CN105391709B - ATM machine fake-identifying instrument mainboard program safety processing method - Google Patents

ATM machine fake-identifying instrument mainboard program safety processing method Download PDF

Info

Publication number
CN105391709B
CN105391709B CN201510733499.1A CN201510733499A CN105391709B CN 105391709 B CN105391709 B CN 105391709B CN 201510733499 A CN201510733499 A CN 201510733499A CN 105391709 B CN105391709 B CN 105391709B
Authority
CN
China
Prior art keywords
data
state
safety chip
close safety
pdata
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510733499.1A
Other languages
Chinese (zh)
Other versions
CN105391709A (en
Inventor
范礼
郭启军
周文科
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eastern Communication Co Ltd
Original Assignee
Eastern Communication Co Ltd
Hangzhou Dongxin Finance Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eastern Communication Co Ltd, Hangzhou Dongxin Finance Technology Service Co Ltd filed Critical Eastern Communication Co Ltd
Priority to CN201510733499.1A priority Critical patent/CN105391709B/en
Publication of CN105391709A publication Critical patent/CN105391709A/en
Application granted granted Critical
Publication of CN105391709B publication Critical patent/CN105391709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses a kind of ATM machine fake-identifying instrument mainboard program safety processing method, including communication handshake flow, program plaintext encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext decrypts flow;The characteristics of present invention has software load, operation and the version updating safety of protection ATM machine equipment, and anti-illegal-inbreak person obtains program clear data, prevents unauthorized communications and load, prevents the rogue program for being tampered, forging or pretending from substituting normal procedure.

Description

ATM machine fake-identifying instrument mainboard program safety processing method
Technical field
The present invention relates to banking equipment program processing technology fields, having encipheror more particularly, to one kind, prevent journey Logic bomb is tampered or adds, the legitimacy in proving program source, the ATM for realizing program decryption load and security update function Machine fake-identifying instrument mainboard program safety processing method.
Background technology
With China's rapid development of economy, financial security becomes the problem of being concerned.Wherein, ATM machine is led in finance Very important effect is played in domain and banking, ensures that the software and hardware in ATM machine equipment is particularly important safely.
The program safety of ATM machine fake-identifying instrument is the key factor of ATM machine safety, still, there is no can ensure that ATM machine is reflected at present The processing method of pseudo- instrument mainboard program safety, the problem have become the problem of puzzlement ATM safe practice development fields.
Invention content
The goal of the invention of the present invention is to overcome safety existing for ATM machine fake-identifying instrument mainboard program in the prior art hidden The deficiency of trouble, provide it is a kind of there is encipheror, prevent journey logic bomb to be tampered or add, proving program source it is legal Property, realize program decryption load and security update function ATM machine fake-identifying instrument mainboard program safety processing method.
To achieve the goals above, the present invention uses following technical scheme:
A kind of ATM machine fake-identifying instrument mainboard program safety processing method, the mainboard includes the processor being in communication with each other, onboard The close safety chip of memory and state, the mainboard program are stored in onboard storage device;In plain text including communication handshake flow, program Encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext decrypt flow;
(1-1) described communication handshake flow includes the following steps:
(1-1-1) processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates Sequence number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse
(1-1-2) processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns random Number RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe
(1-1-3) processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
(1-2) described program plaintext encryption flow includes the following steps:
(1-2-1) host computer is using four-dimensional dynamical feedback chaos system, pseudorandomly from being stored in onboard storage device Extraction section data pData in program plaintext Data;
(1-2-2) host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, The close safety chip of state utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state By pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae
First, the process that processor, host computer are communicated with state close safety chip is controlled, must be led to before the communication starts " shaking hands " operation of one-time authentication legal identity is crossed, shaking hands could successfully continue to communicate, and otherwise, the close safety chip of state thinks this time It accesses illegal and refuses further encryption and decryption request.
Secondly, the encipheror preserved on memory is host computer by leading to the development board for carrying the close safety chip of state Letter sends SM4 CIPHERING REQUESTs and carries out symmetric block cipher to program clear data to generate.
In the present invention, it is contemplated that in real system operation, especially program decrypt load link require it is shorter when Between consume, meet the requirement that embedded device quickly starts.Before carrying out SM4 encryptions, by four-dimensional dynamical feedback hyperchaos system System is pseudorandomly to extract the partial content in clear data, then the partial data extracted is encrypted, then in situ It is backfilling into initial data.
Again, with after state close safety chip successful handshake, need to carry out data source authentication sum number to data to be decrypted According to integrity detection.In the present invention, the function is by means of the SM3 hash algorithms and the oval songs of SM2 in the close office's canonical algorithm of state Line asymmetric arithmetic is realized.At processor end, SM3 hash is carried out to encryption data and obtains abstract, then state is arrived in abstract update Then close safety chip extracts the signature issued with encipheror, and initiates checking request;At the close safety chip end of state, With the processor public key stored in advance come decrypted signature, reduction summary info compares verification.Pass through the asymmetric encryption and decryption machines of SM2 System realizes the certification of data source, and carrys out check data integrity in conjunction with hash abstract.
Finally, it during program loading operation, is decrypted using SM4 symmetry algorithms and extracts encryption data, it is then in situ to return It fills out, completes decryption oprerations and load operating.Certification update for program, it is also to be taken out by hyperchaotic system to update the data first It takes and also passes through handshake authentication, data source authentication and data integrity with SM4 encryptions, the overall process of security update Several operations, the replacement that last decryption load is only become to file update.
In entire safety approach, the ciphertext of save routine in onboard storage device, load and update for program need Above-mentioned security step is completed, the safety of ATM system is ensure that from program source, ensure that the sensitive data in equipment and bank The safety of network and background data base.
The present invention utilize the close safety chip of state hardware enciphering and deciphering and authentication function, protect ATM machine equipment on software load, The safety of operation and version updating, anti-illegal-inbreak person obtain program clear data progress sensitive information sniff and are compiled with anti- It translates, prevents unauthorized communications and load, prevent rogue program (such as wooden horse, virus, the malicious code for being tampered, forging or pretending Segment etc.) alternate device normal procedure, to prevent illegal invasion person control atm device, improve depositor account information and Fund security, the safety for bank network and background data base provide reliable basis.
Therefore, the present invention has software load, operation and the version updating safety of protection ATM machine equipment, prevents illegal Invader obtains program clear data, prevents unauthorized communications and load, prevents the rogue program for being tampered, forging or pretending from replacing For normal procedure, prevents illegal invasion person control ATM machine, improve account information and the fund security of depositor, be bank network The characteristics of reliable basis being provided with the safety of background data base.
Preferably, the signed data calculation process includes the following steps:
(2-1) host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safe core of state Piece, the close safety chip of state is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
(2-2) host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state is oval bent using SM2 Line rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign.
Preferably, the data source authentication and data integrity detection flow include the following steps:
(3-1) processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to step Suddenly (3-2);
(3-2) processor sends update request to the close safety chip of state, and by pDataeThe close safety chip of state is issued, state is close Safety chip utilizes pDataeIt updates and generates abstract Hash ';
(3-3) processor is sent completely request to the close safety chip of state, and when the close safety chip of state returns to OK, summary info is more New success;
(3-4) processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication It is completed with data integrity detection.
Preferably, described program ciphertext decryption flow includes the following steps:
(4-1) processor sends SM4 decoding requests to the close safety chip of state, and by APP ciphertexts pDataeIssue the close peace of state Full chip, the close safety chip of state utilize key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to place Manage device;
(4-2) processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill is restored simultaneously Obtain program plaintext Datad
Preferably, when being updated to the program in mainboard, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) to (1-1-3) and carries out communication handshake, and processor and state are close Safety chip repeats step (3-1) to (3-4) and carries out data source authentication and data integrity detection, processor update program number According to the program ciphertext data preserved in replacement memory.
Preferably, the host computer utilizes four-dimensional dynamical feedback chaos system, pseudorandomly in memory from storage Program plaintext Data in extraction section data pData, comprise the following specific steps that:
(6-1) sets initial secret key (x0, y0, z0, w0, k), Data includes n row data, n=4m, m >=8, host computer Xth is extracted in the i-th row data0Data extract y in i+1 row data0Data extract z in the i-th+2 row data0 Data extract w in the i-th+3 row data0The initial value of data, i is 1, makes x=x0, y=y0, z=z0, w=w0
(6-3) host computer selects xth data in the i-th row data, and y data are selected in i+1 row data, i-th+ Z data are selected in 2 row data, w data are selected in the i-th+3 row data;Return to step (6-2);
Each data of extraction are arranged in order by (6-4) according to the sequencing of extraction, obtain pData.
Preferably, the four-dimensional dynamical feedback chaos system in (1-2-1) is replaced by Rockwell three-dimensional chaotic system, replace Step (1-2-1) after changing comprises the following specific steps that:
(7-1) sets initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth Xth is extracted in row data0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j Initial value be 1, x=x0, y=y0, z=z0
As j >=n, it is transferred to step (7-4);
(7-3) host computer selects xth data in jth row data, and y data are selected in+1 row data of jth, jth+ Z data are selected in 2 row data;Return to step (7-2);
Each data of extraction are arranged in order by (7-4) according to the sequencing of extraction, obtain pData.
Preferably, the model DM8168 of processor.
Therefore, the present invention has the advantages that:Protect the software load, operation and version updating peace of ATM machine equipment Quan Xing, anti-illegal-inbreak person obtain program clear data, prevent unauthorized communications and load, prevent from being tampered, forge or pseudo- The rogue program of dress substitutes normal procedure, prevents illegal invasion person control ATM machine, improves the account information and fund peace of depositor Entirely, the safety for bank network and background data base provides reliable basis.
Description of the drawings
Fig. 1 is a kind of x-z-plane trajectory diagram of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 2 is a kind of x-y plane trajectory diagram of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 3 is a kind of x-w planar obit simulations figure of the four-dimensional dynamical feedback hyperchaotic system of the present invention;
Fig. 4 is a kind of communication handshake flow chart of the present invention;
Fig. 5 is a kind of program plaintext encryption flow figure of the present invention;
Fig. 6 is a kind of signed data calculation flow chart of the present invention;
Fig. 7 is a kind of data source authentication and data integrity detection flow chart of the present invention;
Fig. 8 is a kind of program ciphertext decryption flow chart of the present invention;
Fig. 9 is a kind of newer flow chart of mainboard program of the present invention.
Specific implementation mode
The present invention will be further described with reference to the accompanying drawings and detailed description.
Embodiment 1
It is main if Fig. 4, Fig. 5, Fig. 6, Fig. 7, embodiment shown in Fig. 8 are a kind of ATM machine fake-identifying instrument mainboard program processing methods Plate includes the processor being in communication with each other, the close safety chip of onboard storage device and state, and mainboard program is stored in onboard storage device;Place Manage the model DM8168 of device;Mainboard program processing method includes communication handshake flow, program plaintext encryption flow, signed data Calculation process, data source authentication and data integrity detection flow, program ciphertext decrypt flow;
As shown in figure 4, communication handshake flow includes the following steps:
1st step:Processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence Row number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse
2nd step:Processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe
3rd step:Processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
As shown in figure 5, program plaintext encryption flow includes the following steps:
1st step:Host computer is pseudorandomly bright from program stored in memory using four-dimensional dynamical feedback chaos system Extraction section data pData in literary Data;
11st step:Set initial secret key (x0, y0, z0, w0, k), Data includes n row data, n=4m, and m >=8 are upper Machine extracts xth in the i-th row data0Data extract y in i+1 row data0Data extract in the i-th+2 row data z0Data extract w in the i-th+3 row data0The initial value of data, i is 1, makes x=x0, y=y0, z=z0, w=w0
13rd step:Host computer selects xth data in the i-th row data, and y data are selected in i+1 row data, Z data are selected in i+2 row data, w data are selected in the i-th+3 row data;Return to the 12nd step;
14th step:Each data of extraction are arranged in order according to the sequencing of extraction, obtain pData;Such as Fig. 1, figure 2, shown in Fig. 3, the x ' that each iteration obtains, y ', z ', w ' composition points (x ', y ', z ', w '), point (x ', y ', z ', w ') in x-z, Track a little is formed in x-y, x-w plane, the track of point is pseudorandom, and therefore, the present invention realizes pseudorandom extraction Data.
2nd step:Host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, state Close safety chip utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state will pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae
As shown in fig. 6, signed data calculation process includes the following steps:
1st step:Host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safe core of state Piece, the close safety chip of state is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
2nd step:Host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state is oval using SM2 Curve rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign.
As shown in fig. 7, data source authentication and data integrity detection flow include the following steps:
1st step:Processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to 2nd step;
2nd step:Processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, state Close safety chip utilizes pDataeIt updates and generates abstract Hash ';
3rd step:Processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info It is updated successfully;
4th step:Processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication It is completed with data integrity detection.
As shown in figure 8, program ciphertext decryption flow includes the following steps:
1st step:Processor sends SM4 decoding requests to the close safety chip of state, and by pDataeThe close safety chip of state is issued, The close safety chip of state utilizes key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to processor;
The:2 steps:Processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill is restored And obtain program plaintext Datad
As shown in figure 9, when being updated to the program in mainboard, proceed as follows successively:
1st step:Processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence Row number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse
2nd step:Processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number RN, processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe
3rd step:Processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is local pre- with utilizing Deposit the encryption data RN ' of key generationeIt compares, if RNe=RN 'e, then success of shaking hands, state's close safety chip return shakes hands success Information;Otherwise, the close safety chip of state returns to failure information of shaking hands;
4th step:Processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to 2nd step;
5th step:Processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, state Close safety chip is by pDataeIt updates and generates abstract Hash ';
6th step:Processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info It is updated successfully;
7th step:Processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safety of state Chip, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, as Hash ' and HashdUnanimously, data source authentication It is completed with data integrity detection.
8th step:Processor replaces the program ciphertext data preserved in memory with update program data.
Embodiment 2
Embodiment 2 includes all the elements in embodiment 1, the Rockwell three-dimensional chaotic system alternative embodiment 1 of embodiment 2 In four-dimensional dynamical feedback chaos system, host computer utilizes Rockwell three-dimensional chaotic system, pseudorandomly from being stored in onboard storage Extraction section data pData in program plaintext Data in device;It comprises the following specific steps that:
1st step:Set initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth Xth is extracted in row data0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j Initial value be 1, make x=x0, y=y0, z=z0,;
As j >=n, it is transferred to the 4th step;
3rd step:Host computer selects xth data in jth row data, y data is selected in+1 row data of jth, in jth Z data are selected in+2 row data;Return to the 2nd step;
4th step:Each data of extraction are arranged in order according to the sequencing of extraction, obtain pData.
It should be understood that this embodiment is only used to illustrate the invention but not to limit the scope of the invention.In addition, it should also be understood that, After having read the content of the invention lectured, those skilled in the art can make various modifications or changes to the present invention, these etc. Valence form is also fallen within the scope of the appended claims of the present application.

Claims (5)

1. a kind of ATM machine fake-identifying instrument mainboard program safety processing method, the mainboard includes the processor being in communication with each other, onboard deposits The close safety chip of reservoir and state, the mainboard program are stored in onboard storage device;It is characterized in that including communication handshake flow, Program plaintext encryption flow, signed data calculation process, data source authentication and data integrity detection flow, program ciphertext solution Close flow;
(1-1) described communication handshake flow includes the following steps:
(1-1-1) processor sends out the request for reading sequence number to the close safety chip of state, and the close safety chip of state automatically generates sequence Number SN, processor are encrypted SN and are obtained SN using 3DES symmetric encipherment algorithmse
(1-1-2) processor sends out the request for reading random number to the close safety chip of state, and the close safety chip of state returns to random number R N, Processor is with SNeAs key, RN is encrypted using 3DES symmetric encipherment algorithms to obtain RNe
(1-1-3) processor sends out checking request to the close safety chip of state, and the close safety chip of state is by RNeIt is close with being prestored using local The encryption data RN that key generateseIt compares, if RNe=RNe, then success of shaking hands, state's close safety chip return shakes hands successful information; Otherwise, the close safety chip of state returns to failure information of shaking hands;
(1-2) described program plaintext encryption flow includes the following steps:
(1-2-1) host computer is using four-dimensional dynamical feedback chaos system, pseudorandomly from the program being stored in onboard storage device Extraction section data pData in plaintext Data;
(1-2-2) host computer sends out CIPHERING REQUEST to the close safety chip of state, and pData is sent to the close safety chip of state, and state is close Safety chip utilizes key Keysm4, pData is obtained using SM4 symmetric encipherment algorithms encryption pDatae, the close safety chip of state will pDataeReturn to host computer, host computer is by pDataeIt is backfilling into original position and generates encipheror Datae
(1-3) described signed data calculation process includes the following steps:
(1-3-1) host computer to the close safety chip of state sends out hash CIPHERING REQUEST and by pDataeIt is sent to the close safety chip of state, state Close safety chip is using SM3 hash cryptographic algorithms to pDataeIt is encrypted, generates abstract Hash;
(1-3-2) host computer sends out asymmetric encryption request to the close safety chip of state, and the close safety chip of state uses SM2 elliptic curves Rivest, shamir, adelman utilizes private key KeyprivIt encrypts Hash and generates signature Sign;
(1-4) described data source authentication and data integrity detection flow include the following steps:
(1-4-1) processor is sent to the close safety chip of state starts Hash requests, after the close safety chip response OK of state, is transferred to step (1-4-2);
(1-4-2) processor sends update request to the close safety chip of state, and by pDataeIssue the close safety chip of state, the close peace of state Full chip utilizes pDataeIt updates and generates abstract Hash ';
(1-4-3) processor is sent completely request to the close safety chip of state, when the close safety chip of state returns to OK, summary info update Success;
(1-4-4) processor sends the request of SM2 sign tests to the close safety chip of state, and signature Sign is sent to the close safe core of state Piece, the close safety chip of state utilize public key KeypubDecryption Sign obtains Hashd, work as Hash ' and HashdUnanimously, data source authentication and Data integrity detection is completed;
(1-5) described program ciphertext decryption flow includes the following steps:
(1-5-1) processor sends SM4 decoding requests to the close safety chip of state, and by APP ciphertexts pDataeIssue the close safe core of state Piece, the close safety chip of state utilize key Keysm4To pDataeIt is decrypted, obtains pDatadAnd by pDatadReturn to processor;
(1-5-2) processor determines backfill position using four-dimensional dynamical feedback chaos system, by pDatadBackfill, restores and obtains Program plaintext Datad
2. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that in mainboard Program when being updated, proceed as follows successively:
The close safety chip of processor and state repeats step (1-1-1) to (1-1-3) and carries out communication handshake, the close safety of processor and state Chip repeats step (1-4-1) to (1-4-4) and carries out data source authentication and data integrity detection, processor update program number According to the program ciphertext data preserved in replacement memory.
3. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that the host computer Using four-dimensional dynamical feedback chaos system, pseudorandomly extraction section data from program plaintext Data stored in memory PData is comprised the following specific steps that:
(3-1) sets initial secret key (x0, y0, z0, w0, k), Data includes n row data, and n=4m, m >=8, host computer is in the i-th row Xth is extracted in data0Data extract y in i+1 row data0Data extract z in the i-th+2 row data0Data, W is extracted in i-th+3 row data0The initial value of data, i is 1;
(3-2) makes i values increase by 4, as i < n, utilizes formulaX ', y ', z ' and w ' are calculated, iteration is made Assignment x=x ', y=y ', z=z ', w=w ';As i >=n, it is transferred to step (3-4);
(3-3) host computer selects xth data in the i-th row data, and y data are selected in i+1 row data, in the i-th+2 row Z data are selected in data, and w data are selected in the i-th+3 row data;Return to step (3-2);
Each data of extraction are arranged in order by (3-4) according to the sequencing of extraction, obtain pData.
4. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1, characterized in that (1-2-1) In four-dimensional dynamical feedback chaos system replaced by Rockwell three-dimensional chaotic system, replaced step (1-2-1) includes following tool Body step:
(4-1) sets initial secret key (x0, y0, z0), Data includes n row data, and n=3m, m >=6, host computer is in jth row data Middle extraction xth0Data extract y in+1 row data of jth0Data extract z in+2 row data of jth0Data, j's is initial Value is 1;
(4-2) makes j values increase by 3, as j < n, utilizes formulaX ', y ', z ' are calculated, iteration is made to assign Value x=x ', y=y ', z=z ';
As j >=n, it is transferred to step (4-4);
(4-3) host computer selects xth data in jth row data, y data is selected in+1 row data of jth, in+2 row of jth Z data are selected in data;Return to step (4-2);
Each data of extraction are arranged in order by (4-4) according to the sequencing of extraction, obtain pData.
5. ATM machine fake-identifying instrument mainboard program safety processing method according to claim 1 or 2 or 3 or 4, characterized in that place Manage the model DM8168 of device.
CN201510733499.1A 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method Active CN105391709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510733499.1A CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510733499.1A CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Publications (2)

Publication Number Publication Date
CN105391709A CN105391709A (en) 2016-03-09
CN105391709B true CN105391709B (en) 2018-07-27

Family

ID=55423545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510733499.1A Active CN105391709B (en) 2015-11-02 2015-11-02 ATM machine fake-identifying instrument mainboard program safety processing method

Country Status (1)

Country Link
CN (1) CN105391709B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107885A (en) * 2013-01-16 2013-05-15 深圳市怡化电脑有限公司 Detecting method and system of information security of automatic teller machine (ATM)
CN103117857A (en) * 2013-01-16 2013-05-22 深圳市怡化电脑有限公司 Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591B (en) * 2007-01-31 2011-08-24 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107885A (en) * 2013-01-16 2013-05-15 深圳市怡化电脑有限公司 Detecting method and system of information security of automatic teller machine (ATM)
CN103117857A (en) * 2013-01-16 2013-05-22 深圳市怡化电脑有限公司 Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm

Also Published As

Publication number Publication date
CN105391709A (en) 2016-03-09

Similar Documents

Publication Publication Date Title
US11877213B2 (en) Methods and systems for asset obfuscation
CN106357401B (en) A kind of storage of private key and application method
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
KR102322118B1 (en) Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes
KR101712784B1 (en) System and method for key management for issuer security domain using global platform specifications
US9223994B2 (en) Secure transaction method from a non-secure terminal
US8171306B2 (en) Universal secure token for obfuscation and tamper resistance
CN101651543B (en) Creditable calculation platform key migration system and key migration method thereof
KR102381153B1 (en) Encryption key management based on identity information
CN107810617A (en) Secret certification and supply
KR20200012845A (en) Progressive Key Encryption Algorithm
CA2071771A1 (en) Cryptographic facility environment backup/restore and replication in a public key cryptosystem
CN101582109A (en) Data encryption method and device, data decryption method and device and solid state disk
CN109918888B (en) Anti-quantum certificate issuing method and issuing system based on public key pool
CN109547208B (en) Online distribution method and system for master key of financial electronic equipment
CN101281575A (en) Method for protecting software
US20100031045A1 (en) Methods and system and computer medium for loading a set of keys
CN105468940A (en) Software protection method and apparatus
CN111614467B (en) System backdoor defense method and device, computer equipment and storage medium
TWI476629B (en) Data security and security systems and methods
CN108270568A (en) A kind of mobile digital certificate device and its update method
CN109831300A (en) A kind of cipher key destruction method and device
CN108650214B (en) Dynamic page encryption anti-unauthorized method and device
CN107278357B (en) Cryptographic system and method
CN107332663A (en) Archive management method based on encryption technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210825

Address after: 310000 No. 66 Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: EASTCOM Inc.

Address before: 310000 A318, R & D building, Dongxin City, No. 66, Dongxin Avenue, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: EASTCOM Inc.

Patentee before: Hangzhou Eastcom Financial Technology Service Co.,Ltd.