WO2017166113A1 - Système de gestion de clé - Google Patents

Système de gestion de clé Download PDF

Info

Publication number
WO2017166113A1
WO2017166113A1 PCT/CN2016/077837 CN2016077837W WO2017166113A1 WO 2017166113 A1 WO2017166113 A1 WO 2017166113A1 CN 2016077837 W CN2016077837 W CN 2016077837W WO 2017166113 A1 WO2017166113 A1 WO 2017166113A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
card
management
kms
client
Prior art date
Application number
PCT/CN2016/077837
Other languages
English (en)
Chinese (zh)
Inventor
李昕光
Original Assignee
李昕光
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李昕光 filed Critical 李昕光
Priority to PCT/CN2016/077837 priority Critical patent/WO2017166113A1/fr
Publication of WO2017166113A1 publication Critical patent/WO2017166113A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to the field of key management, and in particular, to a key management system.
  • a multi-level key management system is implemented for a unified root key.
  • the three-level key management system is a symmetric 3DES algorithm using double-length keys, which defines a national unified consumption root key, and then is dispersed according to different organization codes and area codes, and is divided into two levels to form a third level. Key system.
  • the financial IC card is an IC card that implements the financial function of the bank card by using a smart card chip.
  • the domestic financial IC card complies with the PBOC standard.
  • the extensive use of financial IC cards will greatly improve the security of bank card payments, reduce fraud, and provide a basis for multi-functional application of bank cards.
  • the financial IC card is a high-security and multi-purpose bank card. It can be used not only as a financial card, but also can load many industry applications to form multi-purpose bank films, such as financial social security cards, citizen cards, financial consumer cards, etc.
  • the financial IC card issuance system mainly consists of a financial IC card root CA, a key management system, a data preparation system and a personalization system.
  • the completion of the card issuance system will greatly improve the efficiency and speed of the bank issuing financial IC cards, and is a bank card business. provide assurance.
  • the national bank IC card key management rules are specially formulated.
  • the embodiment of the present invention provides a key tube. Management system.
  • the technical solution is as follows:
  • a key management system comprising: a KMS server, including one or more:
  • a KMS server for installing software and performing the functions of the software, and accessing the KMS server through a client interface software or an API of the software;
  • a cipher machine for performing various security algorithm operations and saving all or part of the keys
  • the cryptographic management terminal is connected to the cipher machine through one or more serial ports to implement management of the cipher machine, including but not limited to configuring the cipher machine and the management key;
  • the cipher card management card is used to authenticate the operation authority when managing the cipher machine
  • the cipher key card is used to back up the key stored in the cipher machine, and can also be used to restore the key backed up in the cipher key card to the cipher machine;
  • KMS client including one or more:
  • the KMS client is used to install interface software, and the user can perform system management and key management operations through the interface of the client;
  • An IC card for storing a user authentication key for performing identity authentication when logging in to the key management system
  • the key management system can support multi-level key distribution and key two-level management
  • system further comprises:
  • the data preparation system is configured to collect the information required for issuing the IC card when the IC card is issued, and provide all the information issued by the IC card to the personalized system, and the card is issued by the personalized system;
  • An interaction center including but not limited to an organization through which information must be exchanged between systems;
  • Terminals including but not limited to devices that use a magnetic stripe card or an IC card for transactions;
  • Counters including but not limited to counters at bank outlets.
  • system further includes:
  • the KMS server also includes one or more:
  • Printers including but not limited to dot matrix printers, for printing key envelopes;
  • a key envelope ie, a digital envelope, for storing the encrypted content and the encrypted key for encrypting the content
  • the KMS client also includes one or more:
  • the user card that is, the IC card held by the individual user, is used to save the key written by the client through the card reader when the card is issued, and supports the terminal device of the IC card to perform the transaction;
  • PSAM card for storing various keys used in transactions
  • Terminal security module for handling terminal security, including but not limited to saving client keys and security algorithm operations;
  • a key transmission medium for storing a key during key transmission
  • a PIN pad for the user to enter a password and the key stored in the PIN pad is used to encrypt the password entered by the user.
  • a key management method comprising:
  • N is a natural number greater than 1;
  • the manufacturer transfer card and the M supervisor leadership card are saved in the first-level management center, and M is a natural number greater than 3;
  • the secondary management center issues the card issuing mother card by using the branch master key card and the main transmission card delivered by the first-level management center, or importing the partial master key into the encryption of the secondary management center In the machine.
  • the partial application file key of the electronic cash card is replaced with the file key of the industry
  • the file key of the industry is decentralized by the master key or the partial master key.
  • the application file key of the electronic cash card when the partial application file key of the electronic cash card is replaced with the file key of the industry, the application file key of the electronic cash card may also be retained. .
  • the M is equal to four.
  • the first-level management center may be a national key management center.
  • the secondary management center may be the one A financial IC card key management center established by a subordinate organization authorized by the level management center.
  • the secondary management center may be a pilot city or a commercial bank key management center, or a card issuing bank key management center.
  • the invention realizes the multi-level key dispersion of the software under the primary key distribution system, realizes the key replacement of the electronic cash industry, reduces the purchase cost, and achieves higher scalability.
  • FIG. 1 is a schematic structural view of an implementation environment involved in various embodiments of the present invention.
  • FIG. 2 is a flowchart of a method for a key management method according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a key management system according to another embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a KMS server according to another embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a KMS client according to another embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a data processing module according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a server according to another embodiment of the present invention.
  • FIG. 1 is a schematic structural diagram of an implementation environment involved in various embodiments of the present invention.
  • the key management system consists of software and hardware components.
  • the software part mainly implements key production, distribution, key import, key download, and key storage.
  • the hardware part mainly implements key calculation, key backup, key transaction, business transaction, and the like.
  • the key system supports multiple levels of key scatter and key management.
  • Multi-level key dispersion refers to the time of card issuance
  • the key written to the user card may be a subkey after each master key is dispersed multiple times.
  • the multi-level decentralized key system can ensure that the keys between different decentralized areas are independent of each other and can be mutually common; and the two-level management of the keys refers to the management at the headquarters level and the management at the branch level.
  • Headquarters level management can be managed by the operating company.
  • the headquarters is responsible for the maintenance of the factory transfer card and the four supervisor leadership cards.
  • the master key card and the master transport card of the system are generated by the supervisor leader card, and the master key is imported into the encryptor.
  • the branch-level management is managed and operated by the financial IC card key management center set up by the subordinate organization authorized by the operating company headquarters.
  • the branch-level key management is performed by using the branch master key card and the main transport card issued by the headquarters to issue various card-issuing cards required for the branch or directly into the encryption machine of the branch.
  • the bank first provides an electronic cash card, and the bank provides the authority to replace some of the application file keys with the industry's file key, which is obtained by the operator's self-built key. Therefore, the electronic cash card that has been replaced by the industry key can be used in the application scope of the city level; while retaining the previous file, the electronic cash card can also be applied to the original scene.
  • the key management system is a software system that manages various keys in the business system from the perspective of key usage.
  • the key algorithm operations and operations are implemented by hardware cryptographic devices.
  • the key function of the key management system is to provide key management and service functions for the business system, which can be widely applied to related electronic payment such as mobile payment, telecommunications, banking, social security, and public transportation.
  • the key system adopts configuration management to meet the multi-application multi-service key management requirements of users.
  • the key system construction strictly implements the idea that “secret lies in the key” and has high security and advanced nature. In terms of safety management, it has perfect personnel certification, security control, operation and maintenance monitoring and auditing mechanism. In terms of application functions, it supports EMV/PBOC2.0 standard bank credit/debit card, e-wallet, etc. Key management and service requirements in key generation, transmission, card issuance, key update, etc., can be used as independent The key management center can also be used to connect with business systems such as data preparation systems and card issuance systems to support related key management services.
