Background technology
Bank card (Bank Card) is more and more universal as the means of payment, common bank card paying system, comprise point of sales terminal (Point Of Sale:POS), terminal management system (Terminal ManageSystem:TMS), code keypad (PIN PAD) and hardware encipher machine (Hardware and SecurityModule:HSM).Wherein POS terminal can accept bank card information, has communication function, and accepts the instruction of teller and the equipment completing financial transaction information and exchange for information about; The POS terminal of TMS system to subordinate is managed concentratedly, comprises parameter downloads, and key is downloaded, and accepts, process or forward the transaction request of POS terminal, and to the centralized management of POS terminal loopback transaction results information and transaction processing system; Code keypad (PINPAD) carries out safe storage protection to TMK, PIK and MAK, and be encrypted the safety equipment of protection to PIN; Hardware encipher machine (Hardware and SecurityModule:HSM) is the peripheral hardware devices be encrypted the data of transmission, for the encryption and decryption of PIN, the correctness verifying message and document source and storage key.Personal identification code (Personal Identification Number; PIN), i.e. personal identification number is the data message identifying holder's identity legitimacy in on-line transaction, and in cyber-net system, any link does not allow PIN to occur in mode expressly; Terminal master key (Terminal Master Key; TMK): during POS terminal work, to the master key that working key is encrypted, be kept in system hardware, can only use, can not read; Working key (workingkey; WK), also referred to as data key, generally include the key (being called for short MAK) of PIN encryption key (being called for short PIK) and Package authentication MAC calculating, working key constantly upgrades, with terminal master key (TMK), working key is encrypted in the message of online renewal, transmits again after forming ciphertext.
POS terminal is widely used in bank card and pays occasion, and such as market shopping, hotel's mandate etc., be a kind of indispensable modernization means of payment, incorporated the normal life of people.Bank card (particularly debit card) is generally all provided with PIN by holder; carrying out in payment process; POS terminal is except above sending the data such as the magnetic track information of bank card; also require that holder inputs PIN for issuing bank checking holder identity legitimacy; to guarantee bank card safety of payment, the property safety of protection holder.In order to prevent PIN from revealing or being cracked, require from terminal to issuing bank in whole information interactive process, whole process carries out safety encipher protection to PIN, does not allow any link in cyber-net system, and PIN occurs in mode expressly.For this reason, the POS terminal that can accept to input PIN at present all requires to be equipped with key management system.
The key code system of POS terminal is divided into secondary: terminal master key (TMK) and working key (WK).Wherein TMK is encrypted protection to WK, and every platform POS terminal has unique TMK, must have safety precautions, and guarantee can only write hardware device and participate in computing, can not be read; WK comprises the PIK for encrypting PIN and carries out MAK two parts of Package authentication (MAC), call encryption equipment by TMS to produce, download when POS terminal is registered to TMS, and utilize TMK encrypted transmission and storage, its cryptographic algorithm is all the 3DES algorithm that use safety rank is very high.Specific works key downloads flow process:
POS terminal initiates to TMS the request of registering;
TMS calls PIK and MAK that encryption equipment stochastic generation TMK encrypts;
POS terminal receives PIK and the MAK ciphertext returned from TMS, and stored in code keypad.
In bank card payment process; during by input through keyboard; by code keypad utilize PIK the PIN that holder inputs is encrypted after on give TMS; then TMS is transmitted to issuing bank after encryption equipment is changed to the PIN after encryption carries out authorisation process by calling again; guarantee in whole transmitting procedure that PIN utilizes hardware to be encrypted protection; the 3DES cryptographic algorithm that its encryption uses also is be widely used one of very high cryptographic algorithm of level of security so far, is usually applied in financial industry.
As can be seen from working key downloading process above, TMK is a very crucial root key.If TMK is intercepted, PIK, MAK even PIN can utilize 3DES algorithm to crack, by serious threat bank card safety of payment.So, TMK can secure download to POS terminal, also just become the committed step of a cipher safe protecting.We are summarized as follows current existing TMK method for down loading below:
In every way plaintext TMK or ciphertext TMK is imported in the female POS terminal of a key, finally all need to download in female POS terminal and store expressly master key, the female POS terminal of key is connected with needing the POS terminal of the master key TMK downloaded by serial ports, is downloaded in POS terminal by plaintext master key TMK.
Because master key TMK is transferred in POS terminal by female POS download, by plaintext transmission, there is potential safety hazard, if by intercept, will the leakage of master key TMK be caused.
And, a lot of acquirer will by POS terminal privatization at present, namely the master key of other acquirers is not allowed to download in all POS terminal of this acquirer, as long as but the female POS of any key is according to the communication interface consulted, just master key TMK can be downloaded in the POS terminal of all this communication interfaces of support, therefore easily occur master key TMK to download in the POS terminal of other acquirers, POS terminal privatization cannot be realized.
Summary of the invention
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is:
A kind of method of secure download terminal master key is provided, comprises step: S1, key downloader produce or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center; S2, CA center generates acquirer root certificate AcquireRCRT and corresponding private key AcquireRCRT_Prk, is used by the PKI AcquireWCRT_Pu received AcquireRCRT_Prk signature to generate acquirer work certificate AcquireWCRT; Key downloader stores described acquirer work certificate AcquireWCRT and private key AcquireWCRT_Prk; POS terminal stores described acquirer root certificate AcquireRCRT; Work certificate AcquireWCRT is sent to POS terminal by S3, key downloader; S4, POS terminal use the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, if certification is legal, then extract PKI AcquireWCRT_Pu from acquirer work certificate AcquireWCRT, and produce the first random number R nd1, the second random number R nd2; S5, the POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates random number ciphertext C_rnd1_rnd2, and random number ciphertext C_rnd1_mrnd2 is sent to key downloader; S6, key downloader use private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 '; S7, key downloader produce or import terminal master key TMK, the 3rd random number R nd1 ' ciphering terminal master key TMK is used to generate master key ciphertext Ctmk, then use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal; S8, POS terminal use public-key AcquireWCRT_Pu decipher second master key ciphertext C_ctmk_rnd2 obtain master key ciphertext Ctmk and the 4th random number R nd2 ', then judge that whether the 4th random number R nd2 ' consistent with the second random number R nd2; If S9 the 4th random number R nd2 ' is consistent with the second random number R nd2, POS terminal uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Another technical scheme that the present invention adopts is:
A kind of key management method is provided, comprises: key downloader produces or imports public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center; Key downloader stores the acquirer work certificate AcquireWCRT and corresponding private key AcquireRCRT_Prk that CA center generates, and described acquirer work certificate AcquireWCRT uses private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate; Acquirer work certificate AcquireWCRT is sent to POS terminal by key downloader; Key downloader receives the random number ciphertext C_rnd1_mrnd2 that POS terminal sends, and described random number ciphertext C_rnd1_mrnd2 is that the POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates; Key downloader uses private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 '; Key downloader produces or imports terminal master key TMK, the 3rd random number R nd1 ' ciphering terminal master key TMK is used to generate master key ciphertext Ctmk, then use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal.
Another technical scheme that the present invention adopts is:
There is provided a kind of key downloading management method, comprising: POS terminal stores described acquirer root certificate AcquireRCRT, described acquirer root certificate AcquireRCRT is produced by CA center; POS terminal receives the acquirer work certificate AcquireWCRT that key downloader sends, and described acquirer work certificate AcquireWCRT uses private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate; POS terminal uses the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, if certification is legal, then extract AcquireWCRT_Pu from acquirer work certificate AcquireWCRT, and produce the first random number R nd1, the second random number R nd2; The POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates random number ciphertext C_rnd1_rnd2, and random number ciphertext C_rnd1_mrnd2 is sent to key downloader; POS terminal receives the second master key ciphertext C_ctmk_rnd2 that key downloader sends, described second master key ciphertext C_ctmk_rnd2 generates for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ', described master key ciphertext Ctmk is that use the 3rd random number R nd1 ' ciphering terminal master key TMK generates, and described 3rd random number R nd1 ', the 4th random number R nd2 ' obtain for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2; POS terminal use public-key AcquireWCRT_Pu decipher second master key ciphertext C_ctmk_rnd2 obtain master key ciphertext Ctmk and the 4th random number R nd2 ', then judge that whether the 4th random number R nd2 ' consistent with the second random number R nd2; If the 4th random number R nd2 ' is consistent with the second random number R nd2, POS terminal uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Another technical scheme of the present invention is:
A kind of system of secure download master key is provided, comprises: key downloader, POS terminal and CA center; Described key downloader comprises key generation module, master key module, the second data transmit-receive module, the second encryption/decryption module, described POS terminal comprises the first authentication module, the first data transmit-receive module, the first encryption/decryption module, the first judge module, the first random-number-generating module, and described CA center comprises certificate preset module; Key generation module for generation of or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center; Certificate preset module is for generating acquirer root certificate AcquireRCRT and corresponding private key AcquireRCRT_Prk, and the PKI AcquireWCRT_Pu for receiving uses private key AcquireRCRT_Prk signature to generate acquirer work certificate AcquireWCRT; And for acquirer work certificate AcquireWCRT and private key AcquireWCRT_Prk is stored in key downloader, acquirer root certificate AcquireRCRT is stored in POS terminal; Second data transmit-receive module is used for work certificate AcquireWCRT to send to POS terminal; First authentication module for using the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, and for when certification is legal, extracts AcquireWCRT_Pu from acquirer work certificate AcquireWCRT; First random-number-generating module is for generation of the first random number R nd1, the second random number R nd2; First encryption/decryption module generates random number ciphertext C_rnd1_rnd2 for using AcquireWCRT_Pu to encrypt the first random number R nd and the second random number R nd2; First data transmit-receive module is used for random number ciphertext C_rnd1_mrnd2 to be sent to key downloader; Second encryption/decryption module obtains the 3rd random number R nd1 ', the 4th random number R nd2 ' for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2; Master key module for generation of or import terminal master key TMK; Second encryption/decryption module generates master key ciphertext Ctmk for using the 3rd random number R nd1 ' ciphering terminal master key TMK, and use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal; The first encryption/decryption module AcquireWCRT_Pu that is used for using public-key deciphers the second master key ciphertext C_ctmk_rnd2 and obtains master key ciphertext Ctmk and the 4th random number R nd2 '; Whether the first judge module is consistent with the second random number R nd2 for judging the 4th random number R nd2 '; First encryption/decryption module is used for when the 4th random number R nd2 ' is consistent with the second random number R nd2, uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Another technical scheme of the present invention is:
A kind of key download management device is provided, comprises key generation module, master key module, the second data transmit-receive module, the second encryption/decryption module, the second memory module; Key generation module for generation of or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center; The acquirer work certificate AcquireWCRT and corresponding private key AcquireRCRT_Prk that second memory module generates for storing CA center, described acquirer work certificate AcquireWCRT use private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate; Second data transmit-receive module is used for acquirer work certificate AcquireWCRT to send to POS terminal; The random number ciphertext C_rnd1_mrnd2 that second data transmit-receive module sends for receiving POS terminal, described random number ciphertext C_rnd1_mrnd2 are that the POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates; Second encryption/decryption module uses private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 '; Master key module for generation of or import terminal master key TMK; Second encryption/decryption module generates master key ciphertext Ctmk for using the 3rd random number R nd1 ' ciphering terminal master key TMK, and for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2; Second data transmit-receive module is used for the second master key ciphertext C_ctmk_rnd2 to be sent to POS terminal.
Another technical scheme of the present invention is:
A kind of POS terminal, comprises the first memory module, the first authentication module, the first data transmit-receive module, the first encryption/decryption module, the first judge module, the first random-number-generating module, first memory module is for storing described acquirer root certificate AcquireRCRT, and described acquirer root certificate AcquireRCRT is produced by CA center, the acquirer work certificate AcquireWCRT that first data transmit-receive module sends for receiving key downloader, described acquirer work certificate AcquireWCRT use private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate, first authentication module for using the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, and for when certification is legal, extracts AcquireWCRT_Pu from acquirer work certificate AcquireWCRT, first random-number-generating module is for generation of the first random number R nd1, the second random number R nd2, first encryption/decryption module generates random number ciphertext C_rnd1_rnd2 for using AcquireWCRT_Pu to encrypt the first random number R nd and the second random number R nd2, first data transmit-receive module is used for random number ciphertext C_rnd1_mrnd2 to be sent to key downloader, the second master key ciphertext C_ctmk_rnd2 that first data transmit-receive module sends for receiving key downloader, the first encryption/decryption module AcquireWCRT_Pu that is used for using public-key deciphers the second master key ciphertext C_ctmk_rnd2 and obtains master key ciphertext Ctmk and the 4th random number R nd2 ', described second master key ciphertext C_ctmk_rnd2 generates for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ', described master key ciphertext Ctmk is that use the 3rd random number R nd1 ' ciphering terminal master key TMK generates, described 3rd random number R nd1 ', 4th random number R nd2 ' obtains for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2, whether the first judge module is consistent with the second random number R nd2 for judging the 4th random number R nd2 ', first encryption/decryption module is used for when the 4th random number R nd2 ' is consistent with the second random number R nd2, uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Beneficial effect of the present invention is: the present invention, by the form transmission master key TMK of the ciphertext after asymmetric encryption, only has POS terminal just can untie ciphertext, realizes master key secure download, effectively prevent in master key transmitting procedure by the risk intercepted and captured.Further, the present invention produces work certificate and root certificate by CA center, work certificate is stored in key downloader, by root certificate storage in POS terminal, the authentication of key downloader and POS terminal is realized by root certificate and work certificate, thus prevent key downloader from master key is downloaded to POS terminal beyond this acquirer, realize the privatization of POS terminal.Further, the present invention downloads both sides by random number to master key and carries out authentication, effectively prevents resetting attack pattern and steals master key.
Embodiment
By describing technology contents of the present invention, structural attitude in detail, realized object and effect, accompanying drawing is coordinated to be explained in detail below in conjunction with embodiment.
First, the abbreviation that the present invention relates to and Key Term are defined and are illustrated:
HSM_VENDOR: supplier's hardware encipher machine;
The abbreviation of AUK:Authentication Key, authentication authorization and accounting key, for the two-way authentication between PINPAD and key management system KMS;
CA center: so-called CA(Certificate Authority) center, it adopts PKI(Public KeyInfrastructure) public key infrastructure technology, network ID authentication service is provided specially, be responsible for signing and issuing and managing digital certificate, and there is third party's trust authority that is authoritative and fairness, its effect just as the company of issue certificates in our actual life, as mechanism handled by passport;
The abbreviation of HSM:High Security Machine, high safety equipment are hardware encipher machine within the system;
KMS system: Key Management System, key management system, for office terminal master key TMK;
The abbreviation of MAK:Mac Key, i.e. MAC computation key, consult to determine 24 byte symmetric keys with client, calculates for the MAC value of TK between MTMS system and KMS system;
MTMS: full name Material Tracking Management System, Tracing Material management system, mainly uses when plant produced;
The abbreviation of PIK:Pin Key, i.e. Pin encryption key are the one of working key;
PINPAD: code keypad;
The abbreviation of PK:Protect Key, i.e. Protective Key, consult to determine with client, 24 byte symmetric keys.For the encrypted transmission of TK between MTMS/TCS and KMS;
The abbreviation of POS:Point Of Sale, i.e. point-of-sale terminal
SNpinpad: the sequence number of code keypad, when PINPAD is built-in, consistent with POS terminal sequence number SNpos;
The sequence number of SN:POS terminal;
The abbreviation of TEK:Transmission Encrypt Key, i.e. traffic encryption key, 24 byte symmetric keys, for the encrypted transmission of TMK between PINPAD and key management system KMS;
The abbreviation of TK:Transmission Key, i.e. transmission security key.Transmission security key is made up of traffic encryption key TEK and two-way authentication key A UK;
The abbreviation of TMS:Terminal Management System, i.e. terminal management system, the functions such as POS terminal information management, software and parameter configuration, remote download, terminal running state information manage for completing, remote diagnosis;
The abbreviation of TMK:Terminal Master Key, i.e. terminal master key, for POS terminal and the encrypted transmission paying working key between receipts single system;
Safe house: there is higher security level other, for the room of service device, just can enter after this room needs authentication.
Intellective IC card: be CPU card, integrated circuit in card comprises central processor CPU, programmable read only memory EEPROM, random access memory ram and is solidificated in the card internal operating system COS (Chip Operating System) in read only memory ROM, and in card, data are divided into outside reading and inter-process part.
Symmetric key: the both sides transmitted and receive data must use identical double secret key expressly to encrypt and decrypt computing.Symmetric key encryption algorithm mainly comprises: DES, 3DES, IDEA, FEAL, BLOWFISH etc.
Unsymmetrical key: rivest, shamir, adelman needs two keys: public-key cryptography (private key Public key) and private cipher key (PKI Private key).Public-key cryptography and private cipher key are a pair, if be encrypted data with public-key cryptography, only had and could decipher with corresponding private cipher key; If be encrypted data with private cipher key, so only had and could decipher with corresponding public-key cryptography.Because encryption and decryption use two different keys, this algorithm is called rivest, shamir, adelman.The basic process that rivest, shamir, adelman realizes confidential information exchange is: Party A generates pair of secret keys and disclosed as Public key to other side by a handle wherein; Party A is sent to again after the Party B obtaining this Public key uses this double secret key confidential information to be encrypted; Party A is decrypted the information after encryption with another private key oneself preserved again.Party A sends to Party B after the PKI of Party B can be used to be encrypted confidential information again; Party B is decrypted the information after encryption with the private spoon of oneself again.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(elliptic curve encryption algorithm).
RSA: a kind of asymmetric key algorithm.RSA public key encryption algorithm is developed in (Massachusetts Institute Technology) by Ron Rivest, Adi Shamirh and Len Adleman for 1977.RSA is named the name from they three of exploitation.RSA is the most influential current public key encryption algorithm, and it can resist up to the present known all cryptographic attacks, is recommended as public key data encryption standard by ISO.RSA Algorithm is true based on a foolproof number theory: be multiplied by two Big prime very easy.RSA Algorithm be first can simultaneously for encrypting the algorithm with digital signature, also easy to understand and operation.RSA is studied public key algorithm the most widely, from three ten years proposed till now, experienced by the test of various attack, gradually for people accept, generally believes it is one of current classic public key scheme.
TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is the cryptographic algorithm based on DES, and its key is 16 bytes or 24 bytes.TDES/3DES is the abbreviated expression (i.e. triple DES) of English TripleDES, and DES is then English Data EncryptionStandard(number encryption standard) abbreviated expression.DES is a kind of symmetric key encryption algorithm, the cryptographic algorithm that namely data encryption key is identical with decruption key.DES to be developed at 20 century 70s by IBM Corporation and discloses, and is that U.S. government adopts subsequently, and is admitted by NBS and ANSI (ANSI).TDES/3DES is a kind of pattern of des encryption algorithm, and it uses the double secret key data of 3 64 to carry out Tertiary infilling.It is the safer distortion of of DES.
Refer to Fig. 1, be the structured flowchart of the system of a kind of secure download terminal master key of an embodiment of the present invention, this system comprises: key downloader 20, POS terminal 10 and CA center 30;
Described key downloader 20 comprises key generation module 201, master key module 202, second data transmit-receive module 203, second encryption/decryption module 204, described POS terminal 10 comprises the first authentication module 101, first data transmit-receive module 102, first encryption/decryption module 103, first judge module 104, first random-number-generating module 105, and described CA center comprises certificate preset module.
Key generation module 201 for generation of or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center 30;
Certificate preset module 301 is for generating acquirer root certificate AcquireRCRT and corresponding private key AcquireRCRT_Prk, and the PKI AcquireWCRT_Pu for receiving uses private key AcquireRCRT_Prk signature to generate acquirer work certificate AcquireWCRT; And for acquirer work certificate AcquireWCRT and private key AcquireWCRT_Prk is stored in key downloader 20, acquirer root certificate AcquireRCRT is stored in POS terminal 10;
Second data transmit-receive module 203 is for sending to POS terminal 10 by work certificate AcquireWCRT;
First authentication module 101 for using the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, and for when certification is legal, extracts AcquireWCRT_Pu from acquirer work certificate AcquireWCRT;
First random-number-generating module 105 is for generation of the first random number R nd1, the second random number R nd2;
First encryption/decryption module 103 generates random number ciphertext C_rnd1_rnd2 for using AcquireWCRT_Pu to encrypt the first random number R nd and the second random number R nd2;
First data transmit-receive module 102 is for being sent to key downloader by random number ciphertext C_rnd1_mrnd2;
Second encryption/decryption module 204 obtains the 3rd random number R nd1 ', the 4th random number R nd2 ' for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2;
Master key module 201 for generation of or import terminal master key TMK;
Second encryption/decryption module 204 generates master key ciphertext Ctmk for using the 3rd random number R nd1 ' ciphering terminal master key TMK, and use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal 10;
First encryption/decryption module 103 is deciphered the second master key ciphertext C_ctmk_rnd2 for the AcquireWCRT_Pu that uses public-key and is obtained master key ciphertext Ctmk and the 4th random number R nd2 ';
Whether the first judge module 104 is consistent with the second random number R nd2 for judging the 4th random number R nd2 ';
First encryption/decryption module 103, for when the 4th random number R nd2 ' is consistent with the second random number R nd2, uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
A kind of key download management of another embodiment of the present invention device, comprises key generation module 201, master key module 202, second data transmit-receive module 203, second encryption/decryption module 204, second memory module.
Key generation module 201 for generation of or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center 30;
The acquirer work certificate AcquireWCRT and corresponding private key AcquireRCRT_Prk that second memory module generates for storing CA center 30, described acquirer work certificate AcquireWCRT use private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate;
Second data transmit-receive module 203 is for sending to POS terminal 10 by acquirer work certificate AcquireWCRT;
The random number ciphertext C_rnd1_mrnd2 that second data transmit-receive module 230 sends for receiving POS terminal 10, described random number ciphertext C_rnd1_mrnd2 are that POS terminal 10 AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates;
Second encryption/decryption module 204 uses private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 ';
Master key module 202 for generation of or import terminal master key TMK;
Second encryption/decryption module 204 generates master key ciphertext Ctmk for using the 3rd random number R nd1 ' ciphering terminal master key TMK, and for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2;
Second data transmit-receive module 203 is for being sent to POS terminal by the second master key ciphertext C_ctmk_rnd2.
A kind of POS terminal 10 of another embodiment of the present invention, comprises the first memory module, the first authentication module 101, first data transmit-receive module 102, first encryption/decryption module 103, first judge module 104, first random-number-generating module 105.
First memory module is for storing described acquirer root certificate AcquireRCRT, and described acquirer root certificate AcquireRCRT is produced by CA center 30;
The acquirer work certificate AcquireWCRT that first data transmit-receive module 102 sends for receiving key downloader, described acquirer work certificate AcquireWCRT use private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate;
First authentication module 101 for using the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, and for when certification is legal, extracts AcquireWCRT_Pu from acquirer work certificate AcquireWCRT;
First random-number-generating module 105 is for generation of the first random number R nd1, the second random number R nd2;
First encryption/decryption module 103 generates random number ciphertext C_rnd1_rnd2 for using AcquireWCRT_Pu to encrypt the first random number R nd and the second random number R nd2;
First data transmit-receive module 102 is for being sent to key downloader by random number ciphertext C_rnd1_mrnd2;
The second master key ciphertext C_ctmk_rnd2 that first data transmit-receive module 102 sends for receiving key downloader;
First encryption/decryption module 103 is deciphered the second master key ciphertext C_ctmk_rnd2 for the AcquireWCRT_Pu that uses public-key and is obtained master key ciphertext Ctmk and the 4th random number R nd2 ', described second master key ciphertext C_ctmk_rnd2 generates for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ', described master key ciphertext Ctmk is that use the 3rd random number R nd1 ' ciphering terminal master key TMK generates, described 3rd random number R nd1 ', 4th random number R nd2 ' obtains for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2,
Whether the first judge module 104 is consistent with the second random number R nd2 for judging the 4th random number R nd2 '; First encryption/decryption module is used for when the 4th random number R nd2 ' is consistent with the second random number R nd2, uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Refer to Fig. 2, be the method flow diagram of the method for a kind of secure download terminal master key of an embodiment of the present invention, the method comprising the steps of:
S1, key downloader produce or import public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center;
S2, CA center generates acquirer root certificate AcquireRCRT and corresponding private key AcquireRCRT_Prk, is used by the PKI AcquireWCRT_Pu received AcquireRCRT_Prk signature to generate acquirer work certificate AcquireWCRT;
Key downloader stores described acquirer work certificate AcquireWCRT and private key AcquireWCRT_Prk;
POS terminal stores described acquirer root certificate AcquireRCRT;
Work certificate AcquireWCRT is sent to POS terminal by S3, key downloader;
S4, POS terminal use the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, if certification is legal, then extract PKI AcquireWCRT_Pu from acquirer work certificate AcquireWCRT, and produce the first random number R nd1, the second random number R nd2;
S5, the POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates random number ciphertext C_rnd1_rnd2, and random number ciphertext C_rnd1_mrnd2 is sent to key downloader;
S6, key downloader use private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 ';
S7, key downloader produce or import terminal master key TMK, the 3rd random number R nd1 ' ciphering terminal master key TMK is used to generate master key ciphertext Ctmk, then use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal;
S8, POS terminal use public-key AcquireWCRT_Pu decipher second master key ciphertext C_ctmk_rnd2 obtain master key ciphertext Ctmk and the 4th random number R nd2 ', then judge that whether the 4th random number R nd2 ' consistent with the second random number R nd2;
If S9 the 4th random number R nd2 ' is consistent with the second random number R nd2, POS terminal uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
A kind of key management method of another embodiment of the present invention, comprising:
Key downloader produces or imports public private key pair private key AcquireWCRT_Prk and PKI AcquireWCRT_Pu, and PKI AcquireWCRT_Pu is issued CA center;
Key downloader stores the acquirer work certificate AcquireWCRT and corresponding private key AcquireRCRT_Prk that CA center generates, and described acquirer work certificate AcquireWCRT uses private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate;
Acquirer work certificate AcquireWCRT is sent to POS terminal by key downloader;
Key downloader receives the random number ciphertext C_rnd1_mrnd2 that POS terminal sends, and described random number ciphertext C_rnd1_mrnd2 is that the POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates;
Key downloader uses private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2 to obtain the 3rd random number R nd1 ', the 4th random number R nd2 ';
Key downloader produces or imports terminal master key TMK, the 3rd random number R nd1 ' ciphering terminal master key TMK is used to generate master key ciphertext Ctmk, then use private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ' to generate the second master key ciphertext C_ctmk_rnd2, and the second master key ciphertext C_ctmk_rnd2 is sent to POS terminal.
A kind of key downloading management method of another embodiment of the present invention, comprising:
POS terminal stores described acquirer root certificate AcquireRCRT, and described acquirer root certificate AcquireRCRT is produced by CA center;
POS terminal receives the acquirer work certificate AcquireWCRT that key downloader sends, and described acquirer work certificate AcquireWCRT uses private key AcquireRCRT_Prk public signature key AcquireWCRT_Pu to generate;
POS terminal uses the legitimacy of acquirer root certificate AcquireRCRT certification acquirer work certificate AcquireWCRT, if certification is legal, then extract AcquireWCRT_Pu from acquirer work certificate AcquireWCRT, and produce the first random number R nd1, the second random number R nd2;
The POS terminal AcquireWCRT_Pu that uses public-key encrypts the first random number R nd and the second random number R nd2 and generates random number ciphertext C_rnd1_rnd2, and random number ciphertext C_rnd1_mrnd2 is sent to key downloader;
POS terminal receives the second master key ciphertext C_ctmk_rnd2 that key downloader sends, described second master key ciphertext C_ctmk_rnd2 generates for using private key AcquireWCRT_Prk encryption main key ciphertext Ctmk and the 4th random number R nd2 ', described master key ciphertext Ctmk is that use the 3rd random number R nd1 ' ciphering terminal master key TMK generates, and described 3rd random number R nd1 ', the 4th random number R nd2 ' obtain for using private key AcquireWCRT_Prk decrypted random number ciphertext C_rnd1_rnd2;
POS terminal use public-key AcquireWCRT_Pu decipher second master key ciphertext C_ctmk_rnd2 obtain master key ciphertext Ctmk and the 4th random number R nd2 ', then judge that whether the 4th random number R nd2 ' consistent with the second random number R nd2; If the 4th random number R nd2 ' is consistent with the second random number R nd2, POS terminal uses the first random number R nd1 to decipher master key ciphertext Ctmk and obtains terminal master key TMK, and terminal master key TMK is stored to code keypad.
Beneficial effect of the present invention is: the present invention, by the form transmission master key TMK of the ciphertext after asymmetric encryption, only has POS terminal just can untie ciphertext, realizes master key secure download, effectively prevent in master key transmitting procedure by the risk intercepted and captured.Further, the present invention produces work certificate and root certificate by CA center, work certificate is stored in key downloader, by root certificate storage in POS terminal, the authentication of key downloader and POS terminal is realized by root certificate and work certificate, thus prevent key downloader from master key is downloaded to POS terminal beyond this acquirer, realize the privatization of POS terminal.Further, the present invention downloads both sides by random number to master key and carries out authentication, effectively prevents resetting attack pattern and steals master key.
The foregoing is only embodiments of the invention; not thereby the scope of the claims of the present invention is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.