CN112583592A - How an encryption system works - Google Patents
How an encryption system works Download PDFInfo
- Publication number
- CN112583592A CN112583592A CN202011597176.1A CN202011597176A CN112583592A CN 112583592 A CN112583592 A CN 112583592A CN 202011597176 A CN202011597176 A CN 202011597176A CN 112583592 A CN112583592 A CN 112583592A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- key
- information
- ipek
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 10
- 230000008676 import Effects 0.000 claims abstract description 3
- 238000012795 verification Methods 0.000 claims description 18
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 230000002265 prevention Effects 0.000 claims description 2
- 238000011017 operating method Methods 0.000 claims 4
- 238000012856 packing Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种加密系统的工作方法,包括以下步骤:S1,服务端生成密钥,并且将DUKPT应用导入到卡片,所述卡片具有防消磁护套;S2,服务端根据KSN生成IPEK密钥做备用;S3,客户端注入IPEK密钥,所述客户端在注入IPEK密钥时,客户端会对注入的信息进行验证;S4,客户端使用IPEK计算交易密钥。本发明加密系统在工作时,分别产生不同的密钥,而且对交易密钥和交易数据进行加密保护,保证信息初始的安全性,实现个人化BDK,IPEK,KEK和PEK多密钥类型进行加密,保证加密的稳定性和安全性,而且所有操作基于芯片卡内部运算,确保交易安全。The invention discloses a working method of an encryption system, comprising the following steps: S1, a server generates a key, and imports a DUKPT application into a card, the card has an anti-degaussing sheath; S2, the server generates an IPEK encryption key according to KSN The key is used as a backup; S3, the client injects the IPEK key, and when the client injects the IPEK key, the client verifies the injected information; S4, the client uses the IPEK to calculate the transaction key. When the encryption system of the present invention is working, different keys are generated respectively, and the transaction key and transaction data are encrypted and protected, so as to ensure the initial security of information, and realize the encryption of personalized BDK, IPEK, KEK and PEK multi-key types. , to ensure the stability and security of encryption, and all operations are based on the internal operation of the chip card to ensure transaction security.
Description
Technical Field
The invention relates to the technical field of information encryption, in particular to a working method of an encryption system.
Background
The online transaction is a transaction performed through the internet, and the transaction mainly completes purchase of various physical goods, information services and virtual products by virtue of virtual currency. The online transaction mainly is a transaction performed in a virtual environment of a network, and is similar to a store in the real world, and the difference is that a virtual transaction process from buying to selling is achieved by various means of electronic commerce. With the increasing deepening of the information era, chips gradually become the core of information products in various fields, and the chips cannot be separated from communication satellites and common mobile phones, identity cards, bank cards, automobiles, internet of things equipment and the like in life. In the digital age, information loss and divulgence can become hidden dangers affecting personal, social and even national security at any time. The important importance of ensuring the information security is to ensure the security of the information product core chip. At present, the security chip industry has been listed as one of the national information security strategies, and under the vigorous promotion of policies, a large number of security chips applied to different fields and even different business scenes emerge in the market,
dukpt (derived Unique Key Per transaction) is a set of Key management system and algorithm defined by ANSI, is used to solve the Key management problem in information security transmission in the field of financial payment, and is applied to data security aspects such as symmetric Key encryption MAC and PIN. The unique key is used in each transaction process, and an irreversible key conversion algorithm is adopted, so that the last transaction key cannot be cracked from the current transaction data information. It is required that the acquirer and the terminal must be synchronized to support the key management technology. Consists of two parts, a transaction initiating endpoint (S-TRSM, e.g., pos, ATM) and a transaction receiving endpoint (R-TRSM, e.g., acquirer). Note: TRSM (pointer-resistor Security Module) is a Security Module with attack blocking capability, and TRSM has attack resistance capability.
When a transaction is carried out, a lot of information of a user is needed, for example, fund information, position information and identity information of the user are needed, and the information is important to the privacy and safety of individuals in the current internet environment, so that the encryption protection of the personal information is very important when the transaction is carried out.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a working method of an encryption system.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of operation of an encryption system comprising the steps of:
s1, the server generates a key and imports the DUKPT application into a card, and the card is provided with a degaussing prevention sheath;
s2, the server generates IPEK key for standby according to KSN;
s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;
s4, the client calculates the trade key by using IPEK;
s5, encrypting and protecting the password and the sensitive data by the client side by using the transaction key, wherein the client side is provided with an information packaging module and an information encoding module, the information packaging module packages the information generated by the transaction, and the information encoding module encodes the packaged information;
s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;
s7, the server side starts to locate the BDK key;
s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;
and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.
Preferably, the client is provided with a verification module, the server is provided with a verification information generation module, the verification information generation module generates verification information to the client, and the verification module on the client is used for verification.
Preferably, the server is provided with an analysis module for analyzing the KSN and the encrypted data sent by the client.
Preferably, the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different and require different keys, and the server and the client are both provided with decoding modules for decoding the keys.
Preferably, the key generated by the server and the IPEK key generated by the server according to the KSN both have a use time limit, and the use time limit is 60 s.
Preferably, the client is provided with a positioning module for positioning the BDK key by the server, the client can be a handheld terminal and a fixed terminal, and the server is a server.
The encryption system provided by the invention respectively generates different keys when in work, and encrypts and protects the transaction key and transaction data, thereby ensuring the initial security of information, realizing the encryption of multiple key types of personal BDK, IPEK, KEK and PEK, ensuring the stability and security of encryption, and ensuring the transaction security based on the internal operation of a chip card.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments.
Examples
A method of operation of an encryption system comprising the steps of:
s1, the server generates a key and leads the DUKPT application into a card, and the card is provided with a demagnetization-preventing sheath;
s2, the server generates IPEK key for standby according to KSN;
s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;
s4, the client calculates the trade key by using IPEK;
s5, the client uses the trade key to encrypt and protect the password and the sensitive data, the client has an information packing module and an information coding module, the information packing module packs the information generated by the trade, and the information coding module codes the packed information;
s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;
s7, the server side starts to locate the BDK key;
s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;
and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.
In this embodiment, the client is provided with a verification module, the server is provided with a verification information generation module, the verification information generation module generates verification information to the client, and the verification module on the client is used for verification.
In this embodiment, the server is provided with an analysis module, and analyzes the KSN and the encrypted data sent by the client.
In this embodiment, the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different, and different keys are required, and the server and the client are both provided with decoding modules for decoding the keys.
In this embodiment, both the key generated by the server and the IPEK key generated by the server according to the KSN have a use time limit, and the use time limit is 60 s.
In this embodiment, the client is provided with a positioning module for the server to position the BDK key, the client may be a handheld terminal or a fixed terminal, and the server is a server.
When the encryption system works, different keys are respectively generated, the transaction key and the transaction data are encrypted and protected, the initial security of information is guaranteed, the encryption of multiple key types of personal BDK, IPEK, KEK and PEK is realized, the encryption stability and security are guaranteed, and all operations are based on the internal operation of a chip card, so that the transaction security is guaranteed.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (6)
1. A method of operating an encryption system, comprising the steps of:
s1, the server generates a key and imports the DUKPT application into a card, and the card is provided with a degaussing prevention sheath;
s2, the server generates IPEK key for standby according to KSN;
s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;
s4, the client calculates the trade key by using IPEK;
s5, encrypting and protecting the password and the sensitive data by the client side by using the transaction key, wherein the client side is provided with an information packaging module and an information encoding module, the information packaging module packages the information generated by the transaction, and the information encoding module encodes the packaged information;
s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;
s7, the server side starts to locate the BDK key;
s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;
and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.
2. The operating method of an encryption system according to claim 1, wherein a verification module is provided on the client, a verification information generation module is provided on the server, the verification information generation module generates verification information to the client, and the verification is performed by using the verification module on the client.
3. The operating method of an encryption system according to claim 1, wherein the server is provided with a parsing module for parsing the KSN and the encrypted data sent by the client.
4. The operating method of the encryption system according to claim 1, wherein the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different and require different keys, and the server and the client are both provided with decoding modules for decoding the keys.
5. The operating method of an encryption system according to claim 1, wherein the key generated by the server and the IPEK key generated by the server according to the KSN both have a usage time limit, which is 60 s.
6. The working method of the encryption system according to claim 1, wherein the client is provided with a positioning module for positioning the BDK key by the server, the client can be a handheld terminal and a fixed terminal, and the server is a server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011597176.1A CN112583592A (en) | 2020-12-29 | 2020-12-29 | How an encryption system works |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011597176.1A CN112583592A (en) | 2020-12-29 | 2020-12-29 | How an encryption system works |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112583592A true CN112583592A (en) | 2021-03-30 |
Family
ID=75143979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011597176.1A Pending CN112583592A (en) | 2020-12-29 | 2020-12-29 | How an encryption system works |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112583592A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150142670A1 (en) * | 2013-11-20 | 2015-05-21 | Sue Zloth | Systems and methods for software based encryption |
| CN106327723A (en) * | 2016-08-29 | 2017-01-11 | 福建新大陆支付技术有限公司 | mPOS transaction system based on intelligent platform |
| KR101720966B1 (en) * | 2016-01-07 | 2017-03-29 | 주식회사 코밴 | Methods of payment processing and key download of public use payment system, and public use payment terminal and authentication ic card performing the same |
| WO2017222183A1 (en) * | 2016-06-20 | 2017-12-28 | 비씨카드(주) | Method for processing transaction approval and card issuer server |
| US20190050590A1 (en) * | 2017-08-14 | 2019-02-14 | Bank Of America Corporation | Ensuring Information Security by Utilizing Encryption of Data |
| CN109508983A (en) * | 2012-01-05 | 2019-03-22 | 维萨国际服务协会 | Data protection is carried out with conversion |
| US20200220719A1 (en) * | 2019-01-09 | 2020-07-09 | Mastercard International Incorporated | Methods and systems for cryptographic keys exchange |
-
2020
- 2020-12-29 CN CN202011597176.1A patent/CN112583592A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109508983A (en) * | 2012-01-05 | 2019-03-22 | 维萨国际服务协会 | Data protection is carried out with conversion |
| US20150142670A1 (en) * | 2013-11-20 | 2015-05-21 | Sue Zloth | Systems and methods for software based encryption |
| KR101720966B1 (en) * | 2016-01-07 | 2017-03-29 | 주식회사 코밴 | Methods of payment processing and key download of public use payment system, and public use payment terminal and authentication ic card performing the same |
| WO2017222183A1 (en) * | 2016-06-20 | 2017-12-28 | 비씨카드(주) | Method for processing transaction approval and card issuer server |
| CN106327723A (en) * | 2016-08-29 | 2017-01-11 | 福建新大陆支付技术有限公司 | mPOS transaction system based on intelligent platform |
| US20190050590A1 (en) * | 2017-08-14 | 2019-02-14 | Bank Of America Corporation | Ensuring Information Security by Utilizing Encryption of Data |
| US20200220719A1 (en) * | 2019-01-09 | 2020-07-09 | Mastercard International Incorporated | Methods and systems for cryptographic keys exchange |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7702916B2 (en) | Method and system for secure authentication | |
| US7333615B1 (en) | Encryption between multiple devices | |
| US10089627B2 (en) | Cryptographic authentication and identification method using real-time encryption | |
| CN107210914A (en) | The method supplied for security credence | |
| CN107111694A (en) | Software tampering detection and reporting process | |
| JPS62120564A (en) | Terminal checking system | |
| NO331571B1 (en) | System for protecting an encrypted information unit | |
| US20110295753A1 (en) | Pin protection for portable payment devices | |
| EP3702991A1 (en) | Mobile payments using multiple cryptographic protocols | |
| Zhou et al. | Implementation of cryptographic algorithm in dynamic QR code payment system and its performance | |
| CN108171486A (en) | It is a kind of that there is the terminal of E-seal | |
| CN106372950A (en) | Anti-counterfeiting authentication method for e-commerce and online shopping goods | |
| CN108537537A (en) | A kind of safe and reliable digital cash Wallet System | |
| CN115276978A (en) | Data processing method and related device | |
| CN112613876B (en) | A digital wallet transaction method, device and system | |
| Yuvarani et al. | Payment Security Expert: Analyzing Smart Cards and Contactless Payments with Cryptographic Techniques | |
| CN112583592A (en) | How an encryption system works | |
| CN108650214A (en) | The anti-method and device of going beyond one's commission of dynamic page encryption | |
| CN118396731A (en) | Method, device, computer equipment and storage medium for processing public service by person | |
| CN116823257A (en) | Information processing method, device, equipment and storage medium | |
| Ashrafi et al. | Enabling privacy-preserving e-payment processing | |
| CN105512936B (en) | The internet banking system sensitive data processing method and system of more legal person's business models | |
| Pillai et al. | A decentralized data privacy for mobile payment using blockchain technology | |
| CN103795714A (en) | Identity authentication system and method | |
| CN105989489B (en) | A kind of method and payment terminal of IC card networking certification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210330 |