CN118233107A - Method, system and electronic equipment for safely downloading secret key by terminal - Google Patents
Method, system and electronic equipment for safely downloading secret key by terminal Download PDFInfo
- Publication number
- CN118233107A CN118233107A CN202410300954.8A CN202410300954A CN118233107A CN 118233107 A CN118233107 A CN 118233107A CN 202410300954 A CN202410300954 A CN 202410300954A CN 118233107 A CN118233107 A CN 118233107A
- Authority
- CN
- China
- Prior art keywords
- key
- point
- sale terminal
- distribution host
- key distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000002347 injection Methods 0.000 claims abstract description 64
- 239000007924 injection Substances 0.000 claims abstract description 64
- 238000012545 processing Methods 0.000 claims abstract description 21
- 230000005540 biological transmission Effects 0.000 claims description 27
- 238000012795 verification Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000002265 prevention Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The application discloses a method, a system and electronic equipment for safely downloading a secret key by a terminal, and relates to the technical field of information safety. The method comprises the following steps: signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data; controlling a sales point terminal to generate a first random number, and forming first data to be signed based on a first preset rule; carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value; determining a public key corresponding to the point-of-sale terminal, and setting the second random number as the first random number; controlling a key distribution host to generate second data to be signed and a second signature value; determining a key to be injected under the condition that the second random number is consistent with the first random number; and controlling the point-of-sale terminal to send the key injection result to the key distribution host, thereby fundamentally ensuring the security of key injection.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, a system, and an electronic device for securely downloading a key by a terminal.
Background
The bank card order receiving system needs to use a secret key to encrypt and protect account data and PIN codes of a cardholder, wherein the secret key management generally adopts a secret key management system of MK/SK or DUKPT. How the POS (Point Of Sale) Terminal Master Key (TMK) and DUKPT initial key (IPEK) are injected into the terminal has been a critical issue for a reservation system. The POS terminal secret key injecting method needs to ensure safety and convenient operation.
Conventionally, in order to secure security, keys have to be injected into the terminal device in a secure house through a dual-control input key assembly or through a physical connection using a parent POS. Therefore, before the terminal is used, the terminal needs to be transported to a security room of a management center for key injection, and because the space of the security room is small, pipelining operation cannot be performed, the key injection efficiency is low and the cost is high.
In order to solve the above problems, POS manufacturers propose some schemes, but the current schemes have some problems and cannot achieve the effect of safety and convenience, for example, the POS terminal encrypts the master key MK using the private key of the key downloader and downloads the master key MK into the terminal, and the POS terminal decrypts the TMK using the public key of the key downloader. The method cannot ensure that MK safety is not revealed, authenticity of the terminal is not verified, so that a forged POS terminal can acquire TMK, for example, a public-private key pair is generated through a KMS, a public key is sent to the POS terminal, the POS terminal randomly generates a transmission key TK, the transmission key TK is encrypted by the public key and sent to the KMS, and the KMS uses the TK to encrypt a master key TMK and sends the master key TMK to the POS terminal, so that encryption injection of TMK is realized. The method does not realize mutual authentication before the KMS and the POS terminal, and cannot fundamentally ensure the safety of key injection.
Disclosure of Invention
The application aims to provide a method, a system and electronic equipment for safely downloading a secret key by a terminal, so as to solve the problem that the safety of secret key injection cannot be fundamentally ensured.
In a first aspect, the present application provides a method for securely downloading a key by a terminal, applied to a system for securely downloading a key by a terminal, including a root issuing device, and a point-of-sale terminal and a key distribution host respectively connected to the root issuing device, the method comprising:
Signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data;
Controlling the key distribution host to send a key injection application request to the point-of-sale terminal;
responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule;
carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value;
Determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number;
controlling the key distribution host to generate second data to be signed and a second signature value;
Under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal;
and controlling the point-of-sale terminal to send a key injection result to the key distribution host.
Under the condition of adopting the technical scheme, the method for safely downloading the secret key by the terminal provided by the embodiment of the application is applied to a system for safely downloading the secret key by the terminal, comprising root issuing equipment, a point-of-sale terminal and a secret key distribution host, wherein the point-of-sale terminal and the secret key distribution host are respectively connected with the root issuing equipment, and the method comprises the following steps: signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data; controlling the key distribution host to send a key injection application request to the point-of-sale terminal; responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule; carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value; determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number; controlling the key distribution host to generate second data to be signed and a second signature value; under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal; the method for controlling the point-of-sale terminal to send the key injection result to the key distribution host provides a method for conveniently carrying out key injection without operating in a security room, and can be used for local key injection and remote key injection without limiting the communication mode between the key distribution host and the point-of-sale terminal. The method realizes the mutual authentication between the key distribution host and the point-of-sale terminal and the encryption injection of the key, ensures the confidentiality, the authenticity, the integrity and the replay prevention of the key injection process while ensuring convenience, thereby fundamentally ensuring the safety of the key injection. In one possible implementation manner, the determining, based on the first data to be signed and the first signature value, a public key corresponding to the point-of-sale terminal, and setting a second random number as the first random number includes:
transmitting the first data to be signed and the first signature value to the key distribution host;
Controlling the key distribution host to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value;
And under the condition that the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
In one possible implementation manner, the controlling the key distribution host to generate the second data to be signed and the second signature value includes:
Controlling the key distribution host to randomly generate a transmission key, and encrypting the transmission key by using a public key corresponding to the point-of-sale terminal to obtain a transmission key ciphertext;
encrypting a key to be injected by using the transmission key to obtain a ciphertext key;
Controlling the key distribution host to form second data to be signed based on a second preset rule;
carrying out signature processing on the second data to be signed through a private key corresponding to the key distribution host to obtain a second signature value;
And controlling the key distribution host to send the second data to be signed and the second signature value to the point-of-sale terminal.
In one possible implementation manner, the determining the key to be injected and saving the key to be injected to the secure storage area corresponding to the point-of-sale terminal when the second random number is consistent with the first random number includes:
controlling the point-of-sale terminal to verify key distribution host certificate data if the second random number is consistent with the first random number, and using the key distribution host certificate data to verify the second signature value;
and under the condition that the key distribution host certificate data and the second signature value pass verification, determining a key to be injected, and storing the key to be injected into a secure storage area corresponding to the point-of-sale terminal.
In one possible implementation manner, the determining the key to be injected and saving the key to be injected into the secure storage area corresponding to the point-of-sale terminal when the key distribution host certificate data and the second signature value are both verified, includes:
Under the condition that the key distribution host certificate data and the second signature value pass verification, controlling the point-of-sale terminal to decrypt the transmission key ciphertext through the private key of the point-of-sale terminal to obtain a transmission key;
decrypting the ciphertext key through the transmission key to obtain a key to be injected;
and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal.
In one possible implementation manner, after signing the public keys of the point-of-sale terminal and the key distribution host through the private key corresponding to the root issuing device, generating point-of-sale terminal certificate data and key distribution host certificate data, the method further includes:
Saving the point-of-sale terminal credential data in the point-of-sale terminal;
and storing the key distribution host certificate data in the key distribution host.
In one possible implementation manner, the signing processing is performed on public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing device, so as to generate point-of-sale terminal certificate data and key distribution host certificate data, including:
Signing public keys of the key distribution host secondary issuing device and the point-of-sale terminal secondary issuing device by using private keys corresponding to the root issuing device to generate key distribution host secondary issuing device certificate data and point-of-sale terminal secondary issuing device certificate data;
respectively storing the key distribution host secondary issuing equipment certificate data and the point-of-sale terminal secondary issuing equipment certificate data in the corresponding key distribution host secondary issuing equipment and point-of-sale terminal secondary issuing equipment;
Signing the public key of the key distribution host by the private key of the key distribution host secondary issuing device to generate key distribution host certificate data;
storing both the key distribution host certificate data and the key distribution host secondary issuing device certificate data in the key distribution host;
Signing the public key of the sales point terminal through the private key of the secondary point-of-sale terminal issuing equipment to generate point-of-sale terminal certificate data;
and storing the point-of-sale terminal certificate data and the point-of-sale terminal secondary issuing equipment certificate data in the point-of-sale terminal.
In one possible implementation manner, the determining, based on the first data to be signed and the first signature value, a public key corresponding to the point-of-sale terminal, and setting a second random number as the first random number includes:
transmitting the first data to be signed and the first signature value to the key distribution host;
Controlling the key distribution host to verify the point-of-sale terminal secondary issuing device certificate data, using the point-of-sale terminal secondary issuing device certificate data to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value;
And under the condition that the second-level issuing equipment certificate data of the point-of-sale terminal, the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
In a second aspect, the present application further provides a system for securely downloading a key by a terminal, for implementing the method for securely downloading a key by a terminal according to any one of the first aspect, where the system includes a root issuing device, and a point-of-sale terminal and a key distribution host, which are respectively connected to the root issuing device:
The root issuing device is used for signing public keys of the point-of-sale terminal and the key distribution host by a private key corresponding to the root issuing device to generate point-of-sale terminal certificate data and key distribution host certificate data;
the key distribution host is used for sending a key injection application request to the point-of-sale terminal
The point-of-sale terminal is used for responding to the key injection application request, generating a first random number by the point-of-sale terminal and forming first data to be signed based on a first preset rule;
The point-of-sale terminal is used for signing the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value;
The key distribution host is used for determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number;
the key distribution host is used for generating second signature data and a second value to be signed;
The point-of-sale terminal is used for determining a key to be injected under the condition that the second random number is consistent with the first random number, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal;
the point-of-sale terminal is used for sending a key injection result to the key distribution host.
The advantages of the system for securely downloading a key by a terminal provided in the second aspect are the same as those of the method for securely downloading a key by a terminal described in the first aspect or any possible implementation manner of the first aspect, and are not described herein.
In a third aspect, the present application also provides an electronic device, including: one or more processors; and one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method for secure downloading of keys for a terminal described by any possible implementation of the first aspect.
The advantages of the electronic device provided by the third aspect are the same as those of the method for securely downloading the key by the terminal described in the first aspect or any possible implementation manner of the first aspect, and are not described herein.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
Fig. 1 is a schematic flow chart of a method for securely downloading a key by a terminal according to an embodiment of the present application;
Fig. 2 is a flow chart of another method for securely downloading a key by a terminal according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of generating point-of-sale terminal certificate data and key distribution host certificate data according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a system for securely downloading a key by a terminal according to an embodiment of the present application;
Fig. 5 is a schematic hardware structure of an electronic device according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of a chip according to an embodiment of the present application.
Detailed Description
In order to clearly describe the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first threshold and the second threshold are merely for distinguishing between different thresholds, and are not limited in order. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In the present application, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, a and b, a and c, b and c, or a, b and c, wherein a, b, c can be single or multiple.
Fig. 1 shows a flowchart of a method for securely downloading a key by a terminal according to an embodiment of the present application, which is applied to a system for securely downloading a key by a terminal, including a root issuing device, a point-of-sale terminal and a key distribution host, which are respectively connected to the root issuing device, as shown in fig. 1, and the method includes:
Step 101: and signing public keys of the point-of-sale terminal and the key distribution host by using private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data.
Step 102: and controlling the key distribution host to send a key injection application request to the point-of-sale terminal.
Step 103: and responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule.
Step 104: and carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value.
Step 105: and determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number.
Step 106: and controlling the key distribution host to generate second data to be signed and a second signature value.
Step 107: and under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a secure storage area corresponding to the point-of-sale terminal.
Step 108: and controlling the point-of-sale terminal to send a key injection result to the key distribution host.
In summary, the method for securely downloading the key by the terminal provided by the embodiment of the present application is applied to a system for securely downloading the key by the terminal, including a root issuing device, a point-of-sale terminal and a key distribution host, which are respectively connected with the root issuing device, and the method includes: signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data; controlling the key distribution host to send a key injection application request to the point-of-sale terminal; responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule; carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value; determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number; controlling the key distribution host to generate second data to be signed and a second signature value; under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal; the method for controlling the point-of-sale terminal to send the key injection result to the key distribution host provides a method for conveniently carrying out key injection without operating in a security room, and can be used for local key injection and remote key injection without limiting the communication mode between the key distribution host and the point-of-sale terminal. The method realizes the mutual authentication between the key distribution host and the point-of-sale terminal and the encryption injection of the key, ensures the confidentiality, the authenticity, the integrity and the replay prevention of the key injection process while ensuring convenience, thereby fundamentally ensuring the safety of the key injection.
Fig. 2 shows a flowchart of another method for securely downloading a key by a terminal according to an embodiment of the present application, which is applied to a system for securely downloading a key by a terminal, including a root issuing device, and a point-of-sale terminal and a key distribution host respectively connected to the root issuing device, as shown in fig. 2, and includes:
Step 201: and signing public keys of the point-of-sale terminal and the key distribution host by using private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data.
