Disclosure of Invention
The invention aims to provide a safe transmission method and device for banknote storage data, which can solve the problems of leakage, counterfeiting and falsification of banknote storage information during data transmission through a wireless USB.
According to one aspect of the present invention there is provided a method of secure transmission of banknote storage data, comprising:
when a business system or a handheld terminal reading the electronic seal data of the money transporting bag detects that the other party is in wireless USB connection with the business system or the handheld terminal, starting and executing bidirectional authentication;
the service system or the handheld terminal refuses to transmit to the other side according to the result of the bidirectional authentication failure;
the service system or the handheld terminal starts an encrypted data transmission function according to the result of successful bidirectional authentication;
after the service system or the handheld terminal starts the encrypted data transmission function, the data is encrypted according to the dynamic public key transmitted by the other party, and the encrypted data is transmitted to the other party through the wireless USB link.
Preferably, the step of starting and executing mutual authentication when the service system detects that the other party is wirelessly connected with the service system includes:
the service system starts a bidirectional authentication function when detecting that the other party is in wireless USB connection with the service system, and sends authentication request information and a first random number to the handheld terminal;
the service system receives handheld terminal authentication information generated by the handheld terminal according to the authentication request information and the first random number;
the service system authenticates the handheld terminal according to the handheld terminal authentication information, and sends service system authentication information to the handheld terminal after the authentication is successful;
and the handheld terminal authenticates the service system according to the service system authentication information to obtain a bidirectional authentication result.
Preferably, the step of starting and executing the bidirectional authentication when the handheld terminal detects that the other party is wirelessly connected with the handheld terminal includes:
the handheld terminal starts a bidirectional authentication function when detecting that the other party is in wireless USB connection with the handheld terminal, and sends authentication request information and a first random number to a service system;
the handheld terminal receives service system authentication information generated by the service system according to the authentication request information and the first random number;
the handheld terminal authenticates the service system according to the service system authentication information and sends handheld terminal authentication information to the service system after the authentication is successful;
and the service system authenticates the service system according to the handheld terminal authentication information to obtain a bidirectional authentication result.
Preferably, the step of generating, by the handheld terminal, the handheld terminal authentication information according to the authentication request information and the first random number includes:
the handheld terminal generates authentication calculation request information according to the authentication request information and sends the authentication calculation request information and the first random number to a processor of the handheld terminal;
the processor calculates a first random number according to the authentication calculation request information to obtain a first information authentication code;
and the processor sends the calculated first information authentication code, the handheld terminal Identity (ID) number and the generated second random number to the handheld terminal as handheld terminal authentication information.
Preferably, the step of authenticating the handheld terminal by the service system according to the handheld terminal authentication information includes:
the service system calculates an information authentication code for authenticating the handheld terminal according to the first random number;
comparing the calculated information authentication code with a first information authentication code from the handheld terminal, and judging whether the two are consistent;
if the two are consistent, the authentication of the handheld terminal is successful, otherwise, the authentication of the handheld terminal is failed.
Preferably, if the service system transmits data to the handheld terminal, the step of encrypting the data by the service system according to the dynamic public key transmitted by the handheld terminal includes:
if the service system transmits data to the handheld terminal, the service system sends a data transmission request to the handheld terminal;
the service system receives a dynamic public key sent by the handheld terminal according to the data transmission request;
and the service system encrypts the data by using the received dynamic public key to obtain encrypted data.
Preferably, the step of transmitting the encrypted data to the handheld terminal by the service system through the wireless USB link further includes that the handheld terminal decrypts the encrypted data by using a preset dynamic private key to obtain the original data.
According to another aspect of the present invention there is provided a secure transport for banknote storage data comprising:
the starting module is used for starting and executing bidirectional authentication when a service system or a handheld terminal for reading the electronic seal data of the money transporting bag detects that the other party is in wireless USB connection with the service system or the handheld terminal;
the failure module is used for refusing to transmit to the other party according to the result of the bidirectional authentication failure by the service system or the handheld terminal;
the success module is used for starting an encrypted data transmission function according to the result of successful bidirectional authentication by the service system or the handheld terminal;
and the encryption module is used for encrypting data according to the dynamic public key transmitted by the other party after the service system or the handheld terminal starts an encrypted data transmission function, and transmitting the encrypted data to the other party through a wireless USB link.
Preferably, the starting module further comprises:
the first detection submodule is used for starting a bidirectional authentication function when the service system detects that the other party is in wireless USB connection with the service system, and sending authentication request information and a first random number to the handheld terminal;
the first receiving submodule is used for receiving the handheld terminal authentication information generated by the handheld terminal according to the authentication request information and the first random number by the service system;
the first authentication submodule is used for the service system to authenticate the handheld terminal according to the handheld terminal authentication information and send service system authentication information to the handheld terminal after the authentication is successful;
and the first result sub-module is used for authenticating the service system by the handheld terminal according to the service system authentication information to obtain a bidirectional authentication result.
Preferably, the starting module further comprises:
the second detection submodule is used for starting a bidirectional authentication function when the handheld terminal detects that the other side is in wireless USB connection with the handheld terminal, and sending authentication request information and the first random number to the service system;
the second receiving submodule is used for receiving the service system authentication information generated by the service system according to the authentication request information and the first random number from the handheld terminal;
the second authentication submodule is used for the handheld terminal to authenticate the service system according to the service system authentication information and send handheld terminal authentication information to the service system after the authentication is successful;
and the second result submodule is used for the service system to authenticate the service system according to the authentication information of the handheld terminal to obtain a bidirectional authentication result.
Compared with the prior art, the invention has the beneficial effects that: the method for performing encrypted data secure transmission by using the dynamic key can be provided in the field of money storage logistics through bidirectional authentication of a wireless USB service system and a handheld terminal, and after the authentication is successful, the purpose of preventing money storage information from being leaked, forged and falsified is achieved, the security of money storage information transmission is improved, and the security protection of data interactive transmission between the service system and the handheld terminal is realized.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be understood that the preferred embodiments described below are only for the purpose of illustrating and explaining the present invention, and are not to be construed as limiting the present invention.
Fig. 1 is a schematic diagram of a method for securely transmitting banknote storage data according to an embodiment of the present invention, as shown in fig. 1, the specific steps are as follows:
step S1: and when the service system or the handheld terminal reading the electronic seal data of the money transporting bag detects that the other party is in wireless USB connection with the service system, starting and executing bidirectional authentication.
In step S1, when the service system authenticates the handheld terminal, the service system starts the bidirectional authentication function when detecting that the other party performs wireless USB connection with the service system, and sends authentication request information and the first random number to the handheld terminal;
the service system receives handheld terminal authentication information generated by the handheld terminal according to the authentication request information and the first random number;
the service system authenticates the handheld terminal according to the handheld terminal authentication information, and sends service system authentication information to the handheld terminal after the authentication is successful;
and the handheld terminal authenticates the service system according to the service system authentication information to obtain a bidirectional authentication result.
Further, when the handheld terminal authenticates the service system, the handheld terminal starts a bidirectional authentication function when detecting that the other party is in wireless USB connection with the handheld terminal, and sends authentication request information and a first random number to the service system;
the handheld terminal receives service system authentication information generated by the service system according to the authentication request information and the first random number;
the handheld terminal authenticates the service system according to the service system authentication information and sends handheld terminal authentication information to the service system after the authentication is successful;
and the service system authenticates the service system according to the handheld terminal authentication information to obtain a bidirectional authentication result.
Further, when the service system authenticates the handheld terminal, the step of generating, by the handheld terminal, the handheld terminal authentication information according to the authentication request information and the first random number includes:
the handheld terminal generates authentication calculation request information according to the authentication request information and sends the authentication calculation request information and the first random number to a processor of the handheld terminal;
the processor calculates a first random number according to the authentication calculation request information to obtain a first information authentication code;
and the processor sends the calculated first information authentication code, the handheld terminal ID number and the generated second random number to the handheld terminal as handheld terminal authentication information.
Further, when the service system authenticates the handheld terminal, the step of authenticating the handheld terminal by the service system according to the handheld terminal authentication information includes:
the service system calculates an information authentication code for authenticating the handheld terminal according to the first random number;
comparing the calculated information authentication code with a first information authentication code from the handheld terminal, and judging whether the two are consistent;
if the two are consistent, the authentication of the handheld terminal is successful, otherwise, the authentication of the handheld terminal is failed.
Step S2: and the service system or the handheld terminal refuses to transmit to the other side according to the result of the bidirectional authentication failure.
And step 3: and the service system or the handheld terminal starts an encrypted data transmission function according to the result of successful bidirectional authentication.
Step S4: after the service system or the handheld terminal starts the encrypted data transmission function, the data is encrypted according to the dynamic public key transmitted by the other party, and the encrypted data is transmitted to the other party through the wireless USB link.
In step S4, if the service system transmits data to the handheld terminal, the step of the service system encrypting the data according to the dynamic public key transmitted by the handheld terminal includes:
if the service system transmits data to the handheld terminal, the service system sends a data transmission request to the handheld terminal;
the service system receives a dynamic public key sent by the handheld terminal according to the data transmission request;
and the service system encrypts the data by using the received dynamic public key to obtain encrypted data.
Further, the step of transmitting the encrypted data to the handheld terminal by the service system through the wireless USB link further includes that the handheld terminal decrypts the encrypted data by using a preset dynamic private key to obtain the original data.
Wherein, the bank note transport bag electronic seal of the hand-held terminal corresponding to the read bank note transport bag electronic seal data is an electronic seal with processor function, comprising: the device comprises an antenna, a Radio Frequency Identification chip (RFID), a processor for data encryption and a controller for controlling the unlocking and locking of the electric lock.
Fig. 2 is a structural diagram of an apparatus for secure transmission of banknote storage data according to an embodiment of the present invention, as shown in fig. 2, including: the device comprises a starting module, a failure module, a success module and an encryption module.
The starting module is used for starting and executing bidirectional authentication when a service system or a handheld terminal for reading the electronic seal data of the money transporting bag detects that the other party is in wireless USB connection with the service system or the handheld terminal. When the service system authenticates the handheld terminal, the first detection submodule of the starting module is used for starting the bidirectional authentication function when the service system detects that the other party is in wireless USB connection with the service system, and sending authentication request information and the first random number to the handheld terminal. And the first receiving submodule of the starting module is used for receiving the handheld terminal authentication information generated by the handheld terminal according to the authentication request information and the first random number by the service system. And the first authentication submodule of the starting module is used for the service system to authenticate the handheld terminal according to the handheld terminal authentication information and sending service system authentication information to the handheld terminal after the authentication is successful. And the first result submodule of the starting module is used for the handheld terminal to authenticate the service system according to the service system authentication information to obtain a bidirectional authentication result.
When the service system authenticates the handheld terminal, the second detection submodule of the starting module is used for starting the bidirectional authentication function when the handheld terminal detects that the other side is in wireless USB connection with the handheld terminal, and sending authentication request information and the first random number to the service system. And the second receiving submodule of the starting module is used for receiving the service system authentication information generated by the service system according to the authentication request information and the first random number from the handheld terminal. And the second authentication submodule of the starting module is used for authenticating the service system by the handheld terminal according to the service system authentication information and sending handheld terminal authentication information to the service system after the authentication is successful. And the second result submodule of the starting module is used for the service system to authenticate the service system according to the authentication information of the handheld terminal to obtain a bidirectional authentication result.
The failure module is used for the service system or the handheld terminal to refuse to transmit to the other side according to the result of the bidirectional authentication failure.
The success module is used for the service system or the handheld terminal to start the encrypted data transmission function according to the result of successful bidirectional authentication.
The encryption module is used for encrypting data according to a dynamic public key transmitted by the other party after the service system or the handheld terminal starts an encrypted data transmission function, and transmitting the encrypted data to the other party through a wireless USB link.
Fig. 3 is a flow chart of bidirectional authentication for secure transmission of banknote storage data according to an embodiment of the present invention, as shown in fig. 3, the bidirectional authentication between a service system and a handheld terminal is performed, the service system authenticates the validity of the handheld terminal, and the handheld terminal authenticates the validity of the service system. The specific implementation method is as follows:
(1) and the service system packages the authentication command and the random number RDM1 into a whole packet of data and then sends the data to the handheld terminal through the USB.
(2) The hand-held terminal generates a calculation request according to the authentication instruction in the whole packet of data, and forwards the generated calculation request and the random number RDM1 to a point-of-sale terminal security access Module (PSAM) inside the hand-held terminal.
(3) The PSAM card returns the PSAM card ID number after receiving the calculation request and the random number RDM1, calculates a Message Authentication Code (MAC) 1 according to the calculation request based on the MAC and generates a random number RDM2 according to the random number RDM 1.
(4) The hand-held terminal returns the ID number, message authentication code MAC1 and random number RDM2 to the service system via USB.
(5) And the service system compares the message authentication code MAC1 returned by the handheld terminal with the message authentication code MAC1 calculated by the service system according to the random number RDM 1.
If the message authentication codes MAC1 are the same, the authentication of the service system to the hand-held terminal is completed, the ID number is recorded, the successful authentication record is stored, otherwise, the subsequent authentication process is terminated, the ID number is recorded, and the abnormal authentication record is stored.
(6) And the service system calculates a message authentication code MAC2 according to the random number RDM2 returned by the handheld terminal and transmits the message authentication code MAC2 back to the handheld terminal.
(7) The handheld terminal sends the received message authentication code MAC2 to the PSAM card, and the PSAM card calculates the message authentication code MAC2 according to the random number RDM2 and sends the message authentication code MAC2 to the handheld terminal. And the hand-held terminal compares the calculated message authentication code MAC2 with the received message authentication code MAC2, if the calculated message authentication code MAC2 is the same as the received message authentication code MAC2, the authentication of the hand-held terminal to the service system is completed, and a successful message is returned to the service system.
(8) After the bidirectional authentication is completed, ciphertext data transmission between the service system and the handheld terminal can be performed. The encrypted data transmission adopts RSA asymmetric algorithm, and utilizes the encryption mode of public and private key pair to encrypt data.
Fig. 4 is a data interaction flow chart for secure transmission of banknote storage data according to an embodiment of the present invention, as shown in fig. 4, for data interaction between a service system and a handheld terminal, after the service system sends a data transmission command to the handheld terminal, the service system encrypts data by using a dynamic public key and sends the encrypted data to the handheld terminal, and the handheld terminal decrypts the data by using a private key to complete data transmission from the service system to the handheld terminal; the handheld terminal sends a data transmission command to the service system, the encrypted data is sent to the service system after the data is encrypted by using the dynamic public key, and the service system decrypts the data by using the private key to complete the data transmission from the handheld terminal to the service system. The specific implementation method is as follows:
(1) and the service system sends data to the handheld terminal. And the service system sends a data sending command to the handheld terminal, and the handheld terminal acquires the dynamic public key A from the PSAM card and uploads the dynamic public key A to the service system after receiving the data sending command. And after the business system encrypts data by using the dynamic public key A, sending the encrypted data to the handheld terminal, sending the encrypted data to the PSAM card by the handheld terminal, and decrypting the data by using the corresponding dynamic private key A by the PSAM card to finish the data transmission from the business system to the handheld terminal.
(2) And the handheld terminal sends data to the service system. And the handheld terminal sends a data sending command to the service system, and the service system generates a dynamic public key B after receiving the data sending command and transmits the dynamic public key B to the handheld terminal. And after the handheld terminal encrypts data by using the dynamic public key B, the encrypted data is sent to the service system, and the service system decrypts the data by using the corresponding dynamic private key B to complete the data transmission from the service system to the handheld terminal.
In summary, the present invention has the following technical effects: the method for performing encrypted data secure transmission by using the dynamic key can achieve the purposes of avoiding the money storage information from being leaked, forged and falsified, improving the security of the money storage information transmission and realizing the security protection of data interactive transmission between the service system and the handheld terminal by providing the method for performing the bidirectional authentication of the service system and the handheld terminal through the USB in the field of money storage logistics and performing the encrypted data secure transmission by using the dynamic key after the authentication is successful.
Although the present invention has been described in detail hereinabove, the present invention is not limited thereto, and various modifications can be made by those skilled in the art in light of the principle of the present invention. Thus, modifications made in accordance with the principles of the present invention should be understood to fall within the scope of the present invention.