CN106936567B - Ciphertext conversion method and system for ATM - Google Patents
Ciphertext conversion method and system for ATM Download PDFInfo
- Publication number
- CN106936567B CN106936567B CN201511009720.5A CN201511009720A CN106936567B CN 106936567 B CN106936567 B CN 106936567B CN 201511009720 A CN201511009720 A CN 201511009720A CN 106936567 B CN106936567 B CN 106936567B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- usbkey
- atm
- conversion process
- secret algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the communications fields, disclose a kind of ciphertext conversion method and system for ATM.Wherein, this method comprises: ATM controller receives the first ciphertext, first ciphertext is obtained after being encrypted using non-national secret algorithm to the person identifier password PIN inputted by Encryption Keyboard;ATM controller calls the USBKEY connecting with the ATM using the script in the ATM;And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes: to be decrypted to obtain in plain text to first ciphertext using non-national secret algorithm;The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.By using the above-mentioned method and system of the present invention, no replacement is required, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm.
Description
Technical field
The present invention relates to the communications fields, and in particular, to a kind of ciphertext conversion method and system for ATM.
Background technique
With the publication that PBOC3.0 is standardized, the national secret algorithm (for example, SM2/SM3/SM4) of financial system is transformed also
In progress, but the transformation of the national secret algorithm of ATM machine is but made slow progress due to the high of hardware replacement cost.
Specifically, it is desirable to which the transformation for carrying out ATM machine national secret algorithm (turns that is, can be realized about the ciphertext of national secret algorithm
Change), what is stood in the breach is the national secret algorithm transformation of code keyboard.However, existing code keyboard is to support non-national secret algorithm (example
Such as, RSA/SHA/3DES) hardware encryption keyboard, cryptographic algorithm is present within code keyboard with chip form.Currently, in gold
Melt the hardware encryption keyboard that system uses, is all to obtain external relevant certification, to obtain at home and support national secret algorithm
The related hardware of hardware encryption keyboard authenticates, and long period, expense are high, obtains code keyboard replacement and one for existing
The no small expense of pen.Therefore a kind of ciphertext turn that can be realized in the case where being changed without Encryption Keyboard about national secret algorithm is needed
The method changed.
Summary of the invention
The object of the present invention is to provide a kind of ciphertext conversion methods and system for ATM, to solve the above-mentioned prior art
The problems in.
To achieve the goals above, the present invention provides a kind of ciphertext conversion method for ATM, wherein this method comprises:
ATM controller receives the first ciphertext, and first ciphertext is using non-national secret algorithm to the person identifier inputted by Encryption Keyboard
Password PIN is obtained after being encrypted;ATM controller calls the USBKEY connecting with the ATM using the script in the ATM;
And the USBKEY carries out ciphertext conversion process to first ciphertext, the ciphertext conversion process includes: close using non-state
Algorithm is decrypted to obtain in plain text to first ciphertext;The plaintext is encrypted to obtain second using national secret algorithm close
Text.
The present invention also provides a kind of ciphertext converting system for ATM, which includes ATM controller and USBKEY,
In: the ATM controller is inputted using non-national secret algorithm to by Encryption Keyboard for receiving the first ciphertext, first ciphertext
Person identifier password PIN encrypted after obtain;The ATM controller is used to utilize script calling and institute in the ATM
State the USBKEY of ATM connection;And the USBKEY is used to carry out first ciphertext ciphertext conversion process, the ciphertext turns
Changing processing includes: to be decrypted to obtain in plain text to first ciphertext using non-national secret algorithm;Using national secret algorithm to being stated clearly
Text is encrypted to obtain the second ciphertext.
Through the above technical solutions, the code keyboard in ATM remains as and supports the hardware encryption keyboard of non-national secret algorithm
In the case of, after user has input person identifier password by the keyboard, code keyboard can carry out the person identifier password
Encryption obtains the first ciphertext, and first ciphertext is sent to ATM controller, and ATM controller can use the script tune in ATM
With the USBKEY connecting with the ATM, then USBKEY, which can be executed, carries out ciphertext conversion process to first ciphertext.By
This, no replacement is required, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce the cost of ciphertext conversion.
Other features and advantages of the present invention will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
The drawings are intended to provide a further understanding of the invention, and constitutes part of specification, with following tool
Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to an embodiment of the present invention;And
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to an embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing, detailed description of the preferred embodiments.It should be understood that this place is retouched
The specific embodiment stated is merely to illustrate and explain the present invention, and is not intended to restrict the invention.
Fig. 1 is the flow chart of the ciphertext conversion method for ATM according to an embodiment of the present invention.
As shown in Figure 1, the ciphertext conversion method for ATM that one embodiment of the present invention provides includes:
S100, ATM controller receive the first ciphertext, and first ciphertext is using non-national secret algorithm to defeated by Encryption Keyboard
The person identifier password PIN entered is obtained after being encrypted;
S102, the ATM controller call the USBKEY connecting with the ATM using the script in the ATM;And
S104, the USBKEY carry out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
S1040 is decrypted to obtain in plain text using non-national secret algorithm to first ciphertext;
S1042 encrypts the plaintext using national secret algorithm to obtain the second ciphertext.
In the case where the code keyboard of ATM remains as the hardware encryption keyboard for supporting non-national secret algorithm, when user passes through
After the keyboard has input person identifier password, by being marked with cryptographic algorithm existing for chip form to the individual in code keyboard
Know password to be encrypted to obtain the first ciphertext, and first ciphertext is sent to ATM controller, ATM controller can use ATM
In script call the USBKEY that connect with the ATM, then USBKEY can be executed to first ciphertext progress ciphertext turn
Change processing.No replacement is required as a result, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce ciphertext conversion
Cost.
Wherein, it is stored with national secret algorithm and non-national secret algorithm in the USBKEY, thus the processing energy with national secret algorithm
The processing capacity of power and non-national secret algorithm.The national secret algorithm can be for example SM2/SM3/SM4, rather than national secret algorithm for example may be used
Think RSA/SHA/3DES.The usage mode of Encryption Algorithm meets the requirement of PBOC3.0 specification.
Wherein, the second ciphertext obtained in step S1042 can be sent to ATM controller, and then ATM controller can pass through
Network is sent to background system, in order to which background system carries out subsequent operation (for example, carrying out PIN comparison) to PIN.When testing
When demonstrate,proving successfully, corresponding business can be provided for user;And when the verification is not successful, then prompt user to input PIN again, until
Until being proved to be successful or limiting operation (such as limitation input PIN).
In addition, script can discharge USBKEY after the second ciphertext can be sent to background system by network, make
USBKEY is in standby.
In the method, before step S104, this method further include:
S106, the USBKEY obtain the input number of the PIN in predetermined period;
Acquired input number is compared by S108 with threshold value;And
S110, the USBKEY determine whether to carry out ciphertext conversion process to first ciphertext according to comparison result.
Through the above steps, the input condition of PIN can be judged, and then determines whether to execute according to judging result
The ciphertext conversion process of first ciphertext.Thus, it is possible to ensure the safety of ciphertext conversion process.
In the method, S110 includes:
S1100 is determined close to first ciphertext progress in the case where acquired input number is less than the threshold value
Literary conversion process;
S1102, in the case where acquired input number is greater than or equal to the threshold value, determination is not close to described first
Text carries out ciphertext conversion process.
Wherein, the threshold value can be set according to the actual situation, and the present invention is defined not to this.Acquired is defeated
Indegree, which is less than the threshold value, indicates that the input of PIN is normal input, and acquired input number is greater than or equal to the threshold
Value indicates that the input of PIN is abnormal input (for example, invader's malicious attack).
Thus, it is possible to which the operation of ciphertext conversion is carried out in the case where preventing invader's malicious attack to ciphertext, it is ensured that
The safety of ciphertext conversion.
In the method, this method further include:
S112, in the case where determining not to first ciphertext progress ciphertext conversion process, the USBKEY is executed certainly
Ruin operation.
As a result, once discovery is there are invader's malicious attack, USBKEY carries out self-destruction operation, to prevent invader
Obtain the relevant information in USBKEY.
In the method, S112 includes:
S1120 wipes the encryption and decryption relevant information in the USBKEY;
S1122 makes the USBKEY be in non-enabled state, that is, the USBKEY is made to lose normal ability to work.
USBKEY has self-destroying function as a result, can prevent invader from obtaining the information in USBKEY or malice calling
USBKEY。
Fig. 2 is the block diagram of the ciphertext converting system for ATM according to an embodiment of the present invention.
As shown in Fig. 2, the ciphertext converting system for ATM that one embodiment of the present invention provides includes ATM controller
20 and USBKEY 22, in which: the ATM controller 20 utilizes non-national secret algorithm for receiving the first ciphertext, first ciphertext
It is obtained after being encrypted to the person identifier password PIN inputted by Encryption Keyboard;The ATM controller 20 is for described in utilization
Script in ATM calls the USBKEY 22 connecting with the ATM;And the USBKEY 22 be used for first ciphertext into
Row ciphertext conversion process, the ciphertext conversion process include: to be decrypted to obtain to first ciphertext using non-national secret algorithm
In plain text;The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
Wherein, the USBKEY 22 may include national secret algorithm module and non-national secret algorithm module (not shown),
The non-national secret algorithm module is used to be decrypted to obtain the close calculation of state in plain text to first ciphertext using non-national secret algorithm
Method module is for encrypting the plaintext using national secret algorithm to obtain the second ciphertext.
In the case where the code keyboard of ATM remains as the hardware encryption keyboard for supporting non-national secret algorithm, when user passes through
After the keyboard has input person identifier password, by being marked with cryptographic algorithm existing for chip form to the individual in code keyboard
Know password to be encrypted to obtain the first ciphertext, and first ciphertext is sent to ATM controller, ATM controller can use ATM
In script call the USBKEY that connect with the ATM, then USBKEY can be executed to first ciphertext progress ciphertext turn
Change processing.No replacement is required as a result, and Encryption Keyboard can realize the ciphertext conversion about national secret algorithm, reduce ciphertext conversion
Cost.
Wherein, the second ciphertext obtained can be sent to ATM controller 20, and then ATM controller 20 can be sent out by network
It send to background system, in order to which background system carries out subsequent operation (for example, carrying out PIN comparison) to PIN.When being proved to be successful
When, corresponding business can be provided for user;And when the verification is not successful, then prompt user to input PIN again, until verifying at
Until function or limitation operation (such as limitation input PIN).
In addition, script can discharge USBKEY after the second ciphertext can be sent to background system by network, make
USBKEY is in standby.
According to an embodiment of the present invention, described before carrying out ciphertext conversion process to first ciphertext
USBKEY 22 is also used to obtain the input number of the PIN in predetermined period, and acquired input number and threshold value are carried out
Compare;And the USBKEY 22 is also used to be determined whether according to comparison result to carry out at ciphertext conversion first ciphertext
Reason.
Thus, it is possible to which the input condition to PIN judges, and then determined whether to execute the first ciphertext according to judging result
Ciphertext conversion process.Thus, it is possible to ensure the safety of ciphertext conversion process.
According to an embodiment of the present invention, the USBKEY 22 determines whether close to described first according to comparison result
Text carries out ciphertext conversion process
In the case where acquired input number is less than the threshold value, the determination of USBKEY 22 is close to described first
Text carries out ciphertext conversion process;
In the case where acquired input number is greater than or equal to the threshold value, the USBKEY 22 is determined not to institute
It states the first ciphertext and carries out ciphertext conversion process.
Wherein, the threshold value can be set according to the actual situation, and the present invention is defined not to this.Acquired is defeated
Indegree, which is less than the threshold value, indicates that the input of PIN is normal input, and acquired input number is greater than or equal to the threshold
Value indicates that the input of PIN is abnormal input (for example, invader's malicious attack).
Thus, it is possible to which the operation of ciphertext conversion is carried out in the case where preventing invader's malicious attack to ciphertext, it is ensured that
The safety of ciphertext conversion.
According to an embodiment of the present invention, the case where ciphertext conversion process not being carried out to first ciphertext is being determined
Under, the USBKEY 22 is also used to execute self-destruction operation.
As a result, once discovery is there are invader's malicious attack, USBKEY carries out self-destruction operation, to prevent invader
Obtain the relevant information in USBKEY.
According to an embodiment of the present invention, the USBKEY 22, which executes self-destruction and operates, includes:
The USBKEY 22 wipes the encryption and decryption relevant information in the USBKEY 22, and makes at the USBKEY 22
In non-enabled state.
USBKEY 22 has self-destroying function as a result, can prevent invader from obtaining information or evil in USBKEY 22
Meaning calls USBKEY 22.Wherein, the execution of 22 self-destroying function of USBKEY, by including controller realize.
It is described the prefered embodiments of the present invention in detail above in conjunction with attached drawing, still, the present invention is not limited to above-mentioned realities
The detail in mode is applied, within the scope of the technical concept of the present invention, a variety of letters can be carried out to technical solution of the present invention
Monotropic type, these simple variants all belong to the scope of protection of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the present invention to it is various can
No further explanation will be given for the combination of energy.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally
The thought of invention, it should also be regarded as the disclosure of the present invention.
Claims (8)
1. a kind of ciphertext conversion method for ATM, wherein this method comprises:
ATM controller receives the first ciphertext, and first ciphertext is using non-national secret algorithm to the individual inputted by Encryption Keyboard
Id password PIN is obtained after being encrypted;
The ATM controller calls the USBKEY connecting with the ATM using the script in the ATM;
The USBKEY obtains the input number of the PIN in predetermined period, and acquired input number and threshold value are carried out
Compare;
The USBKEY determines whether to carry out ciphertext conversion process to first ciphertext according to comparison result;And
The USBKEY carries out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
First ciphertext is decrypted to obtain in plain text using non-national secret algorithm;
The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
2. according to the method described in claim 1, wherein, being determined whether to carry out ciphertext to first ciphertext according to comparison result
Conversion process includes:
In the case where acquired input number is less than the threshold value, determines and first ciphertext is carried out at ciphertext conversion
Reason;
In the case where acquired input number is greater than or equal to the threshold value, determines and ciphertext is not carried out to first ciphertext
Conversion process.
3. according to the method described in claim 2, wherein, this method further include:
In the case where determining not to first ciphertext progress ciphertext conversion process, the USBKEY executes self-destruction operation.
4. according to the method described in claim 3, wherein, the execution self-destruction operation includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is made to be in non-enabled state.
5. a kind of ciphertext converting system for ATM, which includes ATM controller and USBKEY, in which:
The ATM controller is for receiving the first ciphertext, and first ciphertext is using non-national secret algorithm to defeated by Encryption Keyboard
The person identifier password PIN entered is obtained after being encrypted;
The ATM controller is used to call the USBKEY connecting with the ATM using the script in the ATM;
The USBKEY is also used to obtain the input number of the PIN in predetermined period, and by acquired input number and threshold
Value is compared;
The USBKEY is also used to be determined whether according to comparison result to carry out ciphertext conversion process to first ciphertext;And
The USBKEY is used to carry out ciphertext conversion process to first ciphertext, and the ciphertext conversion process includes:
First ciphertext is decrypted to obtain in plain text using non-national secret algorithm;
The plaintext is encrypted using national secret algorithm to obtain the second ciphertext.
6. system according to claim 5, wherein the USBKEY determines whether close to described first according to comparison result
Text carries out ciphertext conversion process
In the case where acquired input number is less than the threshold value, the USBKEY determines close to first ciphertext progress
Literary conversion process;
In the case where acquired input number is greater than or equal to the threshold value, the USBKEY determination is not close to described first
Text carries out ciphertext conversion process.
7. system according to claim 6, wherein determining the feelings for not carrying out ciphertext conversion process to first ciphertext
Under condition, the USBKEY is also used to execute self-destruction operation.
8. system according to claim 7, wherein the USBKEY executes self-destruction operation and includes:
The encryption and decryption relevant information in the USBKEY is wiped, and the USBKEY is made to be in non-enabled state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511009720.5A CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511009720.5A CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106936567A CN106936567A (en) | 2017-07-07 |
CN106936567B true CN106936567B (en) | 2019-09-17 |
Family
ID=59457620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511009720.5A Active CN106936567B (en) | 2015-12-29 | 2015-12-29 | Ciphertext conversion method and system for ATM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106936567B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN102194063A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for secure management and use of key and certificate based on virtual machine technology |
CN103580870A (en) * | 2013-11-07 | 2014-02-12 | 李宾 | Mobile phone identity authentication terminal |
CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
-
2015
- 2015-12-29 CN CN201511009720.5A patent/CN106936567B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN102194063A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for secure management and use of key and certificate based on virtual machine technology |
CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
CN103580870A (en) * | 2013-11-07 | 2014-02-12 | 李宾 | Mobile phone identity authentication terminal |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN106936567A (en) | 2017-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10742626B2 (en) | Method for key rotation | |
US9935773B2 (en) | Trusted platform module certification and attestation utilizing an anonymous key system | |
US10516536B2 (en) | Method and apparatus for logging into medical devices | |
EP2204008B1 (en) | Credential provisioning | |
US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
KR102458922B1 (en) | Device System performing group authentication and Operating Method thereof | |
GB2454792A (en) | Controlling user access to multiple domains on a terminal using a removable storage means | |
CN102938032A (en) | Method and system for encrypting and decrypting application program on communication terminal as well as terminal | |
CN104484596A (en) | Method and terminal for creating password in multi-operation system | |
US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
CN102667800A (en) | Method for securely interacting with a security element | |
CN109041021A (en) | A kind of document transmission method based on bluetooth, terminal device and storage medium | |
CA2869810A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
CN101895885B (en) | Method and system for protecting key file | |
WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
CN101132649A (en) | Network access authentication method and its USIM card | |
CN105281915B (en) | A kind of method that code keyboard generates ciphertext | |
CN106936567B (en) | Ciphertext conversion method and system for ATM | |
Kassim et al. | Procurepass: A user authentication protocol to resist password stealing and password reuse attack | |
CN111064736A (en) | Data transmission method and equipment | |
CN105335673A (en) | Information safety processing method and device | |
GB2523430A (en) | Method & system for enabling authenticated operation of a data processing device | |
CN110505059B (en) | Direct key generation method and device for point-to-point communication of PC5 interface | |
Kim et al. | A secure channel establishment method on a hardware security module | |
KR101296402B1 (en) | Registration method for mobile otp device using encrypted seed |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |