CN104951713A - Safe processor for online financial information - Google Patents
Safe processor for online financial information Download PDFInfo
- Publication number
- CN104951713A CN104951713A CN201410129303.3A CN201410129303A CN104951713A CN 104951713 A CN104951713 A CN 104951713A CN 201410129303 A CN201410129303 A CN 201410129303A CN 104951713 A CN104951713 A CN 104951713A
- Authority
- CN
- China
- Prior art keywords
- information
- safe processor
- data base
- financial
- financial information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a safe processor for online financial information and belongs to the technical field of information safety. The safe processing method includes the steps: a to-be-sent information sequence is formed in a sending area of the financial information safe processor after original financial information after being generated is independently processed by an encrypting function module and a packaging function module sequentially; the to-be-sent information sequence is sent to a bank database; the bank database after receiving information encrypts and packages a result and then feeds the result back to the safe processor after the information is subjected to packaging-first decrypting-second technical processing and corresponding financial processing; a receiving area of the safe processor after receiving the information from the bank database correspondingly de-packages and decrypts and performs corresponding confirmation and execution on financial transactions according to true suggestions of the bank database.
Description
Technical field:
The invention belongs to Financial information safety technical field, relate to, on private network and public network, a kind of safe processor that anti-lost money meaning processes is carried out to Financial Information.
Background technology:
ATM now uses public operational order, and the information of sending and receiving processes in same district, provide possibility to entering of virus, can be attacked and automatically be told money, although computer Net silver and mobile phone Net silver aspect have employed and certain enter thresholding, can prevent the malice of part from stealing the attack of money, but the attack of senior trojan horse cannot be prevented, the stolen situation of Net silver occurs often; All there is many leaks, same reason in the safety of financial payment, the Transaction Information of POS and bank counter machine also also exists safe leak in the ATM of bank's private and in the Net silver two of use public network.
Summary of the invention:
The technical problem to be solved in the present invention is open a kind of safe processor that can carry out the Financial Information of anti-lost money process on private network and public network, makes financial payment be able to safety and carries out normally.
The safe processor of new production Financial Information, detailed process is completed by following steps:
1, after the independence of the sending area of Financial information safety processor through first encrypt two kinds of functional modules of packing afterwards after raw financial information generates is processed, information sequence to be sent is formed;
2, sequence to be sent is sent to banking data base;
3, banking data base first go after receiving information to pack after after the technology processing of deciphering and the process of corresponding financial sector, then feedback after result encryption and packing is issued this safe processor;
4, the reception area of this safe processor is after receiving the information from banking data base, goes the work such as confirmation, execution of packing and deciphering, carry out according to the true suggestion of banking data base corresponding financial transaction accordingly.
Sending area wherein and reception area are the districts that works alone of the Liang Gehubu UNICOM that Financial information safety processor is set up; Encrypting module is the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can time processing make Financial Information become the false code of 100%; Packetization module is also the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can the external attack of perception.
This financial information security processor adopts two information channel, and one is sending area, information independently produces and encrypts, pack and process after, be sent to banking data base; Another is reception area, the feedback information of banking data base enters reception area after encryption and packing process, goes packing and deciphering module mutually corresponding between two and identical accordingly; During use, process is contrary: encrypt, pack after send, carry out normal information use or process again after deciphering after the side of receiving first goes to pack.
Accompanying drawing illustrates:
Accompanying drawing 1: be the connection layout of Financial information safety processor and PC or mobile phone
Accompanying drawing 2: the schematic diagram transformed for Financial information safety processor and ATM
Accompanying drawing 3: the unidirectional conveying node of the information for electric light → photoelectricity schematic diagram
Accompanying drawing 4: be the operation block diagram of sending area
Accompanying drawing 5: be the operation block diagram of reception area
Embodiment
The safe processor of new production Financial Information, detailed process is completed by following steps:
The sending area of the Financial information safety processor independence through first encrypt two kinds of functional modules of packing afterwards after raw financial information generates forms information sequence to be sent after processing;
Sequence to be sent is sent to banking data base;
After the technology processing of deciphering after banking data base first goes after receiving information to pack and the process of corresponding financial sector, then issue this safe processor by feeding back after result encryption and packing;
The work such as confirmation, execution of packing and deciphering, carry out according to the true suggestion of banking data base corresponding financial transaction, after receiving the information from banking data base, is gone accordingly in the reception area of this safe processor.
Sending area wherein and reception area are the districts that works alone of the Liang Gehubu UNICOM that Financial information safety processor is set up; Encrypting module is the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can time processing make Financial Information become the false code of 100%; Packetization module is also the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can the external attack of perception.
This financial information security processor adopts two information channel, and one is sending area, information independently produces and encrypts, pack and process after, be sent to banking data base; Another is reception area, the feedback information of banking data base enters reception area after encryption and packing process, goes packing and deciphering module mutually corresponding between two and identical accordingly; During use, process is contrary: encrypt, pack after send, carry out normal information use or process again after deciphering after the side of receiving first goes to pack.
Specifically describe as follows:
1, the sending area of Financial information safety processor and the formation introduction of reception area:
In order to avoid the disadvantage interconnected in important information field, this financial information security processor sets up two independently functional areas on hardware is formed, one is sending area, another is reception area, two workspace Hu Bu UNICOM independent operation, respectively there are the CPU of oneself, storer and display screen, use original display screen when transforming ATM, POS, bank counter machine, the uni-directional channels of information of electro-optic conversion, opto-electronic conversion is all established in two workspaces, send out district to get out information pending and exist as electronic signals after in buffer area, convert light signal when sending to and outwards spread out of, optical device here can only send, can not receive, prevent the reverse infiltration of external information, the light signal sent is uploaded by changing into electric signal after the unidirectional reception of light receiving element, and light receiving element here can only receive, and can not send, and is also to prevent external information from oppositely infiltrating independently sending area, receive district to copy and send out two hardware valves that district establishes the electro-optic conversion that can only enter opto-electronic conversion again, external any information all can only be entered receive district and cannot export, such physical mechanism can allow any virus all can not produce any effect to the information sending out district, and hypothesis has external cell entry Liao Shou district, also just changed beyond recognition after deciphering and going packetization module, because the relation between this safe processor and banking data base is point-to-point correspondence, just be easy on hardware, ensure that go packing and decryption processing to the information of entering cannot be crossed, the external attack of hypothesis is entered also do not act on, only do not playing a role and a deleted outlet after past packing and deciphering, ensure that the safe reliability of financial transaction information.
2, encrypting module
(1), use the function code of entirely becoming different of a HEX code bit more than true sale information, and true sale information does additive operation, once just real Transaction Information can be become the false code of 100%, do not use true code to be the essential step of information security; Here, encrypting module need not 0 and F in 16 systems, because 0 plus-minus is all inoperative.F is carry after being added with true form likely, then makes this reduce when having in carry below, as F+4=13 (16 system), if any when carry is below come on one's own department or unit 3, has become again 4, identical with true form; Because function code of entirely becoming different uses the random physical formation sequence of 1 ~ E, and more than true sale information one, so be exactly carry in the most significant digit of true sale information code after being added, function code of entirely becoming different is any one of 1 ~ E, maximal value after addition is E+1=F, do not produce carry again, thus many one just enough; Such as, when encrypting when true Transaction Information code is FEDCBA9876543210, when function code of entirely becoming different is EC26A37CEE6BDDE2A,
F C 146 F 2675 D 12103 A after encryption is externally spread out of,
During deciphering:
After casting out 0 of most significant digit, restore true sale information code FEDCBA9876543210, and for the numerical value C146F2675D12103A of all positions outside the most significant digit of external transfer sequence, none is identical with the true sale code of corresponding FEDCBA9876543210, reaches the work that entirely becomes different that time processing just realizes 100% false code.
(2) encrypting module first generates by random physical process, chooses except leaving 1 ~ E behind 0 and F for subsequent use after generation with computer; General Financial Information is all within 200 bytes, estimate by 201 bytes afterwards for many one, an ATM is by transaction once per minute, within 20 years, the amount with encrypting module is 20 years × 365 days × 24 hours × 60 times × 201, be about 1.9686 less than 2G, keep in the sending area of safe processor and banking data base after generation simultaneously, be ready for use on the information of process from this safe processor sending area; Similarly, also generating the encrypting module that another part is corresponding between two, for being stored in the reception area of banking data base and safe processor, issuing the information of this safe processor reception area for the treatment of banking data base.
3, packetization module
Packetization module is the binary sequence generated by random physical process, as abcdef ..., a, b, c, d, e, f are wherein the binary number of 0 or 1, in the meaning of use, ab, bc, cd, de ... be respectively the number of a 2bit, have four kinds of possibilities numerically: 00,01,10,11; I.e. 0,1,2,3 in 10 system meanings; Represent between ab, between bc, between cd, between de by this four number ... blank spacing during use, these blank spacing are just used to the place of the intermediate code after laying true form or other upper level link process, and the cloth code blank being 11010010 formation as packing code is 11:3; 10:2; 01:1; 10:2; 00:0; 01:1; 10:2; Can be described as with strip-type:
1***1**0*1**00*1**0; True form or the intermediate code of transmission are carried by " * " place for laying packetization module; Lay the intermediate code of true form or a upper link process in " * " place order during use, that then cloth is put well mixes by the intermediate code of packing code and true form or a upper link process sequence formed and unifies to send; The side of receiving is according to the packing code module identical with transmit leg prestored, and after removing packing code, the intermediate code that just can recover true form or a upper link process is come;
When code heavy phase with, form four groups of 2bit (consumption used up 5bit), can lay 0+1+2+3=6bit, each spacing on average can cloth code 1.5bit; Overall situation is that n bit can have n-1 cloth code section, n be more than or equal to 2 positive integer, n value is usually at more than 8bit, as n=8, have 7 cloth code sections, can lay 10.5 bit, the consumption use amount of code of packing under normal circumstances can be less than the transmission quantity of packaged code.
The object of packing code is used to be to prevent external rogue program distorting normal instructions or information, after use packing code, any distort after rogue program or information all cannot bear the imperfection destruction of bringing after packing code, for program or the information of malicious attack, not removing packing code, to can't pass hardware critical point not all right, and it is imperfect also not all right to have gone program wrong.The approach that uniquely may enter is the exhaustive exploration of permutation and combination, and exhaustive may be astronomical figure, reach the object of actual safeguard protection.
In addition, re-use after suitably can reducing the concentration of packing code in total transmission code, the blank cloth intersymbol represented as allowed 01,10,11,00, apart from being 1,2,3,4bit, also can specify 10:8bit arbitrarily; 01:5bit; 11:7bit; The setting of 00:6bit etc. uses packing code.
This financial information security processor can increase fit over ATM, POS, bank counter attendant table top machine on, also can be inserted on PC and mobile phone, play the effect of financial transaction safeguard protection; This financial information security processor, also can solve the transaction security problem of virtual credit card.
Generally speaking, provide easily in situation interconnecting at present, the insecurity problem brought that interconnects grows with each passing day, and cause serious consequence in some field, access the application terminal that various network works, operating system all can not avoid being attacked, let alone security on application, use and send out, receive two-region to work alone and information can only after the safe processor of unidirectional delivery, the original safety and precise sending information can be ensured, in this case, any for control screen during original process, the specific aim of control key and " floating clouds wooden horse " formula is distorted and all cannot be implemented, as being tampered in transmission way, packing code can be deleted by administration module after perception, adds the ciphering process externally not using public code, thus in the meaning of safety, the effect of malicious attack cannot be brought into play, expansion is come and is seen, the disposal route unidirectional delivery of encryption, packing and send out, receive the pattern of two-region, can be applied to the control of Internet of Things, the safety of private, guided missile and unmanned plane control etc. need ensure information security local reliably, for the point-to-point directed information transmission needing to carry out on the internet, also this safe processor can be used, only the function code of encryption and packing two functional modules need be made the use amount of enough 5 ~ 10 years, within considerable time, ensure that the function code on using is the one-time pad that can not crack, just can ensure the information security in this life cycle.
It is pointed out that the Transaction Information that this Financial information safety processor solve only user side can not effectively be distorted and the security of stolen money aspect, do not solve the problem utilizing these Financial information safety processors to attack bank core database; To the protection of bank core database, be the technical matters of another angle, the author completes, and is placed on banking data base and plays buffer action in front of the door during use.
Claims (1)
1. a safe processor for online financial information, belongs to field of information security technology, is completed by following steps:
(1), after the sending area of the Financial information safety processor independence through first encrypt two kinds of functional modules of packing afterwards after raw financial information generates processes, information sequence to be sent is formed;
(2), sequence to be sent is sent to banking data base;
(3), banking data base first go after receiving information to pack after after the technology processing of deciphering and the process of corresponding financial sector, then feedback after result encryption and packing is issued this safe processor;
(4), the reception area of this safe processor after receiving the information from banking data base, go accordingly to pack and deciphering, carry out the work such as confirmation, execution of corresponding financial transaction according to the true suggestion of banking data base.
Sending area wherein and reception area are the districts that works alone of the Liang Gehubu UNICOM that Financial information safety processor is set up; Encrypting module is the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can time processing make Financial Information become the false code of 100%; Packetization module is also the functional module of the identical mutual correspondence of pouring on the safe processor of banking data base with user side in advance, can the external attack of perception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410129303.3A CN104951713A (en) | 2014-03-26 | 2014-03-26 | Safe processor for online financial information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410129303.3A CN104951713A (en) | 2014-03-26 | 2014-03-26 | Safe processor for online financial information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104951713A true CN104951713A (en) | 2015-09-30 |
Family
ID=54166361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410129303.3A Pending CN104951713A (en) | 2014-03-26 | 2014-03-26 | Safe processor for online financial information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104951713A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112002080A (en) * | 2019-05-27 | 2020-11-27 | 中电金融设备系统(深圳)有限公司 | Bank terminal, bank terminal equipment and information security processing method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203350880U (en) * | 2013-05-16 | 2013-12-18 | 中国工商银行股份有限公司 | POS safety certification device and system |
-
2014
- 2014-03-26 CN CN201410129303.3A patent/CN104951713A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203350880U (en) * | 2013-05-16 | 2013-12-18 | 中国工商银行股份有限公司 | POS safety certification device and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112002080A (en) * | 2019-05-27 | 2020-11-27 | 中电金融设备系统(深圳)有限公司 | Bank terminal, bank terminal equipment and information security processing method |
| CN112002080B (en) * | 2019-05-27 | 2022-02-15 | 中电金融设备系统(深圳)有限公司 | Bank terminal, bank terminal equipment and information security processing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101854243B (en) | Circuit system design encryption circuit and encryption method thereof | |
| CN104734842B (en) | Method is resisted in circuits bypass attack based on pseudo-operation | |
| CN103532701B (en) | Encryption and decryption method for numeric type data | |
| CN101976320B (en) | Credible computer platform | |
| CN109818745B (en) | Internet of things information security chip | |
| CN105117658B (en) | A kind of cryptosecurity management method and equipment based on finger print identifying | |
| CN105933113A (en) | Secret key backup recovering method and system, and related devices | |
| CN103971071B (en) | Computer network system for preventing input data from being recorded | |
| CN108681909A (en) | The intelligent anti-counterfeiting device realized based on block chain intelligence contract and method for anti-counterfeit of tracing to the source | |
| CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
| CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
| CN105656626B (en) | Reverse recombination encryption method | |
| CN104602015A (en) | Real-time video monitoring encryption and authentication method | |
| CN103198247A (en) | Computer safety protection method and computer safety protection system | |
| CN106022169A (en) | Encryption protection method based on ZYNQ small-size cipher machine and device for realizing method | |
| BR112018013306B1 (en) | METHOD AND SYSTEM OF BANK CARD PASSWORD PROTECTION | |
| CN206611427U (en) | A kind of key storage management system based on trust computing device | |
| CN106130777A (en) | System safeguarded by a kind of industrial equipment based on cloud computing | |
| CN105678173A (en) | vTPM safety protection method based on hardware transactional memory | |
| CN105978686A (en) | Key management method and system | |
| CN105740733B (en) | A kind of encryption mobile hard disk and its implementation | |
| CN102255727A (en) | Improved anti-attacking intelligent card authentication method based on user defined algorithm environment | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN104579673B (en) | Interactive authentication method between RFID card and card reader | |
| CN107733936A (en) | A kind of encryption method of mobile data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| DD01 | Delivery of document by public notice |
Addressee: Cong Shuye Document name: Notification of Acceptance of Patent Application |
|
| DD01 | Delivery of document by public notice |
Addressee: Cong Shuye Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150930 |