WO2020088515A1 - Security authentication method and apparatus for pos user public key, and terminal device - Google Patents

Security authentication method and apparatus for pos user public key, and terminal device Download PDF

Info

Publication number
WO2020088515A1
WO2020088515A1 PCT/CN2019/114320 CN2019114320W WO2020088515A1 WO 2020088515 A1 WO2020088515 A1 WO 2020088515A1 CN 2019114320 W CN2019114320 W CN 2019114320W WO 2020088515 A1 WO2020088515 A1 WO 2020088515A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
public key
user public
ciphertext
user
Prior art date
Application number
PCT/CN2019/114320
Other languages
French (fr)
Chinese (zh)
Inventor
刘绍海
李坚强
Original Assignee
百富计算机技术(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 百富计算机技术(深圳)有限公司 filed Critical 百富计算机技术(深圳)有限公司
Publication of WO2020088515A1 publication Critical patent/WO2020088515A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems

Definitions

  • the invention belongs to the technical field of terminal processing, and particularly relates to a POS user public key security authentication method, device and terminal equipment.
  • POS Point Of Sale, sales terminal
  • POS Point Of Sale, sales terminal
  • POS Point Of Sale, sales terminal
  • the payment company charges a payment processing fee. Due to the rapid development of domestic third-party payment and increasingly fierce competition, many third-party payment companies will guide merchants to illegally run their own payment applications on POS by providing preferential handling fees, profiting from them, and destroying customers themselves. Interests. In the prior art, POS still has a problem of cutting machine loopholes and low security.
  • the embodiments of the present invention provide a POS user public key security authentication method, device, and terminal device to solve the problem that the POS still has a machine-cutting loophole in the prior art and the security is not high.
  • the first aspect of the embodiments of the present invention provides a POS user public key security authentication method, including:
  • the first key is randomly generated when the firmware is run for the first time
  • the randomly generating the first key includes:
  • the generating the first ciphertext according to the first key and the user public key includes:
  • verifying whether the user public key is correct according to the first key and the first ciphertext includes:
  • a second aspect of an embodiment of the present invention provides a user public key security authentication device, including:
  • the key generation module is used to randomly generate the first key when the firmware runs for the first time
  • a ciphertext generation module used to download the user's public key, and generate a first ciphertext according to the first key and the user's public key;
  • the public key verification module is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
  • the key generation module is specifically used for:
  • the ciphertext generation module is specifically used to:
  • the public key verification module is specifically used to:
  • a third aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, when the processor executes the computer program
  • a fourth aspect of the embodiments of the present invention provides a computer-readable storage medium that stores a computer program, and when the computer program is executed by a processor, implements the POS user public key as described in any one of the above The steps of the safety certification method.
  • the beneficial effects of the embodiments of the present invention are: when the firmware is first run, the first key is randomly generated, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection, and at the same time
  • the randomness of the generated key can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key; download the user's public key, according to the first key and the The user public key generates a first ciphertext, and when downloading the application, verify whether the user public key is correct according to the first key and the first ciphertext, that is, encrypt the user public key, effectively avoiding the terminal A machine cut-off event caused by an illegal person modifying or replacing a user's public key, thereby preventing the terminal from running other illegal application programs and improving the security of terminal payment.
  • FIG. 1 is a schematic diagram of an implementation process of a POS user public key security authentication method provided by an embodiment of the present invention
  • step S101 in FIG. 1 is a schematic diagram of a specific implementation process of step S101 in FIG. 1;
  • FIG. 3 is a schematic flowchart of a specific implementation of step S102 in FIG. 1;
  • step S103 in FIG. 1 is a schematic flowchart of a specific implementation of step S103 in FIG. 1;
  • FIG. 5 is a schematic structural diagram of a user public key security authentication device provided by an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a terminal device provided by an embodiment of the present invention.
  • FIG. 1 a schematic flowchart of an embodiment of a POS user public key security authentication method is provided, which is applicable to a POS, and the POS may include firmware and a central processing unit (Central Processing Unit, central processor).
  • a central processing unit Central Processing Unit, central processor
  • step S101 when the firmware runs for the first time, a first key is randomly generated.
  • the encryption algorithm generally used is an asymmetric encryption algorithm.
  • the asymmetric encryption algorithm includes a public key (PUK, Public key) and a private key (PVK, Private key). Among them, the public key and the private key are paired. The content encrypted with the key can only be decrypted with the corresponding public key. Similarly, if the content encrypted with the public key can only be decrypted with the corresponding private key.
  • the user's public key is downloaded to the POS, and then the user's public key is encrypted.
  • the application first verify the security of the user's public key .
  • the user's public key is used to verify and sign the application. Only the application with a successful verification signature can be downloaded to the POS to run, that is, while ensuring the safety of the user's public key, the application is secured .
  • the firmware randomly generates the first key when it runs for the first time.
  • the hardware random number module in the POS may be used to generate a 16-byte random number, and the 16-byte random number may be a 3DES key.
  • the 3DES key is used as the encryption key of the user's public key, and the encryption key is randomly generated by the POS itself, which can reduce the complicated operation of external injection of the key, at the same time prevent illegal people from looking for the law of generating the key, and further increase the security of public key verification Sex.
  • the specific implementation process of randomly generating the first key in step S101 includes:
  • Step S201 access the fuse area of the central processor, and determine whether data exists in the fuse area.
  • the central processing unit may include a fuse area and a flash area.
  • the fuse (fuse) area is a one-time program writing area, and subsequent modification is not allowed.
  • the firmware When the firmware runs for the first time, it accesses the fuse area of the central processor and judges whether data exists in the fuse area, that is, checks whether the first key exists in the fuse area.
  • Step S202 When data exists in the fuse area, set the data of the fuse area as the first key.
  • Step S203 when there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
  • a hardware random number module in the POS can be used to generate a 16-byte random number and write it into the fuse area.
  • the 16-byte random number is used as a 3DES key for public
  • the key is encrypted, and the 16-byte random number is directly read from the fuse area every time the firmware runs, and the public key is encrypted or decrypted.
  • 3DES is a general term for the triple data encryption algorithm block password, which is equivalent to applying the DES encryption algorithm three times to the user public key to ensure the security of the user public key.
  • Step S102 Download the user public key, and generate a first ciphertext according to the first key and the user public key.
  • the illegal application program can be downloaded, so that the POS runs the illegal application program, thereby profiting from it, so protecting the user public key is very important.
  • the user public key is encrypted according to the first key to obtain the first ciphertext, that is, the user public key ciphertext, to prevent illegal persons from modifying the user public key .
  • the 3DES key is used to encrypt the user public key to obtain the first ciphertext.
  • the specific implementation process of downloading the user public key in step S102 and generating the first ciphertext according to the first key and the user public key includes:
  • Step S301 Store the user public key in the Flash area of the central processor.
  • Step S302 Obtain a first key of the fuse area, and encrypt the user public key of the flash area according to the first key to generate a first ciphertext.
  • Step S303 Store the first ciphertext in the Flash area.
  • Step S103 When downloading the application program, verify whether the user public key is correct according to the first key and the first ciphertext.
  • the private key of the merchant is first used to sign the public key of customer A, and then the public key of customer A is downloaded into the POS. At this time, the valid public key in the POS terminal The key is switched from the merchant's public key to the customer A's public key.
  • the reason to use the private key of the merchant to sign the public key of customer A first is to prevent customers who are not authorized by the merchant from downloading their public keys to the POS machine.
  • the public key of the merchant is pre-stored in the POS machine.
  • the public key of the customer A is downloaded, the public key of the merchant is used to sign and verify the public key of the customer A. The verification is passed, and the public key of the customer A is downloaded.
  • the download is successful
  • encrypt the public key of customer A according to the randomly generated first key in the POS to obtain the first ciphertext.
  • decrypt the first ciphertext according to the first key decrypt the first ciphertext according to the first key.
  • the decrypted user public key verifies that the downloaded user public key is correct, for example, to verify whether the user public key (the public key of customer A stored in the FLASH area) when downloading the application matches the public key of the decrypted customer A, If they do not match, it means that the public key of customer A when downloading the application is illegal and has been tampered with. At this time, the application is refused to be downloaded, or customer A can be notified to return the POS to the factory for repair. The public key is correct, allowing the application to be downloaded.
  • customer A wants to develop his next-level proxy customer B, he uses the private key of customer A to sign the public key of the next-level proxy customer B, and then downloads the public key of customer B to the POS.
  • the public key of customer B is encrypted according to the first key randomly generated in the POS to obtain the first ciphertext, and when the application is downloaded to the POS, the download is verified according to the first ciphertext and the first key Is the public key of customer B correct, that is, only when the public key of customer B is correct, the authorized application is downloaded to the POS.
  • the application program when the application program is downloaded, when the user public key cannot be obtained, it means that the application program has not been encrypted correspondingly and belongs to an illegal application program, and directly refuses to download the application program file.
  • the specific implementation process of verifying whether the user public key is correct according to the first key and the first ciphertext when downloading the application program in step S103 includes:
  • Step S401 When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area.
  • Step S402 Decrypt the first ciphertext according to the first key to obtain a first HASH value.
  • the hash algorithm is to map a binary value of any length into a short fixed-length binary value. This short binary value is called a HASH value.
  • HASH value is the only and extremely compact numerical representation of a piece of data. For a string, even if only one character in the string is changed, then the hash will produce different HASH values.
  • the first ciphertext is decrypted according to the first key to obtain the decrypted user public key HASH value, that is, the first HASH value is obtained.
  • Step S403 Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value.
  • Step S404 judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
  • comparing the first HASH value with the second HASH value if they do not match, it means that the first HASH value and the second HASH value do not satisfy the preset condition, and it is verified that the user public key is not correct.
  • the first HASH value and the second HASH value are compared, and verify whether the first HASH value and the second HASH value match, if the first HASH value and the second HASH value match If the HASH value matches, verify that the user's public key is correct, then use the user's public key to verify the application, and download the application after verification; if the first HASH value and the second HASH value do not match, then It is verified that the user public key is incorrect, that is, the user public key when downloading the application is illegal, and the POS is directly returned to the factory for repair.
  • a common POS attack method may include: an attacker cracks a first key, such as a 3DES key, to regenerate a user public key ciphertext (first ciphertext) and write it to the Flash area, so that the system can PUK verification process ".
  • a first key such as a 3DES key
  • first ciphertext a user public key ciphertext
  • the system can PUK verification process ".
  • the first key is generated by the random number generation module provided by the CPU, the true randomness of the first key is guaranteed, so that the attacker cannot find the rule through big data analysis, so the first key It is very safe to produce.
  • the first key is stored in the fuse area inside the CPU, and the system does not provide any API (Application Programming Interface (application programming interface), the application layer of the system does not have permission to operate to the fuse area, so the storage of the first key is very safe.
  • API Application Programming Interface
  • the 16-byte value can be used as the first key to encrypt the user's public key, and the encryption strength is high. Therefore, from the first key to the first key encryption algorithm, an attacker cannot crack it.
  • a common POS attack method may further include: an attacker may attempt to modify the user public key saved in the Flash area so that the illegal application program passes verification.
  • the randomly generated first key is used to encrypt the user's public key to obtain the first ciphertext. Since the attacker does not know the first key, he cannot forge and generate the first ciphertext corresponding to the user's public key. , So in the end, because the user public key and the user public key ciphertext decrypted user public key (the first ciphertext) do not match, the user public key verification fails.
  • common POS attack methods may further include: an attacker may try to copy data in the Flash area of a normal POS to a POS that needs to be cracked, or directly replace the Flash in the POS that needs to be cracked,
  • an attacker may try to copy data in the Flash area of a normal POS to a POS that needs to be cracked, or directly replace the Flash in the POS that needs to be cracked,
  • the first keys of the two POS are randomly generated, the possibility of the same is very small, the first ciphertext generated will be different, so even if the normal public POS user key Put into the POS that needs to be cracked, the public key of the illegal user still cannot pass the verification.
  • common POS attack methods may further include: an attacker may try to re-sold a new CPU and Flash to the machine that needs to be cracked to restore the machine to production state, and then re-download a new user public key to generate New user public key ciphertext, and save the user public key and user public key ciphertext to the Flash area at the same time.
  • the POS in the production state cannot run ordinary application programs, and must be switched to the factory state to run the application programs. Therefore, although the purpose of modifying the user's public key is achieved in this way, the application cannot be run, and this POS attack method is invalid.
  • the PUK is encrypted and stored in a one-machine-one-secure manner, which reduces the complicated operation of external key injection, which can effectively prevent the PUK in the POS machine from being tampered with and achieve the purpose of cutting the machine, which improves the POS machine The safety of the customer's interests is guaranteed.
  • one machine has one key, even if this machine is cracked, other machines are safe.
  • the above POS user public key security authentication method randomly generates the first key when the firmware is run for the first time, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection and generates the randomness of the key at the same time. It can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key; download the user's public key, and generate the first according to the first key and the user's public key Cipher text, when downloading an application, verify whether the user public key is correct according to the first key and the first cipher text, that is, encrypt the user public key, effectively avoiding the terminal from being modified or replaced by illegal persons
  • the machine cut-off event caused by the public key prevents the terminal from running other illegal applications and improves the security of the terminal payment.
  • FIG. 5 shows a structural block diagram of the user public key security authentication device in the second embodiment of the present invention. For ease of explanation, only parts related to this embodiment are shown.
  • the device includes: a key generation module 110, a ciphertext generation module 120, and a public key verification module 130.
  • the key generation module 110 is used to randomly generate the first key when the firmware is run for the first time.
  • the ciphertext generation module 120 is used to download the user public key, and generate a first ciphertext according to the first key and the user public key.
  • the public key verification module 130 is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
  • the key generation module 110 is specifically used to: access the fuse area of the central processor and determine whether data exists in the fuse area; when there is data in the fuse area, change the fuse area Is set as the first key; when there is no data in the fuse area, the first key is randomly generated and written to the fuse area.
  • the ciphertext generation module 120 is specifically configured to: store the user public key in the flash area of the central processor; obtain the first key of the fuse area, and according to the first secret The key encrypts the user public key in the Flash area to generate a first ciphertext; and stores the first ciphertext in the Flash area.
  • the public key verification module 130 is specifically configured to: read the first key of the fuse area and the first ciphertext of the flash area when downloading an application program; according to the The first key decrypts the first ciphertext to obtain a first hash HASH value; calculates the HASH value of the user public key in the Flash area to obtain a second HASH value; and determines the first HASH value And whether the second HASH value meets a preset condition, and verify whether the user public key is correct according to the judgment result.
  • the key generation module 110 randomly generates the first key when the firmware is run for the first time, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection and generates the key The randomness of can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key;
  • the ciphertext generation module 120 downloads the user's public key, based on the first key Generate a first ciphertext with the user's public key, and then the public key verification module 130 verifies whether the user's public key is correct according to the first key and the first ciphertext when downloading the application, that is, the user
  • the public key is encrypted to effectively prevent the terminal from being cut by an illegal person to modify or replace the user's public key, thereby preventing the terminal from running other illegal applications and improving the security of terminal payment.
  • the terminal device 100 described in this embodiment includes: a processor 140, a memory 150, and a computer program 151 stored in the memory 150 and executable on the processor 140, for example, a POS user company Procedures for key security authentication methods.
  • the processor 140 executes the computer program 151
  • the processor 140 implements the steps in the above embodiments of each POS user public key security authentication method, such as steps S101 to S103 shown in FIG.
  • the processor 140 executes the computer program 151
  • the functions of each module / unit in the foregoing device embodiments are realized, for example, the functions of the modules 110 to 130 shown in FIG. 5.
  • the computer program 151 may be divided into one or more modules / units, and the one or more modules / units are stored in the memory 150 and executed by the processor 140 to complete this invention.
  • the one or more modules / units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer program 151 in the terminal device 100.
  • the computer program 151 can be divided into a key generation module, a ciphertext generation module, and a public key verification module. The specific functions of each module are as follows:
  • the key generation module is used to randomly generate the first key when the firmware runs for the first time.
  • the ciphertext generation module is used to download the user public key, and generate a first ciphertext according to the first key and the user public key.
  • the public key verification module is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
  • the key generation module is specifically used to: access the fuse area of the central processor and determine whether data exists in the fuse area; when data exists in the fuse area, connect the fuse The data of the area is set as the first key; when there is no data in the fuse area, the first key is randomly generated and written into the fuse area.
  • the ciphertext generation module is specifically used to: store the user public key in the Flash area of the central processor; obtain the first key of the fuse area, and according to the first The key encrypts the user public key of the Flash area to generate a first ciphertext; the first ciphertext is stored in the Flash area.
  • the public key verification module is specifically used to: read the first key of the fuse area and the first ciphertext of the flash area when downloading an application program; according to the first A key decrypts the first ciphertext to obtain a first hash HASH value; calculates the HASH value of the user public key in the Flash area to obtain a second HASH value; judges the first HASH value and Whether the second HASH value meets a preset condition, and according to the judgment result, it is verified whether the user public key is correct.
  • the terminal device 100 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the terminal device 100 may include, but is not limited to, the processor 140 and the memory 150.
  • FIG. 6 is only an example of the terminal device 100, and does not constitute a limitation on the terminal device 100, and may include more or fewer components than those illustrated, or a combination of certain components, or different components.
  • the terminal device 100 may further include input and output devices, network access devices, buses, and the like.
  • the so-called processor 140 may be a central processing unit (Central Processing Unit (CPU), can also be other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the storage 150 may be an internal storage unit of the terminal device 100, such as a hard disk or a memory of the terminal device 100.
  • the memory 150 may also be an external storage device of the terminal device 100, such as a plug-in hard disk equipped on the terminal device 100, a smart memory card (Smart Media Card, SMC), a secure digital (SD) card, or a flash memory card (Flash Card) etc.
  • the memory 150 may also include both an internal storage unit of the terminal device 100 and an external storage device.
  • the memory 150 is used to store the computer program and other programs and data required by the terminal device 100.
  • the memory 150 can also be used to temporarily store data that has been or will be output.
  • the disclosed device / terminal device and method may be implemented in other ways.
  • the device / terminal device embodiments described above are only schematic.
  • the division of the module or unit is only a logical function division, and in actual implementation, there may be another division manner, such as multiple units Or components can be combined or integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware or software functional unit.
  • the integrated module / unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the present invention can implement all or part of the processes in the methods of the above embodiments, and can also be completed by a computer program instructing relevant hardware.
  • the computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments may be implemented.
  • the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate form.
  • the computer-readable medium may include: any entity or system capable of carrying the computer program code, a recording medium, a USB flash drive, a mobile hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunication signals, and software distribution media. It should be noted that the content included in the computer-readable medium can be appropriately increased or decreased according to the requirements of legislation and patent practice in jurisdictions. Does not include electrical carrier signals and telecommunications signals.

Abstract

A security authentication method and apparatus for a POS user public key, and a terminal device. The method comprises: upon running firmware for the first time, randomly generating a first key (S101); downloading a user public key, and generating a first ciphertext on the basis of the first key and the user public key (S102); and upon downloading an application, verifying whether the user public key is correct on the basis of the first key and the first ciphertext (S103). The present method employs a key generated by the terminal itself to encrypt the user public key, so as to effectively prevent a man-in-the-middle event caused by an unauthorized user of the terminal altering the user public key, thereby preventing the terminal from running unauthorized payment applications and improving security of the terminal.

Description

POS用户公钥安全认证方法、装置和终端设备POS user public key security authentication method, device and terminal equipment 技术领域Technical field
本发明属于终端处理技术领域,尤其涉及一种POS用户公钥安全认证方法、装置和终端设备。The invention belongs to the technical field of terminal processing, and particularly relates to a POS user public key security authentication method, device and terminal equipment.
背景技术Background technique
POS(Point Of Sale,销售终端)一般由支付公司购买,并租用或者免费提供给商户,支付公司收取支付手续费。由于国内第三方支付发展越来越迅猛,竞争越来越激烈,很多第三方支付公司会通过提供比较优惠的手续费来引导商户在POS上非法运行自己的支付应用程序,从中牟利,破坏客户自身的利益。现有技术中,POS仍存在切机漏洞,安全性不高的问题。POS (Point Of Sale, sales terminal) is generally purchased by the payment company, and leased or provided to the merchant for free, the payment company charges a payment processing fee. Due to the rapid development of domestic third-party payment and increasingly fierce competition, many third-party payment companies will guide merchants to illegally run their own payment applications on POS by providing preferential handling fees, profiting from them, and destroying customers themselves. Interests. In the prior art, POS still has a problem of cutting machine loopholes and low security.
技术问题technical problem
有鉴于此,本发明实施例提供了一种POS用户公钥安全认证方法、装置和终端设备,以解决现有技术中POS仍存在切机漏洞,安全性不高的问题。In view of this, the embodiments of the present invention provide a POS user public key security authentication method, device, and terminal device to solve the problem that the POS still has a machine-cutting loophole in the prior art and the security is not high.
技术解决方案Technical solution
本发明实施例的第一方面提供了一种POS用户公钥安全认证方法,包括:The first aspect of the embodiments of the present invention provides a POS user public key security authentication method, including:
在固件第一次运行时,随机生成第一密钥;The first key is randomly generated when the firmware is run for the first time;
下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文;Download the user public key, and generate a first ciphertext according to the first key and the user public key;
在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确。When downloading the application program, verify whether the user public key is correct according to the first key and the first ciphertext.
可选的,所述随机生成第一密钥,包括:Optionally, the randomly generating the first key includes:
访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;Access the fuse area of the central processor and determine whether data exists in the fuse area;
在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;When data exists in the fuse area, set the data of the fuse area as the first key;
在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。When there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
可选的,所述根据所述第一密钥和所述用户公钥生成第一密文,包括:Optionally, the generating the first ciphertext according to the first key and the user public key includes:
将所述用户公钥存入所述中央处理器的Flash区;Store the user public key in the Flash area of the central processor;
获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密,生成第一密文;Obtain the first key of the fuse area, and encrypt the user public key of the flash area according to the first key to generate a first ciphertext;
将所述第一密文存入所述Flash区。Store the first ciphertext in the Flash area.
可选的,所述在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确,包括:Optionally, when downloading the application, verifying whether the user public key is correct according to the first key and the first ciphertext includes:
在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area;
根据所述第一密钥对所述第一密文进行解密,得到第一HASH(哈希)值;Decrypt the first ciphertext according to the first key to obtain a first HASH value;
计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value;
判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。Judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
本发明实施例的第二方面提供了一种用户公钥安全认证装置,包括:A second aspect of an embodiment of the present invention provides a user public key security authentication device, including:
密钥生成模块,用于在固件第一次运行时,随机生成第一密钥;The key generation module is used to randomly generate the first key when the firmware runs for the first time;
密文生成模块,用于下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文;A ciphertext generation module, used to download the user's public key, and generate a first ciphertext according to the first key and the user's public key;
公钥验证模块,用于在下载应用程序时,根据所述第一密钥、所述第一密文验证下载的所述用户公钥是否正确。The public key verification module is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
可选的,所述密钥生成模块具体用于:Optionally, the key generation module is specifically used for:
访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;Access the fuse area of the central processor and determine whether data exists in the fuse area;
在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;When data exists in the fuse area, set the data of the fuse area as the first key;
在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。When there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
可选的,所述密文生成模块具体用于:Optionally, the ciphertext generation module is specifically used to:
将所述用户公钥存入所述中央处理器的Flash区;Store the user public key in the Flash area of the central processor;
获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密生成第一密文;Obtaining a first key of the fuse area, and encrypting the user public key of the flash area according to the first key to generate a first ciphertext;
将所述第一密文存入所述Flash区。Store the first ciphertext in the Flash area.
可选的,所述公钥验证模块具体用于:Optionally, the public key verification module is specifically used to:
在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area;
根据所述第一密钥对所述第一密文进行解密,得到第一哈希HASH值;Decrypt the first ciphertext according to the first key to obtain a first hash HASH value;
计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value;
判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。Judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
本发明实施例的第三方面提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如上述任一项所述POS用户公钥安全认证方法的步骤。A third aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, when the processor executes the computer program The steps of implementing the POS user public key security authentication method as described in any one of the above.
本发明实施例的第四方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储计算机程序,所述计算机程序被处理器执行时实现如上述任一项所述POS用户公钥安全认证方法的步骤。A fourth aspect of the embodiments of the present invention provides a computer-readable storage medium that stores a computer program, and when the computer program is executed by a processor, implements the POS user public key as described in any one of the above The steps of the safety certification method.
有益效果Beneficial effect
本发明实施例与现有技术相比存在的有益效果是:在固件第一次运行时,随机生成第一密钥,即采用终端自己生成密钥,减少了外部注入密钥的复杂操作,同时生成密钥的随机性,可以防止非法人员找寻生成第一密钥的规律,进而避免终端被非法人员修改用户公钥导致的切机事件;下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文,在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确,即对用户公钥进行加密,有效避免终端被非法人员修改或替换用户公钥导致的切机事件,从而防止终端运行其它非法应用程序,提高终端支付的安全性。Compared with the prior art, the beneficial effects of the embodiments of the present invention are: when the firmware is first run, the first key is randomly generated, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection, and at the same time The randomness of the generated key can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key; download the user's public key, according to the first key and the The user public key generates a first ciphertext, and when downloading the application, verify whether the user public key is correct according to the first key and the first ciphertext, that is, encrypt the user public key, effectively avoiding the terminal A machine cut-off event caused by an illegal person modifying or replacing a user's public key, thereby preventing the terminal from running other illegal application programs and improving the security of terminal payment.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present invention, the following will briefly introduce the drawings required in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only for the invention. In some embodiments, for those of ordinary skill in the art, without paying creative labor, other drawings may be obtained based on these drawings.
图1是本发明实施例提供的POS用户公钥安全认证方法的实现流程示意图;1 is a schematic diagram of an implementation process of a POS user public key security authentication method provided by an embodiment of the present invention;
图2是图1步骤S101的具体实现流程示意图;2 is a schematic diagram of a specific implementation process of step S101 in FIG. 1;
图3是图1步骤S102的具体实现流程示意图;FIG. 3 is a schematic flowchart of a specific implementation of step S102 in FIG. 1;
图4是图1步骤S103的具体实现流程示意图;4 is a schematic flowchart of a specific implementation of step S103 in FIG. 1;
图5是本发明实施例提供的用户公钥安全认证装置的结构示意图;5 is a schematic structural diagram of a user public key security authentication device provided by an embodiment of the present invention;
图6是本发明实施例提供的终端设备的示意图。6 is a schematic diagram of a terminal device provided by an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本发明实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本发明。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本发明的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as a specific system structure and technology are proposed to thoroughly understand the embodiments of the present invention. However, those skilled in the art should understand that the present invention can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary details.
为了说明本发明所述的技术方案,下面通过具体实施例来进行说明。In order to explain the technical solutions of the present invention, the following will be described with specific embodiments.
实施例一Example one
参见图1,提供了POS用户公钥安全认证方法的一个实施例实现流程示意图,适用于POS,所述POS可以包括固件和中央处理器(Central Processing Unit,中央处理器)。Referring to FIG. 1, a schematic flowchart of an embodiment of a POS user public key security authentication method is provided, which is applicable to a POS, and the POS may include firmware and a central processing unit (Central Processing Unit, central processor).
POS用户公钥安全认证方法的一个实现流程详述如下:An implementation process of the POS user public key security authentication method is detailed as follows:
步骤S101,在固件第一次运行时,随机生成第一密钥。In step S101, when the firmware runs for the first time, a first key is randomly generated.
为了POS的安全性,在下载应用程序之前,需要对待下载的应用程序的合法性进行验证,仅允许下载授权的应用程序文件进行安装。应用程序文件是指安装应用程序需要下载的文件。用户为了标记自己授权的应用程序文件,需要采用加密算法对自己授权的应用程序文件进行加密。一般采用的加密算法为不对称加密算法,不对称加密算法包括公钥(PUK,Public key)和私钥(PVK,Private key),其中,公钥和私钥是成对的,比如,用私钥加密的内容只能用相应的公钥解密,同样地,如果是用公钥加密的内容只能用相应的私钥进行解密。For POS security, before downloading an application, you need to verify the legitimacy of the application to be downloaded, and only download authorized application files for installation. Application file refers to the file that needs to be downloaded to install the application. In order to mark application files authorized by users, users need to use encryption algorithms to encrypt application files authorized by themselves. The encryption algorithm generally used is an asymmetric encryption algorithm. The asymmetric encryption algorithm includes a public key (PUK, Public key) and a private key (PVK, Private key). Among them, the public key and the private key are paired. The content encrypted with the key can only be decrypted with the corresponding public key. Similarly, if the content encrypted with the public key can only be decrypted with the corresponding private key.
即下载应用程序时,需要先用私钥进行签名,签名验证通过后,将用户公钥下载到POS上,然后对用户公钥加密,这样下载应用程序的时候,先验证用户公钥的安全性,用户公钥验证通过后,使用用户公钥对应用程序进行验证签名,只有验证签名成功的应用程序才可以下载到POS上运行,即在保证用户公钥的安全同时,保证了应用程序的安全。That is, when downloading the application, you need to sign with the private key first. After the signature verification is passed, the user's public key is downloaded to the POS, and then the user's public key is encrypted. When downloading the application, first verify the security of the user's public key , After the user's public key is verified, the user's public key is used to verify and sign the application. Only the application with a successful verification signature can be downloaded to the POS to run, that is, while ensuring the safety of the user's public key, the application is secured .
具体的,固件在第一次运行时会随机生成第一密钥。示例性的,固件第一次运行时,可以使用POS中的硬件随机数模块产生16字节随机数,该16字节随机数可以为3DES密钥。3DES密钥作为用户公钥的加密密钥,且加密密钥由POS自己随机生成,可以减少外部注入密钥的复杂操作,同时防止非法人员找寻生成密钥的规律,进一步增加公钥验证的安全性。Specifically, the firmware randomly generates the first key when it runs for the first time. Exemplarily, when the firmware runs for the first time, the hardware random number module in the POS may be used to generate a 16-byte random number, and the 16-byte random number may be a 3DES key. The 3DES key is used as the encryption key of the user's public key, and the encryption key is randomly generated by the POS itself, which can reduce the complicated operation of external injection of the key, at the same time prevent illegal people from looking for the law of generating the key, and further increase the security of public key verification Sex.
一个实施例中,参见图2,步骤S101中所述随机生成第一密钥的具体实现流程包括:In one embodiment, referring to FIG. 2, the specific implementation process of randomly generating the first key in step S101 includes:
步骤S201,访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据。Step S201, access the fuse area of the central processor, and determine whether data exists in the fuse area.
其中,中央处理器(CPU)可以包括熔丝区和Flash区。其中,熔丝(fuse)区为一次性程序写入区域,后续不允许进行修改。Among them, the central processing unit (CPU) may include a fuse area and a flash area. Among them, the fuse (fuse) area is a one-time program writing area, and subsequent modification is not allowed.
固件第一次运行时,访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据,即查看所述熔丝区是否存在第一密钥。When the firmware runs for the first time, it accesses the fuse area of the central processor and judges whether data exists in the fuse area, that is, checks whether the first key exists in the fuse area.
步骤S202,在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥。Step S202: When data exists in the fuse area, set the data of the fuse area as the first key.
步骤S203,在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。Step S203, when there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
示例性的,在所述熔丝区不存在数据时,可以使用POS中的硬件随机数模块产生16字节随机数并写入熔丝区,该16字节随机数作为3DES密钥对用户公钥进行加密,以后每次固件运行时直接从熔丝区读取该16字节随机数,并对公钥进行加密或者解密。其中,3DES是三重数据加密算法块密码的通称,相当于对用户公钥应用三次DES加密算法,以保证用户公钥的安全性。Exemplarily, when there is no data in the fuse area, a hardware random number module in the POS can be used to generate a 16-byte random number and write it into the fuse area. The 16-byte random number is used as a 3DES key for public The key is encrypted, and the 16-byte random number is directly read from the fuse area every time the firmware runs, and the public key is encrypted or decrypted. Among them, 3DES is a general term for the triple data encryption algorithm block password, which is equivalent to applying the DES encryption algorithm three times to the user public key to ensure the security of the user public key.
步骤S102,下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文。Step S102: Download the user public key, and generate a first ciphertext according to the first key and the user public key.
实际应用中,只要修改或替换了用户公钥,就可以下载非法应用程序,使POS运行非法应用程序,从而从中牟利,所以保护用户公钥十分重要。具体的,本实施例中,在用户公钥的签名验证通过后,根据第一密钥对用户公钥进行加密,得到第一密文,即用户公钥密文,防止非法人员修改用户公钥。当验证用户公钥时,还需根据第一密钥通过解密算法对用户公钥密文进行解密,得到解密后的用户公钥HASH值(第一HASH值),然后计算Flash区上保存的用户公钥HASH值(第二HASH值),两个用户公钥HASH值若相同即为用户公钥验证通过,所述用户公钥正确,然后使用该用户公钥验证应用程序,即完成应用程序的下载。In actual applications, as long as the user's public key is modified or replaced, the illegal application program can be downloaded, so that the POS runs the illegal application program, thereby profiting from it, so protecting the user public key is very important. Specifically, in this embodiment, after the signature verification of the user public key is passed, the user public key is encrypted according to the first key to obtain the first ciphertext, that is, the user public key ciphertext, to prevent illegal persons from modifying the user public key . When verifying the user's public key, it is also necessary to decrypt the user's public key ciphertext through the decryption algorithm according to the first key to obtain the decrypted user public key HASH value (first HASH value), and then calculate the user saved on the Flash area Public key HASH value (second HASH value), if the two user public key HASH values are the same, the user public key verification is passed, the user public key is correct, and then use the user public key to verify the application, that is, complete the application download.
示例性的,采用3DES密钥对用户公钥进行加密,得到第一密文。Exemplarily, the 3DES key is used to encrypt the user public key to obtain the first ciphertext.
一个实施例中,参见图3,步骤S102中所述下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文的具体实现流程包括:In an embodiment, referring to FIG. 3, the specific implementation process of downloading the user public key in step S102 and generating the first ciphertext according to the first key and the user public key includes:
步骤S301,将所述用户公钥存入所述中央处理器的Flash区。Step S301: Store the user public key in the Flash area of the central processor.
其中,所述Flash区在中央处理器断电或终端断电时数据也不会丢失,所以将用户公钥存入Flash区,防止重启终端后数据丢失。Among them, data in the Flash area will not be lost when the central processor is powered off or the terminal is powered off, so the user public key is stored in the Flash area to prevent data loss after restarting the terminal.
步骤S302,获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密,生成第一密文。Step S302: Obtain a first key of the fuse area, and encrypt the user public key of the flash area according to the first key to generate a first ciphertext.
步骤S303,将所述第一密文存入所述Flash区。Step S303: Store the first ciphertext in the Flash area.
步骤S103,在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确。Step S103: When downloading the application program, verify whether the user public key is correct according to the first key and the first ciphertext.
示例性的,当客户A从商家购买到POS后,首先采用商家的私钥对客户A的公钥进行签名,然后将客户A的公钥下载到POS中,此时,POS终端中的有效公钥就从商家的公钥切换成了客户A的公钥。之所以要先使用商家的私钥对客户A的公钥进行签名,是为了防止未经商家授权的客户将自己的公钥下载到POS机中。Exemplarily, after customer A purchases the POS from the merchant, the private key of the merchant is first used to sign the public key of customer A, and then the public key of customer A is downloaded into the POS. At this time, the valid public key in the POS terminal The key is switched from the merchant's public key to the customer A's public key. The reason to use the private key of the merchant to sign the public key of customer A first is to prevent customers who are not authorized by the merchant from downloading their public keys to the POS machine.
其中,POS机中预先存储了商家的公钥,当下载客户A的公钥时,采用商家的公钥对客户A的公钥进行签名验证,验证通过,下载客户A的公钥,当下载成功后,根据POS中随机生成的第一密钥对客户A的公钥进行加密得到第一密文,在下载应用程序到该POS中时,根据第一密钥对第一密文进行解密,根据解密后的用户公钥验证下载的用户公钥是否正确,例如,验证下载应用程序时的用户公钥(存储在FLASH区的客户A的公钥)与解密后的客户A的公钥是否匹配,若不匹配,说明当前下载应用程序时的客户A的公钥属于非法,被篡改了,此时则拒绝下载应用程序,也可以通知客户A将POS返厂维修,若匹配,说明当前的客户A公钥正确,允许下载该应用程序。Among them, the public key of the merchant is pre-stored in the POS machine. When the public key of the customer A is downloaded, the public key of the merchant is used to sign and verify the public key of the customer A. The verification is passed, and the public key of the customer A is downloaded. When the download is successful Then, encrypt the public key of customer A according to the randomly generated first key in the POS to obtain the first ciphertext. When downloading the application program to the POS, decrypt the first ciphertext according to the first key. The decrypted user public key verifies that the downloaded user public key is correct, for example, to verify whether the user public key (the public key of customer A stored in the FLASH area) when downloading the application matches the public key of the decrypted customer A, If they do not match, it means that the public key of customer A when downloading the application is illegal and has been tampered with. At this time, the application is refused to be downloaded, or customer A can be notified to return the POS to the factory for repair. The public key is correct, allowing the application to be downloaded.
当客户A要发展自己的下一级代理客户B时,则采用客户A的私钥对下一级代理客户B的公钥进行签名,然后将客户B的公钥下载到POS中,同样地,下载成功后,根据POS中随机生成的第一密钥对客户B的公钥进行加密得到第一密文,在下载应用程序到该POS中时,根据第一密文和第一密钥验证下载的客户B的公钥是否正确,即只有在客户B的公钥正确时,授权应用程序下载到该POS中。When customer A wants to develop his next-level proxy customer B, he uses the private key of customer A to sign the public key of the next-level proxy customer B, and then downloads the public key of customer B to the POS. Similarly, After the download is successful, the public key of customer B is encrypted according to the first key randomly generated in the POS to obtain the first ciphertext, and when the application is downloaded to the POS, the download is verified according to the first ciphertext and the first key Is the public key of customer B correct, that is, only when the public key of customer B is correct, the authorized application is downloaded to the POS.
在一个实施例中,在下载应用程序时,获取不到用户公钥时,说明该应用程序没有进行过相应的加密,属于非法的应用程序,直接拒绝下载该应用程序文件。In one embodiment, when the application program is downloaded, when the user public key cannot be obtained, it means that the application program has not been encrypted correspondingly and belongs to an illegal application program, and directly refuses to download the application program file.
一个实施例中,参见图4,步骤S103中所述在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确的具体实现流程包括:In an embodiment, referring to FIG. 4, the specific implementation process of verifying whether the user public key is correct according to the first key and the first ciphertext when downloading the application program in step S103 includes:
步骤S401,在下载所述应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文。Step S401: When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area.
步骤S402,根据所述第一密钥对所述第一密文进行解密,得到第一HASH值。Step S402: Decrypt the first ciphertext according to the first key to obtain a first HASH value.
哈希算法是将任意长度的二进制数值映射为较短的固定长度的二进制数值,这个短的二进制数值称为HASH值。HASH值是一段数据唯一且极其紧凑的数值表示形式,对于一个字符串哪怕只更改该字符串中的一个字符,随后哈希都将产生不同的HASH值。The hash algorithm is to map a binary value of any length into a short fixed-length binary value. This short binary value is called a HASH value. HASH value is the only and extremely compact numerical representation of a piece of data. For a string, even if only one character in the string is changed, then the hash will produce different HASH values.
具体的,根据所述第一密钥对所述第一密文进行解密,得到解密后的用户公钥HASH值,即得到第一HASH值。Specifically, the first ciphertext is decrypted according to the first key to obtain the decrypted user public key HASH value, that is, the first HASH value is obtained.
步骤S403,计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值。Step S403: Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value.
步骤S404,判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。Step S404, judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
具体的,将第一HASH值和所述第二HASH值进行比较,若不匹配,则说明所述第一HASH值和所述第二HASH值不满足预设条件,验证所述用户公钥不正确。Specifically, comparing the first HASH value with the second HASH value, if they do not match, it means that the first HASH value and the second HASH value do not satisfy the preset condition, and it is verified that the user public key is not correct.
示例性的,判断所述第一HASH值和所述第二HASH值进行比较,验证所述第一HASH值和所述第二HASH值是否匹配,若所述第一HASH值和所述第二HASH值匹配,则验证所述用户公钥是正确的,然后使用用户公钥验证应用程序,验证通过后下载该应用程序;若所述第一HASH值和所述第二HASH值不匹配,则验证所述用户公钥是不正确的,即在下载该应用程序时的用户公钥为非法的,直接将POS返厂维修。Exemplarily, determine whether the first HASH value and the second HASH value are compared, and verify whether the first HASH value and the second HASH value match, if the first HASH value and the second HASH value match If the HASH value matches, verify that the user's public key is correct, then use the user's public key to verify the application, and download the application after verification; if the first HASH value and the second HASH value do not match, then It is verified that the user public key is incorrect, that is, the user public key when downloading the application is illegal, and the POS is directly returned to the factory for repair.
一个实施例中,常见POS攻击方式可以包括:攻击者通过破解第一密钥,例如3DES密钥,重新生成用户公钥密文(第一密文)并写入Flash区域,使系统可以通过“PUK验证流程”。本实施例中,由于第一密钥是通过CPU自带的随机数生成模块产生的,保证了第一密钥的真随机性,使攻击者无法通过大数据分析找到规律,所以第一密钥产生是非常安全的。并且,密钥保存方面,第一密钥保存在CPU内部的熔丝区,系统没有提供任何操作熔丝区的API (Application Programming Interface,应用程序编程接口),系统的应用层也没有权限能操作到熔丝区,所以第一密钥的保存是非常安全的。另外,算法方面,可以采用16字节数值作为第一密钥对用户公钥进行加密,加密强度高。所以从第一密钥保存到第一密钥加密算法,攻击者是无法破解的。In an embodiment, a common POS attack method may include: an attacker cracks a first key, such as a 3DES key, to regenerate a user public key ciphertext (first ciphertext) and write it to the Flash area, so that the system can PUK verification process ". In this embodiment, since the first key is generated by the random number generation module provided by the CPU, the true randomness of the first key is guaranteed, so that the attacker cannot find the rule through big data analysis, so the first key It is very safe to produce. In addition, in terms of key storage, the first key is stored in the fuse area inside the CPU, and the system does not provide any API (Application Programming Interface (application programming interface), the application layer of the system does not have permission to operate to the fuse area, so the storage of the first key is very safe. In addition, in terms of algorithm, the 16-byte value can be used as the first key to encrypt the user's public key, and the encryption strength is high. Therefore, from the first key to the first key encryption algorithm, an attacker cannot crack it.
一个实施例中,常见POS攻击方式可以还包括:攻击者可能试图修改Flash区保存的用户公钥,使得非法应用程序验证通过。而本实施例中,运用随机生成的第一密钥对用户公钥进行了加密,得到第一密文,攻击者由于不知道第一密钥,无法伪造生成用户公钥对应的第一密文,所以最后也会由于用户公钥和用户公钥密文解密后的用户公钥(第一密文)不匹配,导致用户公钥验证失败。In an embodiment, a common POS attack method may further include: an attacker may attempt to modify the user public key saved in the Flash area so that the illegal application program passes verification. In this embodiment, the randomly generated first key is used to encrypt the user's public key to obtain the first ciphertext. Since the attacker does not know the first key, he cannot forge and generate the first ciphertext corresponding to the user's public key. , So in the end, because the user public key and the user public key ciphertext decrypted user public key (the first ciphertext) do not match, the user public key verification fails.
一个实施例中,常见POS攻击方式可以还包括:攻击者可能试图把一台运行正常的POS中的Flash区内的数据拷贝到需要破解的POS上,或直接替换需要破解的POS中的Flash,本实施例中,由于两台POS的第一密钥都是随机产生的,其相同的可能性很小,则生成的第一密文也会不同,所以即使将运行正常的POS的用户公钥放入需要破解的POS上,非法用户公钥还是不能通过验证。In an embodiment, common POS attack methods may further include: an attacker may try to copy data in the Flash area of a normal POS to a POS that needs to be cracked, or directly replace the Flash in the POS that needs to be cracked, In this embodiment, since the first keys of the two POS are randomly generated, the possibility of the same is very small, the first ciphertext generated will be different, so even if the normal public POS user key Put into the POS that needs to be cracked, the public key of the illegal user still cannot pass the verification.
一个实施例中,常见POS攻击方式可以还包括:攻击者可能试图重新焊接一块新的CPU和Flash到需要破解的机器上,使机器恢复到生产状态,然后重新下载一个新的用户公钥,产生新的用户公钥密文,并把用户公钥和用户公钥密文同时保存到Flash区上。但是生产状态的POS无法运行普通应用程序,必须切换到出厂状态才能运行应用程序。所以,虽然通过这种方式达到了修改用户公钥的目的,但还是不能运行应用程序,这种POS攻击方法是无效的。In an embodiment, common POS attack methods may further include: an attacker may try to re-sold a new CPU and Flash to the machine that needs to be cracked to restore the machine to production state, and then re-download a new user public key to generate New user public key ciphertext, and save the user public key and user public key ciphertext to the Flash area at the same time. However, the POS in the production state cannot run ordinary application programs, and must be switched to the factory state to run the application programs. Therefore, although the purpose of modifying the user's public key is achieved in this way, the application cannot be run, and this POS attack method is invalid.
本实施例中,采用一机一密的方式对PUK进行加密保存,减少了外部注入密钥的复杂操作,可以有效的防止POS机里面PUK被人篡改而达到切机的目的,提高了POS机的安全性,保证了客户的利益。另外,一台机器一个密钥,即使这台机器被破解了,其它机器也是安全的。In this embodiment, the PUK is encrypted and stored in a one-machine-one-secure manner, which reduces the complicated operation of external key injection, which can effectively prevent the PUK in the POS machine from being tampered with and achieve the purpose of cutting the machine, which improves the POS machine The safety of the customer's interests is guaranteed. In addition, one machine has one key, even if this machine is cracked, other machines are safe.
上述POS用户公钥安全认证方法,在固件第一次运行时,随机生成第一密钥,即采用终端自己生成密钥,减少了外部注入密钥的复杂操作,同时生成密钥的随机性,可以防止非法人员找寻生成第一密钥的规律,进而避免终端被非法人员修改用户公钥导致的切机事件;下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文,在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确,即对用户公钥进行加密,有效避免终端被非法人员修改或替换用户公钥导致的切机事件,从而防止终端运行其它非法应用程序,提高终端支付的安全性。The above POS user public key security authentication method randomly generates the first key when the firmware is run for the first time, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection and generates the randomness of the key at the same time. It can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key; download the user's public key, and generate the first according to the first key and the user's public key Cipher text, when downloading an application, verify whether the user public key is correct according to the first key and the first cipher text, that is, encrypt the user public key, effectively avoiding the terminal from being modified or replaced by illegal persons The machine cut-off event caused by the public key prevents the terminal from running other illegal applications and improves the security of the terminal payment.
本领域技术人员可以理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。Those skilled in the art may understand that the size of the sequence numbers of the steps in the above embodiments does not mean that the execution order is sequential, and the execution order of each process should be determined by its function and inherent logic, and should not correspond to the implementation process of the embodiments of the present invention Constitute any limitation.
实施例二Example 2
对应于上述实施例一所述的POS用户公钥安全认证方法,图5中示出了本发明实施例二中用户公钥安全认证装置的结构框图。为了便于说明,仅示出了与本实施例相关的部分。Corresponding to the POS user public key security authentication method described in the first embodiment above, FIG. 5 shows a structural block diagram of the user public key security authentication device in the second embodiment of the present invention. For ease of explanation, only parts related to this embodiment are shown.
该装置包括:密钥生成模块110、密文生成模块120和公钥验证模块130。The device includes: a key generation module 110, a ciphertext generation module 120, and a public key verification module 130.
其中,密钥生成模块110用于在固件第一次运行时,随机生成第一密钥。The key generation module 110 is used to randomly generate the first key when the firmware is run for the first time.
密文生成模块120用于下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文。The ciphertext generation module 120 is used to download the user public key, and generate a first ciphertext according to the first key and the user public key.
公钥验证模块130用于在下载应用程序时,根据所述第一密钥、所述第一密文验证下载的所述用户公钥是否正确。The public key verification module 130 is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
一个实施例中,密钥生成模块110具体用于:访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。In one embodiment, the key generation module 110 is specifically used to: access the fuse area of the central processor and determine whether data exists in the fuse area; when there is data in the fuse area, change the fuse area Is set as the first key; when there is no data in the fuse area, the first key is randomly generated and written to the fuse area.
一个实施例中,密文生成模块120具体用于:将所述用户公钥存入所述中央处理器的Flash区;获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密生成第一密文;将所述第一密文存入所述Flash区。In one embodiment, the ciphertext generation module 120 is specifically configured to: store the user public key in the flash area of the central processor; obtain the first key of the fuse area, and according to the first secret The key encrypts the user public key in the Flash area to generate a first ciphertext; and stores the first ciphertext in the Flash area.
一个实施例中,公钥验证模块130具体用于:在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;根据所述第一密钥对所述第一密文进行解密,得到第一哈希HASH值;计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。In one embodiment, the public key verification module 130 is specifically configured to: read the first key of the fuse area and the first ciphertext of the flash area when downloading an application program; according to the The first key decrypts the first ciphertext to obtain a first hash HASH value; calculates the HASH value of the user public key in the Flash area to obtain a second HASH value; and determines the first HASH value And whether the second HASH value meets a preset condition, and verify whether the user public key is correct according to the judgment result.
上述用户公钥安全认证装置,密钥生成模块110在固件第一次运行时,随机生成第一密钥,即采用终端自己生成密钥,减少了外部注入密钥的复杂操作,同时生成密钥的随机性,可以防止非法人员找寻生成第一密钥的规律,进而避免终端被非法人员修改用户公钥导致的切机事件;密文生成模块120下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文,然后公钥验证模块130在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确,即对用户公钥进行加密,有效避免终端被非法人员修改或替换用户公钥导致的切机事件,从而防止终端运行其它非法应用程序,提高终端支付的安全性。In the above user public key security authentication device, the key generation module 110 randomly generates the first key when the firmware is run for the first time, that is, the terminal generates the key itself, which reduces the complicated operation of external key injection and generates the key The randomness of can prevent the illegal person from looking for the rule of generating the first key, and then avoid the terminal from being cut off by the illegal person to modify the user's public key; the ciphertext generation module 120 downloads the user's public key, based on the first key Generate a first ciphertext with the user's public key, and then the public key verification module 130 verifies whether the user's public key is correct according to the first key and the first ciphertext when downloading the application, that is, the user The public key is encrypted to effectively prevent the terminal from being cut by an illegal person to modify or replace the user's public key, thereby preventing the terminal from running other illegal applications and improving the security of terminal payment.
实施例三Example Three
图6是本发明实施例三提供的终端设备100的示意图。如图6所示,该实施例所述的终端设备100包括:处理器140、存储器150以及存储在所述存储器150中并可在所述处理器140上运行的计算机程序151,例如POS用户公钥安全认证方法的程序。所述处理器140在执行所述计算机程序151时实现上述各个POS用户公钥安全认证方法实施例中的步骤,例如图1所示的步骤S101至S103。或者,所述处理器140执行所述计算机程序151时实现上述各装置实施例中各模块/单元的功能,例如图5所示模块110至130的功能。6 is a schematic diagram of a terminal device 100 provided in Embodiment 3 of the present invention. As shown in FIG. 6, the terminal device 100 described in this embodiment includes: a processor 140, a memory 150, and a computer program 151 stored in the memory 150 and executable on the processor 140, for example, a POS user company Procedures for key security authentication methods. When the computer 140 executes the computer program 151, the processor 140 implements the steps in the above embodiments of each POS user public key security authentication method, such as steps S101 to S103 shown in FIG. Alternatively, when the processor 140 executes the computer program 151, the functions of each module / unit in the foregoing device embodiments are realized, for example, the functions of the modules 110 to 130 shown in FIG. 5.
示例性的,所述计算机程序151可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器150中,并由所述处理器140执行,以完成本发明。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序151在所述终端设备100中的执行过程。例如,所述计算机程序151可以被分割成密钥生成模块、密文生成模块和公钥验证模块,各模块具体功能如下:Exemplarily, the computer program 151 may be divided into one or more modules / units, and the one or more modules / units are stored in the memory 150 and executed by the processor 140 to complete this invention. The one or more modules / units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer program 151 in the terminal device 100. For example, the computer program 151 can be divided into a key generation module, a ciphertext generation module, and a public key verification module. The specific functions of each module are as follows:
密钥生成模块用于在固件第一次运行时,随机生成第一密钥。The key generation module is used to randomly generate the first key when the firmware runs for the first time.
密文生成模块用于下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文。The ciphertext generation module is used to download the user public key, and generate a first ciphertext according to the first key and the user public key.
公钥验证模块用于在下载应用程序时,根据所述第一密钥、所述第一密文验证下载的所述用户公钥是否正确。The public key verification module is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
一个实施例中,所述密钥生成模块具体用于:访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。In one embodiment, the key generation module is specifically used to: access the fuse area of the central processor and determine whether data exists in the fuse area; when data exists in the fuse area, connect the fuse The data of the area is set as the first key; when there is no data in the fuse area, the first key is randomly generated and written into the fuse area.
一个实施例中,所述密文生成模块具体用于:将所述用户公钥存入所述中央处理器的Flash区;获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密生成第一密文;将所述第一密文存入所述Flash区。In one embodiment, the ciphertext generation module is specifically used to: store the user public key in the Flash area of the central processor; obtain the first key of the fuse area, and according to the first The key encrypts the user public key of the Flash area to generate a first ciphertext; the first ciphertext is stored in the Flash area.
一个实施例中,公钥验证模块具体用于:在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;根据所述第一密钥对所述第一密文进行解密,得到第一哈希HASH值;计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。In one embodiment, the public key verification module is specifically used to: read the first key of the fuse area and the first ciphertext of the flash area when downloading an application program; according to the first A key decrypts the first ciphertext to obtain a first hash HASH value; calculates the HASH value of the user public key in the Flash area to obtain a second HASH value; judges the first HASH value and Whether the second HASH value meets a preset condition, and according to the judgment result, it is verified whether the user public key is correct.
所述终端设备100可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述终端设备100可包括,但不仅限于处理器140、存储器150。本领域技术人员可以理解,图6仅仅是终端设备100的示例,并不构成对终端设备100的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如终端设备100还可以包括输入输出设备、网络接入设备、总线等。The terminal device 100 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server. The terminal device 100 may include, but is not limited to, the processor 140 and the memory 150. Those skilled in the art may understand that FIG. 6 is only an example of the terminal device 100, and does not constitute a limitation on the terminal device 100, and may include more or fewer components than those illustrated, or a combination of certain components, or different components. For example, the terminal device 100 may further include input and output devices, network access devices, buses, and the like.
所称处理器140可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路 (Application Specific Integrated Circuit,ASIC)、现成可编程门阵列 (Field-Programmable Gate Array,FPGA) 或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 140 may be a central processing unit (Central Processing Unit (CPU), can also be other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
所述存储器150可以是终端设备100的内部存储单元,例如终端设备100的硬盘或内存。所述存储器150也可以是终端设备100的外部存储设备,例如终端设备100上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器150还可以既包括终端设备100的内部存储单元也包括外部存储设备。所述存储器150用于存储所述计算机程序以及终端设备100所需的其他程序和数据。所述存储器150还可以用于暂时地存储已经输出或者将要输出的数据。The storage 150 may be an internal storage unit of the terminal device 100, such as a hard disk or a memory of the terminal device 100. The memory 150 may also be an external storage device of the terminal device 100, such as a plug-in hard disk equipped on the terminal device 100, a smart memory card (Smart Media Card, SMC), a secure digital (SD) card, or a flash memory card (Flash Card) etc. Further, the memory 150 may also include both an internal storage unit of the terminal device 100 and an external storage device. The memory 150 is used to store the computer program and other programs and data required by the terminal device 100. The memory 150 can also be used to temporarily store data that has been or will be output.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed or recorded in an embodiment, you can refer to the related descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art may realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed in hardware or software depends on the specific application of the technical solution and design constraints. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of the present invention.
在本发明所提供的实施例中,应该理解到,所揭露的装置/终端设备和方法,可以通过其它的方式实现。例如,以上所描述的装置/终端设备实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided by the present invention, it should be understood that the disclosed device / terminal device and method may be implemented in other ways. For example, the device / terminal device embodiments described above are only schematic. For example, the division of the module or unit is only a logical function division, and in actual implementation, there may be another division manner, such as multiple units Or components can be combined or integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or software functional unit.
所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或系统、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包括的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。If the integrated module / unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the present invention can implement all or part of the processes in the methods of the above embodiments, and can also be completed by a computer program instructing relevant hardware. The computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments may be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate form. The computer-readable medium may include: any entity or system capable of carrying the computer program code, a recording medium, a USB flash drive, a mobile hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunication signals, and software distribution media. It should be noted that the content included in the computer-readable medium can be appropriately increased or decreased according to the requirements of legislation and patent practice in jurisdictions. Does not include electrical carrier signals and telecommunications signals.
以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包括在本发明的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present invention, not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the foregoing The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate from the essence and scope of the technical solutions of the embodiments of the present invention, and should be included in Within the protection scope of the present invention.

Claims (10)

  1. 一种POS用户公钥安全认证方法,其特征在于,包括:A POS user public key security authentication method is characterized by including:
    在固件第一次运行时,随机生成第一密钥;The first key is randomly generated when the firmware is run for the first time;
    下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文;Download the user public key, and generate a first ciphertext according to the first key and the user public key;
    在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确。When downloading the application program, verify whether the user public key is correct according to the first key and the first ciphertext.
  2. 如权利要求1所述的POS用户公钥安全认证方法,其特征在于,所述随机生成第一密钥,包括:The POS user public key security authentication method according to claim 1, wherein the randomly generating the first key includes:
    访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;Access the fuse area of the central processor and determine whether data exists in the fuse area;
    在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;When data exists in the fuse area, set the data of the fuse area as the first key;
    在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。When there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
  3. 如权利要求2所述的POS用户公钥安全认证方法,其特征在于,所述根据所述第一密钥和所述用户公钥生成第一密文,包括:The POS user public key security authentication method according to claim 2, wherein the generating the first ciphertext according to the first key and the user public key includes:
    将所述用户公钥存入所述中央处理器的Flash区;Store the user public key in the Flash area of the central processor;
    获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密,生成第一密文;Obtain the first key of the fuse area, and encrypt the user public key of the flash area according to the first key to generate a first ciphertext;
    将所述第一密文存入所述Flash区。Store the first ciphertext in the Flash area.
  4. 如权利要求3所述的POS用户公钥安全认证方法,其特征在于,所述在下载应用程序时,根据所述第一密钥、所述第一密文验证所述用户公钥是否正确,包括:The POS user public key security authentication method according to claim 3, characterized in that, when downloading an application program, it is verified whether the user public key is correct based on the first key and the first ciphertext, include:
    在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area;
    根据所述第一密钥对所述第一密文进行解密,得到第一哈希HASH值;Decrypt the first ciphertext according to the first key to obtain a first hash HASH value;
    计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value;
    判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。Judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
  5. 一种用户公钥安全认证装置,其特征在于,包括:A user public key security authentication device, characterized in that it includes:
    密钥生成模块,用于在固件第一次运行时,随机生成第一密钥;The key generation module is used to randomly generate the first key when the firmware runs for the first time;
    密文生成模块,用于下载用户公钥,根据所述第一密钥和所述用户公钥生成第一密文;A ciphertext generation module, used to download the user's public key, and generate a first ciphertext according to the first key and the user's public key;
    公钥验证模块,用于在下载应用程序时,根据所述第一密钥、所述第一密文验证下载的所述用户公钥是否正确。The public key verification module is used to verify whether the downloaded user public key is correct according to the first key and the first ciphertext when downloading the application program.
  6. 如权利要求5所述的用户公钥安全认证装置,其特征在于,所述密钥生成模块具体用于:The user public key security authentication device according to claim 5, wherein the key generation module is specifically used for:
    访问中央处理器的熔丝区,并判断所述熔丝区是否存在数据;Access the fuse area of the central processor and determine whether data exists in the fuse area;
    在所述熔丝区存在数据时,将所述熔丝区的数据设置为所述第一密钥;When data exists in the fuse area, set the data of the fuse area as the first key;
    在所述熔丝区不存在数据时,随机生成第一密钥并写入所述熔丝区。When there is no data in the fuse area, a first key is randomly generated and written into the fuse area.
  7. 如权利要求6所述的用户公钥安全认证装置,其特征在于,所述密文生成模块具体用于:The user public key security authentication device according to claim 6, wherein the ciphertext generation module is specifically used for:
    将所述用户公钥存入所述中央处理器的Flash区;Store the user public key in the Flash area of the central processor;
    获取所述熔丝区的第一密钥,并根据所述第一密钥对所述Flash区的所述用户公钥进行加密生成第一密文;Obtaining a first key of the fuse area, and encrypting the user public key of the flash area according to the first key to generate a first ciphertext;
    将所述第一密文存入所述Flash区。Store the first ciphertext in the Flash area.
  8. 如权利要求7所述的用户公钥安全认证装置,其特征在于,所述公钥验证模块具体用于:The user public key security authentication device according to claim 7, wherein the public key verification module is specifically used for:
    在下载应用程序时,读取所述熔丝区的所述第一密钥和所述Flash区的所述第一密文;When downloading the application program, read the first key of the fuse area and the first ciphertext of the Flash area;
    根据所述第一密钥对所述第一密文进行解密,得到第一哈希HASH值;Decrypt the first ciphertext according to the first key to obtain a first hash HASH value;
    计算所述Flash区的所述用户公钥的HASH值,得到第二HASH值;Calculate the HASH value of the user public key in the Flash area to obtain a second HASH value;
    判断所述第一HASH值和所述第二HASH值是否满足预设条件,根据判断结果验证所述用户公钥是否正确。Judging whether the first HASH value and the second HASH value satisfy the preset condition, and verifying whether the user public key is correct according to the judgment result.
  9. 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至4任一项所述方法的步骤。A terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, when the processor executes the computer program, it is implemented as claimed in claims 1 to 4. The steps of any of the methods.
  10. 一种计算机可读存储介质,所述计算机可读存储介质存储计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至4任一项所述方法的步骤。A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 4 are implemented.
PCT/CN2019/114320 2018-10-30 2019-10-30 Security authentication method and apparatus for pos user public key, and terminal device WO2020088515A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811277096.0A CN109523258A (en) 2018-10-30 2018-10-30 POS client public key safety certifying method, device and terminal device
CN201811277096.0 2018-10-30

Publications (1)

Publication Number Publication Date
WO2020088515A1 true WO2020088515A1 (en) 2020-05-07

Family

ID=65773268

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/114320 WO2020088515A1 (en) 2018-10-30 2019-10-30 Security authentication method and apparatus for pos user public key, and terminal device

Country Status (2)

Country Link
CN (1) CN109523258A (en)
WO (1) WO2020088515A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109523258A (en) * 2018-10-30 2019-03-26 百富计算机技术(深圳)有限公司 POS client public key safety certifying method, device and terminal device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030044006A1 (en) * 2001-09-06 2003-03-06 Clwt, Llc Media protection system and method
CN107194237A (en) * 2017-04-05 2017-09-22 百富计算机技术(深圳)有限公司 Method, device, computer equipment and the storage medium of application security certification
CN107466455A (en) * 2017-03-15 2017-12-12 深圳大趋智能科技有限公司 POS safe verification method and device
CN109523258A (en) * 2018-10-30 2019-03-26 百富计算机技术(深圳)有限公司 POS client public key safety certifying method, device and terminal device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030044006A1 (en) * 2001-09-06 2003-03-06 Clwt, Llc Media protection system and method
CN107466455A (en) * 2017-03-15 2017-12-12 深圳大趋智能科技有限公司 POS safe verification method and device
CN107194237A (en) * 2017-04-05 2017-09-22 百富计算机技术(深圳)有限公司 Method, device, computer equipment and the storage medium of application security certification
CN109523258A (en) * 2018-10-30 2019-03-26 百富计算机技术(深圳)有限公司 POS client public key safety certifying method, device and terminal device

Also Published As

Publication number Publication date
CN109523258A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
US10491379B2 (en) System, device, and method of secure entry and handling of passwords
WO2021013245A1 (en) Data key protection method and system, electronic device and storage medium
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
US7237121B2 (en) Secure bootloader for securing digital devices
US8964976B2 (en) Secure storage and retrieval of confidential information
US8091137B2 (en) Transferring a data object between devices
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
CN109412812B (en) Data security processing system, method, device and storage medium
TW201837776A (en) Method and system for protecting data keys in trusted computing
US20060168580A1 (en) Software-management system, recording medium, and information-processing device
US20130132733A1 (en) System And Method For Digital Rights Management With System Individualization
CN112187544B (en) Firmware upgrading method, device, computer equipment and storage medium
JP2005536951A (en) Apparatus, system, and method for securing digital documents in a digital device
US7802109B2 (en) Trusted system for file distribution
JPH08166879A (en) Method and apparatus for reinforcement of safety of softwarefor distribution
US20100058047A1 (en) Encrypting a unique cryptographic entity
FI115356B (en) A method for processing audio-visual information in an electronic device, a system and an electronic device
WO2018166163A1 (en) Pos terminal control method, pos terminal, server and storage medium
KR20130008939A (en) Apparatus and method for preventing a copy of terminal's unique information in a mobile terminal
KR20070059891A (en) Application authentication security system and method thereof
CN111327429B (en) Terminal starting processing method and device
US20190044709A1 (en) Incorporating software date information into a key exchange protocol to reduce software tampering
CN114996666A (en) Method for encrypting and decrypting neural network model, electronic device and storage medium
WO2020088515A1 (en) Security authentication method and apparatus for pos user public key, and terminal device
US20180218357A1 (en) Export high value material based on ring 1 evidence of ownership

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19879777

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19879777

Country of ref document: EP

Kind code of ref document: A1