CN105391709B - ATM machine fake-identifying instrument mainboard program safety processing method - Google Patents
ATM machine fake-identifying instrument mainboard program safety processing method Download PDFInfo
- Publication number
- CN105391709B CN105391709B CN201510733499.1A CN201510733499A CN105391709B CN 105391709 B CN105391709 B CN 105391709B CN 201510733499 A CN201510733499 A CN 201510733499A CN 105391709 B CN105391709 B CN 105391709B
- Authority
- CN
- China
- Prior art keywords
- data
- state
- safety chip
- close safety
- pdata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention discloses a kind of ATM machine fake-identifying instrument mainboard program safety processing method, including communication handshake flow, program plaintext encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext decrypts flow;The characteristics of present invention has software load, operation and the version updating safety of protection ATM machine equipment, and anti-illegal-inbreak person obtains program clear data, prevents unauthorized communications and load, prevents the rogue program for being tampered, forging or pretending from substituting normal procedure.
Description
Technical field
The present invention relates to banking equipment program processing technology fields, having encipheror more particularly, to one kind, prevent journey
Logic bomb is tampered or adds, the legitimacy in proving program source, the ATM for realizing program decryption load and security update function
Machine fake-identifying instrument mainboard program safety processing method.
Background technology
With China's rapid development of economy, financial security becomes the problem of being concerned.Wherein, ATM machine is led in finance
Very important effect is played in domain and banking, ensures that the software and hardware in ATM machine equipment is particularly important safely.
The program safety of ATM machine fake-identifying instrument is the key factor of ATM machine safety, still, there is no can ensure that ATM machine is reflected at present
The processing method of pseudo- instrument mainboard program safety, the problem have become the problem of puzzlement ATM safe practice development fields.
Invention content
The goal of the invention of the present invention is to overcome safety existing for ATM machine fake-identifying instrument mainboard program in the prior art hidden
The deficiency of trouble, provide it is a kind of there is encipheror, prevent journey logic bomb to be tampered or add, proving program source it is legal
Property, realize program decryption load and security update function ATM machine fake-identifying instrument mainboard program safety processing method.
To achieve the goals above, the present invention uses following technical scheme:
A kind of ATM machine fake-identifying instrument mainboard program safety processing method, the mainboard includes the processor being in communication with each other, onboard
The close safety chip of memory and state, the mainboard program are stored in onboard storage device;In plain text including communication handshake flow, program
Encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext decrypt flow;
(1-1) described communication handshake flow includes the following steps:
(1-1-1) processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates
Sequence number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse;
(1-1-2) processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns random
Number RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe;
(1-1-3) processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing
Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success
Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
(1-2) described program plaintext encryption flow includes the following steps:
(1-2-1) host computer is using four-dimensional dynamical feedback chaos system, pseudorandomly from being stored in onboard storage device
Extraction section data pData in program plaintext Data;
(1-2-2) host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state,
The close safety chip of state utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state
By pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae。
First, the process that processor, host computer are communicated with state close safety chip is controlled, must be led to before the communication starts
" shaking hands " operation of one-time authentication legal identity is crossed, shaking hands could successfully continue to communicate, and otherwise, the close safety chip of state thinks this time
It accesses illegal and refuses further encryption and decryption request.
Secondly, the encipheror preserved on memory is host computer by leading to the development board for carrying the close safety chip of state
Letter sends SM4 CIPHERING REQUESTs and carries out symmetric block cipher to program clear data to generate.
In the present invention, it is contemplated that in real system operation, especially program decrypt load link require it is shorter when
Between consume, meet the requirement that embedded device quickly starts.Before carrying out SM4 encryptions, by four-dimensional dynamical feedback hyperchaos system
System is pseudorandomly to extract the partial content in clear data, then the partial data extracted is encrypted, then in situ
It is backfilling into initial data.
Again, with after state close safety chip successful handshake, need to carry out data source authentication sum number to data to be decrypted
According to integrity detection.In the present invention, the function is by means of the SM3 hash algorithms and the oval songs of SM2 in the close office's canonical algorithm of state
Line asymmetric arithmetic is realized.At processor end, SM3 hash is carried out to encryption data and obtains abstract, then state is arrived in abstract update
Then close safety chip extracts the signature issued with encipheror, and initiates checking request;At the close safety chip end of state,
With the processor public key stored in advance come decrypted signature, reduction summary info compares verification.Pass through the asymmetric encryption and decryption machines of SM2
System realizes the certification of data source, and carrys out check data integrity in conjunction with hash abstract.
Finally, it during program loading operation, is decrypted using SM4 symmetry algorithms and extracts encryption data, it is then in situ to return
It fills out, completes decryption oprerations and load operating.Certification update for program, it is also to be taken out by hyperchaotic system to update the data first
It takes and also passes through handshake authentication, data source authentication and data integrity with SM4 encryptions, the overall process of security update
Several operations, the replacement that last decryption load is only become to file update.
In entire safety approach, the ciphertext of save routine in onboard storage device, load and update for program need
Above-mentioned security step is completed, the safety of ATM system is ensure that from program source, ensure that the sensitive data in equipment and bank
The safety of network and background data base.
The present invention utilize the close safety chip of state hardware enciphering and deciphering and authentication function, protect ATM machine equipment on software load,
The safety of operation and version updating, anti-illegal-inbreak person obtain program clear data progress sensitive information sniff and are compiled with anti-
It translates, prevents unauthorized communications and load, prevent rogue program (such as wooden horse, virus, the malicious code for being tampered, forging or pretending
Segment etc.) alternate device normal procedure, to prevent illegal invasion person control atm device, improve depositor account information and
Fund security, the safety for bank network and background data base provide reliable basis.
Therefore, the present invention has software load, operation and the version updating safety of protection ATM machine equipment, prevents illegal
Invader obtains program clear data, prevents unauthorized communications and load, prevents the rogue program for being tampered, forging or pretending from replacing
For normal procedure, prevents illegal invasion person control ATM machine, improve account information and the fund security of depositor, be bank network
The characteristics of reliable basis being provided with the safety of background data base.
Preferably, the signed data calculation process includes the following steps:
(2-1) host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safe core of state
Piece, the close safety chip of state is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
(2-2) host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state is oval bent using SM2
Line rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign.
Preferably, the data source authentication and data integrity detection flow include the following steps:
(3-1) processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to step
Suddenly (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pDataeThe close safety chip of state is issued, state is close
Safety chip utilizes pDataeIt updates and generates abstract Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when the close safety chip of state returns to OK, summary info is more
New success;
(3-4) processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state
Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication
It is completed with data integrity detection.
Preferably, described program ciphertext decryption flow includes the following steps:
(4-1) processor sends SM4 decoding requests to the close safety chip of state, and by APP ciphertexts pDataeIssue the close peace of state
Full chip, the close safety chip of state utilize key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to place
Manage device;
(4-2) processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill is restored simultaneously
Obtain program plaintext Datad。
Preferably, when being updated to the program in mainboard, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) to (1-1-3) and carries out communication handshake, and processor and state are close
Safety chip repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, processor update program number
According to the program ciphertext data preserved in replacement memory.
Preferably, the host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly in memory from storage
Program plaintext Data in extraction section data pData, comprise the following specific steps that:
(6-1) sets initial secret key (x0, y0, z0, w0, k), Data includes n row data, n=4m, m >=8, host computer
Xth is extracted in the i-th row data0Data extract y in i+1 row data0Data extract z in the i-th+2 row data0
Data extract w in the i-th+3 row data0The initial value of data, i is 1, makes x=x0, y=y0, z=z0, w=w0;
(6-3) host computer selects xth data in the i-th row data, and y data are selected in i+1 row data, i-th+
Z data are selected in 2 row data, w data are selected in the i-th+3 row data;Return to step (6-2);
Each data of extraction are arranged in order by (6-4) according to the sequencing of extraction, obtain pData.
Preferably, the four-dimensional dynamical feedback chaos system in (1-2-1) is replaced by Rockwell three-dimensional chaotic system, replace
Step (1-2-1) after changing comprises the following specific steps that:
(7-1) sets initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth
Xth is extracted in row data0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j
Initial value be 1, x=x0, y=y0, z=z0;
As j >=n, it is transferred to step (7-4);
(7-3) host computer selects xth data in jth row data, and y data are selected in+1 row data of jth, jth+
Z data are selected in 2 row data;Return to step (7-2);
Each data of extraction are arranged in order by (7-4) according to the sequencing of extraction, obtain pData.
Preferably, the model DM8168 of processor.
Therefore, the present invention has the advantages that:Protect the software load, operation and version updating peace of ATM machine equipment
Quan Xing, anti-illegal-inbreak person obtain program clear data, prevent unauthorized communications and load, prevent from being tampered, forge or pseudo-
The rogue program of dress substitutes normal procedure, prevents illegal invasion person control ATM machine, improves the account information and fund peace of depositor
Entirely, the safety for bank network and background data base provides reliable basis.
Description of the drawings
Fig. 1 is a kind of x-z-plane trajectory diagram of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 2 is a kind of x-y plane trajectory diagram of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 3 is a kind of x-w planar obit simulations figure of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 4 is a kind of communication handshake flow chart of the present invention;
Fig. 5 is a kind of program plaintext encryption flow figure of the present invention;
Fig. 6 is a kind of signed data calculation flow chart of the present invention;
Fig. 7 is a kind of data source authentication and data integrity detection flow chart of the present invention;
Fig. 8 is a kind of program ciphertext decryption flow chart of the present invention;
Fig. 9 is a kind of newer flow chart of mainboard program of the present invention.
Specific implementation mode
The present invention will be further described with reference to the accompanying drawings and detailed description.
Embodiment 1
It is main if Fig. 4, Fig. 5, Fig. 6, Fig. 7, embodiment shown in Fig. 8 are a kind of ATM machine fake-identifying instrument mainboard program processing methods
Plate includes the processor being in communication with each other, the close safety chip of onboard storage device and state, and mainboard program is stored in onboard storage device;Place
Manage the model DM8168 of device;Mainboard program processing method includes communication handshake flow, program plaintext encryption flow, signed data
Calculation process, data source authentication and data integrity detection flow, program ciphertext decrypt flow;
As shown in figure 4, communication handshake flow includes the following steps:
1st step:Processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence
Row number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse;
2nd step:Processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number
RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe;
3rd step:Processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing
Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success
Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
As shown in figure 5, program plaintext encryption flow includes the following steps:
1st step:Host computer is pseudorandomly bright from program stored in memory using four-dimensional dynamical feedback chaos system
Extraction section data pData in literary Data;
11st step:Set initial secret key (x0, y0, z0, w0, k), Data includes n row data, n=4m, and m >=8 are upper
Machine extracts xth in the i-th row data0Data extract y in i+1 row data0Data extract in the i-th+2 row data
z0Data extract w in the i-th+3 row data0The initial value of data, i is 1, makes x=x0, y=y0, z=z0, w=w0;
13rd step:Host computer selects xth data in the i-th row data, and y data are selected in i+1 row data,
Z data are selected in i+2 row data, w data are selected in the i-th+3 row data;Return to the 12nd step;
14th step:Each data of extraction are arranged in order according to the sequencing of extraction, obtain pData;Such as Fig. 1, figure
2, shown in Fig. 3, the x ' that each iteration obtains, y ', z ', w ' composition points (x ', y ', z ', w '), point (x ', y ', z ', w ') in x-z,
Track a little is formed in x-y, x-w plane, the track of point is pseudorandom, and therefore, the present invention realizes pseudorandom extraction
Data.
2nd step:Host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, state
Close safety chip utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state will
pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae。
As shown in fig. 6, signed data calculation process includes the following steps:
1st step:Host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safe core of state
Piece, the close safety chip of state is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
2nd step:Host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state is oval using SM2
Curve rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign.
As shown in fig. 7, data source authentication and data integrity detection flow include the following steps:
1st step:Processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to
2nd step;
2nd step:Processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, state
Close safety chip utilizes pDataeIt updates and generates abstract Hash ';
3rd step:Processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info
It is updated successfully;
4th step:Processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state
Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication
It is completed with data integrity detection.
As shown in figure 8, program ciphertext decryption flow includes the following steps:
1st step:Processor sends SM4 decoding requests to the close safety chip of state, and by pDataeThe close safety chip of state is issued,
The close safety chip of state utilizes key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to processor;
The:2 steps:Processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill is restored
And obtain program plaintext Datad。
As shown in figure 9, when being updated to the program in mainboard, proceed as follows successively:
1st step:Processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence
Row number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse;
2nd step:Processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number
RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe;
3rd step:Processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing
Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success
Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
4th step:Processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to
2nd step;
5th step:Processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, state
Close safety chip is by pDataeIt updates and generates abstract Hash ';
6th step:Processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info
It is updated successfully;
7th step:Processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state
Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication
It is completed with data integrity detection.
8th step:Processor replaces the program ciphertext data preserved in memory with update program data.
Embodiment 2
Embodiment 2 includes all the elements in embodiment 1, the Rockwell three-dimensional chaotic system alternative embodiment 1 of embodiment 2
In four-dimensional dynamical feedback chaos system, host computer utilizes Rockwell three-dimensional chaotic system, pseudorandomly from being stored in onboard storage
Extraction section data pData in program plaintext Data in device;It comprises the following specific steps that:
1st step:Set initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth
Xth is extracted in row data0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j
Initial value be 1, make x=x0, y=y0, z=z0,;
As j >=n, it is transferred to the 4th step;
3rd step:Host computer selects xth data in jth row data, y data is selected in+1 row data of jth, in jth
Z data are selected in+2 row data;Return to the 2nd step;
4th step:Each data of extraction are arranged in order according to the sequencing of extraction, obtain pData.
It should be understood that this embodiment is only used to illustrate the invention but not to limit the scope of the invention.In addition, it should also be understood that,
After having read the content of the invention lectured, those skilled in the art can make various modifications or changes to the present invention, these etc.
Valence form is also fallen within the scope of the appended claims of the present application.
Claims (5)
1. a kind of ATM machine fake-identifying instrument mainboard program safety processing method, the mainboard includes the processor being in communication with each other, onboard deposits
The close safety chip of reservoir and state, the mainboard program are stored in onboard storage device;It is characterized in that including communication handshake flow,
Program plaintext encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext solution
Close flow;
(1-1) described communication handshake flow includes the following steps:
(1-1-1) processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence
Number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse;
(1-1-2) processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number R N,
Processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe;
(1-1-3) processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is close with being prestored using local
The encryption data RN that key generateseIt compares, if RNe=RNe, then success of shaking hands, state's close safety chip return shakes hands successful information;
Otherwise, the close safety chip of state returns to failure information of shaking hands;
(1-2) described program plaintext encryption flow includes the following steps:
(1-2-1) host computer is using four-dimensional dynamical feedback chaos system, pseudorandomly from the program being stored in onboard storage device
Extraction section data pData in plaintext Data;
(1-2-2) host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and state is close
Safety chip utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state will
pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae;
(1-3) described signed data calculation process includes the following steps:
(1-3-1) host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safety chip of state, state
Close safety chip is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
(1-3-2) host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state uses SM2 elliptic curves
Rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign;
(1-4) described data source authentication and data integrity detection flow include the following steps:
(1-4-1) processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to step
(1-4-2);
(1-4-2) processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, the close peace of state
Full chip utilizes pDataeIt updates and generates abstract Hash ';
(1-4-3) processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info update
Success;
(1-4-4) processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safe core of state
Piece, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, work as Hash ' and HashdUnanimously, data source authentication and
Data integrity detection is completed;
(1-5) described program ciphertext decryption flow includes the following steps:
(1-5-1) processor sends SM4 decoding requests to the close safety chip of state, and by APP ciphertexts pDataeIssue the close safe core of state
Piece, the close safety chip of state utilize key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to processor;
(1-5-2) processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill, restores and obtains
Program plaintext Datad。
2. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that in mainboard
Program when being updated, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) to (1-1-3) and carries out communication handshake, the close safety of processor and state
Chip repeats step (1-4-1) to (1-4-4) and carries out data source authentication and data integrity detection, processor update program number
According to the program ciphertext data preserved in replacement memory.
3. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that the host computer
Using four-dimensional dynamical feedback chaos system, pseudorandomly extraction section data from program plaintext Data stored in memory
PData is comprised the following specific steps that:
(3-1) sets initial secret key (x0, y0, z0, w0, k), Data includes n row data, and n=4m, m >=8, host computer is in the i-th row
Xth is extracted in data0Data extract y in i+1 row data0Data extract z in the i-th+2 row data0Data,
W is extracted in i-th+3 row data0The initial value of data, i is 1;
(3-2) makes i values increase by 4, as i < n, utilizes formulaX ', y ', z ' and w ' are calculated, iteration is made
Assignment x=x ', y=y ', z=z ', w=w ';As i >=n, it is transferred to step (3-4);
(3-3) host computer selects xth data in the i-th row data, and y data are selected in i+1 row data, in the i-th+2 row
Z data are selected in data, and w data are selected in the i-th+3 row data;Return to step (3-2);
Each data of extraction are arranged in order by (3-4) according to the sequencing of extraction, obtain pData.
4. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that (1-2-1)
In four-dimensional dynamical feedback chaos system replaced by Rockwell three-dimensional chaotic system, replaced step (1-2-1) includes following tool
Body step:
(4-1) sets initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth row data
Middle extraction xth0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j's is initial
Value is 1;
(4-2) makes j values increase by 3, as j < n, utilizes formulaX ', y ', z ' are calculated, iteration is made to assign
Value x=x ', y=y ', z=z ';
As j >=n, it is transferred to step (4-4);
(4-3) host computer selects xth data in jth row data, y data is selected in+1 row data of jth, in+2 row of jth
Z data are selected in data;Return to step (4-2);
Each data of extraction are arranged in order by (4-4) according to the sequencing of extraction, obtain pData.
5. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1 or 2 or 3 or 4, characterized in that place
Manage the model DM8168 of device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510733499.1A CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510733499.1A CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105391709A CN105391709A (en) | 2016-03-09 |
CN105391709B true CN105391709B (en) | 2018-07-27 |
Family
ID=55423545
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510733499.1A Active CN105391709B (en) | 2015-11-02 | 2015-11-02 | ATM machine fake-identifying instrument mainboard program safety processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105391709B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107885A (en) * | 2013-01-16 | 2013-05-15 | 深圳市怡化电脑有限公司 | Detecting method and system of information security of automatic teller machine (ATM) |
CN103117857A (en) * | 2013-01-16 | 2013-05-22 | 深圳市怡化电脑有限公司 | Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591B (en) * | 2007-01-31 | 2011-08-24 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
-
2015
- 2015-11-02 CN CN201510733499.1A patent/CN105391709B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107885A (en) * | 2013-01-16 | 2013-05-15 | 深圳市怡化电脑有限公司 | Detecting method and system of information security of automatic teller machine (ATM) |
CN103117857A (en) * | 2013-01-16 | 2013-05-22 | 深圳市怡化电脑有限公司 | Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN105391709A (en) | 2016-03-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11877213B2 (en) | Methods and systems for asset obfuscation | |
CN106357401B (en) | A kind of storage of private key and application method | |
CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
KR102322118B1 (en) | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes | |
KR101712784B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
US9223994B2 (en) | Secure transaction method from a non-secure terminal | |
US8171306B2 (en) | Universal secure token for obfuscation and tamper resistance | |
CN101651543B (en) | Creditable calculation platform key migration system and key migration method thereof | |
KR102381153B1 (en) | Encryption key management based on identity information | |
CN107810617A (en) | Secret certification and supply | |
KR20200012845A (en) | Progressive Key Encryption Algorithm | |
CA2071771A1 (en) | Cryptographic facility environment backup/restore and replication in a public key cryptosystem | |
CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
CN109918888B (en) | Anti-quantum certificate issuing method and issuing system based on public key pool | |
CN109547208B (en) | Online distribution method and system for master key of financial electronic equipment | |
CN101281575A (en) | Method for protecting software | |
US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
CN105468940A (en) | Software protection method and apparatus | |
CN111614467B (en) | System backdoor defense method and device, computer equipment and storage medium | |
TWI476629B (en) | Data security and security systems and methods | |
CN108270568A (en) | A kind of mobile digital certificate device and its update method | |
CN109831300A (en) | A kind of cipher key destruction method and device | |
CN108650214B (en) | Dynamic page encryption anti-unauthorized method and device | |
CN107278357B (en) | Cryptographic system and method | |
CN107332663A (en) | Archive management method based on encryption technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210825 Address after: 310000 No. 66 Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: EASTCOM Inc. Address before: 310000 A318, R & D building, Dongxin City, No. 66, Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: EASTCOM Inc. Patentee before: Hangzhou Eastcom Financial Technology Service Co.,Ltd. |