WO2014139411A1 - Secure downloading method and system for terminal master key (tmk) - Google Patents
Secure downloading method and system for terminal master key (tmk) Download PDFInfo
- Publication number
- WO2014139411A1 WO2014139411A1 PCT/CN2014/073224 CN2014073224W WO2014139411A1 WO 2014139411 A1 WO2014139411 A1 WO 2014139411A1 CN 2014073224 W CN2014073224 W CN 2014073224W WO 2014139411 A1 WO2014139411 A1 WO 2014139411A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- tmk
- terminal
- master key
- pos terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
Definitions
- the present invention relates to the field of electronic payment, and in particular, to a method and system for securely downloading a terminal master key TMK.
- Bank card (BANK Card) is becoming more and more popular as a payment instrument.
- the usual bank card payment system includes a point of sale terminal (Point Of Sale, POS), POS Acquiring System (POSP), PIN PAD and Hardware Encryption (Hardware and Security) Module, HSM).
- the POS terminal can accept the bank card information, has the communication function, and accepts the instructions of the teller to complete the financial transaction information and the related information exchange device; the POS acquiring system performs centralized management on the POS terminal, including parameter downloading, key downloading, accepting, Processing or forwarding the transaction request of the POS terminal, and sending back the transaction result information to the POS terminal, which is a centralized management and transaction processing system; the password keyboard (PIN) PAD) is a security device that securely stores keys related to various financial transactions and encrypts PINs.
- the hardware encryption machine (HSM) is a peripheral hardware device that encrypts transmitted data and is used for encryption of PINs. Decrypt, verify the correctness of the message and file source, and store the key.
- Personal identification number (Personal Identification Number, PIN), which is the personal information, is the data information identifying the legality of the cardholder's identity in online transactions. It is not allowed to appear in plain text in any part of the computer and network system; terminal master key (Terminal) Master Key, TMK), when the POS terminal works, the master key for encrypting the work key is encrypted and stored in the system database; the POS terminal is widely used in bank card payment occasions, such as vendor shopping, hotel accommodation, etc. The lack of modern means of payment has been integrated into the various situations of people's lives. Bank cards, especially debit cards, generally have a PIN set by the cardholder.
- the POS terminal In the process of payment, the POS terminal not only sends the track information of the bank card, but also the cardholder to input the PIN for the card issuing bank to verify.
- the legality of the cardholder’s identity ensures the security of the payment of the bank card and protects the property of the cardholder.
- it In order to prevent the PIN from being leaked or cracked, it is required to securely encrypt the PIN from the terminal to the issuing bank during the entire information exchange process. It is not allowed to appear in the clear text in any part of the computer network system, so the input PIN is currently accepted.
- the POS terminal requires a key management system.
- TMK terminal master key
- WK work key
- TMK encrypts WK.
- Each POS terminal has a unique TMK, which must be secure, ensure that it can only be written to the device and participate in calculations, and cannot be read.
- TMK is a key root key. If TMK is intercepted, the work key is easier. Being cracked will seriously threaten the security of bank card payments. Therefore, whether the TMK can be safely downloaded to the POS terminal becomes the key to the security of the entire POS terminal.
- the download of the terminal master key must be controlled in the security room of the management center to manually download the terminal master key.
- the maintenance center has a large workload; after the equipment leaves the factory, it needs to be transported to the security center of the management center to download the key to be deployed to the merchant, and the transportation cost increases; in order to concentrate the download of the key, a large amount of manpower and working time are required, and the maintenance cost is large. , long maintenance period and other issues.
- a method for secure downloading a terminal master key TMK includes the steps of: S1, the KMS system calls a hardware encryption machine to generate a public key Pu and a private key Pr, and sends the public key Pu to a PIN terminal of the POS terminal; S2, the POS terminal invokes a PIN pad
- the transmission key TK is randomly generated, and the transmission key ciphertext Ctk_Pu is generated by using the public key Pu encryption transmission key TK, and then the transmission key ciphertext Ctk_Pu is sent to the KMS system;
- a terminal master key TMK secure download system terminal master key TMK secure download system comprising a KMS system, a POS terminal communicatively coupled to the KMS system, and a hardware encryption machine, the POS terminal including a TK generation module and a decryption module;
- the KMS system includes a public-private key generation module, a TK receiving module, and a TMK module;
- the public-private key generation module is configured to invoke a hardware encryption machine to generate a public key Pu and a private key Pr, and send the public key Pu to a PIN terminal of the POS terminal;
- the TK generation module is configured to randomly generate a transmission key TK by calling a cryptographic keyboard, and generate a transmission key ciphertext Ctk_Pu by using the public key Pu to encrypt the transmission key TK, and then transmitting the transmission key ciphertext Ctk_Pu to the KMS system;
- the receiving module is configured to: when receiving the transmission key ciphertext Ctk_
- the invention has the beneficial effects that the present invention randomly generates and uploads the transmission key TK through the POS terminal, and encrypts the terminal master key TMK by TK, thereby implementing the POS terminal remote download terminal master key TMK, thereby eliminating the original In the technology, the transportation cost brought by the centralized download of the terminal master key TMK and the cost of the KMS system maintenance center room.
- FIG. 1 is a structural block diagram of a terminal master key TMK secure download system according to an embodiment of the present invention
- FIG. 2 is a flowchart of a method for securely downloading a terminal master key TMK according to an embodiment of the present invention.
- 201 public and private key generation module
- 202 TK receiving module
- 203 TMK module
- 30 hardware encryption machine.
- AUK Authentication Key Abbreviation, the authentication key, used for mutual authentication between PINPAD and the key management system KMS;
- CA Center The so-called CA (Certificate Authority) Center, which uses PKI (Public Key) Infrastructure) Public Key Infrastructure Technology, which provides network identity authentication services, is responsible for issuing and managing digital certificates, and is an authoritative and impartial third-party trust organization that acts like a company that issues documents in real life.
- PKI Public Key
- HSM High Security Machine, high security device, which is a hardware encryption machine in this system
- KMS system Key Management System, key management system for managing terminal master key TMK;
- MAK short for Mac Key, which is the MAC calculation key.
- MTMS full name Material Tracking Management System, material traceability management system, mainly used in factory production;
- PIK short name of Pin Key, that is, Pin encryption key, which is a kind of work key
- PINPAD password keyboard
- PK Short for Protect Key, the protection key, negotiated with the customer to determine the 24-byte symmetric key.
- MTMS/TCS Encrypted transmission of TK with KMS;
- POS Short for Point Of Sale, which is the sales terminal
- SNpinpad the serial number of the PIN pad. When PINPAD is built-in, it is the same as the serial number SNpos of the POS terminal.
- SN the serial number of the payment terminal
- TEK Transmission Encrypt The abbreviation of Key, that is, transmission encryption key, 24-byte symmetric key, used for encrypted transmission of TMK between PINPAD and key management system KMS;
- TK Transmission The abbreviation of Key, that is, the transmission key.
- the transport key is composed of a transport encryption key TEK and a mutual authentication key AUK;
- TMS Terminal Management System Abbreviation, that is, terminal management system, used to complete payment terminal information management, software and parameter configuration, remote download, terminal operation status information collection management, remote diagnosis and other functions;
- TMK Terminal Master
- the abbreviation of Key that is, the terminal master key, is used for encrypted transmission of the work key between the payment terminal and the payment acquiring system;
- Security room A room with a high security level for storing servers. This room requires authentication before it can enter.
- Smart IC card It is a CPU card.
- the integrated circuit in the card includes a central processing unit CPU, a programmable read-only memory EEPROM, a random access memory RAM, and an in-card operating system COS (Chip) which is solidified in a read-only memory ROM. Operating System), the data in the card is divided into external reading and internal processing.
- Symmetric key Both parties that send and receive data must use the same key to encrypt and decrypt the plaintext.
- Symmetric key encryption algorithms mainly include: DES, 3DES, IDEA, FEAL, BLOWFISH, and so on.
- Asymmetric Key An asymmetric encryption algorithm requires two keys: a public key (Private key) and a private key (Public key) Key). The public key and the private key are a pair. If the data is encrypted with the public key, only the corresponding private key can be used for decryption; if the data is encrypted with the private key, only the corresponding public key can be used. Decrypt. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
- the basic process of asymmetric information exchange for asymmetric encryption is: Party A generates a pair of keys and exposes one of them as a public key to other parties; Party B, which obtains the public key, uses the key to perform confidential information.
- Party A After encryption, it will be sent to Party A; Party A will decrypt the encrypted information with another private key saved by Party A.
- Party A may use Party B's public key to encrypt the confidential information and then send it to Party B; Party B then uses its own private key to decrypt the encrypted information.
- the main algorithms are RSA, Elgamal, backpack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm).
- RSA An asymmetric key algorithm.
- the RSA public key encryption algorithm was in 1977 by Ron Rivest, Adi Shamirh Developed by Len Adleman (Massachusetts Institute of Technology, USA).
- the RSA is named after the name of the three of them.
- RSA It is currently the most influential public key encryption algorithm, it can resist all the password attacks known so far, and has been recommended by ISO as the public key data encryption standard.
- RSA The algorithm is based on a very simple theory of numbers: it is easy to multiply two large prime numbers.
- the RSA algorithm is the first algorithm that can be used for both encryption and digital signatures, and is easy to understand and operate.
- RSA It is the most widely studied public key algorithm. It has been tested by various attacks for more than 30 years from the present to the present, and it is gradually accepted as one of the best public key solutions.
- TDES Triple-DES DES is a symmetric encryption algorithm with a key of 8 bytes. TDES is based on DES The encryption algorithm whose key is 16 bytes or 24 bytes. TDES/3DES is the abbreviation of English TripleDES (ie triple data encryption standard), DES is English Data Encryption
- DES Acronym for Standard.
- DES It is a symmetric key encryption algorithm, that is, the encryption algorithm that the data encryption key is the same as the decryption key.
- DES by IBM in the 20th century 70 Developed and published in the era, subsequently adopted by the US government, and recognized by the US National Bureau of Standards and the American National Standards Institute (ANSI).
- TDES/3DES is a mode of DES encryption algorithm that uses 3 64 The bit key encrypts the data three times. Is a safer variant of DES.
- the device includes a KMS system 20, a POS terminal 10 communicatively coupled to the KMS system 20, and a hardware encryptor 30.
- the POS terminal 10 includes a TK generating module 101 and a decryption module 102;
- the KMS system 20 includes a public and private key generation module 201, a TK receiving module 202, and a TMK module 203;
- the public key generation module 201 is configured to invoke the hardware encryption machine 30 to generate the public key Pu and the private key Pr, and send the public key Pu to the PIN pad of the POS terminal 10;
- the TK generating module 202 is configured to call the cryptographic keyboard to randomly generate the transmission key TK, and use the public key Pu to encrypt the transmission key TK to generate the transmission key ciphertext Ctk_Pu, and then send the transmission key ciphertext Ctk_Pu to the KMS system 20;
- the TK receiving module is configured to, when receiving the transport key ciphertext Ctk_Pu, invoke the hardware encryptor 30 to decrypt the transport key ciphertext Ctk_Pu using the private key Pr to obtain the transport key TK;
- the TMK module 203 is used to invoke the hardware encryption machine 30 to generate the master key ciphertext Ctmk_tk using the transport key TK encryption terminal master key TMK, and then send the master key ciphertext to the POS terminal 10;
- the decryption module 102 is configured to invoke the cryptographic keyboard to decrypt the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
- the POS terminal 10 uploads the transmission key TK
- the KMS system 20 transmits the terminal master key TMK to the POS terminal 10 by using the TK, thereby realizing the POS terminal 10 remotely downloading the terminal master key TMK, which is large.
- the POS terminal 10 is convenient for downloading the terminal master key, and the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the maintenance center room of the KMS system 20 are eliminated.
- the TK is randomly generated by the POS terminal 10, and the TK is encrypted by the public key issued by the KMS system 20 and then uploaded to the KMS system 20 in the form of ciphertext. Only the KMS system 20 can perform TK ciphertext. Decompression, thus effectively guaranteeing the safe transmission of TK and TMK.
- the POS terminal 10 further includes a public key application module.
- the public key application module is configured to send a terminal serial number SN and a public key download request to the KMS system;
- the public private key generating module is configured to: after receiving the public key download request, invoke a hardware encryption machine to generate a public key Pu and private
- the key Pr sends the public key Pu to the PIN pad of the POS terminal corresponding to the terminal serial number SN.
- the POS terminal 10 When the POS terminal 10 needs to upload the TK, it first sends the POS terminal 10 main terminal serial number SN and the download public key request to the KMS system 20.
- the KMS system 20 can know whether the POS terminal 10 is ready by receiving the downloaded public key request.
- the TK is uploaded, so that the KMS system 20 can conveniently generate the corresponding public key according to the uploaded serial number SN and prepare for receiving the transmission key TK.
- the POS terminal 10 further includes a TMK receiving reply module
- the TMK receiving reply module is configured to, after the decryption module successfully stores the terminal master key TMK, replies to the KMS system 20 with information for successfully receiving the terminal master key TMK.
- the KMS system 20 can clearly know whether the transmitted master key TK is accepted by the POS terminal 10, and the KMS system 20 determines the sent primary key according to the reply information of the TMK receiving reply module. Whether the key TMK is valid or not, it is convenient for the KMS system 20 to perform further operations on the TMK, such as resending the TMK.
- the decryption module 102 further includes a TMK cutting storage module
- the TMK cutting memory module is used to cut the TMK and store the cut TMK separately in different key areas of the PIN pad.
- the decryption module 102 further includes a TR-31 packaging module
- the TR-31 packing module is used to package the TMK in the TR-31 format, and then packaged and stored in the cipher keyboard in cipher text.
- the TMK is stored in the key keyboard of the POS terminal in the form of ciphertext by the TMK cutting storage unit or by the TR-31 format packing unit, thereby further enhancing the security of the TMK in the POS terminal.
- FIG. 2 is a flowchart of a method for securely downloading a terminal master key TMK according to the present invention. The method includes the following steps:
- the KMS system calls the hardware encryption machine to generate the public key Pu and the private key Pr, and sends the public key Pu to the POS terminal PIN pad;
- the POS terminal invokes the cryptographic keyboard to randomly generate the transmission key TK, and uses the public key Pu to encrypt the transmission key TK to generate the transmission key ciphertext Ctk_Pu, and then transmits the transmission key ciphertext Ctk_Pu to the KMS system;
- KMS system calls the hardware encryption machine to use the private key Pr to decrypt the transmission key ciphertext Ctk_Pu to obtain the transmission key TK;
- the KMS system calls the hardware encryption machine encryption transmission key TK encryption terminal master key TMK generates the master key ciphertext Ctmk_tk, and then sends the master key ciphertext to the POS terminal;
- the POS terminal picks up the PIN pad and decrypts the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and stores the terminal master key TMK in the PIN pad.
- the POS terminal uploads the transmission key TK
- the KMS system uses the TK to encrypt the terminal master key TMK and then sends it to the POS terminal, thereby realizing the POS terminal remotely downloading the terminal master key TMK, which greatly facilitates the POS terminal.
- the terminal master key is downloaded, and the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the KMS system maintenance center room are eliminated.
- the TK is randomly generated by the POS terminal, and the TK is encrypted by the public key issued by the KMS system and then uploaded to the KMS system in the form of ciphertext. Only the KMS system can decompress the TK ciphertext, so Effective guarantee of secure transmission of TK and TMK.
- the POS terminal before the step S1, the POS terminal further includes the terminal serial number SN and the public key download request sent to the KMS system, where the step S1 is specifically: the KMS system is received after receiving the public key download request.
- the hardware encryption machine is called to generate the public key Pu and the private key Pr, and the public key Pu is sent to the PIN pad of the POS terminal corresponding to the terminal serial number SN.
- the POS terminal uploads the terminal serial number SN and the public key download request, and the download public key request received by the KMS system can know whether the POS terminal is ready to upload the TK, so that the KMS system can conveniently follow the uploaded serial number SN. Generate the corresponding public key and prepare to receive the transport key TK.
- the step S5 further includes the POS terminal successfully storing the terminal master key TMK and then replying to the KMS system to successfully receive the terminal master key TMK information.
- the POS terminal successfully returns the terminal master key TMK information, so that the KMS system can clearly know whether the sent master key TK is accepted by the POS terminal, and the KMS system determines to send according to the reply information of the TMK receiving reply module. Whether the outgoing master key TMK is valid is convenient for the KMS system to perform further operations on the TMK, such as resending the TMK.
- the “storing the terminal master key TMK in the PIN pad” in the step S5 is specifically that the POS terminal cuts the TMK and separately stores the cut TMK in different key areas of the PIN pad.
- step S5 "storing the terminal master key TMK in the PIN pad" Specifically, the POS terminal packages the TMK in the TR-31 format, and stores it in a cipher text in the cipher keyboard.
- the TMK stored in the POS terminal is cut and stored or packaged in the TR-31 format, and the TMK is stored in the cipher key of the POS terminal in the form of cipher text, thereby further strengthening.
- the original Chiha value of TK is calculated when the transmission key TK is generated, and the Chia value of TK is first checked each time the TK is stored, transmitted, or used, and TK can be used when the check is passed.
- TK By verifying the Chia value of TK, it is possible to prevent the storage device from being abnormal and causing the stored data to be incorrect, and to determine whether the key is correct.
- the method and system for securely downloading the terminal master key TMK of the present invention uploads the transmission key TK through the POS terminal, and the KMS system uses the TK to encrypt the terminal master key TMK and then sends it to the POS terminal, thereby realizing the POS.
- the terminal remotely downloads the terminal master key TMK, which greatly facilitates the POS terminal to download the terminal master key, and eliminates the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the KMS system maintenance center room.
- the master key TMK of the present invention is generated by the KMS system, thus facilitating subsequent maintenance and management of the master key TMK by the KMS system.
- the TK is randomly generated by the POS terminal, and the TK is encrypted by the public key issued by the KMS system and then uploaded to the KMS system in the form of ciphertext. Only the KMS system can decompress the TK ciphertext, so that the TK is effective. Guaranteed secure transmission of TK and TMK.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
Disclosed is a secure downloading method for a terminal master key (TMK), comprising the steps of: a KMS system generating a public key Pu and a private key Pr and sending the public key Pu to a POS terminal; the POS terminal randomly generating a transmission key (TK) and after using the public key Pu for encrypting the transmission key (TK), sending same to the KMS system; the KMS system using the TK for encrypting the terminal master key (TMK) for generating a master key ciphertext Ctmk_tk, and sending the master key ciphertext to the POS terminal; and the POS terminal invoking a cipher keyboard for using the transmission key (TK) for decrypting the master key ciphertext Ctmk_tk to obtain the terminal master key (TMK) and storing the terminal master key (TMK) in the cipher keyboard. The present invention has the advantage that: by uploading the transmission key (TK), after the TK is used for encrypting the terminal master key (TMK), the terminal master key (TMK) is sent to the corresponding POS terminal for realizing that the POS terminal remotely downloads the terminal master key (TMK), thereby greatly facilitating the download of the terminal master key (TMK) for the POS terminal.
Description
技术领域Technical field
本发明涉及电子支付领域,尤其涉及一种终端主密钥TMK安全下载方法及系统。The present invention relates to the field of electronic payment, and in particular, to a method and system for securely downloading a terminal master key TMK.
背景技术Background technique
银行卡(BANK Card)作为支付工具越来越普及,通常的银行卡支付系统包括销售点终端(Point Of
Sale,POS)、POS收单系统(POSP)、密码键盘(PIN PAD)和硬件加密机(Hardware and Security
Module,HSM)。其中POS终端能够接受银行卡信息,具有通讯功能,并接受柜员的指令完成金融交易信息和有关信息交换的设备;POS收单系统对POS终端进行集中管理,包括参数下载,密钥下载,接受、处理或转发POS终端的交易请求,并向POS终端回送交易结果信息,是集中管理和交易处理的系统;密码键盘(PIN
PAD)是对各种金融交易相关的密钥进行安全存储保护,以及对PIN进行加密保护的安全设备;硬件加密机(HSM)是对传输数据进行加密的外围硬件设备,用于PIN的加密和解密、验证报文和文件来源的正确性以及存储密钥。个人标识码(Personal
Identification
Number,PIN),即个人密码,是在联机交易中识别持卡人身份合法性的数据信息,在计算机和网络系统中任何环节都不允许以明文的方式出现;终端主密钥(Terminal
Master
Key,TMK),POS终端工作时,对工作密钥进行加密的主密钥,加密保存在系统数据库中;POS终端广泛应用于银行卡支付场合,比如厂商购物、酒店住宿等,是一种不可或缺的现代化支付手段,已经融入人们生活的各种场合。银行卡,特别是借记卡,一般都由持卡人设置了PIN,在进行支付过程中,POS终端除了上送银行卡的磁道信息等资料外,还要持卡人输入PIN供发卡银行验证持卡人的身份合法性,确保银行卡支付安全,保护持卡人的财产安全。为了防止PIN泄露或被破解,要求从终端到发卡银行整个信息交互过程中,全程对PIN进行安全加密保护,不允许在计算机网络系统的任何环节,PIN以明文的方式出现,因此目前接受输入PIN的POS终端都要求配备密钥管理体系。Bank card (BANK Card) is becoming more and more popular as a payment instrument. The usual bank card payment system includes a point of sale terminal (Point Of
Sale, POS), POS Acquiring System (POSP), PIN PAD and Hardware Encryption (Hardware and Security)
Module, HSM). The POS terminal can accept the bank card information, has the communication function, and accepts the instructions of the teller to complete the financial transaction information and the related information exchange device; the POS acquiring system performs centralized management on the POS terminal, including parameter downloading, key downloading, accepting, Processing or forwarding the transaction request of the POS terminal, and sending back the transaction result information to the POS terminal, which is a centralized management and transaction processing system; the password keyboard (PIN)
PAD) is a security device that securely stores keys related to various financial transactions and encrypts PINs. The hardware encryption machine (HSM) is a peripheral hardware device that encrypts transmitted data and is used for encryption of PINs. Decrypt, verify the correctness of the message and file source, and store the key. Personal identification number (Personal
Identification
Number, PIN), which is the personal information, is the data information identifying the legality of the cardholder's identity in online transactions. It is not allowed to appear in plain text in any part of the computer and network system; terminal master key (Terminal)
Master
Key, TMK), when the POS terminal works, the master key for encrypting the work key is encrypted and stored in the system database; the POS terminal is widely used in bank card payment occasions, such as vendor shopping, hotel accommodation, etc. The lack of modern means of payment has been integrated into the various situations of people's lives. Bank cards, especially debit cards, generally have a PIN set by the cardholder. In the process of payment, the POS terminal not only sends the track information of the bank card, but also the cardholder to input the PIN for the card issuing bank to verify. The legality of the cardholder’s identity ensures the security of the payment of the bank card and protects the property of the cardholder. In order to prevent the PIN from being leaked or cracked, it is required to securely encrypt the PIN from the terminal to the issuing bank during the entire information exchange process. It is not allowed to appear in the clear text in any part of the computer network system, so the input PIN is currently accepted. The POS terminal requires a key management system.
POS终端的密钥体系分成二级:终端主密钥(TMK)和工作密钥(WK)。其中TMK对WK进行加密保护。每台POS终端拥有唯一的TMK,必须要有安全保护,保证只能写入设备并参与计算,不能读取;TMK是一个很关键的根密钥,如果TMK被截取,工作密钥就比较容易被破解,将严重威胁银行卡支付安全。所以能否安全下载TMK到POS终端,成为整个POS终端安全性的关键。The key system of the POS terminal is divided into two levels: a terminal master key (TMK) and a work key (WK). TMK encrypts WK. Each POS terminal has a unique TMK, which must be secure, ensure that it can only be written to the device and participate in calculations, and cannot be read. TMK is a key root key. If TMK is intercepted, the work key is easier. Being cracked will seriously threaten the security of bank card payments. Therefore, whether the TMK can be safely downloaded to the POS terminal becomes the key to the security of the entire POS terminal.
为防范密钥泄露风险,终端主密钥的下载必须控制在管理中心的安全机房进行,通过人工集中下载终端主密钥。从而带来维护中心机房工作量大;设备出厂后需要运输到管理中心安全机房下载密钥才能部署到商户,运输成本上升;为了集中下装密钥,需要大量的人手和工作时间,维护成本大、维护周期长等问题。To prevent the risk of key leakage, the download of the terminal master key must be controlled in the security room of the management center to manually download the terminal master key. As a result, the maintenance center has a large workload; after the equipment leaves the factory, it needs to be transported to the security center of the management center to download the key to be deployed to the merchant, and the transportation cost increases; in order to concentrate the download of the key, a large amount of manpower and working time are required, and the maintenance cost is large. , long maintenance period and other issues.
发明内容Summary of the invention
为解决上述技术问题,本发明采用的一个技术方案是:In order to solve the above technical problem, a technical solution adopted by the present invention is:
一种终端主密钥TMK安全下载方法,包括步骤:S1、KMS系统调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端的密码键盘;S2、POS终端调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统;S3、KMS系统调用硬件加密机使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;S4、KMS系统调用硬件加密机加密传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端;S5、POS终端调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。A method for secure downloading a terminal master key TMK includes the steps of: S1, the KMS system calls a hardware encryption machine to generate a public key Pu and a private key Pr, and sends the public key Pu to a PIN terminal of the POS terminal; S2, the POS terminal invokes a PIN pad The transmission key TK is randomly generated, and the transmission key ciphertext Ctk_Pu is generated by using the public key Pu encryption transmission key TK, and then the transmission key ciphertext Ctk_Pu is sent to the KMS system; S3, the KMS system calls the hardware encryption machine to use the private key Pr Decrypt the transmission key ciphertext Ctk_Pu to obtain the transmission key TK; S4, KMS system calls the hardware encryption machine encryption transmission key TK encryption terminal master key TMK generates the master key ciphertext Ctmk_tk, and then sends the master key ciphertext to the POS Terminal; S5, the POS terminal invokes the PIN pad to decrypt the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
本发明的另一技术方案是:Another technical solution of the present invention is:
一种终端主密钥TMK安全下载系统终端主密钥TMK安全下载系统,包括KMS系统、与KMS系统通信连接的POS终端、以及硬件加密机,所述POS终端包括TK产生模块、解密模块;所述KMS系统包括公私钥产生模块、TK接收模块以及TMK模块;所述公私钥产生模块用于调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端的密码键盘;所述TK产生模块用于调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统;所述TK接收模块用于当接收到传输密钥密文Ctk_Pu时,调用硬件加密机使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;所述TMK模块用于调用硬件加密机使用传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端;所述解密模块用于调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。A terminal master key TMK secure download system terminal master key TMK secure download system, comprising a KMS system, a POS terminal communicatively coupled to the KMS system, and a hardware encryption machine, the POS terminal including a TK generation module and a decryption module; The KMS system includes a public-private key generation module, a TK receiving module, and a TMK module; the public-private key generation module is configured to invoke a hardware encryption machine to generate a public key Pu and a private key Pr, and send the public key Pu to a PIN terminal of the POS terminal; The TK generation module is configured to randomly generate a transmission key TK by calling a cryptographic keyboard, and generate a transmission key ciphertext Ctk_Pu by using the public key Pu to encrypt the transmission key TK, and then transmitting the transmission key ciphertext Ctk_Pu to the KMS system; The receiving module is configured to: when receiving the transmission key ciphertext Ctk_Pu, invoke the hardware encryption machine to decrypt the transmission key ciphertext Ctk_Pu using the private key Pr to obtain the transmission key TK; the TMK module is used to invoke the hardware encryption machine to use the transmission key The TK encryption terminal master key TMK generates a master key ciphertext Ctmk_tk, and then sends the master key ciphertext to the POS terminal; the decryption module is used to invoke the cryptographic keyboard to use the transport key TK Secret master key ciphertext obtained Ctmk_tk terminal master key TMK and the terminal master key TMK is stored in the password keyboard.
本发明的有益效果为:本发明通过POS终端随机产生并上传传输密钥TK,由TK加密终端主密钥TMK后进行下载,从而实现了POS终端远程下载终端主密钥TMK,免去了原有技术中终端主密钥TMK集中下载带来的运输成本和KMS系统维护中心机房的成本。The invention has the beneficial effects that the present invention randomly generates and uploads the transmission key TK through the POS terminal, and encrypts the terminal master key TMK by TK, thereby implementing the POS terminal remote download terminal master key TMK, thereby eliminating the original In the technology, the transportation cost brought by the centralized download of the terminal master key TMK and the cost of the KMS system maintenance center room.
附图说明DRAWINGS
图1为本发明实施方式一种终端主密钥TMK安全下载系统的结构框图;1 is a structural block diagram of a terminal master key TMK secure download system according to an embodiment of the present invention;
图2为本发明实施方式一种终端主密钥TMK安全下载方法的方法流程图。FIG. 2 is a flowchart of a method for securely downloading a terminal master key TMK according to an embodiment of the present invention.
主要标号说明:The main label description:
10:POS终端; 20:KMS系统; 101:TK产生模块; 102:解密模块10: POS terminal; 20: KMS system; 101: TK generation module; 102: decryption module
201:公私钥产生模块; 202:TK接收模块; 203:TMK模块;30:硬件加密机。201: public and private key generation module; 202: TK receiving module; 203: TMK module; 30: hardware encryption machine.
具体实施方式detailed description
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。The detailed description of the technical contents, structural features, and the objects and effects of the present invention will be described in detail below with reference to the accompanying drawings.
首先,对本发明涉及的缩略语和关键术语进行定义和说明:First, the abbreviations and key terms involved in the present invention are defined and explained:
AUK:Authentication Key
的简称,即认证密钥,用于PINPAD与密钥管理系统KMS之间的双向认证;AUK: Authentication Key
Abbreviation, the authentication key, used for mutual authentication between PINPAD and the key management system KMS;
CA中心:所谓CA(Certificate Authority)中心,它是采用PKI(Public Key
Infrastructure)公开密钥基础架构技术,专门提供网络身份认证服务,负责签发和管理数字证书,且具有权威性和公正性的第三方信任机构,它的作用就像我们现实生活中颁发证件的公司,如护照办理机构;CA Center: The so-called CA (Certificate Authority) Center, which uses PKI (Public Key)
Infrastructure) Public Key Infrastructure Technology, which provides network identity authentication services, is responsible for issuing and managing digital certificates, and is an authoritative and impartial third-party trust organization that acts like a company that issues documents in real life. Such as a passport processing agency;
HSM:High Security Machine的简称,高安全设备,在该系统中为硬件加密机;HSM: short for High Security Machine, high security device, which is a hardware encryption machine in this system;
KMS系统:Key Management System,密钥管理系统,用于管理终端主密钥TMK;KMS system: Key Management System, key management system for managing terminal master key TMK;
MAK:Mac Key的简称,即MAC计算密钥,
与客户协商确定24字节对称密钥,用于MTMS系统与KMS系统之间TK的MAC值计算;MAK: short for Mac Key, which is the MAC calculation key.
Negotiating with the customer to determine a 24-byte symmetric key for calculating the MAC value of the TK between the MTMS system and the KMS system;
MTMS:全称Material Tracking Management
System,物料追溯管理系统,主要在工厂生产时使用;MTMS: full name Material Tracking Management
System, material traceability management system, mainly used in factory production;
PIK:Pin Key的简称,即Pin加密密钥,是工作密钥的一种;PIK: short name of Pin Key, that is, Pin encryption key, which is a kind of work key;
PINPAD:密码键盘;PINPAD: password keyboard;
PK:Protect Key 的简称,即保护密钥,与客户协商确定,24字节对称密钥。用于MTMS/TCS
与KMS之间TK的加密传输;PK: Short for Protect Key, the protection key, negotiated with the customer to determine the 24-byte symmetric key. For MTMS/TCS
Encrypted transmission of TK with KMS;
POS:Point Of Sale 的简称,即销售终端POS: Short for Point Of Sale, which is the sales terminal
SNpinpad:密码键盘的序列号,PINPAD是内置时,和POS终端序列号SNpos一致; SNpinpad: the serial number of the PIN pad. When PINPAD is built-in, it is the same as the serial number SNpos of the POS terminal.
SN:支付终端的序列号; SN: the serial number of the payment terminal;
TEK:Transmission Encrypt
Key的简称,即传输加密密钥,24字节对称密钥,用于PINPAD与密钥管理系统KMS之间TMK的加密传输; TEK: Transmission Encrypt
The abbreviation of Key, that is, transmission encryption key, 24-byte symmetric key, used for encrypted transmission of TMK between PINPAD and key management system KMS;
TK:Transmission
Key的简称,即传输密钥。传输密钥是由传输加密密钥TEK和双向认证密钥AUK组成的; TK: Transmission
The abbreviation of Key, that is, the transmission key. The transport key is composed of a transport encryption key TEK and a mutual authentication key AUK;
TMS:Terminal Management System
的简称,即终端管理系统,用于完成支付终端信息管理、软件与参数配置、远程下载、终端运行状态信息收集管理、远程诊断等功能; TMS: Terminal Management System
Abbreviation, that is, terminal management system, used to complete payment terminal information management, software and parameter configuration, remote download, terminal operation status information collection management, remote diagnosis and other functions;
TMK:Terminal Master
Key的简称,即终端主密钥,用于支付终端和支付收单系统之间工作密钥的加密传输; TMK: Terminal Master
The abbreviation of Key, that is, the terminal master key, is used for encrypted transmission of the work key between the payment terminal and the payment acquiring system;
安全房:具有较高安全级别,用于存放服务器的房间,该房间需要身份认证后才能进去。Security room: A room with a high security level for storing servers. This room requires authentication before it can enter.
智能IC卡:为CPU卡,卡内的集成电路包括中央处理器CPU、可编程只读存储器EEPROM、随机存储器RAM和固化在只读存储器ROM中的卡内操作系统COS(Chip
Operating System),卡中数据分为外部读取和内部处理部分。Smart IC card: It is a CPU card. The integrated circuit in the card includes a central processing unit CPU, a programmable read-only memory EEPROM, a random access memory RAM, and an in-card operating system COS (Chip) which is solidified in a read-only memory ROM.
Operating System), the data in the card is divided into external reading and internal processing.
对称密钥:发送和接收数据的双方必须使用相同的密钥对明文进行加密和解密运算。对称密钥加密算法主要包括:DES、3DES、IDEA、FEAL、BLOWFISH等。Symmetric key: Both parties that send and receive data must use the same key to encrypt and decrypt the plaintext. Symmetric key encryption algorithms mainly include: DES, 3DES, IDEA, FEAL, BLOWFISH, and so on.
