WO2014139341A8 - 密钥管理方法及系统 - Google Patents
密钥管理方法及系统 Download PDFInfo
- Publication number
- WO2014139341A8 WO2014139341A8 PCT/CN2014/071231 CN2014071231W WO2014139341A8 WO 2014139341 A8 WO2014139341 A8 WO 2014139341A8 CN 2014071231 W CN2014071231 W CN 2014071231W WO 2014139341 A8 WO2014139341 A8 WO 2014139341A8
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- pos terminal
- encrypted
- ensuring
- security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开一种密钥管理方法及系统,远程下载主密钥,避免POS终端需要集中下载主密钥后才能布放到商户,减少物流成本和维护成本。远程下载密钥时,KMS系统使用对称算法加密需要传输的密钥,保证只有对应POS终端才能解密加密后的密钥,保证数据传输的高全性。在双向认证的时候,POS终端的应用程序并不能够接触到需要远程下装到POS终端中的明文密钥,只能接触到该密钥的密文形式,从而确保了安全转载。此过程中使用到传输加密密钥和认证密钥,由POS终端产生,通过非对称算法和对称算法方式密文传输到KMS系统中,解密过程均在硬件加密机中进行,保证密钥安全性。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/775,633 US9705672B2 (en) | 2013-03-15 | 2014-01-23 | Key management method and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310084653.8 | 2013-03-15 | ||
CN2013100846538A CN103237005A (zh) | 2013-03-15 | 2013-03-15 | 密钥管理方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2014139341A1 WO2014139341A1 (zh) | 2014-09-18 |
WO2014139341A8 true WO2014139341A8 (zh) | 2015-10-29 |
Family
ID=48885022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/071231 WO2014139341A1 (zh) | 2013-03-13 | 2014-01-23 | 密钥管理方法及系统 |
Country Status (3)
Country | Link |
---|---|
US (1) | US9705672B2 (zh) |
CN (2) | CN103237005A (zh) |
WO (1) | WO2014139341A1 (zh) |
Families Citing this family (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103237005A (zh) | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | 密钥管理方法及系统 |
CN103716154B (zh) * | 2013-03-15 | 2017-08-01 | 福建联迪商用设备有限公司 | 一种终端主密钥tmk安全下载方法及系统 |
CN103578209B (zh) * | 2013-09-25 | 2017-09-01 | 东芝泰格有限公司 | 远程控制方法、远程控制装置及系统 |
CN104639516B (zh) * | 2013-11-13 | 2018-02-06 | 华为技术有限公司 | 身份认证方法、设备及系统 |
CN104253692B (zh) * | 2014-01-21 | 2018-03-23 | 北京印天网真科技有限公司 | 基于se的密钥管理方法和装置 |
CN104954123A (zh) * | 2014-03-28 | 2015-09-30 | 中国银联股份有限公司 | 智能pos终端主密钥更新系统及更新方法 |
CA3172817A1 (en) | 2014-05-26 | 2015-11-26 | The Toronto-Dominion Bank | On-boarding server for authorizing an entity to effect electronic payments |
CN106302316A (zh) * | 2015-05-15 | 2017-01-04 | 中兴通讯股份有限公司 | 密码管理方法及装置、系统 |
JP6023853B1 (ja) * | 2015-05-29 | 2016-11-09 | 日本電信電話株式会社 | 認証装置、認証システム、認証方法、およびプログラム |
EP3119031A1 (en) * | 2015-07-16 | 2017-01-18 | ABB Schweiz AG | Encryption scheme using multiple parties |
CN105184121A (zh) * | 2015-09-02 | 2015-12-23 | 上海繁易电子科技有限公司 | 一种通过远程服务器的硬件授权系统和方法 |
CN106559218A (zh) * | 2015-09-29 | 2017-04-05 | 中国电力科学研究院 | 一种智能变电站计量数据的安全采集方法 |
CN105260884A (zh) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | Pos机密钥分发方法及装置 |
CN105681032B (zh) | 2016-01-08 | 2017-09-12 | 腾讯科技(深圳)有限公司 | 密钥存储方法、密钥管理方法及装置 |
CN105743654A (zh) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | 一种pos机密钥远程下载的服务系统以及密钥下载方法 |
WO2017166111A1 (zh) * | 2016-03-30 | 2017-10-05 | 李昕光 | 密钥管理系统 |
CN105978856B (zh) * | 2016-04-18 | 2019-01-25 | 随行付支付有限公司 | 一种pos机密钥下载方法、装置及系统 |
CN106097608B (zh) * | 2016-06-06 | 2018-07-27 | 福建联迪商用设备有限公司 | 远程密钥下载方法及系统、收单机构和目标pos终端 |
CN106209916A (zh) * | 2016-08-31 | 2016-12-07 | 南京普瑶电子科技有限公司 | 工业自动化生产业务数据传输加解密方法及系统 |
CN106789018B (zh) * | 2016-12-20 | 2019-10-08 | 百富计算机技术(深圳)有限公司 | 密钥远程获取方法和装置 |
WO2018165920A1 (zh) * | 2017-03-15 | 2018-09-20 | 深圳大趋智能科技有限公司 | Pos机安全验证方法及装置 |
CN107104795B (zh) * | 2017-04-25 | 2020-09-04 | 上海汇尔通信息技术有限公司 | Rsa密钥对和证书的注入方法、架构及系统 |
CN107888379A (zh) * | 2017-10-25 | 2018-04-06 | 百富计算机技术(深圳)有限公司 | 一种安全连接的方法、pos终端及密码键盘 |
CN107733647A (zh) * | 2017-12-08 | 2018-02-23 | 前海联大(深圳)技术有限公司 | 一种基于pki安全体系的密钥更新方法 |
CN108235798A (zh) * | 2017-12-27 | 2018-06-29 | 福建联迪商用设备有限公司 | 一种公私钥对获取方法、系统和pos终端 |
CN108323231B (zh) * | 2018-02-06 | 2021-04-06 | 福建联迪商用设备有限公司 | 一种传输密钥的方法、接收终端和分发终端 |
WO2019153110A1 (zh) * | 2018-02-06 | 2019-08-15 | 福建联迪商用设备有限公司 | 一种传输密钥的方法、接收终端和分发终端 |
CN109335906B (zh) * | 2018-08-01 | 2020-09-11 | 苏州汇川技术有限公司 | 校验方法、电梯控制设备以及电梯外围设备 |
CN109347625B (zh) * | 2018-08-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | 密码运算、创建工作密钥的方法、密码服务平台及设备 |
CN109067528B (zh) * | 2018-08-31 | 2020-05-12 | 阿里巴巴集团控股有限公司 | 密码运算、创建工作密钥的方法、密码服务平台及设备 |
CN109274500B (zh) * | 2018-10-15 | 2020-06-02 | 百富计算机技术(深圳)有限公司 | 一种密钥下载方法、客户端、密码设备及终端设备 |
CN109450899B (zh) * | 2018-11-09 | 2021-11-02 | 南京医渡云医学技术有限公司 | 密钥管理方法及装置、电子设备、存储介质 |
CN109286501B (zh) * | 2018-11-13 | 2021-07-13 | 北京深思数盾科技股份有限公司 | 用于加密机的认证方法以及加密机 |
WO2020133068A1 (zh) * | 2018-12-27 | 2020-07-02 | 福建联迪商用设备有限公司 | 一种传递密钥的方法、终端及系统 |
CN111627174A (zh) * | 2019-02-28 | 2020-09-04 | 南京摩铂汇信息技术有限公司 | 蓝牙pos设备及支付系统 |
CN110061848B (zh) * | 2019-04-17 | 2021-09-14 | 飞天诚信科技股份有限公司 | 一种安全导入支付终端密钥的方法、支付终端及系统 |
CN110430052B (zh) * | 2019-08-05 | 2023-01-31 | 中国工商银行股份有限公司 | 一种pos密钥在线灌装的方法及装置 |
CN112532567A (zh) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | 一种交易加密方法和posp系统 |
CN110867018B (zh) * | 2019-11-28 | 2020-11-27 | 福建新大陆支付技术有限公司 | 一种在Android智能平台收银机上实现安全PIN输入的系统和方法 |
CN111177803B (zh) * | 2020-01-06 | 2023-02-21 | 深圳市亿道信息股份有限公司 | 一种基于sn序列的设备信息管理方法及系统 |
CN111953675B (zh) * | 2020-08-10 | 2022-10-25 | 四川阵风科技有限公司 | 一种基于硬件设备的密钥管理方法 |
CN112134711B (zh) * | 2020-09-24 | 2021-05-07 | 深圳市捷诚技术服务有限公司 | Apk签名信息的安全验证方法、装置以及pos机 |
CN112491879A (zh) * | 2020-11-26 | 2021-03-12 | 中电金融设备系统(深圳)有限公司 | 固件远程更新的方法、计算机设备及存储介质 |
CN114024724B (zh) * | 2021-10-25 | 2023-06-13 | 四川启睿克科技有限公司 | 一种基于物联网的对称密钥动态生成方法 |
CN114039728A (zh) * | 2021-12-24 | 2022-02-11 | 中电长城(长沙)信息技术有限公司 | 一种报文加解密方法及其系统 |
CN116032514B (zh) * | 2022-03-08 | 2024-05-24 | 海南伍尔索普电子商务有限公司 | 一种分布式高并发数据安全加解密的方法 |
CN116886317B (zh) * | 2023-09-07 | 2023-11-07 | 飞天诚信科技股份有限公司 | 一种服务器和终端设备之间分发密钥的方法、系统及设备 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8117125B1 (en) * | 1999-06-11 | 2012-02-14 | Citicorp Developement Center, Inc. | Method and system for controlling certificate based open payment transactions |
JP4408601B2 (ja) * | 2001-12-27 | 2010-02-03 | 富士通株式会社 | 情報再生装置およびセキュアモジュール |
US6961852B2 (en) * | 2003-06-19 | 2005-11-01 | International Business Machines Corporation | System and method for authenticating software using hidden intermediate keys |
US7603557B2 (en) * | 2004-04-15 | 2009-10-13 | Panasonic Corporation | Communication device, communication system and authentication method |
JP2006014035A (ja) * | 2004-06-28 | 2006-01-12 | Toshiba Corp | 記憶媒体処理方法、記憶媒体処理装置及びプログラム |
KR100722683B1 (ko) * | 2005-07-22 | 2007-05-29 | 주식회사 하이스마텍 | 키 공유를 위한 키 변환 방법 및 그 장치 |
EP1833009B1 (en) * | 2006-03-09 | 2019-05-08 | First Data Corporation | Secure transaction computer network |
US8209744B2 (en) * | 2008-05-16 | 2012-06-26 | Microsoft Corporation | Mobile device assisted secure computer network communication |
CN101930644B (zh) * | 2009-06-25 | 2014-04-16 | 中国银联股份有限公司 | 一种银行卡支付系统中主密钥安全自动下载的方法及其系统 |
CN101656007B (zh) * | 2009-08-14 | 2011-02-16 | 通联支付网络服务股份有限公司 | 一种在pos机上实现一机多密的安全系统及方法 |
JP5948680B2 (ja) * | 2011-09-13 | 2016-07-06 | パナソニックIpマネジメント株式会社 | コンテンツ再生システム、情報処理端末、メディアサーバ、セキュアデバイスおよびサーバ・セキュアデバイス |
CN103237005A (zh) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | 密钥管理方法及系统 |
-
2013
- 2013-03-15 CN CN2013100846538A patent/CN103237005A/zh not_active Withdrawn
- 2013-12-27 CN CN201310743067.XA patent/CN103716168B/zh active Active
-
2014
- 2014-01-23 US US14/775,633 patent/US9705672B2/en active Active
- 2014-01-23 WO PCT/CN2014/071231 patent/WO2014139341A1/zh active Application Filing
Also Published As
Publication number | Publication date |
---|---|
CN103716168A (zh) | 2014-04-09 |
CN103716168B (zh) | 2017-01-18 |
US20160028539A1 (en) | 2016-01-28 |
CN103237005A (zh) | 2013-08-07 |
US9705672B2 (en) | 2017-07-11 |
WO2014139341A1 (zh) | 2014-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014139341A8 (zh) | 密钥管理方法及系统 | |
PH12019500938A1 (en) | Data transmission method, apparatus and system | |
AU2018256568A1 (en) | Systems and methods for software based encryption | |
GB2528226A (en) | Method performed by at least one server for processing a data packet from a first computing device to a second computing device to permit end-to-end | |
WO2015157693A3 (en) | System and method for an efficient authentication and key exchange protocol | |
CA3083620A1 (en) | Smart contract-based data transfer method and system | |
GB2512249A (en) | Secure peer discovery and authentication using a shared secret | |
GB2498039B (en) | Password recovery service | |
MX361983B (es) | Sistema de gestión de credenciales electrónicas. | |
WO2013068843A3 (en) | Multi-key cryptography for encrypting file system acceleration | |
WO2016122747A3 (en) | Storage for encrypted data with enhanced security | |
WO2014116528A3 (en) | Providing an encrypted account credential from a first device to a second device | |
WO2011149765A3 (en) | Rfid security and mobility architecture | |
WO2014059136A3 (en) | Techniqued for secure data exchange | |
GB2509422A (en) | Decryption and encryption of application data | |
WO2012172832A3 (en) | Authenticator, authenticatee and authentication method | |
WO2012154976A3 (en) | System and method for web-based security authentication | |
WO2016114830A3 (en) | Methods and systems for authentication interoperability | |
UA122327C2 (uk) | Nado- криптографія з генераторами ключів | |
CN105450387A (zh) | 一种基于混合加密的网络分布式存储方法 | |
WO2018213744A3 (en) | REDUCTION OF SENSITIVE DATA COMPROMISE IN A VIRTUAL MACHINE | |
WO2014113132A3 (en) | Method for secure symbol comparison | |
JP2014030979A5 (zh) | ||
MX2018010943A (es) | Anti-clonacion de modem de cable. | |
WO2010011921A3 (en) | Http authentication and authorization management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14763690 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14775633 Country of ref document: US |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14763690 Country of ref document: EP Kind code of ref document: A1 |