WO2018059262A1 - Data encryption method for hce mode - Google Patents

Data encryption method for hce mode Download PDF

Info

Publication number
WO2018059262A1
WO2018059262A1 PCT/CN2017/102076 CN2017102076W WO2018059262A1 WO 2018059262 A1 WO2018059262 A1 WO 2018059262A1 CN 2017102076 W CN2017102076 W CN 2017102076W WO 2018059262 A1 WO2018059262 A1 WO 2018059262A1
Authority
WO
WIPO (PCT)
Prior art keywords
security information
information interaction
application
key
encryption method
Prior art date
Application number
PCT/CN2017/102076
Other languages
French (fr)
Chinese (zh)
Inventor
张栋
丁林润
李春欢
陆东东
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2018059262A1 publication Critical patent/WO2018059262A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • the present invention relates to a data encryption method, and more particularly to a data encryption method for an HCE mode.
  • the mobile terminal typically includes an application processor, an NFC controller, and a security unit (SE), such as in the form of an SD card or an SE chip. Used to store sensitive information (such as data encryption keys, etc.).
  • SE security unit
  • the above conventional mobile security information interaction scheme has the following problems: since a separate hardware security unit is required, the cost is high and the compatibility complexity is increased (for example, every additional security carrier needs to be regression tested for all applications, and Each additional application also requires regression testing of all security carriers).
  • a mobile security information exchange scheme based on HCE (Host Card Emulation) mode is proposed.
  • the mobile terminal only includes an application processor and an NFC controller, and is based on security stored at the mobile terminal.
  • the application ciphertext key (such as transaction key UDK) in the application encrypts sensitive information (such as transaction data, application transaction counters, etc.) to ensure security during information interaction.
  • the above-mentioned HCE mode-based mobile security information interaction scheme has a problem that since the application ciphertext key is stored in the security application at the mobile terminal and can be used indefinitely, there is a risk of potential malicious misappropriation. Therefore, the safety is low.
  • the present invention proposes a data encryption method for the HCE mode with high security.
  • a data encryption method for an HCE mode comprising the following steps:
  • the Key Management and Data Processing Server generates one or more restriction keys for the security information interaction application residing on the particular mobile terminal and sends the generated one or more restriction keys to The security information is interactively applied;
  • the security information interaction application when performing data interaction for a security information interaction count value according to a user instruction, the security information interaction application is based on one of the one or more restriction keys to encrypt security information interaction data to generate an application Ciphertext, and sending the application ciphertext to the key management and data processing server;
  • the key management and data processing server checks the validity and legality of the application ciphertext, and performs subsequent and the security information after the verification succeeds Interaction data processing operations.
  • the step (A1) further comprises: the key management and data processing server interacting with the application based on the security information or periodically periodically counting the values according to the security information.
  • the preset range generates the one or more restriction keys.
  • the step (A2) further comprises: the security information interaction application transmitting the application ciphertext to the key management and data processing server via a near field communication channel.
  • the step (A1) further comprises: the key management and data processing server storing an application ciphertext key associated with the security information interaction application, and based on the The one or more restriction keys are generated using a ciphertext key.
  • the security information interaction application stores the one or more restriction keys in a trusted execution environment or a white-box encryption library provided by the mobile terminal.
  • each of the one or more restriction keys is bound to a security information interaction count value, that is, the security information interaction application is initiated based on current security information.
  • the security information of the interaction count value is used when interacting with the current security information.
  • a restricted key that is bound.
  • the security information interaction application increments the security information interaction count value maintained by it by one each time the associated set of security information interaction processes is completed.
  • each of the one or more restriction keys fails after being used once.
  • the key management and data processing server generates a restriction key corresponding thereto based on each security information interaction count value, and the security information interaction application is initiated based on the current
  • the security information of the security information interaction count value is generated by using a restriction key bound to the current security information interaction count value to generate the application ciphertext to ensure the uniqueness of each application ciphertext.
  • the step (A1) further comprises: generating the one or more restriction keys in the following manner: (1) using an application associated with the security information interaction application The ciphertext key performs a predetermined arithmetic operation on the predetermined character string to obtain an intermediate key; (2) uses the intermediate key to perform each of a specific range of security information interaction count values and their inverted values A predetermined arithmetic operation to obtain a restriction key respectively corresponding to each of the specific range of security information interaction count values.
  • the step (A2) further comprises: setting an expiration date for each of the one or more restriction keys, and not using a certain restriction key if the expiration date is exceeded , the limit key is invalid.
  • the user is able to add an additional cryptographic operation based on the biometric identification and/or unlocking password to the one or more restriction keys stored by the security information interaction application.
  • the data encryption method for HCE mode disclosed by the present invention has the advantage that since the restriction key can only be used once, it can be stored in a trusted execution environment or a white box database provided by the mobile terminal without independence.
  • the hardware security unit has low cost and can avoid or mitigate the risk of the key being maliciously stolen, so it has high security.
  • FIG. 1 is a flow chart of a data encryption method for an HCE mode in accordance with an embodiment of the present invention.
  • the data encryption method for HCE mode disclosed by the present invention includes the following steps: (A1) Key management and data processing server for security information interaction application resident and running on a specific mobile terminal Generating one or more restriction keys (LUK) and transmitting the generated one or more restriction keys to the security information interaction application; (A2) performing a counter value for a security information interaction according to user instructions
  • the security information interaction application interacts with the encrypted security information (eg, transaction information, etc.) based on one of the one or more restriction keys to generate an application when the data is interactive (eg, the value of the application transaction counter ATC) a ciphertext (for example, an ARQC ciphertext in the financial field), and transmitting the application ciphertext to the key management and data processing server; (A3) after receiving the application ciphertext, the key management And the data processing server verifies the validity and legality of the application ciphertext (for example
  • the step (A1) further includes: the key management and data processing server interacting with the request or periodicity of the application based on the security information.
  • the one or more restriction keys are generated according to a preset range of security information interaction count values.
  • the step (A2) further includes: the security information interaction application transmitting the application ciphertext to the Key management and data processing server.
  • the step (A1) further includes: the key management and data processing server storing an application associated with the security information interaction application a ciphertext key (UDK), and generating the one or more restriction keys based on the application ciphertext key.
  • the key management and data processing server storing an application associated with the security information interaction application a ciphertext key (UDK), and generating the one or more restriction keys based on the application ciphertext key.
  • the security information interaction application stores the one or more in a trusted execution environment or a white-box encryption library provided by the mobile terminal. Limit the key.
  • each of the one or more restriction keys is tied to a security information interaction counter value (eg, the value of the application transaction counter ATC) Determining (ie, each of the plurality of restriction keys has a one-to-one correspondence with each of the plurality of security information interaction count values), that is, the security information interaction application is initiating an interaction based on the current security information.
  • the security information is exchanged using a restricted key that is bound to the current security information interaction count value.
  • the security information interaction application is configured each time after completing an associated set of security information interaction processes (eg, completing a transaction process) The value of the security information interaction count of the maintenance is increased by one.
  • each of the one or more restriction keys fails after being used once.
  • the key management and data processing server generates a restriction key corresponding thereto based on each security information interaction count value
  • the security The sexual information interaction application generates the application ciphertext by using a restriction key bound to the current security information interaction count value when initiating the security information interaction based on the current security information interaction count value to ensure each application.
  • the uniqueness of ciphertext is a restriction key bound to the current security information interaction count value when initiating the security information interaction based on the current security information interaction count value.
  • the step (A1) further comprises: generating the one or more restriction keys in the following manner: (1) use and the security
  • the sexual information interaction application is associated with the application ciphertext key pair predetermined string (eg "CCCCYYMMDDHHNN80", where "CCCC” is a parameter update counter, which is set to UDK plus 1 per batch, "YY” is the year, its The range is 00-99, "MM” is the month, the range is 01-12, “DD” is the date, its range is 01-31, “HH” is the hour, its range is 00-23, “NN” is the current Each time the key update is incremented by one in the hour, the current value is the number of parameter updates within one hour, the range is 0x00-0xFF, "80” is a fixed padding bit) Performing a predetermined arithmetic operation (such as a symmetric encryption algorithm) to obtain the middle Key (LUK-A1); (2) a security
  • the step (A2) further includes: setting an expiration date for each of the one or more restriction keys, and if some If the restricted key exceeds the validity period and is not used, the restricted key is invalid.
  • the user can add the biometric identification and/or unlock password based on the one or more restriction keys stored in the security information interaction application. Additional encryption operations.
  • the data encryption method for HCE mode disclosed by the present invention has the following advantages: since the restriction key can only be used once, it can be stored in a trusted execution environment or a white box database provided by the mobile terminal. Without the need for a separate hardware security unit, the cost is low, and the risk of the key being maliciously stolen can be avoided or mitigated, so that it has high security.

Abstract

The present invention provides a data encryption method for an HCE mode. The method comprises: a key management system and a data processing server generating one or more usage limit keys for a secure information interaction application residing and operating on a specific mobile terminal, and transmitting the generated one or more usage limit keys to the secure information interaction application; when a data interaction for a secure information interaction count value is performed according to a user command, the secure information interaction application generating, based on a piece of encrypted secure information interaction data in the one or more usage limit keys, an application ciphertext, and transmitting the application ciphertext to the key management system and the data processing server; and, after the application ciphertext is received, the key management system and the data processing server verifying the validity and the legitimacy of the application ciphertext, and performing, after verification is completed, a subsequent processing operation associated with the secure information interaction data. The method disclosed by the present invention achieves a high level of security.

Description

用于HCE模式的数据加密方法Data encryption method for HCE mode 技术领域Technical field
本发明涉及数据加密方法,更具体地,涉及用于HCE模式的数据加密方法。The present invention relates to a data encryption method, and more particularly to a data encryption method for an HCE mode.
背景技术Background technique
目前,随着计算机和网络应用的日益广泛以及不同领域的业务种类的日益丰富,使用移动终端(例如智能手机)并经由近场通信技术(例如NFC技术)实施安全性信息交互过程(即对安全性要求较高的信息交互过程,诸如金融领域中的支付交易过程)变得越来越重要。At present, with the increasing popularity of computer and network applications and the growing variety of services in different fields, the use of mobile terminals (such as smart phones) and the implementation of security information interaction processes (ie, security) through near field communication technologies (such as NFC technology) Sexually demanding information exchange processes, such as payment transaction processes in the financial sector, are becoming more and more important.
在常规的基于NFC通信协议的移动式安全性信息交互方案中,移动终端典型地包括应用处理器、NFC控制器以及安全单元(SE),所述安全单元例如是SD卡或SE芯片的形式。用于存储敏感信息(例如数据加密密钥等等)。In a conventional NFC communication protocol based mobile security information interaction scheme, the mobile terminal typically includes an application processor, an NFC controller, and a security unit (SE), such as in the form of an SD card or an SE chip. Used to store sensitive information (such as data encryption keys, etc.).
然而,上述常规的移动式安全性信息交互方案存在如下问题:由于需要独立的硬件安全单元,故成本较高,并且兼容复杂性增高(例如,每增加一款安全载体需要回归测试所有应用,而每增加一款应用同样需要回归测试所有安全载体)。However, the above conventional mobile security information interaction scheme has the following problems: since a separate hardware security unit is required, the cost is high and the compatibility complexity is increased (for example, every additional security carrier needs to be regression tested for all applications, and Each additional application also requires regression testing of all security carriers).
为了解决上述问题,基于HCE(Host Card Emulation)模式的移动式安全性信息交互方案被提出,基于该方案,移动终端仅包括应用处理器和NFC控制器,并基于存储于移动终端处的安全性应用中的应用密文密钥(例如交易密钥UDK)加密敏感信息(例如交易数据、应用交易计数器等等)来确保信息交互过程中的安全性。In order to solve the above problem, a mobile security information exchange scheme based on HCE (Host Card Emulation) mode is proposed. Based on the scheme, the mobile terminal only includes an application processor and an NFC controller, and is based on security stored at the mobile terminal. The application ciphertext key (such as transaction key UDK) in the application encrypts sensitive information (such as transaction data, application transaction counters, etc.) to ensure security during information interaction.
然而,上述基于HCE模式的移动式安全性信息交互方案存在如下问题:由于应用密文密钥被存储于移动终端处的安全性应用中且能够被无限使用,故存在潜在的被恶意盗用的风险,故安全性较低。However, the above-mentioned HCE mode-based mobile security information interaction scheme has a problem that since the application ciphertext key is stored in the security application at the mobile terminal and can be used indefinitely, there is a risk of potential malicious misappropriation. Therefore, the safety is low.
因此,存在如下需求:提供具有高的安全性的用于HCE模式的数据加密方法。Therefore, there is a need to provide a data encryption method for the HCE mode with high security.
发明内容 Summary of the invention
为了解决上述现有技术方案所存在的问题,本发明提出了具有高的安全性的用于HCE模式的数据加密方法。In order to solve the problems of the above prior art solutions, the present invention proposes a data encryption method for the HCE mode with high security.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种用于HCE模式的数据加密方法,所述用于HCE模式的数据加密方法包括下列步骤:A data encryption method for an HCE mode, the data encryption method for the HCE mode comprising the following steps:
(A1)密钥管理及数据处理服务器针对驻留并运行于特定的移动终端上的安全性信息交互应用生成一个或多个限制密钥,并将所生成的一个或多个限制密钥发送至所述安全性信息交互应用;(A1) The Key Management and Data Processing Server generates one or more restriction keys for the security information interaction application residing on the particular mobile terminal and sends the generated one or more restriction keys to The security information is interactively applied;
(A2)在根据用户指令进行针对一个安全性信息交互计数值的数据交互时,所述安全性信息交互应用基于所述一个或多个限制密钥中的一个加密安全性信息交互数据以生成应用密文,并将所述应用密文发送至所述密钥管理及数据处理服务器;(A2), when performing data interaction for a security information interaction count value according to a user instruction, the security information interaction application is based on one of the one or more restriction keys to encrypt security information interaction data to generate an application Ciphertext, and sending the application ciphertext to the key management and data processing server;
(A3)在接收到所述应用密文后,所述密钥管理及数据处理服务器校验所述应用密文的有效性和合法性,并在验证成功后执行后续的与所述安全性信息交互数据相关联的处理操作。(A3) after receiving the application ciphertext, the key management and data processing server checks the validity and legality of the application ciphertext, and performs subsequent and the security information after the verification succeeds Interaction data processing operations.
在上面所公开的方案中,优选地,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器基于所述安全性信息交互应用的请求或者周期性地根据安全性信息交互计数值的预设范围生成所述一个或多个限制密钥。In the solution disclosed above, preferably, the step (A1) further comprises: the key management and data processing server interacting with the application based on the security information or periodically periodically counting the values according to the security information. The preset range generates the one or more restriction keys.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:所述安全性信息交互应用经由近场通信信道将所述应用密文发送至所述密钥管理及数据处理服务器。In the solution disclosed above, preferably, the step (A2) further comprises: the security information interaction application transmitting the application ciphertext to the key management and data processing server via a near field communication channel.
在上面所公开的方案中,优选地,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器存储与所述安全性信息交互应用相关联的应用密文密钥,并基于该应用密文密钥生成所述一个或多个限制密钥。In the solution disclosed above, preferably, the step (A1) further comprises: the key management and data processing server storing an application ciphertext key associated with the security information interaction application, and based on the The one or more restriction keys are generated using a ciphertext key.
在上面所公开的方案中,优选地,所述安全性信息交互应用在所述移动终端提供的可信执行环境或白盒加密库中存储所述一个或多个限制密钥。In the solution disclosed above, preferably, the security information interaction application stores the one or more restriction keys in a trusted execution environment or a white-box encryption library provided by the mobile terminal.
在上面所公开的方案中,优选地,所述一个或多个限制密钥中的每个与一个安全性信息交互计数值绑定,即所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相 绑定的一个限制密钥。In the solution disclosed above, preferably, each of the one or more restriction keys is bound to a security information interaction count value, that is, the security information interaction application is initiated based on current security information. The security information of the interaction count value is used when interacting with the current security information. A restricted key that is bound.
在上面所公开的方案中,优选地,所述安全性信息交互应用在每次完成相关联的一组安全性信息交互过程后将其维护的安全性信息交互计数值加1。In the solution disclosed above, preferably, the security information interaction application increments the security information interaction count value maintained by it by one each time the associated set of security information interaction processes is completed.
在上面所公开的方案中,优选地,所述一个或多个限制密钥中的每个在被使用一次后均失效。In the solution disclosed above, preferably, each of the one or more restriction keys fails after being used once.
在上面所公开的方案中,优选地,所述密钥管理及数据处理服务器基于每个安全性信息交互计数值生成与其相对应的限制密钥,并且所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相绑定的一个限制密钥生成所述应用密文,以确保每个应用密文的唯一性。In the solution disclosed above, preferably, the key management and data processing server generates a restriction key corresponding thereto based on each security information interaction count value, and the security information interaction application is initiated based on the current The security information of the security information interaction count value is generated by using a restriction key bound to the current security information interaction count value to generate the application ciphertext to ensure the uniqueness of each application ciphertext.
在上面所公开的方案中,优选地,所述步骤(A1)进一步包括:以如下方式生成所述一个或多个限制密钥:(1)使用与所述安全性信息交互应用相关联的应用密文密钥对预定字符串执行预定的运算操作以获得中间密钥;(2)使用所述中间密钥对特定范围的安全性信息交互计数值中的每个及其取反后的值执行预定的运算操作,以得到与所述特定范围的安全性信息交互计数值中的每个分别对应的限制密钥。In the solution disclosed above, preferably, the step (A1) further comprises: generating the one or more restriction keys in the following manner: (1) using an application associated with the security information interaction application The ciphertext key performs a predetermined arithmetic operation on the predetermined character string to obtain an intermediate key; (2) uses the intermediate key to perform each of a specific range of security information interaction count values and their inverted values A predetermined arithmetic operation to obtain a restriction key respectively corresponding to each of the specific range of security information interaction count values.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:为所述一个或多个限制密钥中的每个设定有效期,并且如果某个限制密钥超过有效期未被使用,则该限制密钥失效。In the solution disclosed above, preferably, the step (A2) further comprises: setting an expiration date for each of the one or more restriction keys, and not using a certain restriction key if the expiration date is exceeded , the limit key is invalid.
在上面所公开的方案中,优选地,用户能够对所述安全性信息交互应用存储的所述一个或多个限制密钥增加基于生物识别和/或解锁口令的附加的加密操作。In the solution disclosed above, preferably, the user is able to add an additional cryptographic operation based on the biometric identification and/or unlocking password to the one or more restriction keys stored by the security information interaction application.
本发明所公开的用于HCE模式的数据加密方法具有以下优点:由于限制密钥仅能够使用一次,故其可以被存储在移动终端所提供的可信执行环境或白盒数据库中,而无需独立的硬件安全单元,故成本较低,并且能够避免或者减轻密钥被恶意盗用的风险,故具有高的安全性。The data encryption method for HCE mode disclosed by the present invention has the advantage that since the restriction key can only be used once, it can be stored in a trusted execution environment or a white box database provided by the mobile terminal without independence. The hardware security unit has low cost and can avoid or mitigate the risk of the key being maliciously stolen, so it has high security.
附图说明DRAWINGS
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中: The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的用于HCE模式的数据加密方法的流程图。1 is a flow chart of a data encryption method for an HCE mode in accordance with an embodiment of the present invention.
具体实施方式detailed description
图1是根据本发明的实施例的用于HCE模式的数据加密方法的流程图。如图1所示,本发明所公开的用于HCE模式的数据加密方法包括下列步骤:(A1)密钥管理及数据处理服务器针对驻留并运行于特定的移动终端上的安全性信息交互应用生成一个或多个限制密钥(LUK),并将所生成的一个或多个限制密钥发送至所述安全性信息交互应用;(A2)在根据用户指令进行针对一个安全性信息交互计数值(例如应用交易计数器ATC的值)的数据交互时,所述安全性信息交互应用基于所述一个或多个限制密钥中的一个加密安全性信息交互数据(例如交易信息等等)以生成应用密文(例如金融领域中的ARQC密文),并将所述应用密文发送至所述密钥管理及数据处理服务器;(A3)在接收到所述应用密文后,所述密钥管理及数据处理服务器校验所述应用密文的有效性和合法性(例如以与步骤(A2)所采用的方式相同的方式生成应用密文副本,并随之将所接收的应用密文与应用密文副本相比对),并在验证成功后执行后续的与所述安全性信息交互数据相关联的处理操作。1 is a flow chart of a data encryption method for an HCE mode in accordance with an embodiment of the present invention. As shown in FIG. 1, the data encryption method for HCE mode disclosed by the present invention includes the following steps: (A1) Key management and data processing server for security information interaction application resident and running on a specific mobile terminal Generating one or more restriction keys (LUK) and transmitting the generated one or more restriction keys to the security information interaction application; (A2) performing a counter value for a security information interaction according to user instructions The security information interaction application interacts with the encrypted security information (eg, transaction information, etc.) based on one of the one or more restriction keys to generate an application when the data is interactive (eg, the value of the application transaction counter ATC) a ciphertext (for example, an ARQC ciphertext in the financial field), and transmitting the application ciphertext to the key management and data processing server; (A3) after receiving the application ciphertext, the key management And the data processing server verifies the validity and legality of the application ciphertext (for example, generating a copy of the application ciphertext in the same manner as that used in step (A2), and subsequently receiving the received application Wen ciphertext compared to the copy application), and the subsequent processing operations and said security information interaction data associated After a successful authentication.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器基于所述安全性信息交互应用的请求或者周期性地根据安全性信息交互计数值的预设范围生成所述一个或多个限制密钥。Preferably, in the data encryption method for the HCE mode disclosed by the present invention, the step (A1) further includes: the key management and data processing server interacting with the request or periodicity of the application based on the security information. The one or more restriction keys are generated according to a preset range of security information interaction count values.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述步骤(A2)进一步包括:所述安全性信息交互应用经由近场通信信道将所述应用密文发送至所述密钥管理及数据处理服务器。Preferably, in the data encryption method for HCE mode disclosed in the present invention, the step (A2) further includes: the security information interaction application transmitting the application ciphertext to the Key management and data processing server.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器存储与所述安全性信息交互应用相关联的应用密文密钥(UDK),并基于该应用密文密钥生成所述一个或多个限制密钥。Preferably, in the data encryption method for the HCE mode disclosed in the present invention, the step (A1) further includes: the key management and data processing server storing an application associated with the security information interaction application a ciphertext key (UDK), and generating the one or more restriction keys based on the application ciphertext key.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述安全性信息交互应用在所述移动终端提供的可信执行环境或白盒加密库中存储所述一个或多个限制密钥。 Preferably, in the data encryption method for HCE mode disclosed by the present invention, the security information interaction application stores the one or more in a trusted execution environment or a white-box encryption library provided by the mobile terminal. Limit the key.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述一个或多个限制密钥中的每个与一个安全性信息交互计数值(例如应用交易计数器ATC的值)绑定(即多个限制密钥中的每个与多个安全性信息交互计数值中的每个具有一一对应关系),即所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相绑定的一个限制密钥。Preferably, in the data encryption method for HCE mode disclosed by the present invention, each of the one or more restriction keys is tied to a security information interaction counter value (eg, the value of the application transaction counter ATC) Determining (ie, each of the plurality of restriction keys has a one-to-one correspondence with each of the plurality of security information interaction count values), that is, the security information interaction application is initiating an interaction based on the current security information. The security information is exchanged using a restricted key that is bound to the current security information interaction count value.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述安全性信息交互应用在每次完成相关联的一组安全性信息交互过程(例如完成一次交易过程)后将其维护的安全性信息交互计数值加1。Preferably, in the data encryption method for HCE mode disclosed by the present invention, the security information interaction application is configured each time after completing an associated set of security information interaction processes (eg, completing a transaction process) The value of the security information interaction count of the maintenance is increased by one.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述一个或多个限制密钥中的每个在被使用一次后均失效。Preferably, in the data encryption method for HCE mode disclosed by the present invention, each of the one or more restriction keys fails after being used once.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述密钥管理及数据处理服务器基于每个安全性信息交互计数值生成与其相对应的限制密钥,并且所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相绑定的一个限制密钥生成所述应用密文,以确保每个应用密文的唯一性。Preferably, in the data encryption method for HCE mode disclosed by the present invention, the key management and data processing server generates a restriction key corresponding thereto based on each security information interaction count value, and the security The sexual information interaction application generates the application ciphertext by using a restriction key bound to the current security information interaction count value when initiating the security information interaction based on the current security information interaction count value to ensure each application. The uniqueness of ciphertext.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述步骤(A1)进一步包括:以如下方式生成所述一个或多个限制密钥:(1)使用与所述安全性信息交互应用相关联的应用密文密钥对预定字符串(例如“CCCCYYMMDDHHNN80”,其中,“CCCC”是参数更新计数器,其每批量次被设置为UDK加1,“YY”是年份,其范围为00-99,“MM”是月份,其范围为01-12,“DD”是日期,其范围为01-31,“HH”是小时,其范围为00-23,“NN”是当前小时内每次密钥更新加1,当前值为一小时内参数更新的次数,其范围是0x00-0xFF,“80”是固定填充位)执行预定的运算操作(例如对称加密算法)以获得中间密钥(LUK-A1);(2)使用所述中间密钥对特定范围(例如每批针对连续的10个安全性信息交互计数值)的安全性信息交互计数值(例如应用交易计数器ATC的值)中的每个及其取反后的值执行预定的运算操作(例如采用与常规的方案中生成过程密钥SK的算法相同的算法),以得到与所述特定范围的安全性信息交互计数值中的每个分别对应的限制密钥。 Preferably, in the data encryption method for the HCE mode disclosed in the present invention, the step (A1) further comprises: generating the one or more restriction keys in the following manner: (1) use and the security The sexual information interaction application is associated with the application ciphertext key pair predetermined string (eg "CCCCYYMMDDHHNN80", where "CCCC" is a parameter update counter, which is set to UDK plus 1 per batch, "YY" is the year, its The range is 00-99, "MM" is the month, the range is 01-12, "DD" is the date, its range is 01-31, "HH" is the hour, its range is 00-23, "NN" is the current Each time the key update is incremented by one in the hour, the current value is the number of parameter updates within one hour, the range is 0x00-0xFF, "80" is a fixed padding bit) Performing a predetermined arithmetic operation (such as a symmetric encryption algorithm) to obtain the middle Key (LUK-A1); (2) a security information interaction count value using the intermediate key for a specific range (eg, for each batch of consecutive 10 security information interaction count values) (eg, application transaction counter ATC) Each of the values) and its inverted value perform a predetermined operation (E.g. using the same algorithm as that generated in the conventional process program key SK) operations to be limited key security information interaction with the particular count value for each range corresponding to each.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,所述步骤(A2)进一步包括:为所述一个或多个限制密钥中的每个设定有效期,并且如果某个限制密钥超过有效期未被使用,则该限制密钥失效。Preferably, in the data encryption method for HCE mode disclosed in the present invention, the step (A2) further includes: setting an expiration date for each of the one or more restriction keys, and if some If the restricted key exceeds the validity period and is not used, the restricted key is invalid.
优选地,在本发明所公开的用于HCE模式的数据加密方法中,用户能够对所述安全性信息交互应用存储的所述一个或多个限制密钥增加基于生物识别和/或解锁口令的附加的加密操作。Preferably, in the data encryption method for the HCE mode disclosed by the present invention, the user can add the biometric identification and/or unlock password based on the one or more restriction keys stored in the security information interaction application. Additional encryption operations.
由上可见,本发明所公开的用于HCE模式的数据加密方法具有下列优点:由于限制密钥仅能够使用一次,故其可以被存储在移动终端所提供的可信执行环境或白盒数据库中,而无需独立的硬件安全单元,故成本较低,并且能够避免或者减轻密钥被恶意盗用的风险,故具有高的安全性。As can be seen from the above, the data encryption method for HCE mode disclosed by the present invention has the following advantages: since the restriction key can only be used once, it can be stored in a trusted execution environment or a white box database provided by the mobile terminal. Without the need for a separate hardware security unit, the cost is low, and the risk of the key being maliciously stolen can be avoided or mitigated, so that it has high security.
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.

Claims (12)

  1. 一种用于HCE模式的数据加密方法,所述用于HCE模式的数据加密方法包括下列步骤:A data encryption method for an HCE mode, the data encryption method for the HCE mode comprising the following steps:
    (A1)密钥管理及数据处理服务器针对驻留并运行于特定的移动终端上的安全性信息交互应用生成一个或多个限制密钥,并将所生成的一个或多个限制密钥发送至所述安全性信息交互应用;(A1) The Key Management and Data Processing Server generates one or more restriction keys for the security information interaction application residing on the particular mobile terminal and sends the generated one or more restriction keys to The security information is interactively applied;
    (A2)在根据用户指令进行针对一个安全性信息交互计数值的数据交互时,所述安全性信息交互应用基于所述一个或多个限制密钥中的一个加密安全性信息交互数据以生成应用密文,并将所述应用密文发送至所述密钥管理及数据处理服务器;(A2), when performing data interaction for a security information interaction count value according to a user instruction, the security information interaction application is based on one of the one or more restriction keys to encrypt security information interaction data to generate an application Ciphertext, and sending the application ciphertext to the key management and data processing server;
    (A3)在接收到所述应用密文后,所述密钥管理及数据处理服务器校验所述应用密文的有效性和合法性,并在验证成功后执行后续的与所述安全性信息交互数据相关联的处理操作。(A3) after receiving the application ciphertext, the key management and data processing server checks the validity and legality of the application ciphertext, and performs subsequent and the security information after the verification succeeds Interaction data processing operations.
  2. 根据权利要求1所述的用于HCE模式的数据加密方法,其特征在于,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器基于所述安全性信息交互应用的请求或者周期性地根据安全性信息交互计数值的预设范围生成所述一个或多个限制密钥。The data encryption method for HCE mode according to claim 1, wherein the step (A1) further comprises: the key management and data processing server interacting with the request or period of the application based on the security information The one or more restriction keys are generated in accordance with a preset range of security information interaction count values.
  3. 根据权利要求2所述的用于HCE模式的数据加密方法,其特征在于,所述步骤(A2)进一步包括:所述安全性信息交互应用经由近场通信信道将所述应用密文发送至所述密钥管理及数据处理服务器。The data encryption method for HCE mode according to claim 2, wherein said step (A2) further comprises: said security information interaction application transmitting said application ciphertext to said office via a near field communication channel The key management and data processing server.
  4. 根据权利要求3所述的用于HCE模式的数据加密方法,其特征在于,所述步骤(A1)进一步包括:所述密钥管理及数据处理服务器存储与所述安全性信息交互应用相关联的应用密文密钥,并基于该应用密文密钥生成所述一个或多个限制密钥。The data encryption method for HCE mode according to claim 3, wherein the step (A1) further comprises: the key management and data processing server storing an association associated with the security information interaction application Applying a ciphertext key and generating the one or more restriction keys based on the application ciphertext key.
  5. 根据权利要求4所述的用于HCE模式的数据加密方法,其特征在于,所述安全性信息交互应用在所述移动终端提供的可信执行环境或白盒加密库中存储所 述一个或多个限制密钥。The data encryption method for an HCE mode according to claim 4, wherein the security information interaction application is stored in a trusted execution environment or a white box encryption library provided by the mobile terminal. Describe one or more restriction keys.
  6. 根据权利要求5所述的用于HCE模式的数据加密方法,其特征在于,所述一个或多个限制密钥中的每个与一个安全性信息交互计数值绑定,即所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相绑定的一个限制密钥。The data encryption method for HCE mode according to claim 5, wherein each of the one or more restriction keys is bound to a security information interaction count value, that is, the security information The interaction application uses a restriction key bound to the current security information interaction count value when initiating a security information interaction based on the current security information interaction count value.
  7. 根据权利要求6所述的用于HCE模式的数据加密方法,其特征在于,所述安全性信息交互应用在每次完成相关联的一组安全性信息交互过程后将其维护的安全性信息交互计数值加1。The data encryption method for the HCE mode according to claim 6, wherein the security information interaction application interacts with the security information maintained by the security information interaction process after completing an associated set of security information interaction processes. The count value is incremented by 1.
  8. 根据权利要求7所述的用于HCE模式的数据加密方法,其特征在于,所述一个或多个限制密钥中的每个在被使用一次后均失效。The data encryption method for HCE mode according to claim 7, wherein each of said one or more restriction keys fails after being used once.
  9. 根据权利要求8所述的用于HCE模式的数据加密方法,其特征在于,所述密钥管理及数据处理服务器基于每个安全性信息交互计数值生成与其相对应的限制密钥,并且所述安全性信息交互应用在发起基于当前安全性信息交互计数值的安全性信息交互时使用与该当前安全性信息交互计数值相绑定的一个限制密钥生成所述应用密文,以确保每个应用密文的唯一性。The data encryption method for HCE mode according to claim 8, wherein the key management and data processing server generates a restriction key corresponding thereto based on each security information interaction count value, and The security information interaction application generates the application ciphertext by using a restriction key bound to the current security information interaction count value when initiating the security information interaction based on the current security information interaction count value to ensure each The uniqueness of applying ciphertext.
  10. 根据权利要求9所述的用于HCE模式的数据加密方法,其特征在于,所述步骤(A1)进一步包括:以如下方式生成所述一个或多个限制密钥:(1)使用与所述安全性信息交互应用相关联的应用密文密钥对预定字符串执行预定的运算操作以获得中间密钥;(2)使用所述中间密钥对特定范围的安全性信息交互计数值中的每个及其取反后的值执行预定的运算操作,以得到与所述特定范围的安全性信息交互计数值中的每个分别对应的限制密钥。The data encryption method for HCE mode according to claim 9, wherein the step (A1) further comprises: generating the one or more restriction keys in the following manner: (1) using and The security information interaction application associates the application ciphertext key to perform a predetermined operation operation on the predetermined character string to obtain an intermediate key; and (2) uses the intermediate key to each of the specific range of security information interaction count values And the inverted values perform a predetermined arithmetic operation to obtain a restriction key respectively corresponding to each of the specific range of security information interaction count values.
  11. 根据权利要求10所述的用于HCE模式的数据加密方法,其特征在于,所述步骤(A2)进一步包括:为所述一个或多个限制密钥中的每个设定有效期,并且如果某个限制密钥超过有效期未被使用,则该限制密钥失效。The data encryption method for HCE mode according to claim 10, wherein said step (A2) further comprises: setting an expiration date for each of said one or more restriction keys, and if If the limit key is not used beyond the validity period, the limit key is invalid.
  12. 根据权利要求11所述的用于HCE模式的数据加密方法,其特征在于,用户能够对所述安全性信息交互应用存储的所述一个或多个限制密钥增加基于生物识别和/或解锁口令的附加的加密操作。 The data encryption method for HCE mode according to claim 11, wherein the user is capable of adding the biometric identification and/or unlocking password to the one or more restriction keys stored in the security information interaction application. Additional cryptographic operations.
PCT/CN2017/102076 2016-09-30 2017-09-18 Data encryption method for hce mode WO2018059262A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610870709.6 2016-09-30
CN201610870709.6A CN106357663A (en) 2016-09-30 2016-09-30 Data encryption method for host card emulation (HCE) mode

Publications (1)

Publication Number Publication Date
WO2018059262A1 true WO2018059262A1 (en) 2018-04-05

Family

ID=57866033

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/102076 WO2018059262A1 (en) 2016-09-30 2017-09-18 Data encryption method for hce mode

Country Status (3)

Country Link
CN (1) CN106357663A (en)
TW (1) TWI774695B (en)
WO (1) WO2018059262A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357663A (en) * 2016-09-30 2017-01-25 中国银联股份有限公司 Data encryption method for host card emulation (HCE) mode

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635168A (en) * 2016-01-25 2016-06-01 恒宝股份有限公司 Off-line transaction device and security key using method thereof
CN105631655A (en) * 2015-07-23 2016-06-01 宇龙计算机通信科技(深圳)有限公司 HCE-based mobile payment method, device and mobile terminal
CN105678543A (en) * 2015-12-31 2016-06-15 深圳前海微众银行股份有限公司 Payment secret key calculating method and device
US9432087B2 (en) * 2014-10-01 2016-08-30 Gotrust Technology Inc. Communication system and method for near field communication
CN106357663A (en) * 2016-09-30 2017-01-25 中国银联股份有限公司 Data encryption method for host card emulation (HCE) mode

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10460314B2 (en) * 2013-07-10 2019-10-29 Ca, Inc. Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
CN105590200A (en) * 2015-03-11 2016-05-18 中国银联股份有限公司 Data transmission method and user equipment for mobile near field payment
CN105809447A (en) * 2016-03-30 2016-07-27 中国银联股份有限公司 Payment authentication method and system based on face recognition and HCE

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9432087B2 (en) * 2014-10-01 2016-08-30 Gotrust Technology Inc. Communication system and method for near field communication
CN105631655A (en) * 2015-07-23 2016-06-01 宇龙计算机通信科技(深圳)有限公司 HCE-based mobile payment method, device and mobile terminal
CN105678543A (en) * 2015-12-31 2016-06-15 深圳前海微众银行股份有限公司 Payment secret key calculating method and device
CN105635168A (en) * 2016-01-25 2016-06-01 恒宝股份有限公司 Off-line transaction device and security key using method thereof
CN106357663A (en) * 2016-09-30 2017-01-25 中国银联股份有限公司 Data encryption method for host card emulation (HCE) mode

Also Published As

Publication number Publication date
TWI774695B (en) 2022-08-21
TW201814579A (en) 2018-04-16
CN106357663A (en) 2017-01-25

Similar Documents

Publication Publication Date Title
US11877213B2 (en) Methods and systems for asset obfuscation
US11856104B2 (en) Methods for secure credential provisioning
AU2022224799B2 (en) Methods for secure cryptogram generation
US11374754B2 (en) System and method for generating trust tokens
US11824998B2 (en) System and method for software module binding
US20210328799A1 (en) Automated authentication of a new network element
WO2018059262A1 (en) Data encryption method for hce mode
TW201828134A (en) Ciphertext-based identity verification method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17854712

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17854712

Country of ref document: EP

Kind code of ref document: A1