CN105574445A - Safety communication method and device for self-service terminal equipment hardware - Google Patents
Safety communication method and device for self-service terminal equipment hardware Download PDFInfo
- Publication number
- CN105574445A CN105574445A CN201510981728.1A CN201510981728A CN105574445A CN 105574445 A CN105574445 A CN 105574445A CN 201510981728 A CN201510981728 A CN 201510981728A CN 105574445 A CN105574445 A CN 105574445A
- Authority
- CN
- China
- Prior art keywords
- data
- obtains
- opposite end
- local terminal
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a safety communication method for self-service terminal equipment hardware, and aims to solve the problem that the conventional self-service terminal can be easily communicated with a host computer by a criminal offender through software simulation equipment hardware to conduct financial crime. The method provided by the embodiment comprises the following steps: a home terminal acquires original data needing to be sent; the home terminal enciphers the original data to obtain enciphered data; the home terminal generates a random number, and the enciphered data is divided into data blocks according to the random number; the home terminal packs the data blocks one by one to generate corresponding data packets; the home terminal transmits the data packets to an opposite terminal, and the opposite terminal analyzes and merges the data packets to obtain the enciphered data, and then deciphers the enciphered data so as to obtain the original data. The embodiment of the invention further provides a safety communication device for self-service terminal equipment hardware.
Description
Technical field
The present invention relates to finance device field, particularly relate to a kind of safety communicating method and device of self-help terminal equipment hardware.
Background technology
Gimmick along with financial crime is improper to be improved, technical merit constantly promotes, although the safety cabinet of ATM device is not easy to touch at present, but offender can pass through software simulation movement hardware device, be arranged on target ATM device, reach and constantly simulate deposit business, walked around real machine core equipment, thus caused financial crime.Criminal, by testing tool, calls the order of CENXFS standard, does not need to open safe door, just banknote can be taken out easily from safety cabinet, add risk.Existing safety technique needs networking to carry out safety verification, can increase because the control unknown risks produced is verified in networking, so just greatly reduces ATMC software to the real-time security inspection of main process equipment and tracking, will be had an opportunity to take advantage of by criminal.
Summary of the invention
Embodiments provide a kind of safety communicating method and device of self-help terminal equipment hardware, existing self-aided terminal can be solved and easily suffer that offender carries out the problem of financial crime by software simulation device hardware and main-machine communication.
The safety communicating method of a kind of self-help terminal equipment hardware that the embodiment of the present invention provides, is applied to the communication between the main frame of described self-aided terminal and device hardware, comprises:
Local terminal obtains the raw data needing to send;
Described local terminal is encrypted described raw data, obtains enciphered data;
Described local terminal generates random number, and is data block according to described random number by enciphered data cutting;
Described data block is packed by described local terminal one by one, generates corresponding packet;
Described local terminal is by described data packet transmission to opposite end, and make described opposite end be resolved by described packet and merge, obtain described enciphered data, then described opposite end is to described decrypt encrypted data, obtains described raw data.
Alternatively, described local terminal generates random number, and is that data block comprises according to described random number by enciphered data cutting:
Described local terminal generates the random number in a preset range;
Described enciphered data cutting is a described random number data block by described local terminal.
Alternatively, described safety communicating method also comprises: described local terminal generates a pair unsymmetrical key in advance, comprises PKI and private key, and described PKI is directed into described opposite end in advance;
Described private key is used for encrypting described raw data, and described PKI is used for described decrypt encrypted data.
Alternatively, described local terminal is encrypted described raw data, obtains enciphered data and comprises:
Described raw data and corresponding temporal information are merged into data volume by described local terminal;
Described local terminal carries out verification computing to described data volume, obtains the first operation result;
Described data volume and described first operation result merge by described local terminal, obtain checking data body;
Described local terminal is encrypted described checking data body, obtains enciphered data;
Described opposite end, to described decrypt encrypted data, obtains described raw data and comprises:
Described opposite end, to described decrypt encrypted data, obtains checking data body to be measured;
Described opposite end obtains the data volume in described checking data body to be measured, and carries out verification computing to the data volume got, and obtains the second operation result;
Whether described second operation result of described opposite end verification conforms to the first operation result in described checking data body to be measured, if conform to, then obtains the described raw data in described data volume.
Alternatively, described opposite end also comprises after obtaining described raw data:
Data reasonalbeness check is carried out to described raw data in described opposite end, and pass through if check, then described opposite end operates according to described raw data.
The secure communication device of a kind of self-help terminal equipment hardware that the embodiment of the present invention provides, be applied to the communication between the main frame of described self-aided terminal and device hardware, comprise local terminal and opposite end, described local terminal comprises:
Raw data acquisition module, for obtaining the raw data needing to send;
Encrypting module, for encrypting described raw data, obtains enciphered data;
Enciphered data cutting for generating random number, and is data block according to described random number by random cutting module;
Packet module, for described data block being packed one by one, generates corresponding packet;
Transport module, for by described data packet transmission to described opposite end;
Described opposite end comprises:
Resolve and merge module, for being resolved by described packet and merging, obtain described enciphered data;
Deciphering module, for described decrypt encrypted data, obtains described raw data.
Alternatively, described random cutting module comprises:
Random number generation unit, for generating the random number in a preset range;
Data cutting unit, for being a described random number data block by described enciphered data cutting.
Alternatively, described secure communication device also comprises:
Key production module, for generating a pair unsymmetrical key in advance, comprises PKI and private key;
PKI imports module, for described PKI is directed into described opposite end in advance;
Described private key is used for encrypting described raw data, and described PKI is used for described decrypt encrypted data.
Alternatively, described encrypting module comprises:
First merge cells, for being merged into data volume by described raw data and corresponding temporal information;
First verification arithmetic element, for carrying out verification computing to described data volume, obtains the first operation result;
Second merge cells, for described data volume and described first operation result being merged, obtains checking data body;
Ciphering unit, for described checking data body encryption, obtains enciphered data;
Described deciphering module comprises:
Decryption unit, for described decrypt encrypted data, obtains checking data body to be measured;
Second verification arithmetic element, for obtaining the data volume in described checking data body to be measured, and carrying out verification computing to the data volume got, obtaining the second operation result;
Whether verification unit, conform to the first operation result in described checking data body to be measured for verifying described second operation result;
Data capture unit, for when the check results of described verification unit is for being, obtains the described raw data in described data volume.
Alternatively, described opposite end also comprises:
Reasonalbeness check module, for carrying out data reasonalbeness check to described raw data;
Operational module, for when described reasonalbeness check module inspection by time, operate according to described raw data.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
In the embodiment of the present invention, first, local terminal obtains the raw data needing to send; Described local terminal is encrypted described raw data, obtains enciphered data; Then, described local terminal generates random number, and is data block according to described random number by enciphered data cutting; Described data block is packed by described local terminal one by one, generates corresponding packet; Finally, described local terminal is by described data packet transmission to opposite end, and make described opposite end be resolved by described packet and merge, obtain described enciphered data, then described opposite end is to described decrypt encrypted data, obtains described raw data.In embodiments of the present invention, the safety communicating method of this self-help terminal equipment hardware realizes in self-aided terminal local host, without the need to networking checking, and promoted the security of communication by random subpackage, taken precautions against offender and carried out financial crime by software simulation device hardware and main-machine communication.
Accompanying drawing explanation
Fig. 1 is safety communicating method embodiment process flow diagram of a kind of self-help terminal equipment hardware in the embodiment of the present invention;
Fig. 2 is another embodiment process flow diagram of safety communicating method of a kind of self-help terminal equipment hardware in the embodiment of the present invention;
Fig. 3 is the self-service terminal system structural drawing under safety communicating method application scenarios of a kind of self-help terminal equipment hardware in the embodiment of the present invention;
Fig. 4 is the data format structures figure in the data encryption communication process under safety communicating method application scenarios of a kind of self-help terminal equipment hardware in the embodiment of the present invention;
Fig. 5 is secure communication device example structure figure of a kind of self-help terminal equipment hardware in the embodiment of the present invention;
Fig. 6 is another example structure figure of secure communication device of a kind of self-help terminal equipment hardware in the embodiment of the present invention.
Embodiment
Embodiments providing a kind of safety communicating method and device of self-help terminal equipment hardware, easily suffering that offender carries out the problem of financial crime by software simulation device hardware and main-machine communication for solving existing self-aided terminal.
For making goal of the invention of the present invention, feature, advantage can be more obvious and understandable, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, the embodiments described below are only the present invention's part embodiments, and the embodiment of not all.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
Refer to Fig. 1, in the embodiment of the present invention, safety communicating method embodiment of a kind of self-help terminal equipment hardware comprises:
11, local terminal obtains the raw data needing to send;
First, local terminal can obtain the raw data needing to send.It should be noted that, when the main frame of self-aided terminal communicates to device hardware, this main body is local terminal, and device hardware is opposite end; And when the device hardware of self-aided terminal communicates to main frame, then device hardware is local terminal, main frame is opposite end.
12, this local terminal is encrypted this raw data, obtains enciphered data;
After local terminal obtains the raw data needing to send, this local terminal can be encrypted this raw data, obtains enciphered data.
13, this local terminal generates random number, and is data block according to this random number by enciphered data cutting;
Encrypt this raw data at this local terminal, after obtaining enciphered data, this local terminal can generate random number, and is data block according to this random number by enciphered data cutting.
14, this data block is packed by this local terminal one by one, generates corresponding packet;
Generate random number at this local terminal, and after according to this random number enciphered data cutting being data block, this data block can be packed by this local terminal one by one, generates corresponding packet.
15, this local terminal by this data packet transmission to opposite end;
This data block packed one by one at this local terminal, after generating corresponding packet, this local terminal can by this data packet transmission to opposite end.
16, this packet is resolved and is merged by this opposite end, obtains this enciphered data;
After this local terminal is by this data packet transmission to opposite end, this packet can be resolved and merge by this opposite end, obtains this enciphered data.
17, this opposite end is to this decrypt encrypted data, obtains this raw data.
Resolved by this packet in this opposite end and merge, after obtaining this enciphered data, this opposite end to this decrypt encrypted data, can obtain this raw data.
