CN108235798A - A kind of public private key pair acquisition methods, system and POS terminal - Google Patents

A kind of public private key pair acquisition methods, system and POS terminal Download PDF

Info

Publication number
CN108235798A
CN108235798A CN201780002233.7A CN201780002233A CN108235798A CN 108235798 A CN108235798 A CN 108235798A CN 201780002233 A CN201780002233 A CN 201780002233A CN 108235798 A CN108235798 A CN 108235798A
Authority
CN
China
Prior art keywords
private key
key pair
public private
public
pos terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201780002233.7A
Other languages
Chinese (zh)
Inventor
彭波涛
孟陆强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to PCT/CN2017/119121 priority Critical patent/WO2019127145A1/en
Publication of CN108235798A publication Critical patent/CN108235798A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The present invention relates to a kind of public private key pair acquisition methods, system and POS terminal, the present invention generates predetermined number public private key pair by key terminal, obtains initial public private key pair set;Initial public private key pair set, obtains public private key pair ciphertext set described in key terminal encryption;POS terminal obtains the public private key pair ciphertext set;POS terminal decrypts the public private key pair ciphertext set, obtains public private key pair and gathers in plain text;POS terminal preserves the public private key pair, and collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;When POS terminal, which is detected, operates corresponding instruction with obtaining public private key pair, a public private key pair is chosen in gathering in plain text from the public private key pair.It realizes and improves the speed that POS terminal obtains public private key pair.

Description

A kind of public private key pair acquisition methods, system and POS terminal
Technical field
The present invention relates to a kind of data security arts more particularly to public private key pair acquisition methods, system and POS terminals.
Background technology
In e-payment system, more and more frequently using asymmetric public private key pair, especially POS terminal, Hen Duoan Scheme is required for realizing dependent on believable public private key pair entirely, and therefore, obtaining the function of public private key pair becomes the one of POS terminal A required function.Existing POS terminal is generated in real time for encryption and decryption data to be transmitted when needing safety-oriented data transfer Public private key pair.The speed of generation public private key pair must be sufficiently fast to meet the needs of applied business in real time, usually requires that several Second (by taking RSA1024 keys as an example, certain acquirers wish that RSA key generated speed within 3 seconds) left and right, more than at this time Between require, production efficiency or user experience can be significantly impacted.
At present, POS terminal is generally generated public private key pair or is produced by software algorithm by dedicated safe processor Raw public private key pair.But be presently available for POS terminal generation public private key pair chip speed it is slower, for example, generation one with The corresponding public private key pairs of RSA2048 at least need to take 5 to 6 seconds, and hardware cost is higher.And compared with hardware generation method, it adopts Speed with software algorithm generation public private key pair is slower.Code is generated to calculate with RSA public private key pairs common on network, is had Generating RSA2048 keys needs to be up to several hours, if to reach the performance requirement of application, needs to do a large amount of algorithm excellent Change, due to too big with desired performance requirement (it is desirable that within 3 seconds) gap, optimization difficulty is too high, is often optimized to certain Degree just encounters bottleneck, can not advanced optimize.
Invention content
The technical problems to be solved by the invention are:How speed that POS terminal obtain public private key pair is improved.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
The present invention provides a kind of public private key pair acquisition methods, including:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
The present invention also provides a kind of POS terminals, including one or more first processors and first memory, described first Memory has program stored therein, and is configured to perform following steps by one or more of first processors:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
The present invention separately provides a kind of public private key pair acquisition methods, including:
Key terminal generates predetermined number public private key pair, obtains initial public private key pair set;
Initial public private key pair set, obtains public private key pair ciphertext set described in key terminal encryption;
POS terminal obtains the public private key pair ciphertext set;
POS terminal decrypts the public private key pair ciphertext set, obtains public private key pair and gathers in plain text;
POS terminal preserves the public private key pair, and collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When POS terminal, which is detected, operates corresponding instruction with obtaining public private key pair, gather in plain text from the public private key pair One public private key pair of middle selection.
The present invention separately provides a kind of public private key pair and obtains system, including POS terminal and key terminal;
The key terminal includes one or more second processors and second memory, the second memory are stored with Program, and be configured to perform following steps by one or more of second processors:
Predetermined number public private key pair is generated, obtains initial public private key pair set;
The initial public private key pair set is encrypted, obtains public private key pair ciphertext set;
The POS terminal includes one or more third processors and third memory, the third memory are stored with Program, and be configured to perform following steps by one or more of third processors:
Obtain the public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
The beneficial effects of the present invention are:A large amount of public affairs are generated in advance by the key terminal independently of POS terminal in the present invention Private key pair is simultaneously encrypted, and after POS terminal produces, directly imports the encrypted public private key pair of predetermined number from key terminal, and will Public private key pair is stored in the higher storage unit of safety in POS terminal.Wherein, key terminal is dedicated public private key pair life Forming apparatus, such as encryption equipment can generate the high a large amount of public private key pairs of randomness, and key terminal has higher safety.Together When, key terminal is transmitted to POS terminal again after the public private key pair of generation is encrypted, and public private key pair is ensure that in transmission process Safety.And POS terminal generally all carries data safety memory block as financial payment equipment, it is of the invention by public private key pair plaintext It is stored in the higher storage unit of safety in POS terminal.Therefore, it is public from generation public private key pair, transmission public private key pair to storage Private key is to being respectively provided with higher safety, therefore, be stored in predetermined number public private key pair in POS terminal have it is higher random Property and safety, suitable for the service application of safe transmission significant data.It is different from and generates public private key pair in real time in POS terminal The prior art, the application is during POS terminal is used, when there is the business demand for obtaining public private key pair, directly from safety Property higher storage unit in directly choose a public private key pair, eliminate the process of generation public private key pair in real time so that obtain The total duration of public private key pair is taken to be no more than hundred milliseconds, largely improving POS terminal and obtaining has higher randomness and peace The speed of the public private key pair of full property can meet the demand of the higher safety data transmission business of requirement of real-time.
