patents.google.com

CN112583592A - How an encryption system works - Google Patents

  • ️Tue Mar 30 2021

CN112583592A - How an encryption system works - Google Patents

How an encryption system works Download PDF

Info

Publication number
CN112583592A
CN112583592A CN202011597176.1A CN202011597176A CN112583592A CN 112583592 A CN112583592 A CN 112583592A CN 202011597176 A CN202011597176 A CN 202011597176A CN 112583592 A CN112583592 A CN 112583592A Authority
CN
China
Prior art keywords
client
server
key
information
ipek
Prior art date
2020-12-29
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011597176.1A
Other languages
Chinese (zh)
Inventor
易红维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Wanhuitong Technology Co ltd
Original Assignee
Hunan Wanhuitong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
2020-12-29
Filing date
2020-12-29
Publication date
2021-03-30
2020-12-29 Application filed by Hunan Wanhuitong Technology Co ltd filed Critical Hunan Wanhuitong Technology Co ltd
2020-12-29 Priority to CN202011597176.1A priority Critical patent/CN112583592A/en
2021-03-30 Publication of CN112583592A publication Critical patent/CN112583592A/en
Status Pending legal-status Critical Current

Links

  • 238000000034 method Methods 0.000 claims abstract description 10
  • 230000008676 import Effects 0.000 claims abstract description 3
  • 238000012795 verification Methods 0.000 claims description 18
  • 238000004806 packaging method and process Methods 0.000 claims description 4
  • 230000002265 prevention Effects 0.000 claims description 2
  • 238000011017 operating method Methods 0.000 claims 4
  • 238000012856 packing Methods 0.000 description 2
  • 230000005540 biological transmission Effects 0.000 description 1
  • 230000000903 blocking effect Effects 0.000 description 1
  • 238000006243 chemical reaction Methods 0.000 description 1
  • 238000004891 communication Methods 0.000 description 1
  • 230000007547 defect Effects 0.000 description 1
  • 238000005516 engineering process Methods 0.000 description 1
  • 230000000977 initiatory effect Effects 0.000 description 1
  • 230000002427 irreversible effect Effects 0.000 description 1
  • 230000001360 synchronised effect Effects 0.000 description 1

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种加密系统的工作方法,包括以下步骤:S1,服务端生成密钥,并且将DUKPT应用导入到卡片,所述卡片具有防消磁护套;S2,服务端根据KSN生成IPEK密钥做备用;S3,客户端注入IPEK密钥,所述客户端在注入IPEK密钥时,客户端会对注入的信息进行验证;S4,客户端使用IPEK计算交易密钥。本发明加密系统在工作时,分别产生不同的密钥,而且对交易密钥和交易数据进行加密保护,保证信息初始的安全性,实现个人化BDK,IPEK,KEK和PEK多密钥类型进行加密,保证加密的稳定性和安全性,而且所有操作基于芯片卡内部运算,确保交易安全。The invention discloses a working method of an encryption system, comprising the following steps: S1, a server generates a key, and imports a DUKPT application into a card, the card has an anti-degaussing sheath; S2, the server generates an IPEK encryption key according to KSN The key is used as a backup; S3, the client injects the IPEK key, and when the client injects the IPEK key, the client verifies the injected information; S4, the client uses the IPEK to calculate the transaction key. When the encryption system of the present invention is working, different keys are generated respectively, and the transaction key and transaction data are encrypted and protected, so as to ensure the initial security of information, and realize the encryption of personalized BDK, IPEK, KEK and PEK multi-key types. , to ensure the stability and security of encryption, and all operations are based on the internal operation of the chip card to ensure transaction security.

Description

Working method of encryption system

Technical Field

The invention relates to the technical field of information encryption, in particular to a working method of an encryption system.

