A kind of withdrawal method of controlling security and system based on safe movement
Technical field
The present invention relates to a kind of withdrawal method of controlling security and system based on safe movement.
Background technology
With the continuous development of the continuous progressive and financial circles of society, with multiple technologies such as electronic technology, computer technologies
Based on bank ATM (ATM) have a great development.Each city is spread all in China ATM, bank ATM can
Easily as client to provide automatic drawing, savings function, substantial amounts of human and material resources are saved, alleviate the work of bank
Amount.At present bank ATM has been increasingly becoming a kind of indispensable means of services in bank service.
At present, the financial crime activity with regard to ATM increases with benefit, 2010, and in global hackers conference, the whole world is most powerful
Hacker Jack successfully demonstrates how to invade and installs the ATM cash dispensers of two kinds of different systems, and allows ATM cash dispensers to be told on the spot
Paper money.Successful to ATM at present attack is all the paper money supplying module for being directed to ATM, is instructed by directly sending note output to cash box,
The safety precaution of ATM can be got around makes ATM carry out telling paper money, the paper money supplying module of ATM be in Financial information safety the most extensively, most
Easily part under attack, needs the safeguard protection more strengthened, therefore how to solve the safety problem of ATM by gold
The Security Countermeasures for melting the great attention of boundary and society, research and formulation ATM paper money supplying modules are imperative.
The shortcoming of withdrawal cash module and its communication system in existing ATM:
(1) existing ATM withdrawal cash module is all controlled the withdrawal of movement by ATMC by WOSA communication protocols
Action, the instruction to sending lacks legitimacy certification, and the message to sending is distorted and to driving the identity of caller, referring to
Playback strick precaution is made to lack effectively strick precaution.
(2) existing ATM withdrawal cash module does not carry out authentication, integrated authentication to operator and can not support
The certification of bad property, lacks Software security protection, lacks Third Party Authentication mechanism, allows hacker to have an opportunity to take advantage of, it is also possible to due to bank's pipe
Leak in reason causes the security incident defalcated.Fig. 1 and Fig. 2 present the youngster's kind mode for attacking ATM.Such as Fig. 1, shown in 2,
For existing operation of withdrawing the money, attacker are attacked paper money supplying module, simulate industrial computer, paper money supplying module note output is cheated;Attacker attacks
Industrial computer, simulates ATMP, cheats industrial computer note output.For existing deposit operation, attacker attack industrial computer and ATMP, intercept
ATM deposits message, forges credit request.
Therefore, it is necessary to design a kind of new withdrawal method of controlling security and system.
The content of the invention
It is vulnerable for deposit and withdrawal module in existing ATM (ATM), there is potential safety hazard, the present invention provides one
Kind based on safe movement withdrawal method of controlling security and system, should be based on safe movement withdrawal method of controlling security and
Security of system is high, it is easy to implement.
The technical solution of invention is as follows:
A kind of movement stereo safety control system, including ATM, ATMP and banking system for being sequentially connected, described ATMP
For self-help teller machine front-end system, it is characterised in that lay safe movement in ATM, described safe movement is movement safety
Chip;There is the safety certificate that certificate authorization center CA is issued in safe movement and ATMP in ATM;Safe movement and self-service teller
Machine front-end system (ATMP) issues to be exchanged with key by certificate realizes secure communication, so as to be authenticated to identity, to sending
Instruction carry out legal checking, the message to sending is encrypted, after being proved to be successful, if withdraw the money operation, then by ATMP authorize
ATM note outputs;If deposit operation, then ATMP is verified to amount deposited, is then reported to banking system.【Specially bank
Bank's billing and accounting system of system】.
Described key is exchanged includes step:
(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step
Suddenly:
1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP;
2) ATMP calls encryption equipment to produce 8 byte random number Rs ND;
3) random number R ND is issued the safe movements of ATM by ATMP;
(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps:
1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND);
2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from
Help teller end control system ATMC;
3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains
ATMP;
(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps:
1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates;
2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement
The random number of memory storage carries out sign test;
3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair
Random number R ND is signed, and obtains SigSKATMP (RND);
4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains;
5) ATMC is unpacked, and issues safe movement;
(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps:
1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP;
2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP
The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP;
(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over
Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address,
ATMC version numbers and Key Tpe (DES, 3DES, SM4);
(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment
Raw session key, while being encrypted to session key with movement public key in encryption equipment;And response message of registering is issued to peace
Full movement;Response message of registering includes working key, session key, terminal check time and ATMP version numbers.
Withdrawal flow process is:
1) withdrawal request:Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with
ATMP is sent to after machine number;
2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money;ATMP is close with session
Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC
The amount of money | the answer code that RND, ATMP are returned issues ATM ends;
3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's
Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked;Compare correct, movement execution note output action, if not
Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching
The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed
Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.
Depositing flow process is:
1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens
Please random number;
2) ATMP responds the random number required for this deposit;
3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process,
The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text
Information then passes to ATMP ciphertext to user in credit transaction;
4) ATMC organizational informations initiate this credit request;
5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number;
6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money
Unanimously, ATMP groups bag issues banking system, completes deposit;If inconsistent, ATMP notifies ATMC, deposit failure.
A kind of movement stereo safety control method, by safe movement being laid in ATM and based on certificate and key reality
Existing security control;
Described safe movement is movement safety chip;There is certificate authorization center CA in safe movement and ATMP in ATM
The safety certificate for issuing;Safe movement is issued by certificate with self-help teller machine front-end system (ATMP) and exchanges realization peace with key
Full communication, so as to be authenticated to identity, the instruction to sending carries out legal checking, and the message to sending is encrypted, checking
After success, if withdrawing the money operation, then ATM note outputs are authorized by ATMP;If deposit operation, then ATMP carries out school to amount deposited
Test, be then reported to banking system.
Described key is exchanged includes step:
(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step
Suddenly:
1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP;
2) ATMP calls encryption equipment to produce 8 byte random number Rs ND;
3) random number R ND is issued the safe movements of ATM by ATMP;
(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps:
1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND);
2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from
Help teller end control system ATMC;
3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains
ATMP;
(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps:
1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates;
2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement
The random number of memory storage carries out sign test;
3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair
Random number R ND is signed, and obtains SigSKATMP (RND);
4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains;
5) ATMC is unpacked, and issues safe movement;
(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps:
1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP;
2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP
The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP;
(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over
Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address,
ATMC version numbers and Key Tpe (DES, 3DES, SM4);
(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment
Raw session key, while being encrypted to session key with movement public key in encryption equipment;And response message of registering is issued to peace
Full movement;Response message of registering includes working key, session key, terminal check time and ATMP version numbers.
Withdrawal flow process is:
1) withdrawal request:Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with
ATMP is sent to after machine number;
2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money;ATMP is close with session
Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC
The amount of money | the answer code that RND, ATMP are returned issues ATM ends;
3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's
Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked;Compare correct, movement execution note output action, if not
Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching
The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed
Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.
Depositing flow process is:
1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens
Please random number;
2) ATMP responds the random number required for this deposit;
3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process,
The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text
Information then passes to ATMP ciphertext to user in credit transaction;
4) ATMC organizational informations initiate this credit request;
5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number;
6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money
Unanimously, ATMP groups bag issues banking system, completes deposit;If inconsistent, ATMP notifies ATMC, deposit failure.
The present invention passes through ATMP (self-help teller machine front-end system), ATMC (self-service teller's end control system), safe movement
Security system set up and organic combination, build stereo safety control system, safety chip, juxtaposition are laid on withdrawal movement
In safety cabinet in ATM.Bank CA centers issue ATMP certificates and safe movement certificate, bank assistant director download ATMP certificates and
Safe movement certificate, issued by certificate, key exchange, carry out authentication, the instruction to sending carries out legal checking, to send out
The message for going out is encrypted, and realizes the safety communication of safe movement and ATMP, and ATMP authorizes movement note output, and amount deposited is verified
Report.Withdrawal operation without control by being optimized for:Carried out security control, can follow-up auditing and non-repudiation, solve self-service
Security of cash problem of the automatic teller machine in illegal invasion, and solve the security of cash control problem under O&M, uncontrolled state.
Described safe movement refers to and adds safety chip in withdrawal movement, the withdrawal movement comprising safety chip
Referred to as safe movement, for storing key, by safe movement and ATMP (self-help teller machine front-end system) secure data is carried out
Transmission, it is ensured that the security control to deposit and withdrawal module.
Described key code system manages key using ripe PKI (PKIX) systems, wherein CA centers by
Bank or specialty CA mechanisms are managed, there is provided the function such as application certificate, distributing certificates, checking certificate, destruction certificate, key pipe
Reason includes that certificate is issued and exchanges two parts with key.
It is that CA (certificate authority) center issues CA root certificates, ATMP certificates that described certificate is issued, and bank assistant director will
CA root certificates, ATMP certificates download to ATMP (self-help teller machine front-end system).
It is that CA centers issue CA root certificates, safe movement certificate that described certificate is issued, and bank assistant director is by CA root certificates, peace
Full movement certificate is downloaded in the safe movements of ATM.
Beneficial effect:
Problem and trend that the present invention exists for current ATM deposit and withdrawal modules, propose first in withdrawal secure context
Safe movement carries out key and exchanges with ATMP, realizes deposit and withdrawal module with the new method of ATMP safety communications to improve automatic cabinet
The safety of member's machine.
CA root certificates, ATMP certificates and safe movement certificate are issued by CA centers, and downloads to ATMP and ATM safe machines
In core, key exchange is carried out, realize certification with the protection of encryption and decryption, integrity protection and anti-replay-attack.
The withdrawal method of controlling security based on safe movement and system of the present invention, its core is, in automatic teller machine
Safety chip is laid in core, is placed in the safety cabinet of ATM.The referred to as safe movement of movement safety chip, safe movement with
Self-help teller machine front-end system (ATMP) is communicated, issued by certificate, key exchange, realize safe movement with self-service teller
The secure communication of machine front-end system, ATMP (self-help teller machine front-end system) authorizes movement note output, while verifying to amount deposited.
The present invention is authenticated by the secure communication of safe movement and ATMP to identity, and the instruction to sending carries out legal checking, right
The message for sending is encrypted, and ATMP authorizes movement note output, checks amount deposited, overcomes original deposit and withdrawal module and communication system
System is had the disadvantage that withdrawal is operated by becoming with security control without control, and the instruction to sending carries out effective certification,
Message to sending is encrypted and authentication, anti-tamper, anti-replay-attack protection, improves the safety of ATM
Property.
Using the present invention, original hacker's means no longer have attack effect, while can effectively be prevented by the method
Because the security incident defalcated that the leak in bank management is caused.It is complete simultaneously by a series of certification and encryption and decryption
Whole property protection, anti-replay-attack protection etc., it is ensured that existing hacker's means cannot be such that ATM paper money supplying modules enter in the case of illegal
Row tells paper money, and the security protection that anti-replay realizes to ATM solid has been carried out to deposit module, meets and is operated in " one
The demand for security of the atm device of line ", meets bank's even needs of the country to Financial information safety.
Description of the drawings
Fig. 1 is existing withdrawal modular system Organization Chart;
Fig. 2 is existing deposit module system architecture diagram;
Fig. 3 is withdrawal modular system Organization Chart of the present invention;
Fig. 4 is deposit module system architecture diagram of the present invention;
Fig. 5 is the flow chart that the safe movements of ATM exchange key with ATMP;
Fig. 6 is withdrawal flow chart;
Fig. 7 is deposit flow chart.
Specific embodiment
The present invention is described in further details below with reference to the drawings and specific embodiments:
Embodiment 1:
Such as Fig. 1-5, a kind of movement stereo safety control system, including ATM, ATMP and banking system for being sequentially connected, institute
The ATMP for stating is self-help teller machine front-end system, it is characterised in that safe movement is laid in ATM, described safe movement is
Movement safety chip;There is the safety certificate that certificate authorization center CA is issued in safe movement and ATMP in ATM;Safe movement with
Self-help teller machine front-end system (ATMP) issues to be exchanged with key by certificate realizes secure communication, so as to recognize identity
Card, the instruction to sending carries out legal checking, and the message to sending is encrypted, after being proved to be successful, if withdrawing the money operation, then by
ATMP authorizes ATM note outputs;If deposit operation, then ATMP is verified to amount deposited, is then reported to banking system.【Tool
Body is bank's billing and accounting system of banking system】.
Described key is exchanged includes step:
(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step
Suddenly:
1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP;
2) ATMP calls encryption equipment to produce 8 byte random number Rs ND;
3) random number R ND is issued the safe movements of ATM by ATMP;
(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps:
1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND);
2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from
Help teller end control system ATMC;
3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains
ATMP;
(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps:
1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates;
2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement
The random number of memory storage carries out sign test;
3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair
Random number R ND is signed, and obtains SigSKATMP (RND);
4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains;
5) ATMC is unpacked, and issues safe movement;
(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps:
1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP;
2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP
The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP;
(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over
Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address,
ATMC version numbers and Key Tpe (DES, 3DES, SM4);
(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment
Raw session key, while being encrypted to session key with movement public key in encryption equipment;And response message of registering is issued to peace
Full movement;Response message of registering includes working key, session key, terminal check time and ATMP version numbers.
Withdrawal flow process is:
1) withdrawal request:Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with
ATMP is sent to after machine number;
2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money;ATMP is close with session
Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC
The amount of money | the answer code that RND, ATMP are returned issues ATM ends;
3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's
Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked;Compare correct, movement execution note output action, if not
Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching
The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed
Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.
Depositing flow process is:
1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens
Please random number;
2) ATMP responds the random number required for this deposit;
3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process,
The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text
Information then passes to ATMP ciphertext to user in credit transaction;
4) ATMC organizational informations initiate this credit request;
5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number;
6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money
Unanimously, ATMP groups bag issues banking system, completes deposit;If inconsistent, ATMP notifies ATMC, deposit failure.
A kind of movement stereo safety control method, by safe movement being laid in ATM and based on certificate and key reality
Existing security control;
Described safe movement is movement safety chip;There is certificate authorization center CA in safe movement and ATMP in ATM
The safety certificate for issuing;Safe movement is issued by certificate with self-help teller machine front-end system (ATMP) and exchanges realization peace with key
Full communication, so as to be authenticated to identity, the instruction to sending carries out legal checking, and the message to sending is encrypted, checking
After success, if withdrawing the money operation, then ATM note outputs are authorized by ATMP;If deposit operation, then ATMP carries out school to amount deposited
Test, be then reported to banking system.
Described key is exchanged includes step:
(1) on safe movement after electricity, the safe movements of ATM initiate RANDOM NUMBER request【Random number anti-replay】, including following step
Suddenly:
1) the safe movements of ATM initiate 8 byte RANDOM NUMBER requests to ATMP;
2) ATMP calls encryption equipment to produce 8 byte random number Rs ND;
3) random number R ND is issued the safe movements of ATM by ATMP;
(2) the safe movements of ATM are received after random number, above send certificate and signature, are comprised the following steps:
1) the safe movements of ATM store random number R ND, and random number is signed, and obtain SigSKATMSM (RND);
2) send on the safe movements of ATM movement certificate Cert ATMSM and signature Sig SKATMSM (RND) on ATM from
Help teller end control system ATMC;
3) ATMC is sent to movement certificate Cert ATMSM, random number signature SigSKATMSM (RND) group bag to 48 domains
ATMP;
(3) after ATMP receives the certificate of safe movement and signs【Signature can be with anti-repudiation】, respond according to the following steps:
1) ATMP calls the effectiveness of encryption equipment CA root certificate sign test movement certificates;
2) after certification authentication success, ATMP calls encryption equipment to preserve the public key of safe movement, the signature, encryption equipment to movement
The random number of memory storage carries out sign test;
3) verify that after movement legal identity, ATMP reads ATMP certificate CertATMP from encryption equipment, and calls encryption equipment pair
Random number R ND is signed, and obtains SigSKATMP (RND);
4) ATMP issues ATMC by certificate CertATMP and signature SigSKATMP (RND) group bag to 48 domains;
5) ATMC is unpacked, and issues safe movement;
(4) after the safe movements of ATM receive the certificate of ATMP and sign, respond according to the following steps:
1) the safe movement effectiveness of CA root certificate sign test ATMP certificate CertATMP;
2) after certification authentication success, safe movement preserves the public key of ATMP, the signature SigSKATMP (RND), peace to ATMP
The random number of full movement memory storage carries out sign test, verifies the legal identity of ATMP;
(5) safe movement is verifying that ATMP identity informations are errorless, under the premise of exchange of public keys success, initiates " registering " and hands over
Easily, the solicited message registered is sent to ATMP by safe movement, the terminal number of the solicited message registered including terminal, IP address,
ATMC version numbers and Key Tpe (DES, 3DES, SM4);
(6) ATMP is received after request of registering, and ATMP tests to solicited message, after inspection success, is produced in encryption equipment
Raw session key, while being encrypted to session key with movement public key in encryption equipment;And response message of registering is issued to peace
Full movement;Response message of registering includes working key, session key, terminal check time and ATMP version numbers.
Withdrawal flow process is:
1) withdrawal request:Holder initiate withdrawal request, ATMC organize cardholder information and from safe movement get with
ATMP is sent to after machine number;
2) based on key exchange process, ATMP obtains the transaction backstage i.e. mandate of banking system of withdrawing the money;ATMP is close with session
Key encrypts the amount of money | RND (| connector is represented, connects two character strings) while asking the money amount of money, session key to be crossed ATMC
The amount of money | the answer code that RND, ATMP are returned issues ATM ends;
3) if the answer code that ATMP is returned is " 00 ", represent and ask money to be concluded the business successfully, safe movement decryption volume | RND's
Ciphertext, the authorized amount of money, while authorizing the amount of money to compare with the money amount of money is asked;Compare correct, movement execution note output action, if not
Correctly, movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information, rushed and just concluded the business according to error message【Punching
The transaction that exactly financial field is set up for guaranteeing the integrity of transaction.Generally only cardholder account remaining sum is changed
Original transaction just arranges punching and just concludes the business, and the book keeping operation of mistake is write off.】.
Depositing flow process is:
1) depositor is after ATM starts deposit operation【After selecting deposit in man machine interface】, ATMC is to ATMP Shens
Please random number;
2) ATMP responds the random number required for this deposit;
3) ATMC is received after random number, and driving equipment is entered and puts paper money pattern, and safe movement often receives one and puts paper money process,
The detailed plaintext of paper money is put and paper money detail will be put | the ciphertext of random number combination passes to ATMC, and ATMC is directly echoed with conduct in plain text
Information then passes to ATMP ciphertext to user in credit transaction;
4) ATMC organizational informations initiate this credit request;
5) the encryption equipment decryption deposit being connected with ATMP in same security system is detailed | random number;
6) after ATMP checkings random number is correct, calculate amount deposited according to deposit is detailed, if amount deposited with above send the amount of money
Unanimously, ATMP groups bag issues banking system, completes deposit;If inconsistent, ATMP notifies ATMC, deposit failure.
Such as Fig. 3, shown in 4, in withdrawal movement safety chip is added, the withdrawal movement comprising safety chip is referred to as pacified
Full movement, in the safety cabinet being placed in ATM.Safe movement is communicated with ATMP (self-help teller machine front-end system), by CA
Center【Certificate authority (Certificate Authority), or claim certification authority agent】Under issue licence, key exchange,
The secure communication of safe movement and ATMP is realized, ATMP authorizes movement note output, and ATMP is reported to amount deposited verification, by ATMP
In the note output of mandate and deposit mode is sent come the passage that ensures safety.
Safe movement is used to store key, carries out safety data transmission by safe movement and ATMP, it is ensured that to withdrawal
The safety of module is controlled.
Issue licence under CA centers and bank assistant director download ATMP certificates the step of:
(1) in bank safety environment, ATMP generations public private key pair PKATMP (self-help teller machine front-end system public key)/
SKATMP (self-help teller machine front-end system private key), uploads public key;
(2) bank assistant director is uploaded by the RA (certificate registration approving authority) (registration authority) of bank
The demand file that ATMP (self-help teller machine front-end system) Generates Certificate;
(3) bank CA (certificate authority) generates ATMP (self-help teller machine front-end system) certificate, and by ATMP certificates
Bank assistant director is handed down to CA root certificates;
(4) CA root certificates, ATMP certificates are downloaded to ATMP by bank assistant director.
Issue licence under CA and bank assistant director download safe movement certificate the step of it is as follows:
(1) in bank safety environment, the safe movements of ATM generate public private key pair PKATMSM (the safe movements of self-help teller machine
Public key)/SKATMSM (the safe movement private key of self-help teller machine), upload public key;
(2) bank assistant director uploads the demand file that safe movement Generates Certificate by the RA of bank;
(3) bank CA generates safe movement certificate, and safe movement certificate and CA root certificates are handed down to into bank assistant director;
(4) bank assistant director downloads to CA root certificates, safe movement certificate in the safe movements of ATM.
ATMC in text is atm device control system, refers to the application software on ATM.
According to Fig. 6, the concrete steps that withdrawal flow instance is realized are illustrated:
1st, withdrawal request:Holder's initiation withdrawal request, ATMC (self-service teller's end control system) tissue cardholder information,
Get random number from safe movement simultaneously.ATMC is organized and ATMP (the preposition systems of self-help teller machine is sent to after all information
System);
2nd, by Fig. 6 in 2,3,4 step sequences, ATMP obtain withdraw the money transaction backstage authorize.ATMP session key gold
Volume | RND (random number) authorization message while issue ATM ends;
3rd, safe movement decryption volume | the ciphertext of RND, while comparing with the amount of money with RND again.Compare correctly, movement is moved
Make note output, incorrect movement reports error message to ATMC, and ATMC organizes the amount of money to rush positive information according to error message.
According to Fig. 7, illustrate to deposit the concrete steps that flow instance is realized:
1st, depositor is carried out after deposit state, and ATMC to ATMP applies for random number;
2nd, ATMP responds the random number required for this deposit;
3rd, safe movement often receives one and puts paper money process, all the detailed plaintext of paper money is put and can put paper money detail | and random number is combined
Ciphertext pass to ATMC, ATMC directly with plain text as echo message to user, ciphertext ATMP is then passed in credit transaction;
4th, ATMC organizational informations initiate this credit request;
5th, encryption equipment decryption deposit is detailed | random number;
6th, after ATMP checkings random number is correct, according to the detailed calculating amount deposited of deposit.Amount deposited with above send the amount of money one
Cause, ATMP group bags issue banking system【Backstage】.If inconsistent, ATMP notifies ATMC, deposit failure.
The above is the preferred embodiment of the present invention, can not limit the right model of the present invention with this certainly
Enclose, it is noted that for those skilled in the art, under the premise without departing from the principles of the invention, may be used also
To make some improvement and variation, these are improved and variation is also considered as protection scope of the present invention.