Description of the drawings
Fig. 1 is a kind of flow diagram of the specific embodiment of public private key pair acquisition methods provided by the invention;
Fig. 2 is a kind of structure diagram of the specific embodiment of POS terminal provided by the invention;
The flow diagram of the specific embodiment of Fig. 3 another public private key pair acquisition methods provided by the invention;
A kind of Fig. 4 public private key pairs provided by the invention obtain the structure diagram of the specific embodiment of system;
Label declaration:
1st, first processor;2nd, first memory;3rd, second processor;4th, second memory;5th, third processor;6th, Three memories;101st, POS terminal;102nd, key terminal.
Specific embodiment
Fig. 1 and Fig. 4 is please referred to,
As shown in Figure 1, the present invention provides a kind of public private key pair acquisition methods, including:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
Further, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
Seen from the above description, be conducive to improve the randomness of public private key pair by hardware generation random number.
Further, it further includes:
A public private key pair is deleted in gathering in plain text from the public private key pair.
Seen from the above description, the possibility for reusing same public private key pair encryption data to be transmitted is eliminated, favorably In the safety for improving data to be transmitted.
Further, from key terminal obtain predetermined number public private key pair ciphertext, obtain public private key pair ciphertext set it Before, it further includes:
It is established and communicated to connect by LAN and key terminal.
Seen from the above description, it is established and communicated to connect by LAN between key terminal and POS terminal, effectively avoid counting According to the situation that transmission process public private key pair ciphertext is intercepted, the safety for the public private key pair for being stored in POS terminal is improved.
As shown in Fig. 2, the present invention also provides a kind of POS terminal, stored including one or more first processors 1 and first Device 2, the first memory 2 have program stored therein, and are configured to be performed by one or more of first processors 1 following Step:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
Further, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
Further, it further includes:
A public private key pair is deleted in gathering in plain text from the public private key pair.
Further, from key terminal obtain predetermined number public private key pair ciphertext, obtain public private key pair ciphertext set it Before, it further includes:
It is established and communicated to connect by LAN and key terminal.
As shown in figure 3, the present invention also provides a kind of public private key pair acquisition methods, including:
Key terminal generates predetermined number public private key pair, obtains initial public private key pair set;
Initial public private key pair set, obtains public private key pair ciphertext set described in key terminal encryption;
POS terminal obtains the public private key pair ciphertext set;
POS terminal decrypts the public private key pair ciphertext set, obtains public private key pair and gathers in plain text;
POS terminal preserves the public private key pair, and collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When POS terminal, which is detected, operates corresponding instruction with obtaining public private key pair, gather in plain text from the public private key pair One public private key pair of middle selection.
Further, initial public private key pair set described in key terminal encryption, obtains public private key pair ciphertext set, specifically For:
Key terminal predetermined encryption key;
Key terminal initial public private key pair set according to the encryption keys, obtains public private key pair ciphertext collection It closes.
Further, POS terminal decrypts the public private key pair ciphertext set, obtains public private key pair and gathers in plain text, specially:
POS terminal presets the decruption key answered with the encryption public private key pair;
POS terminal public private key pair ciphertext set according to the decryption key decryption obtains public private key pair and gathers in plain text.
Further, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
The random number that POS terminal acquisition is generated by hardware random number generator;
The POS terminal sequence public private key pair is gathered in plain text, obtains public private key pair plaintext ordered set;
POS terminal obtains public private key pair corresponding with the random number from the public private key pair plaintext ordered set.
Further, it further includes:
POS terminal deletes a public private key pair in gathering in plain text from the public private key pair.
Further, it before POS terminal obtains the public private key pair ciphertext set, further includes:
Key terminal is established with a LAN and is communicated to connect;
POS terminal is established with a LAN and is communicated to connect.
As shown in figure 4, the present invention also provides a kind of public private key pairs to obtain system, including POS terminal 101 and key terminal 102;
The key terminal includes one or more second processors 3 and second memory 4, the second memory 4 are deposited Program is contained, and is configured to perform following steps by one or more of second processors 3:
Predetermined number public private key pair is generated, obtains initial public private key pair set;
The initial public private key pair set is encrypted, obtains public private key pair ciphertext set;
The POS terminal includes one or more third processors 5 and third memory 6, the third memory 6 store There is program, and be configured to perform following steps by one or more of third processors 5:
Obtain the public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.
Further, the initial public private key pair set is encrypted, obtains public private key pair ciphertext set, specially:
Predetermined encryption key;
Initial public private key pair set, obtains public private key pair ciphertext set according to the encryption keys.
Further, the public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text, specially:
The default decruption key answered with the encryption public private key pair;
According to public private key pair ciphertext set described in the decryption key decryption, obtain public private key pair and gather in plain text.
Further, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
Further, it further includes:
