CN106533683A - Equipment authentication method using national commercial cryptographic algorithm - Google Patents

Equipment authentication method using national commercial cryptographic algorithm Download PDF

Info

Publication number
CN106533683A
CN106533683A CN201611009311.XA CN201611009311A CN106533683A CN 106533683 A CN106533683 A CN 106533683A CN 201611009311 A CN201611009311 A CN 201611009311A CN 106533683 A CN106533683 A CN 106533683A
Authority
CN
China
Prior art keywords
state
host computer
code keypad
code
keyboard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611009311.XA
Other languages
Chinese (zh)
Inventor
赵小平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an View Of Network Technology Co Ltd
Original Assignee
Xi'an View Of Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an View Of Network Technology Co Ltd filed Critical Xi'an View Of Network Technology Co Ltd
Priority to CN201611009311.XA priority Critical patent/CN106533683A/en
Publication of CN106533683A publication Critical patent/CN106533683A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses an equipment authentication method using a national commercial cryptographic algorithm. The method comprises the steps of SM2 public and private key generation, public key issuing flow management, feature code management, random dynamic code and feature code hybrid algorithm implementation, encryption and decryption verification, and state control and the like. The national commercial cryptographic algorithm is applied to an external code keyboard and handshake authentication of an upper computer for the first time, so that security and controllability of equipment access are enhanced. The high-security-level equipment authentication method is realized by using the SM2 algorithm at the external code keyboard that supports the national commercial cryptographic algorithm SM2/SM3/SM4 and is designed and produced by the company. Using the method disclosed by the invention, the external code keyboard can be used securely and only can be used by matching a credit financial terminal or upper computer, so that application of the external code keyboard to an untrusted system can be prevented and financial business security can be guaranteed.

Description

A kind of equipment authentication method using national commercial cipher algorithm
Technical field
The present invention relates to financial information technology field, and in particular to a kind of device authentication using national commercial cipher algorithm Method.
Background technology
2014,《The General Office of the State Council forwards password Ju Deng departments with regard to the logical of financial field cipher application instruction Know》Clearly propose to strive tentatively realizing within 2015 domestic password in financial IC card (integrated circuit card), Web bank, movement Pay, the extensive application in the major fields such as Internet securities, electronic insurance policy, realize domestic password in financial field to the year two thousand twenty Overall application.2015,《Notice with regard to organizing and implementing national information safety special project relevant issues in 2015》Further requirement Upgrading is carried out to business bank's bank card correlation software and hardware system, and POS, ATM, the passwords such as SM2/3/4 are supported Algorithm.
The content of the invention
To solve the above problems, the invention provides a kind of equipment authentication method using national commercial cipher algorithm, adopts With national commercial cipher canonical algorithm SM2, increase the proprietary protocol and algorithm of designed, designed, realize that safer equipment room is held Hand authentication management.
For achieving the above object, the technical scheme taken of the present invention is:
A kind of equipment authentication method using national commercial cipher algorithm, comprises the steps:
S1, a pair of SM2 public private key pairs are firstly generated, public key publication is in host computer application software;Private key is retained in password The cryptoguard area of keyboard;
S2, when code keypad insert credit host computer USB interface, complete CCID kind equipments drive configuration after, on Position machine finds code keypad equipment, and now code keypad default conditions are un-authenticated state, and host computer is in addition to authentication command Order cannot all be performed, and return status error.Local state defaults to un-authenticated state, i.e. GM06_state=0;
S3, host computer obtain the status information of keyboard first, obtain code keypad state for un-authenticated state, triggering authentication Request;
If S4, host computer do not properly resolve keyboard state, any order outside certification is sent, it is wrong that keyboard returns state False information, and subsidiary keyboard state information;Host computer sends authentication command, and code keypad returns dynamic data, and (4 bytes are random Number);The dynamic data is generated by real random number generator;
After S5, host computer receive dynamic data, the dynamic data is obtained according to proprietary protocol, and the data and bypass The condition code of issue regards be-encrypted data together, calls SM2 AESs to complete encryption.The ciphertext of generation is sent to cryptographic key Disk;
After S6, code keypad receive ciphertext, call SM2 decryption interfaces, decrypted using certification private key, obtain dynamic data and Condition code, compare respectively dynamic data and condition code it is all correct in the case of, state is switched to normal operating conditions;Otherwise, return Authentification failure is returned, certification next time is waited;
S7,3 failures of continuous certification, code keypad enter lock-out state, and locking time is 2 hours;2 hours afterwards can be with Continue to receive certification, repeat aforesaid operations.
The invention has the advantages that:
Take the lead in national commercial cipher algorithm is applied in the handshake authentication of external code keypad and host computer, enhance and set The standby security for accessing and controllability;The external code keypad that production is designed in our company (supports national commercial cipher algorithm SM2/SM3/SM4, on), a kind of equipment authentication method of the high safety rank realized using SM2 algorithms can be allowed using the method External code keypad can only be used cooperatively with the financial terminal of credit or host computer, be prevented external cryptographic key using safer The system that disk is used for non-credit, it is ensured that financial business safety.
Specific embodiment
In order that objects and advantages of the present invention become more apparent, with reference to embodiments the present invention is carried out further Describe in detail.It should be appreciated that specific embodiment described herein is not used to limit this only to explain the present invention It is bright.
In following examples, SM2 is a kind of rivest, shamir, adelman based on elliptic curve, and RSA belongs to mesh Two kinds of rivest, shamir, adelmans of front main flow, SM2 are more safer than RSA.One lifts curve, and everybody just will recognize that equation, oval bent Line algorithm be by equation determine, the elliptic curve equation that SM2 algorithms are adopted for:Y2=x3+ax+b, in SM2 algorithm standard rules In, by specifying a, b coefficient, it is determined that unique calibration curve.Meanwhile, in order to by curve mapping be AES, SM2 standards In further define other parameters, for algorithm routine use.
SM2 is the public key algorithm that national Password Management office announces, and its Cipher Strength is 256.
Public and private key in following examples generates finite prime field elliptic curve group Fp using SM2 suggestions, generates key Process is exactly the elliptic curve that a finite field (less than the integer of 256 bytes) is generated on the basis of the parameter of curve of SM2 suggestions Array, and a G point and a P point are generated, coordinate P (x, y) of P points is public key, and the exponent number between G and P points is private key. Public key length is 256+256 totally 512 bits, 256 bit of private key.
A kind of equipment authentication method using national commercial cipher algorithm is embodiments provided, including following step Suddenly:
S1, a pair of SM2 public private key pairs are firstly generated, public key publication is in host computer application software;Private key is retained in password The cryptoguard area of keyboard;
S2, when code keypad insert credit host computer USB interface, complete CCID kind equipments drive configuration after, on Position machine finds code keypad equipment, and now code keypad default conditions are un-authenticated state, and host computer is in addition to authentication command Order cannot all be performed, and return status error.Local state defaults to un-authenticated state, i.e. GM06_state=0;
S3, host computer obtain the status information of keyboard first, obtain code keypad state for un-authenticated state, triggering authentication Request;
If S4, host computer do not properly resolve keyboard state, any order outside certification is sent, it is wrong that keyboard returns state False information, and subsidiary keyboard state information;Host computer sends authentication command, and code keypad returns dynamic data, and (4 bytes are random Number);The dynamic data is generated by real random number generator;
After S5, host computer receive dynamic data, the dynamic data is obtained according to proprietary protocol, and the data and bypass The condition code of issue regards be-encrypted data together, calls SM2 AESs to complete encryption.The ciphertext of generation is sent to cryptographic key Disk;
After S6, code keypad receive ciphertext, call SM2 decryption interfaces, decrypted using certification private key, obtain dynamic data and Condition code, compare respectively dynamic data and condition code it is all correct in the case of, state is switched to normal operating conditions;Otherwise, return Authentification failure is returned, certification next time is waited;
S7,3 failures of continuous certification, code keypad enter lock-out state, and locking time is 2 hours;2 hours afterwards can be with Continue to receive certification, repeat aforesaid operations.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (1)

1. a kind of equipment authentication method using national commercial cipher algorithm, it is characterised in that comprise the steps:
S1, a pair of SM2 public private key pairs are firstly generated, public key publication is in host computer application software;Private key is retained in code keypad Cryptoguard area;
S2, when code keypad insert credit host computer USB interface, complete CCID kind equipments drive configuration after, host computer It was found that code keypad equipment, now code keypad default conditions are un-authenticated state, order of the host computer in addition to authentication command Cannot all perform, return status error.Local state defaults to un-authenticated state, i.e. GM06_state=0;
S3, host computer obtain the status information of keyboard first, and it is un-authenticated state to obtain code keypad state, and triggering authentication please Ask;
If S4, host computer do not properly resolve keyboard state, any order outside certification is sent, keyboard returns status error letter Breath, and subsidiary keyboard state information;Host computer sends authentication command, and code keypad returns dynamic data (4 byte random number);Should Dynamic data is generated by real random number generator;
After S5, host computer receive dynamic data, the dynamic data is obtained according to proprietary protocol, and the data and bypass are issued Condition code together regard be-encrypted data, call SM2 AESs complete encryption.The ciphertext of generation is sent to code keypad;
After S6, code keypad receive ciphertext, SM2 decryption interfaces are called, decrypted using certification private key, obtain dynamic data and feature Code, compare respectively dynamic data and condition code it is all correct in the case of, state is switched to normal operating conditions;Otherwise, return is recognized Card failure, waits certification next time;
S7,3 failures of continuous certification, code keypad enter lock-out state, and locking time is 2 hours;Can continue afterwards within 2 hours Receive certification, repeat aforesaid operations.
CN201611009311.XA 2016-11-11 2016-11-11 Equipment authentication method using national commercial cryptographic algorithm Pending CN106533683A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611009311.XA CN106533683A (en) 2016-11-11 2016-11-11 Equipment authentication method using national commercial cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611009311.XA CN106533683A (en) 2016-11-11 2016-11-11 Equipment authentication method using national commercial cryptographic algorithm

Publications (1)

Publication Number Publication Date
CN106533683A true CN106533683A (en) 2017-03-22

Family

ID=58352149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611009311.XA Pending CN106533683A (en) 2016-11-11 2016-11-11 Equipment authentication method using national commercial cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN106533683A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111882783A (en) * 2020-06-29 2020-11-03 银盛支付服务股份有限公司 Butt-joint-transformation-free plug-and-play MIS-POS system and implementation method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873331A (en) * 2010-07-07 2010-10-27 中国工商银行股份有限公司 Safety authentication method and system
CN103020493A (en) * 2012-12-28 2013-04-03 杭州晟元芯片技术有限公司 Anti-copy software protecting and operating device and anti-copy software protecting and operating method
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN103929307A (en) * 2014-04-02 2014-07-16 天地融科技股份有限公司 Password input method, intelligent secret key device and client device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873331A (en) * 2010-07-07 2010-10-27 中国工商银行股份有限公司 Safety authentication method and system
CN103020493A (en) * 2012-12-28 2013-04-03 杭州晟元芯片技术有限公司 Anti-copy software protecting and operating device and anti-copy software protecting and operating method
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN103929307A (en) * 2014-04-02 2014-07-16 天地融科技股份有限公司 Password input method, intelligent secret key device and client device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
严圣阳: "《互联网金融新业态》", 30 June 2014 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111882783A (en) * 2020-06-29 2020-11-03 银盛支付服务股份有限公司 Butt-joint-transformation-free plug-and-play MIS-POS system and implementation method
CN111882783B (en) * 2020-06-29 2021-04-16 银盛支付服务股份有限公司 Plug-and-play MIS-POS realization method free of butt joint transformation

Similar Documents

Publication Publication Date Title
US10461927B2 (en) Secure channel establishment between payment device and terminal device
Degabriele et al. On the joint security of encryption and signature in EMV
CN107786550B (en) A kind of safety communicating method of self-service device, safe communication system and self-service device
US8971540B2 (en) Authentication
US7991151B2 (en) Method for secure delegation of calculation of a bilinear application
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
Han et al. An Improved Biometric Based Authentication Scheme with User Anonymity Using Elliptic Curve Cryptosystem.
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN103404073A (en) Protection against passive sniffing
CN112818332A (en) Password management service platform for intelligent manufacturing
TWI476629B (en) Data security and security systems and methods
US9641333B2 (en) Authentication methods, systems, devices, servers and computer program products, using a pairing-based cryptographic approach
CN106533683A (en) Equipment authentication method using national commercial cryptographic algorithm
KR20130007097A (en) Security system of smart phone service and secruity method
CN107566125A (en) The safety certifying method that a kind of more algorithms combine
TWI383327B (en) The use of wafer financial card in the ATM system cardholder authentication methods, systems and computer systems
Tapiador et al. Cryptanalysis of Song's advanced smart card based password authentication protocol
CN100566239C (en) The key transmission method of multi-stage intelligent key apparatus and system
EP3556046B1 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
EP3035589A1 (en) Security management system for authenticating a token by a service provider server
Lu et al. Communication security between a computer and a hardware token
Xu et al. OTP bidirectional authentication scheme based on MAC address
Zhang et al. A New Way to Prevent UKS Attacks Using Hardware Security Chips.
TW501013B (en) High-speed security device
CN114329518A (en) Encryption and decryption method and device for software cryptographic module account

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170322