非对称密钥:非对称加密算法需要两个密钥:公开密钥(私钥Public key)和私有密钥(公钥Private
key)。公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密;如果用私有密钥对数据进行加密,那么只有用对应的公开密钥才能解密。因为加密和解密使用的是两个不同的密钥,所以这种算法叫作非对称加密算法。非对称加密算法实现机密信息交换的基本过程是:甲方生成一对密钥并将其中的一把作为公用密钥向其它方公开;得到该公用密钥的乙方使用该密钥对机密信息进行加密后再发送给甲方;甲方再用自己保存的另一把专用密钥对加密后的信息进行解密。甲方可以使用乙方的公钥对机密信息进行加密后再发送给乙方;乙方再用自己的私匙对加密后的信息进行解密。主要算法有RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)。Asymmetric Key: An asymmetric encryption algorithm requires two keys: a public key (Private key) and a private key (Public key)
Key). The public key and the private key are a pair. If the data is encrypted with the public key, only the corresponding private key can be used for decryption; if the data is encrypted with the private key, only the corresponding public key can be used. Decrypt. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. The basic process of asymmetric information exchange for asymmetric encryption is: Party A generates a pair of keys and exposes one of them as a public key to other parties; Party B, which obtains the public key, uses the key to perform confidential information. After encryption, it will be sent to Party A; Party A will decrypt the encrypted information with another private key saved by Party A. Party A may use Party B's public key to encrypt the confidential information and then send it to Party B; Party B then uses its own private key to decrypt the encrypted information. The main algorithms are RSA, Elgamal, backpack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm).
RSA:一种非对称密钥算法。RSA公钥加密算法是1977年由Ron Rivest、Adi Shamirh
和Len Adleman 在(美国麻省理工学院)开发的。RSA 取名来自开发他们三者的名字。RSA
是目前最有影响力的公钥加密算法,它能够抵抗到目前为止已知的所有密码攻击,已被 ISO 推荐为公钥数据加密标准。RSA
算法基于一个十分简单的数论事实:将两个大素数相乘十分容易。RSA 算法是第一个能同时用于加密和数字签名的算法,也易于理解和操作。RSA
是被研究得最广泛的公钥算法,从提出到现在的三十多年里,经历了各种攻击的考验,逐渐为人们接受,普遍认为是目前最优秀的公钥方案之一。RSA: An asymmetric key algorithm. The RSA public key encryption algorithm was in 1977 by Ron Rivest, Adi Shamirh
Developed by Len Adleman (Massachusetts Institute of Technology, USA). The RSA is named after the name of the three of them. RSA
It is currently the most influential public key encryption algorithm, it can resist all the password attacks known so far, and has been recommended by ISO as the public key data encryption standard. RSA
The algorithm is based on a very simple theory of numbers: it is easy to multiply two large prime numbers. The RSA algorithm is the first algorithm that can be used for both encryption and digital signatures, and is easy to understand and operate. RSA
It is the most widely studied public key algorithm. It has been tested by various attacks for more than 30 years from the present to the present, and it is gradually accepted as one of the best public key solutions.
TDES Triple-DES:DES是一种对称加密算法,密钥是8字节。TDES是基于DES
的加密算法,其密钥是16 字节或者24 字节。TDES/3DES 是英文TripleDES的缩语(即三重数据加密标准),DES 则是英文Data
EncryptionTDES Triple-DES: DES is a symmetric encryption algorithm with a key of 8 bytes. TDES is based on DES
The encryption algorithm whose key is 16 bytes or 24 bytes. TDES/3DES is the abbreviation of English TripleDES (ie triple data encryption standard), DES is English Data
Encryption
Standard(数加密标准)的缩语。DES
是一种对称密钥加密算法,即数据加密密钥与解密密钥相同的加密算法。DES 由IBM 公司在20 世纪70
年代开发并公开,随后为美国政府采用,并被美国国家标准局和美国国家标准协会 (ANSI)承认。TDES/3DES 是DES 加密算法的一种模式,它使用3条64
位的密钥对数据进行三次加密。是DES 的一个更安全的变形。Acronym for Standard. DES
It is a symmetric key encryption algorithm, that is, the encryption algorithm that the data encryption key is the same as the decryption key. DES by IBM in the 20th century 70
Developed and published in the era, subsequently adopted by the US government, and recognized by the US National Bureau of Standards and the American National Standards Institute (ANSI). TDES/3DES is a mode of DES encryption algorithm that uses 3 64
The bit key encrypts the data three times. Is a safer variant of DES.
请参阅图1,是本发明一种终端主密钥TMK安全下载系统的结构框图,该装置包括KMS系统20、与KMS系统20通信连接的POS终端10、以及硬件加密机30,1 is a structural block diagram of a terminal master key TMK secure download system according to the present invention. The device includes a KMS system 20, a POS terminal 10 communicatively coupled to the KMS system 20, and a hardware encryptor 30.
所述POS终端10包括TK产生模块101、解密模块102;The POS terminal 10 includes a TK generating module 101 and a decryption module 102;
所述KMS系统20包括公私钥产生模块201、TK接收模块202以及TMK模块203;The KMS system 20 includes a public and private key generation module 201, a TK receiving module 202, and a TMK module 203;
所述公私钥产生模块201用于调用硬件加密机30产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端10的密码键盘;The public key generation module 201 is configured to invoke the hardware encryption machine 30 to generate the public key Pu and the private key Pr, and send the public key Pu to the PIN pad of the POS terminal 10;
所述TK产生模块202用于调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统20;The TK generating module 202 is configured to call the cryptographic keyboard to randomly generate the transmission key TK, and use the public key Pu to encrypt the transmission key TK to generate the transmission key ciphertext Ctk_Pu, and then send the transmission key ciphertext Ctk_Pu to the KMS system 20;
所述TK接收模块用于当接收到传输密钥密文Ctk_Pu时,调用硬件加密机30使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;The TK receiving module is configured to, when receiving the transport key ciphertext Ctk_Pu, invoke the hardware encryptor 30 to decrypt the transport key ciphertext Ctk_Pu using the private key Pr to obtain the transport key TK;
所述TMK模块203用于调用硬件加密机30使用传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端10;The TMK module 203 is used to invoke the hardware encryption machine 30 to generate the master key ciphertext Ctmk_tk using the transport key TK encryption terminal master key TMK, and then send the master key ciphertext to the POS terminal 10;
所述解密模块102用于调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。The decryption module 102 is configured to invoke the cryptographic keyboard to decrypt the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.
在本实施方式中,通过POS终端10上传传输密钥TK,KMS系统20使用TK加密终端主密钥TMK后发送至POS终端10,从而实现了POS终端10远程下载终端主密钥TMK,大大的方便了POS终端10下载终端主密钥,同时免去了原有技术中终端主密钥TMK集中下载带来的运输成本和KMS系统20维护中心机房的成本。进一步的所述TK是由POS终端10随机产生的,并且所述TK是由KMS系统20下发的公钥加密后以密文的形式上传至KMS系统20,只有KMS系统20能够对TK密文进行解压,因此有效的保证的TK和TMK的安全传输。In the present embodiment, the POS terminal 10 uploads the transmission key TK, and the KMS system 20 transmits the terminal master key TMK to the POS terminal 10 by using the TK, thereby realizing the POS terminal 10 remotely downloading the terminal master key TMK, which is large. The POS terminal 10 is convenient for downloading the terminal master key, and the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the maintenance center room of the KMS system 20 are eliminated. Further, the TK is randomly generated by the POS terminal 10, and the TK is encrypted by the public key issued by the KMS system 20 and then uploaded to the KMS system 20 in the form of ciphertext. Only the KMS system 20 can perform TK ciphertext. Decompression, thus effectively guaranteeing the safe transmission of TK and TMK.
其中,所述POS终端10还包括公钥申请模块;The POS terminal 10 further includes a public key application module.
所述公钥申请模块用于将终端序列号SN和公钥下载请求发送至KMS系统;所述公私钥产生模块用于当接受到公钥下载请求后,调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至终端序列号SN对应的POS终端的密码键盘。The public key application module is configured to send a terminal serial number SN and a public key download request to the KMS system; the public private key generating module is configured to: after receiving the public key download request, invoke a hardware encryption machine to generate a public key Pu and private The key Pr sends the public key Pu to the PIN pad of the POS terminal corresponding to the terminal serial number SN.
POS终端10需要上传TK时先向KMS系统20发送该POS终端10主终端序列号SN和下载公钥请求,KMS系统20通过接收到的下载公钥请求可得知POS终端10是否已准备就绪可以上传TK,因此方便KMS系统20适时的根据上传的序列号SN产生相应的公钥以及做好接收传输密钥TK的准备。When the POS terminal 10 needs to upload the TK, it first sends the POS terminal 10 main terminal serial number SN and the download public key request to the KMS system 20. The KMS system 20 can know whether the POS terminal 10 is ready by receiving the downloaded public key request. The TK is uploaded, so that the KMS system 20 can conveniently generate the corresponding public key according to the uploaded serial number SN and prepare for receiving the transmission key TK.
其中,所述POS终端10还包括TMK接收回复模块;The POS terminal 10 further includes a TMK receiving reply module;
所述TMK接收回复模块用于当所述解密模块成功存储所述终端主密钥TMK后,向KMS系统20回复成功接收终端主密钥TMK的信息。The TMK receiving reply module is configured to, after the decryption module successfully stores the terminal master key TMK, replies to the KMS system 20 with information for successfully receiving the terminal master key TMK.
通过所述TMK接收回复模块,使KMS系统20能够清楚的得知发送出去的主密钥TK是否被POS终端10接受,KMS系统20根据所述TMK接收回复模块的回复信息判断发送出去的主密钥TMK是否有效,方便KMS系统20对进行TMK进一步操作,如重新发送TMK等。Through the TMK receiving reply module, the KMS system 20 can clearly know whether the transmitted master key TK is accepted by the POS terminal 10, and the KMS system 20 determines the sent primary key according to the reply information of the TMK receiving reply module. Whether the key TMK is valid or not, it is convenient for the KMS system 20 to perform further operations on the TMK, such as resending the TMK.
其中,所述解密模块102还包括TMK切割存储模块;The decryption module 102 further includes a TMK cutting storage module;
所述TMK切割存储模块用于将TMK进行切割并将切割后的TMK分开存储于密码键盘的不同密钥区。The TMK cutting memory module is used to cut the TMK and store the cut TMK separately in different key areas of the PIN pad.
其中,所述解密模块102还包括TR-31打包模块;The decryption module 102 further includes a TR-31 packaging module;
所述TR-31打包模块用于将TMK按TR-31格式进行打包,打包后以密文形式存储于密码键盘中。The TR-31 packing module is used to package the TMK in the TR-31 format, and then packaged and stored in the cipher keyboard in cipher text.
通过所述TMK切割存储单元或按TR-31格式打包单元使TMK以密文的形式存储于POS终端的密钥键盘中,从而进一步的加强了TMK在POS终端的安全性。The TMK is stored in the key keyboard of the POS terminal in the form of ciphertext by the TMK cutting storage unit or by the TR-31 format packing unit, thereby further enhancing the security of the TMK in the POS terminal.
如图2所示,为本发明一种终端主密钥TMK安全下载方法的方法流程图,该方法包括步骤:FIG. 2 is a flowchart of a method for securely downloading a terminal master key TMK according to the present invention. The method includes the following steps:
S1、KMS系统调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端密码键盘;S1, the KMS system calls the hardware encryption machine to generate the public key Pu and the private key Pr, and sends the public key Pu to the POS terminal PIN pad;
S2、POS终端调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统;S2, the POS terminal invokes the cryptographic keyboard to randomly generate the transmission key TK, and uses the public key Pu to encrypt the transmission key TK to generate the transmission key ciphertext Ctk_Pu, and then transmits the transmission key ciphertext Ctk_Pu to the KMS system;
S3、KMS系统调用硬件加密机使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;S3, KMS system calls the hardware encryption machine to use the private key Pr to decrypt the transmission key ciphertext Ctk_Pu to obtain the transmission key TK;
S4、KMS系统调用硬件加密机加密传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端;S4, the KMS system calls the hardware encryption machine encryption transmission key TK encryption terminal master key TMK generates the master key ciphertext Ctmk_tk, and then sends the master key ciphertext to the POS terminal;
S5、POS终端接调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。S5. The POS terminal picks up the PIN pad and decrypts the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and stores the terminal master key TMK in the PIN pad.
在本实施方式中,通过POS终端上传传输密钥TK,KMS系统使用TK加密终端主密钥TMK后发送至POS终端,从而实现了POS终端远程下载终端主密钥TMK,大大的方便了POS终端下载终端主密钥,同时免去了原有技术中终端主密钥TMK集中下载带来的运输成本和KMS系统维护中心机房的成本。进一步的所述TK是由POS终端随机产生的,并且所述TK是由KMS系统下发的公钥加密后以密文的形式上传至KMS系统,只有KMS系统能够对TK密文进行解压,因此有效的保证的TK和TMK的安全传输。In this embodiment, the POS terminal uploads the transmission key TK, and the KMS system uses the TK to encrypt the terminal master key TMK and then sends it to the POS terminal, thereby realizing the POS terminal remotely downloading the terminal master key TMK, which greatly facilitates the POS terminal. The terminal master key is downloaded, and the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the KMS system maintenance center room are eliminated. Further, the TK is randomly generated by the POS terminal, and the TK is encrypted by the public key issued by the KMS system and then uploaded to the KMS system in the form of ciphertext. Only the KMS system can decompress the TK ciphertext, so Effective guarantee of secure transmission of TK and TMK.
在本实施方式中,在所述步骤S1之前还包括POS终端将终端序列号SN和公钥下载请求发送至KMS系统,所述步骤S1具体为:当接收到所述公钥下载请求后KMS系统调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至终端序列号SN对应的POS终端的密码键盘。In this embodiment, before the step S1, the POS terminal further includes the terminal serial number SN and the public key download request sent to the KMS system, where the step S1 is specifically: the KMS system is received after receiving the public key download request. The hardware encryption machine is called to generate the public key Pu and the private key Pr, and the public key Pu is sent to the PIN pad of the POS terminal corresponding to the terminal serial number SN.
通过所述POS终端上传终端序列号SN和公钥下载请求,KMS系统接收到的下载公钥请求可得知POS终端是否已准备就绪可以上传TK,因此方便KMS系统适时的根据上传的序列号SN产生相应的公钥以及做好接收传输密钥TK的准备。The POS terminal uploads the terminal serial number SN and the public key download request, and the download public key request received by the KMS system can know whether the POS terminal is ready to upload the TK, so that the KMS system can conveniently follow the uploaded serial number SN. Generate the corresponding public key and prepare to receive the transport key TK.
在本实施方式中,所述步骤S5还包括POS终端成功存储所述终端主密钥TMK后向KMS系统回复成功接收终端主密钥TMK信息。In this embodiment, the step S5 further includes the POS terminal successfully storing the terminal master key TMK and then replying to the KMS system to successfully receive the terminal master key TMK information.
通过所述POS终端回复成功接收终端主密钥TMK信息,使KMS系统能够清楚的得知发送出去的主密钥TK是否被POS终端接受,KMS系统根据所述TMK接收回复模块的回复信息判断发送出去的主密钥TMK是否有效,方便KMS系统对进行TMK进一步操作,如重新发送TMK等。The POS terminal successfully returns the terminal master key TMK information, so that the KMS system can clearly know whether the sent master key TK is accepted by the POS terminal, and the KMS system determines to send according to the reply information of the TMK receiving reply module. Whether the outgoing master key TMK is valid is convenient for the KMS system to perform further operations on the TMK, such as resending the TMK.
在实施方式中,步骤S5中所述“将终端主密钥TMK存储在密码键盘中”具体为POS终端将TMK进行切割并将切割后的TMK分开存储于密码键盘的不同密钥区。In the embodiment, the “storing the terminal master key TMK in the PIN pad” in the step S5 is specifically that the POS terminal cuts the TMK and separately stores the cut TMK in different key areas of the PIN pad.
其中,步骤S5中所述“将终端主密钥TMK存储在密码键盘中”
具体为POS终端将TMK按TR-31格式进行打包,打包后以密文形式存储于密码键盘中。Wherein, in step S5, "storing the terminal master key TMK in the PIN pad"
Specifically, the POS terminal packages the TMK in the TR-31 format, and stores it in a cipher text in the cipher keyboard.
通过所述对POS终端存储的TMK进行切割存储或按TR-31格式打包后存储使TMK以密文的形式存储于POS终端的密钥键盘中,从而进一步的加强了The TMK stored in the POS terminal is cut and stored or packaged in the TR-31 format, and the TMK is stored in the cipher key of the POS terminal in the form of cipher text, thereby further strengthening.
TMK在POS终端的安全性。TMK security in POS terminals.
在本发明中,传输密钥TK产生时计算TK的原始希哈值,当每次存储、传输或使用TK时先校验TK的希哈值,当检验通过后才可以使用TK。通过校验TK的希哈值可以防止存储设备异常导致存储的数据错误,确定密钥是否正确。In the present invention, the original Chiha value of TK is calculated when the transmission key TK is generated, and the Chia value of TK is first checked each time the TK is stored, transmitted, or used, and TK can be used when the check is passed. By verifying the Chia value of TK, it is possible to prevent the storage device from being abnormal and causing the stored data to be incorrect, and to determine whether the key is correct.
综上所述,本发明的一种终端主密钥TMK安全下载方法及系统,通过POS终端上传传输密钥TK,KMS系统使用TK加密终端主密钥TMK后发送至POS终端,从而实现了POS终端远程下载终端主密钥TMK,大大的方便了POS终端下载终端主密钥,同时免去了原有技术中终端主密钥TMK集中下载带来的运输成本和KMS系统维护中心机房的成本。进一步地,本发明主密钥TMK是由KMS系统生成的,因此方便KMS系统对主密钥TMK的后续维护和管理。所述TK是由POS终端随机产生的,并且所述TK是由KMS系统下发的公钥加密后以密文的形式上传至KMS系统,只有KMS系统能够对TK密文进行解压,因此有效的保证的TK和TMK的安全传输。In summary, the method and system for securely downloading the terminal master key TMK of the present invention uploads the transmission key TK through the POS terminal, and the KMS system uses the TK to encrypt the terminal master key TMK and then sends it to the POS terminal, thereby realizing the POS. The terminal remotely downloads the terminal master key TMK, which greatly facilitates the POS terminal to download the terminal master key, and eliminates the transportation cost brought by the centralized download of the terminal master key TMK in the prior art and the cost of the KMS system maintenance center room. Further, the master key TMK of the present invention is generated by the KMS system, thus facilitating subsequent maintenance and management of the master key TMK by the KMS system. The TK is randomly generated by the POS terminal, and the TK is encrypted by the public key issued by the KMS system and then uploaded to the KMS system in the form of ciphertext. Only the KMS system can decompress the TK ciphertext, so that the TK is effective. Guaranteed secure transmission of TK and TMK.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.
Claims (1)
- 1、一种终端主密钥TMK安全下载方法,其特征在于,包括步骤:A method for securely downloading a terminal master key TMK, comprising the steps of:S1、KMS系统调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端的密码键盘;S1, the KMS system calls the hardware encryption machine to generate the public key Pu and the private key Pr, and sends the public key Pu to the PIN pad of the POS terminal;S2、POS终端调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统;S2, the POS terminal invokes the cryptographic keyboard to randomly generate the transmission key TK, and uses the public key Pu to encrypt the transmission key TK to generate the transmission key ciphertext Ctk_Pu, and then transmits the transmission key ciphertext Ctk_Pu to the KMS system;S3、KMS系统调用硬件加密机使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;S3, KMS system calls the hardware encryption machine to use the private key Pr to decrypt the transmission key ciphertext Ctk_Pu to obtain the transmission key TK;S4、KMS系统调用硬件加密机加密传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端;S4, the KMS system calls the hardware encryption machine encryption transmission key TK encryption terminal master key TMK generates the master key ciphertext Ctmk_tk, and then sends the master key ciphertext to the POS terminal;S5、POS终端接调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。S5. The POS terminal picks up the PIN pad and decrypts the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and stores the terminal master key TMK in the PIN pad.2、根据权利要求1所述的终端主密钥TMK安全下载方法,其特征在于,在所述步骤S1之前还包括POS终端将终端序列号SN和公钥下载请求发送至KMS系统,所述步骤S1具体为:当接收到所述公钥下载请求后KMS系统调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至终端序列号SN对应的POS终端的密码键盘。The terminal master key TMK secure downloading method according to claim 1, further comprising, before said step S1, the POS terminal transmitting the terminal serial number SN and the public key download request to the KMS system, the step S1 is specifically: after receiving the public key download request, the KMS system calls the hardware encryption machine to generate the public key Pu and the private key Pr, and sends the public key Pu to the PIN pad of the POS terminal corresponding to the terminal serial number SN.3、根据权利要求1所述的一种终端主密钥TMK安全下载方法,其特征在于,所述步骤S5还包括POS终端成功存储所述终端主密钥TMK后向KMS系统回复成功接收终端主密钥TMK的信息。The method for securely downloading the terminal master key TMK according to claim 1, wherein the step S5 further comprises: after the POS terminal successfully stores the terminal master key TMK, replies to the KMS system and successfully receives the terminal master. Key TMK information.4、根据权利要求1所述的一种终端主密钥TMK安全下载方法,其特征在于,步骤S5中所述“将终端主密钥TMK存储在密码键盘中”具体为POS终端将TMK进行切割并将切割后的TMK分开存储于密码键盘的不同密钥区。The method for securely downloading the terminal master key TMK according to claim 1, wherein the step of storing the terminal master key TMK in the PIN pad in step S5 is specifically that the POS terminal cuts the TMK. The cut TMK is stored separately in different key areas of the PIN pad.5、根据权利要求1所述的一种终端主密钥TMK安全下载方法,其特征在于,步骤S5中所述“将终端主密钥TMK存储在密码键盘中”具体为POS终端将TMK按TR-31格式进行打包,打包后以密文形式存储于密码键盘中。The method for securely downloading the terminal master key TMK according to claim 1, wherein in the step S5, the "storing the terminal master key TMK is stored in the PIN pad" is specifically that the POS terminal presses the TMK according to the TR. The -31 format is packaged, packaged and stored in cipher text in the cipher keyboard.6、一种终端主密钥TMK安全下载系统,其特征在于,包括KMS系统、与KMS系统通信连接的POS终端、以及硬件加密机;所述POS终端包括TK产生模块、解密模块,A terminal master key TMK security download system, comprising: a KMS system, a POS terminal communicatively coupled to the KMS system, and a hardware encryption machine; the POS terminal includes a TK generation module and a decryption module,所述KMS系统包括公私钥产生模块、TK接收模块以及TMK模块;The KMS system includes a public and private key generation module, a TK receiving module, and a TMK module;所述公私钥产生模块用于调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至POS终端的密码键盘;The public private key generating module is configured to invoke a hardware encryption machine to generate a public key Pu and a private key Pr, and send the public key Pu to a PIN pad of the POS terminal;所述TK产生模块用于调用密码键盘随机生成传输密钥TK,并使用公钥Pu加密传输密钥TK生成传输密钥密文Ctk_Pu,然后将传输密钥密文Ctk_Pu发送至KMS系统;The TK generating module is configured to randomly generate a transmission key TK by using a cryptographic keyboard, and use the public key Pu to encrypt the transmission key TK to generate a transmission key ciphertext Ctk_Pu, and then send the transmission key ciphertext Ctk_Pu to the KMS system;所述TK接收模块用于当接收到传输密钥密文Ctk_Pu时,调用硬件加密机使用私钥Pr解密传输密钥密文Ctk_Pu获得传输密钥TK;The TK receiving module is configured to, when receiving the transport key ciphertext Ctk_Pu, invoke the hardware encryptor to decrypt the transport key ciphertext Ctk_Pu using the private key Pr to obtain the transport key TK;所述TMK模块用于调用硬件加密机使用传输密钥TK加密终端主密钥TMK生成主密钥密文Ctmk_tk,然后将主密钥密文发送至POS终端;The TMK module is configured to invoke a hardware encryption machine to generate a master key ciphertext Ctmk_tk by using a transport key TK encryption terminal master key TMK, and then send the master key ciphertext to the POS terminal;所述解密模块用于调用密码键盘使用传输密钥TK解密主密钥密文Ctmk_tk获得终端主密钥TMK并将终端主密钥TMK存储在密码键盘中。The decryption module is configured to invoke the cryptographic keyboard to decrypt the master key ciphertext Ctmk_tk using the transport key TK to obtain the terminal master key TMK and store the terminal master key TMK in the PIN pad.7、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述POS终端还包括公钥申请模块;The terminal master key TMK security download system according to claim 6, wherein the POS terminal further comprises a public key application module;所述公钥申请模块用于将终端序列号SN和公钥下载请求发送至KMS系统;所述公私钥产生模块用于当接受到公钥下载请求后,调用硬件加密机产生公钥Pu和私钥Pr,将公钥Pu发送至终端序列号SN对应的POS终端的密码键盘。The public key application module is configured to send a terminal serial number SN and a public key download request to the KMS system; the public private key generating module is configured to: after receiving the public key download request, invoke a hardware encryption machine to generate a public key Pu and private The key Pr sends the public key Pu to the PIN pad of the POS terminal corresponding to the terminal serial number SN.8、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述POS终端还包括TMK接收回复模块;The terminal master key TMK security download system according to claim 6, wherein the POS terminal further comprises a TMK receiving reply module;所述TMK接收回复模块用于当所述解密模块成功存储所述终端主密钥TMK后,向KMS系统回复成功接收终端主密钥TMK的信息。The TMK receiving reply module is configured to, after the decryption module successfully stores the terminal master key TMK, reply the KMS system with the information of successfully receiving the terminal master key TMK.9、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述解密模块还包括TMK切割存储模块;The terminal master key TMK security download system according to claim 6, wherein the decryption module further comprises a TMK cutting storage module;所述TMK切割存储模块用于将TMK进行切割并将切割后的TMK分开存储于密码键盘的不同密钥区。The TMK cutting memory module is used to cut the TMK and store the cut TMK separately in different key areas of the PIN pad.10、根据权利要求6所述的终端主密钥TMK安全下载系统,其特征在于,所述解密模块还包括TR-31打包模块;10. The terminal master key TMK secure download system according to claim 6, wherein the decryption module further comprises a TR-31 packing module;所述TR-31打包模块用于将TMK按TR-31格式进行打包,打包后以密文形式存储于密码键盘中。The TR-31 packing module is used to package the TMK in the TR-31 format, and then packaged and stored in the cipher keyboard in cipher text.
Applications Claiming Priority (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310084671.6 | 2013-03-15 | ||
CN2013100846716A CN103220270A (en) | 2013-03-15 | 2013-03-15 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN201310084397.2 | 2013-03-15 | ||
CN2013100843972A CN103237004A (en) | 2013-03-15 | 2013-03-15 | Key download method, key management method, method, device and system for download management |
CN2013100846735A CN103220271A (en) | 2013-03-15 | 2013-03-15 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN201310084673.5 | 2013-03-15 | ||
CN201310084653.8 | 2013-03-15 | ||
CN2013100846538A CN103237005A (en) | 2013-03-15 | 2013-03-15 | Method and system for key management |
CN201310740188.9 | 2013-12-27 | ||
CN201310740188.9A CN103716153B (en) | 2013-03-15 | 2013-12-27 | Terminal master key TMK safety downloading method and systems |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014139411A1 true WO2014139411A1 (en) | 2014-09-18 |
Family
ID=50363015
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/073205 WO2014139403A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for securely downloading terminal master keys |
PCT/CN2014/073220 WO2014139408A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for securely downloading terminal master key (tmk) |
PCT/CN2014/073225 WO2014139412A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for secured download of terminal master key (tmk) |
PCT/CN2014/073215 WO2014139406A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for safely downloading terminal master key (tmr) |
PCT/CN2014/073224 WO2014139411A1 (en) | 2013-03-15 | 2014-03-11 | Secure downloading method and system for terminal master key (tmk) |
Family Applications Before (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/073205 WO2014139403A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for securely downloading terminal master keys |
PCT/CN2014/073220 WO2014139408A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for securely downloading terminal master key (tmk) |
PCT/CN2014/073225 WO2014139412A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for secured download of terminal master key (tmk) |
PCT/CN2014/073215 WO2014139406A1 (en) | 2013-03-15 | 2014-03-11 | Method and system for safely downloading terminal master key (tmr) |
Country Status (2)
Country | Link |
---|---|
CN (28) | CN103716153B (en) |
WO (5) | WO2014139403A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107094138A (en) * | 2017-04-11 | 2017-08-25 | 郑州信大捷安信息技术股份有限公司 | A kind of smart home safe communication system and communication means |
Families Citing this family (114)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103716153B (en) * | 2013-03-15 | 2017-08-01 | 福建联迪商用设备有限公司 | Terminal master key TMK safety downloading method and systems |
CN105281896B (en) * | 2014-07-17 | 2018-11-27 | 深圳华智融科技股份有限公司 | A kind of key POS machine Activiation method and system based on elliptic curve |
CN104270346B (en) * | 2014-09-12 | 2017-10-13 | 北京天行网安信息技术有限责任公司 | The methods, devices and systems of two-way authentication |
CN110458551A (en) * | 2014-11-07 | 2019-11-15 | 天地融科技股份有限公司 | Data interaction system |
CN104363090A (en) * | 2014-11-19 | 2015-02-18 | 成都卫士通信息产业股份有限公司 | Secret key distribution device and method for enhancing safety of banking terminal equipment |
CN105681263B (en) * | 2014-11-20 | 2019-02-12 | 广东华大互联网股份有限公司 | A kind of secrete key of smart card remote application method and application system |
CN104486323B (en) * | 2014-12-10 | 2017-10-31 | 福建联迪商用设备有限公司 | A kind of POS terminal controlled networking activation method and device safely |
CN104410641B (en) * | 2014-12-10 | 2017-12-08 | 福建联迪商用设备有限公司 | A kind of POS terminal controlled networking activation method and device safely |
US9485250B2 (en) * | 2015-01-30 | 2016-11-01 | Ncr Corporation | Authority trusted secure system component |
CN105989472A (en) * | 2015-03-06 | 2016-10-05 | 华立科技股份有限公司 | Wireless mobile configuration, wireless payment configuration and wireless payment configuration method of electric energy measurement system, and public commodity wireless payment configuration |
CN106204034B (en) * | 2015-04-29 | 2019-07-23 | 中国电信股份有限公司 | Using the mutual authentication method and system of interior payment |
CN105117665B (en) * | 2015-07-16 | 2017-10-31 | 福建联迪商用设备有限公司 | A kind of end product pattern and the method and system of development mode handoff-security |
CN105184121A (en) * | 2015-09-02 | 2015-12-23 | 上海繁易电子科技有限公司 | Hardware authorization system and method using remote server |
CN106559218A (en) * | 2015-09-29 | 2017-04-05 | 中国电力科学研究院 | A kind of safe acquisition method of intelligent substation continuous data |
CN105243542B (en) * | 2015-11-13 | 2021-07-02 | 咪付(广西)网络技术有限公司 | Dynamic electronic certificate authentication method |
CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
CN105530241B (en) * | 2015-12-07 | 2018-12-28 | 咪付(广西)网络技术有限公司 | The authentication method of mobile intelligent terminal and POS terminal |
CN105574722A (en) * | 2015-12-11 | 2016-05-11 | 福建新大陆支付技术有限公司 | Authorization IC card based remote online authorization method for payment terminal |
CN105930718A (en) * | 2015-12-29 | 2016-09-07 | 中国银联股份有限公司 | Method and apparatus for switching point-of-sale (POS) terminal modes |
CN105656669B (en) * | 2015-12-31 | 2019-01-01 | 福建联迪商用设备有限公司 | The remote repairing method of electronic equipment, is repaired equipment and system at equipment |
CN105681032B (en) * | 2016-01-08 | 2017-09-12 | 腾讯科技(深圳)有限公司 | Method for storing cipher key, key management method and device |
CN105743654A (en) * | 2016-02-02 | 2016-07-06 | 上海动联信息技术股份有限公司 | POS machine secret key remote downloading service system and secret key downloading method |
CN105790934B (en) * | 2016-03-04 | 2019-03-15 | 中国银联股份有限公司 | A kind of adaptive POS terminal configuration method configures power assignment method with it |
CN107294722A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of terminal identity authentication method, apparatus and system |
CN105978856B (en) * | 2016-04-18 | 2019-01-25 | 随行付支付有限公司 | A kind of POS machine key downloading method, apparatus and system |
CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
CN106097608B (en) * | 2016-06-06 | 2018-07-27 | 福建联迪商用设备有限公司 | Remote cipher key method for down loading and system, acquirer and target POS terminal |
CN106127461A (en) * | 2016-06-16 | 2016-11-16 | 中国银联股份有限公司 | Bi-directional verification method of mobile payment and system |
CN107563712A (en) * | 2016-06-30 | 2018-01-09 | 中兴通讯股份有限公司 | A kind of mobile terminal punch card method, device, equipment and system |
CN106027247A (en) * | 2016-07-29 | 2016-10-12 | 宁夏丝路通网络支付有限公司北京分公司 | Method for remotely issuing POS key |
CN106100854A (en) * | 2016-08-16 | 2016-11-09 | 黄朝 | The reverse authentication method of terminal unit based on authority's main body and system |
CN107800538B (en) * | 2016-09-01 | 2021-01-29 | 中电长城(长沙)信息技术有限公司 | Remote key distribution method for self-service equipment |
US11018860B2 (en) | 2016-10-28 | 2021-05-25 | Microsoft Technology Licensing, Llc | Highly available and reliable secret distribution infrastructure |
CN106571915A (en) * | 2016-11-15 | 2017-04-19 | 中国银联股份有限公司 | Terminal master key setting method and apparatus |
CN106603496B (en) * | 2016-11-18 | 2019-05-21 | 新智数字科技有限公司 | A kind of guard method, smart card, server and the communication system of data transmission |
CN106656488B (en) * | 2016-12-07 | 2020-04-03 | 百富计算机技术(深圳)有限公司 | Key downloading method and device for POS terminal |
CN106712939A (en) * | 2016-12-27 | 2017-05-24 | 百富计算机技术(深圳)有限公司 | Offline key transmission method and device |
US10432730B1 (en) | 2017-01-25 | 2019-10-01 | United States Of America As Represented By The Secretary Of The Air Force | Apparatus and method for bus protection |
CN106953731B (en) * | 2017-02-17 | 2020-05-12 | 福建魔方电子科技有限公司 | Authentication method and system for terminal administrator |
CN107466455B (en) * | 2017-03-15 | 2021-05-04 | 深圳大趋智能科技有限公司 | POS machine security verification method and device |
US10296477B2 (en) | 2017-03-30 | 2019-05-21 | United States of America as represented by the Secretary of the AirForce | Data bus logger |
CN106997533B (en) * | 2017-04-01 | 2020-10-13 | 福建实达电脑设备有限公司 | POS terminal product safety production authorization management system and method |
CN107070925A (en) * | 2017-04-18 | 2017-08-18 | 上海赛付网络科技有限公司 | A kind of terminal applies and the anti-tamper method of background service communication packet |
CN107104795B (en) * | 2017-04-25 | 2020-09-04 | 上海汇尔通信息技术有限公司 | Method, framework and system for injecting RSA key pair and certificate |
CN107301437A (en) * | 2017-05-31 | 2017-10-27 | 江苏普世祥光电技术有限公司 | A kind of control system of square landscape lamp |
CN107360652A (en) * | 2017-05-31 | 2017-11-17 | 江苏普世祥光电技术有限公司 | A kind of control method of square landscape lamp |
CN107358441B (en) * | 2017-06-26 | 2020-12-18 | 北京明华联盟科技有限公司 | Payment verification method and system, mobile device and security authentication device |
CN107637014B (en) * | 2017-08-02 | 2020-11-24 | 福建联迪商用设备有限公司 | Configurable POS machine key pair generation method and storage medium |
CN107666420B (en) * | 2017-08-30 | 2020-12-15 | 宁波梦居智能科技有限公司 | Method for production control and identity authentication of intelligent home gateway |
CN107392591B (en) * | 2017-08-31 | 2020-02-07 | 恒宝股份有限公司 | Online recharging method and system for industry card and Bluetooth read-write device |
CN107888379A (en) * | 2017-10-25 | 2018-04-06 | 百富计算机技术(深圳)有限公司 | A kind of method of secure connection, POS terminal and code keypad |
CN107995985B (en) * | 2017-10-27 | 2020-05-05 | 福建联迪商用设备有限公司 | Financial payment terminal activation method and system |
CN107835170B (en) * | 2017-11-04 | 2021-04-20 | 上海动联信息技术股份有限公司 | Intelligent Pos equipment safety authorization dismantling system and method |
CN107993062A (en) * | 2017-11-27 | 2018-05-04 | 百富计算机技术(深圳)有限公司 | POS terminal method of commerce, device, computer equipment and readable storage medium storing program for executing |
CN107944250B (en) * | 2017-11-28 | 2021-04-13 | 艾体威尔电子技术(北京)有限公司 | Key acquisition method applied to POS machine |
CN107919962B (en) * | 2017-12-22 | 2021-01-15 | 国民认证科技(北京)有限公司 | Internet of things equipment registration and authentication method |
CN108365950A (en) * | 2018-01-03 | 2018-08-03 | 深圳怡化电脑股份有限公司 | The generation method and device of financial self-service equipment key |
CN108390851B (en) * | 2018-01-05 | 2020-07-03 | 郑州信大捷安信息技术股份有限公司 | Safe remote control system and method for industrial equipment |
CN108235807B (en) * | 2018-01-15 | 2020-08-04 | 福建联迪商用设备有限公司 | Software encryption terminal, payment terminal, software package encryption and decryption method and system |
WO2019153119A1 (en) * | 2018-02-06 | 2019-08-15 | 福建联迪商用设备有限公司 | Method for transmitting key, receiving terminal and distribution terminal |
CN108446539B (en) * | 2018-03-16 | 2023-01-13 | 福建深空信息技术有限公司 | Software authorization method and software authorization file generation system |
CN108496194A (en) * | 2018-03-21 | 2018-09-04 | 福建联迪商用设备有限公司 | A kind of method, server-side and the system of verification terminal legality |
CN108496323B (en) * | 2018-03-21 | 2020-01-21 | 福建联迪商用设备有限公司 | Certificate importing method and terminal |
WO2019200530A1 (en) * | 2018-04-17 | 2019-10-24 | 福建联迪商用设备有限公司 | Remote distribution method and system for terminal master key |
CN108737106B (en) * | 2018-05-09 | 2021-06-01 | 深圳壹账通智能科技有限公司 | User authentication method and device on block chain system, terminal equipment and storage medium |
CN108833088A (en) * | 2018-05-22 | 2018-11-16 | 珠海爱付科技有限公司 | A kind of POS terminal Activiation method |
CN110581829A (en) * | 2018-06-08 | 2019-12-17 | 中国移动通信集团有限公司 | Communication method and device |
CN109218293B (en) * | 2018-08-21 | 2021-09-21 | 西安得安信息技术有限公司 | Use method of distributed password service platform key management |
CN109347625B (en) * | 2018-08-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Password operation method, work key creation method, password service platform and equipment |
CN109326061B (en) * | 2018-09-10 | 2021-10-26 | 惠尔丰(中国)信息系统有限公司 | Anti-cutting method of intelligent POS |
CN109274500B (en) * | 2018-10-15 | 2020-06-02 | 百富计算机技术(深圳)有限公司 | Secret key downloading method, client, password equipment and terminal equipment |
CN109274684B (en) * | 2018-10-31 | 2020-12-29 | 中国—东盟信息港股份有限公司 | Internet of things terminal system based on integration of eSIM communication and navigation service and implementation method thereof |
CN109547208B (en) * | 2018-11-16 | 2021-11-09 | 交通银行股份有限公司 | Online distribution method and system for master key of financial electronic equipment |
CN109670289B (en) * | 2018-11-20 | 2020-12-15 | 福建联迪商用设备有限公司 | Method and system for identifying legality of background server |
CN109508995A (en) * | 2018-12-12 | 2019-03-22 | 福建新大陆支付技术有限公司 | A kind of off line authorization method and payment terminal based on payment terminal |
CN109510711B (en) * | 2019-01-08 | 2022-04-01 | 深圳市网心科技有限公司 | Network communication method, server, client and system |
CN111627174A (en) * | 2019-02-28 | 2020-09-04 | 南京摩铂汇信息技术有限公司 | Bluetooth POS equipment and payment system |
CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
CN110011794B (en) * | 2019-04-11 | 2021-08-13 | 北京智芯微电子科技有限公司 | Cipher machine key attribute testing method |
CN110061848B (en) * | 2019-04-17 | 2021-09-14 | 飞天诚信科技股份有限公司 | Method for safely importing secret key of payment terminal, payment terminal and system |
CN110545542B (en) * | 2019-06-13 | 2023-03-14 | 银联商务股份有限公司 | Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment |
CN112532567A (en) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | Transaction encryption method and POSP system |
CN110855442A (en) * | 2019-10-10 | 2020-02-28 | 北京握奇智能科技有限公司 | PKI (public key infrastructure) technology-based inter-device certificate verification method |
CN111132154B (en) * | 2019-12-26 | 2022-10-21 | 飞天诚信科技股份有限公司 | Method and system for negotiating session key |
CN111193748B (en) * | 2020-01-06 | 2021-12-03 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
CN111275440B (en) * | 2020-01-19 | 2023-11-10 | 中钞科堡现金处理技术(北京)有限公司 | Remote key downloading method and system |
TWI775061B (en) * | 2020-03-30 | 2022-08-21 | 尚承科技股份有限公司 | Protection system and method for soft/firmware or data |
CN111597512B (en) * | 2020-03-31 | 2023-10-31 | 尚承科技股份有限公司 | Soft firmware or data protection system and protection method |
CN111526013B (en) * | 2020-04-17 | 2023-05-05 | 中国人民银行清算总中心 | Key distribution method and system |
CN111884804A (en) * | 2020-06-15 | 2020-11-03 | 上海祥承通讯技术有限公司 | Remote key management method |
CN111815811B (en) * | 2020-06-22 | 2022-09-06 | 合肥智辉空间科技有限责任公司 | Electronic lock safety coefficient |
CN111950999B (en) * | 2020-07-28 | 2024-06-04 | 银盛支付服务股份有限公司 | Method and system for realizing key filling safety based on IC card on POS machine |
CN111931206A (en) * | 2020-07-31 | 2020-11-13 | 银盛支付服务股份有限公司 | Data encryption method based on APP |
CN112134849B (en) * | 2020-08-28 | 2024-02-20 | 国电南瑞科技股份有限公司 | Dynamic trusted encryption communication method and system for intelligent substation |
CN112182599B (en) * | 2020-09-15 | 2024-06-11 | 中信银行股份有限公司 | Automatic loading method and device for master key, electronic equipment and readable storage medium |
CN112311528B (en) * | 2020-10-17 | 2023-06-23 | 深圳市德卡科技股份有限公司 | Data security transmission method based on cryptographic algorithm |
CN112291232B (en) * | 2020-10-27 | 2021-06-04 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
CN112332978B (en) * | 2020-11-10 | 2022-09-20 | 上海商米科技集团股份有限公司 | Remote key injection method based on key agreement |
CN112396416A (en) * | 2020-11-18 | 2021-02-23 | 上海商米科技集团股份有限公司 | Method for loading certificate of intelligent POS equipment |
CN112560058B (en) * | 2020-12-17 | 2022-12-30 | 山东华芯半导体有限公司 | SSD partition encryption storage system based on intelligent password key and implementation method thereof |
CN112968776B (en) * | 2021-02-02 | 2022-09-02 | 中钞科堡现金处理技术(北京)有限公司 | Method, storage medium and electronic device for remote key exchange |
CN113037494B (en) * | 2021-03-02 | 2023-05-23 | 福州汇思博信息技术有限公司 | Burning piece mirror image file signature method and terminal |
CN113450511A (en) * | 2021-03-25 | 2021-09-28 | 深圳怡化电脑科技有限公司 | Transaction method of acceptance terminal equipment and bank system and acceptance terminal equipment |
CN113132980B (en) * | 2021-04-02 | 2023-10-13 | 四川省计算机研究院 | Key management system method and device applied to Beidou navigation system |
CN113328851B (en) * | 2021-04-21 | 2022-01-14 | 北京连山科技股份有限公司 | Method and system for randomly transmitting secret key under multilink condition |
CN113708923A (en) * | 2021-07-29 | 2021-11-26 | 银盛支付服务股份有限公司 | Method and system for remotely downloading master key |
CN113645221A (en) * | 2021-08-06 | 2021-11-12 | 中国工商银行股份有限公司 | Encryption method, device, equipment, storage medium and computer program |
CN113810391A (en) * | 2021-09-01 | 2021-12-17 | 杭州视洞科技有限公司 | Cross-machine-room communication bidirectional authentication and encryption method |
CN113612612A (en) * | 2021-09-30 | 2021-11-05 | 阿里云计算有限公司 | Data encryption transmission method, system, equipment and storage medium |
CN114423003B (en) * | 2021-12-29 | 2024-01-30 | 中国航空工业集团公司西安飞机设计研究所 | Airplane key comprehensive management method and system |
CN114499891B (en) * | 2022-03-21 | 2024-05-31 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
CN114726521A (en) * | 2022-04-14 | 2022-07-08 | 广东好太太智能家居有限公司 | Intelligent lock temporary password generation method and electronic equipment |
CN117176339B (en) * | 2023-08-31 | 2024-06-18 | 深圳手付通科技有限公司 | Method and system for online updating of pos terminal equipment master key TMK |
CN116865966B (en) * | 2023-09-04 | 2023-12-05 | 中量科(南京)科技有限公司 | Encryption method, device and storage medium for generating working key based on quantum key |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
CN103729941A (en) * | 2013-03-15 | 2014-04-16 | 福建联迪商用设备有限公司 | Method and system for safe downloading of TMK |
Family Cites Families (62)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS57157371A (en) * | 1981-03-24 | 1982-09-28 | Sharp Corp | Electronic cash register |
JP2993833B2 (en) * | 1993-11-29 | 1999-12-27 | 富士通株式会社 | POS system |
JPH10112883A (en) * | 1996-10-07 | 1998-04-28 | Hitachi Ltd | Radio communication exchange system, exchange, public key management device, mobile terminal and mobile terminal recognizing method |
DE60014047T2 (en) * | 1999-03-22 | 2006-02-23 | Purac Biochem B.V. | PROCESS FOR PURIFYING MILKYLIC ACID ON INDUSTRIAL BASIS |
CN1127033C (en) * | 2000-07-20 | 2003-11-05 | 天津南开戈德集团有限公司 | Radio mobile network point of sale (POS) terminal system and operation method thereof |
US7110986B1 (en) * | 2001-04-23 | 2006-09-19 | Diebold, Incorporated | Automated banking machine system and method |
KR100641824B1 (en) * | 2001-04-25 | 2006-11-06 | 주식회사 하렉스인포텍 | A payment information input method and mobile commerce system using symmetric cipher system |
JP2002366285A (en) * | 2001-06-05 | 2002-12-20 | Matsushita Electric Ind Co Ltd | Pos terminal |
GB2384402B (en) * | 2002-01-17 | 2004-12-22 | Toshiba Res Europ Ltd | Data transmission links |
JP2003217028A (en) * | 2002-01-24 | 2003-07-31 | Tonfuu:Kk | Operation situation monitoring system for pos terminal device |
US7395427B2 (en) * | 2003-01-10 | 2008-07-01 | Walker Jesse R | Authenticated key exchange based on pairwise master key |
JP2005117511A (en) * | 2003-10-10 | 2005-04-28 | Nec Corp | Quantum cipher communication system and quantum cipher key distributing method used therefor |
KR101282972B1 (en) * | 2004-03-22 | 2013-07-08 | 삼성전자주식회사 | Authentication between a device and a portable storage |
US20060093149A1 (en) * | 2004-10-30 | 2006-05-04 | Shera International Ltd. | Certified deployment of applications on terminals |
DE102005022019A1 (en) * | 2005-05-12 | 2007-02-01 | Giesecke & Devrient Gmbh | Secure processing of data |
KR100652125B1 (en) * | 2005-06-03 | 2006-12-01 | 삼성전자주식회사 | Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof |
CN100583743C (en) * | 2005-07-22 | 2010-01-20 | 华为技术有限公司 | Distributing method for transmission key |
BRPI0708201A2 (en) * | 2006-02-22 | 2012-01-17 | Hypercom Corp | method for processing transactions electronically |
JP2007241351A (en) * | 2006-03-06 | 2007-09-20 | Cela System:Kk | Customer/commodity integrated management system by customer/commodity/purchase management system (including pos) and mobile terminal |
EP1833009B1 (en) * | 2006-03-09 | 2019-05-08 | First Data Corporation | Secure transaction computer network |
US7818264B2 (en) * | 2006-06-19 | 2010-10-19 | Visa U.S.A. Inc. | Track data encryption |
CN101064695A (en) * | 2007-05-16 | 2007-10-31 | 杭州看吧科技有限公司 | P2P(Peer to Peer) safe connection method |
CN101145913B (en) * | 2007-10-25 | 2010-06-16 | 东软集团股份有限公司 | A method and system for network security communication |
WO2009070041A2 (en) * | 2007-11-30 | 2009-06-04 | Electronic Transaction Services Limited | Payment system and method of operation |
CN101541002A (en) * | 2008-03-21 | 2009-09-23 | 展讯通信(上海)有限公司 | Web server-based method for downloading software license of mobile terminal |
CN101615322B (en) * | 2008-06-25 | 2012-09-05 | 上海富友金融网络技术有限公司 | Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function |
JP4666240B2 (en) * | 2008-07-14 | 2011-04-06 | ソニー株式会社 | Information processing apparatus, information processing method, program, and information processing system |
CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
KR20100052668A (en) * | 2008-11-11 | 2010-05-20 | 노틸러스효성 주식회사 | Method for on-line sharing of tmk(terminal master key) between atm and host |
JP5329184B2 (en) * | 2008-11-12 | 2013-10-30 | 株式会社日立製作所 | Public key certificate verification method and verification server |
CN101425208B (en) * | 2008-12-05 | 2010-11-10 | 浪潮齐鲁软件产业有限公司 | Method for safely downloading cipher key of finance tax-controlling cashing machine |
CN101527714B (en) * | 2008-12-31 | 2012-09-05 | 飞天诚信科技股份有限公司 | Method, device and system for accreditation |
CN101719895A (en) * | 2009-06-26 | 2010-06-02 | 中兴通讯股份有限公司 | Data processing method and system for realizing secure communication of network |
CN101593389B (en) * | 2009-07-01 | 2012-04-18 | 中国建设银行股份有限公司 | Key management method and key management system for POS terminal |
CN101631305B (en) * | 2009-07-28 | 2011-12-07 | 交通银行股份有限公司 | Encryption method and system |
CN101656007B (en) * | 2009-08-14 | 2011-02-16 | 通联支付网络服务股份有限公司 | Safe system realizing one machine with multiple ciphers on POS machine and method thereof |
CN102064939B (en) * | 2009-11-13 | 2013-06-12 | 福建联迪商用设备有限公司 | Method for authenticating point of sail (POS) file and method for maintaining authentication certificate |
CN101710436B (en) * | 2009-12-01 | 2011-12-14 | 中国建设银行股份有限公司 | Method and system for controlling POS terminal and POS terminal management equipment |
CN101807994B (en) * | 2009-12-18 | 2012-07-25 | 北京握奇数据系统有限公司 | Method and system for application data transmission of IC card |
CN102148799B (en) * | 2010-02-05 | 2014-10-22 | 中国银联股份有限公司 | Key downloading method and system |
CN201656997U (en) * | 2010-04-28 | 2010-11-24 | 中国工商银行股份有限公司 | Device for generating transmission key |
CN101807997B (en) * | 2010-04-28 | 2012-08-22 | 中国工商银行股份有限公司 | Device and method for generating transmission key |
CN102262760A (en) * | 2010-05-28 | 2011-11-30 | 杨筑平 | Transaction secrecy method, acceptance apparatus and submission software |
WO2012021662A2 (en) * | 2010-08-10 | 2012-02-16 | General Instrument Corporation | System and method for cognizant transport layer security (ctls) |
CN101938520B (en) * | 2010-09-07 | 2015-01-28 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
CN101976403A (en) * | 2010-10-29 | 2011-02-16 | 北京拉卡拉网络技术有限公司 | Phone number payment platform, payment trading system and method thereof |
CN102013982B (en) * | 2010-12-01 | 2012-07-25 | 银联商务有限公司 | Long-distance encryption method, management method, as well as encryption management method, device and system |
CN102903189A (en) * | 2011-07-25 | 2013-01-30 | 上海昂贝电子科技有限公司 | Terminal transaction method and device |
CN102521935B (en) * | 2011-12-15 | 2013-12-11 | 福建联迪商用设备有限公司 | Method and apparatus for state detection of POS machine |
CN102592369A (en) * | 2012-01-14 | 2012-07-18 | 福建联迪商用设备有限公司 | Method for self-service terminal access to financial transaction center |
CN102624711B (en) * | 2012-02-27 | 2015-06-03 | 福建联迪商用设备有限公司 | Sensitive information transmission method and sensitive information transmission system |
CN102624710B (en) * | 2012-02-27 | 2015-03-11 | 福建联迪商用设备有限公司 | Sensitive information transmission method and sensitive information transmission system |
CN102647274B (en) * | 2012-04-12 | 2014-10-08 | 福建联迪商用设备有限公司 | POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof |
CN102707972B (en) * | 2012-05-02 | 2016-03-09 | 银联商务有限公司 | A kind of POS terminal method for updating program and system |
CN102768744B (en) * | 2012-05-11 | 2016-03-16 | 福建联迪商用设备有限公司 | A kind of remote safe payment method and system |
CN102868521B (en) * | 2012-09-12 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method for enhancing secret key transmission of symmetrical secret key system |
CN103116505B (en) * | 2012-11-16 | 2016-05-25 | 福建联迪商用设备有限公司 | A kind of method that Auto-matching is downloaded |
CN103117855B (en) * | 2012-12-19 | 2016-07-06 | 福建联迪商用设备有限公司 | A kind of method of the method generating digital certificate and backup and recovery private key |
CN103220271A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN103237004A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Key download method, key management method, method, device and system for download management |
CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN103269266B (en) * | 2013-04-27 | 2016-07-06 | 北京宏基恒信科技有限责任公司 | The safety certifying method of dynamic password and system |
-
2013
- 2013-12-27 CN CN201310740188.9A patent/CN103716153B/en active Active
- 2013-12-27 CN CN201310741948.8A patent/CN103714639B/en active Active
- 2013-12-27 CN CN201310740540.9A patent/CN103716154B/en active Active
- 2013-12-27 CN CN201310740226.0A patent/CN103714634B/en active Active
- 2013-12-27 CN CN201310740100.3A patent/CN103714633B/en active Active
- 2013-12-27 CN CN201310741949.2A patent/CN103731260B/en active Active
- 2013-12-27 CN CN201310742648.1A patent/CN103716155B/en active Active
- 2013-12-27 CN CN201310740537.7A patent/CN103746800B/en active Active
- 2013-12-27 CN CN201310742686.7A patent/CN103745351B/en active Active
- 2013-12-27 CN CN201310740308.5A patent/CN103729941B/en active Active
- 2013-12-27 CN CN201310740360.0A patent/CN103714636B/en active Active
- 2013-12-27 CN CN201310740285.8A patent/CN103729940B/en active Active
- 2013-12-27 CN CN201310740231.1A patent/CN103714635B/en active Active
- 2013-12-27 CN CN201310742661.7A patent/CN103716167B/en active Active
- 2013-12-27 CN CN201310740244.9A patent/CN103701609B/en active Active
- 2013-12-27 CN CN201310740158.8A patent/CN103716320B/en active Active
- 2013-12-27 CN CN201310740410.5A patent/CN103729942B/en active Active
- 2013-12-27 CN CN201310740264.6A patent/CN103701812B/en active Active
- 2013-12-27 CN CN201310740642.0A patent/CN103731259B/en active Active
- 2013-12-27 CN CN201310742713.0A patent/CN103701610B/en active Active
- 2013-12-27 CN CN201310742886.2A patent/CN103716321B/en active Active
- 2013-12-27 CN CN201310742991.6A patent/CN103714641B/en active Active
- 2013-12-27 CN CN201310740574.8A patent/CN103729945B/en active Active
- 2013-12-27 CN CN201310740430.2A patent/CN103729943B/en active Active
- 2013-12-27 CN CN201310740567.8A patent/CN103729944B/en active Active
- 2013-12-27 CN CN201310742681.4A patent/CN103714640B/en active Active
- 2013-12-27 CN CN201310740380.8A patent/CN103714637B/en active Active
- 2013-12-27 CN CN201310740644.XA patent/CN103714638B/en active Active
-
2014
- 2014-03-11 WO PCT/CN2014/073205 patent/WO2014139403A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073220 patent/WO2014139408A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073225 patent/WO2014139412A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073215 patent/WO2014139406A1/en active Application Filing
- 2014-03-11 WO PCT/CN2014/073224 patent/WO2014139411A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
CN103729941A (en) * | 2013-03-15 | 2014-04-16 | 福建联迪商用设备有限公司 | Method and system for safe downloading of TMK |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107094138A (en) * | 2017-04-11 | 2017-08-25 | 郑州信大捷安信息技术股份有限公司 | A kind of smart home safe communication system and communication means |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014139411A1 (en) | Secure downloading method and system for terminal master key (tmk) | |
WO2014139341A1 (en) | Key management method and system | |
WO2014139343A1 (en) | Key downloading method, management method, downloading management method, apparatus and system | |
WO2014139344A1 (en) | Key download method, management method, download management method and device, and system | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
US10089627B2 (en) | Cryptographic authentication and identification method using real-time encryption | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
SG177349A1 (en) | Method for safely and automatically downloading terminal master key in bank card payment system and the system thereof | |
CN108959962B (en) | API (application programming interface) secure calling method of dynamic library | |
CN111507712B (en) | User privacy data management method, system and terminal based on block chain | |
CN108323231B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
EP4142214A1 (en) | Method for securely provisioning a device incorporating an integrated circuit without using a secure environment | |
JP2006185179A (en) | Public key authentication method and system | |
CN116405304A (en) | Communication encryption method, system, terminal and storage medium | |
CN117521110A (en) | API calling method of static link library |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14763187 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14763187 Country of ref document: EP Kind code of ref document: A1 |