Background

The online transaction is a transaction performed through the internet, and the transaction mainly completes purchase of various physical goods, information services and virtual products by virtue of virtual currency. The online transaction mainly is a transaction performed in a virtual environment of a network, and is similar to a store in the real world, and the difference is that a virtual transaction process from buying to selling is achieved by various means of electronic commerce. With the increasing deepening of the information era, chips gradually become the core of information products in various fields, and the chips cannot be separated from communication satellites and common mobile phones, identity cards, bank cards, automobiles, internet of things equipment and the like in life. In the digital age, information loss and divulgence can become hidden dangers affecting personal, social and even national security at any time. The important importance of ensuring the information security is to ensure the security of the information product core chip. At present, the security chip industry has been listed as one of the national information security strategies, and under the vigorous promotion of policies, a large number of security chips applied to different fields and even different business scenes emerge in the market,

dukpt (derived Unique Key Per transaction) is a set of Key management system and algorithm defined by ANSI, is used to solve the Key management problem in information security transmission in the field of financial payment, and is applied to data security aspects such as symmetric Key encryption MAC and PIN. The unique key is used in each transaction process, and an irreversible key conversion algorithm is adopted, so that the last transaction key cannot be cracked from the current transaction data information. It is required that the acquirer and the terminal must be synchronized to support the key management technology. Consists of two parts, a transaction initiating endpoint (S-TRSM, e.g., pos, ATM) and a transaction receiving endpoint (R-TRSM, e.g., acquirer). Note: TRSM (pointer-resistor Security Module) is a Security Module with attack blocking capability, and TRSM has attack resistance capability.

When a transaction is carried out, a lot of information of a user is needed, for example, fund information, position information and identity information of the user are needed, and the information is important to the privacy and safety of individuals in the current internet environment, so that the encryption protection of the personal information is very important when the transaction is carried out.

Disclosure of Invention

The invention aims to solve the defects in the prior art and provides a working method of an encryption system.

In order to achieve the purpose, the invention adopts the following technical scheme:

a method of operation of an encryption system comprising the steps of:

s1, the server generates a key and imports the DUKPT application into a card, and the card is provided with a degaussing prevention sheath;

s2, the server generates IPEK key for standby according to KSN;

s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;

s4, the client calculates the trade key by using IPEK;

s5, encrypting and protecting the password and the sensitive data by the client side by using the transaction key, wherein the client side is provided with an information packaging module and an information encoding module, the information packaging module packages the information generated by the transaction, and the information encoding module encodes the packaged information;

s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;

s7, the server side starts to locate the BDK key;

s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;

and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.

Preferably, the client is provided with a verification module, the server is provided with a verification information generation module, the verification information generation module generates verification information to the client, and the verification module on the client is used for verification.

Preferably, the server is provided with an analysis module for analyzing the KSN and the encrypted data sent by the client.

Preferably, the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different and require different keys, and the server and the client are both provided with decoding modules for decoding the keys.

Preferably, the key generated by the server and the IPEK key generated by the server according to the KSN both have a use time limit, and the use time limit is 60 s.

Preferably, the client is provided with a positioning module for positioning the BDK key by the server, the client can be a handheld terminal and a fixed terminal, and the server is a server.

The encryption system provided by the invention respectively generates different keys when in work, and encrypts and protects the transaction key and transaction data, thereby ensuring the initial security of information, realizing the encryption of multiple key types of personal BDK, IPEK, KEK and PEK, ensuring the stability and security of encryption, and ensuring the transaction security based on the internal operation of a chip card.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments.

Examples

A method of operation of an encryption system comprising the steps of:

s1, the server generates a key and leads the DUKPT application into a card, and the card is provided with a demagnetization-preventing sheath;

s2, the server generates IPEK key for standby according to KSN;

s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;

s4, the client calculates the trade key by using IPEK;

s5, the client uses the trade key to encrypt and protect the password and the sensitive data, the client has an information packing module and an information coding module, the information packing module packs the information generated by the trade, and the information coding module codes the packed information;

s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;

s7, the server side starts to locate the BDK key;

s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;

and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.

In this embodiment, the client is provided with a verification module, the server is provided with a verification information generation module, the verification information generation module generates verification information to the client, and the verification module on the client is used for verification.

In this embodiment, the server is provided with an analysis module, and analyzes the KSN and the encrypted data sent by the client.

In this embodiment, the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different, and different keys are required, and the server and the client are both provided with decoding modules for decoding the keys.

In this embodiment, both the key generated by the server and the IPEK key generated by the server according to the KSN have a use time limit, and the use time limit is 60 s.

In this embodiment, the client is provided with a positioning module for the server to position the BDK key, the client may be a handheld terminal or a fixed terminal, and the server is a server.

When the encryption system works, different keys are respectively generated, the transaction key and the transaction data are encrypted and protected, the initial security of information is guaranteed, the encryption of multiple key types of personal BDK, IPEK, KEK and PEK is realized, the encryption stability and security are guaranteed, and all operations are based on the internal operation of a chip card, so that the transaction security is guaranteed.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (6)

1. A method of operating an encryption system, comprising the steps of:

s1, the server generates a key and imports the DUKPT application into a card, and the card is provided with a degaussing prevention sheath;

s2, the server generates IPEK key for standby according to KSN;

s3, the client side injects IPEK key, when the client side injects IPEK key, the client side verifies the injected information;

s4, the client calculates the trade key by using IPEK;

s5, encrypting and protecting the password and the sensitive data by the client side by using the transaction key, wherein the client side is provided with an information packaging module and an information encoding module, the information packaging module packages the information generated by the transaction, and the information encoding module encodes the packaged information;

s6, the server side starts to analyze after receiving the KSN and the encrypted data of the client side;

s7, the server side starts to locate the BDK key;

s8, the server side generates IPEK again, the same transaction is simulated, the transaction data and KSN are collated, the data are analyzed, and the result is compared;

and S9, the server displays the comparison result and approves or rejects the encryption and decryption operation.

2. The operating method of an encryption system according to claim 1, wherein a verification module is provided on the client, a verification information generation module is provided on the server, the verification information generation module generates verification information to the client, and the verification is performed by using the verification module on the client.

3. The operating method of an encryption system according to claim 1, wherein the server is provided with a parsing module for parsing the KSN and the encrypted data sent by the client.

4. The operating method of the encryption system according to claim 1, wherein the server and the client are both provided with encryption algorithms, the encryption algorithms on the server and the client are different and require different keys, and the server and the client are both provided with decoding modules for decoding the keys.

5. The operating method of an encryption system according to claim 1, wherein the key generated by the server and the IPEK key generated by the server according to the KSN both have a usage time limit, which is 60 s.

6. The working method of the encryption system according to claim 1, wherein the client is provided with a positioning module for positioning the BDK key by the server, the client can be a handheld terminal and a fixed terminal, and the server is a server.

CN202011597176.1A 2020-12-29 2020-12-29 How an encryption system works Pending CN112583592A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011597176.1A CN112583592A (en) 2020-12-29 2020-12-29 How an encryption system works

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011597176.1A CN112583592A (en) 2020-12-29 2020-12-29 How an encryption system works

Publications (1)

Publication Number Publication Date
CN112583592A true CN112583592A (en) 2021-03-30

Family

ID=75143979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011597176.1A Pending CN112583592A (en) 2020-12-29 2020-12-29 How an encryption system works

Country Status (1)

Country Link
CN (1) CN112583592A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150142670A1 (en) * 2013-11-20 2015-05-21 Sue Zloth Systems and methods for software based encryption
CN106327723A (en) * 2016-08-29 2017-01-11 福建新大陆支付技术有限公司 mPOS transaction system based on intelligent platform
KR101720966B1 (en) * 2016-01-07 2017-03-29 주식회사 코밴 Methods of payment processing and key download of public use payment system, and public use payment terminal and authentication ic card performing the same
WO2017222183A1 (en) * 2016-06-20 2017-12-28 비씨카드(주) Method for processing transaction approval and card issuer server
US20190050590A1 (en) * 2017-08-14 2019-02-14 Bank Of America Corporation Ensuring Information Security by Utilizing Encryption of Data
CN109508983A (en) * 2012-01-05 2019-03-22 维萨国际服务协会 Data protection is carried out with conversion
US20200220719A1 (en) * 2019-01-09 2020-07-09 Mastercard International Incorporated Methods and systems for cryptographic keys exchange

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109508983A (en) * 2012-01-05 2019-03-22 维萨国际服务协会 Data protection is carried out with conversion
US20150142670A1 (en) * 2013-11-20 2015-05-21 Sue Zloth Systems and methods for software based encryption
KR101720966B1 (en) * 2016-01-07 2017-03-29 주식회사 코밴 Methods of payment processing and key download of public use payment system, and public use payment terminal and authentication ic card performing the same
WO2017222183A1 (en) * 2016-06-20 2017-12-28 비씨카드(주) Method for processing transaction approval and card issuer server
CN106327723A (en) * 2016-08-29 2017-01-11 福建新大陆支付技术有限公司 mPOS transaction system based on intelligent platform
US20190050590A1 (en) * 2017-08-14 2019-02-14 Bank Of America Corporation Ensuring Information Security by Utilizing Encryption of Data
US20200220719A1 (en) * 2019-01-09 2020-07-09 Mastercard International Incorporated Methods and systems for cryptographic keys exchange

Similar Documents

Publication Publication Date Title
US7702916B2 (en) 2010-04-20 Method and system for secure authentication
US7333615B1 (en) 2008-02-19 Encryption between multiple devices
US10089627B2 (en) 2018-10-02 Cryptographic authentication and identification method using real-time encryption
CN107210914A (en) 2017-09-26 The method supplied for security credence
US8620824B2 (en) 2013-12-31 Pin protection for portable payment devices
CN107111694A (en) 2017-08-29 Software tampering detection and reporting process
JPS62120564A (en) 1987-06-01 Terminal checking system
NO331571B1 (en) 2012-01-30 System for protecting an encrypted information unit
EP3702991B1 (en) 2024-11-13 Mobile payments using multiple cryptographic protocols
CN108171486A (en) 2018-06-15 It is a kind of that there is the terminal of E-seal
Zhou et al. 2021 Implementation of cryptographic algorithm in dynamic QR code payment system and its performance
CN106372950A (en) 2017-02-01 Anti-counterfeiting authentication method for e-commerce and online shopping goods
CN108537537A (en) 2018-09-14 A kind of safe and reliable digital cash Wallet System
CN112583592A (en) 2021-03-30 How an encryption system works
CN108650214A (en) 2018-10-12 The anti-method and device of going beyond one's commission of dynamic page encryption
Mitra et al. 2017 Implementation of a novel security technique using triple des in cashless transaction
Blancaflor et al. 2023 A Case Study of using Cryptography for the Improvement of Data Security in E-commerce Industry in the Philippines
Ashrafi et al. 2008 Enabling privacy-preserving e-payment processing
CN116823257A (en) 2023-09-29 Information processing method, device, equipment and storage medium
Lokhande et al. 2021 Development of an Algorithmic Approach for Hiding Sensitive Data and Recovery of Data based on Fingerprint Identification for Secure Cloud Storage
CN112613876B (en) 2023-01-17 A digital wallet transaction method, device and system
CN105512936B (en) 2019-11-08 The internet banking system sensitive data processing method and system of more legal person's business models
CN103795714A (en) 2014-05-14 Identity authentication system and method
Yuvarani et al. 2024 Payment Security Expert: Analyzing Smart Cards and Contactless Payments with Cryptographic Techniques
Pillai et al. 2020 A decentralized data privacy for mobile payment using blockchain technology

Legal Events

Date Code Title Description
2021-03-30 PB01 Publication
2021-03-30 PB01 Publication
2021-11-19 SE01 Entry into force of request for substantive examination
2021-11-19 SE01 Entry into force of request for substantive examination
2024-12-20 RJ01 Rejection of invention patent application after publication
2024-12-20 RJ01 Rejection of invention patent application after publication

Application publication date: 20210330