CN103152167A - Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system - Google Patents
Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system Download PDFInfo
- Publication number
- CN103152167A CN103152167A CN201310091140XA CN201310091140A CN103152167A CN 103152167 A CN103152167 A CN 103152167A CN 201310091140X A CN201310091140X A CN 201310091140XA CN 201310091140 A CN201310091140 A CN 201310091140A CN 103152167 A CN103152167 A CN 103152167A
- Authority
- CN
- China
- Prior art keywords
- data
- pin
- carried out
- encrypted
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an intelligent card PIN (personal identification number) encrypted transmission method and an intelligent card PIN encrypted transmission system, which are used for effectively preventing the leakage of PIN data at a transaction step. The method of the embodiment of the invention includes the following steps: PIN data are acquired; according to a first predetermined rule, first processing is carried out on the PIN data, so that a key is obtained; according to a second predetermined rule, second processing is carried out on the PIN data, so that data to be encrypted are obtained; according to a third predetermined rule, third processing is carried out on the data to be encrypted, so that processed data are obtained; and according to a fourth predetermined rule, fourth processing is carried out on the key and the processed data, so that a ciphertext is obtained. The adoption of the method can ensure that the PIN data can be transmitted in the form of the ciphertext from a terminal device to an intelligent card terminal, so that the possible leakage of the PIN data can be effectively prevented at the transaction step, consequently, the security of transaction is enhanced, and the dependency on the security of a transaction environment is reduced.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of smart card PIN encrypted transmission method and device.
Background technology
Present domestic application smart card comparatively widely mainly contains financial IC card, work and social security IC-card, house and town and country construction IC-card, ETC card etc., the definition is all to adopt clear-text way to carry out the PIN transmission with personal identification numeral (PIN, Personal Identification Number) correlation technique standard (comprising that mainly VerifyPIN checking PIN, ChangePIN revise the relevant PIN management regulations such as PIN).
PIN is mainly used in verifying the data of holder's identity, close secret preservation in smart card, and the outside can't obtain; The holder is being carried out legal identity when checking, by the close secret input of holder and sent in smart card by the terminal input equipment, smart card compares with the inner close secret PIN of card, thereby completes the confirmation to holder's identity.
The communication modes of existing smart card mainly contains by the ISO7816 contact, ISO14443 is contactless and the Universal USB mode is carried out communication.Send PIN in the process of smart card by terminal equipment, PIN is expressly, and easily victim obtains or monitors.Thereby can follow the tracks of by special installation to smart card both-way communication process at terminal equipment and obtain communication data, PIN exists as a crucial sensitive data possibility of revealing.
Summary of the invention
The embodiment of the present invention provides a kind of smart card PIN encrypted transmission method and device, is used for effectively preventing that the PIN data from leaking at bargain link.
A kind of smart card PIN encrypted transmission method that the embodiment of the present invention provides specifically comprises:
Obtain the PIN data;
According to the first pre-defined rule, the PIN data are carried out the first processing and obtain key;
According to the second pre-defined rule, the PIN data are carried out the second processing and obtain be-encrypted data;
According to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing and obtain deal with data;
According to the 4th pre-defined rule to key and described deal with data carry out the everywhere reason obtain ciphertext.
Optionally, according to the 3rd pre-defined rule, be-encrypted data being carried out the 3rd processing obtains deal with data and comprises:
Obtain random data;
Be-encrypted data and random data are carried out XOR, obtain the XOR result.
Optionally, according to the 4th pre-defined rule to key and deal with data carry out the everywhere reason to obtain ciphertext be to adopt key to carry out the 3DES cryptographic calculation to the XOR result and obtain ciphertext.
Optionally, the method can be used in the ISO7816 contact, ISO14443 is contactless and the Universal USB mode is carried out communication.
The embodiment of the present invention also provides a kind of smart card PIN encrypted transmission device, specifically comprises:
Acquiring unit is used for obtaining the PIN data;
The first processing unit is used for according to the first pre-defined rule, the PIN data being carried out the first processing and obtains key;
The second processing unit is used for according to the second pre-defined rule, the PIN data being carried out the second processing and obtains be-encrypted data;
The 3rd processing unit is used for according to the 3rd pre-defined rule, be-encrypted data being carried out the 3rd processing and obtains deal with data;
Fourth processing unit, be used for according to the 4th pre-defined rule to described key and described deal with data carry out the everywhere reason obtain ciphertext.
Optionally,
The 3rd processing unit comprises:
Obtain subelement, be used for obtaining random data;
The XOR subelement is used for be-encrypted data and random data are carried out XOR, obtains the XOR result.
Optionally,
Fourth processing unit comprises:
The operator unit is used for adopting described key to carry out the 3DES cryptographic calculation to described XOR result and obtains ciphertext.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages: at first obtain the PIN data; Then according to the first pre-defined rule, the PIN data are carried out the first processing successively and obtain key K
PIN; According to the second pre-defined rule, the PIN data are carried out the second processing and obtain be-encrypted data; According to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing and obtain deal with data; According to the 4th pre-defined rule to key and described deal with data carry out the everywhere reason obtain ciphertext.Adopt the method can make the PIN data adopt encrypted test mode to transmit from terminal to the smart card end, thereby can stop the possibility in the leakage of this link PIN data, thereby improved the fail safe of transaction, reduce the dependence to the trading environment fail safe.
Description of drawings
The embodiment flow chart of a kind of smart card PIN encrypted transmission method that Fig. 1 provides for the embodiment of the present invention;
The example structure schematic diagram of a kind of smart card PIN encrypted transmission device that Fig. 2 provides for the embodiment of the present invention.
Embodiment
A kind of smart card PIN encrypted transmission method that the embodiment of the present invention provides specifically comprises:
101, obtain the PIN data;
Need to prove, before the PIN data are encrypted, need to obtain this PIN data, these PIN data can be account or password.
102, according to the first pre-defined rule, the PIN data are carried out the first processing and obtain key;
In the present embodiment, at first PIN is formatd, and fill according to rule and replenish byte, wherein rule can be as follows:
Need to prove, this key can be 16 bytes, can be also 24 bytes, does not do concrete restriction at this.If generate a certain 16 byte keys according to the PIN data, 1 byte of this key can be the PIN data length, and the 2-3 byte can be this PIN content, and additional byte can be the 15-PIN length value.
For example the PIN data are " 1234H ", 2 byte lengths, and 1 byte of key can be 0x02, and 2 bytes can be 0x1234, and 13 bytes can be 0x0D, and this key can be 0212340D0D0D0D0D0D0D0D0D0D0D0D0D.
103, according to the second pre-defined rule, the PIN data are carried out the second processing and obtain be-encrypted data;
In the present embodiment, at first PIN is formatd, and fill according to rule and replenish byte, wherein rule can be as follows:
If generate a certain 8 byte be-encrypted data according to the PIN data, 1 byte of this be-encrypted data can be the PIN data length, and the 2-3 byte can be this PIN content, and additional byte can be the 7-PIN length value.
For example the PIN data are " 1234H ", 2 byte lengths, and 1 byte of this be-encrypted data can be 0x02, and 2 bytes can be 0x1234, and 5 bytes can be 0x05, and this be-encrypted data can be 0212340505050505.
104, according to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing and obtain deal with data;
In the present embodiment, step 103 be-encrypted data that obtains and the random data that obtains are carried out XOR, obtain the XOR result.
Need to prove, it will be understood by those skilled in the art that random data can be one group of data arbitrarily, generate by smart card device is inner, do not do herein concrete restriction.
105, according to the 4th pre-defined rule to key and described deal with data carry out the everywhere reason obtain ciphertext.
In the present embodiment, adopt key to carry out the 3DES cryptographic calculation to the XOR result and obtain ciphertext.
Need to prove, 3DES is a kind of cipher mode, based on DES.The 3DES algorithm has carried out exactly 3 DES and has calculated, once encrypt with first key, once decipher with second key, once encrypt with the 3rd key more afterwards, the key length of des encryption can be 64, if adopt 192 password encryptions, three keys are got respectively successively 64 so, if adopt 128 keys, first key with the 3rd is identical.
Need to prove that this method can be used in the ISO7816 contact, ISO14443 is contactless and the Universal USB mode is carried out communication.
In the present embodiment, at first obtain the PIN data; Then according to the first pre-defined rule, the PIN data are carried out the first processing successively and obtain key; According to the second pre-defined rule, the PIN data are carried out the second processing and obtain be-encrypted data; According to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing and obtain deal with data; According to the 4th pre-defined rule to key and described deal with data carry out the everywhere reason obtain ciphertext.Adopt the method can make the PIN data adopt encrypted test mode to transmit from terminal to the smart card end, thereby can stop to go out in this link the possibility that PIN reveals, thereby improved the fail safe of transaction, reduce the dependence to the trading environment fail safe.
See also Fig. 2, the embodiment of the present invention also provides a kind of smart card PIN encrypted transmission device, specifically comprises:
The first processing unit 202 is used for according to the first pre-defined rule, the PIN data being carried out the first processing and obtains key;
The second processing unit 203 is used for according to the second pre-defined rule, the PIN data being carried out the second processing and obtains be-encrypted data;
The 3rd processing unit 204 is used for according to the 3rd pre-defined rule, be-encrypted data being carried out the 3rd processing and obtains deal with data;
Wherein the 3rd processing unit further comprises:
Obtain subelement 2041, be used for obtaining random data;
Wherein fourth processing unit further comprises:
The below is with the example in a reality, and the communication mode of unit in the embodiment of the present invention is described:
At first obtain the PIN data by acquiring unit 201;
Need to prove, before the PIN data are encrypted, need to obtain this PIN data, these PIN data can be account or password.
Then according to the first pre-defined rule, the PIN data are carried out the first processing by the first processing unit 202 and obtain key;
In the present embodiment, 202 couples of PIN of at first right the first processing unit format, and fill according to rule and replenish byte, and wherein rule can be as follows:
Need to prove, this key can be 16 bytes, can be also 24 bytes, does not do concrete restriction at this.If generate a certain 16 byte keys according to the PIN data, 1 byte of this key can be the PIN data length, and the 2-3 byte can be this PIN content, and additional byte can be the 15-PIN length value.
For example the PIN data are " 1234H ", 2 byte lengths, and 1 byte of key can be 0x02, and 2 bytes can be 0x1234, and 13 bytes can be 0x0D, and this key can be 0212340D0D0D0D0D0D0D0D0D0D0D0D0D.
Then according to the second pre-defined rule, the PIN data are carried out the second processing by the second processing unit 203 and obtain be-encrypted data;
In the present embodiment, at first the second processing unit 203 formats PIN, and fills according to rule and replenish byte, and wherein rule can be as follows:
If generate a certain 8 byte be-encrypted data according to the PIN data, 1 byte of this be-encrypted data can be the PIN data length, and the 2-3 byte can be this PIN content, and additional byte can be the 7-PIN length value.
For example the PIN data are " 1234H ", 2 byte lengths, and 1 byte of be-encrypted data can be 0x02, and 2 bytes can be 0x1234, and 5 bytes can be 0x05, and this be-encrypted data can be 0212340505050505.
After obtaining be-encrypted data, according to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing by the 3rd processing unit 204 and obtain deal with data;
In the present embodiment, at first obtain at random one group of data by obtaining subelement 2041, then by XOR subelement 2042, be-encrypted data and random data are carried out XOR, obtain the XOR result.
Need to prove, it will be understood by those skilled in the art that random data can be one group of data arbitrarily, generate by smart card device is inner, do not do herein concrete restriction.
At last, by fourth processing unit 205 according to the 4th pre-defined rule to key and described deal with data carry out the everywhere reason obtain ciphertext.
In the present embodiment, adopt keys to carry out the 3DES cryptographic calculation to the XOR result by operator unit 2051 and obtain ciphertext.
Need to prove, 3DES is a kind of cipher mode, based on DES.The 3DES algorithm has carried out exactly 3 DES and has calculated, once encrypt with first key, once decipher with second key, once encrypt with the 3rd key more afterwards, the key length of des encryption can be 64, if adopt 192 password encryptions, three keys can be got respectively successively 64 so, if adopt 128 keys, first key with the 3rd can be identical.
Need to prove that this method can be used in the ISO7816 contact, ISO14443 is contactless and the Universal USB mode is carried out communication.
In the present embodiment, at first acquiring unit 201 obtains the PIN data; Then according to the first pre-defined rule, the PIN data are carried out the first processing by the first processing unit 202 and obtain key; Then according to the second pre-defined rule, the PIN data are carried out the second processing by the second processing unit 203 and obtain be-encrypted data; According to the 3rd pre-defined rule, be-encrypted data is carried out the 3rd processing by the 3rd processing unit 204 again and obtain deal with data, wherein, obtain random data by obtaining subelement 2041, then carry out XOR by 2042 pairs of these random data of XOR subelement and be-encrypted data, obtain the XOR result; According to the 4th pre-defined rule, key and XOR result data are carried out the 3DES computing by fourth processing unit 205 at last and obtain ciphertext.Adopt the method can make the PIN data adopt encrypted test mode to transmit from terminal to the smart card end, thereby can stop to go out in this link the possibility that PIN reveals, thereby improved the fail safe of transaction, reduce the dependence to the trading environment fail safe.
The those skilled in the art can be well understood to, and is the convenience described and succinct, the system of foregoing description, and the specific works process of device and unit can with reference to the corresponding process in preceding method embodiment, not repeat them here.
In several embodiment that the application provides, should be understood that, disclosed system, apparatus and method can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, during actual the realization, other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
Described unit as separating component explanation can or can not be also physically to separate, and the parts that show as the unit can be or can not be also physical locations, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of unit to realize the purpose of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, also can adopt the form of SFU software functional unit to realize.
If described integrated unit is realized with the form of SFU software functional unit and during as independently production marketing or use, can be stored in a computer read/write memory medium.Based on such understanding, part or all or part of of this technical scheme that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out all or part of step of the described method of each embodiment of the present invention.And aforesaid storage medium comprises: the various media that can be program code stored such as USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD.
The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment, the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (7)
1. a smart card PIN encrypted transmission method, is characterized in that, comprising:
Obtain the PIN data;
According to the first pre-defined rule, described PIN data are carried out the first processing and obtain key;
According to the second pre-defined rule, described PIN data are carried out the second processing and obtain be-encrypted data;
According to the 3rd pre-defined rule, described be-encrypted data is carried out the 3rd processing and obtain deal with data;
According to the 4th pre-defined rule to described key and described deal with data carry out the everywhere reason obtain ciphertext.
2. smart card PIN encrypted transmission method according to claim 1, is characterized in that, according to the 3rd pre-defined rule, described be-encrypted data carried out the 3rd processing and obtain deal with data and comprise:
Obtain random data;
Described be-encrypted data and described random data are carried out XOR, obtain the XOR result.
3. smart card PIN encrypted transmission method according to claim 2, it is characterized in that, described according to the 4th pre-defined rule to described key and described deal with data carry out the everywhere reason obtain ciphertext, obtain ciphertext for adopting described key to carry out the 3DES cryptographic calculation to described XOR result.
4. the described smart card PIN encrypted transmission method of any one according to claim 1 to 3, is characterized in that, described method can be by the ISO7816 contact, ISO14443 is contactless and the Universal USB mode is carried out communication.
5. a smart card PIN encrypted transmission device, is characterized in that, comprising:
Acquiring unit is used for obtaining the PIN data;
The first processing unit is used for according to the first pre-defined rule, described PIN data being carried out the first processing and obtains key;
The second processing unit is used for according to the second pre-defined rule, described PIN data being carried out the second processing and obtains be-encrypted data;
The 3rd processing unit is used for according to the 3rd pre-defined rule, described be-encrypted data being carried out the 3rd processing and obtains deal with data;
Fourth processing unit, be used for according to the 4th pre-defined rule to described key and described deal with data carry out the everywhere reason obtain ciphertext.
6. smart card PIN encrypted transmission device according to claim 5, is characterized in that,
Described the 3rd processing unit comprises:
Obtain subelement, be used for obtaining random data;
The XOR subelement is used for described be-encrypted data and described random data are carried out XOR, obtains the XOR result.
7. smart card PIN encrypted transmission device according to claim 5, is characterized in that,
Described fourth processing unit comprises:
The operator unit is used for adopting described key to carry out the 3DES cryptographic calculation to described XOR result and obtains ciphertext.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310091140XA CN103152167A (en) | 2013-03-20 | 2013-03-20 | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310091140XA CN103152167A (en) | 2013-03-20 | 2013-03-20 | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103152167A true CN103152167A (en) | 2013-06-12 |
Family
ID=48550046
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310091140XA Pending CN103152167A (en) | 2013-03-20 | 2013-03-20 | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103152167A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104270754A (en) * | 2014-09-29 | 2015-01-07 | 福建星网锐捷网络有限公司 | SIM authentication method and device |
CN108509787A (en) * | 2018-03-14 | 2018-09-07 | 深圳市中易通安全芯科技有限公司 | A kind of program authentication method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030061168A1 (en) * | 2001-09-21 | 2003-03-27 | Larry Routhenstein | Method for generating customer secure card numbers |
CN1614924A (en) * | 2004-11-26 | 2005-05-11 | 王小矿 | Identity certifying system based on intelligent card and dynamic coding |
US20100031021A1 (en) * | 2006-09-22 | 2010-02-04 | International Business Machines Corporation | Method for improved key management for atms and other remote devices |
CN102332981A (en) * | 2011-10-12 | 2012-01-25 | 深圳市沃达通实业有限公司 | Three-layer key encryption method and bank transaction system |
-
2013
- 2013-03-20 CN CN201310091140XA patent/CN103152167A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030061168A1 (en) * | 2001-09-21 | 2003-03-27 | Larry Routhenstein | Method for generating customer secure card numbers |
CN1614924A (en) * | 2004-11-26 | 2005-05-11 | 王小矿 | Identity certifying system based on intelligent card and dynamic coding |
US20100031021A1 (en) * | 2006-09-22 | 2010-02-04 | International Business Machines Corporation | Method for improved key management for atms and other remote devices |
CN102332981A (en) * | 2011-10-12 | 2012-01-25 | 深圳市沃达通实业有限公司 | Three-layer key encryption method and bank transaction system |
Non-Patent Citations (4)
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104270754A (en) * | 2014-09-29 | 2015-01-07 | 福建星网锐捷网络有限公司 | SIM authentication method and device |
CN104270754B (en) * | 2014-09-29 | 2018-09-11 | 福建星网锐捷网络有限公司 | A kind of Subscriber Identity Module method for authenticating and device |
CN108509787A (en) * | 2018-03-14 | 2018-09-07 | 深圳市中易通安全芯科技有限公司 | A kind of program authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
US8239681B2 (en) | Information processing device and method, recording medium, program and information processing system | |
CN100390695C (en) | Device and method with reduced information leakage | |
CN101923660B (en) | Dynamic password identity authorization system and method based on RFID | |
US8978152B1 (en) | Decentralized token table generation | |
CN102761557B (en) | A kind of terminal device authentication method and device | |
US9961057B2 (en) | Securing a cryptographic device against implementation attacks | |
CA2550698A1 (en) | Method and apparatus for encryption and pass-through handling of confidential information in software applications | |
US10027639B2 (en) | IC chip performing access control based on encrypted ID | |
CN109948347A (en) | A kind of date storage method and device, server and readable storage medium storing program for executing | |
CN107800716B (en) | Data processing method and device | |
CN101980241B (en) | Method, system and device for authenticating radio frequency tag | |
CN104732159A (en) | File processing method and file processing device | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
CN106296177A (en) | Data processing method based on bank's Mobile solution and equipment | |
CN100476844C (en) | Method for realizing binding function between electronic key and computer | |
CN106712952B (en) | Radio frequency tag security identification method and system | |
CN104077243A (en) | SATA hard disc device encryption method and system | |
CN113378195A (en) | Method, apparatus, medium, and program product for encrypted communication | |
CN103152167A (en) | Intelligent card PIN (personal identification number) encrypted transmission method and intelligent card PIN encrypted transmission system | |
CN116823257A (en) | Information processing method, device, equipment and storage medium | |
CN105678185A (en) | Data security protection method and intelligent terminal management system | |
CN113645183B (en) | Data encryption transmission method, system, computer equipment and storage medium | |
CN204066182U (en) | A kind of financial IC card internet terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130612 |