CN109309567A - A kind of method and system for transmitting key - Google Patents
A kind of method and system for transmitting key Download PDFInfo
- Publication number
- CN109309567A CN109309567A CN201811024520.0A CN201811024520A CN109309567A CN 109309567 A CN109309567 A CN 109309567A CN 201811024520 A CN201811024520 A CN 201811024520A CN 109309567 A CN109309567 A CN 109309567A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- data
- transmitting
- receiving end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
A kind of method and system for transmitting key provided by the invention, first key ciphering terminal key is used by transmitting terminal, and the first key is sent to receiving end, to which first key and terminal key are associated, solve the problems, such as that multimachine one is close, improve safety, and transmitting terminal signs to the ciphertext data using the first private key, obtain signed data, and the key file comprising the ciphertext data and signed data and the first public key corresponding with first private key are sent to the receiving end, by utilizing digital signature technology, it ensure that the integrality and non repudiation of key file, it and in key file while including ciphertext data and signed data, transmitting key file can not only be disclosed, key file in transmittance process can be also prevented to be tampered.
Description
Technical field
The present invention relates to e-payment field, in particular to a kind of method and system for transmitting key.
Background technique
In e-payment field, payment terminal and the transaction data on payment backstage need to be protected using key, and close
Key is very sensitive, important data again, how will be filled to payment terminal under key safety, needs a set of practicable solution
Scheme or (such as safe house) progress in the controlled environment of safety.And part terminal client do not have this kind of technical foundation or
Physical environment requirement, thus the demand of the filling key of customer consignment manufacturer terminal is more and more.The problem of key transmits safely
Just coming into being, how the key of client passes to safely manufacturer terminal, usually there is following two mode at present:
Mode one: client appoints special messenger (generally two people or more) to the safe house encryption equipment input key of manufacturer terminal
Component, the key are the terminal master key (TMK) of client, and all terminals of the subsequent client all share the TMK.
Mode two: client appoints special messenger (generally two people or more) to the safe house encryption equipment input key of manufacturer terminal
Component, the key are the key-encrypting key (KEK) of client, and the terminal master key (TMK) of client uses the key-encrypting key
(KEK) encipherment protection passes to manufacturer terminal by way of key file.
There are the shortcomings that it is as follows:
Mode one is not deposited since terminal key is injected into encryption equipment in the controlled environment of safety in the form of key components
In the risk revealed and be tampered, but more terminals share a terminal key, i.e. multimachine one is close, which is
FIXEDKEY key code system, security level is lower, and wherein FIXEDKEY is fixed key system, and it is same to refer to that all payment terminals share
One key, i.e. multimachine one are close, are a kind of lower key code systems of safety.
Although two terminal key of mode is that a machine one is close, but client key file only has TMK ciphertext data, in transmittance process
It is middle to there is the possibility being tampered.And all TMK are encrypted using a KEK, the TMK of the same KEK encryption of magnanimity easy to collect
Ciphertext sample, there are certain risks.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of method and system of highly-safe transmitting key.
In order to solve the above-mentioned technical problem, a kind of technical solution that the present invention uses are as follows:
A method of transmitting key, comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to
Receiving end;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key.
In order to solve the above-mentioned technical problem, the another technical solution that the present invention uses are as follows:
A kind of system for transmitting key, including transmitting terminal and receiving end, the transmitting terminal include first memory, at first
The first computer program managing device and storage on the first memory and can running on first processor, the receiving end includes
Second memory, second processor and it is stored in the second computer journey that can be run on second memory and in second processor
Sequence, the first processor perform the steps of when executing first computer program
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
S2, it is signed using the first private key to the ciphertext data, obtains signed data, and will include the ciphertext number
The receiving end is sent to according to the key file of signed data and the first public key corresponding with first private key;
The second processor performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key.
The beneficial effects of the present invention are: first key ciphering terminal key is used by transmitting terminal, and by described first
Key is sent to receiving end, so that first key and terminal key are associated, solves the problems, such as that multimachine one is close, improves
Safety, and transmitting terminal signs to the ciphertext data using the first private key, obtains signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end,
By utilizing digital signature technology, the integrality and non repudiation of key file ensure that, and include simultaneously in key file
Ciphertext data and signed data can not only disclose transmitting key file, can also prevent the key file in transmittance process from being usurped
Change.
Detailed description of the invention
Fig. 1 is the method flow diagram of the transmitting key of the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the system of the transmitting key of the embodiment of the present invention;
Label declaration:
1, the system of key is transmitted;2, transmitting terminal;3, receiving end;4, first memory;5, first processor;6, it second deposits
Reservoir;7, second processor.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained.
The most critical design of the present invention is: solving multimachine one by the way that first key and terminal key to be associated
Close problem, improves safety, by utilizing digital signature technology, ensure that the integrality and non-repudiation of key file
Property.
Fig. 1 is please referred to, a method of transmitting key, comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to
Receiving end;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key.
As can be seen from the above description, the beneficial effects of the present invention are: it is close using first key ciphering terminal by transmitting terminal
Key, and the first key is sent to receiving end, so that first key and terminal key are associated, solve multimachine one
Close problem improves safety, and transmitting terminal signs to the ciphertext data using the first private key, obtains number of signature
According to, and the key file comprising the ciphertext data and signed data and the first public key corresponding with first private key are sent out
It send to the receiving end, by utilizing digital signature technology, ensure that the integrality and non repudiation of key file, and key
Simultaneously include ciphertext data and signed data in file, can not only disclose transmitting key file, can also prevent transmittance process
Middle key file is tampered.
Further, step S1 includes:
Transmitting terminal generates temporary key, and the temporary key replacement first key encrypts the terminal key;
Transmitting terminal encrypts the temporary key using first key, obtains temporary key encryption data, described close
Literary data include the temporary key encryption data.
Seen from the above description, the terminal key is encrypted by generating temporary key replacement first key, it is real
The update to first key is showed, and temporary key not only has provisional, also has randomness, improves key file quilt
The difficulty illegally distorted, to reduce security risk.
Further, the temporary key encrypted in step S1 to the terminal key of different terminals is identical.
Seen from the above description, different terminals is encrypted by using identical temporary key, simplifies encryption
Process, and the temporary key that is encrypted every time to different terminals key and different, not will lead to great amount of terminals key and are let out
Dew.
Further, the temporary key difference terminal key of different terminals encrypted in step S1.
Seen from the above description, it is encrypted by using terminal key of the different temporary keys to different terminals, greatly
Width reduces the corresponding ciphertext sample of the same key-encrypting key, reduces the risk that terminal key is largely leaked.
Further, transmitting terminal described in step S2 signs to the ciphertext data using the first private key, is signed
Name data specifically include:
Cryptographic Hash is calculated according to the ciphertext data in transmitting terminal;
Transmitting terminal signs to the cryptographic Hash using the first private key, obtains signed data.
Seen from the above description, by first calculating the cryptographic Hash of ciphertext data, then using the first private key to the cryptographic Hash
Sign, and it is indirect sign to ciphertext data, not only can be improved data transmission efficiency, also can be improved data transmission
Safety.
Further, step S3 is specifically included:
S31, receiving end carry out public key calculation to the signed data in the key file according to first public key, obtain
First cryptographic Hash;
S32, receiving end calculate the cryptographic Hash of the ciphertext data in the key file, obtain the second cryptographic Hash;
S33, receiving end judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through.
Seen from the above description, by comparing the first cryptographic Hash and whether the second cryptographic Hash is identical carries out sign test, thus
Ensure that ciphertext data are not tampered with.
Further, the ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
The ciphertext data are decrypted according to the first key in S411, receiving end, obtain first terminal key and corresponding
First checking value;
S412, receiving end are encrypted using first preset data of first terminal key pair, obtain second checking value;
S413, receiving end judge whether the first checking value and second checking value are identical, if so, judging described first
Terminal key is correct.
Seen from the above description, on the basis of sign test passes through, further judge that first checking value and second checking value come
Judge whether terminal key is tampered, ensure that data safety.
Further, the ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S421, receiving end, obtains the first temporary key;
The ciphertext data are decrypted according to first temporary key in S422, receiving end, obtain second terminal key and phase
The third inspection value answered;
Following steps are executed to each second terminal key:
S423, receiving end are encrypted using corresponding second preset data of the second terminal key pair, are obtained corresponding
The 4th inspection value;
S424, receiving end judge whether the third inspection value and the 4th inspection value are identical, if so, judgement and described the
It is correct that three inspections are worth corresponding second terminal key.
Seen from the above description, on the basis of sign test passes through, further judge that third inspection value and the 4th inspection value are come
Judge whether terminal key is tampered, ensure that data safety.
Further, the ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S431, receiving end, obtains the second temporary key;
The ciphertext data are decrypted according to second temporary key in S432, receiving end, obtain third terminal key and phase
The 5th inspection value answered;
Following steps are executed to each third terminal key:
S433, receiving end are encrypted using the corresponding third preset data of the third terminal key pair, are obtained corresponding
The 6th inspection value;
S434, receiving end judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement and described the
It is correct that five inspections are worth corresponding third terminal key.
Seen from the above description, on the basis of sign test passes through, further judge that the 5th inspection value and the 6th inspection value are come
Judge whether terminal key is tampered, ensure that data safety.
Further, the first key is made of more than one different key components.
Seen from the above description, by the way that first key is divided into more than one different key components, it is close to can be improved first
Safety of the key in transmittance process.
Referring to figure 2., a kind of system 1 for transmitting key, including transmitting terminal 2 and receiving end 3, the transmitting terminal 2 include the
One memory 4, first processor 5 and it is stored in the first computer that can be run on first memory 4 and on first processor 5
Program, the receiving end 3 include second memory 6, second processor 7 and are stored on second memory 6 and can be at second
The second computer program run on reason device 7, the first processor 5 realize following step when executing first computer program
It is rapid:
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
S2, it is signed using the first private key to the ciphertext data, obtains signed data, and will include the ciphertext number
The receiving end is sent to according to the key file of signed data and the first public key corresponding with first private key;
The second processor 7 performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key.
As can be seen from the above description, the beneficial effects of the present invention are: it is close using first key ciphering terminal by transmitting terminal
Key, and the first key is sent to receiving end, so that first key and terminal key are associated, solve multimachine one
Close problem improves safety, and transmitting terminal signs to the ciphertext data using the first private key, obtains number of signature
According to, and the key file comprising the ciphertext data and signed data and the first public key corresponding with first private key are sent out
It send to the receiving end, by utilizing digital signature technology, ensure that the integrality and non repudiation of key file, and key
Simultaneously include ciphertext data and signed data in file, can not only disclose transmitting key file, can also prevent transmittance process
Middle key file is tampered.
Further, step S1 includes:
Temporary key is generated, the temporary key replacement first key encrypts the terminal key;
The temporary key is encrypted using first key, obtains temporary key encryption data, the ciphertext data
Including the temporary key encryption data.
Seen from the above description, the terminal key is encrypted by generating temporary key replacement first key, it is real
The update to first key is showed, and temporary key not only has provisional, also has randomness, improves key file quilt
The difficulty illegally distorted, to reduce security risk.
Further, the temporary key encrypted in step S1 to the terminal key of different terminals is identical.
Seen from the above description, different terminals is encrypted by using identical temporary key, simplifies encryption
Process, and the temporary key that is encrypted every time to different terminals key and different, not will lead to great amount of terminals key and are let out
Dew.
Further, the temporary key difference terminal key of different terminals encrypted in step S1.
Seen from the above description, it is encrypted by using terminal key of the different temporary keys to different terminals, greatly
Width reduces the corresponding ciphertext sample of the same key-encrypting key, reduces the risk that terminal key is largely leaked.
Further, it is signed using the first private key to the ciphertext data described in step S2, obtains signed data
It specifically includes:
Cryptographic Hash is calculated according to the ciphertext data;
It is signed using the first private key to the cryptographic Hash, obtains signed data.
Seen from the above description, by first calculating the cryptographic Hash of ciphertext data, then using the first private key to the cryptographic Hash
Sign, and it is indirect sign to ciphertext data, not only can be improved data transmission efficiency, also can be improved data transmission
Safety.
Further, step S3 is specifically included:
S31, public key calculation is carried out to the signed data in the key file according to first public key, obtains described the
One cryptographic Hash;
S32, the cryptographic Hash for calculating ciphertext data in the key file, obtain the second cryptographic Hash;
S33, judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through.
Seen from the above description, by comparing the first cryptographic Hash and whether the second cryptographic Hash is identical carries out sign test, thus
Ensure that ciphertext data are not tampered with.
Further, the ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
S411, the ciphertext data are decrypted according to the first key, obtains first terminal key and corresponding first inspection
Look into value;
S412, it is encrypted using first preset data of first terminal key pair, obtains second checking value;
S413, judge whether the first checking value and second checking value are identical, if so, judging that the first terminal is close
Key is correct.
Seen from the above description, on the basis of sign test passes through, further judge that first checking value and second checking value come
Judge whether terminal key is tampered, ensure that ciphertext data described in data safety further include answering with the first terminal key pair
Inspection value;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
S421, the temporary key encryption data is decrypted according to the first key, obtains the first temporary key;
S422, the ciphertext data are decrypted according to first temporary key, obtains second terminal key and corresponding the
Three inspection values;
Following steps are executed to each second terminal key:
S423, it is encrypted using corresponding second preset data of the second terminal key pair, obtains the corresponding 4th
Inspection value;
S424, judge whether the third inspection value and the 4th inspection value are identical, if so, judgement and the third inspection
It is correct to be worth corresponding second terminal key.
Seen from the above description, on the basis of sign test passes through, further judge that third inspection value and the 4th inspection value are come
Judge whether terminal key is tampered, ensure that data safety.
Further, the ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
S431, the temporary key encryption data is decrypted according to the first key, obtains the second temporary key;
S432, the ciphertext data are decrypted according to second temporary key, obtains third terminal key and corresponding the
Five inspection values;
Following steps are executed to each third terminal key:
S433, it is encrypted using the corresponding third preset data of the third terminal key pair, obtains the corresponding 6th
Inspection value;
S434, judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement is checked with the described 5th
It is correct to be worth corresponding third terminal key.
Seen from the above description, on the basis of sign test passes through, further judge that the 5th inspection value and the 6th inspection value are come
Judge whether terminal key is tampered, ensure that data safety.
Further, the first key is made of more than one different key components.
Seen from the above description, by the way that first key is divided into more than one different key components, it is close to can be improved first
Safety of the key in transmittance process.
Embodiment one
Fig. 1 is please referred to, a method of transmitting key, comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to
Receiving end;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end;
Transmitting terminal described in step S2 signs to the ciphertext data using the first private key, and it is specific to obtain signed data
Include:
Cryptographic Hash is calculated according to the ciphertext data in transmitting terminal;
Transmitting terminal signs to the cryptographic Hash using the first private key, obtains signed data;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, receiving end carry out public key calculation to the signed data in the key file according to first public key, obtain
First cryptographic Hash;
S32, receiving end calculate the cryptographic Hash of the ciphertext data in the key file, obtain the second cryptographic Hash;
S33, receiving end judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
The ciphertext data are decrypted according to the first key in S411, receiving end, obtain first terminal key and corresponding
First checking value;
S412, receiving end are encrypted using first preset data of first terminal key pair, obtain second checking value;
S413, receiving end judge whether the first checking value and second checking value are identical, if so, judging described first
Terminal key is correct;
The first key is made of more than one different key components.
Embodiment two
Fig. 1 is please referred to, a method of transmitting key, comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to
Receiving end;
Step S1 includes:
Transmitting terminal generates temporary key, and the temporary key replacement first key encrypts the terminal key;
Transmitting terminal encrypts the temporary key using first key, obtains temporary key encryption data, described close
Literary data include the temporary key encryption data;
The temporary key encrypted in step S1 to the terminal key of different terminals is identical;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end;
Transmitting terminal described in step S2 signs to the ciphertext data using the first private key, and it is specific to obtain signed data
Include:
Cryptographic Hash is calculated according to the ciphertext data in transmitting terminal;
Transmitting terminal signs to the cryptographic Hash using the first private key, obtains signed data;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, receiving end carry out public key calculation to the signed data in the key file according to first public key, obtain
First cryptographic Hash;
S32, receiving end calculate the cryptographic Hash of the ciphertext data in the key file, obtain the second cryptographic Hash;
S33, receiving end judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S421, receiving end, obtains the first temporary key;
The ciphertext data are decrypted according to first temporary key in S422, receiving end, obtain second terminal key and phase
The third inspection value answered;
Following steps are executed to each second terminal key:
S423, receiving end are encrypted using corresponding second preset data of the second terminal key pair, are obtained corresponding
The 4th inspection value;
S424, receiving end judge whether the third inspection value and the 4th inspection value are identical, if so, judgement and described the
It is correct that three inspections are worth corresponding second terminal key;
The first key is made of more than one different key components.
Embodiment three
Fig. 1 is please referred to, a method of transmitting key, comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to
Receiving end;
Step S1 includes:
Transmitting terminal generates temporary key, and the temporary key replacement first key encrypts the terminal key;
Transmitting terminal encrypts the temporary key using first key, obtains temporary key encryption data, described close
Literary data include the temporary key encryption data;
The temporary key difference that the terminal key of different terminals is encrypted in step S1;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will be comprising described
The key file and the first public key corresponding with first private key of ciphertext data and signed data are sent to the receiving end;
Transmitting terminal described in step S2 signs to the ciphertext data using the first private key, and it is specific to obtain signed data
Include:
Cryptographic Hash is calculated according to the ciphertext data in transmitting terminal;
Transmitting terminal signs to the cryptographic Hash using the first private key, obtains signed data;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, receiving end carry out public key calculation to the signed data in the key file according to first public key, obtain
First cryptographic Hash;
S32, receiving end calculate the cryptographic Hash of the ciphertext data in the key file, obtain the second cryptographic Hash;
S33, receiving end judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S431, receiving end, obtains the second temporary key;
The ciphertext data are decrypted according to second temporary key in S432, receiving end, obtain third terminal key and phase
The 5th inspection value answered;
Following steps are executed to each third terminal key:
S433, receiving end are encrypted using the corresponding third preset data of the third terminal key pair, are obtained corresponding
The 6th inspection value;
S434, receiving end judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement and described the
It is correct that five inspections are worth corresponding third terminal key;
The first key is made of more than one different key components.
Example IV
The present embodiment will be in conjunction with specific application scenarios, and how the method for further illustrating the above-mentioned transmitting key of the present invention is
It realizes:
1, entity A (transmitting terminal) uses KEK (first key) ciphering terminal key, obtains ciphertext data, and appoint special messenger
The safe house encryption equipment of (generally two people or more) to entity B (receiving end) inputs key components;
1.1, entity A generates the key components of KEK at security context (usually safe house encryption equipment), for the sake of simplicity,
Here key components are two, are denoted as key components 1 and key components 2;
1.2, entity A appoints assistant director A (usually key administrator A) to the safe house encryption equipment input key point of entity B
Amount 1;
1.3, entity A appoints assistant director B (usually key administrator B) to the safe house encryption equipment input key point of entity B
Amount 2;
So far, the encryption equipment of entity B has the KEK of entity A, and wherein KEK is key-encrypting key, for other keys
It encrypts;
2, the public key (or certificate) of itself is passed to entity B, while the corresponding private key of safekeeping by entity A;
2.1, entity A generates a pair of public and private key at security context (usually safe house encryption equipment), and being denoted as PRK, (first is private
Key), PUK (the first public key), wherein PUK be PUBLIC KEY, indicate unsymmetrical key inside public key, PRK PRIVATE
KEY indicates private key corresponding with the public key inside unsymmetrical key;
2.2, the PRK that entity A safekeeping step 2.1 generates, and the PUK that step 2.1 is generated passes to safely entity
B, the purpose of this process are the public keys in order to allow entity B to take genuine and believable entity A, and specific practice is not in discussion of the invention
Range, public key are not belonging to private data, can disclose and transmit, and briefly describe the method for two kinds of feasible transmitting PUK below:
1) entity A appoint assistant director C to entity B scene transmit PUK, while appoint assistant director D by the summary data of PUK (such as
HASH entity B) is passed to, whether the abstract that entity B verifies the PUK of assistant director C transmitting is consistent with the abstract of assistant director D, if so, generation
Table PUK is genuine and believable;
2) or PKI technology is used, the root certificate CA of entity A is first passed into entity B, then by the corresponding public affairs of above-mentioned PUK
Key certificate passes to entity B, entity B verify the public key certificate whether be entity A CA visa, if so, it is true to represent PUK
Credible, wherein PKI indicates Public Key Infrastructure, is a kind of development using public key cryptography for e-commerce for following standard
The technology and specification of a set of foundation for security platform are provided;
So far, entity B has the PUK of entity A;
3, the TMK (terminal key) of entity A passes to entity B in the form of key file, and with own private key to key
File is signed, and signed data is obtained, and the key file has following several formats:
For convenience of description, there is following agreement:
SN indicates terminal number, and terminal number and TMK are corresponded, and guarantees that a machine one is close;
E (KEY, DATA) indicates to use key KEY encryption data DATA;
Sign (PRK, DATA) indicates (right to data DATA calculating abstract HASH to data DATA signature using private key PRK
HASH carries out private key operation);
KCV (KEY) indicates the KCV value of key KEY, and KCV indicates cipher key check;
Format 1, key file are added entity A to the signature of key data, prevent key file from illegally being distorted:
The first row: SN1, E (KEK, TMK1), KCV (TMK1)
Second row: SN2, E (KEK, TMK2), KCV (TMK2)
I-th row: SNi, E (KEK, TMKi), KCV (TMKi)
Last line: Sign (PRK, DATA)
Wherein DATA is all data of the first row to the i-th row;
Format 1 is suitable for that key file is anti-tamper or the scene of anti-repudiation;
Particularly, key file introduces temporary key encryption key (TKEK), reinforces the protection to TMK, format 2:
The first row: E (KEK, TKEK)
Second row: SN1, E (TKEK, TMK1), KCV (TMK1)
The third line: SN2, E (TKEK, TMK2), KCV (TMK2)
I-th row: SNi, E (TKEK, TMKi), KCV (TMKi)
Last line: Sign (PRK, DATA)
Wherein all data of the DATA for the first row to the i-th row, the temporary key that TKEK is generated at random for encryption equipment, every part
Key file is all different;
If providing a kind of possibility for replacing KEK using format 2, i.e., replacing KEK, the key of such last time using TKEK
Encryption key KEK is just substituted by temporary key encryption key TKEK, this format provides the update mechanism of KEK a kind of;
Format 2 is suitable for that key file is anti-tamper or the scene of anti-repudiation, while being also applied for being not desired to always using same
A KEK is frequent, magnanimity encrypts the scene of TMK, and replaces or update the scene of KEK;
More particularly, a unique TKEK can be used in each TMK, reinforces the protection to TMK, format 3:
The first row: SN1, E (KEK, TKEK1), E (TKEK1, TMK1), KCV (TMK1)
Second row: SN2, E (KEK, TKEK2), E (TKEK2, TMK2), KCV (TMK2)
I-th row: SNi, E (KEK, TKEKi), E (TKEKi, TMKi), KCV (TMKi)
Last line: Sign (PRK, DATA)
Wherein DATA is all data of the first row to the i-th row, and TKEKi is the temporary key that encryption equipment generates at random, often
The corresponding TKEK of TMK is all different;
Format 3 is suitable for that key file is anti-tamper or the scene of anti-repudiation, while being also applied for being not desired to always using same
A KEK frequently, magnanimity encryption TMK scene;
4, entity B need to carry out sign test operation to key file to judge its legitimacy and be not tampered with, and particularly, key is literary
Part may be incorporated into TKEK, to reinforce the protection to TMK;
After entity B receives the key file of transmitting, key file is handled in a corresponding format;
If the format of key file is format 1:
Entity B use public key PUK corresponding with private key carries out sign test, sign test operation to key file are as follows:
1) public key calculation is carried out using last line (i.e. Sign (PRK, DATA)) of the PUK to key file, obtains HASH
Value;
2) HASH value of the computation key file except all data of last line;
3) if above-mentioned HASH value 1), 2) is consistent, sign test passes through, if inconsistent, sign test does not pass through;
If sign test passes through, TMK ciphertext data E (KEK, TMKi) is successively decrypted using the KEK of encryption equipment, obtains TMKi,
And the correctness of TMKi can be verified by KCV (TMKi), verification step is as follows:
Using TMKi to full 0 data encryption, E (TMKi, 0) is obtained, compares whether it equal with KCV (TMKi), if equal,
Then TMKi is correct, otherwise mistake;
If the format of key file is format 2:
Entity B use public key PUK corresponding with private key carries out sign test to key file, if sign test passes through, uses encryption
KEK decryption E (KEK, TKEK) of machine obtains TKEK in plain text, reuses TKEK and successively decrypts E (TKEK, TMKi), obtains TMKi, and
The correctness of TMKi can be verified by KCV (TMKi);
Particularly, KEK is if desired replaced, then replaces KEK using TKEK;
If the format of key file is format 3:
Entity B use public key PUK corresponding with private key carries out sign test to key file, if sign test passes through, uses encryption
The KEK of machine successively decrypts E (KEK, TKEKi) and obtains TKEKi in plain text, reuses TKEKi decryption E (TKEKi, TMKi), obtains
TMKi, and the correctness of TMKi can be verified by KCV (TMKi).
Embodiment five
Referring to figure 2., a kind of system 1 for transmitting key, including transmitting terminal 2 and receiving end 3, the transmitting terminal 2 include the
One memory 4, first processor 5 and it is stored in the first computer that can be run on first memory 4 and on first processor 5
Program, the receiving end 3 include second memory 6, second processor 7 and are stored on second memory 6 and can be at second
The second computer program run on reason device 7, the first processor 5 realize following step when executing first computer program
It is rapid:
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
S2, it is signed using the first private key to the ciphertext data, obtains signed data, and will include the ciphertext number
The receiving end is sent to according to the key file of signed data and the first public key corresponding with first private key;
It is signed using the first private key to the ciphertext data described in step S2, obtains signed data and specifically include:
Cryptographic Hash is calculated according to the ciphertext data;
It is signed using the first private key to the cryptographic Hash, obtains signed data;
The second processor 7 performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, public key calculation is carried out to the signed data in the key file according to first public key, obtains described the
One cryptographic Hash;
S32, the cryptographic Hash for calculating ciphertext data in the key file, obtain the second cryptographic Hash;
S33, judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
S411, the ciphertext data are decrypted according to the first key, obtains first terminal key and corresponding first inspection
Look into value;
S412, it is encrypted using first preset data of first terminal key pair, obtains second checking value;
S413, judge whether the first checking value and second checking value are identical, if so, judging that the first terminal is close
Key is correct;
The first key is made of more than one different key components.
Embodiment six
Referring to figure 2., a kind of system 1 for transmitting key, including transmitting terminal 2 and receiving end 3, the transmitting terminal 2 include the
One memory 4, first processor 5 and it is stored in the first computer that can be run on first memory 4 and on first processor 5
Program, the receiving end 3 include second memory 6, second processor 7 and are stored on second memory 6 and can be at second
The second computer program run on reason device 7, the first processor 5 realize following step when executing first computer program
It is rapid:
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
Step S1 includes:
Temporary key is generated, the temporary key replacement first key encrypts the terminal key;
The temporary key is encrypted using first key, obtains temporary key encryption data, the ciphertext data
Including the temporary key encryption data;
The temporary key encrypted in step S1 to the terminal key of different terminals is identical;
S2, it is signed using the first private key to the ciphertext data, obtains signed data, and will include the ciphertext number
The receiving end is sent to according to the key file of signed data and the first public key corresponding with first private key;
It is signed using the first private key to the ciphertext data described in step S2, obtains signed data and specifically include:
Cryptographic Hash is calculated according to the ciphertext data;
It is signed using the first private key to the cryptographic Hash, obtains signed data;
The second processor 7 performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, public key calculation is carried out to the signed data in the key file according to first public key, obtains described the
One cryptographic Hash;
S32, the cryptographic Hash for calculating ciphertext data in the key file, obtain the second cryptographic Hash;
S33, judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
S421, the temporary key encryption data is decrypted according to the first key, obtains the first temporary key;
S422, the ciphertext data are decrypted according to first temporary key, obtains second terminal key and corresponding the
Three inspection values;
Following steps are executed to each second terminal key:
S423, it is encrypted using corresponding second preset data of the second terminal key pair, obtains the corresponding 4th
Inspection value;
S424, judge whether the third inspection value and the 4th inspection value are identical, if so, judgement and the third inspection
It is correct to be worth corresponding second terminal key;
The first key is made of more than one different key components.
Embodiment seven
Referring to figure 2., a kind of system 1 for transmitting key, including transmitting terminal 2 and receiving end 3, the transmitting terminal 2 include the
One memory 4, first processor 5 and it is stored in the first computer that can be run on first memory 4 and on first processor 5
Program, the receiving end 3 include second memory 6, second processor 7 and are stored on second memory 6 and can be at second
The second computer program run on reason device 7, the first processor 5 realize following step when executing first computer program
It is rapid:
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
Step S1 includes:
Temporary key is generated, the temporary key replacement first key encrypts the terminal key;
The temporary key is encrypted using first key, obtains temporary key encryption data, the ciphertext data
Including the temporary key encryption data;
The temporary key difference that the terminal key of different terminals is encrypted in step S1;
S2, it is signed using the first private key to the ciphertext data, obtains signed data, and will include the ciphertext number
The receiving end is sent to according to the key file of signed data and the first public key corresponding with first private key;
It is signed using the first private key to the ciphertext data described in step S2, obtains signed data and specifically include:
Cryptographic Hash is calculated according to the ciphertext data;
It is signed using the first private key to the cryptographic Hash, obtains signed data;
The second processor 7 performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key;
Step S3 is specifically included:
S31, public key calculation is carried out to the signed data in the key file according to first public key, obtains described the
One cryptographic Hash;
S32, the cryptographic Hash for calculating ciphertext data in the key file, obtain the second cryptographic Hash;
S33, judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through;
The ciphertext data further include inspection value corresponding with the first terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
S431, the temporary key encryption data is decrypted according to the first key, obtains the second temporary key;
S432, the ciphertext data are decrypted according to second temporary key, obtains third terminal key and corresponding the
Five inspection values;
Following steps are executed to each third terminal key:
S433, it is encrypted using the corresponding third preset data of the third terminal key pair, obtains the corresponding 6th
Inspection value;
S434, judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement is checked with the described 5th
It is correct to be worth corresponding third terminal key;
The first key is made of more than one different key components.
In conclusion a kind of method and system for transmitting key provided by the invention, use first key by transmitting terminal
Ciphering terminal key, and the first key is sent to receiving end, so that first key and terminal key are associated, solve
It has determined the close problem of multimachine one, has improved safety, and transmitting terminal signs to the ciphertext data using the first private key,
Obtain signed data, and by the key file comprising the ciphertext data and signed data and corresponding with first private key
First public key is sent to the receiving end, by utilizing digital signature technology, ensure that the integrality of key file and can not supporting
Lai Xing, and simultaneously include ciphertext data and signed data in key file, transmitting key file can be not only disclosed, can also be prevented
Only key file is tampered in transmittance process, is added by generating temporary key replacement first key to the terminal key
It is close, realize the update to first key, and temporary key not only has provisional, also has randomness, improves key
The difficulty that file is illegally distorted by first calculating the cryptographic Hash of ciphertext data, then uses first to reduce security risk
Private key signs to the cryptographic Hash, and it is indirect sign to ciphertext data, not only can be improved data transmission efficiency,
The safety of data transmission also can be improved.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (20)
1. a kind of method for transmitting key, which is characterized in that comprising steps of
S1, transmitting terminal use first key ciphering terminal key, obtain ciphertext data, and the first key is sent to reception
End;
S2, transmitting terminal sign to the ciphertext data using the first private key, obtain signed data, and will include the ciphertext
The key file and the first public key corresponding with first private key of data and signed data are sent to the receiving end;
S3, the receiving end carry out sign test to the key file according to the first key and the first public key.
2. the method for transmitting key according to claim 1, which is characterized in that step S1 includes:
Transmitting terminal generates temporary key, and the temporary key replacement first key encrypts the terminal key;
Transmitting terminal encrypts the temporary key using first key, obtains temporary key encryption data, the ciphertext number
According to including the temporary key encryption data.
3. the method for transmitting key according to claim 2, which is characterized in that close to the terminal of different terminals in step S1
The temporary key that key is encrypted is identical.
4. the method for transmitting key according to claim 2, which is characterized in that close to the terminal of different terminals in step S1
The temporary key that key is encrypted is different.
5. the method for transmitting key according to any one of claim 1 to 4, which is characterized in that sent out described in step S2
Sending end signs to the ciphertext data using the first private key, obtains signed data and specifically includes:
Cryptographic Hash is calculated according to the ciphertext data in transmitting terminal;
Transmitting terminal signs to the cryptographic Hash using the first private key, obtains signed data.
6. the method for transmitting key according to claim 5, which is characterized in that step S3 is specifically included:
S31, receiving end carry out public key calculation to the signed data in the key file according to first public key, obtain described
First cryptographic Hash;
S32, receiving end calculate the cryptographic Hash of the ciphertext data in the key file, obtain the second cryptographic Hash;
S33, receiving end judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through.
7. the method for transmitting key according to claim 1, which is characterized in that the ciphertext data further include and described the
The corresponding inspection value of one terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
The ciphertext data are decrypted according to the first key in S411, receiving end, obtain first terminal key and corresponding first
Inspection value;
S412, receiving end are encrypted using first preset data of first terminal key pair, obtain second checking value;
S413, receiving end judge whether the first checking value and second checking value are identical, if so, judging the first terminal
Key is correct.
8. the method for transmitting key according to claim 3, which is characterized in that the ciphertext data further include and described the
The corresponding inspection value of one terminal key;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S421, receiving end, obtains the first temporary key;
The ciphertext data are decrypted according to first temporary key in S422, receiving end, obtain second terminal key and corresponding
Third inspection value;
Following steps are executed to each second terminal key:
S423, receiving end are encrypted using corresponding second preset data of the second terminal key pair, obtain corresponding the
Four inspection values;
S424, receiving end judge whether the third inspection value and the 4th inspection value are identical, if so, judgement is examined with the third
It is correct to look into the corresponding second terminal key of value.
9. the method for transmitting key according to claim 4, which is characterized in that the ciphertext data further include and described the
The corresponding inspection value of one terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
The temporary key encryption data is decrypted according to the first key in S431, receiving end, obtains the second temporary key;
The ciphertext data are decrypted according to second temporary key in S432, receiving end, obtain third terminal key and corresponding
5th inspection value;
Following steps are executed to each third terminal key:
S433, receiving end are encrypted using the corresponding third preset data of the third terminal key pair, obtain corresponding the
Six inspection values;
S434, receiving end judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement and the 5th inspection
It is correct to look into the corresponding third terminal key of value.
10. it is according to claim 1 transmitting key method, which is characterized in that the first key by more than one not
Same key components composition.
11. a kind of system for transmitting key, including transmitting terminal and receiving end, the transmitting terminal include first memory, at first
The first computer program managing device and storage on the first memory and can running on first processor, the receiving end includes
Second memory, second processor and it is stored in the second computer journey that can be run on second memory and in second processor
Sequence, which is characterized in that the first processor performs the steps of when executing first computer program
S1, using first key ciphering terminal key, obtain ciphertext data, and the first key is sent to receiving end;
S2, signed using the first private key to the ciphertext data, obtain signed data, and will comprising the ciphertext data and
The key file of signed data and the first public key corresponding with first private key are sent to the receiving end;
The second processor performs the steps of when executing the second computer program
S3, sign test is carried out to the key file according to the first key and the first public key.
12. the system of transmitting key according to claim 11, which is characterized in that step S1 includes:
Temporary key is generated, the temporary key replacement first key encrypts the terminal key;
The temporary key is encrypted using first key, obtains temporary key encryption data, the ciphertext data include
The temporary key encryption data.
13. the system of transmitting key according to claim 12, which is characterized in that the terminal of different terminals in step S1
The temporary key that key is encrypted is identical.
14. the system of transmitting key according to claim 12, which is characterized in that the terminal of different terminals in step S1
The temporary key that key is encrypted is different.
15. the system of key is transmitted described in any one of 1 to 14 according to claim 1, which is characterized in that described in step S2
It is signed using the first private key to the ciphertext data, obtains signed data and specifically include:
Cryptographic Hash is calculated according to the ciphertext data;
It is signed using the first private key to the cryptographic Hash, obtains signed data.
16. the system of transmitting key according to claim 15, which is characterized in that step S3 is specifically included:
S31, public key calculation is carried out to the signed data in the key file according to first public key, obtains described first and breathes out
Uncommon value;
S32, the cryptographic Hash for calculating ciphertext data in the key file, obtain the second cryptographic Hash;
S33, judge whether first cryptographic Hash and the second cryptographic Hash are identical, if so, sign test passes through.
17. it is according to claim 11 transmitting key system, which is characterized in that the ciphertext data further include with it is described
The corresponding inspection value of first terminal key;
After step S3 further include:
If S41, sign test pass through, then follow the steps:
S411, the ciphertext data are decrypted according to the first key, obtains first terminal key and corresponding first checking value;
S412, it is encrypted using first preset data of first terminal key pair, obtains second checking value;
S413, judge whether the first checking value and second checking value are identical, if so, judging the first terminal key just
Really.
18. it is according to claim 13 transmitting key system, which is characterized in that the ciphertext data further include with it is described
The corresponding inspection value of first terminal key;
After step S3 further include:
If S42, sign test pass through, then follow the steps:
S421, the temporary key encryption data is decrypted according to the first key, obtains the first temporary key;
S422, the ciphertext data are decrypted according to first temporary key, obtains second terminal key and the inspection of corresponding third
Look into value;
Following steps are executed to each second terminal key:
S423, it is encrypted using corresponding second preset data of the second terminal key pair, obtains the corresponding 4th and check
Value;
S424, judge whether the third inspection value and the 4th inspection value are identical, if so, judgement and the third inspection value pair
The second terminal key answered is correct.
19. it is according to claim 14 transmitting key system, which is characterized in that the ciphertext data further include with it is described
The corresponding inspection value of first terminal key;
After step S3 further include:
If S43, sign test pass through, then follow the steps:
S431, the temporary key encryption data is decrypted according to the first key, obtains the second temporary key;
S432, the ciphertext data are decrypted according to second temporary key, obtains third terminal key and corresponding 5th inspection
Look into value;
Following steps are executed to each third terminal key:
S433, it is encrypted using the corresponding third preset data of the third terminal key pair, obtains the corresponding 6th and check
Value;
S434, judge whether the 5th inspection value and the 6th inspection value are identical, if so, judgement and the 5th inspection value pair
The third terminal key answered is correct.
20. it is according to claim 11 transmitting key system, which is characterized in that the first key by more than one not
Same key components composition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811024520.0A CN109309567A (en) | 2018-09-04 | 2018-09-04 | A kind of method and system for transmitting key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811024520.0A CN109309567A (en) | 2018-09-04 | 2018-09-04 | A kind of method and system for transmitting key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109309567A true CN109309567A (en) | 2019-02-05 |
Family
ID=65224498
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811024520.0A Pending CN109309567A (en) | 2018-09-04 | 2018-09-04 | A kind of method and system for transmitting key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109309567A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970124A (en) * | 2020-08-12 | 2020-11-20 | 曙光信息产业(北京)有限公司 | Computer factory mode control method and device, computer equipment and storage medium |
CN113285959A (en) * | 2021-06-25 | 2021-08-20 | 贵州大学 | Mail encryption method, decryption method and encryption and decryption system |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN102946602A (en) * | 2012-12-04 | 2013-02-27 | 镇江江大科茂信息系统有限责任公司 | Mobile information system based privacy protection and encryption method |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
US8549326B2 (en) * | 2007-10-20 | 2013-10-01 | Blackout, Inc. | Method and system for extending encrypting file system |
CN103714642A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system |
CN104158655A (en) * | 2014-08-27 | 2014-11-19 | 融信信息科技有限公司 | POS master key generation and distribution management system and control method |
CN105978856A (en) * | 2016-04-18 | 2016-09-28 | 随行付支付有限公司 | POS (point of sale) machine key downloading method, device and system |
CN106097608A (en) * | 2016-06-06 | 2016-11-09 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN106789018A (en) * | 2016-12-20 | 2017-05-31 | 百富计算机技术(深圳)有限公司 | Secret key remote acquisition methods and device |
CN107995608A (en) * | 2017-12-05 | 2018-05-04 | 飞天诚信科技股份有限公司 | A kind of method and device being authenticated by blue tooth vehicular unit |
US10007797B1 (en) * | 2010-12-29 | 2018-06-26 | Amazon Technologies, Inc. | Transparent client-side cryptography for network applications |
-
2018
- 2018-09-04 CN CN201811024520.0A patent/CN109309567A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8549326B2 (en) * | 2007-10-20 | 2013-10-01 | Blackout, Inc. | Method and system for extending encrypting file system |
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
US10007797B1 (en) * | 2010-12-29 | 2018-06-26 | Amazon Technologies, Inc. | Transparent client-side cryptography for network applications |
CN102946602A (en) * | 2012-12-04 | 2013-02-27 | 镇江江大科茂信息系统有限责任公司 | Mobile information system based privacy protection and encryption method |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN103714642A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system |
CN104158655A (en) * | 2014-08-27 | 2014-11-19 | 融信信息科技有限公司 | POS master key generation and distribution management system and control method |
CN105978856A (en) * | 2016-04-18 | 2016-09-28 | 随行付支付有限公司 | POS (point of sale) machine key downloading method, device and system |
CN106097608A (en) * | 2016-06-06 | 2016-11-09 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN106789018A (en) * | 2016-12-20 | 2017-05-31 | 百富计算机技术(深圳)有限公司 | Secret key remote acquisition methods and device |
CN107995608A (en) * | 2017-12-05 | 2018-05-04 | 飞天诚信科技股份有限公司 | A kind of method and device being authenticated by blue tooth vehicular unit |
Non-Patent Citations (2)
Title |
---|
PCI SECURITY STANDARDS COUNCIL: "《Payment Card Industry (PCI) PIN Security Requirements》", 31 December 2014 * |
汪晋宽: "《电子商务实用技术》", 3 December 2003, 东北大学出版社 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970124A (en) * | 2020-08-12 | 2020-11-20 | 曙光信息产业(北京)有限公司 | Computer factory mode control method and device, computer equipment and storage medium |
CN113285959A (en) * | 2021-06-25 | 2021-08-20 | 贵州大学 | Mail encryption method, decryption method and encryption and decryption system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103905207B (en) | Method and system for unifying APK signature | |
CN103714642B (en) | Key downloading method, management method, downloading management method and device and system | |
CN103714639B (en) | A kind of method and system that realize the operation of POS terminal security | |
CN103716322B (en) | Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system | |
CN104320257B (en) | Electronic record verification method and device | |
CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
CN109672539A (en) | SM2 algorithm collaboration signature and decryption method, apparatus and system | |
CN1831865B (en) | Electronic bank safety authorization system and method based on CPK | |
CN106327184A (en) | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation | |
CN106713336B (en) | Electronic data safeguard system and method based on double, asymmetrical encryption technology | |
CN105245341A (en) | Remote identity authentication method and system and remote account opening method and system | |
CN102024107A (en) | Application software control platform, developer terminal as well as application software distribution system and method | |
CN101977193A (en) | Method and system for safely downloading certificate | |
CN107135070A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
CN109560931A (en) | A kind of equipment remote upgrade method based on no Certification system | |
CN109257328A (en) | A kind of safety interacting method and device of scene operation/maintenance data | |
CN103996117A (en) | Safety mobile phone | |
CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
CN108764912A (en) | A kind of method of payment and device based on short message verification code | |
CN107104795A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
CN105897748A (en) | Symmetric secrete key transmission method and device | |
CN111105235A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment | |
CN102624710A (en) | Sensitive information transmission method and sensitive information transmission system | |
CN109309567A (en) | A kind of method and system for transmitting key | |
CN104735064A (en) | Safety revocation and updating method for identification in identification password system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190205 |