CN107980135B - Method and system for generating random number of terminal - Google Patents
Method and system for generating random number of terminal Download PDFInfo
- Publication number
- CN107980135B CN107980135B CN201780001454.2A CN201780001454A CN107980135B CN 107980135 B CN107980135 B CN 107980135B CN 201780001454 A CN201780001454 A CN 201780001454A CN 107980135 B CN107980135 B CN 107980135B
- Authority
- CN
- China
- Prior art keywords
- random number
- terminal
- true
- seed
- generator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention provides a method and a system for generating terminal random numbers, wherein the method comprises the following steps: generating true random numbers through a hardware random number generator; the true random number is transmitted to a terminal safely; and the terminal generates a random number sequence by using the received true random number as a random number seed through a pseudo-random number generator. The invention generates true random numbers by an external hardware random number generator, and safely transmits the true random numbers to the terminal, and the terminal takes the true random numbers as random number seeds to disperse a large number of random numbers by the pseudo random number generator. The invention has the advantages of obviously reducing the terminal cost, ensuring that the random number meets the requirements of unpredictability and randomness and the like.
Description
Technical Field
The invention relates to the field of terminal security, in particular to a method and a system for generating a terminal random number.
Background
Financial payment terminals often require the use of random numbers, such as: 1. the method is used for generating a key pair, random numbers are required to be generated according to a key management specification, and the content of the key is ensured to be unpredictable and undetectable; 2. the process for encrypting the data is used for filling the data, so that the same data to be encrypted is ensured, and the encrypted results are different every time, thereby preventing replay attack; 3. for an identity authentication system, a random number is used as a challenge factor to send to the other party of the communication, and the other party is required to return a correct response. The role of the random number is to ensure that the problem of each challenge is "random".
Common random number generators include two types: a pseudo-random number generator and a hardware random number generator.
The pseudo-random number generator is realized by a pure software algorithm, and generates a random number sequence according to a certain generation rule according to an input random number seed. The algorithm of such random number generators is usually fixed, such as the pseudo-random number function of the standard C library itself, and if the seed is fixed, the generated random number sequence is also fixed.
Hardware Random Number generators (english: hard Random Number generators) and also True Random Number Generators (TRNGs) are devices that generate Random numbers by physical processes rather than by computer programs, such devices being usually based on some microscopic phenomena that generate low-level, statistically Random "noise" signals, such as thermodynamic noise, photoelectric effects and quantum phenomena. These physical processes are completely unpredictable in theory and have been experimentally confirmed. By repeatedly sampling these random signals, a series of random numbers are generated.
For a terminal with higher security requirement, such as a financial POS machine, no matter a pseudo-random number generator or a hardware random number generator is adopted to generate random numbers, certain defects exist, and are embodied in that:
(1) since the algorithm and sequence of the pseudo-random number generator for generating random numbers are fixed and invariable, as long as the first random number seed can be obtained, all the subsequently generated random number sequences can be derived theoretically, and the characteristics of unpredictable subsequently generated random numbers cannot be met. To ensure the "unpredictability" of random seed, it is necessary to use random seed, which creates the paradox of "prior chicken or prior egg".
Thus, pseudo-random numbers are often used where security requirements are not particularly stringent, with a seed being set at will by software (e.g., system time as the seed), but this seed can be analyzed. For devices with high security requirements, such as financial POS terminals, the requirements cannot be met.
(2) The hardware random number generator has the following disadvantages:
a. special hardware is needed to be used as a support, so that the hardware cost of the terminal equipment is increased;
b. hardware random number generators are sometimes not sufficiently stable to ensure that the random numbers generated each time are sufficiently random, because random signals such as noise from nature are not always so random. In order to ensure that a sufficiently stable random signal is collected, the CPU often needs to be down-converted, and the operation speed of the terminal is affected when a random number is generated.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a method and system for generating random numbers of a terminal are provided to ensure unpredictability and randomness of generated random numbers.
In order to solve the technical problems, the invention adopts the technical scheme that:
a method for terminal random number generation, comprising:
generating true random numbers through a hardware random number generator;
the true random number is transmitted to a terminal safely;
and the terminal generates a random number sequence by using the received true random number as a random number seed through a pseudo-random number generator.
The invention provides another technical scheme as follows:
a system for generating random number of a terminal comprises a hardware random number generator, a secure transmission module and the terminal;
the hardware random number generator is used for generating true random numbers;
the safe transmission module is used for safely transmitting the true random number to a terminal;
the terminal, including:
and the pseudo-random number generator is used for generating a random number sequence by taking the received true random number as a random number seed.
The invention has the beneficial effects that: the invention generates true random numbers by an external hardware random number generator, and safely transmits the true random numbers to the terminal, and the terminal takes the true random numbers as a random number seed to disperse a large number of random numbers by the pseudo random number generator, thereby meeting the daily application requirements. The terminal generates the random number sequence by adopting the mode, and for a terminal manufacturer, a hardware random number generator is not required to be arranged in each terminal, and the requirement can be met by only configuring one hardware random number generator in total, so that the cost of the terminal is greatly reduced; meanwhile, the true random number is used as the random number seed of the terminal, so that the unpredictability of the random number seed and the random number sequence generated by the terminal can be ensured; furthermore, the safe injection of the random number seeds is realized by utilizing a safe communication technology, and the random number seeds of each terminal can be ensured to be unpredictable and undetectable, so that the safety of the random number seeds is obviously improved. The invention has higher practicability in a terminal system with higher safety requirement.
Drawings
FIG. 1 is a flow chart illustrating a method for generating random numbers of a terminal according to the present invention;
FIG. 2 is a general block diagram of a random number generation system of the present invention;
FIG. 3 is a flowchart illustrating a method according to a first embodiment of the present invention;
FIG. 4 is a flowchart illustrating a secure random number transmission according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a specific manner of generating a large number of random numbers by a terminal according to a second embodiment of the present invention;
fig. 6 is a schematic diagram of interaction among modules of a random number generation system according to a fourth embodiment of the present invention.
Description of reference numerals:
1. a hardware random number generator; 2. a POS terminal; 3. an encryption module; 4. a communication module;
41. a communication module A; 42. a communication module B;
5. a decryption module; 6. a pseudo-random number generator; 7. the random number sequence uses the module.
Detailed Description
The most key concept of the invention is as follows: the external hardware random number generator generates true random numbers and transmits the true random numbers to the terminal safely, and the terminal is used as a random number seed to disperse a large number of random numbers through the pseudo-random number generator. The invention has the advantages of obviously reducing the terminal cost, ensuring that the random number meets the requirements of unpredictability and randomness and the like.
Referring to fig. 1 and fig. 2, the present invention provides a method for generating a terminal random number, including:
generating true random numbers through a hardware random number generator;
the true random number is transmitted to a terminal safely;
and the terminal generates a random number sequence by using the received true random number as a random number seed through a pseudo-random number generator.
Further, the secure transmission of the true random number to a terminal for storage specifically includes:
encrypting the true random number;
the terminal downloads and obtains the encrypted true random number;
and the terminal decrypts the encrypted true random number to obtain the true random number.
As can be seen from the above description, the random number seed is transmitted to the terminal by means of encrypted communication, so as to ensure the security and unpredictability of the random number seed in the terminal.
Further, the secure transmission of the true random number to the terminal specifically includes:
before the terminal leaves the factory, the corresponding true random number is downloaded to the terminal in an encrypted communication mode.
According to the description, the true random number is obtained in a safe and controlled environment before the terminal leaves a factory, so that the opportunity of stealing illegal molecules is avoided, and the safety and unpredictability of the random number seed are further ensured.
Further, the generating of the true random number by the hardware random number generator specifically includes:
and generating a corresponding number of true random numbers by a hardware random number generator according to the number of the terminals, wherein the true random numbers are uniquely corresponding to each terminal.
It can be known from the above description that for a terminal manufacturer, the cost that each terminal needs to be provided with a built-in hardware random number generator module is saved, and only one set of hardware random number generator is needed to be specially used for generating random numbers of all terminals, so that the hardware cost and the maintenance cost of the terminal are greatly reduced.
Further, the true random number is an initial random number seed of the terminal;
the method further comprises the following steps:
intercepting a random number with preset byte number from the random number sequence as a new random number seed;
and the terminal generates a new random number sequence according to the new random number seed through a pseudo-random number generator.
It can be known from the above description that the self-feedback mode is adopted, and when the terminal generates the random number, the random number with the preset number of bytes is selected from the random number sequence generated for the first time as a new seed for generating the next random number, so that the continuous self-feedback can change the whole process of generating the random number into more random and unpredictable.
Further, the number of bytes of the random number sequence generated by the terminal according to the true random number is greater than or equal to the preset number of bytes.
Further, the preset number of bytes is 8 bytes.
According to the description, at least the random number sequence with the preset byte number is generated, so that the daily application can be met, and the new random number seeds can be obtained.
Further, the method also comprises the following steps:
the hardware random number generator and the terminal acquire and store the transmission protection key in a safe and controlled environment;
and the hardware random number generator encrypts the generated true random number in the form of the plaintext by using the transmission protection key to obtain the true random number in the form of the ciphertext.
Further, the terminal generates a random number sequence by using the received true random number as a random number seed through a pseudo-random number generator, specifically:
the terminal receives true random numbers in a ciphertext form;
the terminal decrypts the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of a plaintext;
and the terminal generates a random number sequence by using the true random number in the plaintext form as a random number seed through a pseudo-random number generator.
Therefore, the encryption communication technology is utilized, the random number seeds are safely injected into the terminals, the random number seeds of each terminal are ensured to be unpredictable and undetectable, and the safety of the random number seeds is ensured.
Further, the terminal is a financial POS terminal.
Therefore, the method has a good application prospect in financial POS terminals with higher security level requirements.
The invention ingeniously utilizes a mode of combining 'soft' and 'hard' to generate random numbers, overcomes the defects of the existing pseudo-random number generator and hardware random number generator, and is specifically embodied in that:
(1) because the random number seed is from an external hardware random number generator and the communication process is encrypted, the unpredictable characteristic is met, and the problem that the seed in the pseudo-random number generator can be detected is solved;
(2) a large number of random numbers required in the terminal application process are mainly realized through a software algorithm, and the true random numbers are only used as seeds, so that the defect that the hardware random numbers are unstable is overcome. For random number seeds, because each terminal only needs to be injected once and is not a particularly serious commission in time, the frequency reduction processing can be completely carried out on the external true random number generator, and the external true random number generator acquires enough random signals to serve as seeds, so that the randomness of the generated true random numbers is further improved.
(3) A self-feedback mode is employed. When the terminal generates the random number sequence, 8 bytes of random numbers are selected from the newly generated random number sequence (if the newly generated random number sequence is less than 8 bytes, at least 8 bytes of random number sequence is generated, and the required part is provided for a user) to be used as a new seed for generating the next random number, so that the continuous self-feedback can ensure that the whole random number generation process becomes more random and unpredictable.
(4) By the technology of the invention, the terminal collects the 128M bit random number sequence generated by the terminal, and the random number sequence is analyzed and tested by an international special random number analysis tool (such as STS-1.8 tool of NIST), so that the random number generator can be tested to pass, and the effectiveness of the random number generator is proved.
The invention provides another technical scheme as follows:
a system for generating random number of a terminal comprises a hardware random number generator, a secure transmission module and the terminal;
the hardware random number generator is used for generating true random numbers;
the safe transmission module is used for safely transmitting the true random number to a terminal;
the terminal, including:
and the pseudo-random number generator is used for generating a random number sequence by taking the received true random number as a random number seed.
Further, the secure transmission module includes:
the encryption unit is positioned on the hardware random number generator and used for encrypting the true random number;
the downloading unit is positioned at the terminal and used for the terminal to download and obtain the encrypted true random number;
and the decryption unit is positioned at the terminal and used for decrypting the encrypted true random number by the terminal to obtain the true random number.
Further, the secure transmission module is specifically configured to download the corresponding true random number to the terminal in an encrypted communication manner before the terminal leaves the factory.
Furthermore, the number of the terminals is more than two;
the hardware random number generator is specifically used for generating a corresponding number of true random numbers through the hardware random number generator according to the number of the terminals, and the true random numbers are uniquely corresponding to each terminal.
Further, the true random number generated by the hardware random number generator is an initial random number seed of the terminal;
the terminal further comprises:
the intercepting module is used for intercepting a random number with preset byte number from the random number sequence as a new random number seed;
the pseudo-random number generator is also used for generating a new random number sequence according to the new random number seed.
Further, the pseudo-random number generator is specifically configured to generate a random number sequence with a number of bytes greater than or equal to the preset number of bytes according to the true random number.
Further, the preset number of bytes is 8 bytes.
Further, the hardware random number generator is further configured to obtain and store a transmission protection key in a secure controlled environment, and encrypt the generated true random number in the form of a plaintext by using the transmission protection key to obtain a true random number in the form of a ciphertext;
and the terminal is also used for acquiring and storing the transmission protection key in a safe and controlled environment.
Further, the terminal further includes:
the receiving module is used for receiving the true random number in the form of the ciphertext;
the decryption module is used for decrypting the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of the plaintext;
the pseudo-random number generator is specifically used for generating random number sequences by taking the true random numbers in the plaintext form as random number seeds.
Further, the terminal is a financial POS terminal.
Example one
Referring to fig. 3 and fig. 4, the present embodiment provides a method for generating a terminal random number, which is suitable for a terminal with a higher security level requirement, such as a financial POS terminal, and is used to ensure unpredictability, randomness and validity of the random number generated by the terminal; meanwhile, the hardware cost and the maintenance cost of the terminal can be obviously reduced.
The present embodiment is described by taking the terminal as a financial POS terminal as an example.
The method of the embodiment is realized based on an external hardware random number generator and a plurality of POS terminals. Specifically, the method comprises the following steps:
s1: true random numbers are generated by an external hardware random number generator.
Specifically, the number of the corresponding terminals is responsible for generating a unique corresponding random number seed for each POS terminal as an initial random number seed through a hardware random number generator. In this embodiment, only one initial random number seed is needed for one POS terminal, which has a small number and a loose time. Therefore, the hardware random number generator is preferably subjected to frequency reduction processing, so that a sufficiently random signal is acquired as an initial random number seed of the POS terminal, thereby ensuring high randomness of the initial random number seed.
Preferably, the external hardware random number generator generates more than two true random numbers at a time so as to meet the requirements of batch POS terminals and improve the efficiency of distributing random number seeds for the terminals.
S2: and safely transmitting the true random number to a terminal.
Preferably, the true random number generated by the hardware random number generator is transmitted to the POS terminal through an encrypted communication manner, so as to ensure unpredictability and undetectable detection of the initial random number seed of the POS terminal, and ensure security of the initial random number seed.
Alternatively, the method can be implemented by the following steps:
s21: and the hardware random number generator and the terminal acquire and safely store the transmission protection key in a safe and controlled environment.
Specifically, as shown in fig. 4, in a secure and controlled environment, the same transmission protection key Kp complying with TDES (triple data encryption standard) requirements is set between the hardware random number generator and the target POS terminal. For example, some bank POS needs to download the key required for payment transaction to the target POS (terminal of this embodiment) in a secure controlled environment by using a mother POS, and at this time, the TDES transmission protection key Kp used to encrypt the initial random number seed can be downloaded together with the key to ensure high security and reliability of the key used to encrypt the random number seed.
S22: and the hardware random number generator encrypts the generated true random number in the form of the plaintext by using the transmission protection key to obtain the true random number in the form of the ciphertext.
Specifically, as shown in fig. 4, an external hardware random number generator (e.g., a master POS), using the TDES transmission protection key Kp, and using a TDES encryption algorithm, encrypts a plaintext true random number (plaintext P for short), and sends an encrypted ciphertext true random number (ciphertext C for short) to a target POS as an initial random number seed of the target POS; where, C ═ TDES (Encrypt, Kp, P).
S23: and before the terminal leaves the factory, safely downloading the corresponding encrypted true random number to the terminal.
Optionally, corresponding to S21 to S23, the ciphertext C is downloaded securely and stored securely before the target POS leaves the factory.
S3: and the terminal generates a random number sequence by using the received true random number as a random number seed through a pseudo-random number generator.
Preferably, after receiving the encrypted true random number, the terminal obtains the true random number through decryption processing.
Optionally, the operations corresponding to S21 to S23 may be implemented as follows:
s31: and the terminal decrypts the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of the plaintext.
Specifically, as shown in fig. 4, after receiving the ciphertext C, the target POS uses the TDES transmission protection key Kp to decrypt the received ciphertext C by using the TDES decryption algorithm, and obtains data P1 (the data P is obtained by successful decryption); wherein P1 ═ TDES (Decrypt, Kp, C).
S32: and the terminal generates a random number sequence by using the true random number in the plaintext form as a random number seed through a pseudo-random number generator.
Specifically, the data P1 is used as an initial random number seed of the target POS, and a large number of random numbers are generated by a software algorithm, so as to meet the application requirements.
Example two
Referring to fig. 5, this embodiment is further extended to the embodiment, and the specific manner of generating a large number of random numbers by the terminal is increased.
In this embodiment, step S32 of the first embodiment specifically includes:
s321: the terminal takes the true random number as an initial random number seed to generate a random number sequence.
Specifically, the data P1 is used as an initial random number seed, and a corresponding random number sequence is generated through a software algorithm. Preferably, the total number of bytes of the generated random number sequence is greater than or equal to a predetermined number of bytes, such as 8 bytes. The setting of the preset byte is determined according to the byte number required by the random number seed.
S322: and intercepting the random number with the preset number of bytes from the random number sequence to serve as a new random number seed.
If the random number with the preset byte number is not needed in actual application, only the random number with the byte number needed by the application is provided.
S323: and the terminal generates a new random number sequence according to the new random number seed through a pseudo-random number generator.
In this embodiment, the first generation uses a seed obtained from an external hardware random number generation device, and the subsequent generation directly intercepts 8 bytes from the random number sequence generated last time as a new seed, and then performs decentralized processing by using a software algorithm to obtain a required batch of random number sequences. Through such constant self-feedback, the entire random number generation process can be made more random and unpredictable for hundreds of years.
EXAMPLE III
The present embodiment provides a system for generating random numbers for terminals, which includes a hardware random number generator, a secure transmission module, and a plurality of terminals. Here, a POS with a high security level requirement as a terminal will be described as an example.
The hardware random number generator is used for generating true random numbers; the true random number is an initial random number seed of the terminal;
preferably, the hardware random number generator is specifically configured to generate a corresponding number of true random numbers through the hardware random number generator according to the number of the terminals, and the true random numbers are uniquely corresponding to each terminal.
Optionally, the hardware random number generator is further configured to obtain and store a transmission protection key in a secure controlled environment, and encrypt the generated true random number in a plaintext form using the transmission protection key to obtain a true random number in a ciphertext form;
the safe transmission module is used for safely transmitting the true random number to a terminal;
preferably, the secure transmission module is specifically configured to download the corresponding true random number to the terminal in an encrypted communication manner before the terminal leaves the factory.
Optionally, the secure transmission module specifically includes:
the encryption unit is positioned on the hardware random number generator and used for encrypting the true random number;
the downloading unit is positioned at the terminal and used for the terminal to download and obtain the encrypted true random number;
and the decryption unit is positioned at the terminal and used for decrypting the encrypted true random number by the terminal to obtain the true random number.
The terminal, including:
the pseudo-random number generator is used for generating a random number sequence by taking the received true random number as a random number seed;
optionally, the terminal is further configured to obtain and store a transmission protection key in a secure controlled environment;
the terminal further comprises:
the receiving module is used for receiving the true random number in the form of the ciphertext;
the decryption module is used for decrypting the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of the plaintext;
the pseudo-random number generator is specifically used for generating random number sequences by taking the true random numbers in the plaintext form as random number seeds.
Optionally, the pseudo-random number generator is further configured to generate a new random number sequence according to the new random number seed. Preferably, a random number sequence with the number of bytes larger than or equal to the preset number of bytes is generated. It is further preferable that the preset number of bytes is 8 bytes.
Optionally, the terminal further includes:
and the intercepting module is used for intercepting the random number with preset byte number from the random number sequence as a new random number seed.
Example four
This embodiment provides a random number system corresponding to the first and second embodiments.
The system comprises an external hardware random number generating device and a plurality of POS terminals 2.
As shown in fig. 6, the whole random number generation system includes the following modules:
1. external hardware random number generating device
The apparatus includes:
hardware random number generator 1: the device is responsible for generating random number seeds through hardware and then transmitting the random number seeds to an encryption module;
the encryption module 3: the module is responsible for encrypting the random number seed to obtain the encrypted random number seed, and then transmitting the encrypted random number seed to a communication module A41 in the communication module 4;
the communication module a 41: the module is responsible for sending the encrypted random number seeds to each POS terminal;
2. POS terminal
The terminal includes:
the communication module B42: the module is responsible for receiving the encrypted random number seeds from the external random number generating equipment and then transmitting the encrypted random number seeds to a decryption module of the POS terminal;
and a decryption module 5: the module is responsible for carrying out decryption operation on the encrypted random number seed obtained from the communication module B to obtain a random number seed plaintext;
pseudo-random number generator 6: the random number generating device is responsible for reading random number seeds written from the outside (seeds obtained from external random number generating equipment are used during the first generation, 8 bytes are directly intercepted from random number sequences generated last time as new seeds during the subsequent generation), and then the random number sequences in batches are obtained by utilizing a software algorithm for decentralized processing;
random number sequence usage module 7: the module is responsible for reading a batch random number sequence from the software random number generation module and is applied to occasions where the software random number sequence is needed.
In summary, the method and system for generating the random number of the terminal provided by the invention not only greatly reduce the hardware cost and maintenance cost for generating the random number of the terminal; and ensuring the unpredictability of the random number seeds and the random number sequence generated by the terminal; furthermore, the safety injection of the random number seeds is realized by utilizing a safety communication technology in the random number generation process, the random number seeds of each terminal can be ensured to be unpredictable and undetectable, and the safety of the random number seeds is obviously improved again; furthermore, the whole random number generation process is changed into more random and unpredictable through a self-feedback mode, and finally the random number used by the terminal is highly random and unpredictable. The invention has higher practicability in a terminal system with higher safety requirement.
Claims (18)
1. A method for generating random numbers for a terminal, comprising:
generating true random numbers through a hardware random number generator;
the true random number is transmitted to a terminal safely;
the terminal generates a random number sequence by taking the received true random number as a random number seed through a pseudo-random number generator;
the true random number is an initial random number seed of the terminal;
the method further comprises the following steps:
intercepting a random number with preset byte number from the random number sequence as a new random number seed;
the terminal generates a new random number sequence according to the new random number seed through a pseudo-random number generator;
the generating, by the terminal through the pseudo-random number generator, a new random number sequence according to the new random number seed specifically includes:
the terminal takes a true random number as an initial random number seed to generate a random number sequence;
intercepting the random number with the preset byte number from the random number sequence as a new random number seed;
and the terminal generates a new random number sequence according to the new random number seed through a pseudo-random number generator.
2. The method for generating a random number for a terminal as claimed in claim 1, wherein said securely transmitting said true random number to a terminal for storage comprises:
encrypting the true random number;
the terminal downloads and obtains the encrypted true random number;
and the terminal decrypts the encrypted true random number to obtain the true random number.
3. The method for generating a random number for a terminal according to claim 1, wherein said securely transmitting said true random number to the terminal specifically comprises:
before the terminal leaves the factory, the corresponding true random number is downloaded to the terminal in an encrypted communication mode.
4. The method according to claim 1, wherein the generating of the true random number by the hardware random number generator comprises:
and generating a corresponding number of true random numbers by a hardware random number generator according to the number of the terminals, wherein the true random numbers are uniquely corresponding to each terminal.
5. The method as claimed in claim 1, wherein the number of bytes of the random number sequence generated by the terminal according to the true random number is greater than or equal to the predetermined number of bytes.
6. A method for terminal random number generation as claimed in claim 1 or 5, wherein the predetermined number of bytes is 8 bytes.
7. The method for terminal random number generation as claimed in claim 1, further comprising:
the hardware random number generator and the terminal acquire and store the transmission protection key in a safe and controlled environment;
and the hardware random number generator encrypts the generated true random number in the form of the plaintext by using the transmission protection key to obtain the true random number in the form of the ciphertext.
8. The method as claimed in claim 7, wherein the terminal generates the random number sequence by using the received true random number as the random number seed through a pseudo random number generator, specifically:
the terminal receives true random numbers in a ciphertext form;
the terminal decrypts the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of a plaintext;
and the terminal generates a random number sequence by using the true random number in the plaintext form as a random number seed through a pseudo-random number generator.
9. The method of claim 1, wherein the terminal is a financial POS terminal.
10. A system for generating random number of a terminal is characterized by comprising a hardware random number generator, a secure transmission module and the terminal;
the hardware random number generator is used for generating true random numbers;
the safe transmission module is used for safely transmitting the true random number to a terminal;
the terminal, including:
the pseudo-random number generator is used for generating a random number sequence by taking the received true random number as a random number seed;
the true random number generated by the hardware random number generator is an initial random number seed of the terminal;
the terminal further comprises:
the intercepting module is used for intercepting a random number with preset byte number from the random number sequence as a new random number seed;
the pseudo-random number generator is also used for generating a new random number sequence according to the new random number seed;
the generating of the new random number sequence according to the new random number seed specifically includes:
generating a random number sequence by taking the true random number as an initial random number seed;
intercepting the random number with the preset byte number from the random number sequence as a new random number seed;
a new random number sequence is generated from the new random number seed by a pseudo-random number generator.
11. The system for terminal random number generation as claimed in claim 10, wherein said secure transmission module comprises:
the encryption unit is positioned on the hardware random number generator and used for encrypting the true random number;
the downloading unit is positioned at the terminal and used for the terminal to download and obtain the encrypted true random number;
and the decryption unit is positioned at the terminal and used for decrypting the encrypted true random number by the terminal to obtain the true random number.
12. The system for generating a random number for a terminal as claimed in claim 10, wherein the secure transmission module is specifically configured to download the corresponding true random number to the terminal in an encrypted communication manner before the terminal leaves a factory.
13. The system for terminal random number generation according to claim 10, wherein the number of the terminals is two or more;
the hardware random number generator is specifically used for generating a corresponding number of true random numbers through the hardware random number generator according to the number of the terminals, and the true random numbers are uniquely corresponding to each terminal.
14. The system for terminal random number generation as claimed in claim 10, wherein the pseudo-random number generator is specifically configured to generate a random number sequence with a number of bytes greater than or equal to the predetermined number of bytes according to the true random number.
15. A system for terminal random number generation as claimed in claim 10 or 14, wherein the predetermined number of bytes is 8 bytes.
16. The system according to claim 10, wherein the hardware random number generator is further configured to obtain and store a transmission protection key in a secure and controlled environment, and encrypt the generated true random number in plaintext form using the transmission protection key to obtain a true random number in ciphertext form;
and the terminal is also used for acquiring and storing the transmission protection key in a safe and controlled environment.
17. The system for terminal random number generation as claimed in claim 16, wherein said terminal further comprises:
the receiving module is used for receiving the true random number in the form of the ciphertext;
the decryption module is used for decrypting the true random number in the form of the ciphertext by using a pre-stored transmission protection key to obtain the true random number in the form of the plaintext;
the pseudo-random number generator is specifically used for generating random number sequences by taking the true random numbers in the plaintext form as random number seeds.
18. The system for terminal random number generation of claim 10, wherein the terminal is a financial POS terminal.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2017/108072 WO2019080109A1 (en) | 2017-10-27 | 2017-10-27 | Terminal random number generation method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107980135A CN107980135A (en) | 2018-05-01 |
| CN107980135B true CN107980135B (en) | 2021-11-09 |
Family
ID=62006123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201780001454.2A Active CN107980135B (en) | 2017-10-27 | 2017-10-27 | Method and system for generating random number of terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107980135B (en) |
| WO (1) | WO2019080109A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495266B (en) * | 2018-12-25 | 2022-07-22 | 北京字节跳动网络技术有限公司 | Data encryption method and device based on random number |
| CN111708762B (en) * | 2020-06-18 | 2023-09-01 | 北京金山云网络技术有限公司 | Authority authentication method and device and server device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| CN104636115A (en) * | 2013-11-14 | 2015-05-20 | 国家电网公司 | Post processing device and method for true random numbers |
| CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
| CN107133015A (en) * | 2017-04-11 | 2017-09-05 | 上海汇尔通信息技术有限公司 | A kind of random digit generation method and system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007026287A1 (en) * | 2005-08-30 | 2007-03-08 | Koninklijke Philips Electronics N.V. | Method and device for generating random number generator seeds |
| CN100583754C (en) * | 2005-11-07 | 2010-01-20 | 北京浦奥得数码技术有限公司 | Pseudo-random number generation method |
| JP2008003438A (en) * | 2006-06-26 | 2008-01-10 | Sony Corp | Random number generator, random number generation control method, memory access control device, and communication device |
| US8019935B2 (en) * | 2007-12-23 | 2011-09-13 | Hitachi Global Storage Technologies Netherlands, B.V. | Random number generation for a host system using a hard disk drive |
| CN102566968A (en) * | 2010-12-10 | 2012-07-11 | 上海华虹集成电路有限责任公司 | Method for generating true random number |
| CN104317551A (en) * | 2014-10-17 | 2015-01-28 | 北京德加才科技有限公司 | Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system |
| CN105763327A (en) * | 2014-12-16 | 2016-07-13 | 上海华虹集成电路有限责任公司 | Safe random number generation method in intelligent card |
| CN105426158B (en) * | 2015-12-09 | 2018-05-01 | 福州瑞芯微电子股份有限公司 | A kind of random-number generating method and its device |
-
2017
- 2017-10-27 CN CN201780001454.2A patent/CN107980135B/en active Active
- 2017-10-27 WO PCT/CN2017/108072 patent/WO2019080109A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| CN104636115A (en) * | 2013-11-14 | 2015-05-20 | 国家电网公司 | Post processing device and method for true random numbers |
| CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
| CN107133015A (en) * | 2017-04-11 | 2017-09-05 | 上海汇尔通信息技术有限公司 | A kind of random digit generation method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019080109A1 (en) | 2019-05-02 |
| CN107980135A (en) | 2018-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11615411B2 (en) | POS system with white box encryption key sharing | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| EP2506174B1 (en) | Enabling a software application to be executed on a hardware device | |
| EP3625720B1 (en) | Reducing compromise of sensitive data in virtual machine | |
| CN105450620A (en) | Information processing method and device | |
| KR20160008560A (en) | System and methods for encrypting data | |
| CN103562922A (en) | Establishing unique key during chip manufacturing | |
| CN103532707A (en) | System and method for defining programmable processing steps applied when protecting the data | |
| Fahr Jr et al. | When frodo flips: End-to-end key recovery on frodokem via rowhammer | |
| CN112134703B (en) | Electronic device using improved key entropy bus protection | |
| CN107980135B (en) | Method and system for generating random number of terminal | |
| TW201523256A (en) | System and method to secure on-board bus transactions | |
| US11128455B2 (en) | Data encryption method and system using device authentication key | |
| CN103905557A (en) | Data storage method and device used for cloud environment and downloading method and device | |
| CN110659506A (en) | Replay protection of memory based on key refresh | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
| EP2950229A1 (en) | Method for facilitating transactions, computer program product and mobile device | |
| CN204808325U (en) | Carry out black equipment to data | |
| CN115909560A (en) | Data encryption method, data decryption method and door lock system | |
| CN116226940B (en) | PCIE-based data security processing method and data security processing system | |
| CN115412244B (en) | Method, system and equipment for updating encrypted firmware on line | |
| Du et al. | Key management scheme based on micro-certificate for Internet of Things | |
| Zhang et al. | Proof-of-randomness protocol for blockchain consensus: the white paper version 1.0 | |
| KR20230027725A (en) | Quantum security communication device integrated smart power supply control system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |