WO2014139406A1 - 一种终端主密钥tmk安全下载方法及系统 - Google Patents

一种终端主密钥tmk安全下载方法及系统 Download PDF

Info

Publication number
WO2014139406A1
WO2014139406A1 PCT/CN2014/073215 CN2014073215W WO2014139406A1 WO 2014139406 A1 WO2014139406 A1 WO 2014139406A1 CN 2014073215 W CN2014073215 W CN 2014073215W WO 2014139406 A1 WO2014139406 A1 WO 2014139406A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
random number
terminal
ciphertext
kms
Prior art date
Application number
PCT/CN2014/073215
Other languages
English (en)
French (fr)
Inventor
苏文龙
孟陆强
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN2013100846716A external-priority patent/CN103220270A/zh
Priority claimed from CN2013100843972A external-priority patent/CN103237004A/zh
Priority claimed from CN2013100846538A external-priority patent/CN103237005A/zh
Priority claimed from CN2013100846735A external-priority patent/CN103220271A/zh
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2014139406A1 publication Critical patent/WO2014139406A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Definitions

  • the present invention relates to the field of electronic payment, and in particular, to a method and system for securely downloading a terminal master key TMK.
  • Bank card (BANK Card) is becoming more and more popular as a payment instrument.
  • the usual bank card payment system includes a point of sale terminal (Point Of Sale, POS), POS Acquiring System (POSP), PIN PAD and Hardware Encryption (Hardware and Security) Module, HSM).
  • the POS terminal can accept the bank card information, has the communication function, and accepts the instructions of the teller to complete the financial transaction information and the related information exchange device; the POS acquiring system performs centralized management on the POS terminal, including parameter downloading, key downloading, accepting, Processing or forwarding the transaction request of the POS terminal, and sending back the transaction result information to the POS terminal, which is a centralized management and transaction processing system; the password keyboard (PIN) PAD) is a security device that securely stores keys related to various financial transactions and encrypts PINs.
  • the hardware encryption machine (HSM) is a peripheral hardware device that encrypts transmitted data and is used for encryption of PINs. Decrypt, verify the correctness of the message and file source, and store the key.
  • Personal identification number (Personal Identification Number, PIN), which is the personal information, is the data information identifying the legality of the cardholder's identity in online transactions. It is not allowed to appear in plain text in any part of the computer and network system; terminal master key (Terminal) Master Key, TMK), when the POS terminal works, the master key for encrypting the work key is encrypted and stored in the system database; the POS terminal is widely used in bank card payment occasions, such as vendor shopping, hotel accommodation, etc. The lack of modern means of payment has been integrated into the various situations of people's lives. Bank cards, especially debit cards, generally have a PIN set by the cardholder.
  • the POS terminal In the process of payment, the POS terminal not only sends the track information of the bank card, but also the cardholder to input the PIN for the card issuing bank to verify.
  • the legality of the cardholder’s identity ensures the security of the payment of the bank card and protects the property of the cardholder.
  • it In order to prevent the PIN from being leaked or cracked, it is required to securely encrypt the PIN from the terminal to the issuing bank during the entire information exchange process. It is not allowed to appear in the clear text in any part of the computer network system, so the input PIN is currently accepted.
  • the POS terminal requires a key management system.
  • TMK terminal master key
  • WK work key
  • TMK encrypts WK.
  • Each POS terminal has a unique TMK, which must be secure, ensure that it can only be written to the device and participate in calculations, and cannot be read.
  • TMK is a key root key. If TMK is intercepted, the work key is easier. Being cracked will seriously threaten the security of bank card payments. Therefore, whether the TMK can be safely downloaded to the POS terminal becomes the key to the security of the entire POS terminal.
  • the download of the terminal master key TMK must be controlled in the security room of the management center of the acquirer. Therefore, it is necessary to manually centralize the POS terminal and download the terminal key. Key TMK.
  • the maintenance center has a large workload; after the equipment leaves the factory, it needs to be transported to the security center of the management center to download the key to be deployed to the merchant, and the transportation cost increases; in order to concentrate the download of the key, a large amount of manpower and working time are required, and the maintenance cost is large. , long maintenance period and other issues.
  • a technical solution adopted by the present invention is: a method for securely downloading a terminal master key TMK, comprising the steps of: S1, the payment terminal generates the transmission key TK and generates the transmission key ciphertext; S2, the payment terminal uploads the transmission key ciphertext, and downloads the master key TMK; wherein step S1 comprises: S11, the provider key management system invokes the first Hardware encryption machine, KMS The system calls the second hardware encryption machine, and the supplier permission component and the KMS are respectively in the first hardware encryption machine and the second hardware encryption machine.
  • the system authority component synthesizes the protection key PK and the MAC key MAK, and stores the protection key PK and the MAC key MAK in the first hardware encryption machine and the second hardware encryption machine, respectively;
  • S12 the supplier secret
  • the key management system calls the first hardware encryption machine to generate the public-private key pair Pu_hsm, Pr_hsm, and sends the public key Pu_hsm to the payment terminal;
  • S13 the payment terminal invokes the cryptographic keyboard to generate a transmission key TK, and the TK includes the transmission encryption key TEK and Transmitting the authentication key AUK;
  • S14 the payment terminal invokes the cryptographic keyboard to encrypt the TK using the public key Pu_hsm, generates the first transmission key ciphertext Ctk_Pu, and transmits the first transmission key ciphertext Ctk_Pu to the provider key management system;
  • S15 The supplier key management system invokes the first hardware encryption machine to decrypt the first transmission key ciphertext Ctk_Pu using
  • the second transmission key ciphertext Ctk_pk is sent to the KMS system; S23, the KMS system calls the second hardware encryption machine to use the MAC key MAK to query. Second transmission key ciphertext Ctk_pk Verifying MAC legitimacy, if the check passes, decrypting the second transport key ciphertext Ctk_pk using the protection key PK to obtain the transport key TK and storing it in the second hardware encryptor; S24, KMS After the system obtains the transmission key TK, it calls the second hardware encryption machine to use the authentication key AUK. Performing mutual authentication with the payment terminal; S25.
  • the KMS system calls the second hardware encryption machine to generate the master key ciphertext Ctmk by using the transport encryption key TEK to encrypt the terminal master key TMK and send the master key ciphertext Ctmk to a payment terminal; S26.
  • the payment terminal invokes the PIN pad to decrypt the master key ciphertext Ctmk using the transport encryption key TEK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
  • a terminal master key TMK secure download system comprising a first hardware encryptor, a second hardware encryptor, a vendor key management system, a payment terminal, a CA center, an operation terminal, and a KMS system; the vendor key management
  • the system includes a negotiation key A module, a public key generation module, and a trans-encryption module.
  • the payment terminal includes a TK generation module, a two-way authentication A module, and a TMK receiving module.
  • the operation terminal includes a TK collection module, a TK upload module, and a CA authentication A module.
  • the system includes a negotiation key B module, a TK receiving module, a CA authentication B module, a bidirectional authentication B module, and a TMK sending module;
  • the negotiation key A module and the negotiation key B module are used to invoke the first hardware encryption machine and the second hardware encryption machine to respectively supply the supplier permission component and the KMS in the first hardware encryption machine and the second hardware encryption machine.
  • the system authority component synthesizes the protection key PK and the MAC key MAK, and stores the protection key PK and the MAC key MAK together in the first hardware encryption machine and the second hardware encryption machine, respectively; Generating a public-private key pair Pu_hsm, Pr_hsm, and transmitting the public key Pu_hsm to the payment terminal;
  • the TK generating module is configured to invoke a cryptographic keyboard to generate a transmission key TK, the TK including a transmission encryption key TEK and transmission The authentication key AUK;
  • the TK generation module is further configured to invoke the cryptographic keyboard to encrypt the TK using the public key Pu_hsm, generate the first transmission key ciphertext Ctk_Pu, and send the first transmission key ciphertext Ctk_Pu to the provider key management system;
  • the trans-encryption module is configured to invoke the first hardware encryption machine to decrypt the first transmission key ciphertext Ctk_Pu using the private key Pr_hsm to obtain
  • the TMK sending module is configured to: after the KMS system and the payment terminal pass the authentication, call the second hardware encryption machine to generate the master key ciphertext Ctmk by using the transmission encryption key TEK to encrypt the terminal master key TMK and The key ciphertext Ctmk is sent to the payment terminal; the TMK receiving module is configured to call the cryptographic keyboard to decrypt the master key ciphertext Ctmk using the transport encryption key TEK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
  • the invention has the beneficial effects that: the invention uploads the transmission key TK through the payment terminal, and encrypts and transmits the TMK by the transmission key, so that the payment terminal remotely downloads the terminal master key TMK, wherein the TK includes the transmission encryption key TEK and the transmission.
  • the authentication key AUK, the payment terminal and the KMS system first perform the two-way identity authentication through the authentication key AUK. After the authentication is passed, the terminal key master TMK is encrypted and transmitted by the asymmetric transmission encryption key TEK, thereby improving the transmission and download security of the TMK. Further, the master key TMK download and the transport key TK upload are performed together, and are all performed through the operation terminal, thereby greatly improving the time efficiency of the TMK download.
  • the master key TMK can be downloaded through the operation terminal uniformly. Since the operation terminal and the KMS system have been authenticated by the CA center, and the TMK is downloaded centrally, the log terminal is greatly reduced. The master key TMK downloads the risk, and the merchant can use the payment terminal directly, which greatly facilitates the use of the merchant. Further, the supplier key management system and the KMS system respectively store a protection key PK and a MAC key MAK, and the transmission key TK generated by the payment terminal is protected by the protection key PK and MAC of the provider key management system. The key MAK is encrypted and uploaded. Therefore, the operation terminal does not need to further encrypt the TK, which greatly simplifies the encryption process in the TK upload process, and improves the time efficiency of the TK upload under the premise of ensuring the secure transmission of the TK.
  • FIG. 1 is a structural block diagram of a terminal master key TMK secure download system according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of the bidirectional authentication A module of FIG. 1;
  • FIG. 3 is a structural block diagram of the bidirectional authentication B module of FIG. 1;
  • FIG. 4 is a flowchart of a method for securely downloading a terminal master key TMK according to an embodiment of the present invention
  • FIG. 5 is a flow chart showing the specific steps of step S1 in Figure 4.
  • FIG. 6 is a flow chart of specific steps of step S2 in FIG. 4.
  • 10 payment terminal; 20: operation terminal; 30: KMS system; 40: supplier key management system; 50: CA center; 60: first hardware encryption machine; 70: second hardware encryption machine; 101: TK generation module; 102: TMK receiving module; 103: two-way authentication A module; 201: TK uploading module; 202: TK acquisition module; 203: CA authentication A module; 301: negotiation key B module; 302: TK receiving module; 303: CA authentication B module; 304: two-way authentication B module; 305: TMK sending module; 401: Negotiating key A module; 402: Transcoding module; 403: Public key generating module; 501: Certificate presetting module;
  • HSM_VENDOR Vendor hardware encryption machine
  • AUK Authentication Key Abbreviation, the authentication key, used for mutual authentication between PINPAD and the key management system KMS;
  • CA Center The so-called CA (Certificate Authority) Center, which uses PKI (Public Key) Infrastructure) Public Key Infrastructure Technology, which provides network identity authentication services, is responsible for issuing and managing digital certificates, and is an authoritative and impartial third-party trust organization that acts like a company that issues documents in real life.
  • PKI Public Key
  • HSM High Security Machine, high security device, which is a hardware encryption machine in this system
  • KMS system Key Management System, key management system for managing terminal master key TMK;
  • MAK short for Mac Key, which is the MAC calculation key.
  • MTMS full name Material Tracking Management System, material traceability management system, mainly used in factory production;
  • PIK short name of Pin Key, that is, Pin encryption key, which is a kind of work key
  • PINPAD password keyboard
  • PK Short for Protect Key, the protection key, negotiated with the customer to determine the 24-byte symmetric key.
  • MTMS/TCS Encrypted transmission of TK with KMS;