The embodiment of the application can sign public keys of the point-of-sale terminal (POS) and the Key Distribution Host (KDH) through private keys corresponding to the root issuing equipment (RootCA) to generate point-of-sale terminal certificate data and key distribution host certificate data.
Optionally, fig. 3 is a schematic flow chart of generating point-of-sale terminal certificate data and key distribution host certificate data according to an embodiment of the present application, and as shown in fig. 3, a process of generating point-of-sale terminal certificate data and key distribution host certificate data includes the following steps:
step 301: and signing public keys of the key distribution host secondary issuing device and the point-of-sale terminal secondary issuing device by using a private key corresponding to the root issuing device to generate key distribution host secondary issuing device certificate data and point-of-sale terminal secondary issuing device certificate data.
Step 302: and respectively storing the certificate data of the key distribution host secondary issuing device and the certificate data of the point-of-sale terminal secondary issuing device in the corresponding key distribution host secondary issuing device and point-of-sale terminal secondary issuing device.
Step 303: and signing the public key of the key distribution host by the private key of the key distribution host secondary issuing device to generate key distribution host certificate data.
Step 304: and storing the key distribution host certificate data and the key distribution host secondary issuing device certificate data in the key distribution host.
Step 305: and signing the public key of the sales point terminal through the private key of the secondary point terminal issuing device to generate point-of-sale terminal certificate data.
Step 306: and storing the point-of-sale terminal certificate data and the point-of-sale terminal secondary issuing equipment certificate data in the point-of-sale terminal.
Step 202: the point-of-sale terminal certificate data is saved in the point-of-sale terminal.
Step 203: and storing the key distribution host certificate data in the key distribution host.
Step 204: and controlling the key distribution host to send a key injection application request to the point-of-sale terminal.
Step 205: and responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule.
In the present application, the specific number of bytes of the first random number is not particularly limited, and may be 8 bytes, or may be other bytes, and may be set according to a specific application scenario.
Optionally, the first preset certificate data composition rule may include: the point-of-sale terminal certificate data+r1 (first random number) +sn (unique serial number of POS terminal) + SubCA _pos (point-of-sale terminal secondary issuing device certificate data), which is not particularly limited in the embodiment of the present application, can be specifically adjusted and set according to the actual application scenario.
Step 206: and carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value.
Wherein signing a piece of data (here the public key of the signer) can be understood as: firstly, the data is operated to obtain the abstract value of the data, then the private key of the signer is used for operating the abstract to obtain the signature value, and the signature value and the original data are put together to form signed data.
Step 207: and determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number.
In the present application, the specific implementation procedure of the step 207 may include:
Substep A1: and sending the first data to be signed and the first signature value to the key distribution host.
Substep A2: controlling the key distribution host to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value.
Substep A3: and under the condition that the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
In the present application, the specific implementation process of the step 207 may further include:
Substep S1: and sending the first data to be signed and the first signature value to the key distribution host.
Substep S2: and controlling the key distribution host to verify the second-stage issuing equipment certificate data of the point-of-sale terminal, using the second-stage issuing equipment certificate data of the point-of-sale terminal to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value.
Substep S3: and under the condition that the second-level issuing equipment certificate data of the point-of-sale terminal, the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
Step 208: and controlling the key distribution host to generate second data to be signed and a second signature value.
In the present application, the specific implementation procedure of the step 208 may include:
substep B1: and controlling the key distribution host to randomly generate a transmission key, and encrypting the transmission key by using a public key corresponding to the point-of-sale terminal to obtain a transmission key ciphertext.
Substep B2: and encrypting the key to be injected by using the transmission key to obtain a ciphertext key.
Substep B3: and controlling the key distribution host to form second data to be signed based on a second preset rule.
Wherein, the second preset certificate data composition rule may include: the key distribution host certificate data+r2 (second random number) + cTK (transmission ciphertext key) + cKey (ciphertext key) +optional data IKSN + key distribution host secondary issuing device certificate data, which is not particularly limited in the embodiment of the present application, may be specifically set according to the actual application scenario.
Substep B4: and carrying out signature processing on the second data to be signed through a private key corresponding to the key distribution host to obtain a second signature value.
Substep B5: and controlling the key distribution host to send the second signature value and the second data to be signed to the point-of-sale terminal.
Step 209: and under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a secure storage area corresponding to the point-of-sale terminal.
