A kind of safe transmission method for electronic sealing and device
Technical field
The present invention relates to cash exchequer currency field, particularly a kind of safe transmission method for electronic sealing and device.
Background technology
In existing cash exchequer business, because electronic sealing does not have the function of data encryption, therefore, safeguard protection cannot be carried out to the transmission of data, more can not the true and false of data discrimination.For sensitive data involved in cash exchequer business, crack once monitored, offender just can utilize the leak of grasp to carry out data falsification, altered data, causes safely immeasurable loss to national wealth.Therefore, verify sensitive data involved in cash exchequer business whether to be forged or to distort and the integrality of transmitting data is all need the problem of solution badly.
Summary of the invention
The object of the present invention is to provide a kind of safe transmission method for electronic sealing and device, can solve and carry out in data transmission procedure, electronic sealing data are forged or distort, and the incomplete problem of transfer of data.
According to an aspect of the present invention, provide a kind of safe transmission method for electronic sealing, comprising:
When transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, obtain PKI from described controller;
The described PKI of described fortune paper money bag electronic sealing is encrypted its business datum, obtains encrypted transaction data;
Described fortune paper money bag electronic sealing generates the authorization information for verifying encrypted transaction data integrality according to described encrypted transaction data, and described encrypted transaction data and described authorization information are sent to described controller via sweep gate;
Described controller generates validation confirmation information according to described encrypted transaction data, and when judging that described validation confirmation information is consistent with received authorization information, restores described business datum.
Preferably, described when transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, comprise from the step of described controller acquisition PKI:
Described sweep gate scans described fortune paper money bag electronic sealing, obtains the dispersion factor corresponding to described fortune paper money bag electronic sealing, and described dispersion factor is sent to described controller;
Described controller obtains PKI according to described dispersion factor, and described PKI is sent to described fortune paper money bag electronic sealing.
Preferably, described described controller obtains PKI according to the described dispersion factor received, and is sent to by described PKI the step of described fortune paper money bag electronic sealing to comprise:
The first master key that described controller utilizes described dispersion factor preset to it disperses, and obtains the first sub-key;
Described controller utilizes described first sub-key to be encrypted preset PKI and obtains business cipher key, and described business cipher key is sent to described fortune paper money bag electronic sealing.
Preferably, described when transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, also comprise from the step of described controller acquisition PKI:
Described fortune paper money bag electronic sealing utilizes the second master key corresponding to the dispersion factor of described fortune paper money bag electronic sealing is preset to it to disperse, and obtains the second sub-key;
Described fortune paper money bag electronic sealing utilizes described second sub-key to be decrypted the business cipher key from described controller, obtains PKI.
Preferably, described for verifying that the authorization information of encrypted transaction data integrality refers to, according to the first cryptographic Hash that described encrypted transaction data calculates.
Preferably, described controller generates validation confirmation information according to described encrypted transaction data, and when judging that described validation confirmation information is consistent with received authorization information, the step restoring described business datum comprises:
Described controller calculates the second cryptographic Hash for confirming authorization information according to described encrypted transaction data;
The second cryptographic Hash calculated and the first cryptographic Hash from described fortune paper money bag electronic sealing are compared, whether both judgements are consistent;
If both are consistent, then described controller is decrypted described encrypted transaction data according to its preset private key, obtains the business datum of described fortune paper money bag electronic sealing.
According to a further aspect in the invention, provide a kind of safe transmission device for electronic sealing, comprising:
Acquisition module, for when transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, obtains PKI from described controller;
Encrypting module, is encrypted its business datum for the described PKI of described fortune paper money bag electronic sealing, obtains encrypted transaction data;
Generation module, for described fortune paper money bag electronic sealing according to the authorization information of described encrypted transaction data generation for verifying encrypted transaction data integrality, and sends to described controller by described encrypted transaction data and described authorization information via sweep gate;
Authentication module, generates validation confirmation information for described controller according to described encrypted transaction data, and when judging that described validation confirmation information is consistent with received authorization information, restores described business datum.
Preferably, described acquisition module comprises further:
Scanning submodule, scans described fortune paper money bag electronic sealing for described sweep gate, obtains the dispersion factor corresponding to described fortune paper money bag electronic sealing, and described dispersion factor is sent to described controller;
Send submodule, obtain PKI for described controller according to described dispersion factor, and described PKI is sent to described fortune paper money bag electronic sealing.
Preferably, described acquisition module further comprises:
Dispersion submodule, utilizes the second master key corresponding to the dispersion factor of described fortune paper money bag electronic sealing is preset to it to disperse for described fortune paper money bag electronic sealing, obtains the second sub-key;
Deciphering submodule, utilizes described second sub-key to be decrypted the business cipher key from described controller for described fortune paper money bag electronic sealing, obtains PKI.
Preferably, described authentication module comprises further:
Hash submodule, calculates the second cryptographic Hash for confirming authorization information for described controller according to described encrypted transaction data;
Comparer module, for the calculate second cryptographic Hash and the first cryptographic Hash from described fortune paper money bag electronic sealing being compared, whether both judgements are consistent;
Reduction submodule, if consistent for both, then described controller is decrypted described encrypted transaction data according to its preset private key, obtains the business datum of described fortune paper money bag electronic sealing.
Compared with prior art, beneficial effect of the present invention is: can by carrying out in data transmission procedure at electronic sealing, a kind of method of calibration corresponding to electronic sealing cryptographic algorithm is provided, the legitimacy of data is verified, whether whether inspection transmission data be forged or distort and complete, improves fail safe and the integrality of transfer of data.
Accompanying drawing explanation
Fig. 1 is the safe transmission method schematic diagram for electronic sealing that the embodiment of the present invention provides;
Fig. 2 is the safe transmission structure drawing of device for electronic sealing that the embodiment of the present invention provides;
Fig. 3 is the flow chart of the safe transmission for electronic sealing that the embodiment of the present invention provides.
Embodiment
Below in conjunction with accompanying drawing to a preferred embodiment of the present invention will be described in detail, should be appreciated that following illustrated preferred embodiment is only for instruction and explanation of the present invention, is not intended to limit the present invention.
Fig. 1 is the safe transmission method schematic diagram for electronic sealing that the embodiment of the present invention provides, and as shown in Figure 1, concrete steps are as follows:
Step S1: when transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, obtain PKI from described controller.
In step sl, described sweep gate scans described fortune paper money bag electronic sealing, obtains the dispersion factor corresponding to described fortune paper money bag electronic sealing, and described dispersion factor is sent to described controller;
Described controller obtains PKI according to described dispersion factor, and described PKI is sent to described fortune paper money bag electronic sealing.
Further, described described controller obtains PKI according to the described dispersion factor received, and is sent to by described PKI the step of described fortune paper money bag electronic sealing to comprise:
The first master key that described controller utilizes described dispersion factor preset to it disperses, and obtains the first sub-key;
Described controller utilizes described first sub-key to be encrypted preset PKI and obtains business cipher key, and described business cipher key is sent to described fortune paper money bag electronic sealing.
Further, also comprise:
Described fortune paper money bag electronic sealing utilizes the second master key corresponding to the dispersion factor of described fortune paper money bag electronic sealing is preset to it to disperse, and obtains the second sub-key;
Described fortune paper money bag electronic sealing utilizes described second sub-key to be decrypted the business cipher key from described controller, obtains PKI.
Step S2: the described PKI of described fortune paper money bag electronic sealing is encrypted its business datum, obtains encrypted transaction data.
Step S3: described fortune paper money bag electronic sealing generates the authorization information for verifying encrypted transaction data integrality according to described encrypted transaction data, and described encrypted transaction data and described authorization information are sent to described controller via sweep gate.
In step s3, described for verifying that the authorization information of encrypted transaction data integrality refers to, according to the first cryptographic Hash that described encrypted transaction data calculates.
Step S4: described controller generates validation confirmation information according to described encrypted transaction data, and when judging that described validation confirmation information is consistent with received authorization information, restores described business datum.
In step s 4 which, described controller calculates the second cryptographic Hash for confirming authorization information according to described encrypted transaction data;
The second cryptographic Hash calculated and the first cryptographic Hash from described fortune paper money bag electronic sealing are compared, whether both judgements are consistent;
If both are consistent, then described controller is decrypted described encrypted transaction data according to its preset private key, obtains the business datum of described fortune paper money bag electronic sealing.
Fig. 2 is the safe transmission structure drawing of device for electronic sealing that the embodiment of the present invention provides, and as shown in Figure 2, comprising: acquisition module, encrypting module, generation module and authentication module.
Described acquisition module is used for, when transporting paper money bag electronic sealing and receiving the sweep signal of sweep gate, by the communication via described sweep gate and controller, obtaining PKI from described controller.Wherein, the scanning submodule of described acquisition module is used for described sweep gate and scans described fortune paper money bag electronic sealing, obtains the dispersion factor corresponding to described fortune paper money bag electronic sealing, and described dispersion factor is sent to described controller.The transmission submodule of described acquisition module is used for described controller and obtains PKI according to described dispersion factor, and described PKI is sent to described fortune paper money bag electronic sealing.The dispersion submodule of described acquisition module is used for described fortune paper money bag electronic sealing and utilizes the second master key corresponding to the dispersion factor of described fortune paper money bag electronic sealing is preset to it to disperse, and obtains the second sub-key.The deciphering submodule of described acquisition module is used for described fortune paper money bag electronic sealing and utilizes described second sub-key to be decrypted the business cipher key from described controller, obtains PKI.
Described encrypting module is used for the described PKI of described fortune paper money bag electronic sealing and is encrypted its business datum, obtains encrypted transaction data.
Described generation module is used for described fortune paper money bag electronic sealing according to the authorization information of described encrypted transaction data generation for verifying encrypted transaction data integrality, and described encrypted transaction data and described authorization information are sent to described controller via sweep gate.
Described authentication module is used for described controller and generates validation confirmation information according to described encrypted transaction data, and when judging that described validation confirmation information is consistent with received authorization information, restores described business datum.Wherein, the Hash submodule of described authentication module is used for described controller and calculates the second cryptographic Hash for confirming authorization information according to described encrypted transaction data.The comparer module of described acquisition module is used for the second cryptographic Hash calculated and the first cryptographic Hash from described fortune paper money bag electronic sealing to compare, and whether both judgements are consistent.If the reduction submodule of described acquisition module is used for both unanimously, then described controller is decrypted described encrypted transaction data according to its preset private key, obtains the business datum of described fortune paper money bag electronic sealing.
Fig. 3 is the flow chart of the safe transmission for electronic sealing that the embodiment of the present invention provides, as shown in Figure 3, for the workflow of electronic sealing cipher key delivery and message transmissions, utilize the safety certification of signature check realization to electronic sealing, after the signature check authentication success that controller returns electronic sealing, complete the safe transmission to electronic sealing data.Wherein, adopt the encryption mechanism of symmetric key protection unsymmetrical key to carry out safeguard protection, concrete methods of realizing is as follows:
(1) cipher key delivery.Controller and electronic sealing have identical master key, oneself distinctive dispersion factor is sent to controller by electronic sealing, controller utilizes dispersion factor to carry out key dispersion to its master key and generates sub-key, then generates business cipher key by the sub-key encrypted public key generated and return to electronic sealing.Electronic sealing is adopted and is generated sub-key in the same way, and utilizes the sub-key generated to the business cipher key deciphering of passback, reduction PKI.
(2) message transmissions.The electronic sealing PKI restored is encrypted original message, obtains digital signature, then carries out the unique Hash values of Hash Hash calculating generation to the digital signature generated, and finally digital signature and cryptographic Hash is sent to controller as message transmission; Controller calculates Hash values to the identical Hash hash algorithm of the digital signature in message transmission, and the Hash values calculated and the Hash values in message transmission are compared judge whether consistent, if consistent, illustrate that the message transmission received is complete, with private key, RSA calculating is carried out to digital signature again, restore original message.
In sum, the present invention has following technique effect: can by carrying out in data transmission procedure at electronic sealing, a kind of method of calibration corresponding to electronic sealing cryptographic algorithm is provided, the integrality of the electronic sealing data going out warehouse-in is verified, whether inspection transmission data are forged or distort, the effective guarantee integrality of electronic sealing transfer of data, and the fail safe of transfer of data between controller and electronic sealing.
Although above to invention has been detailed description, the present invention is not limited thereto, those skilled in the art of the present technique can carry out various amendment according to principle of the present invention.Therefore, all amendments done according to the principle of the invention, all should be understood to fall into protection scope of the present invention.