solved using pre-stored transmission protection key to the true random number of the ciphertext form It is close, obtain the true random number of plaintext version;
The pseudorandom number generator, specifically for using the true random number of the plaintext version as random number seed produce with Machine Number Sequence.
Optionally, the pseudorandom number generator, is additionally operable to produce new random number according to the new random number seed Sequence.It is preferred that produce the random number sequence that byte number is more than or equal to the predetermined word joint number.The further preferred preset byte Number is 8 bytes.
Optionally, the terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as newly random several Son.
Example IV
The present embodiment corresponds to embodiment one and embodiment two, there is provided a random number system.
The system comprises the hardware random number occurrence of equipment and some POS terminals 2 of an outside.
As shown in fig. 6, whole random-number-generating system includes following several modules:
1st, exterior hardware random number occurrence of equipment
Included inside the equipment:
Hardware random number generator 1:It is responsible for producing random number seed by hardware, is then transmitted to encrypting module;
Encrypting module 3:The module is responsible for random number seed being encrypted, and obtains encrypted random number seed, then The communication module A41 being transferred in communication module 4;
Communication module A 41:The module is responsible for encrypted random number seed being sent to every POS terminal;
2nd, POS terminal
The terminal inner includes:
Communication module B 42:The module is responsible for receiving encrypted random number seed from external random number occurrence of equipment, so The deciphering module of POS terminal is transferred to afterwards;
Deciphering module 5:The module is responsible for that behaviour is decrypted to the encrypted random number seed obtained from communication module B Make, obtain random number seed in plain text;
Pseudorandom number generator 6:The random number seed for being responsible for reading exterior write-in (is used from outside when producing first The seed that random number occurrence of equipment obtains, directly 8 byte conducts are intercepted when subsequently producing from the random number sequence of last time generation New seed), then decentralized processing, the batch random number sequence needed are carried out using software algorithm;
Random number sequence uses module 7:The module is responsible for that module reading batch random number sequence occurs from software random number, The occasion being applied to.
In conclusion the method and system that a kind of terminal random number provided by the invention occurs, not only substantially reduce terminal The hardware cost and maintenance cost of random number occurs;And ensure random number seed and the random number sequence that terminal accordingly generates Unpredictability;Further, random number generating process realizes the Safety Injection of random number seed using safety communication technology, It can ensure that the random number seed of every station terminal is all unpredictable and can not detect, significantly improve the peace of random number seed again Quan Xing;Further, by self feed back pattern, the process that whole random number produces is allowed to become more random and unpredictable, It is final to realize that terminal uses the height random of random number and unpredictable.The present invention is in the higher terminal system of security requirement With higher practicality.

Claims (20)

1. a kind of method that terminal random number occurs, it is characterised in that including:
True random number is produced by hardware random number generator;
True random number described in safe transmission is to terminal;
Terminal produces random number sequence using the true random number received by pseudorandom number generator as random number seed.
2. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that true described in the safe transmission Random number is specially to terminal storage:
Encrypt the true random number;
Terminal downloads obtain encrypted true random number;
Encrypted true random number described in terminal deciphering, obtains the true random number.
3. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that true described in the safe transmission Random number is specially to terminal:
Before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
4. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that described to pass through hardware random number Generator produces true random number, is specially:
It is uniquely right by the true random number and every station terminal of hardware random number generator generation corresponding number according to the number of terminal Should.
5. the method that a kind of terminal random number as described in claim 1 or 4 occurs, it is characterised in that the true random number is The initial random number seed of terminal;
The method further includes:
The random number of predetermined word joint number is intercepted from the random number sequence as new random number seed;
Terminal produces new random number sequence by pseudorandom number generator according to the new random number seed.
6. the method that a kind of terminal random number as claimed in claim 5 occurs, it is characterised in that terminal is according to described truly random The byte number for the random number sequence that number produces is more than or equal to the predetermined word joint number.
7. the method that a kind of terminal random number as described in claim 5 or 6 occurs, it is characterised in that the predetermined word joint number For 8 bytes.
8. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that further include:
Hardware random number generator and terminal obtain under safe controlled environment and store transmission protection key;
Hardware random number generator protects the true random number of plaintext version caused by key encryption using the transmission, obtains close The true random number of literary form.
9. the method that a kind of terminal random number as claimed in claim 8 occurs, it is characterised in that the terminal passes through pseudorandom Number generator, produces random number sequence as random number seed using the true random number received, is specially:
Terminal receives the true random number of ciphertext form;
Terminal is decrypted the true random number of the ciphertext form using pre-stored transmission protection key, obtains plaintext version True random number;
Terminal produces random number sequence by pseudorandom number generator by random number seed of the true random number of the plaintext version Row.
10. the method that a kind of terminal random number as claimed in claim 1 occurs, it is characterised in that the terminal is financial POS Terminal.
A kind of 11. system that terminal random number occurs, it is characterised in that including hardware random number generator, safe transmission module, And terminal;
The hardware random number generator, for producing true random number;
The safe transmission module, for true random number described in safe transmission to terminal;
The terminal, including:
Pseudorandom number generator, for producing random number sequence as random number seed using the true random number received.
12. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the safe transmission module Including:
Encryption unit, positioned at hardware random number generator, for encrypting the true random number;
Download unit, positioned at terminal, encrypted true random number is obtained for terminal downloads;
Decryption unit, positioned at terminal, for encrypted true random number described in terminal deciphering, obtains the true random number.
13. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the safe transmission mould Block, specifically for before terminal is dispatched from the factory, corresponding true random number is downloaded to terminal by coded communication mode.
14. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the number of the terminal is More than two;
The hardware random number generator, specifically for the number according to terminal, correspondence is produced by hardware random number generator The true random number of quantity is uniquely corresponding with per station terminal.
15. the system that a kind of terminal random number as described in claim 11 or 14 occurs, it is characterised in that the hardware is random The true random number that number generator produces is the initial random number seed of terminal;
The terminal further includes:
Interception module, for intercepting the random number of predetermined word joint number from the random number sequence as new random number seed;
The pseudorandom number generator, is additionally operable to produce new random number sequence according to the new random number seed.
16. the system that a kind of terminal random number as claimed in claim 15 occurs, it is characterised in that the pseudo random number occurs Device, specifically for producing random number sequence of the byte number more than or equal to the predetermined word joint number according to the true random number.
17. the system that a kind of terminal random number as described in claim 15 or 16 occurs, it is characterised in that the preset byte Number is 8 bytes.
18. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the hardware random number hair Raw device, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment, and protects key to add using the transmission The true random number of plaintext version, obtains the true random number of ciphertext form caused by close;
The terminal, is additionally operable to that transmission protection key is obtained and stored under safe controlled environment.
19. the system that a kind of terminal random number as claimed in claim 18 occurs, it is characterised in that the terminal further includes:
Receiving module, for receiving the true random number of ciphertext form;
Deciphering module, for the true random number of the ciphertext form to be decrypted using pre-stored transmission protection key, is obtained To the true random number of plaintext version;
The pseudorandom number generator, specifically for producing random number by random number seed of the true random number of the plaintext version Sequence.
20. the system that a kind of terminal random number as claimed in claim 11 occurs, it is characterised in that the terminal is finance POS terminal.
CN201780001454.2A 2017-10-27 2017-10-27 Method and system for generating random number of terminal Active CN107980135B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/108072 WO2019080109A1 (en) 2017-10-27 2017-10-27 Terminal random number generation method and system

Publications (2)

Publication Number Publication Date
CN107980135A true CN107980135A (en) 2018-05-01
CN107980135B CN107980135B (en) 2021-11-09

Family

ID=62006123

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780001454.2A Active CN107980135B (en) 2017-10-27 2017-10-27 Method and system for generating random number of terminal

Country Status (2)