  • POS Short for Point Of Sale, which is the sales terminal
  • SNpinpad the serial number of the PIN pad. When PINPAD is built-in, it is the same as the serial number SNpos of the POS terminal.
  • SN the serial number of the POS terminal
  • TEK Transmission Encrypt The abbreviation of Key, that is, transmission encryption key, 24-byte symmetric key, used for encrypted transmission of TMK between PINPAD and key management system KMS;
  • TK Transmission The abbreviation of Key, that is, the transmission key.
  • the transport key is composed of a transport encryption key TEK and a mutual authentication key AUK;
  • TMS Terminal Management System Abbreviation, that is, terminal management system, used to complete POS terminal information management, software and parameter configuration, remote download, terminal operation status information collection management, remote diagnosis and other functions;
  • TMK Terminal Master
  • the abbreviation of Key that is, the terminal master key, is used for encrypted transmission of the work key between the POS terminal and the payment acquiring system;
  • Security room A room with a high security level for storing servers. This room requires authentication before it can enter.
  • Smart IC card It is a CPU card.
  • the integrated circuit in the card includes a central processing unit CPU, a programmable read-only memory EEPROM, a random access memory RAM, and an in-card operating system COS (Chip) which is solidified in a read-only memory ROM. Operating System), the data in the card is divided into external reading and internal processing.
  • Symmetric key Both parties that send and receive data must use the same key to encrypt and decrypt the plaintext.
  • Symmetric key encryption algorithms mainly include: DES, 3DES, IDEA, FEAL, BLOWFISH, and so on.
  • Asymmetric Key An asymmetric encryption algorithm requires two keys: a public key (Private key) and a private key (Public key) Key). The public key and the private key are a pair. If the data is encrypted with the public key, only the corresponding private key can be used for decryption; if the data is encrypted with the private key, only the corresponding public key can be used. Decrypt. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
  • the basic process of asymmetric information exchange for asymmetric encryption is: Party A generates a pair of keys and exposes one of them as a public key to other parties; Party B, which obtains the public key, uses the key to perform confidential information.
  • Party A After encryption, it will be sent to Party A; Party A will decrypt the encrypted information with another private key saved by Party A.
  • Party A may use Party B's public key to encrypt the confidential information and then send it to Party B; Party B then uses its own private key to decrypt the encrypted information.
  • the main algorithms are RSA, Elgamal, backpack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm).
  • RSA An asymmetric key algorithm.
  • the RSA public key encryption algorithm was in 1977 by Ron Rivest, Adi Shamirh Developed by Len Adleman (Massachusetts Institute of Technology, USA).
  • the RSA is named after the name of the three of them.
  • RSA It is currently the most influential public key encryption algorithm, it can resist all the password attacks known so far, and has been recommended by ISO as the public key data encryption standard.
  • RSA The algorithm is based on a very simple theory of numbers: it is easy to multiply two large prime numbers.
  • the RSA algorithm is the first algorithm that can be used for both encryption and digital signatures, and is easy to understand and operate.
  • RSA It is the most widely studied public key algorithm. It has been tested by various attacks for more than 30 years from the present to the present, and it is gradually accepted as one of the best public key solutions.
  • TDES Triple-DES DES is a symmetric encryption algorithm with a key of 8 bytes. TDES is based on DES The encryption algorithm whose key is 16 bytes or 24 bytes. TDES/3DES is the abbreviation of English TripleDES (ie triple data encryption standard), DES is English Data Acronym for Encryption Standard. DES is a symmetric key encryption algorithm, that is, the encryption algorithm with the same data encryption key and decryption key. DES by IBM The company was developed and made public in the 1970s and subsequently adopted by the US government and recognized by the US National Bureau of Standards and the American National Standards Institute (ANSI). TDES/3DES is DES A pattern of encryption algorithms that uses three 64-bit keys to encrypt data three times. Is a safer variant of DES.
  • the present invention adopts a new master key downloading scheme, and randomly generates a TK (Transmission) through a POS terminal. Key, transport key), save the generated TK in the PIN terminal of the POS terminal, and transfer the TK to the KMS (Key Management) through various transmission modes required in various application scenarios.
  • the KMS system uses the TK to encrypt the terminal master key TMK, and sends the encrypted terminal master key ciphertext to the POS terminal, and the POS terminal receives the TK to the master key.
  • the text is decrypted to obtain the terminal master key TMK, and the terminal master key TMK is saved in the password keyboard.
  • the terminal master key TMK is encrypted by TK, so that the TMK can be remotely transmitted, and the secure download of the TMK is facilitated.
  • the POS terminal After the POS terminal collects the transmission key TK and sends it to the bank to encrypt the TMK, and then remotely downloads the TK encrypted TMK through the POS terminal, the remote download of the TMK can be realized.
  • the above TMK download method TMK download is performed separately from the TK upload.
  • the POS terminal generates and uploads the TK at the time of the manufacturer, and the POS terminal issues the TMK download to each merchant, so the download of the TMK is fragmented.
  • the time efficiency is low, the workload of the KMS system is large, and there are more uncertain factors in the TMK download after the POS terminal is placed in each merchant, and the download risk of the TMK is higher. . Therefore, there is a need for a secure download method for terminal master key TMK with higher time efficiency and more secure downloading.
  • the system includes a first hardware encryptor 60, a second hardware encryptor 70, and a vendor key management system 40.
  • the supplier key management system 40 includes a negotiation key A module 401, a public key generation module 403, and a trans-encryption module 402, and the payment terminal 10 includes TK generation.
  • the module 101, the bidirectional authentication A module 103, and the TMK receiving module 102, the operation terminal 20 includes a TK collection module 202, a TK upload module 201, and a CA authentication A module 203.
  • the KMS system 30 includes a negotiation key B module 301 and a TK receiving module 302.
  • the negotiation key A module 401 and the negotiation key B module 301 are used to invoke the first hardware encryption machine 60 and the second hardware encryption machine 70 to respectively provide vendor rights in the first hardware encryption machine 60 and the second hardware encryption machine 70.
  • Component and KMS The system authority component synthesizes the protection key PK and the MAC key MAK, and stores the protection key PK and the MAC key MAK together in the first hardware encryption machine 60 and the second hardware encryption machine 70, respectively;
  • the public key generation module 403 is configured to call the first hardware encryption machine 60 to generate the public-private key pair Pu_hsm, Pr_hsm, and send the public key Pu_hsm to the payment terminal 10;
  • the TK generating module 101 is configured to invoke a cryptographic keyboard to generate a transport key TK, where the TK includes a transport encryption key TEK and a transport authentication key AUK;
  • the TK generating module 101 is further configured to invoke the cryptographic keyboard to encrypt the TK using the public key Pu_hsm, generate a first transport key ciphertext Ctk_Pu, and send the first transport key ciphertext Ctk_Pu to the vendor key management system 40;
  • the transcryption module 402 is configured to invoke the first hardware encryption machine 60 to decrypt the first transmission key ciphertext Ctk_Pu using the private key Pr_hsm to obtain the transmission key TK;
  • the trans-cryptographic module 402 is further configured to invoke the first hardware encryptor 60 to encrypt the transport key TK using the protection key PK and use the MAC key MAK. Calculating a MAC value, generating a second transport key ciphertext Ctk_pk, and transmitting a second transport key ciphertext Ctk_pk to the payment terminal 10;
  • the TK collection module 202 is configured to collect a second transmission key ciphertext Ctk_pk of the payment terminal;
  • the CA authentication A module 203 and the CA authentication B module 304 are used for performing identity authentication between the operation terminal 20 and the KMS system 30 through the CA center 50.
  • the TK uploading module 201 is configured to: after the authentication is passed, the second transmission key ciphertext Ctk_pk Sent to the KMS system 30;
  • the TK receiving module 302 is configured to invoke the second hardware encryption machine 70 to use the MAC key MAK pair to query the second transmission key ciphertext Ctk_pk Verifying MAC legitimacy, and also for decrypting the second transport key ciphertext Ctk_pk using the protection key PK to obtain the transport key TK and storing it in the second hardware encryptor 70 when the check is passed;
  • Two-way authentication A module 103 and two-way authentication B module 304 are used when KMS After obtaining the transmission key TK, the system 30 calls the second hardware encryption machine 70 to perform mutual authentication with the payment terminal using the authentication key AUK;
  • the TMK sending module 305 is configured to, after the KMS system 30 and the payment terminal 10 pass the authentication, invoke the second hardware encrypting machine 70 to generate the master key ciphertext Ctmk and encrypt the master key using the transport encryption key TEK to encrypt the terminal master key TMK.
  • the text Ctmk is sent to the payment terminal 10;
  • the TMK receiving module 102 is configured to invoke the cryptographic keyboard to decrypt the master key ciphertext Ctmk using the transport encryption key TEK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
  • the CA authentication A module includes a first random number generating unit, a first data transceiving unit, a first encryption and decryption unit, and a first judging unit
  • the CA authentication B module includes a second random number generating unit and a second data transceiving unit.
  • the second encryption and decryption unit and the second determination unit, the CA center includes a certificate preset module.
  • the certificate preset module is configured to invoke the operation terminal to generate the public-private key pair Pu_optm and Pr_optm, and send the public key Pu_optm and the operation terminal identification information to the CA center, and the CA center generates the root certificate AuthRCRT_optm and the corresponding private key OptmWCRT_Prk, and is used for receiving
  • the public key Pu_optm and the operation terminal identification information are generated by using the private key OptmWCRT_Prk signature to generate a digital certificate OptmWCRT, and the digital certificate OptmWCRT and the private key OptmWCRT_Prk are stored in the operation terminal, and the root certificate AuthRCRT_optm is stored in the KMS system;
  • the certificate preset module is configured to invoke the second hardware encryption machine to generate public-private key pairs Pr_kms and Pu_kms, and send the public key Pu_kms and KMS identification information to the CA center, and the CA center generates a root certificate AuthRCRT_kms and a corresponding private key ServerWCRT_Prk, and is used for
  • the received public key Pu_kms and the KMS system identification information are generated by using the private key ServerWCRT_Prk signature to generate a digital certificate ServerWCRT, and the digital certificate ServerWCRT and the corresponding private key ServerWCRT_Prk are stored in the KMS system, and the root certificate AuthRCRT_kms is stored in the operation terminal;
  • the second data transceiver unit is configured to send the digital certificate ServerWCRT to the operation terminal;
  • the first determining unit is configured to verify the validity of the digital certificate ServerWCRT by using the root certificate AuthRCRT_kms;
  • the first random number generating unit is configured to generate a first random number AT1 after the digital certificate ServerWCRT is verified, and used to use the first random number AT1 is sent to the KMS system;
  • the second encryption and decryption unit is configured to generate the first random number ciphertext Sign1 by using the private key ServerWCRT_Prk signature first random number AT1, and send the first random number ciphertext Sign1 to the operation terminal;
  • the first judging unit is configured to verify the validity of the first random number ciphertext Sign1 by using the digital certificate ServerWCRT, and the first data transceiving unit is configured to send the digital certificate OptmWCRT to the KMS system after the first random number ciphertext Sign1 is verified to pass;
  • the second judging unit is configured to verify the validity of the digital certificate OptmWCRT by using the root certificate AuthRCRT_optm, and the second random number generating unit is configured to generate the second random number AT2 after the digital certificate OptmWCRT passes the verification, and send the second random number to the operation. terminal;
  • the first encryption and decryption unit is configured to generate a second random ciphertext Sign2 by encrypting the second random number AT2 using the private key OptmWCRT_Prk, and send the second random ciphertext Sign2 to the KMS system;
  • the second determining unit is configured to verify the validity of the second random ciphertext Sign2 by using the digital certificate OptmWCRT. After the verification is passed, the KMS system and the operating terminal authenticate pass.
  • FIG. 2 is a structural block diagram of the two-way authentication A module 103
  • FIG. 3 is a structural block diagram of the two-way authentication B module 304.
  • the two-way authentication A module 103 includes a third random number. a generating unit, a third data transceiving unit, a third encryption and decryption unit, and a third judging unit, wherein the bidirectional authentication B module includes a fourth random number generating unit, a fourth data transceiving unit, a fourth encryption and decryption unit, and a fourth determining unit ;
