Summary of the invention
Easily being cracked to solve code keypad, adopting the technical problem of encryption chip high cost, the invention provides one and can effectively prevent code keypad input to be cracked, and realize the method for lower-cost code keypad generating ciphertext.
In order to realize above-mentioned technical purpose, technical scheme of the present invention is,
A method for code keypad generating ciphertext, comprises the following steps:
Step one: whether inspection code keypad is legal, and non-rule terminates whole ciphertext generative process, legal, continues to perform; Then the cryptographic algorithm of code keypad is set; The bank's key comprising master key and working key obtained from bank is loaded again in the storage area of code keypad;
Step 2: the password of process user input, first obtains the password of user's input, then by master key decryption work key, and the cryptographic algorithm set according to step one to be encrypted password in conjunction with working key and to obtain ciphertext and key value; Then according to the figure place of key value, ciphertext is split, the ciphertext A after fractionation and ciphertext B is stored in the storage area of code keypad respectively;
Step 3: banking system is verified the password that user inputs, first calculates character string check code by the ciphertext after fractionation by hash algorithm; Then just ciphertext and character string check code are sent to banking system and are decrypted certification; Banking system is verified the ciphertext received and character string check code, judges whether to be tampered; If be not tampered, then ciphertext A and ciphertext B is synthesized complete ciphertext, more whether the password of authentication of users input is correct, terminates checking.
The method of described a kind of code keypad generating ciphertext, in described step one, whether inspection code keypad is legal, being by setting and configuration parameter, code keypad being carried out to initialization come, as carried out initialization, it is legal to be then judged as, otherwise is illegal.
The method of described a kind of code keypad generating ciphertext, in described step one, the cryptographic algorithm of keyboard password adopts the one in the PIN encryption mode of ISO9564-0, IBM3624 or ASCII, and cryptographic algorithm is DES or 3DES.
The method of described a kind of code keypad generating ciphertext, in described step one, first loads master key, then is loaded by master key read work key, and selects the storage area on code keypad, is loaded into wherein by key.
The method of described a kind of code keypad generating ciphertext, in described step 2, first the password of user's input is obtained, then deciphered by master key and obtain the secret key of work, in conjunction with working key password to be encrypted according to the cryptographic algorithm that sets before again and to obtain ciphertext and key value, wherein ciphertext is the character string of default figure place, and key value is the figure place of the password that user inputs.
The method of described a kind of code keypad generating ciphertext, in described step 2, the figure place according to key value splits ciphertext, ciphertext is divided into the ciphertext A comprising the number of characters identical with key value figure place, and comprises the ciphertext B of remaining number of characters.
The method of described a kind of code keypad generating ciphertext, in described step 3, system obtains ciphertext A at the storage area of code keypad, and ciphertext A is calculated character string check code A ' by hash algorithm; Obtain ciphertext B, ciphertext B is calculated character string check code B ' by hash algorithm; Then ciphertext A, character string check code A ', ciphertext B, character string check code B ' are combined into a packet to be sent to banking system and to be decrypted certification.
The method of described a kind of code keypad generating ciphertext, in described step 3, the ciphertext A obtained and ciphertext B is calculated check code A ' by hash algorithm to banking system and check code B ' verifies, judge whether to be tampered, if be not tampered, then ciphertext A and ciphertext B is synthesized complete ciphertext, more whether the password of authentication of users input is correct, otherwise do not do to synthesize, directly terminate checking.
Technique effect of the present invention is, store by carrying out fractionation based on the figure place of key value to the ciphertext generated and send, the fail safe of ciphertext is improved further, simultaneously because the ciphertext splitting generation splits based on original key value, do not change the cipher mode of original bank key, so can not cause the situation of decryption logic confusion, stability is higher.
Embodiment
See Fig. 1, in order to realize to user by code keypad input the encipherment protection of password, the present invention includes following steps:
First be the reliability confirming code keypad itself, before password encryption user inputted stores, first system will carry out preliminary setting to code keypad:
(1) whether to set and configuration parameter, carry out initialization to code keypad, namely check code keypad legal, if code keypad can carry out initialization, then it is legal to think, otherwise thinks illegal;
(2) arrange the cryptographic algorithm of code keypad, can adopt and select PIN encryption mode, encryption mode comprises and is not limited to ISO9564-0, IBM3624, ASCII etc., and alternative cryptographic algorithm comprises and is not limited to DES, 3DES;
(3) bank's key is loaded, double secret key obtains from bank, double secret key comprises master key and the secret key of work, first load master key and refill a year working key, this is because want read work key must be encrypted reading by master key, code keypad has usually 0-15 district totally 16 storage areas, actual can Stochastic choice when using, key is loaded into wherein.
After preliminary setting is carried out to code keypad:
(4) password of user's input is obtained, first read master key and then the working key corresponding to its deciphering, according to the cryptographic algorithm set before and work secret key, password is encrypted again, obtain character ciphertext, set the length of character ciphertext as 16 in the present embodiment, obtain key value simultaneously, key value i.e. " * ", the password establishing user to input in the present embodiment is 6, then key value is shown as 6 " * * * * * * ";
(5) split ciphertext according to the figure place of key value, the figure place as key value is 6, then ciphertext is split into the ciphertext A comprising front 6 characters and comprise the ciphertext B of rear 10 characters;
(6) ciphertext A and ciphertext B is stored in respectively in optional 16 storage areas;
When whether the password that bank needs authentication of users to input is correct,
(7) system obtains ciphertext A at storage area, and ciphertext A is calculated 16 character string check code A ' by hash algorithm; Obtain ciphertext B, ciphertext B is calculated 16 character string check code B ' by hash algorithm;
(8) ciphertext A, character string check code A ', ciphertext B, character string check code B ' are combined into 48 bit data bags to be sent to banking system and to be decrypted certification.
(9) the ciphertext A obtained and ciphertext B is calculated check code A ' by hash algorithm and check code B ' verifies by banking system, judges whether to be tampered.
(10) if be not tampered, then ciphertext A and ciphertext B is synthesized complete ciphertext, more whether the password of authentication of users input is correct, terminates checking.