CN105391709A - ATM machine authentication instrument motherboard program safety processing method - Google Patents

ATM machine authentication instrument motherboard program safety processing method Download PDF

Info

Publication number
CN105391709A
CN105391709A CN201510733499.1A CN201510733499A CN105391709A CN 105391709 A CN105391709 A CN 105391709A CN 201510733499 A CN201510733499 A CN 201510733499A CN 105391709 A CN105391709 A CN 105391709A
Authority
CN
China
Prior art keywords
data
state
safety chip
close safety
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510733499.1A
Other languages
Chinese (zh)
Other versions
CN105391709B (en
Inventor
范礼
郭启军
周文科
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eastern Communication Co Ltd
Original Assignee
Eastern Communication Co Ltd
Hangzhou Dongxin Finance Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eastern Communication Co Ltd, Hangzhou Dongxin Finance Technology Service Co Ltd filed Critical Eastern Communication Co Ltd
Priority to CN201510733499.1A priority Critical patent/CN105391709B/en
Publication of CN105391709A publication Critical patent/CN105391709A/en
Application granted granted Critical
Publication of CN105391709B publication Critical patent/CN105391709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses an ATM machine authentication instrument motherboard program safety processing method, which comprises a communication handshake step, a program plain text encryption step, a signature data calculation step, a data source authentication and data integrity detection step, and a program ciphertext decryption step. The method of the invention has the advantages that software loading safety, operation safety and version updating safety for the ATM machine can be protected; an illegal invader can be prevented from acquiring the program plain text data; unauthorized communication and loading can be prevented; and a tampered, forged or disguised malicious program can be prevented from replacing a normal program.

Description

ATM fake-identifying instrument mainboard program safety processing method
Technical field
The present invention relates to banking equipment routine processes technical field, especially relate to one and there is encipheror, journey logic bomb is prevented to be tampered or to add, the legitimacy that proving program is originated, the ATM fake-identifying instrument mainboard program safety processing method realizing program decrypts loading and security update function.
Background technology
Along with China's rapid development of economy, financial security becomes the problem received much concern.Wherein, ATM plays very important effect in financial field and banking, ensures that the software and hardware safety on ATM equipment is particularly important.
The program safety of ATM fake-identifying instrument is the key factor of ATM safety, but there is no the processing method can guaranteeing ATM fake-identifying instrument mainboard program safety at present, this problem has become a difficult problem for puzzlement ATM safe practice development field.
Summary of the invention
Goal of the invention of the present invention is the deficiency in order to overcome the potential safety hazard that ATM fake-identifying instrument mainboard program of the prior art exists, provide one and there is encipheror, journey logic bomb is prevented to be tampered or to add, the legitimacy that proving program is originated, the ATM fake-identifying instrument mainboard program safety processing method realizing program decrypts loading and security update function.
To achieve these goals, the present invention is by the following technical solutions:
A kind of ATM fake-identifying instrument mainboard program safety processing method, described mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and described mainboard program is stored in plate and carries in memory; Comprise communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
(1-1) described communication handshake flow process comprises the steps:
(1-1-1) processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, and processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN e;
(1-1-2) processor sends the request of reading random number to the close safety chip of state, and the close safety chip of state returns random number R N, and processor is with SN eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN e;
(1-1-3) processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN ewith the enciphered data RN ' utilizing local prestored secret key to generate ecompare, if RN e=RN ' e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
(1-2) described program plain text encryption flow process comprises the steps:
(1-2-1) host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate;
(1-2-2) host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and the close safety chip of state utilizes key K ey sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData e, the close safety chip of state is by pData ereturn to host computer, host computer is by pData ebe backfilling into original position and generate encipheror Data e.
First, the process that processor, host computer communicate with state close safety chip is controlled, must be operated by " shaking hands " of one-time authentication legal identity before the communication starts, shake hands and successfully could continue communication, otherwise the close safety chip of state thinks that this access illegally refuses further encryption and decryption request.
Secondly, the encipheror that memory is preserved be host computer by communicating with the development board carrying the close safety chip of state, send that SM4 CIPHERING REQUEST carries out symmetric block cipher to produce to program clear data.
In the present invention, in considering that real system runs, particularly load link at program decrypts and require shorter time loss, meet the requirement that embedded device starts fast.Before carrying out SM4 encryption, pseudorandomly extract the partial content in clear data by four-dimensional dynamical feedback hyperchaotic system, then be encrypted the partial data extracted, then original position is backfilling in initial data.
Again, with state close safety chip successful handshake after, need to carry out data source authentication to data to be decrypted and data integrity detects.In the present invention, this function realizes by means of the SM3 hash algorithm in close office of state canonical algorithm and SM2 elliptic curve asymmetric arithmetic.At processor end, SM3 hash is carried out to enciphered data and obtains summary, then summary is updated to the close safety chip of state, then extract the signature issued with encipheror, and initiate checking request; At the close safety chip end of state, carry out decrypted signature with the processor PKI stored in advance, reduction summary info compares checking.Achieved the certification of data source by the asymmetric encryption and decryption mechanism of SM2, and carry out check data integrity in conjunction with hash summary.
Finally, in program loading operation process, utilize SM4 symmetry algorithm to decipher and extract enciphered data, then original position backfill, completes decryption oprerations and load operating.Certification for program upgrades, first more new data is also through hyperchaotic system and extracts and SM4 encryption, last deciphering through the several operation of handshake authentication, data source authentication and data integrity, just will be loaded the replacement becoming file and upgrades by the overall process of security update equally.
In whole safety approach, plate carries the ciphertext of a save routine in memory, above-mentioned security step is needed for the loading of program and renewal, ensure that the safety of ATM system from program source, ensure that the safety of sensitive data in equipment and bank network and background data base.
The present invention utilizes hardware enciphering and deciphering and the authentication function of the close safety chip of state, Bootload on protection ATM equipment, the fail safe of operation and version updating, anti-illegal-inbreak person obtain program clear data carry out sensitive information smell spy and decompiling, prevent unauthorized communications and loading, prevent from being tampered, the rogue program forged or pretend is (as wooden horse, virus, malicious snippets of code etc.) alternate device normal procedure, thus stop illegal invasion person and control atm device, improve accounts information and the fund security of depositor, for the safety of bank network and background data base provides reliable basis.
Therefore; the present invention has the Bootload of protection ATM equipment, operation and version updating fail safe; anti-illegal-inbreak person obtains program clear data; prevent unauthorized communications and loading; prevent the rogue program being tampered, forging or pretending from substituting normal procedure; stop illegal invasion person and control ATM, improve accounts information and the fund security of depositor, the safety for bank network and background data base provides the feature of reliable basis.
As preferably, described signed data calculation process comprises the steps:
(2-1) host computer sends hash encryption request and by pData to the close safety chip of state esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData ebe encrypted, generate summary Hash;
(2-2) host computer sends asymmetric encryption request to the close safety chip of state, and the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key privencryption Hash generates signature Sign.
As preferably, described data source authentication and data integrity testing process comprise the steps:
(3-1) processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to step (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pData eissue the close safety chip of state, the close safety chip of state utilizes pData eupgrade and generate summary Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when state, close safety chip returns OK, and summary info is updated successfully;
(3-4) processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key pubdeciphering Sign obtains Hash d, as Hash ' and Hash dunanimously, data source authentication and data integrity have detected.
As preferably, described program decrypt ciphertext flow process comprises the steps:
(4-1) processor sends SM4 decoding request to the close safety chip of state, and by APP ciphertext pData eissue the close safety chip of state, the close safety chip of state utilizes key K ey sm4to pData ebe decrypted, obtain pData dand by pData dreturn to processor;
(4-2) processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData dbackfill, restores and obtains program expressly Data d.
As preferably, when upgrading the program in mainboard, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) and carries out communication handshake to (1-1-3), the close safety chip of processor and state repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, and processor refresh routine data replace the program encrypt data preserved in memory.
As preferably, described host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data, comprises following concrete steps:
(6-1) initial secret key (x is set 0, y 0, z 0, w 0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data 0data, extract y in the i-th+1 row data 0data, extract z in the i-th+2 row data 0data, extract w in the i-th+3 row data 0data, the initial value of i is 1, makes x=x 0, y=y 0, z=z 0, w=w 0;
(6-2) make i value increase by 4, as i < n, utilize formula x &prime; = 10 ( y - x ) y &prime; = 28 x + y - xz - w z &prime; = xy - 8 3 z w = kyz , Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w '; As i >=n, proceed to step (6-4);
(6-3) host computer selects xth data in the i-th row data, in the i-th+1 row data, select y data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return step (6-2);
(6-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
As preferably, the four-dimensional dynamical feedback chaos system in described (1-2-1) is replaced by Rockwell three-dimensional chaotic system, and the step (1-2-1) after replacement comprises following concrete steps:
(7-1) initial secret key (x is set 0, y 0, z 0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data 0data, extract y in jth+1 row data 0data, extract z in jth+2 row data 0data, the initial value of j is 1, x=x 0, y=y 0, z=z 0;
(7-2) make j value increase by 3, as j < n, utilize formula x , = - 12 x + 12 y y , = 42 x - y - xz z , = - 3 z + xy Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to step (7-4);
(7-3) host computer selects xth data in jth row data, in jth+1 row data, select y data, in jth+2 row data, select z data; Return step (7-2);
(7-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
As preferably, the model of processor is DM8168.
Therefore; the present invention has following beneficial effect: protect the Bootload of ATM equipment, operation and version updating fail safe; anti-illegal-inbreak person obtains program clear data; prevent unauthorized communications and loading; prevent the rogue program being tampered, forging or pretending from substituting normal procedure; stop illegal invasion person and control ATM, improve accounts information and the fund security of depositor, for the safety of bank network and background data base provides reliable basis.
Accompanying drawing explanation
Fig. 1 is a kind of x-z planar obit simulation figure of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 2 is a kind of x-y plane trajectory diagram of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 3 is a kind of x-w planar obit simulation figure of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 4 is a kind of communication handshake flow chart of the present invention;
Fig. 5 is a kind of program plain text encryption flow chart of the present invention;
Fig. 6 is a kind of signed data calculation flow chart of the present invention;
Fig. 7 is a kind of data source authentication of the present invention and data integrity overhaul flow chart;
Fig. 8 is a kind of program decrypt ciphertext flow chart of the present invention;
Fig. 9 is a kind of flow chart of mainboard program updates of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described.
Embodiment 1
Embodiment as shown in Fig. 4, Fig. 5, Fig. 6, Fig. 7, Fig. 8 is a kind of ATM fake-identifying instrument mainboard program processing method, and mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and mainboard program is stored in plate and carries in memory; The model of processor is DM8168; Mainboard program processing method comprises communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
As shown in Figure 4, communication handshake flow process comprises the steps:
1st step: processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN e;
2nd step: processor sends the request of reading random number to the close safety chip of state, the close safety chip of state returns random number R N, and processor is with SN eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN e;
3rd step: processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN ewith the enciphered data RN ' utilizing local prestored secret key to generate ecompare, if RN e=RN ' e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
As shown in Figure 5, program plain text encryption flow process comprises the steps:
1st step: host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data;
11st step: set initial secret key (x 0, y 0, z 0, w 0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data 0data, extract y in the i-th+1 row data 0data, extract z in the i-th+2 row data 0data, extract w in the i-th+3 row data 0data, the initial value of i is 1, makes x=x 0, y=y 0, z=z 0, w=w 0;
12nd step: make i value increase by 4, as i < n, utilizes formula x , = 10 ( y - x ) y , = 28 x + y - xz - w z , = xy - 8 3 z w = kyz , Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w '; As i >=n, proceed to the 14th step;
13rd step: host computer selects xth data in the i-th row data, selects y data in the i-th+1 row data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return the 12nd step;
14th step: each data extracted are arranged in order according to the sequencing extracted, obtain pData; As shown in Figure 1, Figure 2, Figure 3 shows, the x ' that each iteration obtains, y ', z ', w ' composition point (x ', y ', z ', w '), point (x ', y ', z ', w ') at x-z, form track a little in x-y, x-w plane, the track of point is pseudorandom, therefore, present invention achieves pseudorandom extracted data.
2nd step: host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, the close safety chip of state utilizes key K ey sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData e, the close safety chip of state is by pData ereturn to host computer, host computer is by pData ebe backfilling into original position and generate encipheror Data e.
As shown in Figure 6, signed data calculation process comprises the steps:
1st step: host computer sends hash encryption request and by pData to the close safety chip of state esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData ebe encrypted, generate summary Hash;
2nd step: host computer sends asymmetric encryption request to the close safety chip of state, the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key privencryption Hash generates signature Sign.
As shown in Figure 7, data source authentication and data integrity testing process comprise the steps:
1st step: processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to the 2nd step;
2nd step: processor sends update request to the close safety chip of state, and by pData eissue the close safety chip of state, the close safety chip of state utilizes pData eupgrade and generate summary Hash ';
3rd step: processor is sent completely request to the close safety chip of state, and close safety chip returns OK when state, and summary info is updated successfully;
4th step: processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key pubdeciphering Sign obtains Hash d, as Hash ' and Hash dunanimously, data source authentication and data integrity have detected.
As shown in Figure 8, program decrypt ciphertext flow process comprises the steps:
1st step: processor sends SM4 decoding request to the close safety chip of state, and by pData eissue the close safety chip of state, the close safety chip of state utilizes key K ey sm4to pData ebe decrypted, obtain pData dand by pData dreturn to processor;
The: 2 steps: processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData dbackfill, restores and obtains program expressly Data d.
As shown in Figure 9, when upgrading the program in mainboard, proceed as follows successively:
1st step: processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN e;
2nd step: processor sends the request of reading random number to the close safety chip of state, the close safety chip of state returns random number R N, and processor is with SN eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN e;
3rd step: processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN ewith the enciphered data RN ' utilizing local prestored secret key to generate ecompare, if RN e=RN ' e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
4th step: processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to the 2nd step;
5th step: processor sends update request to the close safety chip of state, and by pData eissue the close safety chip of state, the close safety chip of state is by pData eupgrade and generate summary Hash ';
6th step: processor is sent completely request to the close safety chip of state, and close safety chip returns OK when state, and summary info is updated successfully;
7th step: processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key pubdeciphering Sign obtains Hash d, as Hash ' and Hash dunanimously, data source authentication and data integrity have detected.
8th step: processor refresh routine data replace the program encrypt data preserved in memory.
Embodiment 2
Embodiment 2 comprises all the elements in embodiment 1, the four-dimensional dynamical feedback chaos system of embodiment 2 in Rockwell three-dimensional chaotic system alternative embodiment 1, host computer utilizes Rockwell three-dimensional chaotic system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate; Comprise following concrete steps:
1st step: set initial secret key (x 0, y 0, z 0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data 0data, extract y in jth+1 row data 0data, extract z in jth+2 row data 0data, the initial value of j is 1, makes x=x 0, y=y 0, z=z 0;
2nd step: make j value increase by 3, as j < n, utilizes formula x , = - 12 x + 12 y y , = 42 x - y - xz z , = - 3 z + xy Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to the 4th step;
3rd step: host computer selects xth data in jth row data, selects y data in jth+1 row data, in jth+2 row data, select z data; Return the 2nd step;
4th step: each data extracted are arranged in order according to the sequencing extracted, obtain pData.
Should be understood that the present embodiment is only not used in for illustration of the present invention to limit the scope of the invention.In addition should be understood that those skilled in the art can make various changes or modifications the present invention, and these equivalent form of values fall within the application's appended claims limited range equally after the content of having read the present invention's instruction.

Claims (8)

1. an ATM fake-identifying instrument mainboard program safety processing method, described mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and described mainboard program is stored in plate and carries in memory; It is characterized in that, comprise communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
(1-1) described communication handshake flow process comprises the steps:
(1-1-1) processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, and processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN e;
(1-1-2) processor sends the request of reading random number to the close safety chip of state, and the close safety chip of state returns random number R N, and processor is with SN eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN e;
(1-1-3) processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN ewith the enciphered data RN ' utilizing local prestored secret key to generate ecompare, if RN e=RN ' e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
(1-2) described program plain text encryption flow process comprises the steps:
(1-2-1) host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate;
(1-2-2) host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and the close safety chip of state utilizes key K ey sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData e, the close safety chip of state is by pData ereturn to host computer, host computer is by pData ebe backfilling into original position and generate encipheror Data e.
2. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described signed data calculation process comprises the steps:
(2-1) host computer sends hash encryption request and by pData to the close safety chip of state esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData ebe encrypted, generate summary Hash;
(2-2) host computer sends asymmetric encryption request to the close safety chip of state, and the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key privencryption Hash generates signature Sign.
3. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described data source authentication and data integrity testing process comprise the steps:
(3-1) processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to step (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pData eissue the close safety chip of state, the close safety chip of state utilizes pData eupgrade and generate summary Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when state, close safety chip returns OK, and summary info is updated successfully;
(3-4) processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key pubdeciphering Sign obtains Hash d, as Hash ' and Hash dunanimously, data source authentication and data integrity have detected.
4. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described program decrypt ciphertext flow process comprises the steps:
(4-1) processor sends SM4 decoding request to the close safety chip of state, and by APP ciphertext pData eissue the close safety chip of state, the close safety chip of state utilizes key K ey sm4to pData ebe decrypted, obtain pData dand by pData dreturn to processor;
(4-2) processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData dbackfill, restores and obtains program expressly Data d.
5. ATM fake-identifying instrument mainboard program safety processing method according to claim 3, is characterized in that, when upgrading the program in mainboard, proceeding as follows successively:
The close safety chip of processor and state repeats step (1-1-1) and carries out communication handshake to (1-1-3), the close safety chip of processor and state repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, and processor refresh routine data replace the program encrypt data preserved in memory.
6. ATM fake-identifying instrument mainboard program safety processing method according to claim 3, it is characterized in that, described host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data, comprises following concrete steps:
(6-1) initial secret key (x is set 0, y 0, z 0, w 0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data 0data, extract y in the i-th+1 row data 0data, extract z in the i-th+2 row data 0data, extract w in the i-th+3 row data 0data, the initial value of i is 1;
(6-2) make i value increase by 4, as i < n, utilize formula x &prime; = 10 ( y - x ) y &prime; = 28 x + y - xz - w z &prime; = xy - 8 3 z w = kyz , Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w ';
As i >=n, proceed to step (6-4);
(6-3) host computer selects xth data in the i-th row data, in the i-th+1 row data, select y data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return step (6-2);
(6-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
7. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, four-dimensional dynamical feedback chaos system in described (1-2-1) is replaced by Rockwell three-dimensional chaotic system, and the step (1-2-1) after replacement comprises following concrete steps:
(7-1) initial secret key (x is set 0, y 0, z 0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data 0data, extract y in jth+1 row data 0data, extract z in jth+2 row data 0data, the initial value of j is 1;
(7-2) make j value increase by 3, as j < n, utilize formula x , = - 12 x + 12 y y , = 42 x - y - xz z , = - 3 z + xy Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to step (7-4);
(7-3) host computer selects xth data in jth row data, in jth+1 row data, select y data, in jth+2 row data, select z data; Return step (7-2);
(7-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
8. the ATM fake-identifying instrument mainboard program safety processing method according to claim 1 or 2 or 3 or 4 or 5 or 6 or 7, it is characterized in that, the model of processor is DM8168.
CN201510733499.1A 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method Active CN105391709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510733499.1A CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510733499.1A CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Publications (2)

Publication Number Publication Date
CN105391709A true CN105391709A (en) 2016-03-09
CN105391709B CN105391709B (en) 2018-07-27

Family

ID=55423545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510733499.1A Active CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Country Status (1)

Country Link
CN (1) CN105391709B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080181409A1 (en) * 2007-01-31 2008-07-31 Zhuqiang Wang Method for guaranteeing security of critical data, terminal and secured chip
CN103107885A (en) * 2013-01-16 2013-05-15 深圳市怡化电脑有限公司 Detecting method and system of information security of automatic teller machine (ATM)
CN103117857A (en) * 2013-01-16 2013-05-22 深圳市怡化电脑有限公司 Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080181409A1 (en) * 2007-01-31 2008-07-31 Zhuqiang Wang Method for guaranteeing security of critical data, terminal and secured chip
CN103107885A (en) * 2013-01-16 2013-05-15 深圳市怡化电脑有限公司 Detecting method and system of information security of automatic teller machine (ATM)
CN103117857A (en) * 2013-01-16 2013-05-22 深圳市怡化电脑有限公司 Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm

Also Published As

Publication number Publication date
CN105391709B (en) 2018-07-27

Similar Documents

Publication Publication Date Title
CN110677418B (en) Trusted voiceprint authentication method and device, electronic equipment and storage medium
US9760721B2 (en) Secure transaction method from a non-secure terminal
US9584311B2 (en) Decrypting data
CA2838763C (en) Credential authentication methods and systems
EP3610607B1 (en) Cryptographic key management based on identity information
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
US9443068B2 (en) System and method for preventing unauthorized access to information
US20150334096A1 (en) Method and arrangement for secure communication between network units in a communication network
CN103051451A (en) Encryption authentication of security service execution environment
CN104380652A (en) Multi-issuer secure element partition architecture for NFC enabled devices
CN105957276A (en) Android system-based intelligent POS security system, starting method and data management control method
CN103269271A (en) Method and system for back-upping private key in electronic signature token
CN103873440A (en) Application program upgrading method and system
CN107944234B (en) Machine refreshing control method for Android equipment
JP6387908B2 (en) Authentication system
CN101281575A (en) Method for protecting software
CN111316596B (en) Encryption chip with identity verification function
CN105847000A (en) Token generation method and communication system based on same
CN111859415A (en) Neural network model encryption system and method
CN106156607B (en) SElinux secure access method and POS terminal
Frisby et al. Security Analysis of Smartphone Point-of-Sale Systems.
CN111614467B (en) System backdoor defense method and device, computer equipment and storage medium
CN111181960A (en) Safety credit granting and signature system based on terminal equipment block chain application
KR20200116010A (en) Encryption key management based on identity information
WO2018033017A1 (en) Terminal state conversion method and system for credit granting

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210825

Address after: 310000 No. 66 Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: EASTCOM Inc.

Address before: 310000 A318, R & D building, Dongxin City, No. 66, Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: EASTCOM Inc.

Patentee before: Hangzhou Eastcom Financial Technology Service Co.,Ltd.