6.5.2.4 State diagram for DecoderKey changes 解码器密钥更改的状态图
Figure 9 illustrates the KT states that a DecoderKey may assume from time to time.
图9说明了解码器密钥可能不时假定的KT状态。
Where one key is used to encrypt another key (as in the key change token set), the former is referred to as the parent key and the latter as the child key.
其中一个密钥用于加密另一个密钥(如在密钥更改令牌集中),前者称为父密钥,后者称为子密钥。
The solid line arrows indicate the direction in which a key may change from one type to another type. The type that it changes from is the parent key and the type that it changes to is the child key. To effect a change of the DecoderKey the new key (or child key) is encrypted with the parent key and then loaded into the payment meter by means of a key change token set. The payment meter then replaces the parent key with the child key, which now becomes the new parent key.
实线箭头表示键从一种类型变为另一种类型的方向。它改变的类型是父键,改变的类型是子键。为了改变解码器密钥,新密钥(或子密钥)与父密钥一起加密,然后通过密钥更改令牌集加载到支付计量表中。然后,付费表计将父键替换为子键,子键现在成为新的父键。
The dotted line arrows indicate the function, for which a KT may be used, i.e. the values that it may encrypt or decrypt. For example, only a DITK, DUTK or DCTK can be used to encrypt or decrypt a credit transfer function, but all four types can be used to encrypt or decrypt meter-
specific management functions.
虚线箭头表示可以使用KT的函数,即可以加密或解密的值。例如,只有DITK、DUTK或DCTK可用于加密或解密信用传递功能,但所有四种类型都可用于加密或解密表计特定的管理功能。
Table 33 details the permitted key change state relationships and associated functions.
表33详细描述了允许的键更改状态关系和相关函数。
The child key rows refer to the permitted usage of decoder key types for encryption of DecoderKeys in the key change token set key management functions. Similarly, the management and credit rows detail the permitted usage of decoder key types for the encryption of the remaining meter-specific management functions and credit transfer functions respectively.
子密钥行指的是密钥更改令牌集密钥管理函数中用于加密解码器密钥类型的允许使用情况。类似地,management和credit行分别详细描述了用于加密其余meter特定管理功能和credit转换功能的解码器密钥类型的允许使用情况。
The key type relationship policy in the POS shall be enforced in a secure device such as a tamper-proof CryptographicModule.
POS中的密钥类型关系策略应在安全设备中实施,如防篡改加密模块。