CN104408834A - Method and system for controlling depositing and withdrawing safety based on safety core - Google Patents

Abstract

The invention discloses a method and a system for controlling depositing and withdrawing security based on a security core. A security chip is arranged in a depositing and withdrawing core and put in the safe case of an automatic teller machine. The core safety chip is called the security core for short; the security core communicates with an automatic teller machine pre-system (ATMP); the safe communication of the security core with the ATMP is realized by virtue of certificate issuing and key exchange; the ATMP authorizes the core to dispense cashes, and meanwhile, checks the amount deposited. According to the method and the system for controlling the depositing and withdrawing security based on the security core, due to the safe communication of the security core and the ATMP, the identity is authenticated, an instruction sent out is verified legally and a message sent out is encrypted, and then the ATMP authorizes the core to dispense cashes and checks the amount deposited; the method and the system have the advantages that authentication and encryption/decryption can be effectively authenticated to achieve integrity protection, prevent tampering and prevent replay attack protection, and therefore, the security of the ATM is improved.

Description

A kind of deposit and withdraw method of controlling security and system based on safe movement

Technical field

The present invention relates to a kind of deposit and withdraw method of controlling security and system based on safe movement.

Background technology

Along with the continuous progress of society and the development of financial circles, the bank ATM (ATM (Automatic Teller Machine)) based on the multiple technologies such as electronic technology, computer technology has a great development.Spread all over each city at China ATM, bank ATM easily for client provides automatic drawing, savings function, can save a large amount of human and material resources, alleviates the workload of bank.Current bank ATM has become a kind of indispensable means of services in bank service day by day.

At present, the financial crime activity about ATM increases with benefit, 2010, and in global hackers conference, the most powerful hacker Jack in the whole world successfully demonstrates the ATM cash dispenser of how to invade installation two kinds of different systems, and allows ATM cash dispenser tell paper money then and there.Successfully attacking ATM is at present all directly for the paper money supplying module of ATM; by sending note output instruction directly to paper money case; the safety precaution that can get around ATM makes ATM carry out telling paper money; the paper money supplying module of ATM is the most extensive in Financial information safety; part the most under attack; need the safeguard protection more strengthened, the safety problem therefore how solving ATM is subject to the great attention of financial world and society, and the Security Countermeasures of research and formulation ATM paper money supplying module are imperative.

To deposit and withdraw in existing ATM the shortcoming of cash module and communication system thereof:

(1) existing ATM cash module of depositing and withdrawing all is controlled the action of depositing and withdrawing of movement by WOSA communication protocol by ATMC, legitimacy certification is lacked to the instruction sent, the message sent is distorted and lacks effective strick precaution to driving the identity of caller, instruction replay to take precautions against.

(2) existing ATM cash module of depositing and withdrawing does not carry out authentication, integrated authentication and non repudiation certification to operator; lack Software security protection; lack Third Party Authentication mechanism; allow hacker have an opportunity to take advantage of, also may cause the security incident of defalcating due to the leak in bank management.Fig. 1 and Fig. 2 presents the youngster attacking ATM and plants mode.As Fig. 1, shown in 2, for existing operation of withdrawing the money, assailant attacks paper money supplying module, simulation industrial computer, deception paper money supplying module note output; Assailant attacks industrial computer, simulation ATMP, deception industrial computer note output.For existing deposit operation, assailant attacks industrial computer and ATMP, intercepts ATM and deposits message, forge credit request.

Therefore, be necessary to design a kind of novel deposit and withdraw method of controlling security and system.

Summary of the invention

Vulnerable for module of depositing and withdrawing in existing ATM (ATM (Automatic Teller Machine)), there is potential safety hazard, the invention provides a kind of deposit and withdraw method of controlling security and system based on safe movement, should based on safe movement deposit and withdraw method of controlling security and security of system high, easy to implement.

The technical solution of invention is as follows:

A kind of movement stereo safety control system, comprise ATM, ATMP and banking system of connecting successively, described ATMP is self-help teller machine front-end system, it is characterized in that, lays safe movement in ATM, and described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.[being specially bank's billing and accounting system of banking system].

Described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request [random number anti-replay], comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3) after the ATMP certificate that receives safe movement and signature [sign can anti-repudiation], response according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

Flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The ATMP session key amount of money | RND (| represent connector, connect two character strings) simultaneously please the amount of money crossed of the money amount of money, session key ATMC | and the answer code that RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the safe movement deciphering amount of money | the ciphertext of RND, the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing and just concludes the business and [rush financial field just and be used for guaranteeing the integrality of concluding the business and the transaction of setting up.Usually the original transaction only changed to cardholder account remaining sum just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】。

Deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital is putting the detailed plaintext of paper money and putting paper money detail | and the ciphertext of random number combination passes to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detail | random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

A kind of movement stereo safety control method, by laying safe movement and realizing security control based on certificate and secret key in ATM;

Described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.

Described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request [random number anti-replay], comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3) after the ATMP certificate that receives safe movement and signature [sign can anti-repudiation], response according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

Flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The ATMP session key amount of money | RND (| represent connector, connect two character strings) simultaneously please the amount of money crossed of the money amount of money, session key ATMC | and the answer code that RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the safe movement deciphering amount of money | the ciphertext of RND, the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing and just concludes the business and [rush financial field just and be used for guaranteeing the integrality of concluding the business and the transaction of setting up.Usually the original transaction only changed to cardholder account remaining sum just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】。

Deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital is putting the detailed plaintext of paper money and putting paper money detail | and the ciphertext of random number combination passes to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detail | random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

The present invention is set up and organic combination by the security system of ATMP (self-help teller machine front-end system), ATMC (self-service teller's end control system), safe movement, build stereo safety control system, lay safety chip depositing and withdrawing on movement, and be placed in the safety cabinet of ATM.Bank CA center issues ATMP certificate and safe movement certificate, bank assistant director downloads ATMP certificate and safe movement certificate, issued by certificate, key change, carry out authentication, legal checking is carried out to the instruction sent, the message sent is encrypted, realize the safety communication of safe movement and ATMP, ATMP authorizes movement note output, reports amount deposited verification.Operation of depositing and withdrawing by without control and optimize is: carried out security control, can follow-up auditing and non-repudiation, solves the security of cash problem of self-help teller machine when illegal invasion, and the security of cash control problem of solution under O&M, uncontrolled state.

Described safe movement refers to and adds safety chip depositing and withdrawing in movement, the movement of depositing and withdrawing comprising safety chip is called for short safe movement, for storage key, carry out safety data transmission by safe movement and ATMP (self-help teller machine front-end system), guarantee the security control to module of depositing and withdrawing.

Described key code system adopts ripe PKI (Public Key Infrastructure) system to carry out managing keys, wherein CA center is managed by bank or professional CA mechanism, there is provided the functions such as application certificate, distributing certificates, authentication certificate, destruction certificate, key management comprises certificate and issues and key change two parts.

It is that CA (certificate authority) center issues CA root certificate, ATMP certificate that described certificate issues, and CA root certificate, ATMP certificate are downloaded to ATMP (self-help teller machine front-end system) by bank assistant director.

It is that CA center issues CA root certificate, safe movement certificate that described certificate issues, and CA root certificate, safe movement certificate download in the safe movement of ATM by bank assistant director.

Beneficial effect:

The present invention is directed to current ATM to deposit and withdraw module Problems existing and trend, propose safe movement first and ATMP carries out key change at secure context of depositing and withdrawing, the new method of realize depositing and withdrawing module and ATMP safety communication, improves the security of ATM (Automatic Teller Machine).

Issue CA root certificate, ATMP certificate and safe movement certificate by CA center, and download in the safe movement of ATMP and ATM, carry out key change, realize certification and encryption and decryption, integrity protection and anti-replay-attack are protected.

Deposit and withdraw method of controlling security and system based on safe movement of the present invention, its core is, lays safety chip depositing and withdrawing in movement, is placed in the safety cabinet of ATM (Automatic Teller Machine).Movement safety chip is called for short safe movement, safe movement and self-help teller machine front-end system (ATMP) carry out communication, issued by certificate, key change, realize the secure communication of safe movement and self-help teller machine front-end system, ATMP (self-help teller machine front-end system) authorizes movement note output, verifies amount deposited simultaneously.The present invention is by the secure communication of safe movement and ATMP; certification is carried out to identity; legal checking is carried out to the instruction sent; the message sent is encrypted; ATMP authorizes movement note output; inspection amount deposited; overcome the shortcoming that original deposit and withdraw module and communication system have; operation of depositing and withdrawing has security control by without controlling to become; effective certification is carried out to the instruction sent, the message sent is encrypted and authentication, anti-tamper; anti-replay-attack is protected, and improves the security of ATM (Automatic Teller Machine).

Adopt the present invention, original hacker's means no longer have attack effect, effectively can be prevented the security incident of defalcating caused because of the leak in bank management by the method simultaneously.Simultaneously by a series of certification and encryption and decryption; integrity protection; anti-replay-attack protection etc.; ensure that existing hacker's means cannot make ATM paper money supplying module carry out telling paper money in illegal situation; having carried out anti-replay to deposit module achieves one of ATM three-dimensional security protection; meet the demand for security of the atm device being operated in " line ", meet the bank's even needs of country to Financial information safety.

Accompanying drawing explanation

Fig. 1 is existing modular system Organization Chart of withdrawing the money;

Fig. 2 is existing deposit modular system Organization Chart;

Fig. 3 is that the present invention withdraws the money modular system Organization Chart;

Fig. 4 is that the present invention deposits modular system Organization Chart;

Fig. 5 is the process flow diagram that the safe movement of ATM and ATMP exchange key;

Fig. 6 is process flow diagram of withdrawing the money;

Fig. 7 is deposit process flow diagram.

Embodiment

Below with reference to the drawings and specific embodiments, the present invention is described in further details:

Embodiment 1:

As Fig. 1-5, a kind of movement stereo safety control system, comprise ATM, ATMP and banking system of connecting successively, described ATMP is self-help teller machine front-end system, it is characterized in that, lays safe movement in ATM, and described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.[being specially bank's billing and accounting system of banking system].

Described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request [random number anti-replay], comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3) after the ATMP certificate that receives safe movement and signature [sign can anti-repudiation], response according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

Flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The ATMP session key amount of money | RND (| represent connector, connect two character strings) simultaneously please the amount of money crossed of the money amount of money, session key ATMC | and the answer code that RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the safe movement deciphering amount of money | the ciphertext of RND, the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing and just concludes the business and [rush financial field just and be used for guaranteeing the integrality of concluding the business and the transaction of setting up.Usually the original transaction only changed to cardholder account remaining sum just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】。

Deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital is putting the detailed plaintext of paper money and putting paper money detail | and the ciphertext of random number combination passes to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detail | random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

A kind of movement stereo safety control method, by laying safe movement and realizing security control based on certificate and secret key in ATM;

Described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.

Described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request [random number anti-replay], comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3) after the ATMP certificate that receives safe movement and signature [sign can anti-repudiation], response according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

Flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The ATMP session key amount of money | RND (| represent connector, connect two character strings) simultaneously please the amount of money crossed of the money amount of money, session key ATMC | and the answer code that RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the safe movement deciphering amount of money | the ciphertext of RND, the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing and just concludes the business and [rush financial field just and be used for guaranteeing the integrality of concluding the business and the transaction of setting up.Usually the original transaction only changed to cardholder account remaining sum just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】。

Deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital is putting the detailed plaintext of paper money and putting paper money detail | and the ciphertext of random number combination passes to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detail | random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

As Fig. 3, shown in 4, add safety chip depositing and withdrawing in movement, the movement of depositing and withdrawing comprising safety chip is called for short safe movement, is placed in the safety cabinet of ATM.Safe movement and ATMP (self-help teller machine front-end system) carry out communication, by CA center [certificate authority (Certificate Authority), or claim certification authority agent] under issue licence, key change, realize the secure communication of safe movement and ATMP, ATMP authorizes movement note output, ATMP reports amount deposited verification, and the note output of being authorized by ATMP and deposit send mode to ensure safety passage.

Safe movement is used for storage key, carries out safety data transmission, guarantee to control the safety of module of depositing and withdrawing by safe movement and ATMP.

To issue licence under CA center and bank assistant director downloads the step of ATMP certificate:

(1) in bank safety environment, ATMP generates public private key pair PKATMP (self-help teller machine front-end system PKI)/SKATMP (self-help teller machine front-end system private key), uploads PKI;

(2) bank assistant director uploads by the RA (certificate registration approving authority) (registrationauthority) of bank the demand file that ATMP (self-help teller machine front-end system) Generates Certificate;

(3) bank CA (certificate authority) generates ATMP (self-help teller machine front-end system) certificate, and ATMP certificate and CA root certificate are handed down to bank assistant director;

(4) CA root certificate, ATMP certificate are downloaded to ATMP by bank assistant director.

Issue licence under CA and bank assistant director to download the step of safe movement certificate as follows:

(1) in bank safety environment, the safe movement of ATM generates public private key pair PKATMSM (self-help teller machine safe movement PKI)/SKATMSM (the safe movement private key of self-help teller machine), uploads PKI;

(2) bank assistant director uploads by the RA of bank the demand file that safe movement Generates Certificate;

(3) bank CA generates safe movement certificate, and safe movement certificate and CA root certificate are handed down to bank assistant director;

(4) CA root certificate, safe movement certificate download in the safe movement of ATM by bank assistant director.

ATMC in literary composition is atm device control system, refers to the application software on ATM.

According to Fig. 6, the concrete steps that flow instance of withdrawing the money realizes are described:

1, withdrawal request: holder initiates withdrawal request, ATMC (self-service teller's end control system) tissue cardholder information, gets random number from safe movement simultaneously.ATMC sends to ATMP (self-help teller machine front-end system) after organizing all information;

2, by 2 in Fig. 6,3,4 step sequences, ATMP obtains transaction backstage mandate of withdrawing the money.The ATMP session key amount of money | RND (random number) issues ATM end authorization message simultaneously;

3, the safe movement deciphering amount of money | the ciphertext of RND, compares with RND and the amount of money simultaneously again.Comparison is correct, and movement action note output, incorrect movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message.

According to Fig. 7, the concrete steps that deposit flow instance realizes are described:

1, after depositor carries out deposit state, ATMC applies for random number to ATMP;

2, ATMP respond this deposit required for random number;

3, safe movement often receives one and puts paper money process, all can be detailed expressly and put paper money detail putting paper money | the ciphertext of random number combination passes to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4, ATMC organizational information initiates this credit request;

5, encryption equipment deciphering deposit is detailed | random number;

6, after ATMP verifies that random number is correct, amount deposited is calculated according to deposit is detailed.Amount deposited with on send the amount of money consistent, banking system [backstage] issued by ATMP group bag.If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

The above is the preferred embodiment of the present invention; certainly the interest field of the present invention can not be limited with this; should be understood that; for those skilled in the art; under the premise without departing from the principles of the invention; can also make some improvement and variation, these improve and variation is also considered as protection scope of the present invention.

Claims (8)

1. a movement stereo safety control system, comprise ATM, ATMP and banking system of connecting successively, described ATMP is self-help teller machine front-end system, it is characterized in that, lays safe movement in ATM, and described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.

2. movement stereo safety control system according to claim 1, it is characterized in that, described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request, comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3), after the ATMP certificate that receives safe movement and signature, respond according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

3. movement stereo safety control system according to claim 2, it is characterized in that, flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The answer code that ATMP session key amount of money RND asks the money amount of money ATMC simultaneously, session key is crossed the amount of money RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the ciphertext of safe movement deciphering amount of money RND, and the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing just concluding the business.

4. according to movement stereo safety control system according to claim 2, it is characterized in that, deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital put paper money detailed expressly and the ciphertext of putting the detailed random number combination of paper money pass to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detailed random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.

5. a movement stereo safety control method, is characterized in that, by laying safe movement and realize security control based on certificate and secret key in ATM;

Described safe movement is movement safety chip; The safety certificate having certificate authorization center CA to issue in safe movement in ATM and ATMP; Safe movement and self-help teller machine front-end system (ATMP) are issued by certificate and realize secure communication with key change, thus certification is carried out to identity, legal checking is carried out to the instruction sent, the message sent is encrypted, after being proved to be successful, the operation if withdraw the money, then authorize ATM note output by ATMP; If deposit operation, then ATMP verifies amount deposited, is then reported to banking system.

6. movement stereo safety control method according to claim 5, it is characterized in that, described key change comprises step:

(1), after safe movement powers on, the safe movement of ATM initiates RANDOM NUMBER request, comprises the following steps:

1) the safe movement of ATM initiates 8 byte RANDOM NUMBER request to ATMP;

2) ATMP calls encryption equipment and produces 8 byte random number R ND;

3) random number R ND is issued the safe movement of ATM by ATMP;

(2), after the safe movement of ATM receives random number, above send certificate and signature, comprise the following steps:

1) the safe movement of ATM stores random number R ND, to random number signature, obtains SigSKATMSM (RND);

2) the safe movement of ATM send movement certificate Cert ATMSM and signature Sig SKATMSM (RND) to the self-service teller's end control system ATMC on ATM;

3) ATMC is movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 territories, sends to ATMP;

(3), after the ATMP certificate that receives safe movement and signature, respond according to the following steps:

1) ATMP calls the validity of encryption equipment CA root certificate sign test movement certificate;

2), after certification authentication success, ATMP calls the PKI that encryption equipment preserves safe movement, carries out sign test to the random number stored in the signature of movement, encryption equipment;

3) after verifying movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random number R ND signature, obtains SigSKATMP (RND);

4) certificate CertATMP and signature SigSKATMP (RND) group wrap to 48 territories by ATMP, issue ATMC;

5) ATMC unpacks, and issues safe movement;

(4), after the safe movement of the ATM certificate that receives ATMP and signature, respond according to the following steps:

1) validity of safe movement CA root certificate sign test ATMP certificate CertATMP;

2) after certification authentication success, safe movement preserves the PKI of ATMP, carries out sign test, the legal identity of checking ATMP to the signature SigSKATMP (RND) of ATMP, the random number of safe machine in-core storage;

(5) safe movement is verifying that ATMP identity information is errorless, under exchange of public keys success prerequisite, initiate " registering " transaction, the solicited message of registering is sent to ATMP by safe movement, and the solicited message of registering comprises the terminal number of terminal, IP address, ATMC version number and Key Tpe (DES, 3DES, SM4);

(6) after ATMP receives the request of registering, ATMP tests to solicited message, checks successfully, in encryption equipment, produces session key, is encrypted in encryption equipment with movement PKI to session key simultaneously; And issue response message of registering to safe movement; Response message of registering comprises working key, session key, terminal check time and ATMP version number.

7. movement stereo safety control method according to claim 6, it is characterized in that, flow process of withdrawing the money is:

1) withdrawal request: holder initiates withdrawal request, ATMC organizes cardholder information and send to ATMP after safe movement gets random number;

2) based on secret key exchange process, ATMP obtains withdrawing the money the mandate of transaction backstage and banking system; The answer code that ATMP session key amount of money RND (represent connector, connect two character strings) asks the money amount of money ATMC simultaneously, session key is crossed the amount of money RND, ATMP return issues ATM end;

3) if the answer code that returns of ATMP for " 00 ", representing please money Transaction Success, the ciphertext of safe movement deciphering amount of money RND, and the authorized amount of money, authorizes the amount of money simultaneously and please compare by the money amount of money; Comparison is correct, and movement performs note output action, if incorrect, movement reports error message to organize the amount of money to rush positive information to ATMC, ATMC according to error message, carries out rushing just concluding the business.

8. according to movement stereo safety control method according to claim 2, it is characterized in that, deposit flow process is:

1) depositor's [after namely selecting deposit in man-machine interface] after ATM starts deposit operation, ATMC applies for random number to ATMP;

2) ATMP respond this deposit required for random number;

3) after ATMC receives random number, driving arrangement enters puts paper money pattern, safe movement often receives one and puts paper money process, capital put paper money detailed expressly and the ciphertext of putting the detailed random number combination of paper money pass to ATMC, ATMC directly use expressly as echo message to user, ciphertext is then passed to ATMP in credit transaction;

4) ATMC organizational information initiates this credit request;

5) encryption equipment be connected in same security system with ATMP is deciphered and is deposited detailed random number;

6), after ATMP verifies that random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with on send the amount of money consistent, banking system issued by ATMP group bag, completes deposit; If inconsistent, ATMP notifies ATMC, deposits unsuccessfully.