CN106936567A - For the ciphertext conversion method and system of ATM - Google Patents

For the ciphertext conversion method and system of ATM Download PDF

Info

Publication number
CN106936567A
CN106936567A CN201511009720.5A CN201511009720A CN106936567A CN 106936567 A CN106936567 A CN 106936567A CN 201511009720 A CN201511009720 A CN 201511009720A CN 106936567 A CN106936567 A CN 106936567A
Authority
CN
China
Prior art keywords
ciphertext
usbkey
atm
conversion process
state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201511009720.5A
Other languages
Chinese (zh)
Other versions
CN106936567B (en
Inventor
王永宝
田心
华刚
陈怡博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201511009720.5A priority Critical patent/CN106936567B/en
Publication of CN106936567A publication Critical patent/CN106936567A/en
Application granted granted Critical
Publication of CN106936567B publication Critical patent/CN106936567B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the communications field, a kind of ciphertext conversion method and system for ATM is disclosed.Wherein, the method includes:ATM controller receives the first ciphertext, and first ciphertext is obtained after being encrypted to the person identifier password PIN being input by Encryption Keyboard using the close algorithm of non-state;ATM controller calls the USBKEY being connected with the ATM using the script in the ATM;And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes:First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;The plaintext is encrypted using state's close algorithm obtains the second ciphertext.By using the above-mentioned method and system of the present invention, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard.

Description

For the ciphertext conversion method and system of ATM
Technical field
The present invention relates to the communications field, in particular it relates to a kind of ciphertext conversion method for ATM and System.
Background technology
With the issue of PBOC3.0 specifications, the close algorithm of the state (for example, SM2/SM3/SM4) of financial sector Transformation is also in progress, but the close algorithm transformation of the state of ATM is but due to the height of hardware replacement cost Hold high and make slow progress.
Specifically, it is desirable to which the transformation for carrying out the close algorithm of ATM state (that is, can be realized on the close calculation of state The ciphertext conversion of method), what is stood in the breach is the close algorithm transformation of state of code keypad.However, existing close Code key disk is the hardware encryption keyboard for supporting the non-close algorithm of state (for example, RSA/SHA/3DES), password Algorithm is present within code keypad with chip form.Currently, the hardware encryption key for being used in financial sector Disk, is all to obtain external related certification, and the hardware encryption key for supporting the close algorithm of state is obtained at home The related hardware certification of disk, the time cycle is long, high cost, will be existing code keypad is changed, It is a no small expense.Therefore need one kind can be realized in the case where Encryption Keyboard is changed without on The method of the ciphertext conversion of the close algorithm of state.
The content of the invention
It is an object of the invention to provide a kind of ciphertext conversion method and system for ATM, with solution State the problems of the prior art.
To achieve these goals, the present invention provides a kind of ciphertext conversion method for ATM, wherein, The method includes:ATM controller receives the first ciphertext, and first ciphertext utilizes the close algorithm pair of non-state The person identifier password PIN being input into by Encryption Keyboard is obtained after being encrypted;ATM controller is utilized Script in the ATM calls the USBKEY being connected with the ATM;And the USBKEY Ciphertext conversion process is carried out to first ciphertext, the ciphertext conversion process includes:Using the close calculation of non-state Method is decrypted to first ciphertext and obtains in plain text;The plaintext is encrypted using state's close algorithm To the second ciphertext.
The present invention also provides a kind of ciphertext converting system for ATM, and the system includes ATM controller And USBKEY, wherein:The ATM controller is used to receive the first ciphertext, the first ciphertext profit Obtained after being encrypted to the person identifier password PIN being input by Encryption Keyboard with the close algorithm of non-state;Institute ATM controller is stated for calling what is be connected with the ATM using the script in the ATM USBKEY;And the USBKEY is used to carry out ciphertext conversion process, institute to first ciphertext Stating ciphertext conversion process includes:First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text; The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
By above-mentioned technical proposal, the hardware for supporting the non-close algorithm of state is remained as in the code keypad of ATM In the case of code keypad, after user passes through input through keyboard person identifier password, code keypad The person identifier password can be encrypted and obtain the first ciphertext, and first ciphertext is sent to ATM Controller, ATM controller can utilize the script in ATM to call what is be connected with the ATM USBKEY, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext.By This, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduced ciphertext and turned The cost for changing.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention. In accompanying drawing:
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to one embodiment of the present invention; And
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to one embodiment of the present invention.
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that Specific embodiment described herein is merely to illustrate and explain the present invention, and is not limited to this hair It is bright.
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to one embodiment of the present invention.
As shown in figure 1, the ciphertext conversion method bag for ATM that one embodiment of the present invention is provided Include:
S100, ATM controller receives the first ciphertext, and first ciphertext is using the close algorithm of non-state to logical Cross Encryption Keyboard input person identifier password PIN be encrypted after obtain;
S102, the ATM controller is called using the script in the ATM and is connected with the ATM USBKEY;And
S104, the USBKEY carry out ciphertext conversion process to first ciphertext, and the ciphertext turns Changing treatment includes:
S1040, is decrypted to first ciphertext using the close algorithm of non-state and obtained in plain text;
S1042, is encrypted to the plaintext using the close algorithm of state and obtains the second ciphertext.
In the case where the code keypad of ATM remains as the hardware encryption keyboard for supporting the non-close algorithm of state, After user passes through input through keyboard person identifier password, by being deposited with chip form in code keypad Cryptographic algorithm the person identifier password be encrypted obtain the first ciphertext, and by first ciphertext hair ATM controller is given, ATM controller can utilize the script in ATM to call and ATM companies The USBKEY for connecing, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext. Thus, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduces ciphertext The cost of conversion.
Wherein, be stored with the close algorithm of the close algorithm of state and non-state in the USBKEY, so as to have state close The disposal ability of the close algorithm of the disposal ability of algorithm and non-state.The close algorithm of state for example can be SM2/SM3/SM4, rather than the close algorithm of state for example can be RSA/SHA/3DES.AES makes Meet the requirement of PBOC3.0 specifications with mode.
Wherein, the second ciphertext for being obtained in step S1042 can be sent to ATM controller, then ATM Controller can be sent to background system by network, and subsequent operation is carried out to PIN in order to background system (for example, carrying out PIN comparisons).When the authentication succeeds, corresponding business can be provided the user; And when the verification is not successful, then point out user to be input into PIN again, until being proved to be successful or limiting operation Untill (such as limitation input PIN).
Additionally, can be sent to background system by network in the second ciphertext, script can discharge USBKEY, makes USBKEY be in holding state.
In the method, before step S104, the method also includes:
S106, the USBKEY obtains the input number of times of the PIN in scheduled time slot;
S108, acquired input number of times is compared with threshold value;And
S110, the USBKEY determine whether to carry out ciphertext to first ciphertext according to comparative result Conversion process.
By above-mentioned steps, the input condition of PIN can be judged, so it is true according to judged result The fixed ciphertext conversion process for whether performing the first ciphertext.Thus, it is possible to ensure the safety of ciphertext conversion process Property.
In the method, S110 includes:
S1100, in the case where acquired input number of times is less than the threshold value, it is determined that to described first Ciphertext carries out ciphertext conversion process;
S1102, in the case where acquired input number of times is more than or equal to the threshold value, it is determined that not right First ciphertext carries out ciphertext conversion process.
Wherein, the threshold value can be set according to actual conditions, and the present invention is defined not to this. Acquired input number of times represents that the input of PIN is normal input less than the threshold value, and acquired defeated Indegree represents that the input of PIN is input into (for example, invader is maliciously for abnormal more than or equal to the threshold value Attack).
Thus, it is possible to the behaviour of ciphertext conversion is carried out in the case of preventing invader's malicious attack to ciphertext Make, it is ensured that the security of ciphertext conversion.
In the method, the method also includes:
S112, it is described in the case of it is determined that not carrying out ciphertext conversion process to first ciphertext USBKEY performs self-destruction operation.
Thus, once finding there is invader's malicious attack, USBKEY carries out self-destruction operation, from And the relevant information in preventing invader from obtaining USBKEY.
In the method, S112 includes:
S1120, wipes the encryption and decryption relevant information in the USBKEY;
S1122, makes the USBKEY be in non-enabled state, i.e. to lose the USBKEY Normal ability to work.
Thus, USBKEY has self-destroying function, the letter in can preventing invader from obtaining USBKEY Breath or malice call USBKEY.
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to one embodiment of the present invention.
As shown in Fig. 2 the ciphertext converting system bag for ATM that one embodiment of the present invention is provided ATM controller 20 and USBKEY 22 are included, wherein:The ATM controller 20 is used to receive the One ciphertext, first ciphertext is using the close algorithm of non-state to the person identifier password that is input by Encryption Keyboard PIN is obtained after being encrypted;The ATM controller 20 is used to be adjusted using the script in the ATM With the USBKEY 22 being connected with the ATM;And the USBKEY 22 is used for described first Ciphertext carries out ciphertext conversion process, and the ciphertext conversion process includes:Using the close algorithm of non-state to described One ciphertext is decrypted and obtains in plain text;It is encrypted that to obtain second close to the plaintext using the close algorithm of state Text.
Wherein, the USBKEY 22 can include the close algoritic module of the close algoritic module of state and non-state (figure Not shown in), the non-close algoritic module of state is used to carry out first ciphertext using the close algorithm of non-state Decryption is obtained in plain text, and the close algoritic module of state is used to be encrypted the plaintext using the close algorithm of state To the second ciphertext.
In the case where the code keypad of ATM remains as the hardware encryption keyboard for supporting the non-close algorithm of state, After user passes through input through keyboard person identifier password, by being deposited with chip form in code keypad Cryptographic algorithm the person identifier password be encrypted obtain the first ciphertext, and by first ciphertext hair ATM controller is given, ATM controller can utilize the script in ATM to call and ATM companies The USBKEY for connecing, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext. Thus, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduces ciphertext The cost of conversion.
Wherein, the second ciphertext for obtaining can be sent to ATM controller 20, then ATM controller 20 Can be sent to background system by network, in order to background system PIN is carried out subsequent operation (for example, Carry out PIN comparisons).When the authentication succeeds, corresponding business can be provided the user;And work as and test When demonstrate,proving unsuccessful, then user is pointed out to be input into PIN again, until being proved to be successful or limiting operation (for example Limitation input PIN) untill.
Additionally, can be sent to background system by network in the second ciphertext, script can discharge USBKEY, makes USBKEY be in holding state.
According to one embodiment of the present invention, before ciphertext conversion process is carried out to first ciphertext, The USBKEY 22 is additionally operable to obtain the input number of times of the PIN in scheduled time slot, and will be acquired Input number of times be compared with threshold value;And the USBKEY 22 be additionally operable to it is true according to comparative result It is fixed whether ciphertext conversion process to be carried out to first ciphertext.
Thus, it is possible to judge the input condition of PIN, and then determined whether to hold according to judged result The ciphertext conversion process of the ciphertext of row first.Thus, it is possible to ensure the security of ciphertext conversion process.
According to one embodiment of the present invention, it is right that the USBKEY 22 determines whether according to comparative result First ciphertext carries out ciphertext conversion process to be included:
In the case where acquired input number of times is less than the threshold value, it is right that the USBKEY 22 determines First ciphertext carries out ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, the USBKEY 22 It is determined that not carrying out ciphertext conversion process to first ciphertext.
Wherein, the threshold value can be set according to actual conditions, and the present invention is defined not to this. Acquired input number of times represents that the input of PIN is normal input less than the threshold value, and acquired defeated Indegree represents that the input of PIN is input into (for example, invader is maliciously for abnormal more than or equal to the threshold value Attack).
Thus, it is possible to the behaviour of ciphertext conversion is carried out in the case of preventing invader's malicious attack to ciphertext Make, it is ensured that the security of ciphertext conversion.
According to one embodiment of the present invention, it is determined that not carrying out ciphertext conversion process to first ciphertext In the case of, the USBKEY 22 is additionally operable to perform self-destruction operation.
Thus, once finding there is invader's malicious attack, USBKEY carries out self-destruction operation, from And the relevant information in preventing invader from obtaining USBKEY.
According to one embodiment of the present invention, the USBKEY 22 performs self-destruction operation to be included:
The USBKEY 22 wipes the encryption and decryption relevant information in the USBKEY 22, and makes institute State USBKEY 22 and be in non-enabled state.
Thus, USBKEY 22 has self-destroying function, can prevent invader from obtaining USBKEY 22 In information or malice call USBKEY 22.Wherein, the execution of the self-destroying functions of USBKEY 22, By including controller realize.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique described in above-mentioned specific embodiment is special Levy, in the case of reconcilable, can be combined by any suitable means.In order to avoid need not The repetition wanted, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.

Claims (10)

1. a kind of ciphertext conversion method for ATM, wherein, the method includes:
ATM controller receives the first ciphertext, and first ciphertext is using the close algorithm of non-state to by encryption The person identifier password PIN of input through keyboard is obtained after being encrypted;
The ATM controller calls what is be connected with the ATM using the script in the ATM USBKEY;And
The USBKEY carries out ciphertext conversion process, the ciphertext conversion process to first ciphertext Including:
First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;
The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
2. method according to claim 1, wherein, turn ciphertext is being carried out to first ciphertext Before changing treatment, the method also includes:
The USBKEY obtains the input number of times of the PIN in scheduled time slot, and will be acquired defeated Indegree is compared with threshold value;And
The USBKEY determines whether to carry out at ciphertext conversion first ciphertext according to comparative result Reason.
3. method according to claim 2, wherein, determined whether to described according to comparative result First ciphertext carries out ciphertext conversion process to be included:
In the case where acquired input number of times is less than the threshold value, it is determined that being carried out to first ciphertext Ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, it is determined that not to described first Ciphertext carries out ciphertext conversion process.
4. method according to claim 3, wherein, the method also includes:
In the case of it is determined that not carrying out ciphertext conversion process to first ciphertext, the USBKEY Perform self-destruction operation.
5. method according to claim 4, wherein, the execution self-destruction operation includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is in non-making Can state.
6. a kind of ciphertext converting system for ATM, the system include ATM controller and USBKEY, wherein:
The ATM controller is used to receive the first ciphertext, and first ciphertext utilizes the close algorithm pair of non-state The person identifier password PIN being input into by Encryption Keyboard is obtained after being encrypted;
The ATM controller is used to call what is be connected with the ATM using the script in the ATM USBKEY;And
The USBKEY is used to carry out first ciphertext ciphertext conversion process, the ciphertext conversion Treatment includes:
First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;
The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
7. system according to claim 6, wherein, turn ciphertext is being carried out to first ciphertext Before changing treatment, the USBKEY is additionally operable to obtain the input number of times of the PIN in scheduled time slot, And acquired input number of times is compared with threshold value;And the USBKEY be additionally operable to according to than Relatively result determines whether to carry out ciphertext conversion process to first ciphertext.
8. system according to claim 7, wherein, the USBKEY is true according to comparative result Whether carrying out ciphertext conversion process to first ciphertext calmly includes:
In the case where acquired input number of times is less than the threshold value, the USBKEY is determined to institute Stating the first ciphertext carries out ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, the USBKEY is true It is fixed ciphertext conversion process not to be carried out to first ciphertext.
9. system according to claim 8, wherein, it is determined that not carried out to first ciphertext In the case of ciphertext conversion process, the USBKEY is additionally operable to perform self-destruction operation.
10. system according to claim 9, wherein, the USBKEY performs self-destruction operation Including:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is in non-making Can state.
CN201511009720.5A 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM Active CN106936567B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511009720.5A CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511009720.5A CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Publications (2)

Publication Number Publication Date
CN106936567A true CN106936567A (en) 2017-07-07
CN106936567B CN106936567B (en) 2019-09-17

Family

ID=59457620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511009720.5A Active CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Country Status (1)

Country Link
CN (1) CN106936567B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102194063A (en) * 2010-03-12 2011-09-21 北京路模思科技有限公司 Method and system for secure management and use of key and certificate based on virtual machine technology
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN103595532A (en) * 2013-10-21 2014-02-19 上海动联信息技术股份有限公司 Multi-functional composite password key based on USBKEY and OTP technology
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102194063A (en) * 2010-03-12 2011-09-21 北京路模思科技有限公司 Method and system for secure management and use of key and certificate based on virtual machine technology
CN103595532A (en) * 2013-10-21 2014-02-19 上海动联信息技术股份有限公司 Multi-functional composite password key based on USBKEY and OTP technology
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Also Published As

Publication number Publication date
CN106936567B (en) 2019-09-17

Similar Documents

Publication Publication Date Title
US10903986B2 (en) Cryptographic key management for end-to-end communication security
US10742626B2 (en) Method for key rotation
EP2950506A1 (en) Method and system for establishing a secure communication channel
KR102325912B1 (en) Holistic module authentication with a device
US20170237565A1 (en) Method and apparatus for logging into medical devices
US10771455B2 (en) System and method for enabling secure authentication
EP3337088B1 (en) Data encryption method, decryption method, apparatus, and system
US9628460B2 (en) Method of controlling access to an internet-based application
US9621348B2 (en) System and method of secure text generation
US11714914B2 (en) Secure storage of passwords
US9171140B2 (en) System and method for unified passcode processing
CN106101064A (en) Account login method and device
CN103905400A (en) Service authentication method, apparatus and system
CN101990201B (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
CN108156601A (en) A kind of method and device of locking SIM card
KR101358375B1 (en) Prevention security system and method for smishing
CN104955029A (en) Address book protection method, address book protection device and communication system
CN101895885A (en) Method and system for protecting key file
CN106961417B (en) Identity verification method based on ciphertext
CN106936567A (en) For the ciphertext conversion method and system of ATM
CN105430022B (en) A kind of data input control method and terminal device
CN108306881A (en) A kind of auth method and device
WO2020246989A1 (en) Cryptographic key management for end-to-end communication security
Sarga et al. User-Side Password Authentication: A Study
Yevseiev et al. Mathematical models of hybrid crypto-code constructions on damaged codes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant