CN116188009A - National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium - Google Patents

National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium Download PDF

Info

Publication number
CN116188009A
CN116188009A CN202310156943.2A CN202310156943A CN116188009A CN 116188009 A CN116188009 A CN 116188009A CN 202310156943 A CN202310156943 A CN 202310156943A CN 116188009 A CN116188009 A CN 116188009A
Authority
CN
China
Prior art keywords
key
merchant
information
work
working
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310156943.2A
Other languages
Chinese (zh)
Inventor
吕林林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Murong Information Technology Co ltd
Original Assignee
Beijing Murong Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Murong Information Technology Co ltd filed Critical Beijing Murong Information Technology Co ltd
Priority to CN202310156943.2A priority Critical patent/CN116188009A/en
Publication of CN116188009A publication Critical patent/CN116188009A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The application relates to a method, a system, a terminal and a readable storage medium for acquiring a national encryption soft encryption mode key, which are applied to the technical field of key security, and the method comprises the following steps: generating a merchant transmission key pair, wherein the merchant transmission key pair comprises a merchant private key and a merchant public key; generating a merchant secret key file for offline transmission to a merchant terminal, wherein the merchant secret key file comprises a merchant secret key; after receiving the work key application information sent by the merchant terminal, verifying a first signature in the work key application information by using the merchant public key; if the first signature passes the verification, a working secret key MAK is generated; encrypting the work key MAK through the merchant public key to generate a work key ciphertext; and sending first information to the merchant terminal, wherein the first information comprises the working key ciphertext. The method and the device have the effect of improving the security of the secret key.

Description

National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium
Technical Field
The present disclosure relates to the field of key security technologies, and in particular, to a method, a system, a terminal, and a readable storage medium for obtaining a key in a soft encryption mode.
Background
The encryption key is an important component of any security system. They do all work from data encryption and decryption to user authentication. Any disclosure of encryption keys may cause the entire security infrastructure of the organization to crash, thereby enabling an attacker to decrypt sensitive data, authenticate himself as a privileged user, or give himself access to other sources of confidential information. Proper management of the key and its associated components may ensure the security of the confidential information.
At present, the traditional secret key is basically transmitted to the merchant access party in a downloading mode or a downlink transmission mode, so that the risk of losing and revealing the secret key in the transmission process is greatly increased, after the secret key is revealed, on the one hand, the account security of the merchant is not guaranteed, and on the other hand, after the secret key is lost, the process is required to be reapplied, and thus the normal business development of the merchant is greatly influenced.
Disclosure of Invention
In order to improve the security of the secret key, the application provides a method, a system, a terminal and a readable storage medium for acquiring the secret key of a national secret soft encryption mode.
In a first aspect, the present application provides a method for obtaining a key in a soft encryption mode of a national encryption, which is applied to a payment system, and adopts the following technical scheme:
a method for obtaining a national encryption soft encryption mode key, comprising:
generating a merchant transmission key pair, wherein the merchant transmission key pair comprises a merchant private key and a merchant public key;
generating a merchant secret key file for offline transmission to a merchant terminal, wherein the merchant secret key file comprises a merchant secret key;
after receiving the work key application information sent by the merchant terminal, verifying a first signature in the work key application information by using the merchant public key;
if the first signature passes the verification, a working secret key MAK is generated;
encrypting the work key MAK through the merchant public key to generate a work key ciphertext;
and sending first information to the merchant terminal, wherein the first information comprises the working key ciphertext.
Optionally, the work key application information includes a merchant number and key root information; the method further comprises the steps of:
if the first signature passes verification, a state query request for the key root information is sent to a merchant portal;
and if the state of the key root information returned by the merchant portal is received to be normal, executing the step of generating the working key MAK.
Optionally, before the generating the work key MAK, the method further includes:
generating a merchant symmetric key;
the generating the work key MAK includes:
splicing the merchant number, the key root information and the merchant symmetric key to obtain a spliced character string;
hashing the spliced character string;
and performing exclusive or operation on the hash result to obtain the work key MAK.
In a second aspect, the present application provides a system for acquiring a soft encryption mode of a national cipher, which adopts the following technical scheme:
the merchant transmission key pair generation module is used for generating a merchant key file for being transmitted to a merchant terminal in an off-line mode, wherein the merchant key file comprises a merchant private key;
the verification module is used for verifying the first signature in the work key application information by using the merchant public key after receiving the work key application information sent by the merchant terminal;
the working key generation module is used for generating a working key MAK if the first signature passes verification;
the encryption module is used for encrypting the work secret key MAK through the merchant public key to generate a work secret key ciphertext;
and the first information sending module is used for sending first information to the merchant terminal, wherein the first information comprises the working key ciphertext.
In a third aspect, the method for acquiring the key of the national encryption soft encryption mode is applied to a merchant terminal, and adopts the following technical scheme:
reading and importing a merchant private key in a merchant private key file transmitted offline by a payment system;
generating work key application information, wherein the work key application information comprises a merchant number;
signing the work key application information through the merchant private key, generating a first signature, and sending the work key application information and the first signature to a payment system;
after receiving the first information sent by the payment system, decrypting the working key ciphertext in the first information to obtain a working key MAK.
Optionally, the work key application information further includes key root information; before the generating the work key application information, the method further includes:
and obtaining key root information.
In a fourth aspect, the present application provides a system for acquiring a key in a soft encryption mode of a national encryption, which is applied to a merchant terminal, and adopts the following technical scheme:
the reading module is used for reading and importing the merchant private key in the merchant private key file transmitted offline by the payment system;
the system comprises a working key application information generation module, a storage module and a storage module, wherein the working key application information generation module is used for generating working key application information, and the working key application information comprises a merchant number;
the signature module is used for signing the work key application information through the merchant private key, generating a first signature and sending the work key application information and the first signature to a payment system;
and the decryption module is used for decrypting the working key ciphertext in the first information after receiving the first information sent by the payment system to obtain the working key MAK.
In a fifth aspect, the present application provides an intelligent terminal, which adopts the following technical scheme:
an intelligent terminal, comprising a processor, wherein the processor is coupled with a memory;
the processor is configured to execute a computer program stored in the memory, so that the intelligent terminal executes the computer program of the cryptographic soft encryption mode key obtaining method according to any one of the first aspects.
In a sixth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
a computer readable storage medium storing a computer program loadable by a processor and performing the method of cryptographic soft encryption mode key acquisition of any one of the first aspects.
By adopting the technical scheme, in the process of generating the working secret key, the payment system firstly generates a merchant secret key pair and a platform secret key pair, the merchant secret key and the platform public key are sent to the merchant terminal in an off-line mode, meanwhile, the merchant terminal generates working secret key application information, signs the working secret key application information through the merchant secret key, then the merchant terminal generates working secret key application information and sends the working secret key application information to the payment system, after receiving the working secret key application information sent by the merchant terminal, the payment system performs signature verification on the working secret key application information through the merchant public key at the first time, generates a working secret key MAK after verification, encrypts the working secret key MAK through the merchant public key, then decrypts the working secret key by the merchant terminal, and improves the safety of the working secret key through encryption and decryption of layers; and through the multi-layer signature and signature verification process, the identification capability of the merchant terminal and the payment system is improved, and the safety of the working secret key is further improved.
Drawings
Fig. 1 is a block diagram of a cryptographic key obtaining system in a soft encryption mode according to an embodiment of the present application.
Fig. 2 is a flowchart of a method for obtaining a key of a soft encryption mode of a national encryption system, which is provided in an embodiment of the present application.
Fig. 3 is a flowchart of a method for acquiring a key of a national encryption soft encryption mode applied to a merchant terminal according to an embodiment of the present application.
Fig. 4 is a block diagram of a system for acquiring a key of a soft encryption mode of a country secret applied to a payment system according to an embodiment of the present application.
Fig. 5 is a block diagram of a system for acquiring a key of a national encryption soft encryption mode applied to a merchant terminal according to an embodiment of the present application.
Fig. 6 is a block diagram of a readable storage medium according to an embodiment of the present application.
Detailed Description
The present application is described in further detail below with reference to the accompanying drawings.
The present embodiment is merely illustrative of the present application and is not intended to be limiting, and those skilled in the art, after having read the present specification, may make modifications to the present embodiment without creative contribution as required, but is protected by patent laws within the scope of the claims of the present application.
Fig. 1 is a block diagram of a system for obtaining a key in a soft encryption mode of a national encryption system according to an embodiment of the present application. As shown in fig. 1, the system includes a payment system and a merchant terminal.
The payment system is a financial arrangement for realizing the clearing of the liability and the funds transfer, and is also called a clearing system, and the payment system in the embodiment is an operation system which is used by merchants and can realize the payment function of the platform.
The merchant terminal is an intelligent terminal device capable of providing operations such as logging in a payment system, carrying out payment operation, verifying payment and the like for merchants, wherein the merchant terminal can be a desktop computer, a tablet computer, a smart phone and the like, but is not limited to the intelligent terminal device.
Based on the above system, the present embodiment provides a method for obtaining a key in a soft encryption mode, and fig. 2 is a schematic flow chart of the method, and the method may be executed by a payment system. The payment system is a payment system provided by the platform in the application, and can also be other operation systems capable of realizing the payment function.
As shown in fig. 2, the main flow of the method is described as follows (steps S201 to S205):
in step S201, a merchant transmission key pair is generated, where the merchant transmission key pair includes a merchant public key and a merchant private key.
In this embodiment, the merchant transmission key pair is generated by adopting a national encryption algorithm SM2 algorithm, wherein SM2 is asymmetric encryption and is based on ECC. The algorithm is disclosed. Because the algorithm is based on ECC, the signature speed and the key generation speed are faster than RSA. The security strength of the ECC 256 bits (SM 2 is one of the 256 bits of the ECC) is higher than that of RSA 2048 bits, but the operation speed is faster than that of RSA.
It should be noted that SM2 is an asymmetric key pair, including a public key and a private key, where the public key may be disclosed to the outside, the private key is private, and after one of the keys is encrypted, the other key may be decrypted. For example, after encryption with the SM2 private key, decryption can only be performed with the SM2 public key.
Step S202, a merchant key file for offline transmission to a merchant terminal is generated, wherein the merchant key file comprises a merchant private key.
In this embodiment, the merchant private key is an SM2 private key, and the payment system sends the merchant private key to the merchant terminal in an offline manner (such as a chat software manner, a face-to-face transmission manner, etc.).
Step S203, after receiving the work key application information sent by the merchant terminal, the first signature in the work key application information is verified by using the merchant public key.
In this embodiment, the working key application information includes a merchant number and key root information; the key root information can have encryption effect on the work key application information, and if the first signature passes verification, a state query request for the key root information is sent to the merchant portal; and if the state of the key root information returned by the merchant portal is normal, executing the step of generating the work key MAK.
It should be noted that, the merchant portal refers to a merchant portal website for the internet, and refers to a Web site integrated with diversified contents, which is also called a Web portal. The web portal is generally considered to be the departure place of the online tourist, and the merchant can enter the world of the network through the way to finish the online operation.
In addition, the normal state of the root refers to that the merchant portal stores the corresponding relation between the merchant number and the key text and information, the payment system sends the merchant number and the key text root information in the working key application information to the merchant portal, and if the merchant number and the key text root information are consistent with the stored corresponding relation, the state of the key text root is normal; if the corresponding relation is inconsistent, the key text has problems at all, the key text is voided by the payment system, and the like, the key text is abnormal in following state.
In step S203, if the first signature passes the verification, a work key MAK is generated.
In this embodiment, a merchant symmetric key is also required to be generated before the working key MAK is generated, where the merchant symmetric key is generated by using the national secret SM4 algorithm, and the key pairs generated by using the SM4 algorithm are symmetric key pairs.
In the process of generating the working key MAK, firstly, the merchant number, the key root information and the merchant symmetric key are spliced to obtain a spliced character string, then the spliced character string is hashed, and finally the hash result is subjected to exclusive or operation, so that the working key MAK is obtained.
It should be noted that the exclusive-or operation is a binary operation method, and the hash result itself obtains the work key MAK through the exclusive-or operation.
In step S204, the working key MAK is encrypted by the merchant public key to generate the working key ciphertext.
In the present embodiment, encryption is a process of changing plaintext into ciphertext; the ciphertext, namely, the plaintext is changed into the ciphertext after being encrypted by an encryption algorithm, so that the data security is ensured.
Step S205, the first information is sent to the merchant terminal, where the first information includes the working key ciphertext.
In this embodiment, the first information further includes a second signature, and the merchant key file further includes a platform public key; before that, the payment platform firstly generates a platform secret key pair through an SM2 algorithm, wherein the platform secret key pair comprises a platform public key and a platform private key, and the payment system sends the platform public key to the merchant terminal in an online mode; after the working key ciphertext is generated, the payment platform signs the working key ciphertext through a platform private key to obtain a second signature.
It is worth noting that after the working key ciphertext is sent to the merchant terminal, after the payment system receives the second information sent by the merchant terminal, the third signature in the second information is verified through the merchant public key, if the third signature is verified, the request message ciphertext in the second information is decrypted through the working key MAK, so that the request message is obtained, after the request message is obtained, the request message is logically processed, a response message is generated, then the payment system encrypts the response message through the merchant symmetric key, and the response message ciphertext is generated.
After the response message ciphertext is obtained, the payment system signs the response message ciphertext through a platform private key, so that a fourth signature is obtained, third information is generated through the fourth signature and the response message Wen Miwen, and finally the third information is sent to the merchant terminal.
Fig. 3 is a flowchart of a method for obtaining a key of a national encryption soft encryption mode of an application and a merchant terminal according to the present embodiment. As shown in fig. 3, the main flow of the method is described as follows (steps S301 to S305):
step S301, a merchant private key in a merchant private key file transmitted offline by the payment system is read and imported.
In this embodiment, the merchant terminal reads the merchant key and imports the SM2 merchant private key, and the merchant terminal imports the merchant private key to the merchant portal on the payment platform through specific instruction operations.
Step S302, generating work key application information, wherein the work key application information comprises a merchant number.
In this embodiment, the working key application information further includes key root information, and the key root information needs to be obtained before the working key application information is generated.
It is worth to say that the key root information is a random character string set by the merchant terminal, and after the merchant terminal sets the key root information, the key root information is reported to the payment system; the key root information is used for generating the working key, and the security level of the working key generated by the key root is higher.
Step S303, signing the work key application information through the merchant private key, generating a first signature, and sending the work key application information and the first signature to the payment system.
In this embodiment, the merchant signs the working key application information, so that the working key application information is more secret in the transmission process, and the secret effect of the working key application information is better.
Step S304, after receiving the first information sent by the payment system, decrypting the working key ciphertext in the first information to obtain the working key MAK.
In this embodiment, after receiving the first information, the merchant terminal decrypts the working key ciphertext through the merchant private key. The first information further comprises a second signature, before decrypting the working key ciphertext in the first information to obtain a working key MAK, the merchant terminal verifies the second signature through the platform public key, and if the second signature is verified, the working key ciphertext in the first information is decrypted to obtain the working key MAK, wherein the working key MAK is a symmetric key pair obtained through a SM4 cryptographic algorithm.
If the second signature verification is not passed, sending verification failure information to the payment platform, and resubmitting work key application information.
After the second signature verification succeeds in decrypting the working key ciphertext to obtain a working key MAK, encrypting the request message through the working key MAK to generate a request message ciphertext, then signing the request message ciphertext through a merchant private key by a merchant terminal to generate a third signature, and generating second information through the third signature by the merchant terminal, wherein the second information comprises the request message ciphertext and the third signature, after the merchant terminal sends the second information to a payment system, after receiving third information returned by the payment system, verifying a fourth signature in the third information through a platform public key;
and if the fourth signature passes the verification, the merchant terminal decrypts the response message Wen Miwen in the third information through the merchant symmetric key, so as to generate a response message, wherein the merchant symmetric key pair is a symmetric key pair generated through the national encryption SM4 algorithm.
Fig. 4 is a block diagram of a cryptographic key obtaining system 400 of a cryptographic soft encryption mode applied to a payment system according to an embodiment of the present application. As shown in fig. 4, the system 400 for obtaining the key of the national encryption soft encryption mode mainly includes:
the merchant transmission key pair generating module 401 is configured to generate a merchant key file for offline transmission to a merchant terminal, where the merchant key file includes a merchant private key;
the verification module 402 is configured to verify, after receiving the working key application information sent by the merchant terminal, the first signature in the working key application information by using the merchant public key;
a working key generating module 403, configured to generate a working key MAK if the first signature passes verification;
the encryption module 404 is configured to encrypt the work key MAK with the merchant public key to generate a work key ciphertext;
and the first information sending module 405 is configured to send first information to the merchant terminal, where the first information includes the working key ciphertext.
The system 400 further includes:
the third signature verification module is used for verifying a third signature in the second information through the public key of the merchant after receiving the second information sent by the merchant terminal;
the request message generation module is used for decrypting the ciphertext of the request message in the second information through the work key MAK if the third signature passes the verification, so as to obtain the request message;
the response message generation module is used for logically processing the request message to generate a response message;
the response message Wen Miwen generating module is configured to encrypt the response message by using the merchant symmetric key, and generate a response message Wen Miwen;
the fourth signature generation module is used for signing the response message ciphertext through a platform private key to generate a fourth signature;
and the third information sending module is used for sending third information to the merchant terminal, wherein the third information comprises a response message Wen Miwen and a fourth signature.
Fig. 5 is a block diagram of a system 500 for acquiring a key of a national encryption soft encryption mode applied to a merchant terminal according to an embodiment of the present application. As shown in fig. 5, the system 500 for obtaining a key of the national encryption soft mode mainly includes:
the reading module 501 is configured to read and import a merchant private key in a merchant private key file transmitted offline by the payment system;
the working key application information generating module 502 is configured to generate working key application information, where the working key application information includes a merchant number;
a signing module 503, configured to sign the working key application information through the merchant private key, generate a first signature, and send the working key application information and the first signature to the payment system;
the decryption module 504 is configured to decrypt the working key ciphertext in the first information after receiving the first information sent by the payment system, to obtain the working key MAK.
The system 500 further includes:
the request message Wen Miwen generating module is configured to encrypt a request message by using a work key MAK to generate a request message Wen Miwen;
the third signature generation module is used for signing the ciphertext of the request message through a merchant private key to generate a third signature;
the second information sending module is used for sending second information to the payment system, wherein the second information comprises a request message ciphertext and a third signature;
the fourth signature verification module is used for verifying a fourth signature in the third information through the platform public key after receiving the third information returned by the payment system;
and the response message generating module is used for decrypting the response message Wen Miwen in the third information through the merchant symmetric key if the fourth signature passes the verification, so as to generate a response message.
The functional modules in the embodiments of the present application may be integrated together to form a single unit, for example, integrated in a processing unit, or each module may exist alone physically, or two or more modules may be integrated to form a single unit. The integrated units may be implemented in hardware or in software functional units. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored on a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, or in a software product stored in a storage medium, including several instructions to cause a smart terminal (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk.
Various modifications and specific examples of the method provided in this embodiment are applicable to a system for obtaining a cryptographic soft encryption mode key provided in this embodiment, and by the foregoing detailed description of a method capable of automatically repairing a BIOS, a person skilled in the art may clearly know an implementation method of a cryptographic soft encryption mode key obtaining system in this embodiment, which is not described in detail herein for brevity of description.
Fig. 6 is a block diagram of an intelligent terminal 600 according to an embodiment of the present application. As shown in fig. 6, the intelligent terminal 600 includes a processor 601, a memory 602, an I/O interface 603, a communication component 604, and a communication bus 605; the processor 601, memory 602, I/O interface 603, and communication component 604 are connected by a communication bus 605.
Memory 602 may be used to store instructions, programs, code, a set of codes, or a set of instructions. The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store instructions for implementing an operating system, instructions for at least one function, instructions for implementing the human biological signal data processing method provided by the above-described embodiments, and the like; the storage data area may store data and the like involved in the human body biological signal data processing method provided in the above embodiments.
Processor 601 may include one or more processing cores. The processor 602 performs various functions and processes of the present application by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 602, invoking data stored in the memory 602. The processor 601 may be at least one of an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a digital signal processor (Digital Signal Processor, DSP), a digital signal processing device (Digital Signal Processing Device, DSPD), a programmable logic device (Programmable Logic Device, PLD), a field programmable gate array (Field Programmable Gate Array, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronic device for implementing the functions of the processor 601 may be other for different apparatuses, and embodiments of the present application are not specifically limited.
The communication bus 605 may include a path to transfer information between the above components. The communication bus 605 may be a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. The communication bus 605 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick solid line is shown in fig. 6, but not only one bus or one type of bus. And the electronic device shown in fig. 6 is only an example and should not impose any limitation on the functionality and scope of use of the embodiments of the present application.
The present embodiment provides a computer-readable storage medium storing a computer program capable of being loaded by a processor and executing the human body biological signal data processing method provided in the above embodiment.
In this embodiment, the computer-readable storage medium may be a tangible device that holds and stores instructions for use by the instruction execution device. The computer readable storage medium may be, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any combination of the preceding. In particular, the computer readable storage medium may be a portable computer disk, hard disk, USB flash disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), podium random access memory (SRAM), portable compact disc read-only memory (CD-ROM), digital Versatile Disk (DVD), memory stick, floppy disk, optical disk, magnetic disk, mechanical coding device, and any combination of the foregoing.
The computer program in this embodiment contains program code for executing the method shown in fig. 2 and 3, and the program code may include instructions corresponding to executing the steps of the method provided in the above embodiment. The computer program may be downloaded from a computer readable storage medium to the respective computing/processing device or to an external computer or external storage device via a network (e.g., the internet, a local area network, a wide area network, and/or a wireless network). The computer program may execute entirely on the user's computer and as a stand-alone software package.
In the embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
In addition, it is to be understood that relational terms such as first and second are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Claims (9)

1. A method for obtaining a cryptographic soft encryption mode key, applied to a payment system, the method comprising:
generating a merchant transmission key pair, wherein the merchant transmission key pair comprises a merchant private key and a merchant public key;
generating a merchant secret key file for offline transmission to a merchant terminal, wherein the merchant secret key file comprises a merchant secret key;
after receiving the work key application information sent by the merchant terminal, verifying a first signature in the work key application information by using the merchant public key;
if the first signature passes the verification, a working secret key MAK is generated;
encrypting the work key MAK through the merchant public key to generate a work key ciphertext;
and sending first information to the merchant terminal, wherein the first information comprises the working key ciphertext.
2. The method of claim 1, wherein the work key application information includes merchant number and key root information; the method further comprises the steps of:
if the first signature passes verification, a state query request for the key root information is sent to a merchant portal;
and if the state of the key root information returned by the merchant portal is received to be normal, executing the step of generating the working key MAK.
3. The method of claim 2, wherein prior to the generating the work key MAK, the method further comprises:
generating a merchant symmetric key;
the generating the work key MAK includes:
splicing the merchant number, the key root information and the merchant symmetric key to obtain a spliced character string;
hashing the spliced character string;
and performing exclusive or operation on the hash result to obtain the work key MAK.
4. The method for acquiring the cryptographic key of the national encryption soft encryption mode is characterized by being applied to a merchant terminal, and comprises the following steps:
reading and importing a merchant private key in a merchant private key file transmitted offline by a payment system;
generating work key application information, wherein the work key application information comprises a merchant number;
signing the work key application information through the merchant private key, generating a first signature, and sending the work key application information and the first signature to a payment system;
after receiving the first information sent by the payment system, decrypting the working key ciphertext in the first information to obtain a working key MAK.
5. The method of claim 5, wherein the work key application information further comprises key root information; before the generating the work key application information, the method further includes:
and obtaining key root information.
6. A cryptographic soft encryption mode key acquisition system for use in a payment system, comprising: generating a merchant transmission key pair, wherein the merchant transmission key pair comprises a merchant private key and a merchant public key;
the merchant transmission key pair generation module is used for generating a merchant key file for being transmitted to a merchant terminal in an off-line mode, wherein the merchant key file comprises a merchant private key;
the verification module is used for verifying the first signature in the work key application information by using the merchant public key after receiving the work key application information sent by the merchant terminal;
the working key generation module is used for generating a working key MAK if the first signature passes verification;
the encryption module is used for encrypting the work secret key MAK through the merchant public key to generate a work secret key ciphertext;
and the first information sending module is used for sending first information to the merchant terminal, wherein the first information comprises the working key ciphertext.
7. The system for acquiring the national encryption soft encryption mode key is characterized by being applied to a merchant terminal and comprising the following steps:
the reading module is used for reading and importing the merchant private key in the merchant private key file transmitted offline by the payment system;
the system comprises a working key application information generation module, a storage module and a storage module, wherein the working key application information generation module is used for generating working key application information, and the working key application information comprises a merchant number;
the signature module is used for signing the work key application information through the merchant private key, generating a first signature and sending the work key application information and the first signature to a payment system;
and the decryption module is used for decrypting the working key ciphertext in the first information after receiving the first information sent by the payment system to obtain the working key MAK.
8. An intelligent terminal, comprising a processor, wherein the processor is coupled with a memory;
the processor is configured to execute a computer program stored in the memory, to cause the intelligent terminal to perform the method according to any of claims 1-5.
9. A computer readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-5.
CN202310156943.2A 2023-02-23 2023-02-23 National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium Pending CN116188009A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310156943.2A CN116188009A (en) 2023-02-23 2023-02-23 National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310156943.2A CN116188009A (en) 2023-02-23 2023-02-23 National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium

Publications (1)

Publication Number Publication Date
CN116188009A true CN116188009A (en) 2023-05-30

Family

ID=86441950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310156943.2A Pending CN116188009A (en) 2023-02-23 2023-02-23 National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium

Country Status (1)

Country Link
CN (1) CN116188009A (en)

Similar Documents

Publication Publication Date Title
AU2021203184B2 (en) Transaction messaging
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
CN111080295B (en) Electronic contract processing method and device based on blockchain
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US11151290B2 (en) Tamper-resistant component networks
CN102123031A (en) Hardware attestation techniques
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
CN115276978A (en) Data processing method and related device
CN114499859A (en) Password verification method, device, equipment and storage medium
CN113688399A (en) Firmware digital signature protection method and device, computer equipment and storage medium
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN111628863A (en) Data signature method and device, electronic equipment and storage medium
WO2023284691A1 (en) Account opening method, system, and apparatus
CN110968878A (en) Information transmission method, system, electronic device and readable medium
CN112150151B (en) Secure payment method, apparatus, electronic device and storage medium
WO2022173373A1 (en) Secure module and method for app-to-app mutual trust through app-based identity
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN114584347A (en) Verification short message receiving and sending method, server, terminal and storage medium
CN116188009A (en) National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium
CN108242997A (en) The method and apparatus of secure communication
CN107070648A (en) A kind of cryptographic key protection method and PKI system
CN114024702A (en) Information security protection method and computing device
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key
CN112311534A (en) Method for generating asymmetric algorithm key pair
KR101677138B1 (en) Method of on-line/off-line electronic signature system for security of off-line token

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination