Embodiment
To describe the technology contents of the present invention in detail, feature, the objects and the effects being constructed, below in conjunction with embodimentAnd coordinate accompanying drawing to be explained in detail.
First, abbreviation of the present invention and Key Term are defined and illustrated:
HSM_VENDOR:Supplier's hardware encryption equipment;
AUK:Authentication Key abbreviation, authentication authorization and accounting key, for PINPAD and key management system KMS itBetween two-way authentication;
CA centers:So-called CA(Certificate Authority)Center, it is to use PKI(Public KeyInfrastructure)Public key infrastructure technology, it is special that network ID authentication service is provided, it is responsible for signing and issuing and managing numberWord certificate, and with third party's trust authority of authoritative and fairness, card is issued in acting like for it in our actual livesThe company of part, such as passport handle mechanism;
HSM:High Security Machine abbreviation, high safety equipment is within the system hardware encryption equipment;
KMS systems:Key Management System, key management system, for management terminal master key TMK;
MAK:Mac Key abbreviation, i.e. MAC computation keys, consult to determine 24 byte symmetric keys, for MTMS with clientTK MAC value is calculated between system and KMS systems;
MTMS:Full name Material Tracking Management System, Tracing Material management system mainly existsUsed during plant produced;
PIK:Pin Key abbreviation, i.e. Pin encryption keys, are one kind of working key;
PINPAD:Code keypad;
PK:Protect Key abbreviation, that is, protect key, consults to determine with client, 24 byte symmetric keys.ForTK encrypted transmission between MTMS/TCS and KMS;
POS:Point Of Sale abbreviation, i.e. point-of-sale terminal
SNpinpad:The sequence number of code keypad, it is consistent with POS terminal sequence number SNpos when PINPAD is built-in;
SN:The sequence number of POS terminal;
TEK:Transmission Encrypt Key abbreviation, that is, transmit encryption key, and 24 byte symmetric keys are used forTMK encrypted transmission between PINPAD and key management system KMS;
TK:Transmission Key abbreviation, that is, transmit key.Transmission key is by transmission encryption key TEK and doubleConstituted to certification key A UK;
TMS:Terminal Management System abbreviation, i.e. terminal management system, for completing POS terminal letterThe function such as breath management, software and parameter configuration, remote download, the management of terminal running state information, remote diagnosis;
TMK:Terminal Master Key abbreviation, i.e. terminal master key, single system is received for POS terminal and paymentBetween working key encrypted transmission;
Safe house:With higher security level not, for the room of service device, the room needs ability after authenticationEnter.
Intellective IC card:For CPU card, the integrated circuit in card includes central processor CPU, programmable read only memoryEEPROM, random access memory ram and card internal operating system COS (the Chip Operating being solidificated in read only memory ROMSystem), data are divided into outside read and inter-process part in card.
Symmetric key:Sending and receiving the both sides of data must use identical key that fortune is encrypted and decrypted to plaintextCalculate.Symmetric key encryption algorithm mainly includes:DES, 3DES, IDEA, FEAL, BLOWFISH etc..
Unsymmetrical key:Rivest, shamir, adelman needs two keys:Public-key cryptography(Private key Public key)With it is privately ownedKey(Public key Private key).Public-key cryptography and private cipher key are a pair, if data are encrypted with public-key cryptography,It could only be decrypted with corresponding private cipher key;If be encrypted with private cipher key pair data, then only use corresponding public affairsOpening key could decrypt.Because encrypt with the decryption key that to use two different, this algorithm be called it is asymmetric plusClose algorithm.Rivest, shamir, adelman realizes that the basic process that confidential information is exchanged is:Party A generates a pair of secret keys and will be thereinOne discloses as Public key to other sides;Confidential information is encrypted using the key by the Party B for obtaining the Public keyAfter be then forwarded to Party A;Party A is decrypted private key to the information after encryption with oneself the another of preservation again.Party A canParty B is then forwarded to after confidential information is encrypted with the public key using Party B;Party B again with the private spoon of oneself to encryption afterInformation is decrypted.Main algorithm has RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC(Elliptic curve encryption algorithm).
RSA:A kind of asymmetric key algorithm.RSA public key encryption algorithms are 1977 by Ron Rivest, AdiShamirh and Len Adleman exist(Massachusetts Institute Technology)Exploitation.RSA is named from the name for developing their threes.RSA is current most influential public key encryption algorithm, and it can resist up to the present known all cryptographic attacks, byISO is recommended as public key data encryption standard.It is true that RSA Algorithm is based on a foolproof number theory:Two Big primes are multipliedIt is very easy.RSA Algorithm is first and can be also easy to understand and operate while be used for the algorithm of encrypted and digitally signed.RSA isBe studied widest public key algorithm, from three ten years till now are proposed, experienced the test of various attacks, gradually forPeople receive, and are widely considered to be one of current classic public key scheme.
TDES Triple-DES:DES is a kind of symmetric encipherment algorithm, and key is 8 bytes.TDES is the encryption based on DESAlgorithm, its key is 16 bytes or 24 bytes.TDES/3DES is English TripleDES abbreviated expression(I.e. triple data encryption marksIt is accurate), DES is then English Data Encryption Standard(Number encryption standard)Abbreviated expression.DES is that a kind of symmetric key addsClose algorithm, i.e. data encryption key and decruption key identical AES.DES is developed by IBM Corporation in 1970sAnd openly, then used for U.S. government, and recognized by NBS and ANSI (ANSI).TDES/3DES is a kind of pattern of des encryption algorithm, and it carries out Tertiary infilling using the data key of 3 64.It is DESA safer deformation.
To solve technical problem present in background technology, the present invention uses a kind of new master key download scenarios, passed throughPOS terminal randomly generates TK(Transmission Key, transmit key), the TK after generation is stored in the password of POS terminalIn keyboard, and TK is sent to KMS by transmission means required under various application scenarios(Key Management System,Key management system, for management terminal master key TMK)In.
As POS terminal application download terminal master key TMK, KMS systems use TK ciphering terminal master key TMK, and willTerminal master key ciphertext after encryption is sent to POS terminal, and POS terminal is decrypted to master key ciphertext with TK after receiving, obtainedIt is stored in terminal master key TMK, and by terminal master key TMK in code keypad.
In this way, by TK ciphering terminal master key TMK, enabling TMK to carry out remote transmission, facilitate TMK safety download.
TMK is encrypted above by being sent after POS terminal collection transmission cipher key T K to bank end, then it is whole by POSTMK method after end remote download is encrypted through TK can realize TMK remote download.But, above-mentioned TMK method for down loading TMKDownload to upload with TK and be carried out separately, be generally that POS terminal produces in manufacturer and uploads TK, wait POS wholeEnd is issued to after each trade company and carries out TMK downloads again, therefore TMK download is scattered progress, and time efficiency is low, KMS systemsWorkload is big, and POS terminal is delivered to arrive and carries out that TMK downloads uncertain factor is more after each trade company again, and TMK download risk is moreIt is high.Therefore the terminal master key TMK method for safely downloading that a kind of time efficiency is higher, download is safer is needed.
Just the technical scheme of above mentioned problem is overcome to be described in detail the present invention below.
Referring to Fig. 1, be a kind of structured flowchart of the safe download systems of terminal master key TMK of an embodiment of the present invention,The system include the first hardware encryption equipment 60, the second hardware encryption equipment 70, vendor key management system 40, payment terminal 10,CA centers 50, operation terminal 20 and KMS systems 30;The vendor key management system 40 includes arranging key A modules401st, public key generation module 403, turn encrypting module 402, payment terminal 10 includes TK generation modules 101, two-way authentication A modules103rd, TMK receiving modules 102, operation terminal 20 includes TK acquisition modules 202, TK uploading modules 201, ca authentication A modules 203,KMS systems 30 include arranging key B modules 301, TK receiving modules 302, ca authentication B modules 303, two-way authentication B modules 304,TMK sending modules 305.
Arranging key A modules 401 are used to call the first hardware encryption equipment 60 and the second hardware with arranging key B modules 301Encryption equipment 70, respectively by supplier's authority component and KMS systems in the first hardware encryption equipment 60 and the second hardware encryption equipment 70Authority component synthesis protection key PK and MAC key MAK, and the protection key PK and MAC key MAK is deposited respectively in the lumpStorage is in the first hardware encryption equipment 60 and the second hardware encryption equipment 70;
Public key generation module 403 is used to call the first hardware encryption equipment 60 to produce public private key pair Pu_hsm, Pr_hsm, and willPublic key Pu_hsm is sent to payment terminal 10;
TK generation modules 101 are used to call code keypad generation transmission cipher key T K, the TK to include transmission encryption key TEKWith certified transmission key A UK;
TK generation modules 101 are additionally operable to call code keypad to encrypt TK using public key Pu_hsm, and key is transmitted in generation firstCiphertext Ctk_Pu, and the first transmission key ciphertext Ctk_Pu is sent to vendor key management system 40;
Turning encrypting module 402 is used to call the first hardware encryption equipment 60 close using private key Pr_hsm decryption the first transmission keyLiterary Ctk_Pu obtains transmission cipher key T K;
Turn encrypting module 402 to be additionally operable to call the first hardware encryption equipment 60 to use protection key PK encrypted transmission cipher key Ts K simultaneouslyMAC value is calculated using MAC keys MAK, key ciphertext Ctk_pk is transmitted in generation second, and transmits key ciphertext Ctk_pk by secondIt is sent to payment terminal 10;
TK acquisition modules 202 are used for the second transmission key ciphertext Ctk_pk for gathering payment terminal;
Ca authentication A modules 203 and ca authentication B modules 304 are used to operate between terminal 20 and KMS systems 30 by CA centers50 carry out authentication;TK uploading modules 201 be used for when certification by after, by second transmit key ciphertext Ctk_pk be sent toKMS systems 30;
TK receiving modules 302 are used for the second transmission for calling the second hardware encryption equipment 70 using MAC keys MAK to inquiringKey ciphertext Ctk_pk verifies MAC legitimacies, is additionally operable to when verification passes through, and key is transmitted using protection key PK decryption secondCiphertext Ctk_pk obtains transmission cipher key T K and stored it in the second hardware encryption equipment 70;
Two-way authentication A modules 103 are used to after KMS systems 30 obtain transmission cipher key T K, adjust with two-way authentication B modules 304With the second hardware encryption equipment 70 two-way authentication is carried out using certification key A UK with payment terminal;
TMK sending modules 305 be used for when KMS systems 30 and the certification of payment terminal 10 by after, call the encryption of the second hardwareMachine 70 is using transmission encryption key TEK ciphering terminal master keys TMK generation master key ciphertext Ctmk and by master key ciphertext CtmkSend to payment terminal 10;
TMK receiving modules 102 are used to call code keypad to obtain using transmission encryption key TEK decryption master key ciphertext CtmkObtain terminal master key TMK and terminal master key TMK is stored in code keypad.
Wherein, the ca authentication A modules include the first random number generation unit, the first data transceiving unit, first plus solutionClose unit, the first judging unit, ca authentication B modules add including the second random number generation unit, the second data transceiving unit, secondDecryption unit, the second judging unit, CA centers include certificate preset module.
Certificate preset module is used for call operation terminal and generates public private key pair Pu_optm and Pr_optm, and by public key Pu_Optm and operation terminal identification information are centrally generated root certificate AuthRCRT_optm and corresponding private key to CA centers, CA is issuedOptmWCRT_Prk, and use private key OptmWCRT_ for the public key Pu_optm that will receive and operation terminal identification informationPrk signature generation digital certificate OptmWCRT, and stored for digital certificate OptmWCRT and private key OptmWCRT_PrkIn operation terminal, root certificate AuthRCRT_optm is stored in KMS systems;
Certificate preset module is used to call the second hardware encryption equipment to produce public private key pair Pr_kms and Pu_kms, and by public keyPu_kms and KMS identification informations issue CA centers, and CA is centrally generated root certificate AuthRCRT_kms and corresponding private keyServerWCRT_Prk, and for the public key received Pu_kms and KMS system identification informations to be used into private keyServerWCRT_Prk signature generation digital certificate ServerWCRT, and for by digital certificate ServerWCRT and correspondinglyPrivate key ServerWCRT_Prk is stored in KMS systems, and root certificate AuthRCRT_kms is stored in into operation terminal;
Second data transceiving unit is used to digital certificate ServerWCRT being sent to operation terminal;
First judging unit is used for the legitimacy using root certificate AuthRCRT_kms checking digital certificates ServerWCRT;First random number generation unit is used for after the digital certificate ServerWCRT is verified, and generates the first random number AT1, andFor the first random number AT1 to be sent into KMS systems;
Second encryption/decryption element is used for random using private key ServerWCRT_Prk signature the first random number AT1 generations firstNumber ciphertext Sign1, and the first random number ciphertext Sign1 is sent to operation terminal;
First judging unit is used to verify that the first random number ciphertext Sign1's is legal using digital certificate ServerWCRTProperty, the first data transceiving unit is used for after the first random number ciphertext Sign1 is verified, digital certificate OptmWCRT is sentGive KMS systems;
Second judging unit is used for the legitimacy using root certificate AuthRCRT_optm checking digital certificates OptmWCRT,Second random number generation unit is used for when digital certificate OptmWCRT is verified after, the second random number AT2 of generation, and by secondRandom number is sent to operation terminal;
First encryption/decryption element is used to encrypt the second random number AT2 generations second with secret using private key OptmWCRT_PrkLiterary Sign2, and the second random ciphertext Sign2 is sent to KMS systems;
Second judging unit is used for the legitimacy that the second random ciphertext Sign2 is verified using digital certificate OptmWCRT, testsAfter card passes through, KMS systems pass through with operation terminal authentication.
Fig. 2 and Fig. 3 are referred to, wherein, Fig. 2 is the structured flowchart of the two-way authentication A modules 103, and Fig. 3 is described two-wayThe structured flowchart of certification B modules 304, the two-way authentication A modules 103 include the 3rd random number generation unit, the 3rd data and receivedBill member, the 3rd encryption/decryption element and the 3rd judging unit, the two-way authentication B modules include the 4th random number and produce listMember, the 4th data transceiving unit, the 4th encryption/decryption element and the 4th judging unit;
3rd random number generation unit is used to produce the 3rd random number AT3;3rd data transceiving unit is used for generation3rd random number AT3 is sent to KMS systems;4th data transceiving unit is used to receive the 3rd random number AT3;4th random number is producedRaw unit is used for when receiving the 3rd random number AT3, produces the 4th random number AT4;4th encryption/decryption element is used to receiveDuring to the 3rd random number AT3, call the 4th hardware encryption equipment to encrypt the 3rd random number AT3 using certified transmission key A UK and obtain3rd random number ciphertext Sign3;4th data transceiving unit is used for the 3rd random number ciphertext Sign3 and the 4th random number AT4It is sent to payment terminal;
3rd encryption/decryption element is used for when receiving the 3rd random number ciphertext Sign3 and the 4th random number AT4, uses biographyThe 3rd random number ciphertext Sign3 that defeated certification key A UK decryption is received obtains the 5th random number AT3 ';3rd judging unit is usedIn judging whether the 5th random number AT3 ' is consistent with the 3rd random number AT3;
3rd encryption/decryption element is used for when the 5th random number AT3 ' is consistent with the 3rd random number AT3, uses certified transmissionKey A UK encrypts the 4th random number AT4 and generates the 4th random number ciphertext Sign4;3rd data transceiving unit be used for by the 4th withMachine number ciphertext Sign4 is sent to KMS systems;
4th encryption/decryption element is used for when receiving the 4th random number ciphertext Sign4, calls the second hardware encryption equipment to makeThe 4th random number ciphertext Sign4 received is decrypted with certified transmission key A UK and obtains the 6th random number AT4 ', the 4th judges singleMember is used to judge whether the 6th random number AT4 ' is consistent with the 4th random number AT4, and as the 6th random number AT4 ' of judgement and the 4thWhen random number AT4 is consistent, confirm that the two-way authentication between KMS systems and payment terminal passes through.
Wherein, the operation terminal also includes operator's card and keeper's card;
The certificate preset module at the CA centers is additionally operable to produce operator's card certificate and keeper's card certificate, and for inciting somebody to actionOperator's card certificate is stored in operator's card and keeper's card certificate is stored in management card;
Operator's card and keeper block for when operation terminal reads the operator's card being inserted in operation terminal and managesReason person blocks, by CA centers operator's certificate and administrator certificate are carried out legitimacy certification by when, authorize to operation terminalOperated.
Wherein, the payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
Referring to Fig. 4, being a kind of terminal master key TMK method for safely downloading, this method bag in an embodiment of the present inventionInclude step:
S1, payment terminal produce transmission cipher key T K and generation transmission key ciphertext;
S2, payment terminal upload transfers key ciphertext and download master key TMK;
Referring to Fig. 5, be the specific steps flow chart of step S1 in Fig. 4, wherein, step S1 includes:
S11, vendor key management system call the first hardware encryption equipment, KMS systems to call the second hardware encryption equipment, pointSupplier's authority component and the synthesis of KMS System Privileges component are protected not in the first hardware encryption equipment and the second hardware encryption equipmentKey PK and MAC key MAK, and the protection key PK and MAC key MAK is respectively stored in the encryption of the first hardware in the lumpIn machine and the second hardware encryption equipment;
S12, vendor key management system call the first hardware encryption equipment to produce public private key pair Pu_hsm, Pr_hsm, andPublic key Pu_hsm is sent to payment terminal;
S13, payment terminal call code keypad generation transmission cipher key T K, the TK to include transmission encryption key TEK and biographyDefeated certification key A UK;
S14, payment terminal call code keypad to encrypt TK using public key Pu_hsm, and key ciphertext Ctk_ is transmitted in generation firstPu, and the first transmission key ciphertext Ctk_Pu is sent to vendor key management system;
S15, vendor key management system call the first hardware encryption equipment close using the transmission of private key Pr_hsm decryption firstKey ciphertext Ctk_Pu obtains transmission cipher key T K;
S16, vendor key management system call the first hardware encryption equipment to use protection key PK encrypted transmission cipher key Ts KAnd MAC value is calculated using MAC keys MAK, key ciphertext Ctk_pk is transmitted in generation second, and transmits key ciphertext Ctk_ by secondPk is sent to payment terminal;
Referring to Fig. 6, be the specific steps flow chart of step S2 in Fig. 4, wherein, step S2 includes:
S21, operation terminal collection payment terminal the second transmission key ciphertext Ctk_pk;
Authentication is carried out by CA centers between S22, operation terminal and KMS systems, certification is by rear, by the second transmissionKey ciphertext Ctk_pk is sent to KMS systems;
S23, KMS system call the second hardware encryption equipment to transmit key ciphertext to inquire second using MAC keys MAKCtk_pk verifies MAC legitimacies, if verification passes through, and transmitting key ciphertext Ctk_pk using protection key PK decryption second obtainsTransmission cipher key T K is simultaneously stored it in the second hardware encryption equipment;
S24, KMS system are obtained calls the second hardware encryption equipment using certification key A UK with paying eventually after transmission cipher key T KEnd carries out two-way authentication;
If S25, certification pass through, KMS systems call the second hardware encryption equipment to use transmission encryption key TEK ciphering terminalsMaster key TMK generates master key ciphertext Ctmk and sends master key ciphertext Ctmk to payment terminal;
S26, payment terminal call code keypad to obtain terminal using transmission encryption key TEK decryption master key ciphertexts CtmkTerminal master key TMK is simultaneously stored in code keypad by master key TMK.
Wherein, the step S22 is specially:
Terminal generation public private key pair Pu_optm and Pr_optm are operated, by public key Pu_optm and operation terminal identification informationIssue CA centers, CA is centrally generated root certificate AuthRCRT_optm and corresponding private key OptmWCRT_Prk, and by the public affairs receivedKey Pu_optm and operation terminal identification information are using private key OptmWCRT_Prk signature generation digital certificate OptmWCRT, by numberWord certificate OptmWCRT and private key OptmWCRT_Prk are stored in operation terminal, and root certificate AuthRCRT_optm is storedIn KMS systems;
KMS systems call the second hardware encryption equipment to produce public private key pair Pr_kms and Pu_kms, by public key Pu_kms and KMSSystem identification information issues CA centers, and CA is centrally generated root certificate AuthRCRT_kms and corresponding private key ServerWCRT_Prk,And public key Pu_kms and the KMS system identification information received is used into private key ServerWCRT_Prk signature generation digital certificatesServerWCRT, is stored in KMS systems by digital certificate ServerWCRT and corresponding private key ServerWCRT_Prk, root is demonstrate,provedBook AuthRCRT_kms is stored in operation terminal;
Digital certificate ServerWCRT is sent to operation terminal by KMS systems;
Terminal is operated to verify digital certificate ServerWCRT legitimacy using root certificate AuthRCRT_kms, if checkingPass through, operation terminal generates the first random number AT1, and the first random number AT1 is sent into KMS systems;
KMS systems generate the first random number ciphertext using the first random number AT1 of private key ServerWCRT_Prk signaturesSign1, and the first random number ciphertext Sign1 is sent to operation terminal;
Terminal is operated to verify the first random number ciphertext Sign1 legitimacy using digital certificate ServerWCRT, checking is logicalLater, digital certificate OptmWCRT is sent to KMS systems;
KMS systems verify digital certificate OptmWCRT legitimacy using root certificate AuthRCRT_optm, are verifiedAfterwards, the second random number AT2 is generated, and the second random number AT2 is sent to operation terminal;
Operate terminal to encrypt the second random number AT2 using private key OptmWCRT_Prk and generate the second random ciphertext Sign2, andSecond random ciphertext Sign2 is sent to KMS systems;
KMS systems verify the second random ciphertext Sign2 legitimacy using digital certificate OptmWCRT, after being verified,KMS systems pass through with operation terminal authentication.
Wherein, the step S24 is specifically included:
Payment terminal produces the 3rd random number AT3 and sends the 3rd random number AT3 to KMS systems;
KMS systems, which are received, produces the 4th random number AT4 after the 3rd random number AT3, call the second hardware encryption equipment using recognizingDemonstrate,prove key A UK and encrypt the 3rd random number AT3 the 3rd random number ciphertext Sign3 of acquisition, by the 3rd random number ciphertext Sign3 and the 4thRandom number AT4 is sent to payment terminal;
Payment terminal is decrypted the 3rd random number ciphertext Sign3 received using certification key A UK and obtains the 5th random numberAT3 ', judges whether the 5th random number AT3 ' is consistent with the 3rd random number AT3:
If the 5th random number AT3 ' is consistent with the 3rd random number AT3, payment terminal uses certification key A UK encryptions the 4thRandom number AT4 generates the 4th random number ciphertext Sign4, and the 4th random number ciphertext Sign4 is sent into KMS systems;
KMS systems call the second hardware encryption equipment to decrypt the 4th random number ciphertext received using certification key A UKSign4 obtains the 6th random number AT4 ', judges whether the 6th random number AT4 ' is consistent with the 4th random number AT4;
If the 6th random number AT4 ' is consistent with the 4th random number AT4, KMS systems pass through with payment terminal certification.
Wherein, the operation to the operation terminal must pass through operator's card and keeper's card is authorized, and specifically include:
Operator blocks and keeper's card produces public private key pair respectively, and public key is issued into CA centers respectively, generates operatorCard certificate and keeper's card certificate, and respectively by operator's card certificate be stored in operator card in keeper's card certificate is stored inIn management card;
Operator's card and keeper's card are inserted in operation terminal, after ca authentication, it is allowed to the operation to operating terminal.
Wherein, the payment terminal is POS terminal, mobile phone terminal, intellective IC card or ATM terminal.
In the present invention, TK original uncommon Kazakhstan value is calculated when transmission cipher key T K is produced, when storing, transmit or use every time TKWhen first verify TK uncommon Kazakhstan value, TK can be just used after upchecking.It can prevent storage from setting by the uncommon Kazakhstan value for verifying TKThe standby abnormal error in data for causing to store, determines whether key is correct.
Beneficial effects of the present invention are:The present invention is entered by payment terminal upload transfers cipher key T K by transmission key to TMKRow encrypted transmission, realizes payment terminal remote download terminal master key TMK, wherein, TK includes transmission encryption key TEK and transmissionCertification key A UK, payment terminal first passes through certification key A UK with KMS systems and carries out bidirectional identity authentication, and certification is by rear with non-Symmetrical transmission encryption key TEK ciphering terminal master keys TMK is transmitted, and safety is downloaded in the transmission for improving TMK.FurtherGround, master key TMK of the present invention is generated by KMS systems, therefore facilitates KMS systems to master key TMK follow-up maintenance and pipeReason.Further, the master key TMK is downloaded and transmission cipher key T K is uploaded and carried out in the lump, and is all by operating terminalCarry out, therefore substantially increase the time efficiency of TMK downloads.Simultaneously just can be with before payment terminal is dispatched from the factory and is delivered to trade companyUnification is by operating terminal to carry out master key TMK downloads, due to carrying out body by CA centers between operation terminal and KMS systemsPart certification, and TMK concentrates and be downloaded, therefore substantially reduce master key TMK and download risk, and trade company takes paymentTerminal just can be used directly, and greatly facilitate the use of trade company.Further, the vendor key management system and KMSSystem is stored with respectively protects key PK and MAC key MAK, and the transmission cipher key T K that payment terminal is produced is managed by vendor keyUploaded after the protection key PK and MAC key MAK encryptions of system, therefore operation terminal to TK without further being turnedEncryption, enormously simplify the encryption in TK upload procedures, and TK uploads are improved on the premise of TK safe transmissions are ensuredTime efficiency.
In the present invention, operation terminal uploads the body certification for carrying out both sides before TK by CA centers with KMS systems, so thatEnsure that TK sends correct receipts list KMS systems to, prevent pseudo- KMS systems from stealing TK information.
In the present invention, KMS systems are recognized before master key TMK is issued by the certification key A UK identity for carrying out both sidesCard, effectively prevents pseudo- payment terminal from stealing TMK, and ensure that payment terminal is to download TMK from correct KMS systems.
In the present invention, the operation terminal is additionally provided with operator's card and keeper's card, only blocks and manages in operatorReason person card authorize in the case of could to operation terminal operate, be effectively ensured upload each TK authenticity withValidity.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hairEquivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skillsArt field, is included within the scope of the present invention.