  • the present invention realizes multi-level key distribution of software under the primary key distribution system, realizes key replacement in the electronic cash industry, reduces purchase cost, and achieves higher scalability.
  • FIG. 2 is a flowchart of a method for a key management method according to an embodiment of the present invention. This embodiment is exemplified by applying the key management method to the implementation environment shown in FIG. 1.
  • the method can include:
  • the subkey obtained by dispersing the master key N times is used as the key of the user card, and is written at the time of card issuance.
  • N is a natural number greater than 1; or
  • step 201 the manufacturer transmission card and the M supervisor leadership card are saved in the first-level management center, and M is a natural number greater than 3.
  • the first-level management center may be a national key management center
  • the M is equal to 4.
  • Step 202 Generate a master key card and a master transport card by using the supervisor leader card, and import the master key into the encryption machine of the first-level management center;
  • Step 203 The secondary management center issues a card issuing mother card by using the branch master key card and the main transmission card delivered by the first-level management center, or importing the branch master key into the second-level management. Central encryption machine.
  • the partial application file key of the electronic cash card is replaced with the file key of the industry, and the file key of the industry is used by the master key Or the branch master key is decentralized.
  • the application file key of the electronic cash card may also be retained.
  • the secondary management center may be a financial IC card key management center established by a lower-level organization authorized by the first-level management center.
  • the secondary management center may be a pilot city or a commercial bank key management center, or a card issuing bank key management center.
  • the present invention realizes multi-level key distribution of software under the primary key distribution system, realizes key replacement in the electronic cash industry, reduces purchase cost, and achieves higher scalability.
  • FIG. 3 is a schematic structural diagram of a key management system according to another embodiment of the present invention. This embodiment is exemplified by applying the method to the implementation environment shown in FIG. 1.
  • the system includes a KMS server 201 and a KMS client 202.
  • FIG. 4 is a schematic structural diagram of a KMS server according to another embodiment of the present invention. This embodiment is exemplified by applying the method to the implementation environment shown in FIG. 1.
  • the KMS server 201 includes:
  • a KMS server 1011 configured to install software and perform functions of the software, and access the KMS server through a client interface software or an API of the software;
  • the cryptographic machine 1012 is configured to perform various security algorithm operations and save all or part of the keys;
  • the cryptographic management terminal 1013 is connected to the cipher machine through one or more serial ports to implement management of the cipher machine, including but not limited to configuring the cipher machine and the management key;
  • the cryptographic management card 1014 is configured to authenticate the operation authority when managing the cipher machine
  • the cipher key card 1015 is configured to back up the key stored in the cipher machine, and may also be used to restore the key backed up in the cipher key card to the cipher machine;
  • Printer 1016 including but not limited to a dot matrix printer, for printing a key envelope
  • a key envelope 1017 a digital envelope, is used to store the encrypted content and the encrypted key used to encrypt the content.
  • the present invention realizes multi-level key distribution of software under the primary key distribution system, realizes key replacement in the electronic cash industry, reduces purchase cost, and achieves higher scalability.
  • FIG. 5 is a schematic structural diagram of a KMS client according to another embodiment of the present invention. This embodiment is exemplified by applying the method to the implementation environment shown in FIG. 1.
  • KMS client 201 including one or more:
  • the KMS client 2011 is used to install interface software, and the user can perform system management and key management operations through the interface of the client;
  • the 2012 IC card is configured to store a user authentication key for performing identity authentication when logging in to the key management system;
  • the user card 2014 that is, the IC card held by the individual user, is used to save the key written by the client through the card reader when the card is issued, and supports the terminal device of the IC card to perform the transaction;
  • PSAM card 2015 used to store various keys used in transactions
  • the terminal security module 2016 is configured to process terminal security, including but not limited to saving a client key and a security algorithm operation;
  • the PIN pad 2018 is used for the user to input a password, and the key stored in the PIN pad is used to encrypt the password input by the user.
  • the key management system provided by the foregoing embodiment only uses The division of each of the above functional modules is illustrated by an example. In actual applications, the above function assignments may be completed by different functional modules as needed, that is, the internal structure of the system is divided into different functional modules to complete all or part of the functions described above. .
  • the embodiment of the key management system and the key management method provided in the foregoing embodiments are in the same concept, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
  • FIG. 6 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • the electronic device can be used to implement the item transfer method provided in the above embodiments. Specifically:
  • the terminal 1000 may include an RF (Radio Frequency) circuit 1010, a memory 1020 including one or more computer readable storage media, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, a short-range communication module 1070, A processor 1080 having one or more processing cores, and a power supply 1090 and the like are included.
  • RF Radio Frequency
  • FIG. 10 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or combine some components, or different component arrangements. among them:
  • the RF circuit 1010 can be used for receiving and transmitting signals during and after receiving or transmitting information, in particular, receiving downlink information of the base station and then processing it by one or more processors 1080; in addition, transmitting data related to the uplink to the base station .
  • the RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier). , duplexer, etc.
  • SIM Subscriber Identity Module
  • RF circuit 1010 can also communicate with the network and other devices via wireless communication.
  • Wireless communication can use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access) Divisional Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • e-mail Short Messaging Service
  • the memory 1020 can be used to store software programs and modules, and the processor 1080 executes various functional applications and data processing by running software programs and modules stored in the memory 1020.
  • the memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.)
  • the storage data area can store data (such as audio data, phone book, etc.) created according to the use of the terminal 1000.
  • memory 1020 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, memory 1020 can also include a memory controller to provide access to memory 1020 by processor 1080 and input unit 1030.
  • Input unit 1030 can be used to receive input numeric or character information, as well as to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls.
  • input unit 1030 can include touch-sensitive surface 1031 as well as other input devices 1032.
  • Touch-sensitive surface 1031 also known as a touch display or touchpad, can collect touch operations on or near the user (such as a user using a finger, stylus, etc., on any touch-sensitive surface 1031 or The operation near the touch-sensitive surface 1031) and driving the corresponding connecting device according to a preset program.
  • the touch-sensitive surface 1031 may include two parts of a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 1080 is provided and can receive commands from the processor 1080 and execute them.
  • the touch sensitive surface 1031 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 1030 can also include other input devices 1032.
  • other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • Display unit 1040 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of terminal 1000, which can be constructed from graphics, text, icons, video, and any combination thereof.
  • the display unit 1040 may include a display panel 1041.
  • the display panel 1041 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch-sensitive surface 1031 can cover the display panel 1041, and when the touch-sensitive surface 1031 detects a touch operation thereon or nearby, it is transmitted to the processor 1080 to determine the type of the touch event, and then the processor 1080 according to the touch event The type provides a corresponding visual output on display panel 1041.
  • touch-sensitive surface 1031 and display panel 1041 are implemented as two separate components to implement input and input functions, in some embodiments, touch-sensitive surface 1031 can be integrated with display panel 1041 for input. And output function.
  • Terminal 1000 can also include at least one type of sensor 1050, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of the ambient light, and the proximity sensor may close the display panel 1041 when the terminal 1000 moves to the ear. / or backlight.
  • the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
  • the terminal 1000 can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, not here Let me repeat.
  • Audio circuit 1060, speaker 1061, and microphone 1062 can provide an audio interface between the user and terminal 1000.
  • the audio circuit 1060 can transmit the converted electrical data of the received audio data to the speaker 1061, and convert it into a sound signal output by the speaker 1061; on the other hand, the microphone 1062 converts the collected sound signal into an electrical signal, by the audio circuit 1060. After receiving, it is converted into audio data, and then processed by the audio data output processor 180, transmitted to the terminal, for example, via the RF circuit 110, or outputted to the memory 120 for further processing.
  • the audio circuit 160 may also include an earbud jack to provide communication of the peripheral earphones with the terminal 1000.
  • the short-range communication module 170 may include WiFi (wireless fidelity) technology and/or NFC technology and/or Bluetooth technology and/or infrared technology, and the terminal 1000 may help the user to send and receive emails and browse the webpage through the short-range communication module 170. And accessing streaming media, etc., it provides users with wireless broadband Internet access and close-range communication, such as reading and writing of electronic cards in the embodiment of the present invention.
  • the processor 1080 is the control center of the terminal 1000, connecting various portions of the entire handset with various interfaces and lines, by running or executing software programs and/or modules stored in the memory 1020, and recalling data stored in the memory 1020, The various functions and processing data of the terminal 1000 are performed to perform overall monitoring of the mobile phone.
  • the processor 1080 may include one or more processing cores; preferably, the processor 1080 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 1080.
  • the terminal 1000 also includes a power source 1090 (such as a battery) that supplies power to the various components, preferably, electricity.
  • the source can be logically coupled to the processor 1080 through a power management system to manage functions such as charging, discharging, and power management through a power management system.
  • the power supply 1090 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
  • the terminal 1000 may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
  • the display unit of the electronic device is a touch screen display
  • the electronic device further includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to be one or one
  • the above processor executes one or more programs including a key management method for performing the above.
  • FIG. 7 is a schematic structural diagram of a server according to an embodiment of the present invention.
  • the server 1100 includes a central processing unit (CPU) 1101, a system memory 1104 including a random access memory (RAM) 1102 and a read only memory (ROM) 1103, and a system bus 1105 that connects the system memory 1104 and the central processing unit 1101.
  • the server 1100 also includes a basic input/output system (I/O system) 1106 that facilitates transfer of information between various devices within the computer, and mass storage for storing the operating system 1113, applications 1114, and other program modules 1115.
  • I/O system basic input/output system
  • the basic input/output system 1106 includes a display 1108 for displaying information and an input device 1109 such as a mouse or keyboard for user input of information.
  • the display 1108 and the input device 1109 are both connected to the central processing unit 1101 via an input-output controller 1110 connected to the system bus 1105.
  • the basic input/output system 1106 can also include an input output controller 1110 for receiving and processing input from a plurality of other devices, such as a keyboard, mouse, or electronic stylus.
  • the input and output controller 1110 also provides output to a display screen, printer, or other type of output device.
  • the mass storage device 1107 is connected to the central processing unit 1101 by a mass storage controller (not shown) connected to the system bus 1105.
  • the mass storage device 1107 and its associated computer readable medium provide non-volatile storage for the server 1100. That is, the mass storage device 1107 can include a computer readable medium such as a hard disk or a CD-ROM drive. (not shown).
  • the computer readable medium can include computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Computer storage media include RAM, ROM, EPROM, EEPROM, flash memory or other solid state storage technologies, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices.
  • RAM random access memory
  • ROM read only memory
  • EPROM Erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the server 1100 may also be operated by a remote computer connected to the network through a network such as the Internet. That is, the server 1100 can be connected to the network 1112 through the network interface unit 1111 connected to the system bus 1105, or can also be connected to other types of networks or remote computer systems (not shown) using the network interface unit 1111. .
  • the memory further includes one or more programs, the one or more programs being stored in a memory, the one or more programs including instructions for performing a key management method provided by an embodiment of the present invention.
  • a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système de gestion de clé, qui se rapporte au domaine du traitement de données. Le système de gestion de clé comprend : un serveur KMS (101) comprenant un ou plusieurs serveurs KMS (1011), une machine de chiffrement (1012), un terminal de gestion de machine de chiffrement (1013), une carte de gestion de machine de chiffrement (1014), une carte de clé de machine de chiffrement (1015), un client KMS (102) comprenant un ou plusieurs clients KMS (1021), une carte à circuit intégré (IC) (1022), un lecteur de carte (1023), et le système de gestion de clé peut prendre en charge une gestion de distribution de clé multiniveau et une gestion de clé sur deux étages. Le système réalise une distribution de clé multiniveau d'un logiciel et un remplacement de clé dans le secteur de l'argent électronique par l'intermédiaire d'une architecture de distribution de clé à un niveau, le coût d'achat est réduit et une extensibilité supérieure est obtenue.
PCT/CN2016/077837 2016-03-30 2016-03-30 Système de gestion de clé WO2017166113A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/077837 WO2017166113A1 (fr) 2016-03-30 2016-03-30 Système de gestion de clé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/077837 WO2017166113A1 (fr) 2016-03-30 2016-03-30 Système de gestion de clé

Publications (1)

Publication Number Publication Date
WO2017166113A1 true WO2017166113A1 (fr) 2017-10-05

Family

ID=59962389

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/077837 WO2017166113A1 (fr) 2016-03-30 2016-03-30 Système de gestion de clé

Country Status (1)

Country Link
WO (1) WO2017166113A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800267A (zh) * 2020-07-10 2020-10-20 信雅达系统工程股份有限公司 一种统一管理的密码服务支撑系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (zh) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 一种用于pos终端的密钥管理方法和系统
KR20110031037A (ko) * 2009-09-18 2011-03-24 한국건설교통기술평가원 호환형 교통카드용 키 카드 및 교통카드용 키 카드의 운영방법
CN104202369A (zh) * 2014-08-19 2014-12-10 西安邮电大学 一种新型智能卡多应用授权发卡系统
CN104363090A (zh) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 一种增强银行终端设备安全性的密钥分发装置和方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (zh) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 一种用于pos终端的密钥管理方法和系统
KR20110031037A (ko) * 2009-09-18 2011-03-24 한국건설교통기술평가원 호환형 교통카드용 키 카드 및 교통카드용 키 카드의 운영방법
CN104202369A (zh) * 2014-08-19 2014-12-10 西安邮电大学 一种新型智能卡多应用授权发卡系统
CN104363090A (zh) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 一种增强银行终端设备安全性的密钥分发装置和方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800267A (zh) * 2020-07-10 2020-10-20 信雅达系统工程股份有限公司 一种统一管理的密码服务支撑系统
CN111800267B (zh) * 2020-07-10 2024-04-30 信雅达科技股份有限公司 一种统一管理的密码服务支撑系统

Similar Documents

Publication Publication Date Title
JP7181914B2 (ja) 非ネーティブクレデンシャルを有する電子デバイスを使用したトランザクションの実行
US20230018976A1 (en) Initiation of online payments using an electronic device identifier
TWI703521B (zh) 基於商家資訊之待使用的付款憑證的推薦
CN105706131B (zh) 使用通过已验证的信道传送的密码在电子设备上提供凭据
US20160132862A1 (en) Enhanced near field communications attachment
US10552830B2 (en) Deletion of credentials from an electronic device
US11669822B2 (en) Point-of-sale system having a secure touch mode
CN107210912A (zh) 对应用程序库的授权访问
CA3050132A1 (fr) Equipement de communication en champ proche ameliore
WO2017166113A1 (fr) Système de gestion de clé
WO2017166118A1 (fr) Procédé de gestion de clé
WO2017166111A1 (fr) Système de gestion de clés
US12131306B2 (en) Point-of-sale system having a secure touch mode
WO2017166101A1 (fr) Système de fabrication de cartes
WO2017166103A1 (fr) Système de fabrication de cartes
WO2017166100A1 (fr) Système de fabrication de cartes
WO2017166110A1 (fr) Procédé de fabrication de carte
WO2017166107A1 (fr) Procédé de fabrication de carte
WO2017166068A1 (fr) Système de recharge
WO2017166061A1 (fr) Système de recharge

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16895894

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16895894

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/03/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16895894

Country of ref document: EP

Kind code of ref document: A1