Country Link
CN (1) CN107980135B (en)
WO (1) WO2019080109A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495266A (en) * 2018-12-25 2019-03-19 北京字节跳动网络技术有限公司 Data ciphering method and device based on random number
CN111708762A (en) * 2020-06-18 2020-09-25 北京金山云网络技术有限公司 Authority authentication method and device and server equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124370B (en) * 2021-10-14 2024-07-09 阿里云计算有限公司 Key generation method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101097510A (en) * 2006-06-26 2008-01-02 索尼株式会社 Random number generating apparatus, random number generating control method, memory access control apparatus, and communication apparatus
US20100030958A1 (en) * 2007-12-23 2010-02-04 Hitachi Global Storage Technologies Netherlands, B.V. Random Number Generation For a Host System Using a Hard Disk Drive
CN102566968A (en) * 2010-12-10 2012-07-11 上海华虹集成电路有限责任公司 Method for generating true random number
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN104317551A (en) * 2014-10-17 2015-01-28 北京德加才科技有限公司 Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system
CN104636115A (en) * 2013-11-14 2015-05-20 国家电网公司 Post processing device and method for true random numbers
CN104699451A (en) * 2015-03-30 2015-06-10 河海大学 True random number generation method
CN105743654A (en) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 POS machine secret key remote downloading service system and secret key downloading method
CN107133015A (en) * 2017-04-11 2017-09-05 上海汇尔通信息技术有限公司 A kind of random digit generation method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007026287A1 (en) * 2005-08-30 2007-03-08 Koninklijke Philips Electronics N.V. Method and device for generating random number generator seeds
CN100583754C (en) * 2005-11-07 2010-01-20 北京浦奥得数码技术有限公司 Pseudo-random number generation method
CN105763327A (en) * 2014-12-16 2016-07-13 上海华虹集成电路有限责任公司 Safe random number generation method in intelligent card
CN105426158B (en) * 2015-12-09 2018-05-01 福州瑞芯微电子股份有限公司 A kind of random-number generating method and its device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101097510A (en) * 2006-06-26 2008-01-02 索尼株式会社 Random number generating apparatus, random number generating control method, memory access control apparatus, and communication apparatus
US20100030958A1 (en) * 2007-12-23 2010-02-04 Hitachi Global Storage Technologies Netherlands, B.V. Random Number Generation For a Host System Using a Hard Disk Drive
CN102566968A (en) * 2010-12-10 2012-07-11 上海华虹集成电路有限责任公司 Method for generating true random number
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN104636115A (en) * 2013-11-14 2015-05-20 国家电网公司 Post processing device and method for true random numbers
CN104317551A (en) * 2014-10-17 2015-01-28 北京德加才科技有限公司 Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system
CN104699451A (en) * 2015-03-30 2015-06-10 河海大学 True random number generation method
CN105743654A (en) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 POS machine secret key remote downloading service system and secret key downloading method
CN107133015A (en) * 2017-04-11 2017-09-05 上海汇尔通信息技术有限公司 A kind of random digit generation method and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495266A (en) * 2018-12-25 2019-03-19 北京字节跳动网络技术有限公司 Data ciphering method and device based on random number
CN109495266B (en) * 2018-12-25 2022-07-22 北京字节跳动网络技术有限公司 Data encryption method and device based on random number
CN111708762A (en) * 2020-06-18 2020-09-25 北京金山云网络技术有限公司 Authority authentication method and device and server equipment
CN111708762B (en) * 2020-06-18 2023-09-01 北京金山云网络技术有限公司 Authority authentication method and device and server device

Also Published As

Publication number Publication date
CN107980135B (en) 2021-11-09
WO2019080109A1 (en) 2019-05-02

Similar Documents

Publication Publication Date Title
CN1248100C (en) Encryption communication system for generating passwords on basis of start information on both parties of communication
CN101355422B (en) Novel authentication mechanism for encrypting vector
US8000473B2 (en) Method and apparatus for generating cryptographic sets of instructions automatically and code generator
CN109104724B (en) A kind of data ciphering method and device for device upgrade
US11728967B2 (en) Dynamic masking
CN109067522B (en) Random number verifiable secret sharing method
CN102138300A (en) Message authentication code pre-computation with applications to secure memory
CN103532707A (en) System and method for defining programmable processing steps applied when protecting the data
CN107980135A (en) The method and system that a kind of terminal random number occurs
CN103532701A (en) Encryption and decryption method for numeric type data
CN106664204A (en) Differential power analysis countermeasures
KR20180037254A (en) How to secure transactions from non-secure terminals
CN105978686A (en) Key management method and system
CN100583754C (en) Pseudo-random number generation method
CN101394398A (en) Content protecting method and system oriented to terminal digital interface
CN104252604B (en) Database based building block system type dynamic encryption method
CN100369017C (en) Encrypt device and method for static RAM programmable gate array chip
CN109194467A (en) A kind of safe transmission method and system of encryption data
CN104392153A (en) Software protection method and system
CN201655334U (en) Nonvolatile memory protection system
CN103259646A (en) Method for decrypting information based on satellite navigation system
CN109347630A (en) A kind of tax controlling equipment cryptographic key distribution method and system
CN103729602B (en) Utilize the method that power source management controller is encrypted protection to system
CN115102721B (en) Encryption method for remote communication of intelligent internet of things meter
CN117850700B (en) Method for controlling read-write of mobile storage medium file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant