CN104408834B - Method and system for controlling depositing and withdrawing safety based on safety core - Google Patents

Abstract

The invention discloses a method and a system for controlling depositing and withdrawing security based on a security core. A security chip is arranged in a depositing and withdrawing core and put in the safe case of an automatic teller machine. The core safety chip is called the security core for short; the security core communicates with an automatic teller machine pre-system (ATMP); the safe communication of the security core with the ATMP is realized by virtue of certificate issuing and key exchange; the ATMP authorizes the core to dispense cashes, and meanwhile, checks the amount deposited. According to the method and the system for controlling the depositing and withdrawing security based on the security core, due to the safe communication of the security core and the ATMP, the identity is authenticated, an instruction sent out is verified legally and a message sent out is encrypted, and then the ATMP authorizes the core to dispense cashes and checks the amount deposited; the method and the system have the advantages that authentication and encryption/decryption can be effectively authenticated to achieve integrity protection, prevent tampering and prevent replay attack protection, and therefore, the security of the ATM is improved.

Description

A kind of withdrawal method of controlling security and system based on safe movement

Technical field

The present invention relates to a kind of withdrawal method of controlling security and system based on safe movement.

Background technology

With the continuous development of the continuous progressive and financial circles of society, with multiple technologies such as electronic technology, computer technologies Based on bank ATM (ATM) have a great development.Each city is spread all in China ATM, bank ATM can Easily as client to provide automatic drawing, savings function, substantial amounts of human and material resources are saved, alleviate the work of bank Amount.At present bank ATM has been increasingly becoming a kind of indispensable means of services in bank service.

At present, the financial crime activity with regard to ATM increases with benefit, 2010, and in global hackers conference, the whole world is most powerful Hacker Jack successfully demonstrates how to invade and installs the ATM cash dispensers of two kinds of different systems, and allows ATM cash dispensers to be told on the spot Paper money.Successful to ATM at present attack is all the paper money supplying module for being directed to ATM, is instructed by directly sending note output to cash box, The safety precaution of ATM can be got around makes ATM carry out telling paper money, the paper money supplying module of ATM be in Financial information safety the most extensively, most Easily part under attack, needs the safeguard protection more strengthened, therefore how to solve the safety problem of ATM by gold The Security Countermeasures for melting the great attention of boundary and society, research and formulation ATM paper money supplying modules are imperative.

The shortcoming of withdrawal cash module and its communication system in existing ATM：

(1) existing ATM withdrawal cash module is all controlled the withdrawal of movement by ATMC by WOSA communication protocols Action, the instruction to sending lacks legitimacy certification, and the message to sending is distorted and to driving the identity of caller, referring to Playback strick precaution is made to lack effectively strick precaution.

(2) existing ATM withdrawal cash module does not carry out authentication, integrated authentication to operator and can not support The certification of bad property, lacks Software security protection, lacks Third Party Authentication mechanism, allows hacker to have an opportunity to take advantage of, it is also possible to due to bank's pipe Leak in reason causes the security incident defalcated.Fig. 1 and Fig. 2 present the youngster's kind mode for attacking ATM.Such as Fig. 1, shown in 2, For existing operation of withdrawing the money, attacker are attacked paper money supplying module, simulate industrial computer, paper money supplying module note output is cheated；Attacker attacks Industrial computer, simulates ATMP, cheats industrial computer note output.For existing deposit operation, attacker attack industrial computer and ATMP, intercept ATM deposits message, forges credit request.

Therefore, it is necessary to design a kind of new withdrawal method of controlling security and system.

The content of the invention

It is vulnerable for deposit and withdrawal module in existing ATM (ATM), there is potential safety hazard, the present invention provides one Kind based on safe movement withdrawal method of controlling security and system, should be based on safe movement withdrawal method of controlling security and Security of system is high, it is easy to implement.

The technical solution of invention is as follows：

A kind of movement stereo safety control system, including ATM, ATMP and banking system for being sequentially connected, described ATMP For self-help teller machine front-end system, it is characterised in that lay safe movement in ATM, described safe movement is movement safety Chip；There is the safety certificate that certificate authorization center CA is issued in safe movement and ATMP in ATM；Safe movement and self-service teller Machine front-end system (ATMP) issues to be exchanged with key by certificate realizes secure communication, so as to be authenticated to identity, to sending Instruction carry out legal checking, the message to sending is encrypted, after being proved to be successful, if withdraw the money operation, then by ATMP authorize ATM note outputs；If deposit operation, then ATMP is verified to amount deposited, is then reported to banking system.【Specially bank Bank's billing and accounting system of system】.

Described key is exchanged includes step：

(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step Suddenly：

1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued the safe movements of ATM by ATMP；

(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps：

1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND)；

2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from Help teller end control system ATMC；

3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains ATMP；

(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement The random number of memory storage carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair Random number R ND is signed, and obtains SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues safe movement；

(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps：

1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP；

(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe (DES, 3DES, SM4)；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment Raw session key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to peace Full movement；Response message of registering includes working key, session key, terminal check time and ATMP version numbers.

Withdrawal flow process is：

1) withdrawal request：Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with ATMP is sent to after machine number；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is close with session Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC The amount of money | the answer code that RND, ATMP are returned issues ATM ends；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if not Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.

Depositing flow process is：

1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens Please random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process, The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text Information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number；

6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money Unanimously, ATMP groups bag issues banking system, completes deposit；If inconsistent, ATMP notifies ATMC, deposit failure.

A kind of movement stereo safety control method, by safe movement being laid in ATM and based on certificate and key reality Existing security control；

Described safe movement is movement safety chip；There is certificate authorization center CA in safe movement and ATMP in ATM The safety certificate for issuing；Safe movement is issued by certificate with self-help teller machine front-end system (ATMP) and exchanges realization peace with key Full communication, so as to be authenticated to identity, the instruction to sending carries out legal checking, and the message to sending is encrypted, checking After success, if withdrawing the money operation, then ATM note outputs are authorized by ATMP；If deposit operation, then ATMP carries out school to amount deposited Test, be then reported to banking system.

Described key is exchanged includes step：

(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step Suddenly：

1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued the safe movements of ATM by ATMP；

(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps：

1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND)；

2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from Help teller end control system ATMC；

3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains ATMP；

(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement The random number of memory storage carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair Random number R ND is signed, and obtains SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues safe movement；

(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps：

1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP；

(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe (DES, 3DES, SM4)；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment Raw session key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to peace Full movement；Response message of registering includes working key, session key, terminal check time and ATMP version numbers.

Withdrawal flow process is：

1) withdrawal request：Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with ATMP is sent to after machine number；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is close with session Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC The amount of money | the answer code that RND, ATMP are returned issues ATM ends；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if not Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.

Depositing flow process is：

1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens Please random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process, The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text Information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number；

6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money Unanimously, ATMP groups bag issues banking system, completes deposit；If inconsistent, ATMP notifies ATMC, deposit failure.

The present invention passes through ATMP (self-help teller machine front-end system), ATMC (self-service teller's end control system), safe movement Security system set up and organic combination, build stereo safety control system, safety chip, juxtaposition are laid on withdrawal movement In safety cabinet in ATM.Bank CA centers issue ATMP certificates and safe movement certificate, bank assistant director download ATMP certificates and Safe movement certificate, issued by certificate, key exchange, carry out authentication, the instruction to sending carries out legal checking, to send out The message for going out is encrypted, and realizes the safety communication of safe movement and ATMP, and ATMP authorizes movement note output, and amount deposited is verified Report.Withdrawal operation without control by being optimized for：Carried out security control, can follow-up auditing and non-repudiation, solve self-service Security of cash problem of the automatic teller machine in illegal invasion, and solve the security of cash control problem under O＆M, uncontrolled state.

Described safe movement refers to and adds safety chip in withdrawal movement, the withdrawal movement comprising safety chip Referred to as safe movement, for storing key, by safe movement and ATMP (self-help teller machine front-end system) secure data is carried out Transmission, it is ensured that the security control to deposit and withdrawal module.

Described key code system manages key using ripe PKI (PKIX) systems, wherein CA centers by Bank or specialty CA mechanisms are managed, there is provided the function such as application certificate, distributing certificates, checking certificate, destruction certificate, key pipe Reason includes that certificate is issued and exchanges two parts with key.

It is that CA (certificate authority) center issues CA root certificates, ATMP certificates that described certificate is issued, and bank assistant director will CA root certificates, ATMP certificates download to ATMP (self-help teller machine front-end system).

It is that CA centers issue CA root certificates, safe movement certificate that described certificate is issued, and bank assistant director is by CA root certificates, peace Full movement certificate is downloaded in the safe movements of ATM.

Beneficial effect：

Problem and trend that the present invention exists for current ATM deposit and withdrawal modules, propose first in withdrawal secure context Safe movement carries out key and exchanges with ATMP, realizes deposit and withdrawal module with the new method of ATMP safety communications to improve automatic cabinet The safety of member's machine.

CA root certificates, ATMP certificates and safe movement certificate are issued by CA centers, and downloads to ATMP and ATM safe machines In core, key exchange is carried out, realize certification with the protection of encryption and decryption, integrity protection and anti-replay-attack.

The withdrawal method of controlling security based on safe movement and system of the present invention, its core is, in automatic teller machine Safety chip is laid in core, is placed in the safety cabinet of ATM.The referred to as safe movement of movement safety chip, safe movement with Self-help teller machine front-end system (ATMP) is communicated, issued by certificate, key exchange, realize safe movement with self-service teller The secure communication of machine front-end system, ATMP (self-help teller machine front-end system) authorizes movement note output, while verifying to amount deposited. The present invention is authenticated by the secure communication of safe movement and ATMP to identity, and the instruction to sending carries out legal checking, right The message for sending is encrypted, and ATMP authorizes movement note output, checks amount deposited, overcomes original deposit and withdrawal module and communication system System is had the disadvantage that withdrawal is operated by becoming with security control without control, and the instruction to sending carries out effective certification, Message to sending is encrypted and authentication, anti-tamper, anti-replay-attack protection, improves the safety of ATM Property.

Using the present invention, original hacker's means no longer have attack effect, while can effectively be prevented by the method Because the security incident defalcated that the leak in bank management is caused.It is complete simultaneously by a series of certification and encryption and decryption Whole property protection, anti-replay-attack protection etc., it is ensured that existing hacker's means cannot be such that ATM paper money supplying modules enter in the case of illegal Row tells paper money, and the security protection that anti-replay realizes to ATM solid has been carried out to deposit module, meets and is operated in " one The demand for security of the atm device of line ", meets bank's even needs of the country to Financial information safety.

Description of the drawings

Fig. 1 is existing withdrawal modular system Organization Chart；

Fig. 2 is existing deposit module system architecture diagram；

Fig. 3 is withdrawal modular system Organization Chart of the present invention；

Fig. 4 is deposit module system architecture diagram of the present invention；

Fig. 5 is the flow chart that the safe movements of ATM exchange key with ATMP；

Fig. 6 is withdrawal flow chart；

Fig. 7 is deposit flow chart.

Specific embodiment

The present invention is described in further details below with reference to the drawings and specific embodiments：

Embodiment 1：

Such as Fig. 1-5, a kind of movement stereo safety control system, including ATM, ATMP and banking system for being sequentially connected, institute The ATMP for stating is self-help teller machine front-end system, it is characterised in that safe movement is laid in ATM, described safe movement is Movement safety chip；There is the safety certificate that certificate authorization center CA is issued in safe movement and ATMP in ATM；Safe movement with Self-help teller machine front-end system (ATMP) issues to be exchanged with key by certificate realizes secure communication, so as to recognize identity Card, the instruction to sending carries out legal checking, and the message to sending is encrypted, after being proved to be successful, if withdrawing the money operation, then by ATMP authorizes ATM note outputs；If deposit operation, then ATMP is verified to amount deposited, is then reported to banking system.【Tool Body is bank's billing and accounting system of banking system】.

Described key is exchanged includes step：

(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step Suddenly：

1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued the safe movements of ATM by ATMP；

(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps：

1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND)；

2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from Help teller end control system ATMC；

3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains ATMP；

(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement The random number of memory storage carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair Random number R ND is signed, and obtains SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues safe movement；

(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps：

1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP；

(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe (DES, 3DES, SM4)；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment Raw session key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to peace Full movement；Response message of registering includes working key, session key, terminal check time and ATMP version numbers.

Withdrawal flow process is：

1) withdrawal request：Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with ATMP is sent to after machine number；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is close with session Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC The amount of money | the answer code that RND, ATMP are returned issues ATM ends；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if not Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.

Depositing flow process is：

1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens Please random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process, The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text Information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number；

6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money Unanimously, ATMP groups bag issues banking system, completes deposit；If inconsistent, ATMP notifies ATMC, deposit failure.

A kind of movement stereo safety control method, by safe movement being laid in ATM and based on certificate and key reality Existing security control；

Described safe movement is movement safety chip；There is certificate authorization center CA in safe movement and ATMP in ATM The safety certificate for issuing；Safe movement is issued by certificate with self-help teller machine front-end system (ATMP) and exchanges realization peace with key Full communication, so as to be authenticated to identity, the instruction to sending carries out legal checking, and the message to sending is encrypted, checking After success, if withdrawing the money operation, then ATM note outputs are authorized by ATMP；If deposit operation, then ATMP carries out school to amount deposited Test, be then reported to banking system.

Described key is exchanged includes step：

(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step Suddenly：

1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued the safe movements of ATM by ATMP；

(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps：

1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND)；

2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from Help teller end control system ATMC；

3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains ATMP；

(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement The random number of memory storage carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair Random number R ND is signed, and obtains SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues safe movement；

(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps：

1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP；

(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe (DES, 3DES, SM4)；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment Raw session key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to peace Full movement；Response message of registering includes working key, session key, terminal check time and ATMP version numbers.

Withdrawal flow process is：

1) withdrawal request：Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with ATMP is sent to after machine number；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is close with session Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC The amount of money | the answer code that RND, ATMP are returned issues ATM ends；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if not Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.

Depositing flow process is：

1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens Please random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process, The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text Information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number；

6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money Unanimously, ATMP groups bag issues banking system, completes deposit；If inconsistent, ATMP notifies ATMC, deposit failure.

Such as Fig. 3, shown in 4, in withdrawal movement safety chip is added, the withdrawal movement comprising safety chip is referred to as pacified Full movement, in the safety cabinet being placed in ATM.Safe movement is communicated with ATMP (self-help teller machine front-end system), by CA Center【Certificate authority (Certificate Authority), or claim certification authority agent】Under issue licence, key exchange, The secure communication of safe movement and ATMP is realized, ATMP authorizes movement note output, and ATMP is reported to amount deposited verification, by ATMP In the note output of mandate and deposit mode is sent come the passage that ensures safety.

Safe movement is used to store key, carries out safety data transmission by safe movement and ATMP, it is ensured that to withdrawal The safety of module is controlled.

Issue licence under CA centers and bank assistant director download ATMP certificates the step of：

(1) in bank safety environment, ATMP generations public private key pair PKATMP (self-help teller machine front-end system public key)/ SKATMP (self-help teller machine front-end system private key), uploads public key；

(2) bank assistant director is uploaded by the RA (certificate registration approving authority) (registration authority) of bank The demand file that ATMP (self-help teller machine front-end system) Generates Certificate；

(3) bank CA (certificate authority) generates ATMP (self-help teller machine front-end system) certificate, and by ATMP certificates Bank assistant director is handed down to CA root certificates；

(4) CA root certificates, ATMP certificates are downloaded to ATMP by bank assistant director.

Issue licence under CA and bank assistant director download safe movement certificate the step of it is as follows：

(1) in bank safety environment, the safe movements of ATM generate public private key pair PKATMSM (the safe movements of self-help teller machine Public key)/SKATMSM (the safe movement private key of self-help teller machine), upload public key；

(2) bank assistant director uploads the demand file that safe movement Generates Certificate by the RA of bank；

(3) bank CA generates safe movement certificate, and safe movement certificate and CA root certificates are handed down to into bank assistant director；

(4) bank assistant director downloads to CA root certificates, safe movement certificate in the safe movements of ATM.

ATMC in text is atm device control system, refers to the application software on ATM.

According to Fig. 6, the concrete steps that withdrawal flow instance is realized are illustrated：

1st, withdrawal request：Holder's initiation withdrawal request, ATMC (self-service teller's end control system) tissue cardholder information, Get random number from safe movement simultaneously.ATMC is organized and ATMP (the preposition systems of self-help teller machine is sent to after all information System)；

2nd, by Fig. 6 in 2,3,4 step sequences, ATMP obtain withdraw the money transaction backstage authorize.ATMP session key gold Volume | RND (random number) authorization message while issue ATM ends；

3rd, safe movement decryption volume | the ciphertext of RND, while comparing with the amount of money with RND again.Compare correctly, movement is moved Make note output, incorrect movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information according to error message.

According to Fig. 7, illustrate to deposit the concrete steps that flow instance is realized：

1st, depositor is carried out after deposit state, and ATMC to ATMP applies for random number；

2nd, ATMP responds the random number required for this deposit；

3rd, safe movement often receives one and puts paper money process, all the detailed plaintext of paper money is put and can put paper money detail | and random number is combined Ciphertext pass to ATMC, ATMC directly with plain text as echo message to user, ciphertext ATMP is then passed in credit transaction；

4th, ATMC organizational informations initiate this credit request；

5th, encryption equipment decryption deposit is detailed | random number；

6th, after ATMP checkings random number is correct, according to the detailed calculating amount deposited of deposit.Amount deposited with above send the amount of money one Cause, ATMP group bags issue banking system【Backstage】.If inconsistent, ATMP notifies ATMC, deposit failure.

The above is the preferred embodiment of the present invention, can not limit the right model of the present invention with this certainly Enclose, it is noted that for those skilled in the art, under the premise without departing from the principles of the invention, may be used also To make some improvement and variation, these are improved and variation is also considered as protection scope of the present invention.

Claims (6)

1. a kind of movement stereo safety control system, including ATM, ATMP and banking system for being sequentially connected, described ATMP is Self-help teller machine front-end system, it is characterised in that movement is laid in ATM, described movement is movement safety chip；In ATM Movement and ATMP in have the safety certificate that certificate authorization center CA issues；Movement leads to self-help teller machine front-end system (ATMP) Cross certificate issue with key exchange realize secure communication, so as to be authenticated to identity, the instruction to sending carries out legal checking, Message to sending is encrypted, and after being proved to be successful, if withdrawing the money operation, then authorizes ATM note outputs by ATMP；If deposit behaviour Make, then ATMP is verified to amount deposited, be then reported to banking system, described key to exchange and include step：

(1) on movement after electricity, movement initiates RANDOM NUMBER request, comprises the following steps：

1) movement initiates 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued movement by ATMP；

(2) movement is received after random number, above send certificate and signature, is comprised the following steps：

1) movement storage random number R ND, signs to random number, obtains SigSKATMSM (RND)；

2) movement certificate Cert ATMSM are sent to control to the self-service teller end on ATM with signature Sig SKATMSM (RND) on movement System ATMC；

3) ATMC is sent to ATMP movement certificate Cert ATMSM, signature Sig SKATMSM (RND) group bag to 48 domains；

(3) after ATMP receives the certificate of movement and signs, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of movement, the signature, encryption equipment memory storage to movement Random number carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random Number RND signatures, obtain SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues movement；

(4) after movement receives the certificate of ATMP and signs, respond according to the following steps：

1) the movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, movement preserves the public key of ATMP, signature SigSKATMP (RND), the movement memory storage to ATMP Random number carry out sign test, verify the legal identity of ATMP；

(5) movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " transaction, and movement will The solicited message registered is sent to ATMP, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, meeting is produced in encryption equipment Words key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to movement；Sign Include working key, session key, terminal check time and ATMP version numbers to response message.

2. movement stereo safety control system according to claim 1, it is characterised in that withdrawal flow process is：

1) withdrawal request：Holder initiates withdrawal request, and ATMC organizes cardholder information and gets from movement and send out after random number Give ATMP；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is added with session key The close amount of money | RND asks the amount of money that the money amount of money, session key crosses ATMC simultaneously | and the answer code that RND, ATMP are returned issues ATM End, wherein | connector is represented, connects two character strings；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, the movement decryption amount of money | the ciphertext of RND, obtain The amount of money is authorized, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if incorrect, movement Report error message to ATMC, ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message.

3. according to movement stereo safety control system according to claim 1, it is characterised in that depositing flow process is：

1) depositor ATM start deposit operation after, ATMC to ATMP apply random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, driving equipment enter put paper money pattern, movement often receives one and puts paper money process, all can by Put the detailed plaintext of paper money and put the detailed ciphertext with random number combination of paper money and pass to ATMC, ATMC directly in plain text return with paper money detail is put by conduct Display information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) paper money detail and random number are put in the encryption equipment decryption being connected in same security system with ATMP；

6) after ATMP checkings random number is correct, amount deposited is calculated according to deposit is detailed, if amount deposited is with above to send the amount of money consistent, ATMP group bags issue banking system, complete deposit；If inconsistent, ATMP notifies ATMC, deposit failure.

4. a kind of movement stereo safety control method, it is characterised in that by movement being laid in ATM and based on certificate and secret Key realizes security control；

Described movement is movement safety chip；There is the safe-conduct that certificate authorization center CA is issued in movement and ATMP in ATM Book；Movement issues to be exchanged with key with self-help teller machine front-end system (ATMP) by certificate realizes secure communication, so as to body Part is authenticated, and the instruction to sending carries out legal checking, and the message to sending is encrypted, after being proved to be successful, if withdrawing the money Operation, then authorize ATM note outputs by ATMP；If deposit operation, then ATMP is verified to amount deposited, is then reported to bank System；

Described key is exchanged includes step：

(1) on movement after electricity, movement initiates RANDOM NUMBER request, comprises the following steps：

1) movement initiates 8 byte RANDOM NUMBER requests to ATMP；

2) ATMP calls encryption equipment to produce 8 byte random number Rs ND；

3) random number R ND is issued movement by ATMP；

(2) movement is received after random number, above send certificate and signature, is comprised the following steps：

1) movement storage random number R ND, signs to random number, obtains SigSKATMSM (RND)；

2) movement certificate Cert ATMSM are sent to control to the self-service teller end on ATM with signature Sig SKATMSM (RND) on movement System ATMC；

3) ATMC is sent to ATMP movement certificate Cert ATMSM, signature Sig SKATMSM (RND) group bag to 48 domains；

(3) after ATMP receives the certificate of movement and signs, respond according to the following steps：

1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates；

2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of movement, the signature, encryption equipment memory storage to movement Random number carries out sign test；

3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment to random Number RND signatures, obtain SigSKATMP (RND)；

4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains；

5) ATMC is unpacked, and issues movement；

(4) after movement receives the certificate of ATMP and signs, respond according to the following steps：

1) the movement effectiveness of CA root certificate sign test ATMP certificate CertATMP；

2) after certification authentication success, movement preserves the public key of ATMP, signature SigSKATMP (RND), the movement memory storage to ATMP Random number carry out sign test, verify the legal identity of ATMP；

(5) movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " transaction, and movement will The solicited message registered is sent to ATMP, the terminal number of the solicited message registered including terminal, IP address, ATMC version numbers and Key Tpe；

(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, meeting is produced in encryption equipment Words key, while being encrypted to session key with movement public key in encryption equipment；And response message of registering is issued to movement；Sign Include working key, session key, terminal check time and ATMP version numbers to response message.

5. movement stereo safety control method according to claim 4, it is characterised in that withdrawal flow process is：

1) withdrawal request：Holder initiates withdrawal request, and ATMC organizes cardholder information and gets from movement and send out after random number Give ATMP；

2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money；ATMP is added with session key The close amount of money | RND asks the amount of money that the money amount of money, session key crosses ATMC simultaneously | and the answer code that RND, ATMP are returned issues ATM End, wherein | connector is represented, connects two character strings；

3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, the movement decryption amount of money | the ciphertext of RND, obtain The amount of money is authorized, while authorizing the amount of money to compare with the money amount of money is asked；Compare correct, movement execution note output action, if incorrect, movement Report error message to ATMC, ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message.

6. movement stereo safety control method according to claim 4, it is characterised in that deposit flow process is：

1) depositor ATM start deposit operation after, ATMC to ATMP apply random number；

2) ATMP responds the random number required for this deposit；

3) ATMC is received after random number, driving equipment enter put paper money pattern, movement often receives one and puts paper money process, all can by Put the detailed plaintext of paper money and put the detailed ciphertext with random number combination of paper money and pass to ATMC, ATMC directly in plain text return with paper money detail is put by conduct Display information then passes to ATMP ciphertext to user in credit transaction；

4) ATMC organizational informations initiate this credit request；

5) paper money detail and random number are put in the encryption equipment decryption being connected in same security system with ATMP；

6) after ATMP checkings random number is correct, amount deposited is calculated according to deposit is detailed, if amount deposited is with above to send the amount of money consistent, ATMP group bags issue banking system, complete deposit；If inconsistent, ATMP notifies ATMC, deposit failure.