CN105391709A - ATM machine authentication instrument motherboard program safety processing method - Google Patents
ATM machine authentication instrument motherboard program safety processing method Download PDFInfo
- Publication number
- CN105391709A CN105391709A CN201510733499.1A CN201510733499A CN105391709A CN 105391709 A CN105391709 A CN 105391709A CN 201510733499 A CN201510733499 A CN 201510733499A CN 105391709 A CN105391709 A CN 105391709A
- Authority
- CN
- China
- Prior art keywords
- data
- state
- safety chip
- close safety
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention discloses an ATM machine authentication instrument motherboard program safety processing method, which comprises a communication handshake step, a program plain text encryption step, a signature data calculation step, a data source authentication and data integrity detection step, and a program ciphertext decryption step. The method of the invention has the advantages that software loading safety, operation safety and version updating safety for the ATM machine can be protected; an illegal invader can be prevented from acquiring the program plain text data; unauthorized communication and loading can be prevented; and a tampered, forged or disguised malicious program can be prevented from replacing a normal program.
Description
Technical field
The present invention relates to banking equipment routine processes technical field, especially relate to one and there is encipheror, journey logic bomb is prevented to be tampered or to add, the legitimacy that proving program is originated, the ATM fake-identifying instrument mainboard program safety processing method realizing program decrypts loading and security update function.
Background technology
Along with China's rapid development of economy, financial security becomes the problem received much concern.Wherein, ATM plays very important effect in financial field and banking, ensures that the software and hardware safety on ATM equipment is particularly important.
The program safety of ATM fake-identifying instrument is the key factor of ATM safety, but there is no the processing method can guaranteeing ATM fake-identifying instrument mainboard program safety at present, this problem has become a difficult problem for puzzlement ATM safe practice development field.
Summary of the invention
Goal of the invention of the present invention is the deficiency in order to overcome the potential safety hazard that ATM fake-identifying instrument mainboard program of the prior art exists, provide one and there is encipheror, journey logic bomb is prevented to be tampered or to add, the legitimacy that proving program is originated, the ATM fake-identifying instrument mainboard program safety processing method realizing program decrypts loading and security update function.
To achieve these goals, the present invention is by the following technical solutions:
A kind of ATM fake-identifying instrument mainboard program safety processing method, described mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and described mainboard program is stored in plate and carries in memory; Comprise communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
(1-1) described communication handshake flow process comprises the steps:
(1-1-1) processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, and processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN
e;
(1-1-2) processor sends the request of reading random number to the close safety chip of state, and the close safety chip of state returns random number R N, and processor is with SN
eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN
e;
(1-1-3) processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN
ewith the enciphered data RN ' utilizing local prestored secret key to generate
ecompare, if RN
e=RN '
e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
(1-2) described program plain text encryption flow process comprises the steps:
(1-2-1) host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate;
(1-2-2) host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and the close safety chip of state utilizes key K ey
sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData
e, the close safety chip of state is by pData
ereturn to host computer, host computer is by pData
ebe backfilling into original position and generate encipheror Data
e.
First, the process that processor, host computer communicate with state close safety chip is controlled, must be operated by " shaking hands " of one-time authentication legal identity before the communication starts, shake hands and successfully could continue communication, otherwise the close safety chip of state thinks that this access illegally refuses further encryption and decryption request.
Secondly, the encipheror that memory is preserved be host computer by communicating with the development board carrying the close safety chip of state, send that SM4 CIPHERING REQUEST carries out symmetric block cipher to produce to program clear data.
In the present invention, in considering that real system runs, particularly load link at program decrypts and require shorter time loss, meet the requirement that embedded device starts fast.Before carrying out SM4 encryption, pseudorandomly extract the partial content in clear data by four-dimensional dynamical feedback hyperchaotic system, then be encrypted the partial data extracted, then original position is backfilling in initial data.
Again, with state close safety chip successful handshake after, need to carry out data source authentication to data to be decrypted and data integrity detects.In the present invention, this function realizes by means of the SM3 hash algorithm in close office of state canonical algorithm and SM2 elliptic curve asymmetric arithmetic.At processor end, SM3 hash is carried out to enciphered data and obtains summary, then summary is updated to the close safety chip of state, then extract the signature issued with encipheror, and initiate checking request; At the close safety chip end of state, carry out decrypted signature with the processor PKI stored in advance, reduction summary info compares checking.Achieved the certification of data source by the asymmetric encryption and decryption mechanism of SM2, and carry out check data integrity in conjunction with hash summary.
Finally, in program loading operation process, utilize SM4 symmetry algorithm to decipher and extract enciphered data, then original position backfill, completes decryption oprerations and load operating.Certification for program upgrades, first more new data is also through hyperchaotic system and extracts and SM4 encryption, last deciphering through the several operation of handshake authentication, data source authentication and data integrity, just will be loaded the replacement becoming file and upgrades by the overall process of security update equally.
In whole safety approach, plate carries the ciphertext of a save routine in memory, above-mentioned security step is needed for the loading of program and renewal, ensure that the safety of ATM system from program source, ensure that the safety of sensitive data in equipment and bank network and background data base.
The present invention utilizes hardware enciphering and deciphering and the authentication function of the close safety chip of state, Bootload on protection ATM equipment, the fail safe of operation and version updating, anti-illegal-inbreak person obtain program clear data carry out sensitive information smell spy and decompiling, prevent unauthorized communications and loading, prevent from being tampered, the rogue program forged or pretend is (as wooden horse, virus, malicious snippets of code etc.) alternate device normal procedure, thus stop illegal invasion person and control atm device, improve accounts information and the fund security of depositor, for the safety of bank network and background data base provides reliable basis.
Therefore; the present invention has the Bootload of protection ATM equipment, operation and version updating fail safe; anti-illegal-inbreak person obtains program clear data; prevent unauthorized communications and loading; prevent the rogue program being tampered, forging or pretending from substituting normal procedure; stop illegal invasion person and control ATM, improve accounts information and the fund security of depositor, the safety for bank network and background data base provides the feature of reliable basis.
As preferably, described signed data calculation process comprises the steps:
(2-1) host computer sends hash encryption request and by pData to the close safety chip of state
esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData
ebe encrypted, generate summary Hash;
(2-2) host computer sends asymmetric encryption request to the close safety chip of state, and the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key
privencryption Hash generates signature Sign.
As preferably, described data source authentication and data integrity testing process comprise the steps:
(3-1) processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to step (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pData
eissue the close safety chip of state, the close safety chip of state utilizes pData
eupgrade and generate summary Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when state, close safety chip returns OK, and summary info is updated successfully;
(3-4) processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key
pubdeciphering Sign obtains Hash
d, as Hash ' and Hash
dunanimously, data source authentication and data integrity have detected.
As preferably, described program decrypt ciphertext flow process comprises the steps:
(4-1) processor sends SM4 decoding request to the close safety chip of state, and by APP ciphertext pData
eissue the close safety chip of state, the close safety chip of state utilizes key K ey
sm4to pData
ebe decrypted, obtain pData
dand by pData
dreturn to processor;
(4-2) processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData
dbackfill, restores and obtains program expressly Data
d.
As preferably, when upgrading the program in mainboard, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) and carries out communication handshake to (1-1-3), the close safety chip of processor and state repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, and processor refresh routine data replace the program encrypt data preserved in memory.
As preferably, described host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data, comprises following concrete steps:
(6-1) initial secret key (x is set
0, y
0, z
0, w
0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data
0data, extract y in the i-th+1 row data
0data, extract z in the i-th+2 row data
0data, extract w in the i-th+3 row data
0data, the initial value of i is 1, makes x=x
0, y=y
0, z=z
0, w=w
0;
(6-2) make i value increase by 4, as i < n, utilize formula
Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w '; As i >=n, proceed to step (6-4);
(6-3) host computer selects xth data in the i-th row data, in the i-th+1 row data, select y data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return step (6-2);
(6-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
As preferably, the four-dimensional dynamical feedback chaos system in described (1-2-1) is replaced by Rockwell three-dimensional chaotic system, and the step (1-2-1) after replacement comprises following concrete steps:
(7-1) initial secret key (x is set
0, y
0, z
0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data
0data, extract y in jth+1 row data
0data, extract z in jth+2 row data
0data, the initial value of j is 1, x=x
0, y=y
0, z=z
0;
(7-2) make j value increase by 3, as j < n, utilize formula
Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to step (7-4);
(7-3) host computer selects xth data in jth row data, in jth+1 row data, select y data, in jth+2 row data, select z data; Return step (7-2);
(7-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
As preferably, the model of processor is DM8168.
Therefore; the present invention has following beneficial effect: protect the Bootload of ATM equipment, operation and version updating fail safe; anti-illegal-inbreak person obtains program clear data; prevent unauthorized communications and loading; prevent the rogue program being tampered, forging or pretending from substituting normal procedure; stop illegal invasion person and control ATM, improve accounts information and the fund security of depositor, for the safety of bank network and background data base provides reliable basis.
Accompanying drawing explanation
Fig. 1 is a kind of x-z planar obit simulation figure of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 2 is a kind of x-y plane trajectory diagram of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 3 is a kind of x-w planar obit simulation figure of four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 4 is a kind of communication handshake flow chart of the present invention;
Fig. 5 is a kind of program plain text encryption flow chart of the present invention;
Fig. 6 is a kind of signed data calculation flow chart of the present invention;
Fig. 7 is a kind of data source authentication of the present invention and data integrity overhaul flow chart;
Fig. 8 is a kind of program decrypt ciphertext flow chart of the present invention;
Fig. 9 is a kind of flow chart of mainboard program updates of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described.
Embodiment 1
Embodiment as shown in Fig. 4, Fig. 5, Fig. 6, Fig. 7, Fig. 8 is a kind of ATM fake-identifying instrument mainboard program processing method, and mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and mainboard program is stored in plate and carries in memory; The model of processor is DM8168; Mainboard program processing method comprises communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
As shown in Figure 4, communication handshake flow process comprises the steps:
1st step: processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN
e;
2nd step: processor sends the request of reading random number to the close safety chip of state, the close safety chip of state returns random number R N, and processor is with SN
eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN
e;
3rd step: processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN
ewith the enciphered data RN ' utilizing local prestored secret key to generate
ecompare, if RN
e=RN '
e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
As shown in Figure 5, program plain text encryption flow process comprises the steps:
1st step: host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data;
11st step: set initial secret key (x
0, y
0, z
0, w
0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data
0data, extract y in the i-th+1 row data
0data, extract z in the i-th+2 row data
0data, extract w in the i-th+3 row data
0data, the initial value of i is 1, makes x=x
0, y=y
0, z=z
0, w=w
0;
12nd step: make i value increase by 4, as i < n, utilizes formula
Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w '; As i >=n, proceed to the 14th step;
13rd step: host computer selects xth data in the i-th row data, selects y data in the i-th+1 row data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return the 12nd step;
14th step: each data extracted are arranged in order according to the sequencing extracted, obtain pData; As shown in Figure 1, Figure 2, Figure 3 shows, the x ' that each iteration obtains, y ', z ', w ' composition point (x ', y ', z ', w '), point (x ', y ', z ', w ') at x-z, form track a little in x-y, x-w plane, the track of point is pseudorandom, therefore, present invention achieves pseudorandom extracted data.
2nd step: host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, the close safety chip of state utilizes key K ey
sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData
e, the close safety chip of state is by pData
ereturn to host computer, host computer is by pData
ebe backfilling into original position and generate encipheror Data
e.
As shown in Figure 6, signed data calculation process comprises the steps:
1st step: host computer sends hash encryption request and by pData to the close safety chip of state
esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData
ebe encrypted, generate summary Hash;
2nd step: host computer sends asymmetric encryption request to the close safety chip of state, the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key
privencryption Hash generates signature Sign.
As shown in Figure 7, data source authentication and data integrity testing process comprise the steps:
1st step: processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to the 2nd step;
2nd step: processor sends update request to the close safety chip of state, and by pData
eissue the close safety chip of state, the close safety chip of state utilizes pData
eupgrade and generate summary Hash ';
3rd step: processor is sent completely request to the close safety chip of state, and close safety chip returns OK when state, and summary info is updated successfully;
4th step: processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key
pubdeciphering Sign obtains Hash
d, as Hash ' and Hash
dunanimously, data source authentication and data integrity have detected.
As shown in Figure 8, program decrypt ciphertext flow process comprises the steps:
1st step: processor sends SM4 decoding request to the close safety chip of state, and by pData
eissue the close safety chip of state, the close safety chip of state utilizes key K ey
sm4to pData
ebe decrypted, obtain pData
dand by pData
dreturn to processor;
The: 2 steps: processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData
dbackfill, restores and obtains program expressly Data
d.
As shown in Figure 9, when upgrading the program in mainboard, proceed as follows successively:
1st step: processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN
e;
2nd step: processor sends the request of reading random number to the close safety chip of state, the close safety chip of state returns random number R N, and processor is with SN
eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN
e;
3rd step: processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN
ewith the enciphered data RN ' utilizing local prestored secret key to generate
ecompare, if RN
e=RN '
e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
4th step: processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to the 2nd step;
5th step: processor sends update request to the close safety chip of state, and by pData
eissue the close safety chip of state, the close safety chip of state is by pData
eupgrade and generate summary Hash ';
6th step: processor is sent completely request to the close safety chip of state, and close safety chip returns OK when state, and summary info is updated successfully;
7th step: processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key
pubdeciphering Sign obtains Hash
d, as Hash ' and Hash
dunanimously, data source authentication and data integrity have detected.
8th step: processor refresh routine data replace the program encrypt data preserved in memory.
Embodiment 2
Embodiment 2 comprises all the elements in embodiment 1, the four-dimensional dynamical feedback chaos system of embodiment 2 in Rockwell three-dimensional chaotic system alternative embodiment 1, host computer utilizes Rockwell three-dimensional chaotic system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate; Comprise following concrete steps:
1st step: set initial secret key (x
0, y
0, z
0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data
0data, extract y in jth+1 row data
0data, extract z in jth+2 row data
0data, the initial value of j is 1, makes x=x
0, y=y
0, z=z
0;
2nd step: make j value increase by 3, as j < n, utilizes formula
Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to the 4th step;
3rd step: host computer selects xth data in jth row data, selects y data in jth+1 row data, in jth+2 row data, select z data; Return the 2nd step;
4th step: each data extracted are arranged in order according to the sequencing extracted, obtain pData.
Should be understood that the present embodiment is only not used in for illustration of the present invention to limit the scope of the invention.In addition should be understood that those skilled in the art can make various changes or modifications the present invention, and these equivalent form of values fall within the application's appended claims limited range equally after the content of having read the present invention's instruction.
Claims (8)
1. an ATM fake-identifying instrument mainboard program safety processing method, described mainboard comprises the processor, the plate that intercom mutually and carries the close safety chip of memory and state, and described mainboard program is stored in plate and carries in memory; It is characterized in that, comprise communication handshake flow process, program plain text encryption flow process, signed data calculation process, data source authentication and data integrity testing process, program decrypt ciphertext flow process;
(1-1) described communication handshake flow process comprises the steps:
(1-1-1) processor sends the request of reading sequence number to the close safety chip of state, the automatic formation sequence SN of the close safety chip of state, and processor adopts 3DES symmetric encipherment algorithm be encrypted SN and obtain SN
e;
(1-1-2) processor sends the request of reading random number to the close safety chip of state, and the close safety chip of state returns random number R N, and processor is with SN
eas key, adopt 3DES symmetric encipherment algorithm to be encrypted RN and obtain RN
e;
(1-1-3) processor sends checking request to the close safety chip of state, and the close safety chip of state is by RN
ewith the enciphered data RN ' utilizing local prestored secret key to generate
ecompare, if RN
e=RN '
e, then shake hands successfully, the close safety chip of state returns successful information of shaking hands; Otherwise the close safety chip of state returns failure information of shaking hands;
(1-2) described program plain text encryption flow process comprises the steps:
(1-2-1) host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly carries program memory expressly extracting part divided data pData in Data from being stored in plate;
(1-2-2) host computer sends CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and the close safety chip of state utilizes key K ey
sm4, adopt SM4 symmetric encipherment algorithm encryption pData to obtain pData
e, the close safety chip of state is by pData
ereturn to host computer, host computer is by pData
ebe backfilling into original position and generate encipheror Data
e.
2. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described signed data calculation process comprises the steps:
(2-1) host computer sends hash encryption request and by pData to the close safety chip of state
esend to the close safety chip of state, the close safety chip of state adopts SM3 hash cryptographic algorithm to pData
ebe encrypted, generate summary Hash;
(2-2) host computer sends asymmetric encryption request to the close safety chip of state, and the close safety chip of state adopts SM2 elliptic curve rivest, shamir, adelman, utilizes private key Key
privencryption Hash generates signature Sign.
3. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described data source authentication and data integrity testing process comprise the steps:
(3-1) processor sends to the close safety chip of state and starts Hash request, after state close safety chip response OK, proceeds to step (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pData
eissue the close safety chip of state, the close safety chip of state utilizes pData
eupgrade and generate summary Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when state, close safety chip returns OK, and summary info is updated successfully;
(3-4) processor sends the request of SM2 sign test to the close safety chip of state, and signature Sign is sent to the close safety chip of state, and the close safety chip of state utilizes PKI Key
pubdeciphering Sign obtains Hash
d, as Hash ' and Hash
dunanimously, data source authentication and data integrity have detected.
4. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, described program decrypt ciphertext flow process comprises the steps:
(4-1) processor sends SM4 decoding request to the close safety chip of state, and by APP ciphertext pData
eissue the close safety chip of state, the close safety chip of state utilizes key K ey
sm4to pData
ebe decrypted, obtain pData
dand by pData
dreturn to processor;
(4-2) processor utilizes four-dimensional dynamical feedback chaos system to determine to backfill position, by pData
dbackfill, restores and obtains program expressly Data
d.
5. ATM fake-identifying instrument mainboard program safety processing method according to claim 3, is characterized in that, when upgrading the program in mainboard, proceeding as follows successively:
The close safety chip of processor and state repeats step (1-1-1) and carries out communication handshake to (1-1-3), the close safety chip of processor and state repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, and processor refresh routine data replace the program encrypt data preserved in memory.
6. ATM fake-identifying instrument mainboard program safety processing method according to claim 3, it is characterized in that, described host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly extracting part divided data pData from the program stored in memory expressly Data, comprises following concrete steps:
(6-1) initial secret key (x is set
0, y
0, z
0, w
0, k), Data comprises the capable data of n, n=4m, m>=8, and host computer extracts xth in the i-th row data
0data, extract y in the i-th+1 row data
0data, extract z in the i-th+2 row data
0data, extract w in the i-th+3 row data
0data, the initial value of i is 1;
(6-2) make i value increase by 4, as i < n, utilize formula
Calculating x ', y ', z ' and w ', makes iteration assignment x=x ', y=y ', z=z ', w=w ';
As i >=n, proceed to step (6-4);
(6-3) host computer selects xth data in the i-th row data, in the i-th+1 row data, select y data, in the i-th+2 row data, select z data, in the i-th+3 row data, select w data; Return step (6-2);
(6-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
7. ATM fake-identifying instrument mainboard program safety processing method according to claim 1, it is characterized in that, four-dimensional dynamical feedback chaos system in described (1-2-1) is replaced by Rockwell three-dimensional chaotic system, and the step (1-2-1) after replacement comprises following concrete steps:
(7-1) initial secret key (x is set
0, y
0, z
0), Data comprises the capable data of n, n=3m, m>=6, and host computer extracts xth in jth row data
0data, extract y in jth+1 row data
0data, extract z in jth+2 row data
0data, the initial value of j is 1;
(7-2) make j value increase by 3, as j < n, utilize formula
Calculating x ', y ', z ', makes iteration assignment x=x ', y=y ', z=z ';
As j >=n, proceed to step (7-4);
(7-3) host computer selects xth data in jth row data, in jth+1 row data, select y data, in jth+2 row data, select z data; Return step (7-2);
(7-4) each data extracted are arranged in order according to the sequencing extracted, obtain pData.
8. the ATM fake-identifying instrument mainboard program safety processing method according to claim 1 or 2 or 3 or 4 or 5 or 6 or 7, it is characterized in that, the model of processor is DM8168.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510733499.1A CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510733499.1A CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105391709A true CN105391709A (en) | 2016-03-09 |
CN105391709B CN105391709B (en) | 2018-07-27 |
Family
ID=55423545
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510733499.1A Active CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105391709B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080181409A1 (en) * | 2007-01-31 | 2008-07-31 | Zhuqiang Wang | Method for guaranteeing security of critical data, terminal and secured chip |
CN103107885A (en) * | 2013-01-16 | 2013-05-15 | 深圳市怡化电脑有限公司 | Detecting method and system of information security of automatic teller machine (ATM) |
CN103117857A (en) * | 2013-01-16 | 2013-05-22 | 深圳市怡化电脑有限公司 | Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm |
-
2015
- 2015-11-02 CN CN201510733499.1A patent/CN105391709B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080181409A1 (en) * | 2007-01-31 | 2008-07-31 | Zhuqiang Wang | Method for guaranteeing security of critical data, terminal and secured chip |
CN103107885A (en) * | 2013-01-16 | 2013-05-15 | 深圳市怡化电脑有限公司 | Detecting method and system of information security of automatic teller machine (ATM) |
CN103117857A (en) * | 2013-01-16 | 2013-05-22 | 深圳市怡化电脑有限公司 | Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN105391709B (en) | 2018-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
US9760721B2 (en) | Secure transaction method from a non-secure terminal | |
US9584311B2 (en) | Decrypting data | |
CA2838763C (en) | Credential authentication methods and systems | |
EP3610607B1 (en) | Cryptographic key management based on identity information | |
CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
US9443068B2 (en) | System and method for preventing unauthorized access to information | |
US20150334096A1 (en) | Method and arrangement for secure communication between network units in a communication network | |
CN103051451A (en) | Encryption authentication of security service execution environment | |
CN104380652A (en) | Multi-issuer secure element partition architecture for NFC enabled devices | |
CN105957276A (en) | Android system-based intelligent POS security system, starting method and data management control method | |
CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
CN103873440A (en) | Application program upgrading method and system | |
CN107944234B (en) | Machine refreshing control method for Android equipment | |
JP6387908B2 (en) | Authentication system | |
CN101281575A (en) | Method for protecting software | |
CN111316596B (en) | Encryption chip with identity verification function | |
CN105847000A (en) | Token generation method and communication system based on same | |
CN111859415A (en) | Neural network model encryption system and method | |
CN106156607B (en) | SElinux secure access method and POS terminal | |
Frisby et al. | Security Analysis of Smartphone Point-of-Sale Systems. | |
CN111614467B (en) | System backdoor defense method and device, computer equipment and storage medium | |
CN111181960A (en) | Safety credit granting and signature system based on terminal equipment block chain application | |
KR20200116010A (en) | Encryption key management based on identity information | |
WO2018033017A1 (en) | Terminal state conversion method and system for credit granting |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210825 Address after: 310000 No. 66 Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: EASTCOM Inc. Address before: 310000 A318, R & D building, Dongxin City, No. 66, Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: EASTCOM Inc. Patentee before: Hangzhou Eastcom Financial Technology Service Co.,Ltd. |