POS logic safety instructions

1. Logical Security Overview

     mPOS end product uses Katherine's Microelectronics Technology Hengda MH1902 security chip , terminal logical security function is mainly done by the security CPU.

2. Physical Security Module Description

    1) The chip security module comprising

          1, hardware DES \ RSA \ state secret encryption algorithm;

          2, environmental monitoring mode;

          3, trigger detection module;

          4, random number generator.

     2) trigger detection module

          A trigger detection module is mainly used to attack detection system can detect a voltage, temperature, and four external trigger pin state detector , upon detection system is attacked,

          All stored in a battery protection zone data will be cleared.

     3) Random number generator

           A random number generator, the random number generator using the CPU, CPU random number generator for generating random numbers required for the program. When generating random numbers with some

           Other random factor, date and time, address, and the timer value of remaining time, a random factor, and the generated random number using the 3DES algorithm and then treated as inputs

           The factor, so that the data of the random number generator generates more random.

      4) measures for the safe handling software logic

            In addition to the physical security provided by the chip security module, in software logic, MPOS terminal uses a variety of security schemes to ensure the security of sensitive data to prevent data

            It has been tampered with.

            1, using the CPU boot security checking mechanism to download boot of control;

            2, using RSA2048, SHA-256 algorithm to ensure the legitimacy and integrity of the firmware upgrade and run the program;

            3, using the download key RSA2048 algorithm used during transmission to an encryption key and an authentication key;

            4, using a random number generator MMK, ELRCK using NV SRAM storage area MMK, ELRCK to encrypt keys stored in the machine and

                  Certification system after being attacked MMK, ELRCK lost, and the key will be lost;

            5, if the machine is not operated, then 3 minutes, will automatically shut down in the case without the foreign, to conduct an inspection of all keys each power , to check whether the key

                  It has been tampered with;

            6, every 24 hours restart of the firmware integrity, validity check, and to conduct an inspection for all keys;

            7, to read the secret key to check in real time, preventing the use of keys has been tampered with.

3. Safety CPU file signature format

    1) RSA certificate format

          1, the public key certificate format

Table 1 public key certificate format

version	ASC	8B	PK 1	Public key, behind if less than 0
Issuer	ASC	16B	TRENDS	Behind if less than 0
serial number	ASC	32B	1234567890	Behind if less than 0
Signature algorithm identifier	ASC	8B	RSA	Behind if less than 0
Validity	BCD	8B	2010010120110101	Behind if less than 0
Public information	HEX	164B		With a random number (2048)
spare	HEX	720B	0
CA's digital signature plaintext	HEX	20B
CA's digital signature ciphertext	HEX	24B		Filling certificated 0

            2, the private key certificate format

Table 2 private key certificate format

version	ASC	8B	SK1	Private, behind if less than 0
Issuer	ASC	16B	TRENDS	Behind if less than 0
serial number	ASC	32B	1234567890	Behind if less than 0
Signature algorithm identifier	ASC	8B	RSA	Behind if less than 0
Validity	BCD	8B	2010010120110101	Behind if less than 0
Private information	HEX	580B		With a random number (2048)
spare	HEX	2104B	0
CA's digital signature plaintext	HEX	20B
CA's digital signature ciphertext	HEX	24B		Filling certificated 0

4. Security CPU security and key management

    1) key storage

          1, MMK, ELRCK chip stored in the battery protection register areas              

               Key encryption key MMK, ELRCK dryice module stored in the battery protection register DRY_SKR

          2、DRY_SKR：DryIce Security Key Register(DRY_SKR0 to DRY_SKR7)

          3, MMK: all keys stored in POS be encrypted

                ELRCK: POS of keys stored in the verification MAC for encrypting

          . 4, DRY_SKR register values corresponding to Table 3          

Table 3 DRY_SKR register values

Register	Data	Remark
DRY_SKR 0,1,2,3,	MMK	16bytes
DRY_SKR4,5,6,7	ELRCK	16bytes

     2) application key storage

          1, MK: master key

               PINK: PIN encryption key work

               MACK: MAC encryption work key    

               TDK: track data encryption work key

               FIXEDK: fixed key

               BPK: authentication key that is used to download work key

          2, MK, PINK, MACK, TDK, FIXEDK, BPK storage structure shown below (each occupying 32 bytes of the key space):

typedef struct _PCIAPPKEY
{
    u8 keytype;
    u8 keyindex;
    u8 keylen;
    u8 keydata[24];   //使用MMK对密钥加密后的数据
    u8 keylrc[5];     //对上面的信息算校验MAC，然后使用ELRCK加密
}PCIAPPKEY;

                In the above structure is stored (group number) .key file, as shown in FIG.

     3) storing key encryption method

           1、将要保存的密钥的keytype、Keyindex、keylen、keydata填入到结构体中相应的数据段中

tmpappkey.keytype  = keytype;
tmpappkey.keyindex = keyindex;
tmpappkey.keylen   = keylen;
memset(tmpappkey.keydata,0xff,sizeof(tmpappkey.keydata));
memcpy(tmpappkey.keydata,keydata,keylen);

             2、使用MMK对密钥明文使用3DES进行加密

ret = pcikeymanage_keyprocessusingMMK (ENCRYPT,tmpappkey.keydata,24);
if(ret != PCI_PROCESSCMD_SUCCESS)
{
    DEBUG("\r\n pcidrv_keyprocess_usingMMK ret = %d \r\n",ret);
    return ret;
}

             3、计算密钥密文的XOR校验值

k = pcikeymanage_CalculateLRCCheckvalue (tmpappkey.keydata,24);

             4、组织密钥信息校验MAC

elrckdata[0] = k;
elrckdata[1] = tmpappkey.keytype;
elrckdata[2] = tmpappkey.keyindex;
elrckdata[3] = tmpappkey.keylen;
elrckdata[4] = 0;
elrckdata[5] = 0;
elrckdata[6] = 0;
elrckdata[7] = 0;

            5、使用ELRCK对密钥信息校验MAC进行DES加密

ret = pcikeymanage_keyprocessusingELRCK (elrckdata,8);
if(ret != PCI_PROCESSCMD_SUCCESS)
{
    return ret;
}

           6、比较已保存的密钥中是否有一样的密钥

ret = pcikeymanage_checkallappkey (groupindex,keytype,keyindex,tmpappkey.keydata);
if(ret != PCI_PROCESSCMD_SUCCESS)
{
    return ret;
}

            7、将最后的结构体数据保存到密钥文件中

pcikeymanage_saveappkey();

5. 密钥擦除

    POS运行过程中，24小时检测运行程序时检查到运行程序被篡改，MMK 、ELRCK校验不正确或保存在SPI FLASH中的密钥被

    篡改了，会先清除MMK 、ELRCK，再擦除外部FLASH中的密钥数据。这时候终端被锁，提示"系统安全已触发"。

void pcitamper_manage_selfcheck_securitylocked(u8 type) 
{
    dev_dryice_writeramdata();  //清除MMK、ELRCK
    pcikeymanage_initkeydata();  //清除所有密钥

    gPCITamperManage.gTamperCurrentValue = 0xFFFFFFFF;	
    pcitamper_manage_savetamper(gPCITamperManage.gTamperCurrentValue); //保存触发状态	
    dev_smc_systemsoftreset();  //机器重启	
}