WO2019023979A1 - Method for generating configurable pos machine secret key pair, and storage medium - Google Patents

Method for generating configurable pos machine secret key pair, and storage medium Download PDF

Info

Publication number
WO2019023979A1
WO2019023979A1 PCT/CN2017/095614 CN2017095614W WO2019023979A1 WO 2019023979 A1 WO2019023979 A1 WO 2019023979A1 CN 2017095614 W CN2017095614 W CN 2017095614W WO 2019023979 A1 WO2019023979 A1 WO 2019023979A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
key pair
configuration file
center
pair generation
Prior art date
Application number
PCT/CN2017/095614
Other languages
French (fr)
Chinese (zh)
Inventor
洪逸轩
孟陆强
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to CN201780000802.4A priority Critical patent/CN107637014B/en
Priority to PCT/CN2017/095614 priority patent/WO2019023979A1/en
Publication of WO2019023979A1 publication Critical patent/WO2019023979A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • a preset configuration file where parameters in the configuration file include a terminal key pair generation manner

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Storage Device Security (AREA)

Abstract

Provided by the present invention are a method for generating a configurable point of sale (POS) machine secret key pair and a computer readable storage medium, the method comprising: presetting a configuration file, parameters in the configuration file comprising a manner of generating a terminal secret key pair; according to the performance that is produced by the terminal, setting parameters for a manner of generating a terminal secret key pair in a corresponding configuration file; during the production process, the terminal obtaining the corresponding configuration file; the terminal parsing the configuration file and generating a secret key pair according to the manner of generating a terminal secret key pair that is set in the configuration file. The present invention may make full use of the performance of a POS machine terminal, while reducing the load of a certificate authority (CA) center service end, and may also reduce the transmission frequency of sensitive data and improve data security; further, the method may ensure consistency in the production processes of equipment having different performances without needing to design different equipment production processes for different asymmetric secret key pair generation solutions according to conditions, while also being able to meet a variety of different needs.

Description

可配置的 POS机密钥对生成方法、 存储介质 技术领域  Configurable POS key pair generation method, storage medium
[0001] 本发明涉及电子支付领域, 具体说的是一种可配置的 POS机密钥对生成方法和 一种计算机可读存储介质。  [0001] The present invention relates to the field of electronic payment, and more particularly to a configurable POS machine key pair generation method and a computer readable storage medium.
背景技术  Background technique
[0002] POS (point of sale) 是一种多功能终端, 把它安装在信用卡的特约商户和受理 网点中与计算机联成网络, 就能实现电子资金自动转账, 它具有支持消费、 预 授权、 余额査询和转账等功能。 由于 P0S机与商户后台之间的数据交互、 传输过 程是在幵放环境下进行的, 为了保证 P0S使用过程中的安全、 可靠性, 防止有人 恶意监听网络数据进而获取到持卡人信息及相应的密码, P0S机与商户后台服务 器之间的信息交互则必须在一套的规范严密的加密通讯协议下进行。  [0002] POS (point of sale) is a multi-functional terminal. It can be installed in a special merchant of a credit card and a network of terminals to connect to a computer to realize automatic transfer of electronic funds. It has support for consumption, pre-authorization, Balance inquiry and transfer functions. Since the data interaction and transmission process between the P0S machine and the merchant background are performed in a zooming environment, in order to ensure the security and reliability during the use of the P0S, it is prevented that someone maliciously listens to the network data and obtains the cardholder information and corresponding The password, the information exchange between the P0S machine and the merchant back-end server must be carried out under a set of tightly-encrypted communication protocols.
[0003] 目前, 比较成熟的一套解决方案是: P0S终端通过 P0S厂商的 CA中心申请 CA 证书, P0S终端与商户后台服务器之间通过 CA安全认证体系进行身份识别与数 据保密通讯、 以及数据完整性、 不可否认性及吋间戳服务等来进行安全通信与 安全交互活动, 即 P0S终端需要通过向 CA中心发送申请证书请求, 依赖 CA中心 的服务器生成非对称密钥对, 并传回证书。  [0003] At present, a relatively mature solution is: The P0S terminal applies for the CA certificate through the CA center of the P0S vendor, and the identity and data security communication and the data integrity are completed between the P0S terminal and the merchant background server through the CA security authentication system. Sexuality, non-repudiation and inter-posting services are used to conduct secure communication and security interaction activities. That is, the POS terminal needs to send a request for a certificate to the CA center, rely on the server of the CA center to generate an asymmetric key pair, and return the certificate.
[0004] 现有的这种方式的缺点有: 1) 完全依赖 CA中心生成非对称密钥对, 加大 CA 中心服务器的运行负荷, 没有充分利用 P0S终端的性能, 无法灵活根据 P0S终端 本身的性能情况进行合理的负载均衡。 目前, 随着硬性技术的发展, P0S的终端 设备的性能有分不同层级, 一些高端配置的 P0S机的性能完会可以胜任自行快速 的生成非对称密钥对的功能。 2) 非对称密钥对由 CA中心的服务器生成再传回 P OS终端过程中, 存在私钥在数据传输过程中的安全隐患, 需要另外设计一整套 的传递敏感信息数据的安全传输私钥的方案。  [0004] The disadvantages of the existing methods are as follows: 1) completely relying on the CA center to generate an asymmetric key pair, increasing the operational load of the CA central server, not fully utilizing the performance of the POS terminal, and being unable to flexibly according to the P0S terminal itself. Performance performance for reasonable load balancing. At present, with the development of hard technologies, the performance of P0S terminal devices has different levels. The performance of some high-end P0S machines will be able to quickly generate asymmetric key pairs. 2) The asymmetric key pair is generated by the CA center server and then transmitted back to the P OS terminal. There is a security risk in the data transmission process of the private key. It is necessary to design a complete set of secure transmission private key for transmitting sensitive information data. Program.
[0005] 因此, 有必要提供一种能够解决上述问题的 P0S机密钥对生成方法和一种计算 机可读存储介质。  [0005] Therefore, it is necessary to provide a POS machine key pair generation method and a computer readable storage medium capable of solving the above problems.
技术问题 [0006] 本发明所要解决的技术问题是: 提供一种可配置的 POS机密钥对生成方法、 存 储介质, 能够依据 POS机本身的性能灵活配置密钥生成方式, 充分利用 POS终端 自身资源, 均衡 CA中心的负载。 technical problem The technical problem to be solved by the present invention is to provide a configurable POS key pair generation method and a storage medium, which can flexibly configure a key generation manner according to the performance of the POS machine itself, and fully utilize the POS terminal's own resources. Balance the load of the CA center.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0007] 为了解决上述技术问题, 本发明采用的技术方案为:  [0007] In order to solve the above technical problem, the technical solution adopted by the present invention is:
[0008] 可配置的 POS机密钥对生成方法, 包括: [0008] A configurable POS key pair generation method includes:
[0009] 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式;  [0009] a preset configuration file, where parameters in the configuration file include a terminal key pair generation manner;
[0010] 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式 这一参数; [0010] setting the terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
[0011] 在生产过程, 终端获取相应的配置文件;  [0011] in the production process, the terminal acquires a corresponding configuration file;
[0012] 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式生成 密钥对。  [0012] The terminal parses the configuration file, and generates a key pair according to the terminal key pair generation manner set in the configuration file.
[0013] 本发明提供的另一个技术方案为:  [0013] Another technical solution provided by the present invention is:
[0014] 一种计算机可读存储介质, 其上存储有计算机程序, 所述程序被处理器执行吋 实现以下步骤:  [0014] A computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
[0015] 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式;  [0015] a preset configuration file, where parameters in the configuration file include a terminal key pair generation manner;
[0016] 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式 这一参数; [0016] setting the terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
[0017] 在生产过程, 终端获取相应的配置文件;  [0017] in the production process, the terminal acquires a corresponding configuration file;
[0018] 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式生成 密钥对。  [0018] The terminal parses the configuration file, and generates a key pair according to the terminal key pair generation manner set in the configuration file.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0019] 本发明的有益效果在于: 本发明通过在生产前序阶段预设配置文件, 依据终端 本身的性能设定终端密钥对生成方式, 在生成后续阶段, 终端自行解析配置文 件获取密钥对生成方式, 实现充分利用 POS机终端的性能, 减轻 CA中心服务端 的负载, 同吋又能减少敏感数据的传输次数, 降低敏感数据在传输过程中的安 全风险; 进一步的, 以统一格式的配置文件实现不同密钥生成文件的配置, 能 确保性能各异的终端在生产流程的一致性。 [0019] The beneficial effects of the present invention are as follows: The present invention sets a configuration file in a pre-production stage, and sets a terminal key pair generation manner according to the performance of the terminal itself. In the subsequent stage of generation, the terminal parses the configuration file to obtain a key. For the generation method, the full use of the performance of the POS terminal and the load of the CA center server can be reduced, and the number of sensitive data transmission can be reduced, and the sensitive data can be reduced during transmission. Fully risk; Further, the configuration of different key generation files in a unified format configuration file ensures consistency of the production process for terminals with different performances.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0020] 图 1为本发明一种可配置的 POS机密钥对生成方法的流程示意图;  1 is a schematic flow chart of a configurable POS machine key pair generation method according to the present invention;
[0021] 图 2为本发明实施例一的流程示意图。 2 is a schematic flow chart of Embodiment 1 of the present invention.
具体实施方式 Detailed ways
[0022] 本发明最关键的构思在于: 在生产前序阶段预设配置文件, 依据终端本身的性 能设定终端密钥对生成方式, 在生成后续阶段, 终端自行解析配置文件获取密 钥对生成方式, 实现充分利用 POS机终端的性能, 减轻 CA中心服务端的负载。  [0022] The most important idea of the present invention is: presetting the configuration file in the pre-production stage, setting the terminal key pair generation mode according to the performance of the terminal itself, and in the subsequent stage of generating, the terminal parses the configuration file to obtain the key pair generation. The way to achieve full utilization of the performance of the POS terminal, to reduce the load of the CA center server.
[0023] 请参照图 1, 本发明提供一种可配置的 POS机密钥对生成方法, 包括: [0023] Referring to FIG. 1, the present invention provides a configurable POS key pair generation method, including:
[0024] 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式; [0024] a preset configuration file, where parameters in the configuration file include a terminal key pair generation manner;
[0025] 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式 这一参数; [0025] setting the terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
[0026] 在生产过程, 终端获取相应的配置文件;  [0026] in the production process, the terminal acquires a corresponding configuration file;
[0027] 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式生成 密钥对。  [0027] The terminal parses the configuration file, and generates a key pair according to a terminal key pair generation manner set in the configuration file.
[0028] 从上述描述可知, 本发明的有益效果在于: 1、 根据 POS终端本身的性能情况 , 灵活地对非对称密钥对生成方式进行配置, 充分利用 POS终端自身的资源, 合 理地均衡了 CA中心服务端的一些负载。 2、 在 POS机的生产前序阶段下载配置表 , 生产后续阶段, POS机自行解析配置文件, 判断密钥对生成方式, 可确保各种 性能各异的设备生产流程的一致性, 不用分情况为不同非对称密钥对生成方案 设计不用的设备生产流程, 同吋又能并满足各种不同的需求。  [0028] It can be seen from the above description that the beneficial effects of the present invention are as follows: 1. According to the performance of the POS terminal itself, the asymmetric key pair generation mode is flexibly configured, and the resources of the POS terminal itself are fully utilized, and the balance is reasonably balanced. Some load on the CA center server. 2. Download the configuration table in the pre-production stage of the POS machine, and the subsequent stages of production, the POS machine analyzes the configuration file by itself, and judges the key pair generation mode to ensure the consistency of the production process of various devices with different performances. Designing unused equipment production processes for different asymmetric key pair generation schemes, and meeting and meeting various needs.
[0029] 进一步的, 所述终端密钥对生成方式包括由终端自主生成密钥对或由 CA中心 生成密钥对。  [0029] Further, the method for generating a terminal key pair includes: generating, by the terminal, a key pair or generating a key pair by the CA center.
[0030] 进一步的, 设定第一参数对应由终端自主生成密钥对, 第二参数对应由 CA中 心生成密钥对。 [0031] 由上述描述可知, 对于性能较高的终端, 可设置由终端自身生成密钥对, 对于 性能较低的终端, 可设置由 CA中心生成, 依据终端性能设定不同密钥生成方案[0030] Further, setting the first parameter corresponds to the autonomous generation of the key pair by the terminal, and the second parameter correspondingly generates the key pair by the CA center. [0031] It can be seen from the above description that for a terminal with higher performance, a key pair can be set by the terminal itself, and for a terminal with lower performance, it can be set by the CA center, and different key generation schemes can be set according to the performance of the terminal.
, 更具针对性, 同吋能实现负载均衡。 , more targeted, peers can achieve load balancing.
[0032] 进一步的, 所述配置文件中的参数还包括配置文件的名称、 存储在终端中的路 径名称、 版本号和生成日期。 [0032] Further, the parameters in the configuration file further include a name of the configuration file, a path name stored in the terminal, a version number, and a generation date.
[0033] 进一步的, 所述配置文件为可读的 ini文件格式或 xml文件格式。 [0033] Further, the configuration file is a readable ini file format or an xml file format.
[0034] 由上述描述可知, 配置文件的格式具有可读性, 同吋记录有配置文件的相关信 息, 便于追溯査询。 [0034] As can be seen from the above description, the format of the configuration file is readable, and the related information of the configuration file is recorded at the same time, which facilitates the traceback query.
[0035] 进一步的, 所述依据终端自身的性能, 设定相应的配置文件中的终端密钥对生 成方式这一参数, 具体为:  [0035] Further, according to the performance of the terminal itself, the parameter of the terminal key pair generation mode in the corresponding configuration file is set, specifically:
[0036] 产品经理依据所生产的终端的性能和设备类型, 设定相应的配置文件中的终端 密钥对生成方式这一参数。 [0036] The product manager sets the parameter of the terminal key pair generation mode in the corresponding configuration file according to the performance of the produced terminal and the type of the device.
[0037] 由上述描述可知, 配置文件在 POS机生产前序由产品经理根据本批 POS机性能[0037] It can be seen from the above description that the configuration file is produced by the product manager according to the performance of the batch POS machine in the pre-production of the POS machine.
、 设备类型进行统一设置, 后续阶段 POS机自行解析, 避免了由生产线的操作人 员操作配置文件的安全风险。 The device type is uniformly set, and the POS machine resolves itself in the subsequent stage, which avoids the security risk of the operation file of the operator of the production line.
[0038] 进一步的, 所述在生产过程, 终端获取相应的配置文件, 具体为:  [0038] Further, in the production process, the terminal acquires a corresponding configuration file, specifically:
[0039] 在终端的生产过程, 终端通过生产系统下载相应的配置文件;  [0039] in the production process of the terminal, the terminal downloads the corresponding configuration file through the production system;
[0040] 存储所述配置文件。  [0040] storing the configuration file.
[0041] 由上述描述可知, 能够实现流水线批量下载, 提高生产效率。  [0041] As can be seen from the above description, batch downloading of the pipeline can be realized, and the production efficiency is improved.
[0042] 进一步的, 所述依据所生产的终端自身的性能, 设定相应的配置文件中的终端 密钥对生成方式这一参数, 之后, 进一步包括: 通过生产服务器加密所述配置 文件。  [0042] Further, the parameter of the terminal key pair generation mode in the corresponding configuration file is set according to the performance of the generated terminal itself, and then further includes: encrypting the configuration file by using a production server.
[0043] 由上述描述可知, 将配置文件加密后在安全传输到终端, 实现保密性。  [0043] As can be seen from the above description, the configuration file is encrypted and transmitted to the terminal securely to achieve confidentiality.
[0044] 进一步的, 还包括:  [0044] Further, the method further includes:
[0045] 若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密钥对; [0045] if the configuration file is set to generate a key pair by the terminal autonomously, the asymmetric key pair is generated by the terminal;
[0046] 终端将所生成的非对称密钥对中的公钥发送至 CA中心; [0046] the terminal sends the generated public key in the asymmetric key pair to the CA center;
[0047] 终端接收 CA中心依据所述公钥签发的证书。  [0047] The terminal receives a certificate issued by the CA center according to the public key.
[0048] 由上述可知, 在一些高性能 POS机的生产过程中, 直接依据配置文件的设定通 过终端自身生成密钥对, 私钥再通过安全方式存放在 POS机终端, 只需将非对称 密钥对中配套的公钥及其他证书配置信息传递给 CA中心申请 CA证书即可, 大大 减少敏感数据的传输次数, 降低敏感数据在传输过程中的安全风险。 [0048] As can be seen from the above, in the production process of some high-performance POS machines, directly according to the setting of the configuration file The terminal itself generates a key pair. The private key is stored in the POS terminal in a secure manner. The public key and other certificate configuration information of the asymmetric key pair can be transmitted to the CA center to apply for the CA certificate. The number of times sensitive data is transmitted, reducing the security risk of sensitive data during transmission.
[0049] 进一步的, 还包括: [0049] Further, the method further includes:
[0050] 若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求至 CA中心  [0050] If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center.
[0051] CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的公私钥对 中的私钥下发至所述终端。 [0051] The CA center generates a public-private key pair and a certificate according to the request, and delivers the certificate and the generated private key of the public-private key pair to the terminal.
[0052] 由上述可知, 解析配置文件, 并依据其中设定的终端密钥对的生成方式采用对 应的方式生成密钥对, 加快密钥生成效率, 同吋又能合理的均衡终端和 CA中心 的负载。 [0052] It can be known from the above that the configuration file is parsed, and the key pair is generated in a corresponding manner according to the generation manner of the terminal key pair set therein, thereby speeding up the key generation efficiency, and simultaneously balancing the terminal and the CA center reasonably. Load.
[0053] 本发明提供的另一个技术方案为:  [0053] Another technical solution provided by the present invention is:
[0054] 一种计算机可读存储介质, 其上存储有计算机程序, 所述程序被处理器执行吋 实现以下步骤:  [0054] A computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
[0055] 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式;  [0055] a preset configuration file, where parameters in the configuration file include a terminal key pair generation manner;
[0056] 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式 这一参数; [0056] setting the terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
[0057] 在生产过程, 终端获取相应的配置文件;  [0057] in the production process, the terminal acquires a corresponding configuration file;
[0058] 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式生成 密钥对。  [0058] The terminal parses the configuration file, and generates a key pair according to a terminal key pair generation manner set in the configuration file.
[0059] 进一步的, 所述终端密钥对生成方式包括由终端自主生成密钥对或由 CA中心 生成密钥对。  [0059] Further, the terminal key pair generation manner includes: the terminal generates a key pair autonomously or generates a key pair by the CA center.
[0060] 进一步的, 设定第一参数对应由终端自主生成密钥对, 第二参数对应由 CA中 心生成密钥对。  [0060] Further, setting the first parameter corresponds to autonomously generating a key pair by the terminal, and the second parameter correspondingly generates a key pair by the CA center.
[0061] 进一步的, 所述配置文件中的参数还包括配置文件的名称、 存储在终端中的路 径名称、 版本号和生成日期。  [0061] Further, the parameters in the configuration file further include a name of the configuration file, a path name stored in the terminal, a version number, and a generation date.
[0062] 进一步的, 述配置文件为可读的 ini文件格式或 xml文件格式。 [0062] Further, the configuration file is a readable ini file format or an xml file format.
[0063] 进一步的, 所述依据终端自身的性能, 设定相应的配置文件中的终端密钥对生 成方式这一参数步骤, 具体为: [0063] Further, according to the performance of the terminal itself, setting a terminal key pair in the corresponding configuration file The parameter step of the mode is specifically as follows:
[0064] 产品经理依据所生产的终端的性能和设备类型, 设定相应的配置文件中的终端 密钥对生成方式这一参数。  [0064] The product manager sets the parameter of the terminal key pair generation mode in the corresponding configuration file according to the performance of the produced terminal and the type of the device.
[0065] 进一步的, 所述在生产过程, 终端获取相应的配置文件步骤, 具体为: [0065] Further, in the production process, the terminal acquires a corresponding configuration file step, which is specifically:
[0066] 在终端的生产过程, 终端通过生产系统下载相应的配置文件; [0066] in the production process of the terminal, the terminal downloads the corresponding configuration file through the production system;
[0067] 存储所述配置文件。 [0067] storing the configuration file.
[0068] 进一步的, 所述依据所生产的终端自身的性能, 设定相应的配置文件中的终端 密钥对生成方式这一参数步骤, 之后, 进一步包括: 通过生产服务器加密所述 配置文件。  [0068] Further, the step of setting a terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself, and then, further comprising: encrypting the configuration file by using a production server.
[0069] 进一步的, 所述程序被处理器执行吋还可以实现以下步骤包括:  [0069] Further, the program is executed by the processor, and the following steps may be implemented:
[0070] 若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密钥对; [0070] if the configuration file is set to generate a key pair by the terminal autonomously, generating an asymmetric key pair through the terminal;
[0071] 终端将所生成的非对称密钥对中的公钥发送至 CA中心; [0071] the terminal sends the generated public key in the asymmetric key pair to the CA center;
[0072] 终端接收 CA中心依据所述公钥签发的证书。  [0072] The terminal receives the certificate issued by the CA center according to the public key.
[0073] 进一步的, 所述程序被处理器执行吋还可以实现以下步骤包括:  [0073] Further, the program is executed by the processor, and the following steps may also be implemented:
[0074] 若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求至 CA中心  [0074] If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center.
[0075] CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的公私钥对 中的私钥下发至所述终端。 [0075] The CA center generates a public-private key pair and a certificate according to the request, and delivers the certificate and the generated private key of the public-private key pair to the terminal.
[0076]  [0076]
[0077] 实施例一  [0077] Embodiment 1
[0078] POS机性能有高有低, 高性能的 POS机可以快速自主地生成非对称密钥对, 将 私钥通过安全方式存放在 POS机终端, 只需将非对称密钥对中配套的公钥及其他 证书配置信息传递给 CA中心申请 CA证书即可; 而低性能的 POS机生成密钥对的 效率较低, 依靠 POS终端自主生成非对称密钥对不具可行性, 必须依赖向 CA中 心的服务器来生成非对称密钥对, 同吋生成 CA证书, 由 CA中心端将证书及私钥 (以敏感数据的安全传输方式) 传回 POS端。  [0078] The performance of the POS machine is high or low. The high-performance POS machine can quickly and autonomously generate an asymmetric key pair, and the private key is stored in the POS machine terminal in a secure manner, and only needs to be paired with the asymmetric key pair. The public key and other certificate configuration information can be sent to the CA center to apply for the CA certificate. The low-performance POS machine generates the key pair with low efficiency. It is not feasible to rely on the POS terminal to generate the asymmetric key pair autonomously. The central server generates an asymmetric key pair and generates a CA certificate. The CA center sends the certificate and the private key (in the secure transmission mode of sensitive data) back to the POS.
[0079] 请参照图 2, 本实施例提供一种可配置的 POS机密钥对生成方法, 能够充分利 用 POS机终端的性能, 减轻 CA中心服务端的负载, 同吋又能减少敏感数据的传 输次数, 降低敏感数据在传输过程中的安全风险。 [0079] Please refer to FIG. 2, which provides a configurable POS key pair generation method, which can fully utilize the performance of the POS terminal, reduce the load of the CA center server, and reduce the transmission of sensitive data. The number of losses, reducing the security risks of sensitive data during transmission.
[0080] 本实施例可以包括以下步骤:  [0080] This embodiment may include the following steps:
[0081] S1 : 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式;  [0081] S1: a preset configuration file, where parameters in the configuration file include a terminal key pair generation manner;
[0082] 具体的, 在 POS终端的生成过程中, 由生产线设置统一格式的证书生成配置文 件, 即配置文件。 所述配置文件可以为 ini文件格式或 xml文件格式等具有可读性 的文件格式; 配置文件中还可以包含以下信息: 保存到 POS终端里的文件名称、 保存到 POS终端里的路径名称、 版本号、 生成日期等, 便于定位配置文件在 POS 终端中的位置, 同吋记录有相关信息, 供追溯査询。 [0082] Specifically, in the process of generating the POS terminal, the configuration file is generated by setting a certificate in a unified format on the production line, that is, the configuration file. The configuration file may be a readable file format such as an ini file format or an xml file format; the configuration file may further include the following information: a file name saved in the POS terminal, a path name saved in the POS terminal, and a version The number, date of generation, etc., make it easy to locate the location of the configuration file in the POS terminal, and record relevant information for retrospective query.
[0083] S2: 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成 方式这一参数。 [0083] S2: According to the performance of the generated terminal itself, the parameter of the terminal key pair generation mode in the corresponding configuration file is set.
[0084] 所述终端密钥对生成方式这一参数的设定可以通过预设两个参数值来分别对应 由终端自主生成密钥对以及由 CA中心生成密钥对这两种生成方式。 如取值为 0表 示由终端自主生成, 取值为 1表示由 CA中心生成。  [0084] The setting of the parameter of the terminal key pair generation manner may be performed by preset two parameter values to respectively generate a key pair by the terminal and a key pair generated by the CA center. If the value is 0, it is generated by the terminal autonomously, and the value 1 is generated by the CA center.
[0085] 具体的, 可以由 POS产品经理根据所生产的 POS性能、 设备类型来设定相应的 非对称密钥对生成方案的配置参数, 然后将设定完毕的配置文件发布到生产服 务器; 也可以通过配置相应的终端性能自动检测机制来实现自动检测、 设定配 置文件的参数, 然后安全传输到生产服务器。  [0085] Specifically, the POS product manager may set configuration parameters of the corresponding asymmetric key pair generation scheme according to the POS performance and device type produced, and then publish the configured configuration file to the production server; The automatic detection and setting parameters of the configuration file can be automatically configured by configuring the corresponding terminal performance automatic detection mechanism, and then transmitted to the production server securely.
[0086] S3: 在生产过程, 终端获取相应的配置文件。  [0086] S3: In the production process, the terminal acquires a corresponding configuration file.
[0087] 具体的, 配置文件作为 POS终端的预装配置文件, 在 POS终端生产过程中, 由 生产系统下载到 POS终端中。  [0087] Specifically, the configuration file is used as a pre-installed configuration file of the POS terminal, and is downloaded from the production system to the POS terminal during the production process of the POS terminal.
[0088] 由于配置文件决定了 POS终端非对称密钥对的生成方式, 需要确保配置文件具 有较高的安全性。 因此, 优选的, 所述 S3具体可以包括: [0088] Since the configuration file determines the generation manner of the asymmetric key pair of the POS terminal, it is necessary to ensure that the configuration file has high security. Therefore, preferably, the S3 may specifically include:
[0089] S31 : 通过生产服务器加密所述配置文件; [0089] S31: encrypting the configuration file by using a production server;
[0090] S32: 在终端的后续生产过程, 终端通过生产系统下载并存储相应的配置文件 [0090] S32: in the subsequent production process of the terminal, the terminal downloads and stores the corresponding configuration file through the production system.
; 实现配置文件安全传递至 POS终端, 做到保密性。 The implementation profile is securely passed to the POS terminal for confidentiality.
[0091] S4: 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式 生成密钥对。 [0091] S4: The terminal parses the configuration file, and generates a key pair according to a terminal key pair generation manner set in the configuration file.
[0092] 具体的, POS终端对加密后的配置文件进行解密, 然后解析配置文件, 通过査 询配置文件, 判断密钥定制类型: [0092] Specifically, the POS terminal decrypts the encrypted configuration file, and then parses the configuration file, and checks Ask the configuration file to determine the key customization type:
[0093] 若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密钥对; 然 后终端将所生成的非对称密钥对中的 RSA公钥发送至 CA中心签发证书; 终端再 接收 CA中心依据所述公钥签发的证书。  [0093] if the configuration file is set to generate a key pair by the terminal autonomously, the asymmetric key pair is generated by the terminal; then the terminal sends the RSA public key in the generated asymmetric key pair to the CA center to issue the certificate; The terminal then receives the certificate issued by the CA center according to the public key.
[0094] 若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求至 CA中心[0094] If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center.
; 由 CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的公私钥 对中的私钥以敏感数据的安全传输方式下发至所述终端。 And generating, by the CA, the public-private key pair and the certificate according to the request, and transmitting the certificate and the private key of the generated public-private key pair to the terminal in a secure transmission manner of the sensitive data.
[0095] 实施例二 [0095] Embodiment 2
[0096] 本实施例对应实施例一的可配置的 POS机密钥对生成方法, 提供一种计算机可 读存储介质, 其上存储有计算机程序, 所述程序被处理器执行吋实现以下步骤  [0096] This embodiment corresponds to the configurable POS key pair generation method of the first embodiment, and provides a computer readable storage medium on which a computer program is stored, and the program is executed by the processor, and the following steps are implemented.
[0097] 预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式, 所述终端密 钥对生成方式包括由终端自主生成密钥对或由 CA中心生成密钥对; 优选的, 可 以设定第一参数对应由终端自主生成密钥对, 第二参数对应由 CA中心生成密钥 对。 优选的, 所述配置文件为可读的 ini文件格式或 xml文件格式, 其中的参数还 包括配置文件的名称、 存储在终端中的路径名称、 版本号和生成日期。 [0097] a preset configuration file, the parameter in the configuration file includes a terminal key pair generation manner, and the terminal key pair generation manner includes: the terminal generates a key pair autonomously or generates a key pair by the CA center; The first parameter may be set to be autonomously generated by the terminal, and the second parameter is generated by the CA center. Preferably, the configuration file is a readable ini file format or an xml file format, and the parameters further include a name of the configuration file, a path name stored in the terminal, a version number, and a generation date.
[0098] 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式 这一参数; 优选的, 可以产品经理依据所生产的终端的性能和设备类型, 设定 相应的配置文件中的终端密钥对生成方式这一参数; 还可以通过配置相应的终 端性能自动检测机制来实现自动检测、 设定配置文件的参数, 然后安全传输到 生产服务器。 优选的, 还包括对配置文件加密的步骤: 通过生产服务器加密所 述配置文件。  [0098] according to the performance of the generated terminal itself, the parameter of the terminal key pair generation mode in the corresponding configuration file is set; preferably, the product manager can set the corresponding according to the performance and device type of the produced terminal. The parameter of the terminal key pair generation mode in the configuration file; the corresponding terminal performance automatic detection mechanism can also be configured to automatically detect and set the parameters of the configuration file, and then securely transfer to the production server. Preferably, the method further comprises the step of encrypting the configuration file: encrypting the configuration file by a production server.
[0099] 在生产过程, 终端获取相应的配置文件; 优选的, 终端通过生产系统下载相应 的配置文件, 终端存储所述配置文件。  [0099] In the production process, the terminal acquires a corresponding configuration file; preferably, the terminal downloads a corresponding configuration file through the production system, and the terminal stores the configuration file.
[0100] 终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成方式生成 密钥对。 具体的, 可以包括以下步骤: [0100] The terminal parses the configuration file, and generates a key pair according to the terminal key pair generation manner set in the configuration file. Specifically, the following steps may be included:
[0101] 终端对加密后的配置文件进行解密, 然后解析配置文件, 通过査询配置文件, 判断密钥定制类型: [0102] 若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密钥对; 终 端将所生成的非对称密钥对中的公钥发送至 CA中心; 终端接收 CA中心依据所述 公钥签发的证书。 [0101] The terminal decrypts the encrypted configuration file, and then parses the configuration file, and queries the configuration file to determine the key customization type: [0102] if the configuration file is set to generate a key pair by the terminal autonomously, the asymmetric key pair is generated by the terminal; the terminal sends the generated public key in the asymmetric key pair to the CA center; the terminal receives the CA center A certificate issued according to the public key.
[0103] 若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求至 CA中心 ; CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的公私钥对 中的私钥下发至所述终端。  [0103] If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center; the CA center generates a public-private key pair and a certificate according to the request, and the certificate and the generated public-private key are generated. The private key of the pair is delivered to the terminal.
[0104] 综上所述, 本发明提供的一种可配置的 POS机密钥对生成方法以及计算机可读 存储介质, 不仅能够充分利用 POS机终端的性能, 减轻 CA中心服务端的负载; 而且还能减少敏感数据的传输次数, 提高数据安全性; 进一步的, 还可以确保 各种性能各异的设备生产流程的一致性, 不用分情况为不同非对称密钥对生成 方案设计不用的设备生产流程, 同吋又能并满足各种不同的需求; 再进一步的 , 能够实现流水线批量获取配置文件, 提高生产效率。  [0104] In summary, the present invention provides a configurable POS key pair generation method and a computer readable storage medium, which can not only fully utilize the performance of the POS terminal, but also reduce the load of the CA center server; It can reduce the number of transmissions of sensitive data and improve data security. Further, it can ensure the consistency of the production process of various devices with different performances, and it is not necessary to design the equipment production process for different asymmetric key pair generation schemes. At the same time, the same can meet various needs; further, the pipeline can obtain configuration files in batches to improve production efficiency.
[0105]  [0105]

Claims

权利要求书 Claim
可配置的 POS机密钥对生成方法, 其特征在于, 包括: A configurable POS key pair generation method, comprising:
预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式; 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对 生成方式这一参数; a preset configuration file, where the parameters in the configuration file include a terminal key pair generation manner; and setting a terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
在生产过程, 终端获取相应的配置文件; In the production process, the terminal obtains the corresponding configuration file;
终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成 方式生成密钥对。 The terminal parses the configuration file, and generates a key pair according to a terminal key pair generation manner set in the configuration file.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述终端密钥对生成方式包括由终端自主生成密钥对或由 CA中心生 成密钥对。 The configurable POS key pair generation method according to claim 1, wherein the terminal key pair generation manner comprises: the terminal autonomously generating a key pair or generating a key pair by the CA center.
如权利要求 2所述的可配置的 POS机密钥对生成方法, 其特征在于, 设定第一参数对应由终端自主生成密钥对, 第二参数对应由 CA中心 生成密钥对。 The configurable POS key pair generation method according to claim 2, wherein the setting of the first parameter corresponds to a key pair generated by the terminal autonomously, and the second parameter corresponds to generating a key pair by the CA center.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述配置文件中的参数还包括配置文件的名称、 存储在终端中的路径 名称、 版本号和生成日期。 The configurable POS key pair generation method according to claim 1, wherein the parameter in the configuration file further includes a name of the configuration file, a path name stored in the terminal, a version number, and a generation date.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述配置文件为可读的 ini文件格式或 xml文件格式。 The configurable POS key pair generation method according to claim 1, wherein the configuration file is a readable ini file format or an xml file format.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述依据终端自身的性能, 设定相应的配置文件中的终端密钥对生成 方式这一参数, 具体为: The configurable POS key pair generation method according to claim 1, wherein the parameter of the terminal key pair generation mode in the corresponding configuration file is set according to the performance of the terminal itself, specifically :
产品经理依据所生产的终端的性能和设备类型, 设定相应的配置文件 中的终端密钥对生成方式这一参数。 The product manager sets the terminal key pair generation mode parameter in the corresponding configuration file according to the performance and device type of the produced terminal.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述在生产过程, 终端获取相应的配置文件, 具体为: The configurable POS key pair generation method according to claim 1, wherein in the production process, the terminal acquires a corresponding configuration file, which is specifically:
在终端的生产过程, 终端通过生产系统下载相应的配置文件; 存储所述配置文件。 如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 所述依据所生产的终端自身的性能, 设定相应的配置文件中的终端密 钥对生成方式这一参数, 之后, 进一步包括: 通过生产服务器加密所 述配置文件。 In the production process of the terminal, the terminal downloads a corresponding configuration file through the production system; and stores the configuration file. The configurable POS key pair generation method according to claim 1, wherein the parameter of the terminal key pair generation mode in the corresponding configuration file is set according to the performance of the generated terminal itself. And then, further comprising: encrypting the configuration file by the production server.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 还包括: The method of generating a POS key pair according to claim 1, further comprising:
若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密 钥对; If the configuration file is set to generate a key pair by the terminal autonomously, an asymmetric key pair is generated by the terminal;
终端将所生成的非对称密钥对中的公钥发送至 CA中心; The terminal sends the generated public key of the asymmetric key pair to the CA center;
终端接收 CA中心依据所述公钥签发的证书。 The terminal receives the certificate issued by the CA center according to the public key.
如权利要求 1所述的可配置的 POS机密钥对生成方法, 其特征在于, 还包括: The method of generating a POS key pair according to claim 1, further comprising:
若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求 至 CA中心; If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center;
CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的 公私钥对中的私钥下发至所述终端。  The CA center generates a public-private key pair and a certificate according to the request, and delivers the certificate and the generated private key of the public-private key pair to the terminal.
一种计算机可读存储介质, 其上存储有计算机程序, 其特征在于, 所 述程序被处理器执行吋实现以下步骤: A computer readable storage medium having stored thereon a computer program, wherein the program is executed by a processor to implement the following steps:
预设配置文件, 所述配置文件中的参数包括终端密钥对生成方式; 依据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对 生成方式这一参数; a preset configuration file, where the parameters in the configuration file include a terminal key pair generation manner; and setting a terminal key pair generation mode in the corresponding configuration file according to the performance of the generated terminal itself;
在生产过程, 终端获取相应的配置文件; In the production process, the terminal obtains the corresponding configuration file;
终端解析所述配置文件, 依据所述配置文件中设定的终端密钥对生成 方式生成密钥对。 The terminal parses the configuration file, and generates a key pair according to a terminal key pair generation manner set in the configuration file.
如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述终 端密钥对生成方式包括由终端自主生成密钥对或由 CA中心生成密钥 对。 A computer readable storage medium according to claim 11, wherein the terminal key pair generation manner comprises autonomously generating a key pair by the terminal or generating a key pair by the CA center.
如权利要求 12所述的一种计算机可读存储介质, 其特征在于, 设定第 一参数对应由终端自主生成密钥对, 第二参数对应由 CA中心生成密 钥对。 A computer readable storage medium according to claim 12, wherein A parameter correspondingly generates a key pair by the terminal autonomously, and the second parameter corresponds to a key pair generated by the CA center.
[权利要求 14] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述配 置文件中的参数还包括配置文件的名称、 存储在终端中的路径名称、 版本号和生成日期。  [Claim 14] The computer readable storage medium according to claim 11, wherein the parameter in the configuration file further includes a name of the configuration file, a path name stored in the terminal, a version number, and a generation date.
[权利要求 15] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 述配置 文件为可读的 ini文件格式或 xml文件格式。  [Claim 15] A computer readable storage medium according to claim 11, wherein the configuration file is a readable ini file format or an xml file format.
[权利要求 16] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述依 据终端自身的性能, 设定相应的配置文件中的终端密钥对生成方式这 一参数步骤, 具体为: [Claim 16] The computer readable storage medium according to claim 11, wherein the step of setting a terminal key pair generation manner in the corresponding configuration file according to the performance of the terminal itself , Specifically:
产品经理依据所生产的终端的性能和设备类型, 设定相应的配置文件 中的终端密钥对生成方式这一参数。  The product manager sets the terminal key pair generation mode parameter in the corresponding configuration file according to the performance and device type of the produced terminal.
[权利要求 17] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述在 生产过程, 终端获取相应的配置文件步骤, 具体为: A computer readable storage medium according to claim 11, wherein in the production process, the terminal acquires a corresponding configuration file, which is specifically:
在终端的生产过程, 终端通过生产系统下载相应的配置文件; 存储所述配置文件。  In the production process of the terminal, the terminal downloads a corresponding configuration file through the production system; and stores the configuration file.
[权利要求 18] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述依 据所生产的终端自身的性能, 设定相应的配置文件中的终端密钥对生 成方式这一参数步骤之后, 进一步包括: 通过生产服务器加密所述配 置文件。  [Claim 18] The computer readable storage medium according to claim 11, wherein the setting of the terminal key pair generation manner in the corresponding configuration file is set according to the performance of the produced terminal itself After a parameter step, the method further includes: encrypting the configuration file by the production server.
[权利要求 19] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述程 序被处理器执行吋还可以实现以下步骤包括:  [Claim 19] A computer readable storage medium according to claim 11, wherein the program is executed by the processor, and the following steps are further implemented:
若配置文件设定为由终端自主生成密钥对, 则通过终端生成非对称密 钥对;  If the configuration file is set to generate a key pair by the terminal autonomously, an asymmetric key pair is generated by the terminal;
终端将所生成的非对称密钥对中的公钥发送至 CA中心;  The terminal sends the generated public key of the asymmetric key pair to the CA center;
终端接收 CA中心依据所述公钥签发的证书。  The terminal receives the certificate issued by the CA center according to the public key.
[权利要求 20] 如权利要求 11所述的一种计算机可读存储介质, 其特征在于, 所述程 序被处理器执行吋还可以实现以下步骤包括: 若配置文件设定为由 CA中心生成密钥对, 则终端发送证书签发请求 至 CA中心; [Claim 20] A computer readable storage medium according to claim 11, wherein the program is executed by the processor, and the following steps are further implemented: If the configuration file is set to generate a key pair by the CA center, the terminal sends a certificate issuance request to the CA center;
CA中心依据所述请求生成公私钥对及证书, 并将所述证书及生成的 公私钥对中的私钥下发至所述终端。  The CA center generates a public-private key pair and a certificate according to the request, and delivers the certificate and the generated private key of the public-private key pair to the terminal.
PCT/CN2017/095614 2017-08-02 2017-08-02 Method for generating configurable pos machine secret key pair, and storage medium WO2019023979A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780000802.4A CN107637014B (en) 2017-08-02 2017-08-02 Configurable POS machine key pair generation method and storage medium
PCT/CN2017/095614 WO2019023979A1 (en) 2017-08-02 2017-08-02 Method for generating configurable pos machine secret key pair, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/095614 WO2019023979A1 (en) 2017-08-02 2017-08-02 Method for generating configurable pos machine secret key pair, and storage medium

Publications (1)

Publication Number Publication Date
WO2019023979A1 true WO2019023979A1 (en) 2019-02-07

Family

ID=61108010

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/095614 WO2019023979A1 (en) 2017-08-02 2017-08-02 Method for generating configurable pos machine secret key pair, and storage medium

Country Status (2)

Country Link
CN (1) CN107637014B (en)
WO (1) WO2019023979A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019178762A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Method, server, and system for verifying validity of terminal
CN113867818B (en) * 2021-09-28 2024-04-16 潍柴动力股份有限公司 Method, device, computer equipment and medium for generating ini file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158655A (en) * 2014-08-27 2014-11-19 融信信息科技有限公司 POS master key generation and distribution management system and control method
CN105023150A (en) * 2015-07-22 2015-11-04 天地融科技股份有限公司 Data processing method and device for POS machine
CN105978856A (en) * 2016-04-18 2016-09-28 随行付支付有限公司 POS (point of sale) machine key downloading method, device and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034059B (en) * 2010-12-02 2013-09-04 东莞宇龙通信科技有限公司 Method and device for managing application program and terminal
CN103714633B (en) * 2013-03-15 2016-05-04 福建联迪商用设备有限公司 A kind of method of safe generating transmission key and POS terminal
US20160358163A1 (en) * 2014-12-29 2016-12-08 Ca, Inc. Payment tokenization using format preserving encryption for secure transactions
US9928697B2 (en) * 2015-03-31 2018-03-27 Toshiba Global Commerce Solutions Holdings Corporation Configuring point-of-sale (POS) applications based on a priority level in order to communicate with peripheral devices in a POS system
CN105933119B (en) * 2015-12-24 2019-01-29 中国银联股份有限公司 A kind of authentication method and equipment
CN106656488B (en) * 2016-12-07 2020-04-03 百富计算机技术(深圳)有限公司 Key downloading method and device for POS terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158655A (en) * 2014-08-27 2014-11-19 融信信息科技有限公司 POS master key generation and distribution management system and control method
CN105023150A (en) * 2015-07-22 2015-11-04 天地融科技股份有限公司 Data processing method and device for POS machine
CN105978856A (en) * 2016-04-18 2016-09-28 随行付支付有限公司 POS (point of sale) machine key downloading method, device and system

Also Published As

Publication number Publication date
CN107637014B (en) 2020-11-24
CN107637014A (en) 2018-01-26

Similar Documents

Publication Publication Date Title
US11329965B2 (en) Method for dynamic encryption and signing, terminal, and server
TWI792284B (en) Methods for validating online access to secure device functionality
US10223096B2 (en) Logging operating system updates of a secure element of an electronic device
EP2792100B1 (en) Method and device for secure communications over a network using a hardware security engine
US7809949B2 (en) Configuration of a computing device in a secure manner
US9979703B2 (en) Updating software on a secure element
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
US20090327696A1 (en) Authentication with an untrusted root
CN103714635A (en) POS terminal and terminal master key downloading mode configuration method thereof
US10728238B2 (en) Systems and methods encrypting messages using multiple certificates
WO2015085851A1 (en) Secure network accessing method for pos terminal, and system thereof
WO2012031433A1 (en) System and method for remote payment based on mobile terminal
CN112956155B (en) Apparatus and method for negotiating digital certificate between SSP device and server
US20120233675A1 (en) Authentication with massively pre-generated one-time passwords
WO2020057314A1 (en) Method, device and system for issuing esim certificate online
WO2019023979A1 (en) Method for generating configurable pos machine secret key pair, and storage medium
CN113613227A (en) Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN113722726B (en) Encryption and decryption method and system based on software and hardware cooperation
WO2020104686A1 (en) Private key cloud storage
CN111679854B (en) Version control method, device and system of software product
US11728997B2 (en) Cloud-based creation of a customer-specific symmetric key activation database
AU2018101229A4 (en) Conducting transactions using electronic devices with non-native credentials
US20230205507A1 (en) Processing system and method for updating firmware online
KR20200130044A (en) Apparatus and methods for managing and verifying digital certificates
CN117750359A (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17920234

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17920234

Country of ref document: EP

Kind code of ref document: A1