Secure sockets layer method for meeting programmable communications interface (PCI) 3.0 on financial point of sale (POS)

Abstract

The invention relates to a secure sockets layer method for meeting a programmable communications interface (PCI) 3.0 on a financial point of sale (POS), which is characterized in that a secure sockets layer (SSL) safety module of a POS system is divided into two parts of a foreground safety dynamic library and a background management unit which achieve address space separation through a memory management unit (MMU) mechanism of a central processing unit (CPU) and achieve communication in a Unix socket mode. The foreground safety dynamic library is used for being called by an application program of an application program interface (API) supply system and managing SSL connection parameters through configuration files. The background management unit takes charge of managing a certificate and a secrete key and carrying out SSL consultation. The secure sockets layer method is capable of achieving space separation of the certificate and a secrete key file in the POS system and an SSL consultation process and an application program, and forcefully protects critical data.

Description

technical field [0001] The invention relates to a secure socket layer method satisfying PCI3.0 on financial POS. Background technique [0002] PCI3.0 (Payment Card Industry version 3.0, payment card industry standard version 3) is an international security standard in the financial field, and it is a secure communication protocol and certificate for SSL / TLS (Secure Sockets Layer / Transport Layer Security, Security Suite Layer / Transport Layer Security) There are strict requirements on key storage. SSL / TLS adopts public key technology to ensure the confidentiality and reliability of communication between two applications, so that the communication between client and server applications will not be eavesdropped by attackers. The advantage of the SSL / TLS protocol is that it is independent of the application layer protocol. High-level application layer protocols (such as: Http, FTP, Telnet, etc.) can be transparently established on top of the SSL / TLS protocol. The SSL / TLS proto...

AI Technical Summary

Problems solved by technology

However, the existing SSL / TLS secure communication protocols generally provide API interfaces to applications through dynamic libraries, and dynamic libraries directly access key data such as certificates and private keys (the flow diagram is shown in figure 1 As shown), it runs in the same address space as the application program and has the same operating authority as the application program. With such a storage and processing mechanism, there is a possibility that illegal applications directly steal and tamper with key data such as certificates and private keys. Can not meet the security requirements of PCI3.0

Images