The third processor performs following steps:
A public private key pair is deleted in gathering in plain text from the public private key pair.
Further, it further includes:
The second processor performs following steps:
It establishes and communicates to connect with a LAN.
Further, it further includes:
The third processor performs following steps:
It establishes and communicates to connect with a LAN.
The embodiment of the present invention one is:
The present embodiment provides a kind of public private key pair acquisition methods, including:
S1, communication connection is established by LAN and key terminal.
Optionally, POS terminal and key terminal are connected by USB data line.
Optionally, POS terminal is established by wired or wireless way and a LAN and communicated to connect, and key terminal is by having Line or wireless mode are established with the same LAN to be communicated to connect.
Wherein, it is established and communicated to connect by LAN between key terminal and POS terminal, effectively avoid data transmission procedure The situation that public private key pair ciphertext is intercepted improves the safety for the public private key pair for being stored in POS terminal.
S2, the ciphertext that predetermined number public private key pair is obtained from key terminal, obtain public private key pair ciphertext set.
Wherein, key terminal is dedicated public private key pair generation equipment, such as encryption equipment, can generate high a large amount of of randomness Public private key pair, and key terminal has higher safety.Key terminal is independently of POS terminal, in the production process of POS terminal In be continuously generated random public private key pair, directly will be being generated in key terminal and be not yet assigned to it after POS terminal has produced The public private key pair of its POS terminal is imported into current POS terminal, saves time cost.
S3, the decryption public private key pair ciphertext set, obtain public private key pair and gather in plain text.
Wherein, solution corresponding with the encryption key used during key terminal transmission public private key pair ciphertext is injected to POS terminal Key, the public private key pair ciphertext that POS terminal can be got according to the decryption key decryption from key terminal.
S4, preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text.
Wherein, POS terminal is financial payment equipment, and included safety chip has high safety, criminal It is difficult to steal the public private key pair being stored in safety chip.
S5, when detect with obtain public private key pair operate corresponding instruction when, from the public private key pair in plain text gather in select Take a public private key pair.
Optionally, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
For example, a POS terminal memory contains 1000 pairs of public, private keys, this 1000 pairs of public, private keys are sorted from 1 to 1000, When POS terminal will be traded data transmission, hardware random number generator generates a random number 500 in real time, then by serial number 500 public private key pair is used as encryption and decryption transaction data.
Wherein, by the random number that generates in real time choose public private key pair choose every time public private key pair the result is that random , it is uncertain, further improve the safety of transaction data.
S6, a public private key pair is deleted in gathering in plain text from the public private key pair.
For example, the public private key pair of serial number 500 has been used as one transaction data of encryption and decryption, then by the public and private of serial number 500 Key is to deleting or labeled as having used.In order to avoid reusing same public private key pair encryption and decryption data to be transmitted, be conducive to improve and treat Transmit the safety of data.
The embodiment of the present invention two is:
The present embodiment provides a kind of POS terminals, including one or more first processors 1 and first memory 2, described One memory 2 has program stored therein, and is configured to perform following steps by one or more of first processors 1:
S1, communication connection is established by LAN and key terminal.
Optionally, POS terminal and key terminal are connected by USB data line.
Optionally, POS terminal is established by wired or wireless way and a LAN and communicated to connect, and key terminal is by having Line or wireless mode are established with the same LAN to be communicated to connect.
S2, the ciphertext that predetermined number public private key pair is obtained from key terminal, obtain public private key pair ciphertext set.
S3, the decryption public private key pair ciphertext set, obtain public private key pair and gather in plain text.
S4, preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text.
S5, when detect with obtain public private key pair operate corresponding instruction when, from the public private key pair in plain text gather in select Take a public private key pair.
Optionally, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
S6, a public private key pair is deleted in gathering in plain text from the public private key pair.
The embodiment of the present invention three is:
The present embodiment provides a kind of public private key pair acquisition methods, including:
S1, key terminal are established with a LAN and are communicated to connect;POS terminal is established with a LAN and is communicated to connect.
Optionally, POS terminal and key terminal are connected by USB data line.
Wherein, it is established and communicated to connect by LAN between key terminal and POS terminal, effectively avoid data transmission procedure The situation that public private key pair ciphertext is intercepted improves the safety for the public private key pair for being stored in POS terminal.
S2, key terminal generation predetermined number public private key pair, obtain initial public private key pair set.
Initial public private key pair set, obtains public private key pair ciphertext set described in S3, key terminal encryption.
Optionally, key terminal predetermined encryption key;
Key terminal initial public private key pair set according to the encryption keys, obtains public private key pair ciphertext collection It closes.
Wherein, key terminal is dedicated public private key pair generation equipment, such as encryption equipment, can generate high a large amount of of randomness Public private key pair, and key terminal has higher safety.Key terminal is independently of POS terminal, in the production process of POS terminal In be continuously generated random public private key pair, directly will be being generated in key terminal and be not yet assigned to it after POS terminal has produced The public private key pair of its POS terminal is imported into current POS terminal, saves time cost.
S4, POS terminal obtain the public private key pair ciphertext set.
S5, POS terminal decrypt the public private key pair ciphertext set, obtain public private key pair and gather in plain text.
Optionally, POS terminal presets the decruption key answered with the encryption public private key pair;
POS terminal public private key pair ciphertext set according to the decryption key decryption obtains public private key pair and gathers in plain text.
S6, POS terminal preserve the public private key pair, and collection is bonded to storage list corresponding with the safety chip of POS terminal in plain text Member.
Wherein, POS terminal is financial payment equipment, and included safety chip has high safety, criminal It is difficult to steal the public private key pair being stored in safety chip.
S7, when POS terminal detect with obtain public private key pair operate corresponding instruction when, from the public private key pair in plain text collect A public private key pair is chosen in conjunction.
Optionally, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:
The random number that POS terminal acquisition is generated by hardware random number generator;
The POS terminal sequence public private key pair is gathered in plain text, obtains public private key pair plaintext ordered set;
POS terminal obtains public private key pair corresponding with the random number from the public private key pair plaintext ordered set.
For example, a POS terminal memory contains 1000 pairs of public, private keys, this 1000 pairs of public, private keys are sorted from 1 to 1000, When POS terminal will be traded data transmission, hardware random number generator generates a random number 500 in real time, then by serial number 500 public private key pair is used as encryption and decryption transaction data.
Wherein, by the random number that generates in real time choose public private key pair choose every time public private key pair the result is that random , it is uncertain, further improve the safety of transaction data.Also, the speed that random number is generated by hardware is far high In the method for Software Create random number, therefore, random number is generated from a large amount of by the hardware random number generator that POS terminal carries A public private key pair is randomly selected in public private key pair to be conducive to improve the speed for choosing public private key pair.
S8, POS terminal delete a public private key pair in gathering in plain text from the public private key pair.
For example, the public private key pair of serial number 500 has been used as one transaction data of encryption and decryption, then by the public and private of serial number 500 Key is to deleting or labeled as having used.In order to avoid reusing same public private key pair encryption and decryption data to be transmitted, be conducive to improve and treat Transmit the safety of data.
The embodiment of the present invention four is:
The present embodiment provides a kind of public private key pairs to obtain system, including POS terminal 101 and key terminal 102;
The key terminal 102 includes one or more second processors 3 and second memory 4, the second memory 4 It has program stored therein, and is configured to perform following steps by one or more of second processors 3:
It establishes and communicates to connect with a LAN.
Predetermined number public private key pair is generated, obtains initial public private key pair set.
The initial public private key pair set is encrypted, obtains public private key pair ciphertext set;Specially:Predetermined encryption key;Root According to public private key pair set initial described in the encryption keys, public private key pair ciphertext set is obtained.
The POS terminal 101 includes one or more third processors 5 and third memory 6, the third memory 6 It has program stored therein, and is configured to perform following steps by one or more of third processors 5:
It establishes and communicates to connect with a LAN.
Obtain the public private key pair ciphertext set.
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;It is specifically, default public with the encryption The corresponding decruption key of private key;According to public private key pair ciphertext set described in the decryption key decryption, public private key pair is obtained in plain text Set.
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text.
When detecting with obtaining the public private key pair corresponding instruction of operation, one is chosen in gathering in plain text from the public private key pair Public private key pair.Optionally, a public private key pair is chosen in gathering in plain text from the public private key pair, specially:It obtains by hardware The random number of randomizer generation;The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;From Public private key pair corresponding with the random number is obtained in the public private key pair plaintext ordered set.
A public private key pair is deleted in gathering in plain text from the public private key pair.
In conclusion a kind of public private key pair acquisition methods provided by the invention, system and POS terminal, by independently of POS The key terminal of terminal is generated in advance a large amount of public private key pairs and encrypts, and after POS terminal produces, is directly imported from key terminal pre- If the encrypted public private key pair of number, and public private key pair is stored in the higher storage unit of safety in POS terminal.Storage There is higher randomness and safety in the predetermined number public private key pair in POS terminal, suitable for safe transmission significant data Service application.The prior art for generating public private key pair in real time in POS terminal is different from, the application is in the mistake for using POS terminal When there is the business demand for obtaining public private key pair, it is public and private directly directly to choose one from the higher storage unit of safety by Cheng Zhong Key is to eliminating the process for generating public private key pair in real time so that the total duration for obtaining public private key pair is no more than hundred milliseconds, pole The speed that POS terminal obtains the public private key pair with higher randomness and safety is improved in big degree, real-time can be met The demand of more demanding safety data transmission business.

Claims (21)

1. a kind of public private key pair acquisition methods, which is characterized in that including:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
It is public and private that one is chosen when detecting with obtaining the public private key pair corresponding instruction of operation, in gathering in plain text from the public private key pair Key pair.
2. public private key pair acquisition methods according to claim 1, which is characterized in that from the public private key pair is gathered in plain text A public private key pair is chosen, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
3. public private key pair acquisition methods according to claim 1, which is characterized in that further include:
A public private key pair is deleted in gathering in plain text from the public private key pair.
4. public private key pair acquisition methods according to claim 1, which is characterized in that it is public to obtain predetermined number from key terminal The ciphertext of private key pair before obtaining public private key pair ciphertext set, further includes:
It is established and communicated to connect by LAN and key terminal.
5. a kind of POS terminal, which is characterized in that including one or more first processors and first memory, described first deposits Reservoir has program stored therein, and is configured to perform following steps by one or more of first processors:
The ciphertext of predetermined number public private key pair is obtained from key terminal, obtains public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
It is public and private that one is chosen when detecting with obtaining the public private key pair corresponding instruction of operation, in gathering in plain text from the public private key pair Key pair.
6. POS terminal according to claim 5, which is characterized in that it is public to choose one in gathering in plain text from the public private key pair Private key pair, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
7. POS terminal according to claim 5, which is characterized in that further include:
A public private key pair is deleted in gathering in plain text from the public private key pair.
8. POS terminal according to claim 5, which is characterized in that obtain predetermined number public private key pair from key terminal Ciphertext before obtaining public private key pair ciphertext set, further includes:
It is established and communicated to connect by LAN and key terminal.
9. a kind of public private key pair acquisition methods, which is characterized in that including:
Key terminal generates predetermined number public private key pair, obtains initial public private key pair set;
Initial public private key pair set, obtains public private key pair ciphertext set described in key terminal encryption;
POS terminal obtains the public private key pair ciphertext set;
POS terminal decrypts the public private key pair ciphertext set, obtains public private key pair and gathers in plain text;
POS terminal preserves the public private key pair, and collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
When POS terminal, which is detected, operates corresponding instruction with obtaining public private key pair, selected in gathering in plain text from the public private key pair Take a public private key pair.
10. public private key pair acquisition methods according to claim 9, which is characterized in that initial public described in key terminal encryption Private key obtains public private key pair ciphertext set, specially to set:
Key terminal predetermined encryption key;
Key terminal initial public private key pair set according to the encryption keys, obtains public private key pair ciphertext set.
11. public private key pair acquisition methods according to claim 10, which is characterized in that POS terminal decrypts the public and private key To ciphertext set, obtain public private key pair and gather in plain text, specially:
POS terminal presets the decruption key answered with the encryption public private key pair;
POS terminal public private key pair ciphertext set according to the decryption key decryption obtains public private key pair and gathers in plain text.
12. the public private key pair acquisition methods according to right 9, which is characterized in that selected in gathering in plain text from the public private key pair A public private key pair is taken, specially:
The random number that POS terminal acquisition is generated by hardware random number generator;
The POS terminal sequence public private key pair is gathered in plain text, obtains public private key pair plaintext ordered set;
POS terminal obtains public private key pair corresponding with the random number from the public private key pair plaintext ordered set.
13. public private key pair acquisition methods according to claim 9, which is characterized in that further include:
POS terminal deletes a public private key pair in gathering in plain text from the public private key pair.
14. public private key pair acquisition methods according to claim 9, which is characterized in that POS terminal obtains the public private key pair Before ciphertext set, further include:
Key terminal is established with a LAN and is communicated to connect;
POS terminal is established with a LAN and is communicated to connect.
15. a kind of public private key pair obtains system, which is characterized in that including POS terminal and key terminal;
The key terminal includes one or more second processors and second memory, the second memory are stored with journey Sequence, and be configured to perform following steps by one or more of second processors:
Predetermined number public private key pair is generated, obtains initial public private key pair set;
The initial public private key pair set is encrypted, obtains public private key pair ciphertext set;
The POS terminal includes one or more third processors and third memory, the third memory have program stored therein, And it is configured to perform following steps by one or more of third processors:
Obtain the public private key pair ciphertext set;
The public private key pair ciphertext set is decrypted, public private key pair is obtained and gathers in plain text;
Preserving the public private key pair, collection is bonded to storage unit corresponding with the safety chip of POS terminal in plain text;
It is public and private that one is chosen when detecting with obtaining the public private key pair corresponding instruction of operation, in gathering in plain text from the public private key pair Key pair.
16. public private key pair according to claim 15 obtains system, which is characterized in that the encryption initial public private key pair collection It closes, obtains public private key pair ciphertext set, specially:
Predetermined encryption key;
Initial public private key pair set, obtains public private key pair ciphertext set according to the encryption keys.
17. public private key pair according to claim 16 obtains system, which is characterized in that decrypts the public private key pair ciphertext collection It closes, obtains public private key pair and gather in plain text, specially:
The default decruption key answered with the encryption public private key pair;
According to public private key pair ciphertext set described in the decryption key decryption, obtain public private key pair and gather in plain text.
18. the public private key pair according to right 15 obtains system, which is characterized in that is selected in gathering in plain text from the public private key pair A public private key pair is taken, specially:
Obtain the random number generated by hardware random number generator;
The public private key pair that sorts is gathered in plain text, obtains public private key pair plaintext ordered set;
Public private key pair corresponding with the random number is obtained from the public private key pair plaintext ordered set.
19. public private key pair according to claim 15 obtains system, which is characterized in that further includes:
The third processor performs following steps:
A public private key pair is deleted in gathering in plain text from the public private key pair.
20. public private key pair according to claim 15 obtains system, which is characterized in that further includes:
The second processor performs following steps:
It establishes and communicates to connect with a LAN.
21. public private key pair according to claim 20 obtains system, which is characterized in that further includes:
The third processor performs following steps:
It establishes and communicates to connect with a LAN.
CN201780002233.7A 2017-12-27 2017-12-27 A kind of public private key pair acquisition methods, system and POS terminal Pending CN108235798A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/119121 WO2019127145A1 (en) 2017-12-27 2017-12-27 Public and private key pair acquisition method and system, and pos terminal

Publications (1)

Publication Number Publication Date
CN108235798A true CN108235798A (en) 2018-06-29

Family

ID=62643237

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780002233.7A Pending CN108235798A (en) 2017-12-27 2017-12-27 A kind of public private key pair acquisition methods, system and POS terminal

Country Status (2)

Country Link
CN (1) CN108235798A (en)
WO (1) WO2019127145A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039609A (en) * 2018-08-24 2018-12-18 深圳美图创新科技有限公司 The method and terminal of key importing terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082790A (en) * 2010-12-27 2011-06-01 北京握奇数据系统有限公司 Method and device for encryption/decryption of digital signature
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
US20160036793A1 (en) * 2013-03-15 2016-02-04 Fujian Landi Commercial Equipment Co., Ltd. Key downloading method, management method, downloading management method, device and system
CN105722067A (en) * 2014-12-02 2016-06-29 阿里巴巴集团控股有限公司 Mobile terminal data encryption/decryption method and mobile terminal data encryption/decryption device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222325B (en) * 2008-01-23 2010-05-12 西安西电捷通无线网络通信有限公司 Wireless multi-hop network key management method based on ID

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082790A (en) * 2010-12-27 2011-06-01 北京握奇数据系统有限公司 Method and device for encryption/decryption of digital signature
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
US20160036793A1 (en) * 2013-03-15 2016-02-04 Fujian Landi Commercial Equipment Co., Ltd. Key downloading method, management method, downloading management method, device and system
CN105722067A (en) * 2014-12-02 2016-06-29 阿里巴巴集团控股有限公司 Mobile terminal data encryption/decryption method and mobile terminal data encryption/decryption device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039609A (en) * 2018-08-24 2018-12-18 深圳美图创新科技有限公司 The method and terminal of key importing terminal

Also Published As

Publication number Publication date
WO2019127145A1 (en) 2019-07-04

Similar Documents

Publication Publication Date Title
CN104219228B (en) A kind of user's registration, user identification method and system
CN103714635A (en) POS terminal and terminal master key downloading mode configuration method thereof
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN109450777B (en) Session information extraction method, device, equipment and medium
CN102571357B (en) Signature realization method and signature realization device
CN110324143B (en) Data transmission method, electronic device and storage medium
US9047461B2 (en) Computer-implemented method for replacing a data string
CN110505066A (en) A kind of data transmission method, device, equipment and storage medium
CN106204038A (en) The method and device that a kind of password string generates
CN104660397A (en) Secret key managing method and system
CN110084054A (en) A kind of data privacy device, method, electronic equipment and storage medium
CN105871549A (en) Digital signal encryption processing method
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN111211901B (en) 5G-based distribution network communication secure transmission method, system, device and storage medium
CN106878015A (en) Encryption satellite communication system and method
CN106453391A (en) Long repeating data encryption and transmission method and system
CN105376233A (en) Soft SIM parameter management method, soft SIM parameter management device, terminal and network side server
CN103368975A (en) Method and system for safe transmission of batch of data
CN105306200B (en) The encryption method and device of network account password
CN104038336A (en) Data encryption method based on 3DES
CN106506453A (en) Electric power big data transmission method and system based on Rapid matching and integrity detection
CN104735094A (en) Information separation based data security transmission system and method
CN103346878A (en) Secret communication method based on FPGA high-speed serial IO
CN108235798A (en) A kind of public private key pair acquisition methods, system and POS terminal
CN112187448A (en) Data encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180629

RJ01 Rejection of invention patent application after publication