A kind of method that code keyboard generates ciphertext
Technical field
The present invention relates to a kind of methods that code keyboard generates ciphertext.
Background technique
It is usually directly to carry out encryption life according to bank's key that the code keyboard of the ATM VTM machine of bank, which generates ciphertext,
At ciphertext;If there is criminal to obtain bank's code key by illegally reading the modes such as bank's key of code keyboard storage,
The ciphertext of generation can be cracked easily to obtain the password of user, therefore this mode safety is not high.In order to prevent
The generation of such case, some manufacturers carry out entire code keyboard by increasing an encryption chip on hardware at present
Encryption, but since encryption chip is generally all more expensive, the production cost that will lead to complete machine rises, and is unfavorable for the operation of manufacturer.
Summary of the invention
It is easy to be cracked to solve code keyboard, the technical problem excessively high using encryption chip cost, the present invention provides
One kind can effectively prevent code keyboard input to be cracked, and the method that the lower code keyboard of cost of implementation generates ciphertext.
In order to achieve the above technical purposes, the technical scheme is that,
A kind of method that code keyboard generates ciphertext, includes the following steps:
Step 1:Examine code keyboard whether legal, non-rule terminates entire ciphertext generating process, and it is legal, continue to hold
Row;Then the Encryption Algorithm of code keyboard is set;Again into the storage region of code keyboard load is obtained from bank include lead
Bank's key of key and working key;
Step 2:The password of user's input, the first password of acquisition user input are handled, work is then decrypted by master key
Make key, and password is encrypted to obtain ciphertext and key value according to the Encryption Algorithm combination working key that step 1 is set;
Then ciphertext is split according to the digit of key value, by after fractionation ciphertext A and ciphertext B be respectively stored in code keyboard
In storage region;
Step 3:The password that banking system inputs user is verified, and first calculates the ciphertext after fractionation by Hash
Character string check code is calculated in method;Then banking system being sent by ciphertext and character string check code, certification is decrypted;
Banking system verifies the ciphertext and character string check code that receive, judges whether to be tampered;It, will if being not tampered with
Ciphertext A and ciphertext B synthesizes complete ciphertext, then verifies whether the password that user inputs is correct, and end is verified.
Whether the method that a kind of code keyboard generates ciphertext in the step one, examines code keyboard legal,
It is to be initialized to complete to code keyboard, can such as be initialized, then sentenced by setting and configuration parameter
Break to be legal, is otherwise illegal.
The method that a kind of code keyboard generates ciphertext, in the step one, the Encryption Algorithm of keyboard password is adopted
With one of the PIN encryption mode of ISO9564-0, IBM3624 or ASCII, Encryption Algorithm is DES or 3DES.
The method that a kind of code keyboard generates ciphertext in the step one, first loads master key, then pass through master
Key read work key is loaded, and selects the storage region on code keyboard, and key is loaded into wherein.
The method that a kind of code keyboard generates ciphertext, in the step two, acquisition user input is close first
Code, then decrypted to obtain work code key by master key, further according to the Encryption Algorithm combination working key set before to password into
Row encryption obtains ciphertext and key value, and wherein ciphertext is the character string of presetting digit capacity, and key value is the position of the password of user's input
Number.
The method that a kind of code keyboard generates ciphertext, in the step two, according to the digit of key value to close
Text is split, and ciphertext is divided into the ciphertext A comprising number of characters identical with key value digit, and include remaining number of characters
Ciphertext B.
The method that a kind of code keyboard generates ciphertext, in the step three, storage of the system in code keyboard
Region obtains ciphertext A, and character string check code A ' is calculated by hash algorithm in ciphertext A;Ciphertext B is obtained, ciphertext B is passed through
Character string check code B ' is calculated in hash algorithm;Then by ciphertext A, character string check code A ', ciphertext B, character string check code
B ', which is combined into a data packet and is sent to banking system, is decrypted certification.
The method that a kind of code keyboard generates ciphertext, in the step three, ciphertext A that banking system will obtain
And check code A ' is calculated by hash algorithm by ciphertext B and check code B ' is verified, and judges whether to be tampered, if not by
Distort, then ciphertext A and ciphertext B synthesized into complete ciphertext, then verify user's input password it is whether correct, otherwise do not close
At directly terminating to verify.
The technical effects of the invention are that carrying out splitting storage and hair by ciphertext of the digit based on key value to generation
It send, so that the safety of ciphertext further increases, simultaneously because splitting the ciphertext generated is torn open based on original key value
Point, do not change the cipher mode of original bank's key, so not will cause the situation of decryption logic confusion, high stability.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Referring to Fig. 1, in order to realize the encipherment protection to user by the inputted password of code keyboard, the present invention includes following
Step:
It is the reliability for confirming code keyboard itself first, before the password encryption storage for inputting user, system is first
Preliminary setting is first carried out to code keyboard:
(1) it sets and configuration parameter, code keyboard is initialized, is i.e. whether inspection code keyboard closes
Method, if code keyboard can be initialized, then it is assumed that be it is legal, otherwise it is assumed that illegal;
(2) Encryption Algorithm of code keyboard is set, can include and unlimited using selection PIN encryption mode, encryption mode
In ISO9564-0, IBM3624, ASCII etc., alternative Encryption Algorithm includes and is not limited to DES, 3DES;
(3) bank's key is loaded, key pair is obtained from bank, and key pair includes master key and work code key, first loads master
Key is reloading with working key, this is because wanting read work key that must carry out encryption reading, code keyboard by master key
On usually have the area 0-15 totally 16 storage regions, can randomly choose in actual use, key is loaded into wherein.
After carrying out preliminary setting to code keyboard:
(4) password of user's input is obtained, first reads master key and then the working key corresponding by its decryption, further according to
The Encryption Algorithm set before encrypts password with work code key, obtains character ciphertext, it is close to set character in the present embodiment
The length of text is 16, while obtaining key value, and key value is " * ", and the password that user's input is set in the present embodiment is 6, then
Key value is shown as 6 " * * * * * * ";
(5) ciphertext is split according to the digit of key value, if the digit of key value is 6, is then split into ciphertext
Ciphertext A comprising the preceding 6 characters and ciphertext B comprising rear 10 characters;
(6) ciphertext A and ciphertext B are respectively stored in optional 16 storage regions;
When whether the password that bank needs to verify user's input is correct,
(7) system obtains ciphertext A in storage region, and 16 character string verifications are calculated by hash algorithm in ciphertext A
Code A ';Ciphertext B is obtained, 16 character string check code B ' are calculated by hash algorithm in ciphertext B;
(8) ciphertext A, character string check code A ', ciphertext B, character string check code B ' are combined into 48 data packets hair
It is sent to banking system and certification is decrypted.
(9) check code A ' and check code B ' is calculated by hash algorithm in obtained ciphertext A and ciphertext B by banking system
It is verified, judges whether to be tampered.
(10) if being not tampered with, ciphertext A and ciphertext B is synthesized into complete ciphertext, then verify the password of user's input
It is whether correct, terminate verifying.