In the present embodiment, first, local terminal obtains the raw data needing to send; This local terminal is encrypted this raw data, obtains enciphered data; Then, this local terminal generates random number, and is data block according to this random number by enciphered data cutting; This data block is packed by this local terminal one by one, generates corresponding packet; Finally, this local terminal is by this data packet transmission to opposite end, and make this opposite end be resolved by this packet and merge, obtain this enciphered data, then this opposite end is to this decrypt encrypted data, obtains this raw data.In the present embodiment, the safety communicating method of this self-help terminal equipment hardware realizes in self-aided terminal local host, without the need to networking checking, and promoted the security of communication by random subpackage, taken precautions against offender and carried out financial crime by software simulation device hardware and main-machine communication.
For ease of understanding, be described in detail the safety communicating method of a kind of self-help terminal equipment hardware in the embodiment of the present invention below, refer to Fig. 2, in the embodiment of the present invention, another embodiment of safety communicating method of a kind of self-help terminal equipment hardware comprises:
21, local terminal obtains the raw data needing to send;
First, local terminal can obtain the raw data needing to send.It should be noted that, when the main frame of self-aided terminal communicates to device hardware, this main body is local terminal, and device hardware is opposite end; And when the device hardware of self-aided terminal communicates to main frame, then device hardware is local terminal, main frame is opposite end.
22, the temporal information of this raw data and correspondence is merged into data volume by this local terminal;
After local terminal obtains the raw data needing to send, this raw data and corresponding temporal information can be merged into data volume by this local terminal.Be understandable that, this temporal information and raw data are corresponding, and temporal information can be the time that have recorded this Raw Data Generation, or the time sequencing between multiple raw data.
23, this local terminal carries out verification computing to this data volume, obtains the first operation result;
After this raw data and corresponding temporal information are merged into data volume by this local terminal, this local terminal carries out verification computing to this data volume, obtains the first operation result.Be understandable that, this verification computing can be specifically CRC (cyclic redundancy) verification, thus the first last operation result is CRC check operation result.
24, this data volume and this first operation result merge by this local terminal, obtain checking data body;
Carry out verification computing at this local terminal to this data volume, after obtaining the first operation result, this data volume and this first operation result can merge by this local terminal, obtain checking data body.Wherein, can preset the data structure of this checking data body, such as, the first operation result is placed on the front of data structure, data volume is placed on after the first operation result.Particularly, the structure of this checking data body can be self-defined, and the present embodiment does not limit this.
25, this local terminal adopts private key to the encryption of this checking data body, obtains enciphered data;
This data volume and this first operation result are merged at this local terminal, after obtaining checking data body, this local terminal can adopt private key to the encryption of this checking data body, obtains enciphered data.It should be noted that, this local terminal generates a pair unsymmetrical key in advance, comprises PKI and private key, and this PKI is directed into this opposite end in advance, and wherein, this private key is used for encrypting this raw data, and this PKI is used for this decrypt encrypted data.
26, this local terminal generates the random number in a preset range;
Before cutting, this local terminal needs the random number in generation preset range, and this random number is all random for local terminal and opposite end, thus avoids criminal know in advance and crack, and improves security.Wherein, in order to improve the efficiency of data transmission, this random number generally can not be too large, such as, this enciphered data size is 100 bytes, if the random number generated is 100, be then the data block of 100 1 bytes by the cutting of 100 byte-sized, this is very disadvantageous for the transmission of follow-up data.Therefore, in the present embodiment, this random number generates in the numerical range preset, and avoids the problem that random number is excessive.
27, this enciphered data cutting is this random number data block by this local terminal;
After this local terminal generates the random number in a preset range, this enciphered data cutting is this random number data block by this local terminal.Such as, when random number is 5, be 5 data blocks by this enciphered data cutting.
28, this data block is packed by this local terminal one by one, generates corresponding packet;
After this enciphered data cutting is this random number data block by this local terminal, this data block can be packed by this local terminal one by one, generates corresponding packet.Such as, when there being 5 data blocks, each data block all being packed, generating 5 corresponding packets.Be specifically as follows, the basis of a data block increases packet header and bag tail respectively, thus make a data block generate a packet.
29, this local terminal by this data packet transmission to opposite end;
At this local terminal, this data block is packed one by one, after generating corresponding packet, this local terminal by this data packet transmission to opposite end.
30, this packet is resolved and is merged by this opposite end, obtains this enciphered data;
This opposite end receives from after this packet of this local terminal, this packet can be resolved and merge, obtain this enciphered data.Particularly, namely packet is resolved to data block, then all data blocks are merged into this enciphered data.
31, this opposite end adopts PKI to this decrypt encrypted data, if decipher unsuccessfully, then performs step 37, if successful decryption, then obtains checking data body to be measured;
After obtaining this enciphered data, this opposite end can adopt PKI to this decrypt encrypted data, if decipher unsuccessfully, then performs step 37, if successful decryption, then obtains checking data body to be measured.Be understandable that, the PKI being used for deciphering is paired with private key used during encryption, and PKI is directed in advance on this opposite end, avoids criminal and is got PKI on opposite end by software approach.
32, this opposite end obtains the data volume in this checking data body to be measured, and carries out verification computing to the data volume got, and obtains the second operation result;
After obtaining checking data body to be measured, this opposite end can obtain the data volume in this checking data body to be measured, and carries out verification computing to the data volume got, and obtains the second operation result.It should be noted that, the verification operational method that the verification operational method of step 32 should use with step 23 is consistent.
33, whether this opposite end verifies this second operation result and conforms to the first operation result in this checking data body to be measured, if conform to, then performs step 34, if be not inconsistent, then performs step 37;
After obtaining the second operation result, whether this opposite end can verify this second operation result and conform to the first operation result in this checking data body to be measured, if conform to, then performs step 34, if be not inconsistent, then performs step 37.Be understandable that, when the second operation result conforms to the first operation result, illustrate that the data volume in the checking data body to be measured obtained is consistent with the data volume on local terminal, otherwise then checking data body to be measured to exist error in data, can do wrong data processing.
34, this opposite end obtains this raw data in this data volume;
When the second operation result conforms to the first operation result, this opposite end obtains this raw data from this data volume.
35, data reasonalbeness check is carried out to this raw data in this opposite end, passes through, then perform step 36 if check, does not pass through, then perform step 37 if check;
Obtain this raw data in this data volume in this opposite end after, data reasonalbeness check can be carried out to this raw data in this opposite end, passes through, then perform step 36 if check, does not pass through, then perform step 37 if check.The check criteria of this data reasonalbeness check can set according to actual service condition, such as, can check that the command in combination of this raw data is whether reasonable, or whether the temporal information of its correspondence is reasonable etc.
36, this opposite end operates according to this raw data;
When this raw data is by after data reasonalbeness check, this opposite end can operate according to this raw data.
37, data discard processing is made in this opposite end.
When decrypt encrypted data failure, or when checking data sports school to be measured tests unsuccessfully, or the data reasonalbeness check of the raw data obtained is obstructed out-of-date, and data discard processing is made to these data in this opposite end.
For ease of understanding, be described with the safety communicating method of a practical application scene to a kind of self-help terminal equipment hardware in the embodiment of the present invention below:
In this application scene, the main frame of this self-aided terminal is built-in with data safe processing module 102, is built-in with data safe processing module 103 in device hardware, and the system architecture of this self-aided terminal as shown in Figure 3.Self-aided terminal main frame is provided with ATMC (a kind of system platform of ATM) upper layer software (applications), and main frame is communicated with the data safe processing module 103 of device hardware by data safe processing module 102, realizes the communication between main frame and device hardware.Below the links in communication process is described, please refer to Fig. 3 and Fig. 4.
Key generation process:
Step 1: external communication interface in a device increases the data safe processing module 103 of hardware, namely by original equipment connection cable access hardware encryption module, and then draw new communication interface by encrypting module, just use this interface with the communication connection of main frame.
Step 2: generating a pair unsymmetrical key at ATMC upper layer software (applications) 101 is: PKI is A, and private key is B, imports in hardware device by PKI A simultaneously; Generating a pair non-countermeasure key at hardware device by the data safe processing module 103 of hardware is: PKI is C, and private key is D, C is sent to ATMC software simultaneously.
Data encryption communication process describes:
Step 1:ATMC upper layer software (applications) 101 sends binary order data to data safe processing module 102;
Step 2: data safe processing module 102 is first in original binary data 205 buffer memory of binary order data Replica to checking data form 201, data preparation submodule 302 increases temporal information 204 by checking data form 201 on this basis, then temporal information 204 and original binary data 205 are merged into data volume 202, and carry out CRC check and computing, generate CRC check operation result CRC203, then CRC203 and data volume 202 are merged generation checking data form 201.The data of verification data layout 201 are encrypted the binary data 207 (hereinafter referred to as data B ') after the encryption generating encrypt data format 206 by data encryption submodule 303 private key B, then Data Division submodule 304 distributes a packet number 212, and by data B ' according to clock generating random number, and ensure that the byte-sized of the binary data 210 after each fractionation is no less than 20 bytes, then cutting data block is carried out according to produced random number, obtain the binary data 210 after some pieces of fractionations, point after binary data 210 basis on increase segmentation packet header 209 and point steamed sandwich tail 211 and (wherein split packet header 209 to comprise packet header and identify 0xBF, packet number 212, block number 213 and block sequence number 214, point steamed sandwich tail 211 is designated 0xEF) generate the packet of the packetized data form 208 of respective amount.Then the packet of generated packetized data form 208 is transferred to data safe processing module 103 sequentially through serial ports or USB.
Step 3: data safe processing module 103 receives the communication data that the data layout transmitted is packetized data form 208, by analyzing block number 213 in first packetized data form 208 passing and come and block sequence number 214, (wherein block number 213 is the number of blocks of subpackage to merging submodule in data safe processing module 103 307, block sequence number 214 is the block location index sequence number of packetized data) carry out the packet receiving follow-up identical packetized data form 208, by binary data 210 pooled data after the fractionation of unpacking in data layout 208 of identical packet number 212, obtain the data (hereinafter referred to as data B ') of encrypt data format 206, data deciphering submodule 308 uses public-key A data decryption B ', obtain the data B of checking data form 201, data volume 202 in data B is carried out CRC check and computing by data check submodule 309, verify with the CRC203 in checking data form 201 again, if just initiatively the original binary data 205 in verification data layout 201 sends toward hardware command master control 104 by refusal when result does not conform to, if when the result of verification meets, check and correction data rationality (with reference to safety inspection operation steps), if the original binary data 204 also can refused in verification data layout 201 can not be managed to be sent toward hardware command master control 104, if rationally, the original binary data 205 in verification data layout 201 is sent to hardware command master control 104.
Step 4: hardware command master control 104 receives the laggard line command process of binary data.After hardware command master control 104 processes into order, result data is returned to data safe processing module 103.
Step 5: after data safe processing module 103 receives the data returned, by the data Replica that returns in original binary data 219 buffer memory of checking data form 215, then data preparation submodule 302 increases temporal information 218 by checking data form 215 on this basis, then temporal information 218 and original binary data 219 are merged into data volume 216, and carry out CRC check and computing, generate CRC check operation result CRC217, then CRC217 and data volume 216 are merged generation checking data form 215.Data encryption submodule 303 uses private key D, the data encryption of verification data layout 215 is become the binary data after the encryption of encrypt data format 220 221 (hereinafter referred to as data D '), then Data Division submodule 304 distributes a packet number 226, and by data D ' according to clock generating random number, and ensure that the byte-sized of the binary data 224 after each fractionation is no less than 20 bytes, then cutting data block is carried out according to produced random number, obtain the binary data 224 after some pieces of fractionations, point after binary data 224 basis on increase segmentation packet header 223 and point steamed sandwich tail 225 and (wherein split packet header 223 to comprise packet header and identify 0xBF, packet number 226, block number 227 and block sequence number 228, point steamed sandwich tail 225 is designated 0xEF) generate the packet of the packetized data form 222 of respective amount.Then the partition data bag of generated packetized data form 222 is transferred to data safe processing module 102 sequentially through serial ports or USB.
Step 6: data safe processing module 102 receives the communication data that the data layout transmitted is packetized data form 222, by analyzing block number 227 in first packetized data form 222 passing and come and block sequence number 228, (wherein block number 227 is the number of blocks of subpackage to merging submodule in data safe processing module 103 307, block sequence number 228 is the block location index sequence number of packetized data) carry out the packet receiving follow-up identical packetized data form 222, by binary data 224 pooled data after the fractionation of unpacking in data layout 222 of identical packet number 226, obtain the data (hereinafter referred to as data D ') of encrypt data format 220, data deciphering submodule 308 uses public-key C data decryption D ', obtain the data D of checking data form 215, data volume 216 in data D is carried out CRC check and computing by data check submodule 309, verify with the CRC217 in checking data form 215 again, if just initiatively the original binary data 219 in verification data layout 215 sends toward ATMC upper layer software (applications) 101 by refusal when result does not conform to, if when the result of verification meets, check and correction data rationality (with reference to safety inspection operation steps), if the original binary data 219 also can refused in verification data layout 215 can not be managed to be sent toward ATMC upper layer software (applications) 101, if rationally, the original binary data 219 in verification data layout 215 is sent to ATMC upper layer software (applications) 101.
After step 7:ATMC upper layer software (applications) 101 receives binary data D, just can obtain the data returned by hardware device.This process is one step completed transmitting procedure.
Safety inspection operation steps:
Step 1: the key generating data safe processing module 103 according to the step of key generation process.
Step 2: by the burned module of data safe processing module 103 primary control program.
Step 3: data safe processing module 103 is after energising first, and data safe processing module 103 enters data sampling mode, now automatically can record the command in combination of this module and the time corresponding to command in combination.
Step 4: the power supply of rear turn-off data secure processing module 103 of having sampled, will enter normal mode of operation when again powering on.In this mode, first can verify the order data of dealing, be then exactly rationality and the rationality of time (wherein the command in combination of time not should more than the error of 20% millisecond) of check command combination.
Step 5: if it is abnormal that rationality occurs, data safe processing module 103 will stop service, and records its time of the act and data content, looks into after preparing against.
Essentially describe a kind of safety communicating method of self-help terminal equipment hardware above, be described in detail to a kind of secure communication device of self-help terminal equipment hardware below, refer to Fig. 5, in the embodiment of the present invention, secure communication device embodiment of a kind of self-help terminal equipment hardware comprises:
Local terminal A5 and opposite end B5;
This local terminal A5 comprises:
Raw data acquisition module 501, for obtaining the raw data needing to send;
Encrypting module 502, for encrypting this raw data, obtains enciphered data;
Enciphered data cutting for generating random number, and is data block according to this random number by random cutting module 503;
Packet module 504, for this data block being packed one by one, generates corresponding packet;
Transport module 505, for by this data packet transmission to this opposite end B5;
This opposite end B5 comprises:
Resolve and merge module 506, for being resolved by this packet and merging, obtain this enciphered data;
Deciphering module 507, for this decrypt encrypted data, obtains this raw data.
In the present embodiment, first, raw data acquisition module 501 obtains the raw data needing to send; Encrypting module 502 is encrypted this raw data, obtains enciphered data; Then, random cutting module 503 generates random number, and is data block according to this random number by enciphered data cutting; This data block is packed by packet module 504 one by one, generates corresponding packet; Then, transport module 505 by this data packet transmission to this opposite end B5; After opposite end B5 receives this packet, resolve merging module 506 and this packet is resolved and merges, obtain this enciphered data; Finally, deciphering module 507, to this decrypt encrypted data, obtains this raw data.In the present embodiment, the secure communication device of this self-help terminal equipment hardware realizes in self-aided terminal local host, without the need to networking checking, and promoted the security of communication by random subpackage, taken precautions against offender and carried out financial crime by software simulation device hardware and main-machine communication.
For ease of understanding, be described in detail the secure communication device of a kind of self-help terminal equipment hardware in the embodiment of the present invention below, refer to Fig. 6, in the embodiment of the present invention, another embodiment of secure communication device of a kind of self-help terminal equipment hardware comprises:
Local terminal A6 and opposite end B6;
This local terminal A6 comprises:
Raw data acquisition module 601, for obtaining the raw data needing to send;
Encrypting module 602, for encrypting this raw data, obtains enciphered data;
Enciphered data cutting for generating random number, and is data block according to this random number by random cutting module 603;
Packet module 604, for this data block being packed one by one, generates corresponding packet;
Transport module 605, for by this data packet transmission to this opposite end B6;
This opposite end B6 comprises:
Resolve and merge module 606, for being resolved by this packet and merging, obtain this enciphered data;
Deciphering module 607, for this decrypt encrypted data, obtains this raw data.
In the present embodiment, this random cutting module 603 can comprise:
Random number generation unit 6031, for generating the random number in a preset range;
Data cutting unit 6032, for being this random number data block by this enciphered data cutting.
In the present embodiment, this secure communication device can also comprise:
Key production module 608, for generating a pair unsymmetrical key in advance, comprises PKI and private key;
PKI imports module 609, for this PKI is directed into this opposite end B6 in advance;
This private key is used for encrypting this raw data, and this PKI is used for this decrypt encrypted data.
In the present embodiment, this encrypting module 602 can comprise:
First merge cells 6021, for being merged into data volume by this raw data and corresponding temporal information;
First verification arithmetic element 6022, for carrying out verification computing to this data volume, obtains the first operation result;
Second merge cells 6023, for this data volume and this first operation result being merged, obtains checking data body;
Ciphering unit 6024, for the encryption of this checking data body, obtains enciphered data;
This deciphering module 607 comprises:
Decryption unit 6071, for this decrypt encrypted data, obtains checking data body to be measured;
Second verification arithmetic element 6072, for obtaining the data volume in this checking data body to be measured, and carrying out verification computing to the data volume got, obtaining the second operation result;
Whether verification unit 6073, conform to for the first operation result verified in this second operation result and this checking data body to be measured;
Data capture unit 6074, for when the check results of this verification unit 6073 is for being, obtains this raw data in this data volume.
In the present embodiment, this opposite end B6 also comprises:
Reasonalbeness check module 610, for carrying out data reasonalbeness check to this raw data;
Operational module 611, for when this reasonalbeness check module 610 inspection by time, operate according to this raw data.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), magnetic disc or CD etc. various can be program code stored medium.
The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. a safety communicating method for self-help terminal equipment hardware, is applied to the communication between the main frame of described self-aided terminal and device hardware, it is characterized in that, comprising:
Local terminal obtains the raw data needing to send;
Described local terminal is encrypted described raw data, obtains enciphered data;
Described local terminal generates random number, and is data block according to described random number by enciphered data cutting;
Described data block is packed by described local terminal one by one, generates corresponding packet;
Described local terminal is by described data packet transmission to opposite end, and make described opposite end be resolved by described packet and merge, obtain described enciphered data, then described opposite end is to described decrypt encrypted data, obtains described raw data.
2. safety communicating method according to claim 1, is characterized in that, described local terminal generates random number, and is that data block comprises according to described random number by enciphered data cutting:
Described local terminal generates the random number in a preset range;
Described enciphered data cutting is a described random number data block by described local terminal.
3. safety communicating method according to claim 1, is characterized in that, described safety communicating method also comprises: described local terminal generates a pair unsymmetrical key in advance, comprises PKI and private key, and described PKI is directed into described opposite end in advance;
Described private key is used for encrypting described raw data, and described PKI is used for described decrypt encrypted data.
4. safety communicating method according to claim 1, is characterized in that, described local terminal is encrypted described raw data, obtains enciphered data, specifically comprises:
Described raw data and corresponding temporal information are merged into data volume by described local terminal;
Described local terminal carries out verification computing to described data volume, obtains the first operation result;
Described data volume and described first operation result merge by described local terminal, obtain checking data body;
Described local terminal is encrypted described checking data body, obtains enciphered data;
Described opposite end, to described decrypt encrypted data, obtains described raw data, specifically comprises:
Described opposite end, to described decrypt encrypted data, obtains checking data body to be measured;
Described opposite end obtains the data volume in described checking data body to be measured, and carries out verification computing to the data volume got, and obtains the second operation result;
Whether described second operation result of described opposite end verification conforms to the first operation result in described checking data body to be measured, if conform to, then obtains the described raw data in described data volume.
5. safety communicating method according to claim 4, is characterized in that, described opposite end also comprises after obtaining described raw data:
Data reasonalbeness check is carried out to described raw data in described opposite end, and pass through if check, then described opposite end operates according to described raw data.
6. a secure communication device for self-help terminal equipment hardware, is applied to the communication between the main frame of described self-aided terminal and device hardware, it is characterized in that, comprises local terminal and opposite end, and described local terminal comprises:
Raw data acquisition module, for obtaining the raw data needing to send;
Encrypting module, for encrypting described raw data, obtains enciphered data;
Enciphered data cutting for generating random number, and is data block according to described random number by random cutting module;
Packet module, for described data block being packed one by one, generates corresponding packet;
Transport module, for by described data packet transmission to described opposite end;
Described opposite end comprises:
Resolve and merge module, for being resolved by described packet and merging, obtain described enciphered data;
Deciphering module, for described decrypt encrypted data, obtains described raw data.
7. secure communication device according to claim 6, is characterized in that, described random cutting module comprises:
Random number generation unit, for generating the random number in a preset range;
Data cutting unit, for being a described random number data block by described enciphered data cutting.
8. secure communication device according to claim 6, is characterized in that, described secure communication device also comprises:
Key production module, for generating a pair unsymmetrical key in advance, comprises PKI and private key;
PKI imports module, for described PKI is directed into described opposite end in advance;
Described private key is used for encrypting described raw data, and described PKI is used for described decrypt encrypted data.
9. secure communication device according to claim 6, is characterized in that, described encrypting module comprises:
First merge cells, for being merged into data volume by described raw data and corresponding temporal information;
First verification arithmetic element, for carrying out verification computing to described data volume, obtains the first operation result;
Second merge cells, for described data volume and described first operation result being merged, obtains checking data body;
Ciphering unit, for described checking data body encryption, obtains enciphered data;
Described deciphering module comprises:
Decryption unit, for described decrypt encrypted data, obtains checking data body to be measured;
Second verification arithmetic element, for obtaining the data volume in described checking data body to be measured, and carrying out verification computing to the data volume got, obtaining the second operation result;
Whether verification unit, conform to the first operation result in described checking data body to be measured for verifying described second operation result;
Data capture unit, for when the check results of described verification unit is for being, obtains the described raw data in described data volume.
10. secure communication device according to claim 9, is characterized in that, described opposite end also comprises:
Reasonalbeness check module, for carrying out data reasonalbeness check to described raw data;
Operational module, for when described reasonalbeness check module inspection by time, operate according to described raw data.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510981728.1A CN105574445B (en) | 2015-12-22 | 2015-12-22 | A kind of safety communicating method and device of self-help terminal equipment hardware |
| PCT/CN2016/077252 WO2017107328A1 (en) | 2015-12-22 | 2016-03-24 | Secure communication method and apparatus for self-service terminal device hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510981728.1A CN105574445B (en) | 2015-12-22 | 2015-12-22 | A kind of safety communicating method and device of self-help terminal equipment hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105574445A true CN105574445A (en) | 2016-05-11 |
| CN105574445B CN105574445B (en) | 2018-08-31 |
Family
ID=55884558
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510981728.1A Active CN105574445B (en) | 2015-12-22 | 2015-12-22 | A kind of safety communicating method and device of self-help terminal equipment hardware |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105574445B (en) |
| WO (1) | WO2017107328A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107908404A (en) * | 2017-11-17 | 2018-04-13 | 深圳市泉眼网络科技有限公司 | program packaging method, system and terminal device |
| CN108768930A (en) * | 2018-04-09 | 2018-11-06 | 华北水利水电大学 | A kind of encrypted transmission method of data |
| CN111654511A (en) * | 2020-07-13 | 2020-09-11 | 中国银行股份有限公司 | Chained data encryption method, chained data decryption method and corresponding systems |
| CN112307493A (en) * | 2020-10-15 | 2021-02-02 | 上海东方投资监理有限公司 | Project settlement data submission method, system, terminal equipment and storage medium |
| CN113382021A (en) * | 2021-08-11 | 2021-09-10 | 北京开科唯识技术股份有限公司 | Financial data processing method |
| CN113938270A (en) * | 2021-12-17 | 2022-01-14 | 北京华云安信息技术有限公司 | Data encryption method and device capable of flexibly reducing complexity |
| CN114125941A (en) * | 2021-11-19 | 2022-03-01 | 深圳市欧瑞博科技股份有限公司 | Data subpackaging method and device, electronic equipment and storage medium |
| CN114124416A (en) * | 2020-08-24 | 2022-03-01 | 中国航天系统工程有限公司 | System and method for quickly exchanging data between networks |
| CN115996120A (en) * | 2023-03-22 | 2023-04-21 | 江西经济管理干部学院 | Computer data encryption and decryption method and system based on mobile storage device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113993000B (en) * | 2021-09-07 | 2024-04-02 | 上海叁零肆零科技有限公司 | Transmission method, operation system and transmission equipment for field monitoring data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102135944A (en) * | 2011-03-24 | 2011-07-27 | 深圳市华信安创科技有限公司 | Method for safe data storage in mobile communication equipment |
| KR101055843B1 (en) * | 2010-08-09 | 2011-08-09 | 한국전력공사 | Method for encryption and decryption of transaction in power network and system thereof |
| US8100323B1 (en) * | 2002-12-26 | 2012-01-24 | Diebold Self-Service Systems Division Of Diebold, Incorporated | Apparatus and method for verifying components of an ATM |
| CN102332981A (en) * | 2011-10-12 | 2012-01-25 | 深圳市沃达通实业有限公司 | Three-layer key encryption method and bank transaction system |
| CN102932349A (en) * | 2012-10-31 | 2013-02-13 | 成都主导软件技术有限公司 | Data transmission method, device and system |
| CN104408834A (en) * | 2014-12-05 | 2015-03-11 | 湖南长城信息金融设备有限责任公司 | Method and system for controlling depositing and withdrawing safety based on safety core |
-
2015
- 2015-12-22 CN CN201510981728.1A patent/CN105574445B/en active Active
-
2016
- 2016-03-24 WO PCT/CN2016/077252 patent/WO2017107328A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8100323B1 (en) * | 2002-12-26 | 2012-01-24 | Diebold Self-Service Systems Division Of Diebold, Incorporated | Apparatus and method for verifying components of an ATM |
| KR101055843B1 (en) * | 2010-08-09 | 2011-08-09 | 한국전력공사 | Method for encryption and decryption of transaction in power network and system thereof |
| CN102135944A (en) * | 2011-03-24 | 2011-07-27 | 深圳市华信安创科技有限公司 | Method for safe data storage in mobile communication equipment |
| CN102332981A (en) * | 2011-10-12 | 2012-01-25 | 深圳市沃达通实业有限公司 | Three-layer key encryption method and bank transaction system |
| CN102932349A (en) * | 2012-10-31 | 2013-02-13 | 成都主导软件技术有限公司 | Data transmission method, device and system |
| CN104408834A (en) * | 2014-12-05 | 2015-03-11 | 湖南长城信息金融设备有限责任公司 | Method and system for controlling depositing and withdrawing safety based on safety core |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107908404A (en) * | 2017-11-17 | 2018-04-13 | 深圳市泉眼网络科技有限公司 | program packaging method, system and terminal device |
| CN108768930A (en) * | 2018-04-09 | 2018-11-06 | 华北水利水电大学 | A kind of encrypted transmission method of data |
| CN111654511A (en) * | 2020-07-13 | 2020-09-11 | 中国银行股份有限公司 | Chained data encryption method, chained data decryption method and corresponding systems |
| CN114124416A (en) * | 2020-08-24 | 2022-03-01 | 中国航天系统工程有限公司 | System and method for quickly exchanging data between networks |
| CN114124416B (en) * | 2020-08-24 | 2024-03-08 | 中国航天系统工程有限公司 | System and method for quickly exchanging data between networks |
| CN112307493B (en) * | 2020-10-15 | 2024-02-09 | 上海东方投资监理有限公司 | Project settlement data review sending method, system, terminal equipment and storage medium |
| CN112307493A (en) * | 2020-10-15 | 2021-02-02 | 上海东方投资监理有限公司 | Project settlement data submission method, system, terminal equipment and storage medium |
| CN113382021A (en) * | 2021-08-11 | 2021-09-10 | 北京开科唯识技术股份有限公司 | Financial data processing method |
| CN113382021B (en) * | 2021-08-11 | 2021-10-29 | 北京开科唯识技术股份有限公司 | Financial data processing method |
| CN114125941A (en) * | 2021-11-19 | 2022-03-01 | 深圳市欧瑞博科技股份有限公司 | Data subpackaging method and device, electronic equipment and storage medium |
| CN114125941B (en) * | 2021-11-19 | 2023-08-29 | 深圳市欧瑞博科技股份有限公司 | Data packetizing method and device, electronic equipment and storage medium |
| CN113938270A (en) * | 2021-12-17 | 2022-01-14 | 北京华云安信息技术有限公司 | Data encryption method and device capable of flexibly reducing complexity |
| CN115996120B (en) * | 2023-03-22 | 2023-09-29 | 江西经济管理干部学院 | Computer data encryption and decryption method and system based on mobile storage device |
| CN115996120A (en) * | 2023-03-22 | 2023-04-21 | 江西经济管理干部学院 | Computer data encryption and decryption method and system based on mobile storage device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105574445B (en) | 2018-08-31 |
| WO2017107328A1 (en) | 2017-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105574445A (en) | Safety communication method and device for self-service terminal equipment hardware | |
| CN106357400B (en) | Establish the method and system in channel between TBOX terminal and TSP platform | |
| EP3968597B1 (en) | Methods for encrypting and decrypting data | |
| CN107135070A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
| CN104618115A (en) | Identity card information obtaining method and system | |
| CN111435913A (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
| CN105337722B (en) | Data ciphering method and device | |
| CN103179129A (en) | Remote attestation method based on cloud computing infrastructure as a service (IaaS) environment | |
| WO2018120938A1 (en) | Offline key transmission method, terminal and storage medium | |
| CN116887073A (en) | Electric energy meter data acquisition control system based on computer network communication | |
| CN110109769A (en) | Method for safety monitoring, device, equipment and the storage medium of application crash | |
| CN105848145A (en) | WIFI intelligent configuration method and device | |
| CN113312608A (en) | Electric power metering terminal identity authentication method and system based on timestamp | |
| CN109302286B (en) | Fido equipment key index generation method | |
| CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
| CN112583594B (en) | Data processing method, acquisition device, gateway, trusted platform and storage medium | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| EP3361691B1 (en) | Method and device for verifying validity of identity of entity | |
| CN202918498U (en) | SIM card adapter, mobile terminal and digital signature authentication system | |
| CN112580061B (en) | Calling method of quantum encryption and decryption application interface and related equipment | |
| CN114117499A (en) | Authority management based trusted data exchange method | |
| CN114065302A (en) | Data processing method, device, equipment, medium and block chain network | |
| CN109150867B (en) | Network information transmission encryption/decryption device and encryption/decryption method | |
| CN113346999A (en) | Splitting encryption-based brain central system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |