CN106936567A - For the ciphertext conversion method and system of ATM - Google Patents
For the ciphertext conversion method and system of ATM Download PDFInfo
- Publication number
- CN106936567A CN106936567A CN201511009720.5A CN201511009720A CN106936567A CN 106936567 A CN106936567 A CN 106936567A CN 201511009720 A CN201511009720 A CN 201511009720A CN 106936567 A CN106936567 A CN 106936567A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- usbkey
- atm
- conversion process
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to the communications field, a kind of ciphertext conversion method and system for ATM is disclosed.Wherein, the method includes:ATM controller receives the first ciphertext, and first ciphertext is obtained after being encrypted to the person identifier password PIN being input by Encryption Keyboard using the close algorithm of non-state;ATM controller calls the USBKEY being connected with the ATM using the script in the ATM;And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes:First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;The plaintext is encrypted using state's close algorithm obtains the second ciphertext.By using the above-mentioned method and system of the present invention, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard.
Description
Technical field
The present invention relates to the communications field, in particular it relates to a kind of ciphertext conversion method for ATM and
System.
Background technology
With the issue of PBOC3.0 specifications, the close algorithm of the state (for example, SM2/SM3/SM4) of financial sector
Transformation is also in progress, but the close algorithm transformation of the state of ATM is but due to the height of hardware replacement cost
Hold high and make slow progress.
Specifically, it is desirable to which the transformation for carrying out the close algorithm of ATM state (that is, can be realized on the close calculation of state
The ciphertext conversion of method), what is stood in the breach is the close algorithm transformation of state of code keypad.However, existing close
Code key disk is the hardware encryption keyboard for supporting the non-close algorithm of state (for example, RSA/SHA/3DES), password
Algorithm is present within code keypad with chip form.Currently, the hardware encryption key for being used in financial sector
Disk, is all to obtain external related certification, and the hardware encryption key for supporting the close algorithm of state is obtained at home
The related hardware certification of disk, the time cycle is long, high cost, will be existing code keypad is changed,
It is a no small expense.Therefore need one kind can be realized in the case where Encryption Keyboard is changed without on
The method of the ciphertext conversion of the close algorithm of state.
The content of the invention
It is an object of the invention to provide a kind of ciphertext conversion method and system for ATM, with solution
State the problems of the prior art.
To achieve these goals, the present invention provides a kind of ciphertext conversion method for ATM, wherein,
The method includes:ATM controller receives the first ciphertext, and first ciphertext utilizes the close algorithm pair of non-state
The person identifier password PIN being input into by Encryption Keyboard is obtained after being encrypted;ATM controller is utilized
Script in the ATM calls the USBKEY being connected with the ATM;And the USBKEY
Ciphertext conversion process is carried out to first ciphertext, the ciphertext conversion process includes:Using the close calculation of non-state
Method is decrypted to first ciphertext and obtains in plain text;The plaintext is encrypted using state's close algorithm
To the second ciphertext.
The present invention also provides a kind of ciphertext converting system for ATM, and the system includes ATM controller
And USBKEY, wherein:The ATM controller is used to receive the first ciphertext, the first ciphertext profit
Obtained after being encrypted to the person identifier password PIN being input by Encryption Keyboard with the close algorithm of non-state;Institute
ATM controller is stated for calling what is be connected with the ATM using the script in the ATM
USBKEY;And the USBKEY is used to carry out ciphertext conversion process, institute to first ciphertext
Stating ciphertext conversion process includes:First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;
The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
By above-mentioned technical proposal, the hardware for supporting the non-close algorithm of state is remained as in the code keypad of ATM
In the case of code keypad, after user passes through input through keyboard person identifier password, code keypad
The person identifier password can be encrypted and obtain the first ciphertext, and first ciphertext is sent to ATM
Controller, ATM controller can utilize the script in ATM to call what is be connected with the ATM
USBKEY, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext.By
This, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduced ciphertext and turned
The cost for changing.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with
Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention.
In accompanying drawing:
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to one embodiment of the present invention;
And
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to one embodiment of the present invention.
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that
Specific embodiment described herein is merely to illustrate and explain the present invention, and is not limited to this hair
It is bright.
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to one embodiment of the present invention.
As shown in figure 1, the ciphertext conversion method bag for ATM that one embodiment of the present invention is provided
Include:
S100, ATM controller receives the first ciphertext, and first ciphertext is using the close algorithm of non-state to logical
Cross Encryption Keyboard input person identifier password PIN be encrypted after obtain;
S102, the ATM controller is called using the script in the ATM and is connected with the ATM
USBKEY;And
S104, the USBKEY carry out ciphertext conversion process to first ciphertext, and the ciphertext turns
Changing treatment includes:
S1040, is decrypted to first ciphertext using the close algorithm of non-state and obtained in plain text;
S1042, is encrypted to the plaintext using the close algorithm of state and obtains the second ciphertext.
In the case where the code keypad of ATM remains as the hardware encryption keyboard for supporting the non-close algorithm of state,
After user passes through input through keyboard person identifier password, by being deposited with chip form in code keypad
Cryptographic algorithm the person identifier password be encrypted obtain the first ciphertext, and by first ciphertext hair
ATM controller is given, ATM controller can utilize the script in ATM to call and ATM companies
The USBKEY for connecing, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext.
Thus, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduces ciphertext
The cost of conversion.
Wherein, be stored with the close algorithm of the close algorithm of state and non-state in the USBKEY, so as to have state close
The disposal ability of the close algorithm of the disposal ability of algorithm and non-state.The close algorithm of state for example can be
SM2/SM3/SM4, rather than the close algorithm of state for example can be RSA/SHA/3DES.AES makes
Meet the requirement of PBOC3.0 specifications with mode.
Wherein, the second ciphertext for being obtained in step S1042 can be sent to ATM controller, then ATM
Controller can be sent to background system by network, and subsequent operation is carried out to PIN in order to background system
(for example, carrying out PIN comparisons).When the authentication succeeds, corresponding business can be provided the user;
And when the verification is not successful, then point out user to be input into PIN again, until being proved to be successful or limiting operation
Untill (such as limitation input PIN).
Additionally, can be sent to background system by network in the second ciphertext, script can discharge
USBKEY, makes USBKEY be in holding state.
In the method, before step S104, the method also includes:
S106, the USBKEY obtains the input number of times of the PIN in scheduled time slot;
S108, acquired input number of times is compared with threshold value;And
S110, the USBKEY determine whether to carry out ciphertext to first ciphertext according to comparative result
Conversion process.
By above-mentioned steps, the input condition of PIN can be judged, so it is true according to judged result
The fixed ciphertext conversion process for whether performing the first ciphertext.Thus, it is possible to ensure the safety of ciphertext conversion process
Property.
In the method, S110 includes:
S1100, in the case where acquired input number of times is less than the threshold value, it is determined that to described first
Ciphertext carries out ciphertext conversion process;
S1102, in the case where acquired input number of times is more than or equal to the threshold value, it is determined that not right
First ciphertext carries out ciphertext conversion process.
Wherein, the threshold value can be set according to actual conditions, and the present invention is defined not to this.
Acquired input number of times represents that the input of PIN is normal input less than the threshold value, and acquired defeated
Indegree represents that the input of PIN is input into (for example, invader is maliciously for abnormal more than or equal to the threshold value
Attack).
Thus, it is possible to the behaviour of ciphertext conversion is carried out in the case of preventing invader's malicious attack to ciphertext
Make, it is ensured that the security of ciphertext conversion.
In the method, the method also includes:
S112, it is described in the case of it is determined that not carrying out ciphertext conversion process to first ciphertext
USBKEY performs self-destruction operation.
Thus, once finding there is invader's malicious attack, USBKEY carries out self-destruction operation, from
And the relevant information in preventing invader from obtaining USBKEY.
In the method, S112 includes:
S1120, wipes the encryption and decryption relevant information in the USBKEY;
S1122, makes the USBKEY be in non-enabled state, i.e. to lose the USBKEY
Normal ability to work.
Thus, USBKEY has self-destroying function, the letter in can preventing invader from obtaining USBKEY
Breath or malice call USBKEY.
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to one embodiment of the present invention.
As shown in Fig. 2 the ciphertext converting system bag for ATM that one embodiment of the present invention is provided
ATM controller 20 and USBKEY 22 are included, wherein:The ATM controller 20 is used to receive the
One ciphertext, first ciphertext is using the close algorithm of non-state to the person identifier password that is input by Encryption Keyboard
PIN is obtained after being encrypted;The ATM controller 20 is used to be adjusted using the script in the ATM
With the USBKEY 22 being connected with the ATM;And the USBKEY 22 is used for described first
Ciphertext carries out ciphertext conversion process, and the ciphertext conversion process includes:Using the close algorithm of non-state to described
One ciphertext is decrypted and obtains in plain text;It is encrypted that to obtain second close to the plaintext using the close algorithm of state
Text.
Wherein, the USBKEY 22 can include the close algoritic module of the close algoritic module of state and non-state (figure
Not shown in), the non-close algoritic module of state is used to carry out first ciphertext using the close algorithm of non-state
Decryption is obtained in plain text, and the close algoritic module of state is used to be encrypted the plaintext using the close algorithm of state
To the second ciphertext.
In the case where the code keypad of ATM remains as the hardware encryption keyboard for supporting the non-close algorithm of state,
After user passes through input through keyboard person identifier password, by being deposited with chip form in code keypad
Cryptographic algorithm the person identifier password be encrypted obtain the first ciphertext, and by first ciphertext hair
ATM controller is given, ATM controller can utilize the script in ATM to call and ATM companies
The USBKEY for connecing, then USBKEY can be performed carries out ciphertext conversion process to first ciphertext.
Thus, the ciphertext conversion on the close algorithm of state can be just realized without changing Encryption Keyboard, reduces ciphertext
The cost of conversion.
Wherein, the second ciphertext for obtaining can be sent to ATM controller 20, then ATM controller 20
Can be sent to background system by network, in order to background system PIN is carried out subsequent operation (for example,
Carry out PIN comparisons).When the authentication succeeds, corresponding business can be provided the user;And work as and test
When demonstrate,proving unsuccessful, then user is pointed out to be input into PIN again, until being proved to be successful or limiting operation (for example
Limitation input PIN) untill.
Additionally, can be sent to background system by network in the second ciphertext, script can discharge
USBKEY, makes USBKEY be in holding state.
According to one embodiment of the present invention, before ciphertext conversion process is carried out to first ciphertext,
The USBKEY 22 is additionally operable to obtain the input number of times of the PIN in scheduled time slot, and will be acquired
Input number of times be compared with threshold value;And the USBKEY 22 be additionally operable to it is true according to comparative result
It is fixed whether ciphertext conversion process to be carried out to first ciphertext.
Thus, it is possible to judge the input condition of PIN, and then determined whether to hold according to judged result
The ciphertext conversion process of the ciphertext of row first.Thus, it is possible to ensure the security of ciphertext conversion process.
According to one embodiment of the present invention, it is right that the USBKEY 22 determines whether according to comparative result
First ciphertext carries out ciphertext conversion process to be included:
In the case where acquired input number of times is less than the threshold value, it is right that the USBKEY 22 determines
First ciphertext carries out ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, the USBKEY 22
It is determined that not carrying out ciphertext conversion process to first ciphertext.
Wherein, the threshold value can be set according to actual conditions, and the present invention is defined not to this.
Acquired input number of times represents that the input of PIN is normal input less than the threshold value, and acquired defeated
Indegree represents that the input of PIN is input into (for example, invader is maliciously for abnormal more than or equal to the threshold value
Attack).
Thus, it is possible to the behaviour of ciphertext conversion is carried out in the case of preventing invader's malicious attack to ciphertext
Make, it is ensured that the security of ciphertext conversion.
According to one embodiment of the present invention, it is determined that not carrying out ciphertext conversion process to first ciphertext
In the case of, the USBKEY 22 is additionally operable to perform self-destruction operation.
Thus, once finding there is invader's malicious attack, USBKEY carries out self-destruction operation, from
And the relevant information in preventing invader from obtaining USBKEY.
According to one embodiment of the present invention, the USBKEY 22 performs self-destruction operation to be included:
The USBKEY 22 wipes the encryption and decryption relevant information in the USBKEY 22, and makes institute
State USBKEY 22 and be in non-enabled state.
Thus, USBKEY 22 has self-destroying function, can prevent invader from obtaining USBKEY 22
In information or malice call USBKEY 22.Wherein, the execution of the self-destroying functions of USBKEY 22,
By including controller realize.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited
Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention
Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique described in above-mentioned specific embodiment is special
Levy, in the case of reconcilable, can be combined by any suitable means.In order to avoid need not
The repetition wanted, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its
Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.
Claims (10)
1. a kind of ciphertext conversion method for ATM, wherein, the method includes:
ATM controller receives the first ciphertext, and first ciphertext is using the close algorithm of non-state to by encryption
The person identifier password PIN of input through keyboard is obtained after being encrypted;
The ATM controller calls what is be connected with the ATM using the script in the ATM
USBKEY;And
The USBKEY carries out ciphertext conversion process, the ciphertext conversion process to first ciphertext
Including:
First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;
The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
2. method according to claim 1, wherein, turn ciphertext is being carried out to first ciphertext
Before changing treatment, the method also includes:
The USBKEY obtains the input number of times of the PIN in scheduled time slot, and will be acquired defeated
Indegree is compared with threshold value;And
The USBKEY determines whether to carry out at ciphertext conversion first ciphertext according to comparative result
Reason.
3. method according to claim 2, wherein, determined whether to described according to comparative result
First ciphertext carries out ciphertext conversion process to be included:
In the case where acquired input number of times is less than the threshold value, it is determined that being carried out to first ciphertext
Ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, it is determined that not to described first
Ciphertext carries out ciphertext conversion process.
4. method according to claim 3, wherein, the method also includes:
In the case of it is determined that not carrying out ciphertext conversion process to first ciphertext, the USBKEY
Perform self-destruction operation.
5. method according to claim 4, wherein, the execution self-destruction operation includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is in non-making
Can state.
6. a kind of ciphertext converting system for ATM, the system include ATM controller and
USBKEY, wherein:
The ATM controller is used to receive the first ciphertext, and first ciphertext utilizes the close algorithm pair of non-state
The person identifier password PIN being input into by Encryption Keyboard is obtained after being encrypted;
The ATM controller is used to call what is be connected with the ATM using the script in the ATM
USBKEY;And
The USBKEY is used to carry out first ciphertext ciphertext conversion process, the ciphertext conversion
Treatment includes:
First ciphertext is decrypted using the close algorithm of non-state is obtained in plain text;
The plaintext is encrypted using state's close algorithm obtains the second ciphertext.
7. system according to claim 6, wherein, turn ciphertext is being carried out to first ciphertext
Before changing treatment, the USBKEY is additionally operable to obtain the input number of times of the PIN in scheduled time slot,
And acquired input number of times is compared with threshold value;And the USBKEY be additionally operable to according to than
Relatively result determines whether to carry out ciphertext conversion process to first ciphertext.
8. system according to claim 7, wherein, the USBKEY is true according to comparative result
Whether carrying out ciphertext conversion process to first ciphertext calmly includes:
In the case where acquired input number of times is less than the threshold value, the USBKEY is determined to institute
Stating the first ciphertext carries out ciphertext conversion process;
In the case where acquired input number of times is more than or equal to the threshold value, the USBKEY is true
It is fixed ciphertext conversion process not to be carried out to first ciphertext.
9. system according to claim 8, wherein, it is determined that not carried out to first ciphertext
In the case of ciphertext conversion process, the USBKEY is additionally operable to perform self-destruction operation.
10. system according to claim 9, wherein, the USBKEY performs self-destruction operation
Including:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is in non-making
Can state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511009720.5A CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511009720.5A CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106936567A true CN106936567A (en) | 2017-07-07 |
CN106936567B CN106936567B (en) | 2019-09-17 |
Family
ID=59457620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511009720.5A Active CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106936567B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN102194063A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for secure management and use of key and certificate based on virtual machine technology |
CN103580870A (en) * | 2013-11-07 | 2014-02-12 | 李宾 | Mobile phone identity authentication terminal |
CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
-
2015
- 2015-12-29 CN CN201511009720.5A patent/CN106936567B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN102194063A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for secure management and use of key and certificate based on virtual machine technology |
CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
CN103580870A (en) * | 2013-11-07 | 2014-02-12 | 李宾 | Mobile phone identity authentication terminal |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN106936567B (en) | 2019-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10903986B2 (en) | Cryptographic key management for end-to-end communication security | |
US10742626B2 (en) | Method for key rotation | |
EP2950506A1 (en) | Method and system for establishing a secure communication channel | |
KR102325912B1 (en) | Holistic module authentication with a device | |
US20170237565A1 (en) | Method and apparatus for logging into medical devices | |
US10771455B2 (en) | System and method for enabling secure authentication | |
EP3337088B1 (en) | Data encryption method, decryption method, apparatus, and system | |
US9628460B2 (en) | Method of controlling access to an internet-based application | |
US9621348B2 (en) | System and method of secure text generation | |
US11714914B2 (en) | Secure storage of passwords | |
US9171140B2 (en) | System and method for unified passcode processing | |
CN106101064A (en) | Account login method and device | |
CN103905400A (en) | Service authentication method, apparatus and system | |
CN101990201B (en) | Method, system and device for generating general bootstrapping architecture (GBA) secret key | |
CN108156601A (en) | A kind of method and device of locking SIM card | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
CN104955029A (en) | Address book protection method, address book protection device and communication system | |
CN101895885A (en) | Method and system for protecting key file | |
CN106961417B (en) | Identity verification method based on ciphertext | |
CN106936567A (en) | For the ciphertext conversion method and system of ATM | |
CN105430022B (en) | A kind of data input control method and terminal device | |
CN108306881A (en) | A kind of auth method and device | |
WO2020246989A1 (en) | Cryptographic key management for end-to-end communication security | |
Sarga et al. | User-Side Password Authentication: A Study | |
Yevseiev et al. | Mathematical models of hybrid crypto-code constructions on damaged codes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |