+

WO2018165920A1 - Security verification method and apparatus for pos machine - Google Patents

Security verification method and apparatus for pos machine Download PDF

Info

Publication number
WO2018165920A1
WO2018165920A1 PCT/CN2017/076811 CN2017076811W WO2018165920A1 WO 2018165920 A1 WO2018165920 A1 WO 2018165920A1 CN 2017076811 W CN2017076811 W CN 2017076811W WO 2018165920 A1 WO2018165920 A1 WO 2018165920A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
pos
application
pos machine
machine
Prior art date
Application number
PCT/CN2017/076811
Other languages
French (fr)
Chinese (zh)
Inventor
胡剑文
Original Assignee
深圳大趋智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大趋智能科技有限公司 filed Critical 深圳大趋智能科技有限公司
Priority to CN201780000964.8A priority Critical patent/CN107466455B/en
Priority to PCT/CN2017/076811 priority patent/WO2018165920A1/en
Publication of WO2018165920A1 publication Critical patent/WO2018165920A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0009Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to the field of payment devices, and in particular, to a POS machine security verification method and apparatus.
  • the POS terminal is shipped from the manufacturer to a plurality of third-party payment companies, and then distributed by different third-party payment companies to the respective agents.
  • the agents distribute the POS terminals to the merchants according to the business.
  • Each P OS terminal corresponds to the service of a third-party payment company and has unique relevance.
  • the POS machine is shipped from the manufacturer to the third-party payment company, and before being placed in the merchant, the pre-installation procedure and the filling key are required.
  • the manufacturer downloads the corresponding application and the main according to the business of the third-party payment company.
  • the key TMK after which the implement is owned by the third party payment company, other third parties cannot update the application and master key TMK.
  • the running application corresponds to the business of the merchant, and the master key TMK is provided by the payment company, one machine and one secret.
  • the master key TMK in the machine will be used to verify the work key issued by the agent in the background. Only the master key TMK in the machine is correct, and the normal login transaction can be completed.
  • the manufacturer of the POS machine pre-installs the application program and the master key TMK, and the program and the key download have no protection scheme such as signature verification. Because the program download does not have signature verification, it is easy to be tampered with, and the illegal application is downloaded to the POS machine to switch the merchant service running by the POS device to another merchant service.
  • the second is that the manufacturer of the POS machine pre-installs the application and the master key TMK, but the application needs to be signed by the key before downloading. When downloading to the POS machine, the key in the POS tool is used for calibration. After the verification, the verification can be updated to the POS machine.
  • This solution can prevent illegal applications from being downloaded to the P OS tool, but it cannot prevent the whole machine from switching. It will copy the FLASH of the normal POS device of the agent A, and then copy the FLASH to the POS device of the agent B, and the agent will be The POS machine of the business B becomes the machine of the agent A, and the business of the agent A is operated.
  • the main object of the present invention is to provide a POS machine security verification method and device, which ensures the security of the primary key and the application program in the POS machine.
  • the present invention provides a POS machine security verification method, including the following steps:
  • the application is started, downloaded, updated, or the master key is changed, and the authority of the operation is verified;
  • the steps of verifying the authority of the operation include:
  • the comparison verifies whether the second hash value is the same as the first hash value; if the verification is the same, the verification fails, and the verification fails.
  • the POS hardware ID includes a CPU ID and a FLASH ID.
  • the step of verifying the authority of the operation includes:
  • the POS machine application downloads, updates, and uses the key to perform signature verification on the application;
  • the step of verifying the authority of the operation by performing a startup, download, update operation or a change operation on the master key in the POS machine includes:
  • the present invention also provides a POS machine security verification device, including:
  • a verification unit configured to perform a startup, download, update operation on the application in the POS machine or perform a change operation on the primary key, and verify the authority of the operation;
  • the processing unit is configured to perform a corresponding operation when the verification is passed; if not, the operation is blocked.
  • the verification unit includes:
  • a preset subunit configured to perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
  • a calculation subunit configured to start, after the POS application is started, perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value
  • a comparison subunit configured to compare and verify whether the second hash value is the same as the first hash value
  • the POS hardware ID includes a CPU ID and a FLASH ID.
  • the verification unit includes:
  • a first verification subunit configured to download and update the POS application, and perform signature verification on the application by using a key
  • the first determining subunit for verifying correct, passes the verification; if the verification is incorrect, the verification fails.
  • the verification unit includes:
  • a second verification subunit configured to perform a signature verification on the master key after performing a change on the master key in the POS machine
  • the second determining subunit if the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
  • the POS machine security verification method and apparatus provided in the present invention have the following beneficial effects: [0039]
  • the POS machine security verification method and device provided by the present invention in the POS machine to start, download, update the application or modify the master key, verify the authority of the operation; If yes, the corresponding operation is performed; if not, the operation is blocked; the security of the master key and the application in the POS machine is secured, and the master key and the application program in the POS machine are prevented from being illegally tampered and downloaded, thereby preventing the POS device Switched by the whole machine.
  • FIG. 1 is a schematic diagram of steps of a POS machine security verification method according to an embodiment of the present invention
  • step S1 in FIG. 1 is a schematic view showing the specific steps of step S1 in FIG. 1;
  • FIG. 3 is a schematic diagram of key verification in an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a POS machine security verification apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a verification unit according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a verification unit according to another embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a verification unit in still another embodiment of the present invention.
  • the embodiment of the invention provides a POS machine security verification method and device, which ensures the security of the master key and the application program in the POS machine, prevents the master key and the application program in the POS machine from being illegally tampering and downloading, and prevents the POS machine from being hacked. Switching the whole machine.
  • FIG. 1 is a schematic diagram of steps of a POS machine security verification method according to an embodiment of the present invention.
  • a POS security verification method which includes the following steps:
  • Step S1 in the POS machine, start, download, update the application or perform a change operation on the master key, and verify the authority of the operation;
  • Step S2 if the verification is passed, the corresponding operation is performed; if not, the operation is blocked.
  • the application in the POS machine, the application is started, downloaded, updated, or the master key is changed, and the permissions of the operation are verified, wherein different operations are different.
  • the way to verify For example, after starting the application operation in the POS machine, it is necessary to perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a hash value and compare and verify the hash value prestored in the POS machine; After the POS application is downloaded and updated, the key is used to verify the signature of the application.
  • the key can be the master key pre-existing in the POS machine. For example, in the POS machine, the master key is used. After the change, the master key needs to be signed and verified.
  • the verification methods are diversified and are not exhaustive here.
  • the corresponding operation can be performed on the POS machine. If the verification fails, the operation is automatically blocked and the execution cannot be continued. Therefore, in the POS machine to start, download, update the operation or change the master key, the security of the master key and the application in the POS machine can be guaranteed, and the master key and application in the POS machine can be prevented. Illegal tampering and downloading, preventing POS machines Switched by the whole machine.
  • the step S1 of verifying the authority of the operation by performing a startup, download, update operation or a change operation on the master key in the POS machine Including
  • Step S101 Perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
  • Step S102 the POS application starts, and performs a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value.
  • Step S103 Verify that the second hash value is the same as the first hash value; if the verification is the same, the verification is passed, and if the verification is different, the verification fails.
  • the first hash value is first generated according to the original hardware ID of the POS machine and the application signature public key, and the first hash value is preset at the POS.
  • the second hash value is generated according to the current hardware ID of the startup device and the application signature public key, and the second hash value is compared and verified. Whether the first hash value is the same; if the same, the verification passes, and if not, the verification fails.
  • the POS hardware ID includes a CPU ID and a FLASH ID.
  • the CPU and the FLASH component are different, the CPU ID and the FLASH ID are changed, and the second hash value calculated according to the CPU ID and the FLASH ID also changes. If the hash value is different, the program cannot be run. If the hash value is the same, the verification is passed and the program runs.
  • the CPU ID, the FLASH ID, and the key pk are used for hash calculation, and the hash value is verified to ensure the unique association between the CPU FLASH and the public key PK, and the P0S machine is protected after being switched by the whole machine. Unable to pass the verification, it can protect the P0S machine terminal from being operated normally after being switched by the illegal machine.
  • the starting, downloading, and updating operations of the application in the POS machine or The step S1 of verifying the authority of the operation includes:
  • the application is signed and verified using the key.
  • the application file needs to be verified by the signature to be downloaded to the POS machine.
  • the application root public key in Boot is solidified in the Boot program.
  • the Code.pk public key can only be downloaded to the POS machine after being signed by the program's root private key.
  • Boot.bin, core.bin, and app.bin are application or resource files that can only be downloaded and updated to the POS machine after being signed by the Code.sk private key.
  • the root private key of the application and the Code.pk/sk public and private key are controlled by the manufacturer of the POS machine.
  • the application files and resource files that need to be downloaded and updated need to be controlled by the manufacturer to be updated successfully.
  • the solution in this embodiment can ensure that the application files of the POS machine are not illegally tampering and updating, thereby ensuring the security of the POS application.
  • the step S1 of verifying the authority of the operation by performing an activation, download, update operation or a change operation on the master key in the POS machine includes:
  • the master key TMK needs to be verified by the signature to be downloaded to the POS machine.
  • the key root public key in Boot is solidified in the Boot program.
  • the Key.pk public key can only be downloaded to the P0S machine after being signed by the root private key of the key.
  • acquirerN.pk is used to download and verify the master key of each third-party payment company TMK, acquirerN.pk needs to be signed by the Key.sk private key to download to the POS machine.
  • the key root private key and the Key.sk private key are controlled by the P0S machine manufacturer, the acquirerN.pk/sk public private key is controlled by the third party company, and the acquirerN.pk needs to be updated by the manufacturer's Key.sk signature.
  • the solution in this embodiment can ensure that the master key system is not illegally falsified, thereby ensuring the security of the P0S machine master key.
  • the security verification of the POS machine can be performed by using more than one of the multiple verification methods described in the foregoing embodiments, and it is more beneficial to protect the P by using all the verification methods described above. OS and security.
  • download, update operation, or make changes to the master key verify the permissions of the operation ; If the verification is passed, the corresponding operation is performed; if not, the operation is blocked; the security of the master key and the application in the POS machine is guaranteed, and the master key and the application program in the POS machine are prevented from being illegally tampered and downloaded, thereby preventing The POS machine is switched by the whole machine.
  • a POS machine security verification apparatus is also provided in the embodiment of the present invention.
  • an embodiment of the present invention further provides a POS security verification apparatus, including:
  • the verification unit 10 is configured to perform a startup, download, update operation on the application in the POS machine or perform a change operation on the master key, and verify the authority of the operation;
  • the processing unit 20 is configured to perform a corresponding operation when the verification is passed; if not, the operation is blocked.
  • the startup, download, update operation or the change operation of the master key is performed on the application in the POS machine, and the verification unit 10 has to verify the authority of the operation, wherein different The operation corresponds to different verification methods.
  • the operation corresponds to different verification methods. For example, after starting the application operation in the POS machine, it is necessary to perform hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a hash value and compare and verify the hash value pre-stored in the P OS machine.
  • Bessie will use the key to verify the signature of the application.
  • the key can be the master key pre-existing in the POS machine; for example, in the POS machine After the key is changed, the master key needs to be signed and verified.
  • the verification methods are diversified and are not exhaustive here.
  • the processing unit 20 can perform corresponding operations on the POS machine. If the verification fails, the operation is automatically blocked and the execution cannot be continued. Therefore, in the POS machine to start, download, update the operation or change the master key, the security of the master key and the application in the POS machine can be guaranteed, and the master key and application in the POS machine can be prevented. Illegal tampering and downloading to prevent POS devices from being switched by the whole machine.
  • the verification unit 10 includes:
  • the preset subunit 101 is configured to perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
  • the calculating subunit 102 is configured to: after the POS application is started, perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value;
  • a comparison subunit 103 configured to compare and verify whether the second hash value is the same as the first hash value; If the verification is the same, the verification will not pass.
  • the second hash value is generated according to the current hardware ID of the startup device and the application signature public key, and the second hash value is compared and verified. Whether the first hash value is the same; if the same, the verification passes, and if not, the verification fails.
  • the POS hardware ID includes a CPU ID and a FLASH ID.
  • the CPU and the FLASH component are different, the CPU ID and the FLASH ID are changed from the original one, and the second hash value calculated according to the CPU ID and the FLASH ID also changes. If the hash value is different, the program cannot be run. If the hash value is the same, the verification is passed and the program runs.
  • the CPU ID, the FLASH ID, and the key pk are used for hash calculation, and the hash value is verified to ensure the unique association between the CPU FLASH and the public key PK, and the POS machine is protected from being switched by the whole machine. Unable to pass the verification, it can protect the POS machine terminal from being operated normally after being switched by the illegal machine.
  • the verification unit 10 includes:
  • the first verification sub-unit 104 is configured to perform a signature verification on the application by using a key after the POS application is downloaded and updated.
  • the first determining sub-unit 105 is configured to verify that the verification is correct, and if the verification is incorrect, the verification is not passed.
  • the application is signed and verified using the key.
  • the application file needs to be verified by the signature to be downloaded to the POS machine.
  • the application root public key in Boot is solidified in the Boot program.
  • the Code.pk public key can only be downloaded to the P0S machine after being signed by the root private key of the program.
  • Boot.bin, core.bin, and app.bin are application or resource files that can only be downloaded and updated to the P0S machine after being signed by the Code.sk private key.
  • Application root private key And the Code.pk/sk public and private key is controlled by the manufacturer of the POS machine.
  • the application files and resource files that need to be downloaded and updated need to be controlled by the manufacturer to be updated successfully.
  • the solution in this embodiment can ensure that the application files of the POS machine are not illegally modified and updated, thereby ensuring the security of the POS application.
  • the verification unit 10 includes:
  • the second verification sub-unit 106 is configured to perform a signature verification on the master key after performing a change on the master key in the POS machine.
  • the second determining sub-unit 107 is configured to verify that the verification is correct, and if the verification is incorrect, the verification is not passed.
  • the master key TMK needs to be verified by the signature to be downloaded to the POS machine.
  • the key root public key in Boot is solidified in the Boot program.
  • the Key.pk public key can only be downloaded to the POS machine after being signed by the root private key of the key.
  • acquirerN.pk is used to download and verify the master key of each third-party payment company TMK, acquirerN.pk needs to be signed by the Key.sk private key to download to the POS machine.
  • the key root private key and the Key.sk private key are controlled by the POS manufacturer.
  • the acquirerN.pk/sk public private key is controlled by the third party company, and acquirerN.pk needs to be updated by the manufacturer's Key.sk signature.
  • the solution in this embodiment can ensure that the master key system is not illegally tampered, thereby ensuring the security of the POS machine master key.
  • the POS machine can be used for security verification using one or more of the plurality of verification devices described in the above embodiments, and it is more advantageous to protect the P by using all the verification devices described above. OS and security.
  • the POS machine security verification method and device initiates, downloads, updates or changes the master key in the POS machine, and the verification unit 10, verifying the authority of the operation; the processing unit 20 is used for verification, and then performing corresponding operations; if not, blocking the operation; securing the master key and the application in the POS machine, preventing the POS machine
  • the master key and the application are illegally tampered with and downloaded to prevent the POS device from being switched by the whole machine.
  • the present invention includes apparatus related to performing one or more of the operations described herein. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured.
  • Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and respectively coupled to a bus, including but not limited to any Types of disks (including floppy disks, hard disks, CDs, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory, read-only memory), RAM (Random Access Memory), EPROM (Erasable)
  • a device eg, computer
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • EPROM Erasable
  • a readable medium includes any medium that is stored or transmitted by a device (e.g., a computer) in a readable form.
  • each block of the block diagrams and/or block diagrams and/or flow diagrams can be implemented with computer program instructions and in the block diagrams and/or block diagrams and/or flow diagrams.
  • these computer program instructions can be implemented by a general purpose computer, a professional computer, or a processor of other programmable data processing methods, such that the processor is executed by a computer or other programmable data processing method.
  • the block diagrams and/or block diagrams of the invention and/or the schemes specified in the blocks or blocks of the flow diagram are invented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

Provided are a security verification method and apparatus for a POS machine. The method involves: when, in a POS machine, a starting, downloading or updating operation is carried out with regard to an application program or a change operation is carried out with regard to a master key, verifying the permission of the operation; and if verification is passed, execute the corresponding operation, and if verification is not passed, blocking the operation. The present invention guarantees the security of a master key and an application program in a POS machine, prevents the master key and the application program in the POS machine from being illegitimately tampered with and downloaded, and prevents the whole POS machine from being switched.

Description

POS机安全验证方法及装置  POS machine security verification method and device
技术领域  Technical field
[0001] 本发明涉及支付设备领域, 特别涉及一种 POS机安全验证方法及装置。  [0001] The present invention relates to the field of payment devices, and in particular, to a POS machine security verification method and apparatus.
背景技术  Background technique
[0002] POS机终端从生产厂商出货到多个第三方支付公司, 再由不同的第三方支付公 司分销给各个的代理商, 代理商根据业务将 POS机终端布放给商户使用。 每台 P OS机终端与第三方支付公司的业务是对应的, 具有唯一关联性。  [0002] The POS terminal is shipped from the manufacturer to a plurality of third-party payment companies, and then distributed by different third-party payment companies to the respective agents. The agents distribute the POS terminals to the merchants according to the business. Each P OS terminal corresponds to the service of a third-party payment company and has unique relevance.
[0003] 但是市场上的第三方支付公司的代理商存在诸多的不稳定性, 出现了将 POS机 终端切机的现象, 即将运行代理商 A业务的 POS机终端切换成运行代理商 B的业 务。 有可能将大批的优质商户从第三方支付公司 A切换到第三方支付公司 B, 造 成第三方支付公司 A业务的非法转移和商户的流失。  [0003] However, there are a lot of instability in the agents of the third-party payment companies in the market, and there is a phenomenon that the POS terminal is cut, and the POS terminal that runs the agent A service is switched to the service of the agent B. . It is possible to switch a large number of high-quality merchants from the third-party payment company A to the third-party payment company B, resulting in the illegal transfer of the third-party payment company A business and the loss of the merchant.
[0004] POS机具从生产厂商出货第三方支付公司, 再布放到商户之前, 需要预装程序 和灌装密钥, 由生产厂商根据第三方支付公司的业务, 下载对应的应用程序和 主密钥 TMK, 之后该机具为该第三方支付公司所有, 其它第三方无法更新应用 程序和主密钥 TMK。 运行的应用程序与商户的业务相对应, 主密钥 TMK由支付 公司提供, 一机一密。 POS机具在商户使用吋, 会使用机具里的主密钥 TMK校 验代理商后台下发的工作密钥, 只有机具里的主密钥 TMK正确, 才能完成正常 的登录交易等操作。  [0004] The POS machine is shipped from the manufacturer to the third-party payment company, and before being placed in the merchant, the pre-installation procedure and the filling key are required. The manufacturer downloads the corresponding application and the main according to the business of the third-party payment company. The key TMK, after which the implement is owned by the third party payment company, other third parties cannot update the application and master key TMK. The running application corresponds to the business of the merchant, and the master key TMK is provided by the payment company, one machine and one secret. After the POS machine is used by the merchant, the master key TMK in the machine will be used to verify the work key issued by the agent in the background. Only the master key TMK in the machine is correct, and the normal login transaction can be completed.
[0005] 为了防止 POS机具运行的业务被非法篡改和切换, 需要保证两部分的安全, 第 一是 POS机具中运行的应用程序不能被非法篡改, 需要经过合法的签名才能下载 更新。 第二是 POS机具中的主密钥 TMK不能被非法篡改成其它支付公司的主密 钥。  [0005] In order to prevent the POS machine running business from being illegally tampering and switching, it is necessary to ensure the security of the two parts. The first is that the application running in the POS tool cannot be illegally tampered with and needs to be legally signed to download and update. The second is that the master key TMK in the POS device cannot be illegally tampered with the master key of other payment companies.
[0006] 已有的实现方案有两种, 第一种是 POS机具的生产厂商预装好应用程序和主密 钥 TMK, 程序和密钥的下载没有签名校验等保护方案。 该方案由于程序下载没 有签名校验, 容易被篡改, 将非法的应用程序下载到 POS机具中, 将 POS机具运 行的商户业务切换成别的商户业务。 [0007] 第二种是 POS机具的生产厂商预装好应用程序和主密钥 TMK, 但是应用程序在 下载之前需要经过密钥签名, 下载到 POS机具中会使用 POS机具中的密钥进行校 验, 校验通过后才能更新到 POS机具中。 该方案可以防止非法应用程序下载到 P OS机具中, 但是无法防止整机切换, 即将代理商 A的正常 POS机具的 FLASH拷 贝一份, 再将 FLASH拷贝至代理商 B的 POS机具中, 将代理商 B的 POS机具变成 代理商 A的机具, 运行代理商 A的业务。 [0006] There are two existing implementations. The first one is that the manufacturer of the POS machine pre-installs the application program and the master key TMK, and the program and the key download have no protection scheme such as signature verification. Because the program download does not have signature verification, it is easy to be tampered with, and the illegal application is downloaded to the POS machine to switch the merchant service running by the POS device to another merchant service. [0007] The second is that the manufacturer of the POS machine pre-installs the application and the master key TMK, but the application needs to be signed by the key before downloading. When downloading to the POS machine, the key in the POS tool is used for calibration. After the verification, the verification can be updated to the POS machine. This solution can prevent illegal applications from being downloaded to the P OS tool, but it cannot prevent the whole machine from switching. It will copy the FLASH of the normal POS device of the agent A, and then copy the FLASH to the POS device of the agent B, and the agent will be The POS machine of the business B becomes the machine of the agent A, and the business of the agent A is operated.
技术问题  technical problem
[0008] 本发明的主要目的为提供一种 POS机安全验证方法及装置, 保障 POS机中主密 钥以及应用程序的安全。  [0008] The main object of the present invention is to provide a POS machine security verification method and device, which ensures the security of the primary key and the application program in the POS machine.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0009] 本发明提出一种 POS机安全验证方法, 包括以下步骤:  [0009] The present invention provides a POS machine security verification method, including the following steps:
[0010] 在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行更改操作 吋, 对所述操作的权限进行验证;  [0010] in the POS machine, the application is started, downloaded, updated, or the master key is changed, and the authority of the operation is verified;
[0011] 验证通过, 则进行相应的操作; 不通过, 则阻断所述操作。  [0011] If the verification passes, the corresponding operation is performed; if not, the operation is blocked.
[0012] 进一步地, 所述在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 对所述操作的权限进行验证的步骤包括:  [0012] Further, when the application is started, downloaded, updated, or changed by the master key in the POS machine, the steps of verifying the authority of the operation include:
[0013] 根据 POS机硬件 ID以及应用程序签名公钥进行哈希计算生成第一哈希值, 并将 所述第一哈希值预设在 POS机中;  [0013] performing a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
[0014] POS机应用程序启动吋, 根据 POS机当前硬件 ID以及应用程序签名公钥进行哈 希计算生成第二哈希值; [0014] After the POS application is started, performing a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value;
[0015] 对比验证所述第二哈希值与所述第一哈希值是否相同; 相同, 则验证通过, 不 同, 则验证不通过。 [0015] The comparison verifies whether the second hash value is the same as the first hash value; if the verification is the same, the verification fails, and the verification fails.
[0016] 进一步地, 所述 P0S机硬件 ID包括 CPU ID以及 FLASH ID。 [0016] Further, the POS hardware ID includes a CPU ID and a FLASH ID.
[0017] 进一步地, 所述在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 对所述操作的权限进行验证的步骤包括: [0017] Further, when the application is started, downloaded, updated, or changed to the master key in the POS machine, the step of verifying the authority of the operation includes:
[0018] P0S机应用程序下载、 更新吋, 使用密钥对应用程序进行签名校验; [0018] The POS machine application downloads, updates, and uses the key to perform signature verification on the application;
[0019] 校验正确, 则验证通过; 校验不正确, 则验证不通过。 [0020] 进一步地, 所述在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 对所述操作的权限进行验证的步骤包括: [0019] If the verification is correct, the verification is passed; if the verification is incorrect, the verification fails. [0020] Further, the step of verifying the authority of the operation by performing a startup, download, update operation or a change operation on the master key in the POS machine includes:
[0021] 对 POS机中主密钥进行更改吋, 对所述主密钥进行签名校验; [0021] After making a change to the master key in the POS machine, performing signature verification on the master key;
[0022] 校验正确, 则验证通过; 校验不正确, 则验证不通过。 [0022] If the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
[0023] [0023]
[0024] 本发明还提供了一种 POS机安全验证装置, 包括:  [0024] The present invention also provides a POS machine security verification device, including:
[0025] 验证单元, 用于在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 对所述操作的权限进行验证;  [0025] a verification unit, configured to perform a startup, download, update operation on the application in the POS machine or perform a change operation on the primary key, and verify the authority of the operation;
[0026] 处理单元, 用于验证通过, 则进行相应的操作; 不通过, 则阻断所述操作。 [0026] The processing unit is configured to perform a corresponding operation when the verification is passed; if not, the operation is blocked.
[0027] 进一步地, 所述验证单元包括: [0027] Further, the verification unit includes:
[0028] 预设子单元, 用于根据 POS机硬件 ID以及应用程序签名公钥进行哈希计算生成 第一哈希值, 并将所述第一哈希值预设在 POS机中;  [0028] a preset subunit, configured to perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
[0029] 计算子单元, 用于 POS机应用程序启动吋, 根据 POS机当前硬件 ID以及应用程 序签名公钥进行哈希计算生成第二哈希值; [0029] a calculation subunit, configured to start, after the POS application is started, perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value;
[0030] 对比子单元, 用于对比验证所述第二哈希值与所述第一哈希值是否相同; 相同[0030] a comparison subunit, configured to compare and verify whether the second hash value is the same as the first hash value;
, 则验证通过, 不同, 则验证不通过。 , the verification passes, and the verification fails.
[0031] 进一步地, 所述 POS机硬件 ID包括 CPU ID以及 FLASH ID。 [0031] Further, the POS hardware ID includes a CPU ID and a FLASH ID.
[0032] 进一步地, 所述验证单元包括: [0032] Further, the verification unit includes:
[0033] 第一验证子单元, 用于 P0S机应用程序下载、 更新吋, 使用密钥对应用程序进 行签名校验;  [0033] a first verification subunit, configured to download and update the POS application, and perform signature verification on the application by using a key;
[0034] 第一判定子单元, 用于校验正确, 则验证通过; 校验不正确, 则验证不通过。  [0034] The first determining subunit, for verifying correct, passes the verification; if the verification is incorrect, the verification fails.
[0035] 进一步地, 所述验证单元包括: [0035] Further, the verification unit includes:
[0036] 第二验证子单元, 用于对 P0S机中主密钥进行更改吋, 对所述主密钥进行签名 校验;  [0036] a second verification subunit, configured to perform a signature verification on the master key after performing a change on the master key in the POS machine;
[0037] 第二判定子单元, 用于校验正确, 则验证通过; 校验不正确, 则验证不通过。  [0037] The second determining subunit, if the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0038] 本发明中提供的 POS机安全验证方法及装置, 具有以下有益效果: [0039] 本发明中提供的 POS机安全验证方法及装置, 在 POS机中对应用程序进行启动 、 下载、 更新操作或者对主密钥进行更改操作吋, 对所述操作的权限进行验证 ; 验证通过, 则进行相应的操作; 不通过, 则阻断所述操作; 保障 POS机中主密 钥以及应用程序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防止 POS机具被整机切换。 [0038] The POS machine security verification method and apparatus provided in the present invention have the following beneficial effects: [0039] The POS machine security verification method and device provided by the present invention, in the POS machine to start, download, update the application or modify the master key, verify the authority of the operation; If yes, the corresponding operation is performed; if not, the operation is blocked; the security of the master key and the application in the POS machine is secured, and the master key and the application program in the POS machine are prevented from being illegally tampered and downloaded, thereby preventing the POS device Switched by the whole machine.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0040] 图 1是本发明一实施例中提供的 POS机安全验证方法步骤示意图;  1 is a schematic diagram of steps of a POS machine security verification method according to an embodiment of the present invention;
[0041] 图 2是图 1中步骤 S1具体步骤示意图; 2 is a schematic view showing the specific steps of step S1 in FIG. 1;
[0042] 图 3是本发明一实施例中密钥验证示意图; 3 is a schematic diagram of key verification in an embodiment of the present invention;
[0043] 图 4是本发明一实施例中提供的 POS机安全验证装置结构示意图;  4 is a schematic structural diagram of a POS machine security verification apparatus according to an embodiment of the present invention;
[0044] 图 5是本发明一实施例中验证单元结构示意图;  5 is a schematic structural diagram of a verification unit according to an embodiment of the present invention;
[0045] 图 6是本发明另一实施例中验证单元结构示意图;  6 is a schematic structural diagram of a verification unit according to another embodiment of the present invention;
[0046] 图 7是本发明又一实施例中验证单元结构示意图。  7 is a schematic structural diagram of a verification unit in still another embodiment of the present invention.
[0047]  [0047]
[0048] 本发明目的的实现、 功能特点及优点将结合实施例, 参照附图做进一步说明。  [0048] The implementation, functional features, and advantages of the present invention will be further described with reference to the accompanying drawings.
实施该发明的最佳实施例  BEST MODE FOR CARRYING OUT THE INVENTION
本发明的最佳实施方式  BEST MODE FOR CARRYING OUT THE INVENTION
[0049] 应当理解, 此处所描述的具体实施例仅仅用以解释本发明, 并不用于限定本发 明。 The specific embodiments described herein are intended to be illustrative only and not to limit the invention.
[0050] 本技术领域技术人员可以理解, 除非特意声明, 这里使用的单数形式"一"、 " 一个"、 "所述""上述"和"该"也可包括复数形式。 应该进一步理解的是, 本发明 的说明书中使用的措辞"包括"是指存在所述特征、 整数、 步骤、 操作、 元件、 单 元、 模块和 /或组件, 但是并不排除存在或添加一个或多个其他特征、 整数、 步 骤、 操作、 元件、 单元、 模块、 组件和 /或它们的组。 应该理解, 当我们称元件 被"连接"或"耦接"到另一元件吋, 它可以直接连接或耦接到其他元件, 或者也可 以存在中间元件。 此外, 这里使用的"连接"或"耦接"可以包括无线连接或无线耦 接。 这里使用的措辞"和 /或"包括一个或更多个相关联的列出项的全部或任一单 元和全部组合。 [0050] The singular forms "a", "an", "the" It will be further understood that the phrase "comprising", used in the <RTI ID=0.0></RTI><RTIgt;</RTI> is intended to mean the presence of the features, integers, steps, operations, components, units, modules and/or components, but does not exclude the presence or addition of one or more Other characteristics, integers, steps, operations, components, units, modules, components, and/or groups thereof. It will be understood that when we refer to an element being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element, or an intermediate element can be present. Further, "connected" or "coupled" as used herein may include either a wireless connection or a wireless coupling. The phrase "and/or" used herein includes all or any one of one or more of the associated listed items. Yuan and all combinations.
[0051] 本技术领域技术人员可以理解, 除非另外定义, 这里使用的所有术语 (包括技 术术语和科学术语) , 具有与本发明所属领域中的普通技术人员的一般理解相 同的意义。 还应该理解的是, 诸如通用字典中定义的那些术语, 应该被理解为 具有与现有技术的上下文中的意义一致的意义, 并且除非像这里一样被特定定 义, 否则不会用理想化或过于正式的含义来解释。  [0051] Those skilled in the art will appreciate that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention belongs, unless otherwise defined. It should also be understood that terms such as those defined in a general dictionary should be understood to have meaning consistent with the meaning in the context of the prior art, and will not be idealized or excessive unless specifically defined as here. The formal meaning is explained.
[0052] 现有技术中, 为了保证 POS机的业务安全, 防止 POS机具运行的业务被非法篡 改和切换, 如上述所述, 通常有两种方案, 其均存在一定的缺陷与不足, 因此 , 本发明实施例中提供了一种 POS机安全验证方法及装置, 保障 POS机中主密钥 以及应用程序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防 止 POS机具被整机切换。 [0052] In the prior art, in order to ensure the service security of the POS machine, the service of the POS machine is prevented from being illegally tampered and switched. As described above, there are usually two solutions, which all have certain defects and deficiencies. The embodiment of the invention provides a POS machine security verification method and device, which ensures the security of the master key and the application program in the POS machine, prevents the master key and the application program in the POS machine from being illegally tampering and downloading, and prevents the POS machine from being hacked. Switching the whole machine.
[0053] 参照图 1, 为本发明一实施例中提供的 POS机安全验证方法步骤示意图。 1 is a schematic diagram of steps of a POS machine security verification method according to an embodiment of the present invention.
[0054] 本发明实施例中提出一种 POS机安全验证方法, 包括以下步骤: [0054] In the embodiment of the present invention, a POS security verification method is provided, which includes the following steps:
[0055] 步骤 Sl, 在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行 更改操作吋, 对所述操作的权限进行验证; [0055] Step S1, in the POS machine, start, download, update the application or perform a change operation on the master key, and verify the authority of the operation;
[0056] 步骤 S2, 验证通过, 则进行相应的操作; 不通过, 则阻断所述操作。 [0056] Step S2, if the verification is passed, the corresponding operation is performed; if not, the operation is blocked.
[0057] 在本实施例中, 在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 均要对所述操作的权限进行验证, 其中不同的操作对应不 同的验证方式。 例如, 在对 POS机中对应用程序进行启动操作吋, 需要根据 POS 机当前硬件 ID以及应用程序签名公钥进行哈希计算生成哈希值并与 POS机中预存 的哈希值进行对比验证; 在 POS机应用程序下载、 更新吋, 则需要使用密钥对应 用程序进行签名校验, 该密钥可以是预存在 POS机中的主密钥; 又如, 在对 POS 机中主密钥进行更改吋, 需要对所述主密钥进行签名校验。 验证方式多样化, 在此不一一穷举。 [0057] In this embodiment, in the POS machine, the application is started, downloaded, updated, or the master key is changed, and the permissions of the operation are verified, wherein different operations are different. The way to verify. For example, after starting the application operation in the POS machine, it is necessary to perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a hash value and compare and verify the hash value prestored in the POS machine; After the POS application is downloaded and updated, the key is used to verify the signature of the application. The key can be the master key pre-existing in the POS machine. For example, in the POS machine, the master key is used. After the change, the master key needs to be signed and verified. The verification methods are diversified and are not exhaustive here.
[0058] 只有当验证通过之后, 才可以在 POS机上进行相应的操作, 若验证不通过, 则 自动阻断该操作, 无法继续执行。 因此, 在 POS机中对应用程序进行启动、 下载 、 更新操作或者对主密钥进行更改操作吋, 可以保障 POS机中主密钥以及应用程 序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防止 POS机具 被整机切换。 [0058] Only after the verification is passed, the corresponding operation can be performed on the POS machine. If the verification fails, the operation is automatically blocked and the execution cannot be continued. Therefore, in the POS machine to start, download, update the operation or change the master key, the security of the master key and the application in the POS machine can be guaranteed, and the master key and application in the POS machine can be prevented. Illegal tampering and downloading, preventing POS machines Switched by the whole machine.
[0059] 参照图 2, 在一实施例中, 所述在 POS机中对应用程序进行启动、 下载、 更新 操作或者对主密钥进行更改操作吋, 对所述操作的权限进行验证的步骤 S1包括  [0059] Referring to FIG. 2, in an embodiment, the step S1 of verifying the authority of the operation by performing a startup, download, update operation or a change operation on the master key in the POS machine Including
[0060] 步骤 S101, 根据 POS机硬件 ID以及应用程序签名公钥进行哈希计算生成第一哈 希值, 并将所述第一哈希值预设在 POS机中; [0060] Step S101: Perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
[0061] 步骤 S102, POS机应用程序启动吋, 根据 POS机当前硬件 ID以及应用程序签名 公钥进行哈希计算生成第二哈希值;  [0061] Step S102, the POS application starts, and performs a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value.
[0062] 步骤 S103, 对比验证所述第二哈希值与所述第一哈希值是否相同; 相同, 则验 证通过, 不同, 则验证不通过。  [0062] Step S103: Verify that the second hash value is the same as the first hash value; if the verification is the same, the verification is passed, and if the verification is different, the verification fails.
[0063] 当 POS机中被整机切机 (即将代理商 A的正常 POS机具的 FLASH拷贝一份, 拷 贝至代理商 B的 POS机具中, 将代理商 B的 POS机具变成代理商 A的机具, 运行代 理商 A的业务) 之后, 此吋即便对应用程序进行签名验证, 也无法检査出切机后 运行的应用程序为篡改的应用程序。  [0063] When the POS machine is cut by the whole machine (ie, copy one copy of the FLASH of the normal POS machine of the agent A, copy it to the POS machine of the agent B, and change the POS tool of the agent B into the agent A. After the machine, running the agent A's business), even if the application is signed and verified, it is impossible to check the application that is running after the machine is tampering.
[0064] 因此, 在本实施例中, 首先根据 POS机原有的硬件 ID以及应用程序签名公钥进 行哈希计算生成第一哈希值, 并将所述第一哈希值预设在 POS机中; 在每一次启 动 POS机上的应用程序吋, 均根据启动吋当前的硬件 ID以及应用程序签名公钥进 行哈希计算生成第二哈希值; 再对比验证所述第二哈希值与所述第一哈希值是 否相同; 相同, 则验证通过, 不同, 则验证不通过。 具体地, POS机硬件 ID包括 CPU ID以及 FLASH ID。  [0064] Therefore, in this embodiment, the first hash value is first generated according to the original hardware ID of the POS machine and the application signature public key, and the first hash value is preset at the POS. In the machine; each time the application on the POS machine is started, the second hash value is generated according to the current hardware ID of the startup device and the application signature public key, and the second hash value is compared and verified. Whether the first hash value is the same; if the same, the verification passes, and if not, the verification fails. Specifically, the POS hardware ID includes a CPU ID and a FLASH ID.
[0065] 当 POS机被整机切机之后, CPU和 FLASH元件则不一样, CPU ID与 FLASH ID 与原有的发生了变化, 根据 CPU ID以及 FLASH ID计算的第二哈希值也发生变化 , 哈希值不一样则无法通过校验, 程序无法运行; 哈希值一致, 则验证通过, 程序运行。 本实施例中的方案, 使用 CPU ID、 FLASH ID与密钥 pk进行哈希计算 , 校验哈希值的方法来保证 CPU FLASH和公钥 PK的唯一关联性, 保护 P0S机被 整机切换之后无法通过校验, 能够保护 P0S机终端被非法整机切换之后无法正常 运行。  [0065] After the POS machine is cut by the whole machine, the CPU and the FLASH component are different, the CPU ID and the FLASH ID are changed, and the second hash value calculated according to the CPU ID and the FLASH ID also changes. If the hash value is different, the program cannot be run. If the hash value is the same, the verification is passed and the program runs. In the solution in this embodiment, the CPU ID, the FLASH ID, and the key pk are used for hash calculation, and the hash value is verified to ensure the unique association between the CPU FLASH and the public key PK, and the P0S machine is protected after being switched by the whole machine. Unable to pass the verification, it can protect the P0S machine terminal from being operated normally after being switched by the illegal machine.
[0066] 在另一实施例中, 所述在 P0S机中对应用程序进行启动、 下载、 更新操作或者 对主密钥进行更改操作吋, 对所述操作的权限进行验证的步骤 S1包括: [0066] In another embodiment, the starting, downloading, and updating operations of the application in the POS machine or The step S1 of verifying the authority of the operation includes:
[0067] POS机应用程序下载、 更新吋, 使用密钥对应用程序进行签名校验; [0067] After the POS application is downloaded and updated, the application is signed and verified using the key;
[0068] 校验正确, 则验证通过; 校验不正确, 则验证不通过。 [0068] If the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
[0069] 在本实施例中, POS机应用程序下载、 更新吋, 使用密钥对应用程序进行签名 校验。 具体参照图 3, 应用程序文件需要经过签名校验正确才能下载到 POS机中 。 Boot中的应用程序根公钥固化在 Boot程序中, Code.pk公钥只有经过程序的根 私钥签名才能下载到 POS机中。 boot.bin、 core.bin和 app.bin是应用程序或资源文 件, 只有经过 Code.sk私钥的签名才能下载更新到 POS机中。 应用程序的根私钥 和 Code.pk/sk公私钥有 POS机的生产厂商控制, 需要下载更新的应用程序文件和 资源文件都需要经过生产厂商的控制才能更新成功。 本实施例中的方案能够保 证 POS机的应用程序文件不会被非法篡改和更新, 从而保障 POS机应用程序安全  [0069] In this embodiment, after the POS application is downloaded and updated, the application is signed and verified using the key. Referring to Figure 3 specifically, the application file needs to be verified by the signature to be downloaded to the POS machine. The application root public key in Boot is solidified in the Boot program. The Code.pk public key can only be downloaded to the POS machine after being signed by the program's root private key. Boot.bin, core.bin, and app.bin are application or resource files that can only be downloaded and updated to the POS machine after being signed by the Code.sk private key. The root private key of the application and the Code.pk/sk public and private key are controlled by the manufacturer of the POS machine. The application files and resource files that need to be downloaded and updated need to be controlled by the manufacturer to be updated successfully. The solution in this embodiment can ensure that the application files of the POS machine are not illegally tampering and updating, thereby ensuring the security of the POS application.
[0070] 在又一实施例中, 所述在 P0S机中对应用程序进行启动、 下载、 更新操作或者 对主密钥进行更改操作吋, 对所述操作的权限进行验证的步骤 S1包括: [0070] In still another embodiment, the step S1 of verifying the authority of the operation by performing an activation, download, update operation or a change operation on the master key in the POS machine includes:
[0071] 对 P0S机中主密钥进行更改吋, 对所述主密钥进行签名校验; [0071] after performing a change on the master key in the POS machine, performing signature verification on the master key;
[0072] 校验正确, 则验证通过; 校验不正确, 则验证不通过。 [0072] If the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
[0073] 结合参照图 3, 在本实施例中, 主密钥 TMK需要经过签名校验正确才能下载到 P0S机中。 Boot中的密钥根公钥固化在 Boot程序中, Key.pk公钥只有经过密钥的 根私钥签名才能下载到 P0S机中。 acquirerN.pk用于下载验证每个第三方支付公 司的主密钥 TMK, acquirerN.pk需要经过 Key.sk私钥的签名才能下载到 POS机中 。 密钥根私钥和 Key.sk私钥由 P0S机生产厂商控制, acquirerN.pk/sk公私钥由第 三方公司控制, acquirerN.pk需要经过生产厂商的 Key.sk签名才能更新。 本实施 例中的方案能够保证主密钥系统不会被非法篡改, 从而保障 P0S机主密钥安全。  Referring to FIG. 3, in the present embodiment, the master key TMK needs to be verified by the signature to be downloaded to the POS machine. The key root public key in Boot is solidified in the Boot program. The Key.pk public key can only be downloaded to the P0S machine after being signed by the root private key of the key. acquirerN.pk is used to download and verify the master key of each third-party payment company TMK, acquirerN.pk needs to be signed by the Key.sk private key to download to the POS machine. The key root private key and the Key.sk private key are controlled by the P0S machine manufacturer, the acquirerN.pk/sk public private key is controlled by the third party company, and the acquirerN.pk needs to be updated by the manufacturer's Key.sk signature. The solution in this embodiment can ensure that the master key system is not illegally falsified, thereby ensuring the security of the P0S machine master key.
[0074] 可以理解的是, 可以使用上述实施例中描述的多种验证方法中的一种多多种对 P0S机进行安全验证, 在使用上述所有验证方法同吋验证吋, 则更有利于保护 P OS及的安全。  [0074] It can be understood that the security verification of the POS machine can be performed by using more than one of the multiple verification methods described in the foregoing embodiments, and it is more beneficial to protect the P by using all the verification methods described above. OS and security.
[0075] 上述为本发明中提供的 P0S机安全验证方法, 在 P0S机中对应用程序进行启动 [0075] The above is the POS machine security verification method provided in the present invention, and the application program is started in the POS machine.
、 下载、 更新操作或者对主密钥进行更改操作吋, 对所述操作的权限进行验证 ; 验证通过, 则进行相应的操作; 不通过, 则阻断所述操作; 保障 POS机中主密 钥以及应用程序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防止 POS机具被整机切换。 , download, update operation, or make changes to the master key, verify the permissions of the operation ; If the verification is passed, the corresponding operation is performed; if not, the operation is blocked; the security of the master key and the application in the POS machine is guaranteed, and the master key and the application program in the POS machine are prevented from being illegally tampered and downloaded, thereby preventing The POS machine is switched by the whole machine.
[0076] 为了进一步地对本发明中提供的 POS机安全验证方法进行解释说明, 本发明实 施例中还提供了 POS机安全验证装置。 [0076] In order to further explain the POS machine security verification method provided in the present invention, a POS machine security verification apparatus is also provided in the embodiment of the present invention.
[0077] 参照图 4, 本发明一实施例中还提供了一种 POS机安全验证装置, 包括: [0077] Referring to FIG. 4, an embodiment of the present invention further provides a POS security verification apparatus, including:
[0078] 验证单元 10, 用于在 POS机中对应用程序进行启动、 下载、 更新操作或者对主 密钥进行更改操作吋, 对所述操作的权限进行验证; [0078] The verification unit 10 is configured to perform a startup, download, update operation on the application in the POS machine or perform a change operation on the master key, and verify the authority of the operation;
[0079] 处理单元 20, 用于验证通过, 则进行相应的操作; 不通过, 则阻断所述操作。 [0079] The processing unit 20 is configured to perform a corresponding operation when the verification is passed; if not, the operation is blocked.
[0080] 在本实施例中, 在 POS机中对应用程序进行启动、 下载、 更新操作或者对主密 钥进行更改操作吋, 验证单元 10均要对所述操作的权限进行验证, 其中不同的 操作对应不同的验证方式。 例如, 在对 POS机中对应用程序进行启动操作吋, 需 要根据 POS机当前硬件 ID以及应用程序签名公钥进行哈希计算生成哈希值并与 P OS机中预存的哈希值进行对比验证; 在 POS机应用程序下载、 更新吋, 贝嚅要 使用密钥对应用程序进行签名校验, 该密钥可以是预存在 POS机中的主密钥; 又 如, 在对 POS机中主密钥进行更改吋, 需要对所述主密钥进行签名校验。 验证方 式多样化, 在此不一一穷举。 [0080] In this embodiment, the startup, download, update operation or the change operation of the master key is performed on the application in the POS machine, and the verification unit 10 has to verify the authority of the operation, wherein different The operation corresponds to different verification methods. For example, after starting the application operation in the POS machine, it is necessary to perform hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a hash value and compare and verify the hash value pre-stored in the P OS machine. After the POS application is downloaded and updated, Bessie will use the key to verify the signature of the application. The key can be the master key pre-existing in the POS machine; for example, in the POS machine After the key is changed, the master key needs to be signed and verified. The verification methods are diversified and are not exhaustive here.
[0081] 只有当验证通过之后, 处理单元 20才可以在 POS机上进行相应的操作, 若验证 不通过, 则自动阻断该操作, 无法继续执行。 因此, 在 POS机中对应用程序进行 启动、 下载、 更新操作或者对主密钥进行更改操作吋, 可以保障 POS机中主密钥 以及应用程序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防 止 POS机具被整机切换。  [0081] Only after the verification is passed, the processing unit 20 can perform corresponding operations on the POS machine. If the verification fails, the operation is automatically blocked and the execution cannot be continued. Therefore, in the POS machine to start, download, update the operation or change the master key, the security of the master key and the application in the POS machine can be guaranteed, and the master key and application in the POS machine can be prevented. Illegal tampering and downloading to prevent POS devices from being switched by the whole machine.
[0082] 参照图 5, 在一实施例中, 所述验证单元 10包括:  [0082] Referring to FIG. 5, in an embodiment, the verification unit 10 includes:
[0083] 预设子单元 101, 用于根据 POS机硬件 ID以及应用程序签名公钥进行哈希计算 生成第一哈希值, 并将所述第一哈希值预设在 POS机中;  [0083] The preset subunit 101 is configured to perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
[0084] 计算子单元 102, 用于 POS机应用程序启动吋, 根据 POS机当前硬件 ID以及应用 程序签名公钥进行哈希计算生成第二哈希值; [0084] The calculating subunit 102 is configured to: after the POS application is started, perform a hash calculation according to the current hardware ID of the POS machine and the application signature public key to generate a second hash value;
[0085] 对比子单元 103, 用于对比验证所述第二哈希值与所述第一哈希值是否相同; 相同, 则验证通过, 不同, 则验证不通过。 [0085] a comparison subunit 103, configured to compare and verify whether the second hash value is the same as the first hash value; If the verification is the same, the verification will not pass.
[0086] 当 POS机中被整机切机 (即将代理商 A的正常 POS机具的 FLASH拷贝一份, 拷 贝至代理商 B的 POS机具中, 将代理商 B的 POS机具变成代理商 A的机具, 运行代 理商 A的业务) 之后, 此吋即便对应用程序进行签名验证, 也无法检査出切机后 运行的应用程序为篡改的应用程序。  [0086] When the POS machine is cut by the whole machine (ie, copy one copy of the FLASH of the normal POS machine of the agent A, copy it to the POS machine of the agent B, and change the POS tool of the agent B into the agent A. After the machine, running the agent A's business), even if the application is signed and verified, it is impossible to check the application that is running after the machine is tampering.
[0087] 因此, 在本实施例中, 首先根据 POS机原有的硬件 ID以及应用程序签名公钥进 行哈希计算生成第一哈希值, 并将所述第一哈希值预设在 POS机中; 在每一次启 动 POS机上的应用程序吋, 均根据启动吋当前的硬件 ID以及应用程序签名公钥进 行哈希计算生成第二哈希值; 再对比验证所述第二哈希值与所述第一哈希值是 否相同; 相同, 则验证通过, 不同, 则验证不通过。 具体地, POS机硬件 ID包括 CPU ID以及 FLASH ID。  [0087] Therefore, in this embodiment, first performing hash calculation according to the original hardware ID of the POS machine and the application signature public key to generate a first hash value, and preset the first hash value to the POS. In the machine; each time the application on the POS machine is started, the second hash value is generated according to the current hardware ID of the startup device and the application signature public key, and the second hash value is compared and verified. Whether the first hash value is the same; if the same, the verification passes, and if not, the verification fails. Specifically, the POS hardware ID includes a CPU ID and a FLASH ID.
[0088] 当 POS机被整机切机之后, CPU和 FLASH元件则不一样, CPU ID与 FLASH ID 与原有的发生了变化, 根据 CPU ID以及 FLASH ID计算的第二哈希值也发生变化 , 哈希值不一样则无法通过校验, 程序无法运行; 哈希值一致, 则验证通过, 程序运行。 本实施例中的方案, 使用 CPU ID、 FLASH ID与密钥 pk进行哈希计算 , 校验哈希值的方法来保证 CPU FLASH和公钥 PK的唯一关联性, 保护 POS机被 整机切换之后无法通过校验, 能够保护 POS机终端被非法整机切换之后无法正常 运行。  [0088] When the POS machine is cut by the whole machine, the CPU and the FLASH component are different, the CPU ID and the FLASH ID are changed from the original one, and the second hash value calculated according to the CPU ID and the FLASH ID also changes. If the hash value is different, the program cannot be run. If the hash value is the same, the verification is passed and the program runs. In the solution in this embodiment, the CPU ID, the FLASH ID, and the key pk are used for hash calculation, and the hash value is verified to ensure the unique association between the CPU FLASH and the public key PK, and the POS machine is protected from being switched by the whole machine. Unable to pass the verification, it can protect the POS machine terminal from being operated normally after being switched by the illegal machine.
[0089] 参照图 6, 在另一实施例中, 所述验证单元 10包括:  [0089] Referring to FIG. 6, in another embodiment, the verification unit 10 includes:
[0090] 第一验证子单元 104, 用于 POS机应用程序下载、 更新吋, 使用密钥对应用程 序进行签名校验;  [0090] The first verification sub-unit 104 is configured to perform a signature verification on the application by using a key after the POS application is downloaded and updated.
[0091] 第一判定子单元 105, 用于校验正确, 则验证通过; 校验不正确, 则验证不通 过。  [0091] The first determining sub-unit 105 is configured to verify that the verification is correct, and if the verification is incorrect, the verification is not passed.
[0092] 在本实施例中, POS机应用程序下载、 更新吋, 使用密钥对应用程序进行签名 校验。 具体参照图 3, 应用程序文件需要经过签名校验正确才能下载到 POS机中 。 Boot中的应用程序根公钥固化在 Boot程序中, Code.pk公钥只有经过程序的根 私钥签名才能下载到 P0S机中。 boot.bin、 core.bin和 app.bin是应用程序或资源文 件, 只有经过 Code.sk私钥的签名才能下载更新到 P0S机中。 应用程序的根私钥 和 Code.pk/sk公私钥有 POS机的生产厂商控制, 需要下载更新的应用程序文件和 资源文件都需要经过生产厂商的控制才能更新成功。 本实施例中的方案能够保 证 POS机的应用程序文件不会被非法篡改和更新, 从而保障 POS机应用程序安全 [0092] In this embodiment, after the POS application is downloaded and updated, the application is signed and verified using the key. Referring specifically to Figure 3, the application file needs to be verified by the signature to be downloaded to the POS machine. The application root public key in Boot is solidified in the Boot program. The Code.pk public key can only be downloaded to the P0S machine after being signed by the root private key of the program. Boot.bin, core.bin, and app.bin are application or resource files that can only be downloaded and updated to the P0S machine after being signed by the Code.sk private key. Application root private key And the Code.pk/sk public and private key is controlled by the manufacturer of the POS machine. The application files and resource files that need to be downloaded and updated need to be controlled by the manufacturer to be updated successfully. The solution in this embodiment can ensure that the application files of the POS machine are not illegally modified and updated, thereby ensuring the security of the POS application.
[0093] 参照图 7, 在又一实施例中, 所述验证单元 10包括: [0093] Referring to FIG. 7, in another embodiment, the verification unit 10 includes:
[0094] 第二验证子单元 106, 用于对 POS机中主密钥进行更改吋, 对所述主密钥进行 签名校验;  [0094] The second verification sub-unit 106 is configured to perform a signature verification on the master key after performing a change on the master key in the POS machine.
[0095] 第二判定子单元 107, 用于校验正确, 则验证通过; 校验不正确, 则验证不通 过。  [0095] The second determining sub-unit 107 is configured to verify that the verification is correct, and if the verification is incorrect, the verification is not passed.
[0096] 结合参照图 3, 在本实施例中, 主密钥 TMK需要经过签名校验正确才能下载到 POS机中。 Boot中的密钥根公钥固化在 Boot程序中, Key.pk公钥只有经过密钥的 根私钥签名才能下载到 POS机中。 acquirerN.pk用于下载验证每个第三方支付公 司的主密钥 TMK, acquirerN.pk需要经过 Key.sk私钥的签名才能下载到 POS机中 。 密钥根私钥和 Key.sk私钥由 POS机生产厂商控制, acquirerN.pk/sk公私钥由第 三方公司控制, acquirerN.pk需要经过生产厂商的 Key.sk签名才能更新。 本实施 例中的方案能够保证主密钥系统不会被非法篡改, 从而保障 POS机主密钥安全。  [0096] Referring to FIG. 3, in the present embodiment, the master key TMK needs to be verified by the signature to be downloaded to the POS machine. The key root public key in Boot is solidified in the Boot program. The Key.pk public key can only be downloaded to the POS machine after being signed by the root private key of the key. acquirerN.pk is used to download and verify the master key of each third-party payment company TMK, acquirerN.pk needs to be signed by the Key.sk private key to download to the POS machine. The key root private key and the Key.sk private key are controlled by the POS manufacturer. The acquirerN.pk/sk public private key is controlled by the third party company, and acquirerN.pk needs to be updated by the manufacturer's Key.sk signature. The solution in this embodiment can ensure that the master key system is not illegally tampered, thereby ensuring the security of the POS machine master key.
[0097] 可以理解的是, 可以使用上述实施例中描述的多种验证装置中的一种多多种对 POS机进行安全验证, 在使用上述所有验证装置同吋验证吋, 则更有利于保护 P OS及的安全。  [0097] It can be understood that the POS machine can be used for security verification using one or more of the plurality of verification devices described in the above embodiments, and it is more advantageous to protect the P by using all the verification devices described above. OS and security.
[0098] 综上所述, 为本发明实施例中提供的 POS机安全验证方法及装置, 在 POS机中 对应用程序进行启动、 下载、 更新操作或者对主密钥进行更改操作吋, 验证单 元 10对所述操作的权限进行验证; 处理单元 20用于验证通过, 则进行相应的操 作; 不通过, 则阻断所述操作; 保障 POS机中主密钥以及应用程序的安全, 防止 POS机中主密钥以及应用程序被非法篡改和下载, 防止 POS机具被整机切换。  [0098] In summary, the POS machine security verification method and device provided in the embodiment of the present invention initiates, downloads, updates or changes the master key in the POS machine, and the verification unit 10, verifying the authority of the operation; the processing unit 20 is used for verification, and then performing corresponding operations; if not, blocking the operation; securing the master key and the application in the POS machine, preventing the POS machine The master key and the application are illegally tampered with and downloaded to prevent the POS device from being switched by the whole machine.
[0099]  [0099]
[0100] 所属领域的技术人员可以清楚地了解到, 为描述的方便和简洁, 上述描述的终 端, 装置和单元的具体工作过程, 可以参考前述方法实施例中的对应过程, 在 此不再赘述。 [0101] 本领域技术人员可以理解, 本发明包括涉及用于执行本申请中所述操作中的一 项或多项的设备。 这些设备可以为所需的目的而专门设计和制造, 或者也可以 包括通用计算机中的已知设备。 这些设备具有存储在其内的计算机程序, 这些 计算机程序选择性地激活或重构。 这样的计算机程序可以被存储在设备 (例如 , 计算机) 可读介质中或者存储在适于存储电子指令并分别耦联到总线的任何 类型的介质中, 所述计算机可读介质包括但不限于任何类型的盘 (包括软盘、 硬盘、 光盘、 CD-ROM和磁光盘) 、 ROM (Read-Only Memory , 只读存储器) 、 RAM (Random Access Memory , 随即存储器) 、 EPROM (Erasable [0100] It will be apparent to those skilled in the art that, for the convenience and brevity of the description, the specific working process of the terminal, the device and the unit described above may refer to the corresponding process in the foregoing method embodiment, and details are not described herein again. . [0101] Those skilled in the art will appreciate that the present invention includes apparatus related to performing one or more of the operations described herein. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured. Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and respectively coupled to a bus, including but not limited to any Types of disks (including floppy disks, hard disks, CDs, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory, read-only memory), RAM (Random Access Memory), EPROM (Erasable)
Programmable Read-Only  Programmable Read-Only
Memory , 可擦写可编程只读存储器) 、 EEPROM (Electrically Erasable Programmable Read-Only Memory , 电可擦可编程只读存储器) 、 闪存、 磁性卡 片或光线卡片。 也就是, 可读介质包括由设备 (例如, 计算机) 以能够读的形 式存储或传输信息的任何介质。  Memory, EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or light card. That is, a readable medium includes any medium that is stored or transmitted by a device (e.g., a computer) in a readable form.
[0102] 本技术领域技术人员可以理解, 可以用计算机程序指令来实现这些结构图和 / 或框图和 /或流图中的每个框以及这些结构图和 /或框图和 /或流图中的框的组合。 本技术领域技术人员可以理解, 可以将这些计算机程序指令提供给通用计算机 、 专业计算机或其他可编程数据处理方法的处理器来实现, 从而通过计算机或 其他可编程数据处理方法的处理器来执行本发明公幵的结构图和 /或框图和 /或流 图的框或多个框中指定的方案。  [0102] Those skilled in the art will appreciate that each block of the block diagrams and/or block diagrams and/or flow diagrams can be implemented with computer program instructions and in the block diagrams and/or block diagrams and/or flow diagrams. The combination of boxes. Those skilled in the art will appreciate that these computer program instructions can be implemented by a general purpose computer, a professional computer, or a processor of other programmable data processing methods, such that the processor is executed by a computer or other programmable data processing method. The block diagrams and/or block diagrams of the invention and/or the schemes specified in the blocks or blocks of the flow diagram are invented.
[0103] 本技术领域技术人员可以理解, 本发明中已经讨论过的各种操作、 方法、 流程 中的步骤、 措施、 方案可以被交替、 更改、 组合或刪除。 进一步地, 具有本发 明中已经讨论过的各种操作、 方法、 流程中的其他步骤、 措施、 方案也可以被 交替、 更改、 重排、 分解、 组合或刪除。 进一步地, 现有技术中的具有与本发 明中公幵的各种操作、 方法、 流程中的步骤、 措施、 方案也可以被交替、 更改 、 重排、 分解、 组合或刪除。  [0103] Those skilled in the art can understand that the various operations, methods, and steps, measures, and solutions in the present invention may be alternated, changed, combined, or deleted. Further, various operations, methods, and other steps, measures, and arrangements in the process of the present invention may be alternated, changed, rearranged, decomposed, combined, or deleted. Further, the steps, measures, and solutions in the various operations, methods, and processes disclosed in the prior art may be alternated, changed, rearranged, decomposed, combined, or deleted.
[0104] 以上所述仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利 用本发明说明书及附图内容所作的等效结构或等效流程变换, 或直接或间接运 用在其他相关的技术领域, 均同理包括在本发明的专利保护范围内。  The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are used directly or indirectly. Other related technical fields are equally included in the scope of patent protection of the present invention.

Claims

权利要求书  Claim
一种 POS机安全验证方法, 其特征在于, 包括以下步骤: A POS machine security verification method, characterized in that the method comprises the following steps:
在 P0S机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行 更改操作吋, 对所述操作的权限进行验证; After the application is started, downloaded, updated, or changed by the master key in the POS machine, the authority of the operation is verified;
验证通过, 则进行相应的操作; 不通过, 则阻断所述操作。 If the verification passes, the corresponding operation is performed; if not, the operation is blocked.
根据权利要求 1所述的 POS机安全验证方法, 其特征在于, 所述在 PO S机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行更改 操作吋, 对所述操作的权限进行验证的步骤包括: The POS security verification method according to claim 1, wherein the operating, the downloading, the updating operation, or the changing operation of the master key in the PO S machine, the authority to the operation The steps to verify include:
根据 POS机硬件 ID以及应用程序签名公钥进行哈希计算生成第一哈希 值, 并将所述第一哈希值预设在 POS机中; Performing a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine;
POS机应用程序启动吋, 根据 POS机当前硬件 ID以及应用程序签名公 钥进行哈希计算生成第二哈希值;  After the POS application is started, the second hash value is generated according to the current hardware ID of the POS machine and the application signature public key.
对比验证所述第二哈希值与所述第一哈希值是否相同; 相同, 则验证 通过, 不同, 则验证不通过。 The comparison verifies whether the second hash value is the same as the first hash value; if the same, the verification passes, and if not, the verification fails.
根据权利要求 2所述的 POS机安全验证方法, 其特征在于, 所述 POS 机硬件 ID包括 CPU ID以及 FLASH ID。 The POS security verification method according to claim 2, wherein the POS hardware ID comprises a CPU ID and a FLASH ID.
根据权利要求 1所述的 POS机安全验证方法, 其特征在于, 所述在 POThe POS machine security verification method according to claim 1, wherein the PO is in the PO
S机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行更改 操作吋, 对所述操作的权限进行验证的步骤包括: The application starts, downloads, updates, or changes the master key in the S machine. The steps to verify the permissions of the operation include:
POS机应用程序下载、 更新吋, 使用密钥对应用程序进行签名校验; 校验正确, 则验证通过; 校验不正确, 则验证不通过。  After the POS application is downloaded and updated, the application is signed and verified using the key. If the verification is correct, the verification is passed. If the verification is incorrect, the verification fails.
根据权利要求 1所述的 POS机安全验证方法, 其特征在于, 所述在 POThe POS machine security verification method according to claim 1, wherein the PO is in the PO
S机中对应用程序进行启动、 下载、 更新操作或者对主密钥进行更改 操作吋, 对所述操作的权限进行验证的步骤包括: The application starts, downloads, updates, or changes the master key in the S machine. The steps to verify the permissions of the operation include:
对 POS机中主密钥进行更改吋, 对所述主密钥进行签名校验; 校验正确, 则验证通过; 校验不正确, 则验证不通过。 After the master key is changed in the POS machine, the master key is signed and verified; if the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
一种 POS机安全验证装置, 其特征在于, 包括: A POS machine security verification device, comprising:
验证单元, 用于在 POS机中对应用程序进行启动、 下载、 更新操作或 者对主密钥进行更改操作吋, 对所述操作的权限进行验证; 处理单元, 用于验证通过, 则进行相应的操作; 不通过, 则阻断所述 操作。 A verification unit for launching, downloading, updating, or After the change operation is performed on the master key, the authority of the operation is verified; the processing unit is used to verify the passage, and the corresponding operation is performed; if not, the operation is blocked.
根据权利要求 6所述的 POS机安全验证装置, 其特征在于, 所述验证 单元包括: The POS security verification device according to claim 6, wherein the verification unit comprises:
预设子单元, 用于根据 POS机硬件 ID以及应用程序签名公钥进行哈希 计算生成第一哈希值, 并将所述第一哈希值预设在 POS机中; 计算子单元, 用于 POS机应用程序启动吋, 根据 POS机当前硬件 ID以 及应用程序签名公钥进行哈希计算生成第二哈希值; a preset subunit, configured to perform a hash calculation according to the POS hardware ID and the application signature public key to generate a first hash value, and preset the first hash value in the POS machine; After the POS application is started, the second hash value is generated according to the current hardware ID of the POS machine and the application signature public key.
对比子单元, 用于对比验证所述第二哈希值与所述第一哈希值是否相 同; 相同, 则验证通过, 不同, 则验证不通过。 a comparison subunit, configured to compare and verify whether the second hash value is the same as the first hash value; if the same, the verification passes, and if not, the verification fails.
根据权利要求 7所述的 POS机安全验证装置, 其特征在于, 所述 POS 机硬件 ID包括 CPU ID以及 FLASH ID。 The POS security verification device according to claim 7, wherein the POS hardware ID comprises a CPU ID and a FLASH ID.
根据权利要求 6所述的 POS机安全验证装置, 其特征在于, 所述验证 单元包括: The POS security verification device according to claim 6, wherein the verification unit comprises:
第一验证子单元, 用于 POS机应用程序下载、 更新吋, 使用密钥对应 用程序进行签名校验; The first verification sub-unit is used for downloading and updating the POS application, and performing signature verification using the key corresponding program;
第一判定子单元, 用于校验正确, 则验证通过; 校验不正确, 则验证 不通过。 The first determining sub-unit, if the verification is correct, the verification is passed; if the verification is incorrect, the verification fails.
根据权利要求 6所述的 POS机安全验证装置, 其特征在于, 所述验证 单元包括: The POS security verification device according to claim 6, wherein the verification unit comprises:
第二验证子单元, 用于对 POS机中主密钥进行更改吋, 对所述主密钥 进行签名校验; a second verification subunit, configured to perform a signature verification on the master key after the master key is changed in the POS machine;
第二判定子单元, 用于校验正确, 则验证通过; 校验不正确, 则验证 不通过。 The second determining subunit, for verifying correctness, passes the verification; if the verification is incorrect, the verification fails.
PCT/CN2017/076811 2017-03-15 2017-03-15 Security verification method and apparatus for pos machine WO2018165920A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780000964.8A CN107466455B (en) 2017-03-15 2017-03-15 POS machine security verification method and device
PCT/CN2017/076811 WO2018165920A1 (en) 2017-03-15 2017-03-15 Security verification method and apparatus for pos machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/076811 WO2018165920A1 (en) 2017-03-15 2017-03-15 Security verification method and apparatus for pos machine

Publications (1)

Publication Number Publication Date
WO2018165920A1 true WO2018165920A1 (en) 2018-09-20

Family

ID=60554215

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076811 WO2018165920A1 (en) 2017-03-15 2017-03-15 Security verification method and apparatus for pos machine

Country Status (2)

Country Link
CN (1) CN107466455B (en)
WO (1) WO2018165920A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108597154B (en) * 2018-04-09 2020-11-17 厦门夏新移动通讯有限公司 Safe starting system and starting method for communication module of Internet of things and POS machine
CN108573130B (en) * 2018-05-24 2022-06-03 深圳鼎智通讯股份有限公司 Cutter protection system during operation of intelligent POS machine terminal
CN109523258A (en) * 2018-10-30 2019-03-26 百富计算机技术(深圳)有限公司 POS client public key safety certifying method, device and terminal device
CN109660355B (en) * 2018-12-15 2022-04-26 深圳市捷诚技术服务有限公司 Method, device, storage medium and terminal for preventing POS terminal from being illegally tampered
CN110048831A (en) * 2018-12-29 2019-07-23 中国银联股份有限公司 The distribution method and diostribution device of POS terminal master key
CN109671229B (en) * 2019-01-31 2022-01-25 环旭(深圳)电子科创有限公司 Cash register and safety verification method thereof
CN111782282B (en) * 2020-06-24 2023-12-08 智车优行科技(北京)有限公司 Start program loading method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2005242135B1 (en) * 2005-12-07 2006-03-16 Ronald Neville Langford Verifying the Identity of a User by Authenticating a File
CN105225112A (en) * 2014-06-20 2016-01-06 中国电信股份有限公司 Mobile payment authorization method and server
CN105978856A (en) * 2016-04-18 2016-09-28 随行付支付有限公司 POS (point of sale) machine key downloading method, device and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906B (en) * 2006-09-13 2010-10-06 北京邦天信息技术有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
EP2147565A4 (en) * 2007-04-17 2011-10-19 Hypercom Corp Methods and systems for security authentication and key exchange
CN101753547A (en) * 2008-12-19 2010-06-23 北京银迅捷电子技术有限公司 Method and system for updating applications and parameters of multi-model POS terminal device
CN102013982B (en) * 2010-12-01 2012-07-25 银联商务有限公司 Long-distance encryption method, management method, as well as encryption management method, device and system
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103716167B (en) * 2013-03-15 2017-01-11 福建联迪商用设备有限公司 Method and device for safely collecting and distributing transmission keys

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2005242135B1 (en) * 2005-12-07 2006-03-16 Ronald Neville Langford Verifying the Identity of a User by Authenticating a File
CN105225112A (en) * 2014-06-20 2016-01-06 中国电信股份有限公司 Mobile payment authorization method and server
CN105978856A (en) * 2016-04-18 2016-09-28 随行付支付有限公司 POS (point of sale) machine key downloading method, device and system

Also Published As

Publication number Publication date
CN107466455A (en) 2017-12-12
CN107466455B (en) 2021-05-04

Similar Documents

Publication Publication Date Title
WO2018165920A1 (en) Security verification method and apparatus for pos machine
JP5079803B2 (en) System and method for authenticating a game device
US20230020278A1 (en) Secure boot assist for devices, and related systems, methods and devices
US8880898B2 (en) Anti-roll-back mechanism for counter
US8555049B2 (en) Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit
KR101190479B1 (en) Ticket authorized secure installation and boot
JP6371919B2 (en) Secure software authentication and verification
US8984296B1 (en) Device driver self authentication method and system
CN112231647A (en) A software authorization verification method
JP7450713B2 (en) Software integrity protection method and apparatus, and software integrity verification method and apparatus
WO2013185724A2 (en) Mobile terminal and software upgrade method thereof
CN104160405A (en) Securing device environment for trust provisioning
TWI754219B (en) Update signals
JP2008527510A (en) Updating the memory content of the processing device
WO2012083823A1 (en) Method and device for terminal network locking
TWI529555B (en) Systems,methods and non-transitory processor readable media regarding firmware authentication
CN109814934B (en) Data processing method, device, readable medium and system
US20100100966A1 (en) Method and system for blocking installation of some processes
CN101009888B (en) Secure booting method for a mobile terminal, computer readable recording medium and mobile terminal
CN112685338A (en) Semiconductor device including secure repairable ROM and method of repairing the same
CN110324283B (en) Licensing method, device and system based on asymmetric encryption
US20060075401A1 (en) Patch installation control
CN103488943A (en) Protection method for firmware update execution
JP2021135937A (en) Information processing device and program startup method
JP2011003210A (en) License external memory

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17901136

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15/01/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17901136

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载