CN106936567B - Ciphertext conversion method and system for ATM - Google Patents

Ciphertext conversion method and system for ATM Download PDF

Info

Publication number
CN106936567B
CN106936567B CN201511009720.5A CN201511009720A CN106936567B CN 106936567 B CN106936567 B CN 106936567B CN 201511009720 A CN201511009720 A CN 201511009720A CN 106936567 B CN106936567 B CN 106936567B
Authority
CN
China
Prior art keywords
ciphertext
usbkey
atm
conversion process
secret algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201511009720.5A
Other languages
Chinese (zh)
Other versions
CN106936567A (en
Inventor
王永宝
田心
华刚
陈怡博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201511009720.5A priority Critical patent/CN106936567B/en
Publication of CN106936567A publication Critical patent/CN106936567A/en
Application granted granted Critical
Publication of CN106936567B publication Critical patent/CN106936567B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the communications fields, disclose a kind of ciphertext conversion method and system for ATM.Wherein, this method comprises: ATM controller receives the first ciphertext, first ciphertext is obtained after being encrypted using non-national secret algorithm to the person identifier password PIN inputted by Encryption Keyboard;ATM controller calls the USBKEY connecting with the ATM using the script in the ATM;And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes: to be decrypted to obtain in plain text to first ciphertext using non-national secret algorithm;The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.By using the above-mentioned method and system of the present invention, no replacement is required, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm.

Description

Ciphertext conversion method and system for ATM
Technical field
The present invention relates to the communications fields, and in particular, to a kind of ciphertext conversion method and system for ATM.
Background technique
With the publication that PBOC3.0 is standardized, the national secret algorithm (for example, SM2/SM3/SM4) of financial system is transformed also In progress, but the transformation of the national secret algorithm of ATM machine is but made slow progress due to the high of hardware replacement cost.
Specifically, it is desirable to which the transformation for carrying out ATM machine national secret algorithm (turns that is, can be realized about the ciphertext of national secret algorithm Change), what is stood in the breach is the national secret algorithm transformation of code keyboard.However, existing code keyboard is to support non-national secret algorithm (example Such as, RSA/SHA/3DES) hardware encryption keyboard, cryptographic algorithm is present within code keyboard with chip form.Currently, in gold Melt the hardware encryption keyboard that system uses, is all to obtain external relevant certification, to obtain at home and support national secret algorithm The related hardware of hardware encryption keyboard authenticates, and long period, expense are high, obtains code keyboard replacement and one for existing The no small expense of pen.Therefore a kind of ciphertext turn that can be realized in the case where being changed without Encryption Keyboard about national secret algorithm is needed The method changed.
Summary of the invention
The object of the present invention is to provide a kind of ciphertext conversion methods and system for ATM, to solve the above-mentioned prior art The problems in.
To achieve the goals above, the present invention provides a kind of ciphertext conversion method for ATM, wherein this method comprises: ATM controller receives the first ciphertext, and first ciphertext is using non-national secret algorithm to the person identifier inputted by Encryption Keyboard Password PIN is obtained after being encrypted;ATM controller calls the USBKEY connecting with the ATM using the script in the ATM; And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes: close using non-state Algorithm is decrypted to obtain in plain text to first ciphertext;The plaintext is encrypted to obtain second using national secret algorithm close Text.
The present invention also provides a kind of ciphertext converting system for ATM, which includes ATM controller and USBKEY, In: the ATM controller is inputted using non-national secret algorithm to by Encryption Keyboard for receiving the first ciphertext, first ciphertext Person identifier password PIN encrypted after obtain;The ATM controller is used to utilize script calling and institute in the ATM State the USBKEY of ATM connection;And the USBKEY is used to carry out first ciphertext ciphertext conversion process, the ciphertext turns Changing processing includes: to be decrypted to obtain in plain text to first ciphertext using non-national secret algorithm;Using national secret algorithm to being stated clearly Text is encrypted to obtain the second ciphertext.
Through the above technical solutions, the code keyboard in ATM remains as and supports the hardware encryption keyboard of non-national secret algorithm In the case of, after user has input person identifier password by the keyboard, code keyboard can carry out the person identifier password Encryption obtains the first ciphertext, and first ciphertext is sent to ATM controller, and ATM controller can use the script tune in ATM With the USBKEY connecting with the ATM, then USBKEY, which can be executed, carries out ciphertext conversion process to first ciphertext.By This, no replacement is required, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce the cost of ciphertext conversion.
Other features and advantages of the present invention will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
The drawings are intended to provide a further understanding of the invention, and constitutes part of specification, with following tool Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to an embodiment of the present invention;And
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to an embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing, detailed description of the preferred embodiments.It should be understood that this place is retouched The specific embodiment stated is merely to illustrate and explain the present invention, and is not intended to restrict the invention.
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to an embodiment of the present invention.
As shown in Figure 1, the ciphertext conversion method for ATM that one embodiment of the present invention provides includes:
S100, ATM controller receive the first ciphertext, and first ciphertext is using non-national secret algorithm to defeated by Encryption Keyboard The person identifier password PIN entered is obtained after being encrypted;
S102, the ATM controller call the USBKEY connecting with the ATM using the script in the ATM;And
S104, the USBKEY carry out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
S1040 is decrypted to obtain in plain text using non-national secret algorithm to first ciphertext;
S1042 encrypts the plaintext using national secret algorithm to obtain the second ciphertext.
In the case where the code keyboard of ATM remains as the hardware encryption keyboard for supporting non-national secret algorithm, when user passes through After the keyboard has input person identifier password, by being marked with cryptographic algorithm existing for chip form to the individual in code keyboard Know password to be encrypted to obtain the first ciphertext, and first ciphertext is sent to ATM controller, ATM controller can use ATM In script call the USBKEY that connect with the ATM, then USBKEY can be executed to first ciphertext progress ciphertext turn Change processing.No replacement is required as a result, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce ciphertext conversion Cost.
Wherein, it is stored with national secret algorithm and non-national secret algorithm in the USBKEY, thus the processing energy with national secret algorithm The processing capacity of power and non-national secret algorithm.The national secret algorithm can be for example SM2/SM3/SM4, rather than national secret algorithm for example may be used Think RSA/SHA/3DES.The usage mode of Encryption Algorithm meets the requirement of PBOC3.0 specification.
Wherein, the second ciphertext obtained in step S1042 can be sent to ATM controller, and then ATM controller can pass through Network is sent to background system, in order to which background system carries out subsequent operation (for example, carrying out PIN comparison) to PIN.When testing When demonstrate,proving successfully, corresponding business can be provided for user;And when the verification is not successful, then prompt user to input PIN again, until Until being proved to be successful or limiting operation (such as limitation input PIN).
In addition, script can discharge USBKEY after the second ciphertext can be sent to background system by network, make USBKEY is in standby.
In the method, before step S104, this method further include:
S106, the USBKEY obtain the input number of the PIN in predetermined period;
Acquired input number is compared by S108 with threshold value;And
S110, the USBKEY determine whether to carry out ciphertext conversion process to first ciphertext according to comparison result.
Through the above steps, the input condition of PIN can be judged, and then determines whether to execute according to judging result The ciphertext conversion process of first ciphertext.Thus, it is possible to ensure the safety of ciphertext conversion process.
In the method, S110 includes:
S1100 is determined close to first ciphertext progress in the case where acquired input number is less than the threshold value Literary conversion process;
S1102, in the case where acquired input number is greater than or equal to the threshold value, determination is not close to described first Text carries out ciphertext conversion process.
Wherein, the threshold value can be set according to the actual situation, and the present invention is defined not to this.Acquired is defeated Indegree, which is less than the threshold value, indicates that the input of PIN is normal input, and acquired input number is greater than or equal to the threshold Value indicates that the input of PIN is abnormal input (for example, invader's malicious attack).
Thus, it is possible to which the operation of ciphertext conversion is carried out in the case where preventing invader's malicious attack to ciphertext, it is ensured that The safety of ciphertext conversion.
In the method, this method further include:
S112, in the case where determining not to first ciphertext progress ciphertext conversion process, the USBKEY is executed certainly Ruin operation.
As a result, once discovery is there are invader's malicious attack, USBKEY carries out self-destruction operation, to prevent invader Obtain the relevant information in USBKEY.
In the method, S112 includes:
S1120 wipes the encryption and decryption relevant information in the USBKEY;
S1122 makes the USBKEY be in non-enabled state, that is, the USBKEY is made to lose normal ability to work.
USBKEY has self-destroying function as a result, can prevent invader from obtaining the information in USBKEY or malice calling USBKEY。
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to an embodiment of the present invention.
As shown in Fig. 2, the ciphertext converting system for ATM that one embodiment of the present invention provides includes ATM controller 20 and USBKEY 22, in which: the ATM controller 20 utilizes non-national secret algorithm for receiving the first ciphertext, first ciphertext It is obtained after being encrypted to the person identifier password PIN inputted by Encryption Keyboard;The ATM controller 20 is for described in utilization Script in ATM calls the USBKEY 22 connecting with the ATM;And the USBKEY 22 be used for first ciphertext into Row ciphertext conversion process, the ciphertext conversion process include: to be decrypted to obtain to first ciphertext using non-national secret algorithm In plain text;The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
Wherein, the USBKEY 22 may include national secret algorithm module and non-national secret algorithm module (not shown), The non-national secret algorithm module is used to be decrypted to obtain the close calculation of state in plain text to first ciphertext using non-national secret algorithm Method module is for encrypting the plaintext using national secret algorithm to obtain the second ciphertext.
In the case where the code keyboard of ATM remains as the hardware encryption keyboard for supporting non-national secret algorithm, when user passes through After the keyboard has input person identifier password, by being marked with cryptographic algorithm existing for chip form to the individual in code keyboard Know password to be encrypted to obtain the first ciphertext, and first ciphertext is sent to ATM controller, ATM controller can use ATM In script call the USBKEY that connect with the ATM, then USBKEY can be executed to first ciphertext progress ciphertext turn Change processing.No replacement is required as a result, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce ciphertext conversion Cost.
Wherein, the second ciphertext obtained can be sent to ATM controller 20, and then ATM controller 20 can be sent out by network It send to background system, in order to which background system carries out subsequent operation (for example, carrying out PIN comparison) to PIN.When being proved to be successful When, corresponding business can be provided for user;And when the verification is not successful, then prompt user to input PIN again, until verifying at Until function or limitation operation (such as limitation input PIN).
In addition, script can discharge USBKEY after the second ciphertext can be sent to background system by network, make USBKEY is in standby.
According to an embodiment of the present invention, described before carrying out ciphertext conversion process to first ciphertext USBKEY 22 is also used to obtain the input number of the PIN in predetermined period, and acquired input number and threshold value are carried out Compare;And the USBKEY 22 is also used to be determined whether according to comparison result to carry out at ciphertext conversion first ciphertext Reason.
Thus, it is possible to which the input condition to PIN judges, and then determined whether to execute the first ciphertext according to judging result Ciphertext conversion process.Thus, it is possible to ensure the safety of ciphertext conversion process.
According to an embodiment of the present invention, the USBKEY 22 determines whether close to described first according to comparison result Text carries out ciphertext conversion process
In the case where acquired input number is less than the threshold value, the determination of USBKEY 22 is close to described first Text carries out ciphertext conversion process;
In the case where acquired input number is greater than or equal to the threshold value, the USBKEY 22 is determined not to institute It states the first ciphertext and carries out ciphertext conversion process.
Wherein, the threshold value can be set according to the actual situation, and the present invention is defined not to this.Acquired is defeated Indegree, which is less than the threshold value, indicates that the input of PIN is normal input, and acquired input number is greater than or equal to the threshold Value indicates that the input of PIN is abnormal input (for example, invader's malicious attack).
Thus, it is possible to which the operation of ciphertext conversion is carried out in the case where preventing invader's malicious attack to ciphertext, it is ensured that The safety of ciphertext conversion.
According to an embodiment of the present invention, the case where ciphertext conversion process not being carried out to first ciphertext is being determined Under, the USBKEY 22 is also used to execute self-destruction operation.
As a result, once discovery is there are invader's malicious attack, USBKEY carries out self-destruction operation, to prevent invader Obtain the relevant information in USBKEY.
According to an embodiment of the present invention, the USBKEY 22, which executes self-destruction and operates, includes:
The USBKEY 22 wipes the encryption and decryption relevant information in the USBKEY 22, and makes at the USBKEY 22 In non-enabled state.
USBKEY 22 has self-destroying function as a result, can prevent invader from obtaining information or evil in USBKEY 22 Meaning calls USBKEY 22.Wherein, the execution of 22 self-destroying function of USBKEY, by including controller realize.
It is described the prefered embodiments of the present invention in detail above in conjunction with attached drawing, still, the present invention is not limited to above-mentioned realities The detail in mode is applied, within the scope of the technical concept of the present invention, a variety of letters can be carried out to technical solution of the present invention Monotropic type, these simple variants all belong to the scope of protection of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the present invention to it is various can No further explanation will be given for the combination of energy.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally The thought of invention, it should also be regarded as the disclosure of the present invention.

Claims (8)

1. a kind of ciphertext conversion method for ATM, wherein this method comprises:
ATM controller receives the first ciphertext, and first ciphertext is using non-national secret algorithm to the individual inputted by Encryption Keyboard Id password PIN is obtained after being encrypted;
The ATM controller calls the USBKEY connecting with the ATM using the script in the ATM;
The USBKEY obtains the input number of the PIN in predetermined period, and acquired input number and threshold value are carried out Compare;
The USBKEY determines whether to carry out ciphertext conversion process to first ciphertext according to comparison result;And
The USBKEY carries out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
First ciphertext is decrypted to obtain in plain text using non-national secret algorithm;
The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
2. according to the method described in claim 1, wherein, being determined whether to carry out ciphertext to first ciphertext according to comparison result Conversion process includes:
In the case where acquired input number is less than the threshold value, determines and first ciphertext is carried out at ciphertext conversion Reason;
In the case where acquired input number is greater than or equal to the threshold value, determines and ciphertext is not carried out to first ciphertext Conversion process.
3. according to the method described in claim 2, wherein, this method further include:
In the case where determining not to first ciphertext progress ciphertext conversion process, the USBKEY executes self-destruction operation.
4. according to the method described in claim 3, wherein, the execution self-destruction operation includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is made to be in non-enabled state.
5. a kind of ciphertext converting system for ATM, which includes ATM controller and USBKEY, in which:
The ATM controller is for receiving the first ciphertext, and first ciphertext is using non-national secret algorithm to defeated by Encryption Keyboard The person identifier password PIN entered is obtained after being encrypted;
The ATM controller is used to call the USBKEY connecting with the ATM using the script in the ATM;
The USBKEY is also used to obtain the input number of the PIN in predetermined period, and by acquired input number and threshold Value is compared;
The USBKEY is also used to be determined whether according to comparison result to carry out ciphertext conversion process to first ciphertext;And
The USBKEY is used to carry out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
First ciphertext is decrypted to obtain in plain text using non-national secret algorithm;
The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
6. system according to claim 5, wherein the USBKEY determines whether close to described first according to comparison result Text carries out ciphertext conversion process
In the case where acquired input number is less than the threshold value, the USBKEY determines close to first ciphertext progress Literary conversion process;
In the case where acquired input number is greater than or equal to the threshold value, the USBKEY determination is not close to described first Text carries out ciphertext conversion process.
7. system according to claim 6, wherein determining the feelings for not carrying out ciphertext conversion process to first ciphertext Under condition, the USBKEY is also used to execute self-destruction operation.
8. system according to claim 7, wherein the USBKEY executes self-destruction operation and includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is made to be in non-enabled state.
CN201511009720.5A 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM Active CN106936567B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511009720.5A CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511009720.5A CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Publications (2)

Publication Number Publication Date
CN106936567A CN106936567A (en) 2017-07-07
CN106936567B true CN106936567B (en) 2019-09-17

Family

ID=59457620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511009720.5A Active CN106936567B (en) 2015-12-29 2015-12-29 Ciphertext conversion method and system for ATM

Country Status (1)

Country Link
CN (1) CN106936567B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102194063A (en) * 2010-03-12 2011-09-21 北京路模思科技有限公司 Method and system for secure management and use of key and certificate based on virtual machine technology
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN103595532A (en) * 2013-10-21 2014-02-19 上海动联信息技术股份有限公司 Multi-functional composite password key based on USBKEY and OTP technology
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591A (en) * 2007-01-31 2008-08-06 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102194063A (en) * 2010-03-12 2011-09-21 北京路模思科技有限公司 Method and system for secure management and use of key and certificate based on virtual machine technology
CN103595532A (en) * 2013-10-21 2014-02-19 上海动联信息技术股份有限公司 Multi-functional composite password key based on USBKEY and OTP technology
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm

Also Published As

Publication number Publication date
CN106936567A (en) 2017-07-07

Similar Documents

Publication Publication Date Title
US10742626B2 (en) Method for key rotation
US9935773B2 (en) Trusted platform module certification and attestation utilizing an anonymous key system
US10516536B2 (en) Method and apparatus for logging into medical devices
EP2204008B1 (en) Credential provisioning
US20150310427A1 (en) Method, apparatus, and system for generating transaction-signing one-time password
KR102458922B1 (en) Device System performing group authentication and Operating Method thereof
GB2454792A (en) Controlling user access to multiple domains on a terminal using a removable storage means
CN102938032A (en) Method and system for encrypting and decrypting application program on communication terminal as well as terminal
CN104484596A (en) Method and terminal for creating password in multi-operation system
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
CN102667800A (en) Method for securely interacting with a security element
CN109041021A (en) A kind of document transmission method based on bluetooth, terminal device and storage medium
CA2869810A1 (en) Electronic cipher generation method, apparatus and device, and electronic cipher authentication system
CN101895885B (en) Method and system for protecting key file
WO2010128451A2 (en) Methods of robust multi-factor authentication and authorization and systems thereof
CN101132649A (en) Network access authentication method and its USIM card
CN105281915B (en) A kind of method that code keyboard generates ciphertext
CN106936567B (en) Ciphertext conversion method and system for ATM
Kassim et al. Procurepass: A user authentication protocol to resist password stealing and password reuse attack
CN111064736A (en) Data transmission method and equipment
CN105335673A (en) Information safety processing method and device
GB2523430A (en) Method & system for enabling authenticated operation of a data processing device
CN110505059B (en) Direct key generation method and device for point-to-point communication of PC5 interface
Kim et al. A secure channel establishment method on a hardware security module
KR101296402B1 (en) Registration method for mobile otp device using encrypted seed

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant