Summary of the invention
The object of the present invention is to provide a kind of safe transmission method and the device that store data for banknote, can solve when carrying out data transmission via Wireless USB, the problem that paper money storage information is revealed, forges and distorted.
According to an aspect of the present invention, provide a kind of safe transmission method storing data for banknote, comprising:
Operation system or the handheld terminal that reads fortune paper money bag electronic sealing data detect the other side and its carry out Wireless USB be connected time, start and perform two-way authentication;
Described operation system or described handheld terminal, according to the result of two-way authentication failure, are refused to transmit to the other side;
Described operation system or described handheld terminal, according to the successful result of two-way authentication, start encrypted data transmission function;
After described operation system or described handheld terminal start encrypted data transmission function, according to the dynamic public key encryption data that the other side transmits, and the data after encryption are transferred to the other side by Wireless USB Link.
Preferably, described operation system detect the other side and its carry out Wireless USB be connected time, to start and the step performing two-way authentication comprises:
Described operation system detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to handheld terminal;
Described operation system receives from the handheld terminal authentication information of described handheld terminal according to described authentication request information and the first generating random number;
Described operation system carries out certification according to described handheld terminal authentication information to described handheld terminal, and sends operation system authentication information to described handheld terminal after the authentication has been successful;
Described handheld terminal carries out certification according to described operation system authentication information to described operation system, obtains two-way authentication result.
Preferably, described handheld terminal detect the other side and its carry out Wireless USB be connected time, to start and the step performing two-way authentication comprises:
Described handheld terminal detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to operation system;
Described handheld terminal receives from the operation system authentication information of described operation system according to described authentication request information and the first generating random number;
Described handheld terminal carries out certification according to described operation system authentication information to described operation system, and sends handheld terminal authentication information to described operation system after the authentication has been successful;
Described operation system carries out certification according to described handheld terminal authentication information to described operation system, obtains two-way authentication result.
Preferably, described handheld terminal comprises according to the step of the handheld terminal authentication information of described authentication request information and the first generating random number:
Described handheld terminal generates authentication calculations solicited message according to described authentication request information, and described authentication calculations solicited message and the first random number is sent to the processor of handheld terminal;
Described processor calculates the first random number according to described authentication calculations solicited message, obtains first information authentication code;
The first information authentication code that described processor will calculate, handheld terminal identify label (ID:Identity) number sends to handheld terminal with the second random number generated as handheld terminal authentication information.
Preferably, described operation system comprises the step that described handheld terminal carries out certification according to described handheld terminal authentication information:
Described operation system calculates the message authentication code for certification handheld terminal according to the first nonce count;
The described message authentication code calculated and the first information authentication code from described handheld terminal are compared, whether both judgements are consistent;
If both are consistent, then to described handheld terminal authentication success, otherwise, then to described handheld terminal authentification failure.
Preferably, if described operation system transmits data to handheld terminal, then the step of dynamic public key encryption data that described operation system transmits according to handheld terminal comprises:
If described operation system transmits data to handheld terminal, then described operation system sends data transfer request to described handheld terminal;
Described operation system receives the dynamic PKI sent according to described data transfer request from described handheld terminal;
Described operation system utilizes the dynamic PKI received to be encrypted data, obtains enciphered data.
Preferably, described operation system also comprises the data after encryption are transferred to the step of handheld terminal by Wireless USB Link after, and described handheld terminal utilizes preset dynamic private key to be decrypted described enciphered data, obtains raw data.
According to a further aspect in the invention, provide a kind of safe transmission device storing data for banknote, comprising:
Start module, for operation system or the handheld terminal that reads fortune paper money bag electronic sealing data detect the other side and its carry out Wireless USB be connected time, start and perform two-way authentication;
Failure module, for described operation system or described handheld terminal according to the result of two-way authentication failure, refuses to transmit to the other side;
Success module, for described operation system or described handheld terminal according to the successful result of two-way authentication, starts encrypted data transmission function;
Data after encryption for after described operation system or described handheld terminal start encrypted data transmission function, according to the dynamic public key encryption data that the other side transmits, and are transferred to the other side by Wireless USB Link by encrypting module.
Preferably, described startup module comprises further:
First detection sub-module, for described operation system detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to handheld terminal;
First receives submodule, receives from the handheld terminal authentication information of described handheld terminal according to described authentication request information and the first generating random number for described operation system;
First authentication sub module, carries out certification according to described handheld terminal authentication information to described handheld terminal for described operation system, and sends operation system authentication information to described handheld terminal after the authentication has been successful;
First bears fruit module, carries out certification, obtain two-way authentication result for described handheld terminal according to described operation system authentication information to described operation system.
Preferably, described startup module further comprises:
Second detection sub-module, for described handheld terminal detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to operation system;
Second receives submodule, receives from the operation system authentication information of described operation system according to described authentication request information and the first generating random number for described handheld terminal;
Second authentication sub module, carries out certification according to described operation system authentication information to described operation system for described handheld terminal, and sends handheld terminal authentication information to described operation system after the authentication has been successful;
Second bears fruit module, carries out certification, obtain two-way authentication result for described operation system according to described handheld terminal authentication information to described operation system.
Compared with prior art; beneficial effect of the present invention is: can by paper money storage logistics field; there is provided a kind of via the operation system of Wireless USB and the two-way authentication of handheld terminal; and after authentication success; dynamic key is utilized to be encrypted the method for Security Data Transmission; reach the object avoiding paper money storage information to be revealed, forge and distort, improve the security of paper money storage information transmission, realize the safeguard protection to data interaction transmission between operation system and handheld terminal.
Embodiment
Below in conjunction with accompanying drawing to a preferred embodiment of the present invention will be described in detail, should be appreciated that following illustrated preferred embodiment is only for instruction and explanation of the present invention, is not intended to limit the present invention.
Fig. 1 is the Method And Principle figure storing the safe transmission of data for banknote that the embodiment of the present invention provides, and as shown in Figure 1, concrete steps are as follows:
Step S1: operation system or the handheld terminal that reads fortune paper money bag electronic sealing data detect the other side and its carry out Wireless USB be connected time, start and perform two-way authentication.
In step sl, when operation system carries out certification to handheld terminal, described operation system detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to handheld terminal;
Described operation system receives from the handheld terminal authentication information of described handheld terminal according to described authentication request information and the first generating random number;
Described operation system carries out certification according to described handheld terminal authentication information to described handheld terminal, and sends operation system authentication information to described handheld terminal after the authentication has been successful;
Described handheld terminal carries out certification according to described operation system authentication information to described operation system, obtains two-way authentication result.
Further, when handheld terminal carries out certification to operation system, described handheld terminal detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to operation system;
Described handheld terminal receives from the operation system authentication information of described operation system according to described authentication request information and the first generating random number;
Described handheld terminal carries out certification according to described operation system authentication information to described operation system, and sends handheld terminal authentication information to described operation system after the authentication has been successful;
Described operation system carries out certification according to described handheld terminal authentication information to described operation system, obtains two-way authentication result.
Further, when operation system carries out certification to handheld terminal, described handheld terminal comprises according to the step of the handheld terminal authentication information of described authentication request information and the first generating random number:
Described handheld terminal generates authentication calculations solicited message according to described authentication request information, and described authentication calculations solicited message and the first random number is sent to the processor of handheld terminal;
Described processor calculates the first random number according to described authentication calculations solicited message, obtains first information authentication code;
The first information authentication code that described processor will calculate, No. ID, handheld terminal and the second random number generated send to handheld terminal as handheld terminal authentication information.
Further, when operation system carries out certification to handheld terminal, described operation system comprises the step that described handheld terminal carries out certification according to described handheld terminal authentication information:
Described operation system calculates the message authentication code for certification handheld terminal according to the first nonce count;
The described message authentication code calculated and the first information authentication code from described handheld terminal are compared, whether both judgements are consistent;
If both are consistent, then to described handheld terminal authentication success, otherwise, then to described handheld terminal authentification failure.
Step S2: described operation system or described handheld terminal, according to the result of two-way authentication failure, are refused to transmit to the other side.
Step 3: described operation system or described handheld terminal, according to the successful result of two-way authentication, start encrypted data transmission function.
Step S4: after described operation system or described handheld terminal start encrypted data transmission function, according to the dynamic public key encryption data that the other side transmits, and the data after encryption are transferred to the other side by Wireless USB Link.
In step s 4 which, if described operation system transmits data to handheld terminal, then the step of dynamic public key encryption data that described operation system transmits according to handheld terminal comprises:
If described operation system transmits data to handheld terminal, then described operation system sends data transfer request to described handheld terminal;
Described operation system receives the dynamic PKI sent according to described data transfer request from described handheld terminal;
Described operation system utilizes the dynamic PKI received to be encrypted data, obtains enciphered data.
Further, described operation system also comprises the data after encryption are transferred to the step of handheld terminal by Wireless USB Link after, and described handheld terminal utilizes preset dynamic private key to be decrypted described enciphered data, obtains raw data.
Wherein, the fortune paper money bag electronic sealing corresponding to the handheld terminal reading fortune paper money bag electronic sealing data is the electronic sealing possessing functional processor, comprising: antenna, radio-frequency (RF) identification chip (RFID:Radio Frequency Identification), for the processor of data encryption with to unblank the controller of locking for controlling electric lock.
Fig. 2 is the structure drawing of device storing the safe transmission of data for banknote that the embodiment of the present invention provides, and as shown in Figure 2, comprising: start module, failed module, successful module and encrypting module.
The handheld terminal that described startup module is used for operation system or reads fortune paper money bag electronic sealing data detect the other side and its carry out Wireless USB be connected time, start and perform two-way authentication.Wherein, when operation system carries out certification to handheld terminal, first detection sub-module of described startup module is used for described operation system detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to handheld terminal.First of described startup module receives submodule and is used for described operation system and receives from the handheld terminal authentication information of described handheld terminal according to described authentication request information and the first generating random number.First authentication sub module of described startup module is used for described operation system and carries out certification according to described handheld terminal authentication information to described handheld terminal, and sends operation system authentication information to described handheld terminal after the authentication has been successful.First of described startup module bears fruit module, carries out certification, obtain two-way authentication result for described handheld terminal according to described operation system authentication information to described operation system.
When operation system carries out certification to handheld terminal, second detection sub-module of described startup module is used for described handheld terminal detecting that the other side and its carry out starting two-way authentication function when Wireless USB is connected, and sends authentication request information and the first random number to operation system.Second of described startup module receives submodule and is used for described handheld terminal and receives from the operation system authentication information of described operation system according to described authentication request information and the first generating random number.Second authentication sub module of described startup module is used for described handheld terminal and carries out certification according to described operation system authentication information to described operation system, and sends handheld terminal authentication information to described operation system after the authentication has been successful.Second of the described startup module module that bears fruit carries out certification according to described handheld terminal authentication information to described operation system for described operation system, obtains two-way authentication result.
Described failed module is used for described operation system or described handheld terminal according to the result of two-way authentication failure, refuses to transmit to the other side.
Described successful module is used for described operation system or described handheld terminal according to the successful result of two-way authentication, starts encrypted data transmission function.
Described encrypting module is used for, after described operation system or described handheld terminal start encrypted data transmission function, according to the dynamic public key encryption data that the other side transmits, and the data after encryption being transferred to the other side by Wireless USB Link.
Fig. 3 is the two-way authentication process flow diagram storing the safe transmission of data for banknote that the embodiment of the present invention provides, as shown in Figure 3, for the two-way authentication of operation system and handheld terminal, the legitimacy of operation system certification handheld terminal, the legitimacy of handheld terminal authentication business system.Concrete implementation method is as follows:
(1), after certification instruction and random number R DM1 are packaged into complete package data by operation system, handheld terminal is sent to via USB.
(2) handheld terminal generates computation requests according to the certification instruction in complete package data, and the computation requests of generation and random number R DM1 is transmitted to the point of sales terminal secure access module (PSAM:Purchase Secure Access Module) of handheld terminal inside.
(3) PSAM card is according to after receiving computation requests and random number R DM1, return No. ID, PSAM card, and according to random number R DM1, computation requests according to Effect-based operation authentication code (MAC:Message Authentication Code) calculates message authentication code MAC1, generates random number R DM2 simultaneously.
(4) handheld terminal by No. ID, message authentication code MAC1 and random number R DM2 turns back to operation system via USB.
(5) the message authentication code MAC1 that the message authentication code MAC1 that returned by handheld terminal of operation system and operation system calculate according to random number R DM1 contrasts.
If message authentication code MAC1 is identical, then finishing service system is to the certification of handheld terminal, and Record ID number preserves authentication success record, otherwise, stop subsequent authentication flow process, Record ID number, preserve certification exception record.
(6) operation system calculates message authentication code MAC2 according to the random number R DM2 that handheld terminal returns, and is back to handheld terminal.
(7) the message authentication code MAC2 received is sent to PSAM card by handheld terminal, and PSAM card calculates message authentication code MAC2 according to random number R DM2, and message authentication code MAC2 is sent to handheld terminal.Calculated message authentication code MAC2 and the message authentication code MAC2 received compare by handheld terminal, if identical, then complete the certification of handheld terminal to operation system, and return successful message to operation system.
(8), after completing two-way authentication, the encrypt data transmission between operation system and handheld terminal can just be carried out.Encrypt data transmission adopts RSA asymmetric arithmetic, and the cipher mode utilizing public and private key right carries out data encryption.
Fig. 4 is the data interaction process flow diagram storing the safe transmission of data for banknote that the embodiment of the present invention provides, as shown in Figure 4, for the data interaction of operation system and handheld terminal, operation system sends data transfer command to after handheld terminal, dynamic PKI is utilized to carry out data encryption, and enciphered data is sent to handheld terminal, handheld terminal utilizes private key to carry out data deciphering, and finishing service system is transmitted to the data of handheld terminal; Handheld terminal sends data transfer command to operation system, and after utilizing dynamic PKI to carry out data encryption, enciphered data is sent to operation system, operation system utilizes private key to carry out data deciphering, completes handheld terminal and transmits to the data of operation system.Concrete implementation method is as follows:
(1) operation system sends data to handheld terminal.Operation system sends data to handheld terminal and sends order, and handheld terminal obtains dynamic PKI A, and is uploaded to operation system after receiving data transmission order from PSAM card.After operation system uses dynamic PKI A to carry out data encryption, enciphered data is sent to handheld terminal, enciphered data is sent to PSAM card by handheld terminal, and PSAM card uses corresponding dynamically private key A to carry out data deciphering, and finishing service system is transmitted to the data of handheld terminal.
(2) handheld terminal sends data to operation system.Handheld terminal sends data to operation system and sends order, and operation system generates dynamic PKI B, and is sent to handheld terminal after receiving data transmission order.Enciphered data is sent to operation system after using dynamic PKI B to carry out data encryption by handheld terminal, and operation system uses corresponding dynamically private key B to carry out data deciphering, and finishing service system is transmitted to the data of handheld terminal.
In sum; the present invention has following technique effect: can by being provided in paper money storage logistics field; a kind of via the operation system of USB and the two-way authentication of handheld terminal; and after authentication success; dynamic key is utilized to be encrypted the method for Security Data Transmission; reach the object avoiding paper money storage information to be revealed, forge and distort, improve the security of paper money storage information transmission, realize the safeguard protection to data interaction transmission between operation system and handheld terminal.
Although above to invention has been detailed description, the present invention is not limited thereto, those skilled in the art of the present technique can carry out various amendment according to principle of the present invention.Therefore, all amendments done according to the principle of the invention, all should be understood to fall into protection scope of the present invention.