Background technology
Bank card (BANKCard) is more and more universal as the means of payment, common bank card paying system comprises point of sales terminal (PointOfSale, POS), POS receives single system (POSP), code keypad (PINPAD) and hardware encipher machine (HardwareandSecurityModule, HSM).Wherein POS terminal can accept bank card information, has communication function, and the equipment that the instruction accepting teller completes financial transaction information and exchanges for information about; POS receives single system and manages concentratedly POS terminal, comprises parameter downloads, and key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback transaction results information, is the system of centralized management and transaction processing; Code keypad (PINPAD) is that the key relevant to various financial transaction carries out safe storage protection, and is encrypted the safety equipment of protection to PIN; Hardware encipher machine (HSM) is the peripheral hardware devices be encrypted transmission data, for the encryption and decryption of PIN, the correctness verifying message and document source and storage key.Personal identification code (PersonalIdentificationNumber, PIN), i.e. personal identification number are the data messages identifying holder's identity legitimacy in on-line transaction, and in cyber-net system, any link does not allow to occur in mode expressly; Terminal master key (TerminalMasterKey, TMK), during POS terminal work, to the master key that working key is encrypted, encrypting storing is in system database; POS terminal is widely used in bank card and pays occasion, and such as manufacturer's shopping, hotel accommodations etc. are a kind of indispensable modernization means of payment, has incorporated the various occasions of people's life.Bank card; particularly debit card; generally all be provided with PIN by holder; carrying out in payment process; POS terminal is except above sending the data such as the magnetic track information of bank card; also want holder to input the identity legitimacy of PIN for issuing bank checking holder, guarantee bank card safety of payment, the property safety of protection holder.Reveal to prevent PIN or be cracked; require from terminal to issuing bank in whole information interactive process; whole process carries out safety encipher protection to PIN; do not allow any link in computer network system; PIN occurs in mode expressly, and the POS terminal therefore accepting input PIN at present all requires to be equipped with key management system.
The key code system of POS terminal is divided into secondary: terminal master key (TMK) and working key (WK).Wherein TMK is in WK renewal process, is encrypted protection to WK.Every platform POS terminal has unique TMK, must have safeguard protection, guarantee can only write device and participate in calculate, can not read; TMK is a very crucial root key, if TMK is intercepted, working key is just cracked than being easier to, by serious threat bank card safety of payment.So can secure download TMK to POS terminal, become the key of whole POS terminal security.Conclude existing TMK download scenarios below as follows:
1, the female POS scheme of key: user receives the single system hardware encipher machine traffic encryption key the same with key female POS input at POS.POS terminal receives single system initiating terminal master key download request by the female POS of key to POS, POS receives single system and drives hardware encipher machine stochastic generation terminal master key, and by traffic encryption key encrypted transmission to the female POS of key, POS terminal is transferred to again after the female POS traffic encryption key deciphering of key, POS terminal obtains terminal master key expressly, be saved in POS terminal code keypad, thus realize POS terminal and POS and receive the synchronous of terminal master key between single system.
2, IC-card decrypt scheme: user injects the same traffic encryption key in POS receipts single system hardware encipher machine with IC-card.IC-card is inserted POS terminal by user, POS terminal receives single system initiating terminal master key download request to POS, POS receives single system and drives hardware encipher machine stochastic generation terminal master key, and by traffic encryption key encrypted transmission to POS terminal, traffic encryption key decryption terminal master key ciphertext in POS terminal IC-card, obtain terminal master key expressly, be saved in POS terminal code keypad, thus realize POS terminal and POS and receive the synchronous of terminal master key between single system.
Above-mentioned two schemes has following shortcoming: terminal master key expressly appears at outside safety equipment, and for taking precautions against Key Exposure risk, the download of terminal master key must control to carry out at the safe machine room of administrative center, by manually concentrating download terminal master key.Thus bring that " maintenance centre's machine room workload is large; Need to be transported to administrative center's safe machine room download key after equipment dispatches from the factory and just can be deployed to trade company, transportation cost rises; In order to concentrate under fill key, need a large amount of staff and working time, maintenance cost is large, maintenance period is long " etc. problem.
Summary of the invention
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is to provide a kind of sending method of transmission security key, comprises the steps:
S1, operating terminal read the sequence number of POS terminal, and described sequence number is issued MTMS system;
S2, operating terminal obtain customer information corresponding to POS terminal from MTMS system, described customer information is that MTMS system searches customer information corresponding to sequence number according to the sequence number retrieve sequence information table of each POS terminal, wherein, described sequence number information token is loaded with the corresponding relation of sequence number and customer information, and described customer information comprises encoder client and customer name;
The customer information display that S3, operating terminal will receive;
S4, operating terminal judge whether the validation of information instruction receiving staff's input, if so, perform step S5;
Transmission security key TK is issued MTMS system by S5, operating terminal.
Another technical scheme of the present invention is for providing a kind of transmitting system of transmission security key, and comprise operating terminal and the MTMS system that communicates to connect with operating terminal and the KMS system be connected with MTMS system communication, described operating terminal comprises:
First sending module, for reading the sequence number of POS terminal, issues MTMS system by described sequence number;
Acquisition module, for obtaining customer information corresponding to POS terminal from MTMS system;
Display module, for the customer information display received by acquisition module;
Judge module, for judging whether the validation of information instruction receiving staff's input;
Second sending module, during for judging to receive validation of information instruction when judge module, issues MTMS system by transmission security key TK;
Described MTMS system comprises customer information sending module, for when receiving the sequence number that described first sending module sends, retrieve sequence information table searches customer information corresponding to sequence number, wherein, described sequence number information token is loaded with the corresponding relation of sequence number and customer information, and described customer information comprises encoder client and customer name.
Beneficial effect of the present invention: when supporting that the POS terminal that remote terminal master key is downloaded is keeped in repair, need the transmission security key TK determining to gather, and send to specific client, if easily made the mistake by artificial cognition, the present invention adopts systematization to operate, system background obtains corresponding encoder client according to sequence number automatically, retrieve corresponding customer name, title is transmitted back to operating terminal, operating terminal determines that corresponding customer name is correct, just TK data are sent and upload, if incorrect, manually input the encoder client needing to be uploaded to.The method improves the security that transmission security key sends, and can guarantee that again customer information is not revealed.
Embodiment
By describing technology contents of the present invention, structural attitude in detail, realized object and effect, accompanying drawing is coordinated to be explained in detail below in conjunction with embodiment.
For solving the technical matters existed in background technology, the present invention adopts a kind of new master key download scenarios, TK(TransmissionKey is produced at random by POS terminal, transmission security key), TK after producing is stored in the code keypad of POS terminal, and TK is sent to KMS(KeyManagementSystem, key management system, for office terminal master key TMK by transmission mode required under various application scenarios) in.
As POS terminal application download terminal master key TMK, KMS system uses TK ciphering terminal master key TMK, and the terminal master key ciphertext after encryption is sent to POS terminal, POS terminal is decrypted master key ciphertext with TK after receiving, obtain terminal master key TMK, and terminal master key TMK is kept in code keypad.
So, by TK ciphering terminal master key TMK, enable TMK carry out remote transmission, facilitate the secure download of TMK.
In some scenarios, operating terminal is adopted to gather the TK of POS terminal generation, and be responsible for TK being transferred to MTMS system (MaterialTrackingManagementSystem by operating terminal, Tracing Material system, mainly use in plant produced), TK is managed by MTMS systematic unity, and TK is sent to corresponding KMS system, described course of conveying is by CA center (CertificateAuthority, certificate authority, adopt PublicKeyInfrastructure public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and there is third party's trust authority that is authoritative and fairness) differentiate operating terminal, the identity of MTMS system and KMS system.Adopt the rights management that operating terminal collection TK can facilitate the acquisition operations of TK (can realize a key collection etc.) and TK to gather; Adopt MTMS system conveniently to TK unified management, data search and the download of POS terminal during after-sales service later can be facilitated, can realize, by manufacture order bulk transfer TK, facilitating the transfer management of TK by MTMS system, prevent TK from misinformating to the object of mistake; Introducing CA center can prevent pseudo-terminal and pseudo-KMS system from stealing TK.
Above by being sent to bank's end after POS terminal collect and transmit cipher key T K, TMK is encrypted, then the transmission security of TMK can be ensured by the method for the TMK of POS terminal remote download after TK encryption.
When above-mentioned employing MTMS system is to TK unified management, when the POS terminal supporting that remote terminal master key is downloaded is keeped in repair, maintenance personal needs to send to specific client KMS system with operating terminal by collecting new transmission security key TK data from POS terminal, if easily made the mistake by artificial cognition, and the information of client is a kind of critical data for company, this information at will can not be revealed.When maintenance personal keeps in repair the POS terminal of support terminal master key remote download, need to determine that the transmission security key TK data transmitted are transferred to correct client, it is the technical issues that need to address that information is not revealed as far as possible.
Just the technical scheme that the present invention overcomes the problems referred to above is described in detail below.
Refer to Fig. 1, be the flowchart of the sending method of transmission security key in an embodiment of the present invention, the method comprising the steps of:
S1, operating terminal read the sequence number of POS terminal, and described sequence number is issued MTMS system;
S2, operating terminal obtain customer information corresponding to POS terminal from MTMS system, described customer information is that MTMS system searches customer information corresponding to sequence number according to the sequence number retrieve sequence information table of each POS terminal, wherein, described sequence number information token is loaded with the corresponding relation of sequence number and customer information, and described customer information comprises encoder client and customer name;
The customer information display that S3, operating terminal will receive;
S4, operating terminal judge whether the validation of information instruction receiving staff's input, if so, perform step S5;
Transmission security key TK is issued MTMS system by S5, operating terminal.
In the present embodiment, also comprise after described step S4:
When judging the validation of information instruction not receiving staff's input, operating terminal shows an encoder client inputting interface;
Operating terminal obtains the encoder client inputted by encoder client inputting interface, and the encoder client of input is uploaded to MTMS system, and request obtains the customer name of corresponding encoder client again;
The customer name display that operating terminal will obtain again;
Operating terminal judges whether the validation of information instruction receiving staff's input, and if so, transmission security key TK, sequence number, encoder client are uploaded to MTMS system by operating terminal simultaneously;
After MTMS system acceptance to transmission security key TK, sequence number, encoder client, in sequence number information table, the customer information that the sequence number received is corresponding with the encoder client received is associated.
In the present embodiment, described customer information also comprises communication mode corresponding to client KMS server and address information, and the sending method of described transmission security key also comprises step:
After MTMS system acceptance to, transmission security key TK, inquire communication mode corresponding to KMS server and address information, will transmission security key TK be received to be issued by communication mode the address information of corresponding KMS system.
Referring to Fig. 2, is the structured flowchart of the transmitting system of a kind of transmission security key in an embodiment of the present invention.The method of the transmission of above-mentioned transmission security key is applied in this system.
The MTMS system 20 that the transmitting system 1 of this transmission security key comprises operating terminal 10 and communicates to connect with operating terminal, described operating terminal 10 comprises:
First sending module 11, for reading the sequence number of POS terminal, issues MTMS system by described sequence number;
Acquisition module 12, for obtaining customer information corresponding to POS terminal from MTMS system;
Display module 13, for the customer information display received by acquisition module;
Judge module 14, for judging whether the validation of information instruction receiving staff's input;
Second sending module 15, during for judging to receive validation of information instruction when judge module, issues MTMS system by transmission security key TK;
Described MTMS system 20 comprises customer information sending module 21, for when receiving the sequence number that described first sending module sends, retrieve sequence information table searches customer information corresponding to sequence number, wherein, described sequence number information token is loaded with the corresponding relation of sequence number and customer information, and described customer information comprises encoder client and customer name.
In the present embodiment, described operating terminal 1 also comprises: the second display module, again acquisition module, the 3rd display module, the second judge module, the 3rd sending module
Second display module, during for judging not receive validation of information instruction when judge module, shows an encoder client inputting interface;
Again acquisition module, for obtaining the encoder client inputted by encoder client inputting interface, and uploads to MTMS system by the encoder client of input, and request obtains the customer name of corresponding encoder client again;
3rd display module, for the customer name display the get first uploading unit request again obtained;
Second judge module, for after the 3rd display module shows the customer name again obtained, judges whether the validation of information instruction receiving staff's input;
3rd sending module, for after the second judge module judgement receives the validation of information instruction of staff's input, is uploaded to MTMS system by transmission security key TK, sequence number, encoder client simultaneously;
Described MTMS system 20 comprises relating module, for after receiving transmission security key TK, sequence number, encoder client from operating terminal, the customer information that the sequence number received is corresponding with the encoder client received is associated in sequence number information table.
In the present embodiment, described customer information also comprises the communication mode corresponding with KMS server and address information; Described MTMS system 20 comprises transmission security key sending module, for when receive second sending module send transmission security key TK after, inquire communication mode corresponding to KMS server and address information, will transmission security key TK be received to be issued by communication mode the address information of corresponding KMS system.
Beneficial effect of the present invention: when the POS terminal supporting that remote terminal master key is downloaded is keeped in repair, need the transmission security key TK determining to gather, and send to specific client, if easily made the mistake by artificial cognition, the present invention adopts systematization to operate, system background obtains corresponding encoder client according to sequence number automatically, retrieve corresponding customer name, title is transmitted back to operating terminal, operating terminal determines that corresponding customer name is correct, just TK data are sent and upload, if incorrect, manual input needs the encoder client be uploaded to, MTMS system revises customer name corresponding to encoder client to distribute according to correct corresponding relation.The method improves the security that transmission security key sends, and can guarantee that again customer information is not revealed.
The foregoing is only embodiments of the invention; not thereby the scope of the claims of the present invention is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.