Patent Application
20180308097
The invention relates to the technical field of data transmission, in particular to a bankcard password protection method and system.
With the continuous development of the Internet and electronic payment techniques, traditional financial POS devices have been greatly changed and closely combined with the Internet day-by-day in the aspects of appearance design, function expansion, interface enrichment, user experiment improvement and the like, and various new techniques have sprung up, such as the new technique of bankcard password input based on a touch screen.
When bankcard passwords are input into the traditional POS devices, a special physical numeric keypad is needed. Along with the requirement for smaller and smaller POS devices, a great bottleneck confronts POS devices in structural design and appearance design due to the large space occupation of the physical keypad, and the traditional POS devices always seem rigid and unfashionable. With the development of the Internet technology and the rise of mobile payment, the technique of realizing bankcard password input on mobile phones has been widely used and is being understood and accepted by customers day by day. Following the popularization of smart POS devices, touch screen-based bankcard password input is becoming a tide and an inevitable technology development trend.
However, as professional commercial payment devices, POS machines are different from personal payment devices such as mobile phones which are generally used by individuals or limited persons. Due to the fact that any customers may swipe cards and input bankcard passwords to the POS machines serving as commercial payment devices, the benefits of cardholders will be threatened once the POS machines are illegally transformed. Thus, the requirement for the security protection level of bankcard password input of the professional commercial POS devices is much higher than that of personal devices such as mobile phones, and the security protection technique for bankcard password input of POS devices based on touch screens is of great importance.
In the prior art, a POS terminal comprises an application processor (short for AP) and a security processor (short for SE). As a universal application processor, the AP does not have a physical intrusion detection and response mechanism or a hardware storage area conforming to the specifications of the financial POS industry to store sensitive data, such as transaction keys, used for transaction verification with the bank background. As a professional security processor, the SE has a physical intrusion detection and response mechanism and is internally provided with a hardware-protected security storage area for storing sensitive data such as keys, and all the sensitive data in the security storage area will be automatically destroyed when the POS machines suffer from various physical attacks such as illegal disassembly, making sure that these information has been automatically lost and cannot be accessed under the condition that the POS machines are internally attacked. PIN (namely bankcard password) information needs to be encrypted in the POS machines first and then is sent to the POS background to complete verification; however, due to the facts that the AP cannot store keys and only the SE can store keys, after acquiring bankcard passwords input by customers, the AP has to transmit the bankcard passwords to the SE, the SE encrypts the bankcard passwords by means of the keys and then transmits the encrypted bankcard passwords back to the AP, and afterwards, the AP transmits the bankcard passwords to the bank background for transaction verification. However, in the transmission process from the AP to the SE, plaintexts of the bankcard passwords are exposed, and the bankcard passwords are prone to being cracked, resulting in potential safety hazards.
The technical issue to be settled by the invention is to disclose a novel practical bankcard password input protection technique, which achieves safe input and internal transmission of bankcard passwords without affecting user experience of customers through a reasonable scheme design and an encryption protection technique of the bankcard cryptography.
The technical scheme adopted by the invention to settle the above technical issue is to provide a bankcard password protection method. The bankcard password protection method comprises the following steps:
A security processor randomly generates a public and private key pair;
The security processor sends a public key to an application processor;
The application processor acquires a bankcard password, encrypts the bankcard password by means of the public key and then transmits the encrypted bankcard password to the security processor;
The security processor decrypts the bankcard password by means of a private key.
To settle the above technical issue, the invention further provides a bankcard password protection system. The bankcard password protection system comprises an application processor and a security processor, wherein:
The security processor is used for randomly generating a public and private key pair and sending a public key to the application processor;
The application processor acquires a bankcard password, encrypts the bankcard password by means of the public key and then transmits the encrypted bankcard password to the security processor;
The security processor decrypts the bankcard password by means of a private key.
The invention has the following beneficial effects: different from the prior art, the security processor of the invention randomly generates a public and private key pair and sends a public key to the application processor to encrypt a bankcard password, the encrypted bankcard password is then sent to the security processor to be decrypted by means of a private key, and thus, the plaintext of the bankcard password is prevented from being exposed in the transmission process from the application processor to the security processor. In this way, the invention improves the security of the input and transmission process of the bankcard password and brings a better experience feeling to customers.
The key conception of the invention lies in that a public and private key pair is generated in a security processor and a bankcard password input by customers is encrypted in an application processor and then transmitted to the security processor so as to be decrypted, thus preventing the plaintext of the bankcard password from being exposed in the transmission process.
As is shown in
S1: a security processor randomly generates a public and private key pair;
S2: the security processor sends a public key to an application processor;
S3: the application processor acquires a bankcard password, encrypts the bankcard password by means of the public key and then sends the encrypted bankcard password to the security processor;
S4: the security processor decrypts the bankcard password by means of a private key.
The first embodiment of the invention differs from the prior art in that the security processor randomly generates the public and private key pair and sends the public key to the application processor to encrypt the bankcard password and the encrypted bankcard password is then sent to the security processor to be decrypted by means of the private key, thus improving the security of the input process of the bankcard password and bringing a better experience feeling to customers.
Wherein, the security processor encrypts a bankcard password plaintext obtained through decryption by means of a key to obtain a PIN block in a ciphertext format and then sends the PIN block in the ciphertext format to the application processor; and the application processor sends the PIN block in the ciphertext format as well as transaction data to a background to complete verification.
In addition, the key used to form the PIN block in the ciphertext format through encryption is prestored in the security processor and used for transaction verification with the background. That is, the key is irrelevant to the public and private key pair generated in Step S1.
The application processor displays a random disorganized numeric keypad on a touch screen, and the bankcard password is input through the random disorganized numeric keypad.
Specifically, when PIN is input to the touch screen of the AP, a random disorganized numeric keypad will be displayed on a LCD screen to remind the cardholder to input the PIN. Every time the numeric keypad is displayed on the LCD screen, a drive or service related to PIN input of the touch screen will read a set of random numbers from the system, and then a numeric keypad with disorganized numbers is shown on the LCD screen according to the random numbers, thus making sure that the prompt and input positions of PIN numbers on the LCD screen are random and uncertain every time the PIN numbers are input and accordingly preventing attackers from figuring out the input PIN numbers according to fixed positions.
When the bankcard password is input to the touch screen of the application processor, the system setting enters into a special bankcard password input mode, and all bankcard password input events are only available to a creditable touch screen bankcard password drive so as to be processed.
Specifically, when PIN is input to the touch screen of the AP, the system setting will enter into a special PIN input mode, and in this mode, a special touch screen PIN drive will intercept PIN input events on the hardware level to make sure that all the PIN input events are only available to the creditable touch screen PIN drive to be processed and will not be reported to common application programs, and thus it is ensured that PIN-related information cannot be monitored by illegal application programs. The touch screen PIN input is based on a system-level drive with the legality and integrity protected through the digital signature technique, and the drive cannot be tampered or replaced by common applications.
Specifically, in actual application, the bankcard password protection method of the invention can be applied to a smart POS device to provide protection for safe input and transmission of PIN or to provide security guarantees for PIN input, completely based on a touch screen, of the smart POS device. By implementing the invention, the problems of small available space, difficult appearance and structure design, unattractive overall appearance and inconvenient use caused by the dependence on physical keypads of traditional POS devices can be solved, a better user experience of PIN input of the smart POS device is achieved, and the security of the PIN input process is sufficiently ensured.
The bankcard password protection method is suitable for all POS terminal devices supporting the bankcard payment function and realizing PIN input through a touch screen. These POS terminal devices generally comprise a universal application processor subsystem and a professional security processor subsystem, the touch screen is controlled by the AP subsystem, and PIN is input to an AP and then sent to an SE to be encrypted.
According to the invention, PIN is encrypted when transmitted from the AP to the SE.
In the encryption process, the PIN is encrypted by the AP by means of the public key and decrypted by the SE by means of the private key. Since the public key is open, no great risk will be caused even if the public key is stored on the AP system as long as necessary tamper-proof permission protection is set for the AP. The private key needs to be confidentially protected and thus has to be stored on the SE to be prevented against leakage. The PIN is encrypted when transmitted between the AP and the SE, and thus, the security of the transmission process is ensured, and attackers cannot obtain the PIN content in a plaintext format even if breaking through the circuit between the AP and the SE.
The public and private key pair adopted by each smart POS device is randomly generated in the smart POS device, and thus, the key of each smart POS device is unpredictable and is unique in probability, meeting the requirement for one key for each device.
The public and private key pair can be easily generated in the POS device every time the security area is formatted before the POS terminal device leaves the factory, and does not to be input through a complex method. The key pair can be used all the time as long as the POS device is not disassembled or physically attacked in various forms. If the POS device is illegally disassembled, the POS machine will be returned to the factory to be maintained according to the management requirements, in this case, the security area is re-formatted, and thus a new public and private key pair is generated.
Thus, the novel practical PIN input protection technique provided by the invention can achieve safe input and internal transmission of PIN without affecting the user experiment of customers through a reasonable scheme design and an encryption protection technique of the bankcard cryptography.
As is shown in
As for each PIN input process, the cardholder inputs PIN through the touch screen, afterwards, the PIN is encrypted by the application processor (AP) by means of a public key and then transmitted to the communication module of the security processor (SE) from the communication module of the AP so as to be decrypted, and the PIN is encrypted by means of a key, then returned to the AP through the communication module of the SE and the communication module of the AP, and finally output to the POS background.
In this specific embodiment,
Steps 1-3 are performed in the POS initialization stage, completed in a controlled area of a POS factory, and described as follows:
Step 1: the SE randomly generates a public and private key pair (including a public key and a private key) used as PIN encryption protection keys.
Step 2: the SE sends the public key in the public and private key pair to the AP.
Step 3: the AP stores the public key for encrypted PIN transmission during a subsequent transaction.
Steps 4-9 are to be performed during each normal transaction of the POS device and are described as follows:
Step 4: during each transaction of the POS device, after completing amount input and other operations, the shop assistant hands the POS device to the cardholder for PIN input, and the cardholder inputs the PIN to the POS device.
Step 5: the AP acquires a PIN plaintext first, encrypts the PIN plaintext by means of the public key stored in Step 3 and then sends the encrypted PIN plaintext to the SE.
Step 6: after receiving data sent from the AP, the SE decrypts the data by means of the private key first to acquire the PIN plaintext and then encrypts the PIN plaintext again by means of a PIN encryption key downloaded into the SE (the PIN encryption key is a symmetric key and is downloaded before the POS device is deployed by an acquirer), so that a PIN block in a ciphertext format is obtained.
Step 7: the SE returns the PIN block in the ciphertext format to the AP.
Step 8: the AP integrates the PIN block in the ciphertext format and other transaction data to form a POS transaction message and transmits the POS transaction message to the POS transaction background.
Step 9: the POS transaction background processes relevant data and then conducts comparison (including comparison of PIN and other transaction data); if the comparison succeeds, the transaction succeeds; otherwise, the transaction fails; and the transaction verification result is sent to the POS device.
Furthermore, the second embodiment of the invention correspondingly provides a bankcard password protection system (not shown in the figures). The bankcard password protection system comprises an application processor and a security processor, wherein:
The security processor is used for randomly generating a public and private key pair and sending a public key to the application processor;
The application processor acquires a bankcard password, encrypts the bankcard password by means of the public key and then transmits the encrypted bankcard password to the security processor;
The security processor decrypts the bankcard password by means of a private key.
The security processor encrypts a bankcard password plaintext obtained through decryption to obtain a PIN block in a ciphertext format and sends the PIN block in the ciphertext format to the application processor;
The application processor sends the PIN block in the ciphertext format as well as transaction data to a background to complete verification.
A key used to form the PIN block in the ciphertext format through encryption is prestored in the security processor and used for transaction verification with the background.
The application processor displays a random disorganized numeric keypad on a touch screen, and the bankcard password is input through the random disorganized numeric keypad.
When the bankcard password is input to the touch screen of the application processor, the system setting enters into a special bankcard password input mode, and all bankcard password input events are only available to a creditable touch screen bankcard password drive so as to be processed.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201610080215.8 | Feb 2016 | CN | national |
The present application is a Continuation Application of PCT Application No. PCT/CN2016/092332 filed on Jul. 29, 2016, which claims the benefit of Chinese Patent Application No. 201610080215.8 filed on Feb. 4, 2016. All the above are hereby incorporated by reference.
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/CN2016/092332 | Jul 2016 | US |
| Child | 16019564 | US |