  • the third random number generating unit is configured to generate a third random number AT3; the third data transceiving unit is configured to send the generated third random number AT3 to the KMS system; and the fourth data transceiving unit is configured to receive the third random number AT3;
  • the fourth random number generating unit is configured to generate a fourth random number AT4 when receiving the third random number AT3;
  • the fourth encryption and decryption unit is configured to invoke the fourth hardware encrypting machine to use the transmission authentication when receiving the third random number AT3
  • the key AUK encrypts the third random number AT3 to obtain the third random number ciphertext Sign3; the fourth data transceiving unit is configured to send the third random number ciphertext Sign3 and the fourth random number AT4 to the payment terminal;
  • the third encryption and decryption unit is configured to obtain the fifth random number AT3' by using the transmission authentication key AUK to decrypt the received third random number ciphertext Sign3 when receiving the third random number ciphertext Sign3 and the fourth random number AT4;
  • the third determining unit is configured to determine whether the fifth random number AT3' is consistent with the third random number AT3;
  • the third encryption/decryption unit is configured to: when the fifth random number AT3′ is consistent with the third random number AT3, use the transmission authentication key AUK to encrypt the fourth random number AT4 to generate the fourth random number ciphertext Sign4; and the third data transceiving unit Transmitting the fourth random number ciphertext Sign4 to the KMS system;
  • the fourth encryption and decryption unit is configured to, when receiving the fourth random number ciphertext Sign4, invoke the second hardware encryption machine to decrypt the received fourth random number ciphertext Sign4 by using the transmission authentication key AUK to obtain the sixth random number AT4',
  • the fourth determining unit is configured to determine whether the sixth random number AT4′ is consistent with the fourth random number AT4, and confirm that the sixth random number AT4′ is consistent with the fourth random number AT4, and confirm the two-way between the KMS system and the payment terminal. Certification passed.
  • the operation terminal further includes an operator card and an administrator card;
  • the certificate presetting module of the CA center is further configured to generate an operator card certificate and an administrator card certificate, and is configured to store the operator card certificate in the operator card and store the administrator card certificate in the management card;
  • the operator card and the administrator card are used when the operation terminal reads the operator card and the administrator card inserted in the operation terminal, and when the CA center passes the legality certification of the operator certificate and the administrator certificate, the authorization is performed. Operate the terminal.
  • the payment terminal is a POS terminal, a mobile phone terminal, a smart IC card, or an ATM machine terminal.
  • a method for securely downloading a terminal master key TMK includes the following steps:
  • the payment terminal generates a transmission key TK and generates a transmission key ciphertext
  • the payment terminal uploads the transmission key ciphertext and downloads the master key TMK;
  • step S1 includes:
  • the supplier key management system calls the first hardware encryption machine, KMS
  • the system calls the second hardware encryption machine, and the supplier permission component and the KMS are respectively in the first hardware encryption machine and the second hardware encryption machine.
  • the system authority component synthesizes the protection key PK and the MAC key MAK, and stores the protection key PK and the MAC key MAK together in the first hardware encryption machine and the second hardware encryption machine, respectively;
  • the provider key management system invokes the first hardware encryption machine to generate a public-private key pair Pu_hsm, Pr_hsm, and sends the public key Pu_hsm to the payment terminal.
  • the payment terminal calls a cryptographic keyboard to generate a transmission key TK, the TK includes a transmission encryption key TEK and a transmission authentication key AUK;
  • the payment terminal invokes the cryptographic keyboard to encrypt the TK by using the public key Pu_hsm, generates a first transmission key ciphertext Ctk_Pu, and sends the first transmission key ciphertext Ctk_Pu to the provider key management system;
  • the supplier key management system calls the first hardware encryption machine to decrypt the first transmission key ciphertext Ctk_Pu using the private key Pr_hsm to obtain the transmission key TK;
  • the vendor key management system invokes the first hardware encryptor to encrypt the transport key TK using the protection key PK and uses the MAC key MAK. Calculating a MAC value, generating a second transmission key ciphertext Ctk_pk, and transmitting the second transmission key ciphertext Ctk_pk to the payment terminal;
  • step S2 includes:
  • the operation terminal collects a second transmission key ciphertext Ctk_pk of the payment terminal.
  • the operation terminal and the KMS system perform identity authentication through the CA center. After the authentication is passed, the second transmission key ciphertext Ctk_pk is sent to the KMS system.
  • the KMS system invokes the second hardware encryption machine to check the second transmission key ciphertext Ctk_pk with the MAC key MAK. Legitimacy, if the verification passes, decrypt the second transmission key ciphertext Ctk_pk using the protection key PK to obtain the transmission key TK and store it in the second hardware encryption machine;
  • the KMS system obtains the transmission key TK and then calls the second hardware encryption machine to use the authentication key AUK. Two-way authentication with the payment terminal;
  • the KMS system invokes the second hardware encryption machine to generate the master key ciphertext Ctmk by using the transport encryption key TEK to encrypt the terminal master key TMK and send the master key ciphertext Ctmk to the payment terminal;
  • the payment terminal invokes the cryptographic keyboard to decrypt the master key ciphertext Ctmk by using the transport encryption key TEK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
  • the step S22 is specifically:
  • the operation terminal generates a public-private key pair Pu_optm and Pr_optm, and sends the public key Pu_optm and the operation terminal identification information to the CA center.
  • the CA center generates a root certificate AuthRCRT_optm and a corresponding private key OptmWCRT_Prk, and uses the received public key Pu_optm and the operation terminal identification information.
  • the private key OptmWCRT_Prk signature generates a digital certificate OptmWCRT, stores the digital certificate OptmWCRT and the private key OptmWCRT_Prk in the operation terminal, and stores the root certificate AuthRCRT_optm in the KMS system;
  • the KMS system calls the second hardware encryption machine to generate the public-private key pair Pr_kms and Pu_kms, and sends the public key Pu_kms and the KMS system identification information to the CA center.
  • the CA center generates the root certificate AuthRCRT_kms and the corresponding private key ServerWCRT_Prk, and receives the received public key Pu_kms.
  • the KMS system identification information is generated by using the private key ServerWCRT_Prk signature to generate a digital certificate ServerWCRT, the digital certificate ServerWCRT and the corresponding private key ServerWCRT_Prk are stored in the KMS system, and the root certificate AuthRCRT_kms is stored in the operation terminal;
  • the KMS system sends the digital certificate ServerWCRT to the operation terminal;
  • the operation terminal verifies the validity of the digital certificate ServerWCRT by using the root certificate AuthRCRT_kms. If the verification succeeds, the operation terminal generates the first random number AT1, and sends the first random number AT1 to the KMS system;
  • the KMS system generates a first random number ciphertext Sign1 by using the private key ServerWCRT_Prk signature first random number AT1, and sends the first random number ciphertext Sign1 to the operation terminal;
  • the operation terminal verifies the validity of the first random number ciphertext Sign1 by using the digital certificate ServerWCRT, and after the verification is passed, sends the digital certificate OptmWCRT to the KMS system;
  • the KMS system uses the root certificate AuthRCRT_optm to verify the validity of the digital certificate OptmWCRT. After the verification is passed, the second random number AT2 is generated, and the second random number AT2 is sent to the operation terminal.
  • the operation terminal uses the private key OptmWCRT_Prk to encrypt the second random number AT2 to generate the second random ciphertext Sign2, and sends the second random ciphertext Sign2 to the KMS system;
  • the KMS system verifies the validity of the second random ciphertext Sign2 using the digital certificate OptmWCRT. After the verification is passed, the KMS system and the operation terminal are authenticated.
  • the step S24 specifically includes:
  • the payment terminal generates a third random number AT3 and sends the third random number AT3 to the KMS system;
  • the KMS system After receiving the third random number AT3, the KMS system generates a fourth random number AT4, and calls the second hardware encryptor to encrypt the third random number AT3 with the authentication key AUK to obtain the third random number ciphertext Sign3, and the third random number ciphertext Sign3 And transmitting the fourth random number AT4 to the payment terminal;
  • the payment terminal decrypts the received third random number ciphertext Sign3 using the authentication key AUK to obtain a fifth random number AT3', and determines whether the fifth random number AT3' is consistent with the third random number AT3:
  • the payment terminal encrypts the fourth random number AT4 using the authentication key AUK to generate the fourth random number ciphertext Sign4, and transmits the fourth random number ciphertext Sign4 to the KMS system. ;
  • the KMS system calls the second hardware encryptor to decrypt the received fourth random number ciphertext Sign4 using the authentication key AUK to obtain the sixth random number AT4', and determines whether the sixth random number AT4' is consistent with the fourth random number AT4;
  • the operation of the operation terminal must be authorized by the operator card and the administrator card, and specifically includes:
  • the operator card and the administrator card respectively generate a public-private key pair, and respectively send the public key to the CA center, generate an operator card certificate and an administrator card certificate, and store the operator card certificate in the operator card respectively.
  • the card certificate is stored in the management card;
  • the operator card and the administrator card are inserted on the operation terminal, and after the CA is authenticated, the operation of the operation terminal is allowed.
  • the payment terminal is a POS terminal, a mobile phone terminal, a smart IC card or an ATM machine terminal.
  • the original Chiha value of TK is calculated when the transmission key TK is generated, and the Chia value of TK is first checked each time the TK is stored, transmitted, or used, and TK can be used when the check is passed.
  • TK By verifying the Chia value of TK, it is possible to prevent the storage device from being abnormal and causing the stored data to be incorrect, and to determine whether the key is correct.
  • the invention has the beneficial effects that: the invention uploads the transmission key TK through the payment terminal, and encrypts and transmits the TMK by the transmission key, so that the payment terminal remotely downloads the terminal master key TMK, wherein the TK includes the transmission encryption key TEK and the transmission.
  • the authentication key AUK, the payment terminal and the KMS system first perform the two-way identity authentication through the authentication key AUK. After the authentication is passed, the terminal key master TMK is encrypted and transmitted by the asymmetric transmission encryption key TEK, thereby improving the transmission and download security of the TMK.
  • the master key TMK of the present invention is generated by the KMS system, thus facilitating subsequent maintenance and management of the master key TMK by the KMS system.
  • the master key TMK download and the transport key TK upload are performed together, and are all performed through the operation terminal, thereby greatly improving the time efficiency of the TMK download.
  • the master key TMK can be downloaded through the operation terminal uniformly. Since the operation terminal and the KMS system have been authenticated by the CA center, and the TMK is downloaded centrally, the log terminal is greatly reduced. The master key TMK downloads the risk, and the merchant can use the payment terminal directly, which greatly facilitates the use of the merchant.
  • the supplier key management system and the KMS system respectively store a protection key PK and a MAC key MAK, and the transmission key TK generated by the payment terminal is protected by the protection key PK and MAC of the provider key management system.
  • the key MAK is encrypted and uploaded. Therefore, the operation terminal does not need to further encrypt the TK, which greatly simplifies the encryption process in the TK upload process, and improves the time efficiency of the TK upload under the premise of ensuring the secure transmission of the TK.
  • the operating terminal performs physical authentication of both parties with the KMS system before uploading the TK, thereby ensuring that the TK is transmitted to the correct acquiring KMS system, preventing the pseudo KMS system from stealing TK information.
  • the KMS system performs identity authentication of both parties through the authentication key AUK before issuing the master key TMK, effectively preventing the pseudo payment terminal from stealing the TMK, and ensuring that the payment terminal downloads the TMK from the correct KMS system.
  • the operation terminal is further provided with an operator card and an administrator card, and the operation terminal can be operated only when the operator card and the administrator card are authorized, thereby effectively ensuring the upload of each TK. Authenticity and effectiveness.

Abstract

本发明公开一种终端主密钥TMK安全下载方法,包括步骤:支付终端产生传输密钥TK;供应商密钥管理系统对TK进行转加密后发送给支付终端;操作终端采集转加密后的TK,并将其传送给KMS系统;KMS系统与支付系统进行身份认证;认证通过后KMS系统通过操作终端将终端主密钥TMK发送给支付终端。本发明的有益效果为:本发明TK上传和TMK下载都通过操作终端进行,并且TMK下载是直接接续TK上传步骤之后,大大提高了TMK下载时间效率。

Description

一种终端主密钥TMK安全下载方法及系统
技术领域
本发明涉及电子支付领域,尤其涉及一种终端主密钥TMK安全下载方法及系统。
背景技术
银行卡(BANK Card)作为支付工具越来越普及,通常的银行卡支付系统包括销售点终端(Point Of Sale,POS)、POS收单系统(POSP)、密码键盘(PIN PAD)和硬件加密机(Hardware and Security Module,HSM)。其中POS终端能够接受银行卡信息,具有通讯功能,并接受柜员的指令完成金融交易信息和有关信息交换的设备;POS收单系统对POS终端进行集中管理,包括参数下载,密钥下载,接受、处理或转发POS终端的交易请求,并向POS终端回送交易结果信息,是集中管理和交易处理的系统;密码键盘(PIN PAD)是对各种金融交易相关的密钥进行安全存储保护,以及对PIN进行加密保护的安全设备;硬件加密机(HSM)是对传输数据进行加密的外围硬件设备,用于PIN的加密和解密、验证报文和文件来源的正确性以及存储密钥。个人标识码(Personal Identification Number,PIN),即个人密码,是在联机交易中识别持卡人身份合法性的数据信息,在计算机和网络系统中任何环节都不允许以明文的方式出现;终端主密钥(Terminal Master Key,TMK),POS终端工作时,对工作密钥进行加密的主密钥,加密保存在系统数据库中;POS终端广泛应用于银行卡支付场合,比如厂商购物、酒店住宿等,是一种不可或缺的现代化支付手段,已经融入人们生活的各种场合。银行卡,特别是借记卡,一般都由持卡人设置了PIN,在进行支付过程中,POS终端除了上送银行卡的磁道信息等资料外,还要持卡人输入PIN供发卡银行验证持卡人的身份合法性,确保银行卡支付安全,保护持卡人的财产安全。为了防止PIN泄露或被破解,要求从终端到发卡银行整个信息交互过程中,全程对PIN进行安全加密保护,不允许在计算机网络系统的任何环节,PIN以明文的方式出现,因此目前接受输入PIN的POS终端都要求配备密钥管理体系。
POS终端的密钥体系分成二级:终端主密钥(TMK)和工作密钥(WK)。其中TMK对WK进行加密保护。每台POS终端拥有唯一的TMK,必须要有安全保护,保证只能写入设备并参与计算,不能读取;TMK是一个很关键的根密钥,如果TMK被截取,工作密钥就比较容易被破解,将严重威胁银行卡支付安全。所以能否安全下载TMK到POS终端,成为整个POS终端安全性的关键。
为了保证终端主密钥TMK安全的下载到POS终端中,终端主密钥TMK的下载必须控制在收单机构的管理中心的安全机房进行,因此必需要通过人工集中POS终端,并下载终端主密钥TMK。从而带来维护中心机房工作量大;设备出厂后需要运输到管理中心安全机房下载密钥才能部署到商户,运输成本上升;为了集中下装密钥,需要大量的人手和工作时间,维护成本大、维护周期长等问题。
发明内容
为解决上述技术问题,本发明采用的一个技术方案是:一种终端主密钥TMK安全下载方法,包括步骤: S1、支付终端产生传输密钥TK以及生成传输密钥密文;S2、支付终端上传传输密钥密文以及下载主密钥TMK;其中步骤S1包括:S11、供应商密钥管理系统调用第一硬件加密机、KMS 系统调用第二硬件加密机,分别在第一硬件加密机和第二硬件加密机中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机和第二硬件加密机中;S12、供应商密钥管理系统调用第一硬件加密机产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端;S13、支付终端调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;S14、支付终端调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统;S15、供应商密钥管理系统调用第一硬件加密机使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;S16、供应商密钥管理系统调用第一硬件加密机使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端;其中步骤S2包括:S21、操作终端采集支付终端的第二传输密钥密文Ctk_pk;S22、操作终端与KMS系统之间通过CA中心进行身份认证,认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统;S23、KMS系统调用第二硬件加密机使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,如果校验通过,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机中;S24、KMS 系统获得传输密钥TK后调用第二硬件加密机使用认证密钥AUK 与支付终端进行双向认证;S25、如果认证通过,KMS系统调用第二硬件加密机使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端;S26、支付终端调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
本发明提供的另一技术方案是:
一种终端主密钥TMK安全下载系统,包括第一硬件加密机、第二硬件加密机、供应商密钥管理系统、支付终端、CA中心、操作终端以及KMS系统;所述供应商密钥管理系统包括协商密钥A模块、公钥产生模块、转加密模块,支付终端包括TK产生模块、双向认证A模块、TMK接收模块,操作终端包括TK采集模块、TK上传模块、CA认证A模块,KMS系统包括协商密钥B模块、TK接收模块、CA认证B模块、双向认证B模块、TMK发送模块; 协商密钥A模块与协商密钥B模块用于调用第一硬件加密机和第二硬件加密机,分别在第一硬件加密机和第二硬件加密机中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机和第二硬件加密机中;公钥产生模块用于调用第一硬件加密机产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端;TK产生模块用于调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;TK产生模块还用于调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统;转加密模块用于调用第一硬件加密机使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;转加密模块还用于调用第一硬件加密机使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端;TK采集模块用于采集支付终端的第二传输密钥密文Ctk_pk;CA认证A模块与CA认证B模块用于操作终端与KMS系统之间通过CA中心进行身份认证;TK上传模块用于当认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统;TK接收模块用于调用第二硬件加密机使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,还用于当校验通过时,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机中;双向认证A模块与双向认证B模块用于当KMS 系统获得传输密钥TK后,调用第二硬件加密机使用认证密钥AUK 与支付终端进行双向认证;TMK发送模块用于当KMS系统与支付终端认证通过后,调用第二硬件加密机使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端;TMK接收模块用于调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
本发明的有益效果为:本发明通过支付终端上传传输密钥TK,由传输密钥对TMK进行加密传输,实现支付终端远程下载终端主密钥TMK,其中,TK包括传输加密密钥TEK和传输认证密钥AUK,支付终端与KMS系统先经过认证密钥AUK进行双向身份认证,认证通过后用非对称传输加密密钥TEK加密终端主密钥TMK进行传输,提高了TMK的传输下载安全。进一步地,所述主密钥TMK下载和传输密钥TK上传是一并进行的,且都是通过操作终端进行的,因此大大提高了TMK下载的时间效率。同时在支付终端出厂投放给商户之前就可以统一通过操作终端进行主密钥TMK下载,由于操作终端与KMS系统之间通过CA中心进行过身份认证,且TMK是集中进行下载的,因此大大减小了主密钥TMK下载风险,并且商户拿到支付终端就可直接使用,大大方便了商户的使用。更进一步地,所述供应商密钥管理系统与KMS系统分别存储有保护密钥PK和MAC密钥MAK,支付终端产生的传输密钥TK由供应商密钥管理系统的保护密钥PK和MAC密钥MAK加密后进行上传,因此操作终端无需对TK进行进一步地转加密,大大简化了TK上传过程中的加密处理,在保证TK安全传输的前提下提高了TK上传的时间效率。
附图说明
图1为本发明一实施方式中一种终端主密钥TMK安全下载系统的结构框图;
图2为图1中双向认证A模块的结构框图;
图3为图1中双向认证B模块的结构框图;
图4 为本发明一实施方式一种终端主密钥TMK安全下载方法的方法流程图;
图5为图4中的步骤S1的具体步骤流程图;
图6为图4中的步骤S2的具体步骤流程图。
主要元件符号说明:
10:支付终端; 20:操作终端; 30:KMS系统; 40:供应商密钥管理系统; 50:CA中心; 60:第一硬件加密机; 70:第二硬件加密机; 101:TK产生模块; 102:TMK接收模块; 103:双向认证A模块; 201:TK上传模块; 202:TK采集模块; 203:CA认证A模块; 301:协商密钥B模块; 302:TK接收模块; 303:CA认证B模块; 304:双向认证B模块; 305:TMK发送模块; 401:协商密钥A模块; 402:转加密模块; 403:公钥产生模块; 501:证书预置模块;
具体实施方式
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。
首先,对本发明涉及的缩略语和关键术语进行定义和说明:
HSM_VENDOR:供应商硬件加密机;
AUK:Authentication Key 的简称,即认证密钥,用于PINPAD与密钥管理系统KMS之间的双向认证;
CA中心:所谓CA(Certificate Authority)中心,它是采用PKI(Public Key Infrastructure)公开密钥基础架构技术,专门提供网络身份认证服务,负责签发和管理数字证书,且具有权威性和公正性的第三方信任机构,它的作用就像我们现实生活中颁发证件的公司,如护照办理机构;
HSM:High Security Machine的简称,高安全设备,在该系统中为硬件加密机;
KMS系统:Key Management System,密钥管理系统,用于管理终端主密钥TMK;
MAK:Mac Key的简称,即MAC计算密钥, 与客户协商确定24字节对称密钥,用于MTMS系统与KMS系统之间TK的MAC值计算;
MTMS:全称Material Tracking Management System,物料追溯管理系统,主要在工厂生产时使用;
PIK:Pin Key的简称,即Pin加密密钥,是工作密钥的一种;
PINPAD:密码键盘;
PK:Protect Key 的简称,即保护密钥,与客户协商确定,24字节对称密钥。用于MTMS/TCS 与KMS之间TK的加密传输;
POS:Point Of Sale 的简称,即销售终端
SNpinpad:密码键盘的序列号,PINPAD是内置时,和POS终端序列号SNpos一致;
SN:POS终端的序列号;
TEK:Transmission Encrypt Key的简称,即传输加密密钥,24字节对称密钥,用于PINPAD与密钥管理系统KMS之间TMK的加密传输;
TK:Transmission Key的简称,即传输密钥。传输密钥是由传输加密密钥TEK和双向认证密钥AUK组成的;
TMS:Terminal Management System 的简称,即终端管理系统,用于完成POS终端信息管理、软件与参数配置、远程下载、终端运行状态信息收集管理、远程诊断等功能;
TMK:Terminal Master Key的简称,即终端主密钥,用于POS终端和支付收单系统之间工作密钥的加密传输;
安全房:具有较高安全级别,用于存放服务器的房间,该房间需要身份认证后才能进去。
智能IC卡:为CPU卡,卡内的集成电路包括中央处理器CPU、可编程只读存储器EEPROM、随机存储器RAM和固化在只读存储器ROM中的卡内操作系统COS(Chip Operating System),卡中数据分为外部读取和内部处理部分。
对称密钥:发送和接收数据的双方必须使用相同的密钥对明文进行加密和解密运算。对称密钥加密算法主要包括:DES、3DES、IDEA、FEAL、BLOWFISH等。
非对称密钥:非对称加密算法需要两个密钥:公开密钥(私钥Public key)和私有密钥(公钥Private key)。公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密;如果用私有密钥对数据进行加密,那么只有用对应的公开密钥才能解密。因为加密和解密使用的是两个不同的密钥,所以这种算法叫作非对称加密算法。非对称加密算法实现机密信息交换的基本过程是:甲方生成一对密钥并将其中的一把作为公用密钥向其它方公开;得到该公用密钥的乙方使用该密钥对机密信息进行加密后再发送给甲方;甲方再用自己保存的另一把专用密钥对加密后的信息进行解密。甲方可以使用乙方的公钥对机密信息进行加密后再发送给乙方;乙方再用自己的私匙对加密后的信息进行解密。主要算法有RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)。
RSA:一种非对称密钥算法。RSA公钥加密算法是1977年由Ron Rivest、Adi Shamirh 和Len Adleman 在(美国麻省理工学院)开发的。RSA 取名来自开发他们三者的名字。RSA 是目前最有影响力的公钥加密算法,它能够抵抗到目前为止已知的所有密码攻击,已被 ISO 推荐为公钥数据加密标准。RSA 算法基于一个十分简单的数论事实:将两个大素数相乘十分容易。RSA 算法是第一个能同时用于加密和数字签名的算法,也易于理解和操作。RSA 是被研究得最广泛的公钥算法,从提出到现在的三十多年里,经历了各种攻击的考验,逐渐为人们接受,普遍认为是目前最优秀的公钥方案之一。
TDES Triple-DES:DES是一种对称加密算法,密钥是8字节。TDES是基于DES 的加密算法,其密钥是16 字节或者24 字节。TDES/3DES 是英文TripleDES的缩语(即三重数据加密标准),DES 则是英文Data Encryption Standard(数加密标准)的缩语。DES 是一种对称密钥加密算法,即数据加密密钥与解密密钥相同的加密算法。DES 由IBM 公司在20 世纪70 年代开发并公开,随后为美国政府采用,并被美国国家标准局和美国国家标准协会 (ANSI)承认。TDES/3DES 是DES 加密算法的一种模式,它使用3条64 位的密钥对数据进行三次加密。是DES 的一个更安全的变形。
为解决背景技术中存在的技术问题,本发明采用一种新的主密钥下载方案,通过POS终端随机产生TK(Transmission Key,传输密钥),将产生后的TK保存于POS终端的密码键盘中,并将TK通过各种应用场景下所需的传输方式传送至KMS(Key Management System,密钥管理系统,用于管理终端主密钥TMK)中。
当POS终端申请下载终端主密钥TMK时,KMS系统使用TK加密终端主密钥TMK,并将加密后的终端主密钥密文发送给POS终端,POS终端接收后用TK对主密钥密文进行解密,得到终端主密钥TMK,并将终端主密钥TMK保存在密码键盘里。
如此,通过TK加密终端主密钥TMK,使TMK能够进行远程传输,方便TMK的安全下载。
上述通过POS终端采集传输密钥TK后发送至银行端对TMK进行加密,再通过POS终端远程下载经TK加密后的TMK的方法可以实现TMK的远程下载。但是,上述TMK下载方法TMK下载与TK上传是分开进行的,一般情况下是POS终端在生产厂家时产生并上传TK,等POS终端发放到各商户后再进行TMK下载,因此TMK的下载是零散进行的,时间效率低、KMS系统的工作量大,并且POS终端投放到各商户后再进行TMK下载不确定因素较多,TMK的下载风险更高 。因此需要一种时间效率更高、下载更为安全的终端主密钥TMK安全下载方法。
下面就对本发明克服上述问题的技术方案进行详细说明。
请参阅图1,为本发明一实施方式一种终端主密钥TMK安全下载系统的结构框图,该系统包括第一硬件加密机60、第二硬件加密机70、供应商密钥管理系统40、支付终端10、CA中心50、操作终端20以及KMS系统30;所述供应商密钥管理系统40包括协商密钥A模块401、公钥产生模块403、转加密模块402,支付终端10包括TK产生模块101、双向认证A模块103、TMK接收模块102,操作终端20包括TK采集模块202、TK上传模块201、CA认证A模块203,KMS系统30包括协商密钥B模块301、TK接收模块302、CA认证B模块303、双向认证B模块304、TMK发送模块305。
协商密钥A模块401与协商密钥B模块301用于调用第一硬件加密机60和第二硬件加密机70,分别在第一硬件加密机60和第二硬件加密机70中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机60和第二硬件加密机70中;
公钥产生模块403用于调用第一硬件加密机60产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端10;
TK产生模块101用于调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;
TK产生模块101还用于调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统40;
转加密模块402用于调用第一硬件加密机60使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;
转加密模块402还用于调用第一硬件加密机60使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端10;
TK采集模块202用于采集支付终端的第二传输密钥密文Ctk_pk;
CA认证A模块203与CA认证B模块304用于操作终端20与KMS系统30之间通过CA中心50进行身份认证;TK上传模块201用于当认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统30;
TK接收模块302用于调用第二硬件加密机70使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,还用于当校验通过时,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机70中;
双向认证A模块103与双向认证B模块304用于当KMS 系统30获得传输密钥TK后,调用第二硬件加密机70使用认证密钥AUK 与支付终端进行双向认证;
TMK发送模块305用于当KMS系统30与支付终端10认证通过后,调用第二硬件加密机70使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端10;
TMK接收模块102用于调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
其中,所述CA认证A模块包括第一随机数产生单元、第一数据收发单元、第一加解密单元、第一判断单元,CA认证B模块包括第二随机数产生单元、第二数据收发单元、第二加解密单元、第二判断单元,CA中心包括证书预置模块。
证书预置模块用于调用操作终端生成公私钥对Pu_optm和Pr_optm,并将公钥Pu_optm和操作终端标识信息向发给CA中心,CA中心生成根证书AuthRCRT_optm和对应私钥OptmWCRT_Prk,以及用于将接收到的公钥Pu_optm和操作终端标识信息使用私钥OptmWCRT_Prk签名生成数字证书OptmWCRT,以及用于数字证书OptmWCRT以及私钥OptmWCRT_Prk存储在操作终端中,将根证书AuthRCRT_optm存储在KMS系统;
证书预置模块用于调用第二硬件加密机产生公私钥对Pr_kms和Pu_kms,并将公钥Pu_kms和KMS标识信息发给CA中心,CA中心生成根证书AuthRCRT_kms和对应私钥ServerWCRT_Prk,以及用于将接收到的公钥Pu_kms和KMS系统标识信息使用私钥ServerWCRT_Prk签名生成数字证书ServerWCRT,以及用于将数字证书ServerWCRT以及对应私钥ServerWCRT_Prk存储在KMS系统,将根证书AuthRCRT_kms存储在操作终端;
第二数据收发单元用于将数字证书ServerWCRT发送给操作终端;
第一判断单元用于使用根证书AuthRCRT_kms验证数字证书ServerWCRT的合法性;第一随机数产生单元用于当所述数字证书ServerWCRT验证通过后,生成第一随机数AT1,并用于将第一随机数AT1发送给KMS系统;
第二加解密单元用于使用私钥ServerWCRT_Prk签名第一随机数AT1生成第一随机数密文Sign1,并将第一随机数密文Sign1发送给操作终端;
第一判断单元用于使用数字证书ServerWCRT验证第一随机数密文Sign1的合法性,第一数据收发单元用于当第一随机数密文Sign1验证通过后,将数字证书OptmWCRT发送给KMS系统;
第二判断单元用于使用根证书AuthRCRT_optm验证数字证书OptmWCRT的合法性,第二随机数产生单元用于当数字证书OptmWCRT验证通过后,生成第二随机数AT2,并将第二随机数发送给操作终端;
第一加解密单元用于使用私钥OptmWCRT_Prk加密第二随机数AT2生成第二随机密文Sign2,并将第二随机密文Sign2发送给KMS系统;
第二判断单元用于使用数字证书OptmWCRT验证第二随机密文Sign2的合法性,验证通过后,KMS系统与操作终端认证通过。
请参阅图2和图3,其中,图2为所述双向认证A模块103的结构框图,图3为所述双向认证B模块304的结构框图,所述双向认证A模块103包括第三随机数产生单元、第三数据收发单元、第三加解密单元以及第三判断单元,所述双向认证B模块包括第四随机数产生单元、第四数据收发单元、第四加解密单元以及第四判断单元;
第三随机数产生单元用于产生第三随机数AT3;第三数据收发单元用于将产生的第三随机数AT3发送至KMS系统;第四数据收发单元用于接收第三随机数AT3;第四随机数产生单元用于在接收到第三随机数AT3时,产生第四随机数AT4;第四加解密单元用于在接收到第三随机数AT3时,调用第四硬件加密机使用传输认证密钥AUK加密第三随机数AT3获得第三随机数密文Sign3;第四数据收发单元用于将第三随机数密文Sign3和第四随机数AT4发送给支付终端;
第三加解密单元用于在接收到第三随机数密文Sign3和第四随机数AT4时,使用传输认证密钥AUK解密接收到的第三随机数密文Sign3获得第五随机数AT3’;第三判断单元用于判断第五随机数AT3’与第三随机数AT3是否一致;
第三加解密单元用于当第五随机数AT3’与第三随机数AT3一致时,使用传输认证密钥AUK加密第四随机数AT4生成第四随机数密文Sign4;第三数据收发单元用于将第四随机数密文Sign4发送给KMS系统;
第四加解密单元用于在接收到第四随机数密文Sign4时,调用第二硬件加密机使用传输认证密钥AUK解密接收到的第四随机数密文Sign4获得第六随机数AT4’,第四判断单元用于判断第六随机数AT4’与第四随机数AT4是否一致,并当判定第六随机数AT4’与第四随机数AT4一致时,确认KMS系统与支付终端之间的双向认证通过。
其中,所述操作终端还包括有操作员卡和管理员卡;
所述CA中心的证书预置模块还用于产生操作员卡证书和管理员卡证书,并用于将操作员卡证书存储在操作员卡里以及将管理员卡证书存储在管理卡里;
所述操作员卡和管理员卡用于当操作终端读取插在操作终端上的操作员卡和管理员卡,通过CA中心对操作员证书和管理员证书进行合法性认证通过时,授权对操作终端进行操作。
其中,所述支付终端为POS终端、手机终端、智能IC卡、或ATM机终端。
请参阅图4,为本发明一实施方式中一种终端主密钥TMK安全下载方法,该方法包括步骤:
S1、支付终端产生传输密钥TK以及生成传输密钥密文;
S2、支付终端上传传输密钥密文以及下载主密钥TMK;
请参阅图5,为图4中步骤S1的具体步骤流程图,其中,步骤S1包括:
S11、供应商密钥管理系统调用第一硬件加密机、KMS 系统调用第二硬件加密机,分别在第一硬件加密机和第二硬件加密机中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机和第二硬件加密机中;
S12、供应商密钥管理系统调用第一硬件加密机产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端;
S13、支付终端调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;
S14、支付终端调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统;
S15、供应商密钥管理系统调用第一硬件加密机使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;
S16、供应商密钥管理系统调用第一硬件加密机使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端;
请参阅图6,为图4中步骤S2的具体步骤流程图,其中,步骤S2包括:
S21、操作终端采集支付终端的第二传输密钥密文Ctk_pk;
S22、操作终端与KMS系统之间通过CA中心进行身份认证,认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统;
S23、KMS系统调用第二硬件加密机使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,如果校验通过,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机中;
S24、KMS 系统获得传输密钥TK后调用第二硬件加密机使用认证密钥AUK 与支付终端进行双向认证;
S25、如果认证通过,KMS系统调用第二硬件加密机使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端;
S26、支付终端调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
其中,所述步骤S22具体为:
操作终端生成公私钥对Pu_optm和Pr_optm,将公钥Pu_optm和操作终端标识信息发给CA中心,CA中心生成根证书AuthRCRT_optm和对应私钥OptmWCRT_Prk,并将接收到的公钥Pu_optm和操作终端标识信息使用私钥OptmWCRT_Prk签名生成数字证书OptmWCRT,将数字证书OptmWCRT以及私钥OptmWCRT_Prk存储在操作终端中,将根证书AuthRCRT_optm存储在KMS系统;
KMS系统调用第二硬件加密机产生公私钥对Pr_kms和Pu_kms,将公钥Pu_kms和KMS系统标识信息发给CA中心,CA中心生成根证书AuthRCRT_kms和对应私钥ServerWCRT_Prk,并将接收到的公钥Pu_kms和KMS系统标识信息使用私钥ServerWCRT_Prk签名生成数字证书ServerWCRT,将数字证书ServerWCRT以及对应私钥ServerWCRT_Prk存储在KMS系统,将根证书AuthRCRT_kms存储在操作终端;
KMS系统将数字证书ServerWCRT发送给操作终端;
操作终端使用根证书AuthRCRT_kms验证数字证书ServerWCRT的合法性,如果验证通过,操作终端生成第一随机数AT1,并将第一随机数AT1发送给KMS系统;
KMS系统使用私钥ServerWCRT_Prk签名第一随机数AT1生成第一随机数密文Sign1,并将第一随机数密文Sign1发送给操作终端;
操作终端使用数字证书ServerWCRT验证第一随机数密文Sign1的合法性,验证通过后,将数字证书OptmWCRT发送给KMS系统;
KMS系统使用根证书AuthRCRT_optm验证数字证书OptmWCRT的合法性,验证通过后,生成第二随机数AT2,并将第二随机数AT2发送给操作终端;
操作终端使用私钥OptmWCRT_Prk加密第二随机数AT2生成第二随机密文Sign2,并将第二随机密文Sign2发送给KMS系统;
KMS系统使用数字证书OptmWCRT验证第二随机密文Sign2的合法性,验证通过后,KMS系统与操作终端认证通过。
其中,所述步骤S24具体包括:
支付终端产生第三随机数AT3并将第三随机数AT3发送至KMS系统;
KMS系统接收第三随机数AT3后产生第四随机数AT4,调用第二硬件加密机使用认证密钥AUK加密第三随机数AT3获得第三随机数密文Sign3,将第三随机数密文Sign3和第四随机数AT4发送给支付终端;
支付终端使用认证密钥AUK解密接收到的第三随机数密文Sign3获得第五随机数AT3’,判断第五随机数AT3’与第三随机数AT3是否一致:
如果第五随机数AT3’与第三随机数AT3一致,支付终端使用认证密钥AUK加密第四随机数AT4生成第四随机数密文Sign4,并将第四随机数密文Sign4发送给KMS系统;
KMS系统调用第二硬件加密机使用认证密钥AUK解密接收到的第四随机数密文Sign4获得第六随机数AT4’,判断第六随机数AT4’与第四随机数AT4是否一致;
如果第六随机数AT4’与第四随机数AT4一致,KMS系统与支付终端认证通过。
其中,对所述操作终端的操作必需经过操作员卡和管理员卡授权,具体包括:
操作员卡和管理员卡分别产生公私钥对,并分别将公钥发给CA中心,生成操作员卡证书和管理员卡证书,并分别将操作员卡证书存储在操作员卡里将管理员卡证书存储在管理卡里;
将操作员卡和管理员卡插在操作终端上,通过CA认证后,允许对操作终端的操作。
其中,所述支付终端为POS终端、手机终端、智能IC卡或ATM机终端。
在本发明中,传输密钥TK产生时计算TK的原始希哈值,当每次存储、传输或使用TK时先校验TK的希哈值,当检验通过后才可以使用TK。通过校验TK的希哈值可以防止存储设备异常导致存储的数据错误,确定密钥是否正确。
本发明的有益效果为:本发明通过支付终端上传传输密钥TK,由传输密钥对TMK进行加密传输,实现支付终端远程下载终端主密钥TMK,其中,TK包括传输加密密钥TEK和传输认证密钥AUK,支付终端与KMS系统先经过认证密钥AUK进行双向身份认证,认证通过后用非对称传输加密密钥TEK加密终端主密钥TMK进行传输,提高了TMK的传输下载安全。进一步地,本发明主密钥TMK是由KMS系统生成的,因此方便KMS系统对主密钥TMK的后续维护和管理。进一步地,所述主密钥TMK下载和传输密钥TK上传是一并进行的,且都是通过操作终端进行的,因此大大提高了TMK下载的时间效率。同时在支付终端出厂投放给商户之前就可以统一通过操作终端进行主密钥TMK下载,由于操作终端与KMS系统之间通过CA中心进行过身份认证,且TMK是集中进行下载的,因此大大减小了主密钥TMK下载风险,并且商户拿到支付终端就可直接使用,大大方便了商户的使用。更进一步地,所述供应商密钥管理系统与KMS系统分别存储有保护密钥PK和MAC密钥MAK,支付终端产生的传输密钥TK由供应商密钥管理系统的保护密钥PK和MAC密钥MAK加密后进行上传,因此操作终端无需对TK进行进一步地转加密,大大简化了TK上传过程中的加密处理,在保证TK安全传输的前提下提高了TK上传的时间效率。
在本发明中,操作终端上传TK前与KMS系统通过CA中心进行双方的身体认证,从而确保TK传送给正确的收单KMS系统,防止伪KMS系统窃取TK信息。
在本发明中,KMS系统在下发主密钥TMK前,通过认证密钥AUK进行双方的身份认证,有效防止伪支付终端窃取TMK,以及确保支付终端是从正确的KMS系统下载TMK。
在本发明中,所述操作终端还设置有操作员卡和管理员卡,只有在操作员卡和管理员卡均授权的情况下才能对操作终端进行操作,有效保证了上传的每一个TK的真实性和有效性。
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。

Claims (1)

  1. 1、一种终端主密钥TMK安全下载方法,其特征在于,包括步骤:
    S1、支付终端产生传输密钥TK以及生成传输密钥密文;
    S2、支付终端上传传输密钥密文以及下载主密钥TMK;
    其中步骤S1包括:
    S11、供应商密钥管理系统调用第一硬件加密机、KMS 系统调用第二硬件加密机,分别在第一硬件加密机和第二硬件加密机中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机和第二硬件加密机中;
    S12、供应商密钥管理系统调用第一硬件加密机产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端;
    S13、支付终端调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;
    S14、支付终端调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统;
    S15、供应商密钥管理系统调用第一硬件加密机使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;
    S16、供应商密钥管理系统调用第一硬件加密机使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端;
    其中步骤S2包括:
    S21、操作终端采集支付终端的第二传输密钥密文Ctk_pk;
    S22、操作终端与KMS系统之间通过CA中心进行身份认证,认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统;
    S23、KMS系统调用第二硬件加密机使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,如果校验通过,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机中;
    S24、KMS 系统获得传输密钥TK后调用第二硬件加密机使用认证密钥AUK 与支付终端进行双向认证;
    S25、如果认证通过,KMS系统调用第二硬件加密机使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端;
    S26、支付终端调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
    2、根据权利要求1所述的安全下载终端主密钥TMK方法,其特征在于,所述步骤S22具体为:
    操作终端生成公私钥对Pu_optm和Pr_optm,将公钥Pu_optm和操作终端标识信息发给CA中心,CA中心生成根证书AuthRCRT_optm和对应私钥OptmWCRT_Prk,并将接收到的公钥Pu_optm和操作终端标识信息使用私钥OptmWCRT_Prk签名生成数字证书OptmWCRT,将数字证书OptmWCRT以及私钥OptmWCRT_Prk存储在操作终端中,将根证书AuthRCRT_optm存储在KMS系统;
    KMS系统调用第二硬件加密机产生公私钥对Pr_kms和Pu_kms,将公钥Pu_kms和KMS系统标识信息发给CA中心,CA中心生成根证书AuthRCRT_kms和对应私钥ServerWCRT_Prk,并将接收到的公钥Pu_kms和KMS系统标识信息使用私钥ServerWCRT_Prk签名生成数字证书ServerWCRT,将数字证书ServerWCRT以及对应私钥ServerWCRT_Prk存储在KMS系统,将根证书AuthRCRT_kms存储在操作终端;
    KMS系统将数字证书ServerWCRT发送给操作终端;
    操作终端使用根证书AuthRCRT_kms验证数字证书ServerWCRT的合法性,如果验证通过,操作终端生成第一随机数AT1,并将第一随机数AT1发送给KMS系统;
    KMS系统使用私钥ServerWCRT_Prk签名第一随机数AT1生成第一随机数密文Sign1,并将第一随机数密文Sign1发送给操作终端;
    操作终端使用数字证书ServerWCRT验证第一随机数密文Sign1的合法性,验证通过后,将数字证书OptmWCRT发送给KMS系统;
    KMS系统使用根证书AuthRCRT_optm验证数字证书OptmWCRT的合法性,验证通过后,生成第二随机数AT2,并将第二随机数AT2发送给操作终端;
    操作终端使用私钥OptmWCRT_Prk加密第二随机数AT2生成第二随机密文Sign2,并将第二随机密文Sign2发送给KMS系统;
    KMS系统使用数字证书OptmWCRT验证第二随机密文Sign2的合法性,验证通过后,KMS系统与操作终端认证通过。
    3、根据权利要求1所述的终端主密钥TMK安全下载方法,其特征在于,所述步骤S24具体包括:
    支付终端产生第三随机数AT3并将第三随机数AT3发送至KMS系统;
    KMS系统接收第三随机数AT3后产生第四随机数AT4,调用第二硬件加密机使用认证密钥AUK加密第三随机数AT3获得第三随机数密文Sign3,将第三随机数密文Sign3和第四随机数AT4发送给支付终端;
    支付终端使用认证密钥AUK解密接收到的第三随机数密文Sign3获得第五随机数AT3’,判断第五随机数AT3’与第三随机数AT3是否一致:
    如果第五随机数AT3’与第三随机数AT3一致,支付终端使用认证密钥AUK加密第四随机数AT4生成第四随机数密文Sign4,并将第四随机数密文Sign4发送给KMS系统;
    KMS系统调用第二硬件加密机使用认证密钥AUK解密接收到的第四随机数密文Sign4获得第六随机数AT4’,判断第六随机数AT4’与第四随机数AT4是否一致;
    如果第六随机数AT4’与第四随机数AT4一致,KMS系统与支付终端认证通过。
    4、根据权利要求1所述的终端主密钥TMK安全下载方法,其特征在于,对所述操作终端的操作必需经过操作员卡和管理员卡授权,具体包括:
    操作员卡和管理员卡分别产生公私钥对,并分别将公钥发给CA中心,生成操作员卡证书和管理员卡证书,并分别将操作员卡证书存储在操作员卡里将管理员卡证书存储在管理卡里;
    将操作员卡和管理员卡插在操作终端上,通过CA认证后,允许对操作终端的操作。
    5、根据权利要求4所述的终端主密钥TMK安全下载方法,其特征在于,所述支付终端为POS终端、手机终端、智能IC卡或ATM机终端。
    6、一种终端主密钥TMK安全下载系统,其特征在于,包括第一硬件加密机、第二硬件加密机、供应商密钥管理系统、支付终端、CA中心、操作终端以及KMS系统;所述供应商密钥管理系统包括协商密钥A模块、公钥产生模块、转加密模块,
    支付终端包括TK产生模块、双向认证A模块、TMK接收模块,
    操作终端包括TK采集模块、TK上传模块、CA认证A模块,
    KMS系统包括协商密钥B模块、TK接收模块、CA认证B模块、双向认证B模块、TMK发送模块;
    协商密钥A模块与协商密钥B模块用于调用第一硬件加密机和第二硬件加密机,分别在第一硬件加密机和第二硬件加密机中将供应商权限分量及KMS 系统权限分量合成保护密钥PK和MAC密钥MAK,并且将所述保护密钥PK和MAC密钥MAK一并分别存储在第一硬件加密机和第二硬件加密机中;
    公钥产生模块用于调用第一硬件加密机产生公私钥对Pu_hsm、Pr_hsm,并将公钥Pu_hsm发送给支付终端;
    TK产生模块用于调用密码键盘生成传输密钥TK,所述TK包括传输加密密钥TEK和传输认证密钥AUK;
    TK产生模块还用于调用密码键盘使用公钥Pu_hsm加密TK,生成第一传输密钥密文Ctk_Pu,并将第一传输密钥密文Ctk_Pu发送给供应商密钥管理系统;
    转加密模块用于调用第一硬件加密机使用私钥Pr_hsm解密第一传输密钥密文Ctk_Pu获得传输密钥TK;
    转加密模块还用于调用第一硬件加密机使用保护密钥PK 加密传输密钥TK 并使用MAC 密钥MAK 计算MAC 值,生成第二传输密钥密文Ctk_pk,并将第二传输密钥密文Ctk_pk发送给支付终端;
    TK采集模块用于采集支付终端的第二传输密钥密文Ctk_pk;
    CA认证A模块与CA认证B模块用于操作终端与KMS系统之间通过CA中心进行身份认证;TK上传模块用于当认证通过后,将第二传输密钥密文Ctk_pk发送给KMS系统;
    TK接收模块用于调用第二硬件加密机使用MAC密钥MAK对查询到的第二传输密钥密文Ctk_pk 校验MAC 合法性,还用于当校验通过时,使用保护密钥PK 解密第二传输密钥密文Ctk_pk 获得传输密钥TK并将其存储在所述第二硬件加密机中;
    双向认证A模块与双向认证B模块用于当KMS 系统获得传输密钥TK后,调用第二硬件加密机使用认证密钥AUK 与支付终端进行双向认证;
    TMK发送模块用于当KMS系统与支付终端认证通过后,调用第二硬件加密机使用传输加密密钥TEK加密终端主密钥TMK生成主密钥密文Ctmk并将主密钥密文Ctmk发送至支付终端;
    TMK接收模块用于调用密码键盘使用传输加密密钥TEK解密主密钥密文Ctmk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。
    7、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述CA认证A模块包括第一随机数产生单元、第一数据收发单元、第一加解密单元、第一判断单元,
    CA认证B模块包括第二随机数产生单元、第二数据收发单元、第二加解密单元、第二判断单元,
    CA中心包括证书预置模块;
    证书预置模块用于调用操作终端生成公私钥对Pu_optm和Pr_optm,并将公钥Pu_optm和操作终端标识信息向发给CA中心,CA中心生成根证书AuthRCRT_optm和对应私钥OptmWCRT_Prk,以及用于将接收到的公钥Pu_optm和操作终端标识信息使用私钥OptmWCRT_Prk签名生成数字证书OptmWCRT,以及用于数字证书OptmWCRT以及私钥OptmWCRT_Prk存储在操作终端中,将根证书AuthRCRT_optm存储在KMS系统;
    证书预置模块用于调用第二硬件加密机产生公私钥对Pr_kms和Pu_kms,并将公钥Pu_kms和KMS标识信息发给CA中心,CA中心生成根证书AuthRCRT_kms和对应私钥ServerWCRT_Prk,以及用于将接收到的公钥Pu_kms和KMS系统标识信息使用私钥ServerWCRT_Prk签名生成数字证书ServerWCRT,以及用于将数字证书ServerWCRT以及对应私钥ServerWCRT_Prk存储在KMS系统,将根证书AuthRCRT_kms存储在操作终端;
    第二数据收发单元用于将数字证书ServerWCRT发送给操作终端;
    第一判断单元用于使用根证书AuthRCRT_kms验证数字证书ServerWCRT的合法性;第一随机数产生单元用于当所述数字证书ServerWCRT验证通过后,生成第一随机数AT1,并用于将第一随机数AT1发送给KMS系统;
    第二加解密单元用于使用私钥ServerWCRT_Prk签名第一随机数AT1生成第一随机数密文Sign1,并将第一随机数密文Sign1发送给操作终端;
    第一判断单元用于使用数字证书ServerWCRT验证第一随机数密文Sign1的合法性,第一数据收发单元用于当第一随机数密文Sign1验证通过后,将数字证书OptmWCRT发送给KMS系统;
    第二判断单元用于使用根证书AuthRCRT_optm验证数字证书OptmWCRT的合法性,第二随机数产生单元用于当数字证书OptmWCRT验证通过后,生成第二随机数AT2,并将第二随机数发送给操作终端;
    第一加解密单元用于使用私钥OptmWCRT_Prk加密第二随机数AT2生成第二随机密文Sign2,并将第二随机密文Sign2发送给KMS系统;
    第二判断单元用于使用数字证书OptmWCRT验证第二随机密文Sign2的合法性,验证通过后,KMS系统与操作终端认证通过。
    8、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述双向认证A模块包括第三随机数产生单元、第三数据收发单元、第三加解密单元以及第三判断单元,所述双向认证B模块包括第四随机数产生单元、第四数据收发单元、第四加解密单元以及第四判断单元;
    第三随机数产生单元用于产生第三随机数AT3;第三数据收发单元用于将产生的第三随机数AT3发送至KMS系统;第四数据收发单元用于接收第三随机数AT3;第四随机数产生单元用于在接收到第三随机数AT3时,产生第四随机数AT4;第四加解密单元用于在接收到第三随机数AT3时,调用第四硬件加密机使用传输认证密钥AUK加密第三随机数AT3获得第三随机数密文Sign3;第四数据收发单元用于将第三随机数密文Sign3和第四随机数AT4发送给支付终端;
    第三加解密单元用于在接收到第三随机数密文Sign3和第四随机数AT4时,使用传输认证密钥AUK解密接收到的第三随机数密文Sign3获得第五随机数AT3’;第三判断单元用于判断第五随机数AT3’与第三随机数AT3是否一致;
    第三加解密单元用于当第五随机数AT3’与第三随机数AT3一致时,使用传输认证密钥AUK加密第四随机数AT4生成第四随机数密文Sign4;第三数据收发单元用于将第四随机数密文Sign4发送给KMS系统;
    第四加解密单元用于在接收到第四随机数密文Sign4时,调用第二硬件加密机使用传输认证密钥AUK解密接收到的第四随机数密文Sign4获得第六随机数AT4’,第四判断单元用于判断第六随机数AT4’与第四随机数AT4是否一致,并当判定第六随机数AT4’与第四随机数AT4一致时,确认KMS系统与支付终端之间的双向认证通过。
    9、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述操作终端还包括有操作员卡和管理员卡;
    所述CA中心的证书预置模块还用于产生操作员卡证书和管理员卡证书,并用于将操作员卡证书存储在操作员卡里以及将管理员卡证书存储在管理卡里;
    所述操作员卡和管理员卡用于当操作终端读取插在操作终端上的操作员卡和管理员卡,通过CA中心对操作员证书和管理员证书进行合法性认证通过时,授权对操作终端进行操作。
    10、根据权利要求6至9所述的终端主密钥TMK安全下载系统,其特征在于,所述支付终端为POS终端、手机终端、智能IC卡、或ATM机终端。
PCT/CN2014/073215 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统 WO2014139406A1 (zh)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
CN201310084671.6 2013-03-15
CN2013100846716A CN103220270A (zh) 2013-03-15 2013-03-15 密钥下载方法、管理方法、下载管理方法及装置和系统
CN2013100843972A CN103237004A (zh) 2013-03-15 2013-03-15 密钥下载方法、管理方法、下载管理方法及装置和系统
CN201310084673.5 2013-03-15
CN201310084397.2 2013-03-15
CN2013100846538A CN103237005A (zh) 2013-03-15 2013-03-15 密钥管理方法及系统
CN201310084653.8 2013-03-15
CN2013100846735A CN103220271A (zh) 2013-03-15 2013-03-15 密钥下载方法、管理方法、下载管理方法及装置和系统
CN201310740642.0 2013-12-27
CN201310740642.0A CN103731259B (zh) 2013-03-15 2013-12-27 一种终端主密钥tmk安全下载方法及系统

Publications (1)

Publication Number Publication Date
WO2014139406A1 true WO2014139406A1 (zh) 2014-09-18

Family

ID=50363015

Family Applications (5)

Application Number Title Priority Date Filing Date
PCT/CN2014/073220 WO2014139408A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统
PCT/CN2014/073205 WO2014139403A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统
PCT/CN2014/073215 WO2014139406A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统
PCT/CN2014/073225 WO2014139412A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法系统
PCT/CN2014/073224 WO2014139411A1 (zh) 2013-03-15 2014-03-11 终端主密钥tmk安全下载方法及系统

Family Applications Before (2)

Application Number Title Priority Date Filing Date
PCT/CN2014/073220 WO2014139408A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统
PCT/CN2014/073205 WO2014139403A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法及系统

Family Applications After (2)

Application Number Title Priority Date Filing Date
PCT/CN2014/073225 WO2014139412A1 (zh) 2013-03-15 2014-03-11 一种终端主密钥tmk安全下载方法系统
PCT/CN2014/073224 WO2014139411A1 (zh) 2013-03-15 2014-03-11 终端主密钥tmk安全下载方法及系统

Country Status (2)

Country Link
CN (28) CN103729945B (zh)
WO (5) WO2014139408A1 (zh)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3309702A4 (en) * 2015-07-16 2018-05-23 Fujian Landi Commercial Equipment Co., Ltd Method and system for securely switching terminal between product mode and development mode
US10296477B2 (en) 2017-03-30 2019-05-21 United States of America as represented by the Secretary of the AirForce Data bus logger
US10432730B1 (en) 2017-01-25 2019-10-01 United States Of America As Represented By The Secretary Of The Air Force Apparatus and method for bus protection
CN110458551A (zh) * 2014-11-07 2019-11-15 天地融科技股份有限公司 数据交互系统
CN111815811A (zh) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 一种电子锁安全系统
CN112560058A (zh) * 2020-12-17 2021-03-26 山东华芯半导体有限公司 基于智能密码钥匙的ssd分区加密存储系统及其实现方法
CN113132980A (zh) * 2021-04-02 2021-07-16 四川省计算机研究院 应用于北斗导航系统的密钥管理系统方法和装置
CN113708923A (zh) * 2021-07-29 2021-11-26 银盛支付服务股份有限公司 一种远程下载主密钥的方法及系统

Families Citing this family (103)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103729945B (zh) * 2013-03-15 2015-11-18 福建联迪商用设备有限公司 一种安全下载终端主密钥的方法及系统
CN105281896B (zh) * 2014-07-17 2018-11-27 深圳华智融科技股份有限公司 一种基于椭圆曲线算法的密钥pos机激活方法及系统
CN104270346B (zh) * 2014-09-12 2017-10-13 北京天行网安信息技术有限责任公司 双向认证的方法、装置和系统
CN104363090A (zh) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 一种增强银行终端设备安全性的密钥分发装置和方法
CN105681263B (zh) * 2014-11-20 2019-02-12 广东华大互联网股份有限公司 一种智能卡密钥远程应用方法及应用系统
CN104486323B (zh) * 2014-12-10 2017-10-31 福建联迪商用设备有限公司 一种pos终端安全受控的联网激活方法及装置
CN104410641B (zh) * 2014-12-10 2017-12-08 福建联迪商用设备有限公司 一种pos终端安全受控的联网激活方法及装置
US9485250B2 (en) * 2015-01-30 2016-11-01 Ncr Corporation Authority trusted secure system component
CN105989472A (zh) * 2015-03-06 2016-10-05 华立科技股份有限公司 电能计量系统的无线移动配置,无线支付配置及其方法,以及公用商品无线支付配置
CN106204034B (zh) * 2015-04-29 2019-07-23 中国电信股份有限公司 应用内支付的双向认证方法和系统
CN105184121A (zh) * 2015-09-02 2015-12-23 上海繁易电子科技有限公司 一种通过远程服务器的硬件授权系统和方法
CN106559218A (zh) * 2015-09-29 2017-04-05 中国电力科学研究院 一种智能变电站计量数据的安全采集方法
CN105243542B (zh) * 2015-11-13 2021-07-02 咪付(广西)网络技术有限公司 一种动态电子凭证认证的方法
CN105260884A (zh) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 Pos机密钥分发方法及装置
CN105530241B (zh) * 2015-12-07 2018-12-28 咪付(广西)网络技术有限公司 移动智能终端与pos终端的认证方法
CN105574722A (zh) * 2015-12-11 2016-05-11 福建新大陆支付技术有限公司 基于授权ic卡的支付终端远程联机授权方法
CN105930718A (zh) * 2015-12-29 2016-09-07 中国银联股份有限公司 一种销售点终端模式切换方法及装置
CN105656669B (zh) * 2015-12-31 2019-01-01 福建联迪商用设备有限公司 电子设备的远程修复方法、设备、被修复设备和系统
CN105681032B (zh) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 密钥存储方法、密钥管理方法及装置
CN105743654A (zh) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 一种pos机密钥远程下载的服务系统以及密钥下载方法
CN105790934B (zh) * 2016-03-04 2019-03-15 中国银联股份有限公司 一种自适应的pos终端配置方法以其配置权转让方法
CN107294722A (zh) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 一种终端身份认证方法、装置及系统
CN105978856B (zh) * 2016-04-18 2019-01-25 随行付支付有限公司 一种pos机密钥下载方法、装置及系统
CN106059771A (zh) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 一种智能pos机密钥管理系统及方法
CN106097608B (zh) * 2016-06-06 2018-07-27 福建联迪商用设备有限公司 远程密钥下载方法及系统、收单机构和目标pos终端
CN106127461A (zh) * 2016-06-16 2016-11-16 中国银联股份有限公司 双向验证移动支付方法及系统
CN107563712A (zh) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 一种移动终端打卡方法、装置、设备及系统
CN106027247A (zh) * 2016-07-29 2016-10-12 宁夏丝路通网络支付有限公司北京分公司 Pos密钥远程下发方法
CN106100854A (zh) * 2016-08-16 2016-11-09 黄朝 基于权威主体的终端设备的逆向认证方法及系统
CN107800538B (zh) * 2016-09-01 2021-01-29 中电长城(长沙)信息技术有限公司 一种自助设备远程密钥分发方法
US11018860B2 (en) 2016-10-28 2021-05-25 Microsoft Technology Licensing, Llc Highly available and reliable secret distribution infrastructure
CN106571915A (zh) * 2016-11-15 2017-04-19 中国银联股份有限公司 一种终端主密钥的设置方法和装置
CN106603496B (zh) * 2016-11-18 2019-05-21 新智数字科技有限公司 一种数据传输的保护方法、智能卡、服务器及通信系统
CN106656488B (zh) * 2016-12-07 2020-04-03 百富计算机技术(深圳)有限公司 一种pos终端的密钥下载方法和装置
CN106712939A (zh) * 2016-12-27 2017-05-24 百富计算机技术(深圳)有限公司 密钥离线传输方法和装置
CN106953731B (zh) * 2017-02-17 2020-05-12 福建魔方电子科技有限公司 一种终端管理员的认证方法及系统
CN107466455B (zh) * 2017-03-15 2021-05-04 深圳大趋智能科技有限公司 Pos机安全验证方法及装置
CN106997533B (zh) * 2017-04-01 2020-10-13 福建实达电脑设备有限公司 一种pos终端产品安全生产授权管理系统及方法
CN107094138B (zh) * 2017-04-11 2019-09-13 郑州信大捷安信息技术股份有限公司 一种智能家居安全通信系统及通信方法
CN107070925A (zh) * 2017-04-18 2017-08-18 上海赛付网络科技有限公司 一种终端应用与后台服务通讯报文防篡改的方法
CN107104795B (zh) * 2017-04-25 2020-09-04 上海汇尔通信息技术有限公司 Rsa密钥对和证书的注入方法、架构及系统
CN107301437A (zh) * 2017-05-31 2017-10-27 江苏普世祥光电技术有限公司 一种广场景观灯的控制系统
CN107360652A (zh) * 2017-05-31 2017-11-17 江苏普世祥光电技术有限公司 一种广场景观灯的控制方法
CN107358441B (zh) * 2017-06-26 2020-12-18 北京明华联盟科技有限公司 支付验证的方法、系统及移动设备和安全认证设备
CN107637014B (zh) * 2017-08-02 2020-11-24 福建联迪商用设备有限公司 可配置的pos机密钥对生成方法、存储介质
CN107666420B (zh) * 2017-08-30 2020-12-15 宁波梦居智能科技有限公司 一种智能家居网关生产控制和身份鉴别的方法
CN107392591B (zh) * 2017-08-31 2020-02-07 恒宝股份有限公司 行业卡的在线充值方法、系统及蓝牙读写装置
CN107888379A (zh) * 2017-10-25 2018-04-06 百富计算机技术(深圳)有限公司 一种安全连接的方法、pos终端及密码键盘
WO2019080095A1 (zh) * 2017-10-27 2019-05-02 福建联迪商用设备有限公司 金融支付终端激活方法及其系统
CN107835170B (zh) * 2017-11-04 2021-04-20 上海动联信息技术股份有限公司 一种智能Pos设备安全授权拆机系统及方法
CN107993062A (zh) * 2017-11-27 2018-05-04 百富计算机技术(深圳)有限公司 Pos终端交易方法、装置、计算机设备及可读存储介质
CN107944250B (zh) * 2017-11-28 2021-04-13 艾体威尔电子技术(北京)有限公司 一种应用于pos机的密钥采集方法
CN107919962B (zh) * 2017-12-22 2021-01-15 国民认证科技(北京)有限公司 一种物联网设备注册和认证方法
CN108365950A (zh) * 2018-01-03 2018-08-03 深圳怡化电脑股份有限公司 金融自助设备密钥的生成方法及装置
CN108390851B (zh) * 2018-01-05 2020-07-03 郑州信大捷安信息技术股份有限公司 一种用于工业设备的安全远程控制系统及方法
WO2019136736A1 (zh) * 2018-01-15 2019-07-18 福建联迪商用设备有限公司 软件加密终端、支付终端、软件包加密及解密方法及系统
WO2019153119A1 (zh) * 2018-02-06 2019-08-15 福建联迪商用设备有限公司 一种传输密钥的方法、接收终端及分发终端
CN108446539B (zh) * 2018-03-16 2023-01-13 福建深空信息技术有限公司 一种软件授权方法和软件授权文件生成系统
WO2019178762A1 (zh) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 一种验证终端合法性的方法、服务端及系统
CN108496323B (zh) * 2018-03-21 2020-01-21 福建联迪商用设备有限公司 一种证书导入方法及终端
WO2019200530A1 (zh) * 2018-04-17 2019-10-24 福建联迪商用设备有限公司 终端主密钥的远程分发方法及其系统
CN108737106B (zh) * 2018-05-09 2021-06-01 深圳壹账通智能科技有限公司 区块链系统上用户验证方法、装置、终端设备及存储介质
CN108833088A (zh) * 2018-05-22 2018-11-16 珠海爱付科技有限公司 一种pos终端激活方法
CN110581829A (zh) * 2018-06-08 2019-12-17 中国移动通信集团有限公司 通信方法及装置
CN109218293B (zh) * 2018-08-21 2021-09-21 西安得安信息技术有限公司 一种分布式密码服务平台密钥管理的使用方法
CN109347625B (zh) * 2018-08-31 2020-04-24 阿里巴巴集团控股有限公司 密码运算、创建工作密钥的方法、密码服务平台及设备
CN109326061B (zh) * 2018-09-10 2021-10-26 惠尔丰(中国)信息系统有限公司 智能pos的防切机方法
CN109274684B (zh) * 2018-10-31 2020-12-29 中国—东盟信息港股份有限公司 基于eSIM通讯与导航服务为一体的物联网终端系统及其实现方法
CN109547208B (zh) * 2018-11-16 2021-11-09 交通银行股份有限公司 金融电子设备主密钥在线分发方法及系统
CN109670289B (zh) * 2018-11-20 2020-12-15 福建联迪商用设备有限公司 一种识别后台服务器合法性的方法及系统
CN109508995A (zh) * 2018-12-12 2019-03-22 福建新大陆支付技术有限公司 一种基于支付终端的脱机授权方法及支付终端
CN109510711B (zh) * 2019-01-08 2022-04-01 深圳市网心科技有限公司 一种网络通信方法、服务器、客户端及系统
CN111627174A (zh) * 2019-02-28 2020-09-04 南京摩铂汇信息技术有限公司 蓝牙pos设备及支付系统
CN109995532A (zh) * 2019-04-11 2019-07-09 晏福平 一种终端主密钥的在线管理方法及系统
CN110011794B (zh) * 2019-04-11 2021-08-13 北京智芯微电子科技有限公司 密码机密钥属性的测试方法
CN110061848B (zh) * 2019-04-17 2021-09-14 飞天诚信科技股份有限公司 一种安全导入支付终端密钥的方法、支付终端及系统
CN110545542B (zh) * 2019-06-13 2023-03-14 银联商务股份有限公司 基于非对称加密算法的主控密钥下载方法、装置和计算机设备
CN112532567A (zh) * 2019-09-19 2021-03-19 中国移动通信集团湖南有限公司 一种交易加密方法和posp系统
CN110855442A (zh) * 2019-10-10 2020-02-28 北京握奇智能科技有限公司 一种基于pki技术的设备间证书验证方法
CN111132154B (zh) * 2019-12-26 2022-10-21 飞天诚信科技股份有限公司 一种协商会话密钥的方法及系统
CN111193748B (zh) * 2020-01-06 2021-12-03 惠州市德赛西威汽车电子股份有限公司 一种交互式密钥安全认证方法及系统
CN111275440B (zh) * 2020-01-19 2023-11-10 中钞科堡现金处理技术(北京)有限公司 远程密钥下载方法及系统
TWI775061B (zh) * 2020-03-30 2022-08-21 尚承科技股份有限公司 軟韌體或資料保護系統及保護方法
CN111597512B (zh) * 2020-03-31 2023-10-31 尚承科技股份有限公司 软韧体或资料保护系统及保护方法
CN111526013B (zh) * 2020-04-17 2023-05-05 中国人民银行清算总中心 密钥分发方法及系统
CN111884804A (zh) * 2020-06-15 2020-11-03 上海祥承通讯技术有限公司 一种远程密钥管理方法
CN111931206A (zh) * 2020-07-31 2020-11-13 银盛支付服务股份有限公司 一种基于app数据加密方法
CN112134849B (zh) * 2020-08-28 2024-02-20 国电南瑞科技股份有限公司 一种智能变电站的动态可信加密通信方法及系统
CN112311528B (zh) * 2020-10-17 2023-06-23 深圳市德卡科技股份有限公司 一种基于国密算法的数据安全传输方法
CN112291232B (zh) * 2020-10-27 2021-06-04 中国联合网络通信有限公司深圳市分公司 一种基于租户的安全能力和安全服务链管理平台
CN112332978B (zh) * 2020-11-10 2022-09-20 上海商米科技集团股份有限公司 一种基于密钥协商的远程密钥注入方法
CN112396416A (zh) * 2020-11-18 2021-02-23 上海商米科技集团股份有限公司 一种智能pos设备证书装载的方法
CN112968776B (zh) * 2021-02-02 2022-09-02 中钞科堡现金处理技术(北京)有限公司 远程密钥交换的方法、存储介质及电子设备
CN113037494B (zh) * 2021-03-02 2023-05-23 福州汇思博信息技术有限公司 一种烧片镜像文件签名方法及终端
CN113450511A (zh) * 2021-03-25 2021-09-28 深圳怡化电脑科技有限公司 受理终端设备与银行系统的交易方法及受理终端设备
CN113328851B (zh) * 2021-04-21 2022-01-14 北京连山科技股份有限公司 一种在多链路条件下随机传输密钥的方法及系统
CN113645221A (zh) * 2021-08-06 2021-11-12 中国工商银行股份有限公司 灌密方法、装置、设备、存储介质和计算机程序
CN113810391A (zh) * 2021-09-01 2021-12-17 杭州视洞科技有限公司 一种跨机房通信双向认证和加密方法
CN113612612A (zh) * 2021-09-30 2021-11-05 阿里云计算有限公司 一种数据加密传输方法、系统、设备及存储介质
CN114423003B (zh) * 2021-12-29 2024-01-30 中国航空工业集团公司西安飞机设计研究所 一种飞机密钥综合管理方法及系统
CN114499891A (zh) * 2022-03-21 2022-05-13 宁夏凯信特信息科技有限公司 一种签名服务器系统以及签名验证方法
CN114726521A (zh) * 2022-04-14 2022-07-08 广东好太太智能家居有限公司 智能锁临时密码生成方法及电子设备
CN116865966B (zh) * 2023-09-04 2023-12-05 中量科(南京)科技有限公司 基于量子密钥生成工作密钥的加密方法、装置及存储介质

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656007A (zh) * 2009-08-14 2010-02-24 通联支付网络服务股份有限公司 一种在pos机上实现一机多密的安全系统及方法
US7837098B2 (en) * 2008-11-11 2010-11-23 Nautilus Hyosung Inc. Method for on-line sharing of TMK (terminal master key) between ATM and host
CN101930644A (zh) * 2009-06-25 2010-12-29 中国银联股份有限公司 一种银行卡支付系统中主密钥安全自动下载的方法及其系统
CN102148799A (zh) * 2010-02-05 2011-08-10 中国银联股份有限公司 密钥下载方法及系统
CN103220271A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
CN103220270A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
CN103237005A (zh) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 密钥管理方法及系统
CN103237004A (zh) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统

Family Cites Families (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS57157371A (en) * 1981-03-24 1982-09-28 Sharp Corp Electronic cash register
JP2993833B2 (ja) * 1993-11-29 1999-12-27 富士通株式会社 Posシステム
JPH10112883A (ja) * 1996-10-07 1998-04-28 Hitachi Ltd 無線通信交換システム、交換機、公開鍵管理装置、移動端末および移動端末認証方法
WO2000056693A1 (en) * 1999-03-22 2000-09-28 Purac Biochem B.V. Method of industrial-scale purification of lactic acid
CN1127033C (zh) * 2000-07-20 2003-11-05 天津南开戈德集团有限公司 无线移动网络销售点终端系统
US7110986B1 (en) * 2001-04-23 2006-09-19 Diebold, Incorporated Automated banking machine system and method
KR100641824B1 (ko) * 2001-04-25 2006-11-06 주식회사 하렉스인포텍 대칭키 보안 알고리즘을 이용한 금융정보 입력방법 및 그이동통신용 상거래 시스템
JP2002366285A (ja) * 2001-06-05 2002-12-20 Matsushita Electric Ind Co Ltd Pos端末
GB2404126B (en) * 2002-01-17 2005-04-06 Toshiba Res Europ Ltd Data transmission links
JP2003217028A (ja) * 2002-01-24 2003-07-31 Tonfuu:Kk Pos端末装置の運用状況監視システム
US7395427B2 (en) * 2003-01-10 2008-07-01 Walker Jesse R Authenticated key exchange based on pairwise master key
JP2005117511A (ja) * 2003-10-10 2005-04-28 Nec Corp 量子暗号通信システム及びそれに用いる量子暗号鍵配布方法
KR101282972B1 (ko) * 2004-03-22 2013-07-08 삼성전자주식회사 디바이스와 휴대형 저장장치와의 상호인증
US20060093149A1 (en) * 2004-10-30 2006-05-04 Shera International Ltd. Certified deployment of applications on terminals
DE102005022019A1 (de) * 2005-05-12 2007-02-01 Giesecke & Devrient Gmbh Sichere Verarbeitung von Daten
KR100652125B1 (ko) * 2005-06-03 2006-12-01 삼성전자주식회사 서비스 제공자, 단말기 및 사용자 식별 모듈 간을총괄적으로 인증하여 관리할 수 있도록 하는 상호 인증방법 및 이를 이용한 시스템과 단말 장치
CN100583743C (zh) * 2005-07-22 2010-01-20 华为技术有限公司 传输密钥的分发方法
WO2008021581A2 (en) * 2006-02-22 2008-02-21 Hypercom Corporation Secure electronic transaction system
JP2007241351A (ja) * 2006-03-06 2007-09-20 Cela System:Kk 顧客・商品・仕入れ管理システム(posを含む)と携帯端末とによる顧客・商品総合管理システム
EP1833009B1 (en) * 2006-03-09 2019-05-08 First Data Corporation Secure transaction computer network
US7818264B2 (en) * 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
CN101064695A (zh) * 2007-05-16 2007-10-31 杭州看吧科技有限公司 一种P2P(Peer to Peer)安全连接的方法
CN101145913B (zh) * 2007-10-25 2010-06-16 东软集团股份有限公司 一种实现网络安全通信的方法及系统
WO2009070041A2 (en) * 2007-11-30 2009-06-04 Electronic Transaction Services Limited Payment system and method of operation
CN101541002A (zh) * 2008-03-21 2009-09-23 展讯通信(上海)有限公司 一种基于Web服务器的移动终端的软件许可证下载方法
CN101615322B (zh) * 2008-06-25 2012-09-05 上海富友金融网络技术有限公司 实现有磁支付功能的移动终端支付方法及系统
JP4666240B2 (ja) * 2008-07-14 2011-04-06 ソニー株式会社 情報処理装置、情報処理方法、プログラム、および情報処理システム
CN101686225A (zh) * 2008-09-28 2010-03-31 中国银联股份有限公司 一种用于网上支付的数据加密和密钥生成方法
JP5329184B2 (ja) * 2008-11-12 2013-10-30 株式会社日立製作所 公開鍵証明書の検証方法及び検証サーバ
CN101425208B (zh) * 2008-12-05 2010-11-10 浪潮齐鲁软件产业有限公司 一种金融税控收款机密钥安全下载方法
CN101527714B (zh) * 2008-12-31 2012-09-05 飞天诚信科技股份有限公司 制证的方法、装置及系统
CN101719895A (zh) * 2009-06-26 2010-06-02 中兴通讯股份有限公司 一种实现网络安全通信的数据处理方法和系统
CN101593389B (zh) * 2009-07-01 2012-04-18 中国建设银行股份有限公司 一种用于pos终端的密钥管理方法和系统
CN101631305B (zh) * 2009-07-28 2011-12-07 交通银行股份有限公司 一种加密方法及系统
CN102064939B (zh) * 2009-11-13 2013-06-12 福建联迪商用设备有限公司 Pos文件认证的方法及认证证书的维护方法
CN101710436B (zh) * 2009-12-01 2011-12-14 中国建设银行股份有限公司 一种控制pos终端的方法、系统以及pos终端管理设备
CN101807994B (zh) * 2009-12-18 2012-07-25 北京握奇数据系统有限公司 一种ic卡应用数据传输的方法及系统
CN201656997U (zh) * 2010-04-28 2010-11-24 中国工商银行股份有限公司 一种生成传输密钥的装置
CN101807997B (zh) * 2010-04-28 2012-08-22 中国工商银行股份有限公司 一种生成传输密钥的装置及方法
CN102262760A (zh) * 2010-05-28 2011-11-30 杨筑平 交易保密方法、受理装置和提交软件
US8856509B2 (en) * 2010-08-10 2014-10-07 Motorola Mobility Llc System and method for cognizant transport layer security (CTLS)
CN101938520B (zh) * 2010-09-07 2015-01-28 中兴通讯股份有限公司 一种基于移动终端签名的远程支付系统及方法
CN101976403A (zh) * 2010-10-29 2011-02-16 北京拉卡拉网络技术有限公司 手机号支付平台、支付交易系统及方法
CN102013982B (zh) * 2010-12-01 2012-07-25 银联商务有限公司 远程加密方法、管理方法、加密管理方法及装置和系统
CN102903189A (zh) * 2011-07-25 2013-01-30 上海昂贝电子科技有限公司 一种终端交易方法及装置
CN102394749B (zh) * 2011-09-26 2014-03-05 深圳市文鼎创数据科技有限公司 数据传输的线路保护方法、系统、信息安全设备及应用设备
CN102521935B (zh) * 2011-12-15 2013-12-11 福建联迪商用设备有限公司 Pos机状态检测的方法及装置
CN102592369A (zh) * 2012-01-14 2012-07-18 福建联迪商用设备有限公司 自助终端接入金融交易中心的方法
CN102624711B (zh) * 2012-02-27 2015-06-03 福建联迪商用设备有限公司 一种敏感信息传输方法及系统
CN102624710B (zh) * 2012-02-27 2015-03-11 福建联迪商用设备有限公司 一种敏感信息传输方法及系统
CN102647274B (zh) * 2012-04-12 2014-10-08 福建联迪商用设备有限公司 Pos终端、终端接入前置、主密钥管理系统及其方法
CN102707972B (zh) * 2012-05-02 2016-03-09 银联商务有限公司 一种pos终端程序更新方法与系统
CN102768744B (zh) * 2012-05-11 2016-03-16 福建联迪商用设备有限公司 一种远程安全支付方法和系统
CN102868521B (zh) * 2012-09-12 2015-03-04 成都卫士通信息产业股份有限公司 一种增强对称密钥体系的密钥传输方法
CN103116505B (zh) * 2012-11-16 2016-05-25 福建联迪商用设备有限公司 一种自动匹配下载的方法
CN103117855B (zh) * 2012-12-19 2016-07-06 福建联迪商用设备有限公司 一种生成数字证书的方法及备份和恢复私钥的方法
CN103729945B (zh) * 2013-03-15 2015-11-18 福建联迪商用设备有限公司 一种安全下载终端主密钥的方法及系统
CN103269266B (zh) * 2013-04-27 2016-07-06 北京宏基恒信科技有限责任公司 动态口令的安全认证方法和系统

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7837098B2 (en) * 2008-11-11 2010-11-23 Nautilus Hyosung Inc. Method for on-line sharing of TMK (terminal master key) between ATM and host
CN101930644A (zh) * 2009-06-25 2010-12-29 中国银联股份有限公司 一种银行卡支付系统中主密钥安全自动下载的方法及其系统
CN101656007A (zh) * 2009-08-14 2010-02-24 通联支付网络服务股份有限公司 一种在pos机上实现一机多密的安全系统及方法
CN102148799A (zh) * 2010-02-05 2011-08-10 中国银联股份有限公司 密钥下载方法及系统
CN103220271A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
CN103220270A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
CN103237005A (zh) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 密钥管理方法及系统
CN103237004A (zh) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110458551A (zh) * 2014-11-07 2019-11-15 天地融科技股份有限公司 数据交互系统
EP3309702A4 (en) * 2015-07-16 2018-05-23 Fujian Landi Commercial Equipment Co., Ltd Method and system for securely switching terminal between product mode and development mode
US10432730B1 (en) 2017-01-25 2019-10-01 United States Of America As Represented By The Secretary Of The Air Force Apparatus and method for bus protection
US10296477B2 (en) 2017-03-30 2019-05-21 United States of America as represented by the Secretary of the AirForce Data bus logger
CN111815811A (zh) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 一种电子锁安全系统
CN111815811B (zh) * 2020-06-22 2022-09-06 合肥智辉空间科技有限责任公司 一种电子锁安全系统
CN112560058A (zh) * 2020-12-17 2021-03-26 山东华芯半导体有限公司 基于智能密码钥匙的ssd分区加密存储系统及其实现方法
CN112560058B (zh) * 2020-12-17 2022-12-30 山东华芯半导体有限公司 基于智能密码钥匙的ssd分区加密存储系统及其实现方法
CN113132980A (zh) * 2021-04-02 2021-07-16 四川省计算机研究院 应用于北斗导航系统的密钥管理系统方法和装置
CN113132980B (zh) * 2021-04-02 2023-10-13 四川省计算机研究院 应用于北斗导航系统的密钥管理系统方法和装置
CN113708923A (zh) * 2021-07-29 2021-11-26 银盛支付服务股份有限公司 一种远程下载主密钥的方法及系统

Also Published As

Publication number Publication date
CN103716320A (zh) 2014-04-09
CN103716321A (zh) 2014-04-09
CN103746800B (zh) 2017-05-03
CN103731259A (zh) 2014-04-16
CN103729945A (zh) 2014-04-16
CN103714640A (zh) 2014-04-09
CN103729941B (zh) 2016-06-15
WO2014139411A1 (zh) 2014-09-18
CN103714636A (zh) 2014-04-09
CN103701609A (zh) 2014-04-02
CN103701609B (zh) 2016-09-28
CN103729943A (zh) 2014-04-16
CN103714637A (zh) 2014-04-09
CN103745351A (zh) 2014-04-23
CN103716154B (zh) 2017-08-01
CN103714635B (zh) 2015-11-11
CN103714638A (zh) 2014-04-09
CN103729944B (zh) 2015-09-30
CN103716321B (zh) 2017-08-29
CN103714639A (zh) 2014-04-09
CN103714641A (zh) 2014-04-09
CN103729941A (zh) 2014-04-16
CN103716167B (zh) 2017-01-11
CN103729943B (zh) 2015-12-30
WO2014139412A1 (zh) 2014-09-18
CN103716153A (zh) 2014-04-09
CN103716167A (zh) 2014-04-09
CN103729942A (zh) 2014-04-16
CN103714637B (zh) 2016-03-16
CN103701812A (zh) 2014-04-02
CN103716155A (zh) 2014-04-09
CN103729940A (zh) 2014-04-16
CN103714639B (zh) 2016-05-04
CN103714641B (zh) 2016-03-30
CN103729940B (zh) 2016-06-15
CN103701812B (zh) 2017-01-25
CN103714636B (zh) 2015-12-02
CN103746800A (zh) 2014-04-23
CN103729944A (zh) 2014-04-16
CN103714638B (zh) 2015-09-30
CN103716154A (zh) 2014-04-09
CN103716155B (zh) 2016-08-17
CN103731259B (zh) 2017-08-01
CN103701610B (zh) 2018-04-17
CN103729942B (zh) 2016-01-13
CN103714633A (zh) 2014-04-09
CN103714635A (zh) 2014-04-09
CN103714633B (zh) 2016-05-04
CN103714640B (zh) 2016-02-03
CN103716320B (zh) 2017-08-01
CN103729945B (zh) 2015-11-18
CN103714634B (zh) 2016-06-15
CN103731260A (zh) 2014-04-16
CN103745351B (zh) 2017-09-29
CN103731260B (zh) 2016-09-28
CN103714634A (zh) 2014-04-09
CN103716153B (zh) 2017-08-01
CN103701610A (zh) 2014-04-02
WO2014139408A1 (zh) 2014-09-18
WO2014139403A1 (zh) 2014-09-18

Similar Documents

Publication Publication Date Title
WO2014139406A1 (zh) 一种终端主密钥tmk安全下载方法及系统
WO2014139342A1 (zh) 密钥下载方法、管理方法、下载管理方法及装置和系统
WO2014139344A1 (zh) 密钥下载方法、管理方法、下载管理方法及装置和系统
US11694199B2 (en) Payment system
US11847640B2 (en) Payment system for authorizing a transaction between a user device and a terminal
US20220353252A1 (en) Efficient methods for authenticated communication
US20220070001A1 (en) Methods for secure credential provisioning
WO2014139341A1 (zh) 密钥管理方法及系统
RU2674329C2 (ru) Обработка защищенных удаленных платежных транзакций
WO2014139343A1 (zh) 密钥下载方法、管理方法、下载管理方法及装置和系统
US20090222383A1 (en) Secure Financial Reader Architecture
EP2098985A2 (en) Secure financial reader architecture
WO2013182058A1 (zh) 电子认证客户端系统及处理方法、电子认证系统及方法
WO2020091722A1 (en) Efficient authentic communication system and method
WO2015081763A1 (zh) 一种虚拟设备的授权使用方法及装置
US20200160333A1 (en) System and method for the protection of consumer financial data utilizing dynamic content shredding
WO2017097704A1 (en) A communication system comprising a local payment kernel
KR20070010874A (ko) 공개키 인증서를 이용한 전자화폐사간 구매키 전달 방법
WO2015108307A1 (ko) 사용자 장치를 이용한 본인인증방법, 이를 위한 디지털 시스템, 및 인증 시스템
KR101611214B1 (ko) 금융 시스템, 금융 시스템의 카드 결제 요청 및 승인 방법
KR101536594B1 (ko) 보안성 향상을 위한 서비스 사업자 서버를 통한 공인 인증서를 안전하게 사용하는 방법 및 공인 인증서 사용 시스템
TW201610880A (zh) 線上交易安全元件、電子裝置及其方法
JP2018139022A (ja) カード処理端末、決済データ処理方法、および決済データ処理プログラム

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14765390

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 14765390

Country of ref document: EP

Kind code of ref document: A1