In the present application, the specific implementation procedure of step 209 may include:
substep C1: controlling the point-of-sale terminal to verify key distribution host certificate data if the second random number is consistent with the first random number, and using the key distribution host certificate data to verify the second signature value;
Substep C2: and under the condition that the key distribution host certificate data and the second signature value pass verification, determining a key to be injected, and storing the key to be injected into a secure storage area corresponding to the point-of-sale terminal.
In the present application, the implementation of the above sub-step C2 may include the following sub-steps:
Substep C21: and under the condition that the key distribution host certificate data and the second signature value pass verification, controlling the point-of-sale terminal to decrypt the transmission key ciphertext through the private key of the point-of-sale terminal to obtain a transmission key.
Substep C22: and decrypting the ciphertext key through the transmission key to obtain a key to be injected.
Substep C23: and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal.
In the present application, the specific implementation procedure of step 209 may include:
substep C24: and under the condition that the second random number is consistent with the first random number, controlling the point-of-sale terminal to verify the second-level issuing equipment certificate data of the key distribution host, using the second-level issuing equipment certificate data of the key distribution host to verify the second-level issuing equipment certificate data of the key distribution host, and using the second-signature value to verify the second-level signature value.
Substep C25: and under the condition that the second-level issuing equipment certificate data of the key distribution host, the key distribution host certificate data and the second signature value pass verification, controlling the point-of-sale terminal to decrypt the transmission key ciphertext through the private key of the point-of-sale terminal to obtain a transmission key.
Substep C26: and decrypting the ciphertext key through the transmission key to obtain a key to be injected.
Substep C27: and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal.
Step 210: and controlling the point-of-sale terminal to send a key injection result to the key distribution host.
In the present application, the communication modes between the key distribution host and the point-of-sale terminal may be various, including local connection modes such as USB and serial port, and remote modes such as network communication.
In summary, the method for securely downloading the key by the terminal provided by the embodiment of the present application is applied to a system for securely downloading the key by the terminal, including a root issuing device, a point-of-sale terminal and a key distribution host, which are respectively connected with the root issuing device, and the method includes: signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data; controlling the key distribution host to send a key injection application request to the point-of-sale terminal; responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule; carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value; determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number; controlling the key distribution host to generate second data to be signed and a second signature value; under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal; the method for controlling the point-of-sale terminal to send the key injection result to the key distribution host provides a method for conveniently carrying out key injection without operating in a security room, and can be used for local key injection and remote key injection without limiting the communication mode between the key distribution host and the point-of-sale terminal. The method realizes the mutual authentication between the key distribution host and the point-of-sale terminal and the encryption injection of the key, ensures the confidentiality, the authenticity, the integrity and the replay prevention of the key injection process while ensuring convenience, thereby fundamentally ensuring the safety of the key injection.
Fig. 4 is a schematic structural diagram of a system for securely downloading a key by a terminal according to an embodiment of the present application, and as shown in fig. 4, the system 400 for securely downloading a key by a terminal includes:
A root issuing device 401, a point-of-sale terminal 402 and a key distribution host 403 respectively connected to the root issuing device 401:
The root issuing device 401 is configured to sign public keys of the point-of-sale terminal and the key distribution host by using a private key corresponding to the root issuing device, so as to generate point-of-sale terminal certificate data and key distribution host certificate data;
the key distribution host 403 is configured to send a key injection request to the point-of-sale terminal
The point-of-sale terminal 402 is configured to generate a first random number in response to the key injection application request, and compose first data to be signed based on a first preset rule;
The key distribution host 403 is configured to perform signature processing on the first data to be signed by using a private key corresponding to the point-of-sale terminal to obtain a first signature value;
The key distribution host 403 is configured to determine a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and set a second random number as the first random number;
The key distribution host 403 is configured to generate second data to be signed and a second signature value;
The point-of-sale terminal 402 is configured to determine a key to be injected and store the key to be injected in a secure storage area corresponding to the point-of-sale terminal, where the second random number is consistent with the first random number;
the point-of-sale terminal 402 is configured to send a key injection result to the key distribution host.
In summary, in the system for securely downloading a key by a terminal provided by the embodiment of the present application, the system includes a root issuing device, and a point-of-sale terminal and a key distribution host, which are respectively connected with the root issuing device, for securely downloading a key by a terminal, signature processing is performed on public keys of the point-of-sale terminal and the key distribution host by using private keys corresponding to the root issuing device, so as to generate point-of-sale terminal certificate data and key distribution host certificate data; controlling the key distribution host to send a key injection application request to the point-of-sale terminal; responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule; carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value; determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number; controlling the key distribution host to generate second data to be signed and a second signature value; under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal; the method for controlling the point-of-sale terminal to send the key injection result to the key distribution host provides a method for conveniently carrying out key injection without operating in a security room, and can be used for local key injection and remote key injection without limiting the communication mode between the key distribution host and the point-of-sale terminal. The method realizes the mutual authentication between the key distribution host and the point-of-sale terminal and the encryption injection of the key, ensures the confidentiality, the authenticity, the integrity and the replay prevention of the key injection process while ensuring convenience, thereby fundamentally ensuring the safety of the key injection.
The system for securely downloading the key by the terminal provided by the application can realize the method for securely downloading the key by the terminal as shown in any one of fig. 1 to 3, and is not repeated here.
The electronic device in the embodiment of the application can be a device, a component in a terminal, an integrated circuit, or a chip. The device may be a mobile electronic device or a non-mobile electronic device. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), etc., and the non-mobile electronic device may be a server, a network attached storage (Network ATTached Storage, NAS), a personal computer (personal computer, PC), a Television (TV), a teller machine, a self-service machine, etc., and the embodiments of the present application are not limited in particular.
The electronic device in the embodiment of the application can be a device with an operating system. The operating system may be an Android operating system, an ios operating system, or other possible operating systems, and the embodiment of the present application is not limited specifically.
Fig. 5 shows a schematic hardware structure of an electronic device according to an embodiment of the present application. As shown in fig. 5, the electronic device 500 includes a processor 510.
As shown in FIG. 5, the processor 510 may be a general purpose central processing unit (central processing unit, CPU), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present application.
As shown in fig. 5, the electronic device 500 may further include a communication line 540. Communication line 540 may include a pathway to transfer information between the aforementioned components.
Optionally, as shown in fig. 5, the electronic device may further include a communication interface 520. The communication interface 520 may be one or more. Communication interface 520 may use any transceiver-like device for communicating with other devices or communication networks.
Optionally, as shown in fig. 5, the electronic device may further comprise a memory 530. The memory 530 is used to store computer-executable instructions for performing aspects of the present application and is controlled by the processor for execution. The processor is configured to execute computer-executable instructions stored in the memory, thereby implementing the method provided by the embodiment of the application.
As shown in fig. 5, the memory 530 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable read-only memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 530 may be separate and coupled to processor 510 via communication line 540. Memory 530 may also be integrated with processor 510.
Alternatively, the computer-executable instructions in the embodiments of the present application may be referred to as application program codes, which are not particularly limited in the embodiments of the present application.
In a particular implementation, as one embodiment, as shown in FIG. 5, processor 510 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 5.
In a specific implementation, as an embodiment, as shown in fig. 5, the terminal device may include a plurality of processors, such as the processors in fig. 5. Each of these processors may be a single-core processor or a multi-core processor.
Fig. 6 is a schematic structural diagram of a chip according to an embodiment of the present application. As shown in fig. 6, the chip 600 includes one or more (including two) processors 510.
Optionally, as shown in fig. 6, the chip further includes a communication interface 520 and a memory 530, and the memory 530 may include a read-only memory and a random access memory, and provides operation instructions and data to the processor. A portion of the memory may also include non-volatile random access memory (non-volatile random access memory, NVRAM).
In some embodiments, as shown in FIG. 6, memory 530 stores elements, execution modules or data structures, or a subset thereof, or an extended set thereof.
In the embodiment of the present application, as shown in fig. 6, by calling the operation instruction stored in the memory (the operation instruction may be stored in the operating system), the corresponding operation is performed.
As shown in fig. 6, the processor 510 controls the processing operations of any of the terminal devices, and the processor 510 may also be referred to as a central processing unit (centralprocessing unit, CPU).
As shown in fig. 6, memory 530 may include read only memory and random access memory, and provides instructions and data to the processor. A portion of the memory 530 may also include NVRAM. Such as a memory, a communication interface, and a memory coupled together by a bus system that may include a power bus, a control bus, a status signal bus, etc., in addition to a data bus. But for clarity of illustration, the various buses are labeled as bus system 640 in fig. 6.
As shown in fig. 6, the method disclosed in the above embodiment of the present application may be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general purpose processor, a digital signal processor (DIGITAL SIGNAL processing, DSP), an ASIC, a field-programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
In one aspect, a computer readable storage medium is provided, in which instructions are stored, which when executed, implement the functions performed by the terminal device in the above embodiments.
In one aspect, a chip for use in a terminal device is provided, the chip comprising at least one processor and a communication interface, the communication interface being coupled to the at least one processor, the processor being configured to execute instructions to implement the functions performed by the method for securely downloading keys for a terminal in the above-described embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a terminal, a user equipment, or other programmable apparatus. The computer program or instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer program or instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired or wireless means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that integrates one or more available media. The usable medium may be a magnetic medium, e.g., floppy disk, hard disk, tape; but also optical media such as digital video discs (digital video disc, DVD); but also semiconductor media such as Solid State Drives (SSDs) STATE DRIVE.
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A method for secure terminal downloading of keys, characterized in that it is applied in a system for secure terminal downloading of keys comprising a root issuing device, and a point-of-sale terminal and a key distribution host respectively connected to said root issuing device, said method comprising:
Signing public keys of the point-of-sale terminal and the key distribution host through private keys corresponding to the root issuing equipment to generate point-of-sale terminal certificate data and key distribution host certificate data;
Controlling the key distribution host to send a key injection application request to the point-of-sale terminal;
responding to the key injection application request, controlling the point-of-sale terminal to generate a first random number, and forming first data to be signed based on a first preset rule;
carrying out signature processing on the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value;
Determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number;
controlling the key distribution host to generate second data to be signed and a second signature value;
Under the condition that the second random number is consistent with the first random number, determining a key to be injected, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal;
and controlling the point-of-sale terminal to send a key injection result to the key distribution host.
2. The method of claim 1, wherein the determining the public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value and setting a second random number as the first random number comprises:
transmitting the first data to be signed and the first signature value to the key distribution host;
Controlling the key distribution host to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value;
And under the condition that the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
3. The method of claim 1, wherein the controlling the key distribution host to generate the second data to be signed and the second signature value comprises:
Controlling the key distribution host to randomly generate a transmission key, and encrypting the transmission key by using a public key corresponding to the point-of-sale terminal to obtain a transmission key ciphertext;
encrypting a key to be injected by using the transmission key to obtain a ciphertext key;
Controlling the key distribution host to form second data to be signed based on a second preset rule;
carrying out signature processing on the second data to be signed through a private key corresponding to the key distribution host to obtain a second signature value;
and controlling the key distribution host to send the second signature value and the second data to be signed to the point-of-sale terminal.
4. The method of claim 1, wherein the determining the public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value and setting a second random number as the first random number comprises:
transmitting the first data to be signed and the first signature value to the key distribution host;
Controlling the key distribution host to verify the point-of-sale terminal secondary issuing device certificate data, using the point-of-sale terminal secondary issuing device certificate data to verify the point-of-sale terminal certificate data, and using the point-of-sale terminal certificate data to verify the first signature value;
And under the condition that the second-level issuing equipment certificate data of the point-of-sale terminal, the point-of-sale terminal certificate data and the first signature value pass verification, extracting a public key corresponding to the point-of-sale terminal from the point-of-sale terminal certificate data, and setting a second random number as the first random number.
5. A method according to claim 3, wherein, in the case that the second random number and the first random number are identical, determining a key to be injected and saving the key to be injected into a secure storage area corresponding to the point-of-sale terminal comprises:
controlling the point-of-sale terminal to verify key distribution host certificate data if the second random number is consistent with the first random number, and using the key distribution host certificate data to verify the second signature value;
and under the condition that the key distribution host certificate data and the second signature value pass verification, determining a key to be injected, and storing the key to be injected into a secure storage area corresponding to the point-of-sale terminal.
6. The method according to claim 5, wherein determining the key to be injected and saving the key to be injected into the secure storage area corresponding to the point-of-sale terminal if the key distribution host certificate data and the second signature value are both verified, comprises:
Under the condition that the key distribution host certificate data and the second signature value pass verification, controlling the point-of-sale terminal to decrypt the transmission key ciphertext through the private key of the point-of-sale terminal to obtain a transmission key;
decrypting the ciphertext key through the transmission key to obtain a key to be injected;
and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal.
7. The method of claim 1, further comprising, after the signing of the public keys of the point-of-sale terminal and the key distribution host by the private key corresponding to the root issuing device, generating point-of-sale terminal certificate data and key distribution host certificate data:
Saving the point-of-sale terminal credential data in the point-of-sale terminal;
and storing the key distribution host certificate data in the key distribution host.
8. The method according to claim 1, wherein signing public keys of the point-of-sale terminal and the key distribution host by the private key corresponding to the root issuing device generates point-of-sale terminal certificate data and key distribution host certificate data, comprising:
Signing public keys of the key distribution host secondary issuing device and the point-of-sale terminal secondary issuing device by using private keys corresponding to the root issuing device to generate key distribution host secondary issuing device certificate data and point-of-sale terminal secondary issuing device certificate data;
respectively storing the key distribution host secondary issuing equipment certificate data and the point-of-sale terminal secondary issuing equipment certificate data in the corresponding key distribution host secondary issuing equipment and point-of-sale terminal secondary issuing equipment;
Signing the public key of the key distribution host by the private key of the key distribution host secondary issuing device to generate key distribution host certificate data;
storing both the key distribution host certificate data and the key distribution host secondary issuing device certificate data in the key distribution host;
Signing the public key of the sales point terminal through the private key of the secondary point-of-sale terminal issuing equipment to generate point-of-sale terminal certificate data;
and storing the point-of-sale terminal certificate data and the point-of-sale terminal secondary issuing equipment certificate data in the point-of-sale terminal.
9. A system for secure downloading of keys by a terminal, characterized in that it is adapted to implement the method for secure downloading of keys by a terminal according to any one of claims 1 to 8, said system comprising a root issuing device, and a point-of-sale terminal and a key distribution host, respectively connected to said root issuing device:
The root issuing device is used for signing public keys of the point-of-sale terminal and the key distribution host by a private key corresponding to the root issuing device to generate point-of-sale terminal certificate data and key distribution host certificate data;
the key distribution host is used for sending a key injection application request to the point-of-sale terminal
The point-of-sale terminal is used for responding to the key injection application request, generating a first random number by the point-of-sale terminal and forming first data to be signed based on a first preset rule;
The point-of-sale terminal is used for signing the first data to be signed through a private key corresponding to the point-of-sale terminal to obtain a first signature value;
The key distribution host is used for determining a public key corresponding to the point-of-sale terminal based on the first data to be signed and the first signature value, and setting a second random number as the first random number;
The key distribution host is used for generating second data to be signed and a second signature value;
The point-of-sale terminal is used for determining a key to be injected under the condition that the second random number is consistent with the first random number, and storing the key to be injected into a safe storage area corresponding to the point-of-sale terminal;
the point-of-sale terminal is used for sending a key injection result to the key distribution host.
10. An electronic device, comprising: one or more processors; and one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause performance of the method for secure downloading of keys for a terminal of any of claims 1-8.
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118233107A true CN118233107A (en) | 2024-06-21 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021203184B2 (en) | Transaction messaging | |
| US20170255936A1 (en) | Securing Personal Identification Numbers For Mobile Payment Applications By Combining With Random Components | |
| US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
| CN100487715C (en) | Date safety storing system, device and method | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| KR101954863B1 (en) | Online wallet apparatus, and method for generating and verifying online wallet | |
| US20200358613A1 (en) | Improvements in and relating to remote authentication devices | |
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| KR20100096090A (en) | Mobile smartcard based authentication | |
| CN107403109A (en) | Encryption method and encryption system | |
| CN102346716B (en) | Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device | |
| US11216571B2 (en) | Credentialed encryption | |
| CN118233107A (en) | Method, system and electronic equipment for safely downloading secret key by terminal | |
| CN111639353A (en) | Data management method and device, embedded equipment and storage medium | |
| CN105989489B (en) | A kind of method and payment terminal of IC card networking certification | |
| CN113379418B (en) | Information verification method, device, medium and program product based on security plug-in | |
| KR102547682B1 (en) | Server for supporting user identification using physically unclonable function based onetime password and operating method thereof | |
| CN115361140A (en) | Method and device for verifying security chip key | |
| CN115734215A (en) | Key retrieving method, server and identification card | |
| CN115643012A (en) | Evidence obtaining method and system based on block chain | |
| CN117251876A (en) | Component authorization verification method and system of embedded controller | |
| CN117454361A (en) | Key management method and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |