CN108718317A - A kind of method and device of personal identification number protection - Google Patents

A kind of method and device of personal identification number protection Download PDF

Info

Publication number
CN108718317A
CN108718317A CN201810602906.9A CN201810602906A CN108718317A CN 108718317 A CN108718317 A CN 108718317A CN 201810602906 A CN201810602906 A CN 201810602906A CN 108718317 A CN108718317 A CN 108718317A
Authority
CN
China
Prior art keywords
data packet
encryption
data
numeric field
filling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810602906.9A
Other languages
Chinese (zh)
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201810602906.9A priority Critical patent/CN108718317A/en
Publication of CN108718317A publication Critical patent/CN108718317A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the method and device that information security field more particularly to a kind of personal identification number are protected, this method includes:Device receives plaintext personal identification number, and determine encryption mode, the 6th preset value tissue filling numeric field data is used when encryption mode is the first encryption mode, according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, handling result is encrypted using the encryption key to prestore to obtain ciphertext data packet;Ciphertext data packet is sent to server;Random number is generated when encryption mode is the second encryption mode as filling numeric field data, according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, clear data packet is encrypted using the encryption key to prestore to obtain ciphertext data packet;Ciphertext data packet is sent to server so that personal identification number is safer in transmission process.

Description

A kind of method and device of personal identification number protection
Technical field
The present invention relates to the method and devices that information security field more particularly to a kind of personal identification number are protected.
Background technology
With the fast development of electronic information technologies, it is increasingly general in daily life to carry out electronic transaction using fiscard And.It is in the prior art the safety for improving electronic transaction, needs to carry out authentication, existing body in electronic transaction process Part verification method majority be fiscard user data interaction is carried out with fiscard host computer (host computer can be transaction eventually End, for example, POS machine) on input personal identification number, and personal identification number is transferred to verification equipment and is verified.
In the prior art, authentication performed in electronic transaction process has the following defects:It is used in authentication During being transferred to verification equipment progress personal identification number verification after inputting personal identification number in terminal, there are personal knowledges at family The risk of other code leakage, opportunity is brought to unauthorized theft personal identification number.
Invention content
In order to solve the above technical problems, the present invention provides a kind of method and devices of personal identification number protection;
The present invention provides a kind of method of personal identification number protection, including:
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to encryption parameter, when adding When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data, According to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the account in encryption parameter is used Numeric field data carries out the first default processing to clear data packet, is encrypted to obtain to handling result using the encryption key to prestore close Literary data packet;Ciphertext data packet is sent to server;
Step S3, device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to Numeric field data, plaintext personal identification number and region filling data organization clear data packet are controlled, using the encryption key to prestore in plain text Data packet is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
The present invention provides a kind of device of personal identification number protection, including:
Receiving module, for receiving plaintext personal identification number and encryption parameter;
First judgment module, the encryption parameter for being received according to receiving module determine encryption mode;
First encryption mode module includes:
First control domain data generating unit, for when the first judgment module determines that encryption mode is the first encryption mode Setting control numeric field data is the first preset value;
First region filling data generating unit, for when the first judgment module determines that encryption mode is the first encryption mode Use the 6th preset value tissue filling numeric field data;
First clear data packet generation unit, the control domain number for being generated according to the first control domain data generating unit The region filling data organization that the plaintext personal identification number and the first region filling data generating unit received according to, receiving module generates Clear data packet;
First default processing unit, the account numeric field data pair first in the encryption parameter for being received using receiving module The clear data packet that clear data packet generation unit generates carries out the first default processing;
First encryption unit, for using the handling result of the first default processing unit of the encryption key pair to prestore to add It is close to obtain ciphertext data packet;
Sending module, the ciphertext data packet for generating the first encryption unit are sent to server;
Second encryption mode module includes:
Second control domain data generating unit, for when the first judgment module determines that encryption mode is the second encryption mode Setting control numeric field data is the second preset value;
Second region filling data generating unit, for when the first judgment module determines that encryption mode is the second encryption mode Random number is generated as filling numeric field data;
Second plaintext packet generation unit, the control domain number for being generated according to the second control domain data generating unit The region filling data organization that the plaintext personal identification number and the second region filling data generating unit received according to, receiving module generates Clear data packet;
Second encryption unit, the plaintext for using the encryption key to prestore to generate second plaintext packet generation unit Data packet is encrypted to obtain ciphertext data packet;
Sending module is additionally operable to the ciphertext data packet that the second encryption unit generates being sent to server.
Beneficial effects of the present invention are:The present invention is effectively prevented by handling personal identification number and encrypting Personal identification number is revealed so that personal identification number is safer in transmission process.
Description of the drawings
Illustrate the embodiment of the present invention or technical solution in the prior art in order to clearer, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow chart of the method for personal identification number protection that the embodiment of the present invention 2 provides;
Fig. 2 is a kind of block diagram of the device for personal identification number protection that the embodiment of the present invention 3 provides.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
The present embodiment provides a kind of methods of personal identification number protection, including:
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to encryption parameter, when adding When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data, According to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the account in encryption parameter is used Numeric field data carries out the first default processing to clear data packet, is encrypted to obtain to handling result using the encryption key to prestore close Literary data packet;Ciphertext data packet is sent to server;
Step S3, device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to Numeric field data, plaintext personal identification number and region filling data organization clear data packet are controlled, using the encryption key to prestore in plain text Data packet is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
Specifically, generation random number is specially as filling numeric field data:Device is true according to the length of plaintext personal identification number Determine region filling data length, it is to fill the random number of length of field to generate length, using random number as filling numeric field data.
Specifically, clear data packet is encrypted to obtain ciphertext data packet using the encryption key to prestore be specially:Make 3DES encryption operation is carried out to clear data packet with the encryption key to prestore and obtains ciphertext data packet.
Preferably, further include in step S1:When device judge encryption mode for third encryption mode when, execute step S4;
Step S4 is that device setting control numeric field data is third preset value, and uses the 6th preset value tissue filling domain number According to public using the I C cards to prestore according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet Key is encrypted clear data packet to obtain ciphertext data packet;APDU of the tissue comprising ciphertext data packet is instructed, and APDU is instructed It is sent to card.
Specifically, being specially using the 6th preset value tissue filling numeric field data:Device is according to the length of plaintext personal identification number Degree determines region filling data length, so that its length is reached region filling data length using the 6th preset value tissue filling numeric field data.
Preferably, in step S4, according to control numeric field data, plaintext personal identification number and region filling data organization clear data After packet, specifically include:Device acquisition instruction from encryption parameter sends format, when it is that ciphertext is sent that instruction, which sends format, Encryption mode is encrypted clear data packet to obtain ciphertext data packet using the I C cards public keys to prestore;Tissue includes ciphertext number It is instructed according to the APDU of packet, and APDU instructions is sent to card;When it is to send in plain text that instruction, which sends format, tissue is comprising in plain text The APDU of data packet is instructed, and APDU instructions are sent to card.
It should be noted that personal identification number (full name in English:Persona l I dent i f i cat i on Number, english abbreviation:PI N);
Specifically, clear data packet is encrypted to obtain ciphertext data packet using the I C cards public keys to prestore be specially:Make Rsa encryption operation is carried out to clear data packet with the I C cards public keys to prestore and obtains ciphertext data packet.
Preferably, further include in step S1:When device judgement encryption mode is four encryption mode, step S5 is executed;
Step S5 is that device setting control numeric field data is the 4th preset value, and generates random number, and second is carried out to random number Default processing, using handling result as filling numeric field data, according to control numeric field data, plaintext personal identification number and region filling data group Knit clear data packet;The first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, using prestoring Encryption key handling result is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
Specifically, the first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, using pre- The encryption key deposited is encrypted to obtain ciphertext data packet to handling result:Use the account numeric field data in encryption parameter XOR operation is carried out to clear data packet, carrying out 3DES encryption operation to XOR operation result using the encryption key to prestore obtains Ciphertext data packet.
Specifically, generating random number, the second default processing is carried out to random number, using handling result as filling numeric field data tool Body is:Device determines that region filling data length, generation length are region filling data length according to the length of plaintext personal identification number Random number, successively from random number obtain a byte, by the 9th preset value of byte pair got carry out complementation, root Corresponding preset data is obtained according to remainder result, and replaces the current byte in random number using preset data, it will be whole Random number after the completion of byte is replaced is used as filling numeric field data.
Preferably, further include in step S1:When device judgement encryption mode is five encryption mode, step S6 is executed;
Step S6 is that device sets control numeric field data to the 5th preset value, and generates region filling number using the 7th preset value According to, and generate random number as random numeric field data, according to control numeric field data, plaintext personal identification number, filling numeric field data and with Machine numeric field data tissue clear data packet, is encrypted clear data packet using the AES key to prestore, using in encryption parameter Account numeric field data the first default processing is carried out to encrypted result, reuse AES key handling result is encrypted to obtain it is close Literary data packet;Ciphertext data packet is sent to server.
Specifically, being specially using the 7th preset value generation filling numeric field data:Device is according to the length of plaintext personal identification number Degree determines region filling data length, so that its length is dealt into region filling data length using the 7th preset value tissue filling numeric field data.
It should be noted that further including after tissue clear data packet in the present embodiment:Device destroys personal identification in plain text Code;Obtaining ciphertext data packet further includes later:Device destroys clear data packet.
Preferably, after device receives plaintext personal identification number and encryption parameter, further include:Device judges personal knowledge in plain text Whether other code is legal, is to continue;Otherwise terminate.
Embodiment 2
The present embodiment provides a kind of methods of personal identification number protection, referring to Fig. 1, including:
Step 101, device receive plaintext personal identification number and encryption parameter;
Specifically, in the present embodiment, the plaintext personal identification number that device receives is specially 1234;
Encryption parameter is identified including at least encryption mode;Further include that account numeric field data or data send format;
When encryption mode is identified as 01, further include in encryption parameter:Account numeric field data;When encryption mode is 03, add Further include in close parameter:Data send format;When encryption mode is 04, further include in encryption parameter:Account numeric field data;When adding When close pattern is 05, further include in encryption parameter:Account numeric field data;
Step 102, device judge whether plaintext personal identification number is legal, are to then follow the steps 103, otherwise report an error, and terminate;
Specifically, device judge plaintext personal identification number length whether in 2 bytes between 6 bytes, being to judge Plaintext personal identification number is legal, otherwise judges that plaintext personal identification number is illegal.
In the present embodiment, the length of plaintext personal identification number is that 2 bytes be in 2 bytes between 6 bytes, therefore individual in plain text Identification code is legal.
Step 103, device obtain encryption mode mark from encryption parameter, are identified according to encryption mode and judge encryption mould Formula executes step 104 when encryption mode is the first encryption mode;When encryption mode is the second encryption mode, step is executed 113;When encryption mode is third encryption mode, step 120 is executed;When encryption mode is four encryption mode, step is executed Rapid 132;When encryption mode is five encryption mode, step 141 is executed;
Specifically, when encryption mode is identified as 01, then encryption mode is judged for the first encryption mode, when encryption mode mark Know when being 02, then judge encryption mode for the second encryption mode, when encryption mode is identified as 03, then judges encryption mode for the Three encryption modes then judge encryption mode for the 4th encryption mode, when encryption mode is identified as when encryption mode is identified as 04 When 05, then encryption mode is judged for the 5th encryption mode,
Step 104, device are using the first preset value as control numeric field data;
Specifically, the first preset value is specially 0;
Step 105, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device according to plaintext personal identification number determine filling length of field so that plaintext personal identification number length with The summation for filling length of field is equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 106, device make its length reach filling length of field using the 6th preset value tissue filling numeric field data;
Specifically, the 6th preset value is F;In the present embodiment, filling numeric field data is specially FFFFFFFFFF.
Step 107, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 0, the length 4 of plaintext personal identification number, plaintext personal identification number 1234 Clear data packet is obtained with filling numeric field data FFFFFFFFFF sequential concatenations, clear data packet is specially 041234FFFFFFFFFF;
Step 108, device destroy plaintext personal identification number;
Step 109, device obtain account numeric field data from encryption parameter, judge whether the length of account numeric field data is more than the Eight preset values are the end that reports an error, return to step 101;It is no to then follow the steps 110;
Specifically, the account numeric field data that device is got from encryption parameter is specially 0000123456789012;
8th preset value is specially 8 bytes;
Step 110, device access to your account numeric field data to clear data packet carry out XOR operation obtain operation result;
In the present embodiment, device carries out XOR operation using 0000123456789012 couple of 041234FFFFFFFFFF and obtains Operation result be specially 041226CBA9876FED;
Step 111, device obtain the encryption key to prestore and obtain ciphertext data to operation result progress 3DES encryption operation Packet;
The encryption key to prestore in the present embodiment is specially 1234567887654321;Using encryption key to XOR operation As a result it is specially EC4B9E63EDFB4CFA that 041226CBA9876FED, which carries out the ciphertext data packet that 3DES encryption operation obtains,;
Step 112, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 113, device are using the second preset value as control numeric field data;
Specifically, the second preset value is specially 1;
Step 114, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that personal identification number length It is equal to 7 bytes with the summation of filling length of field;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
It is to fill the random number of length of field that step 115, device, which generate length, using the random number of generation as region filling number According to;
Specifically, encryption mode generates the random number that length is 5 bytes, random number is specially D24578ADEF;
Step 116, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling Numeric field data tissue clear data packet;
Specifically, encryption mode will control numeric field data 1, length 4, the plaintext personal identification number 1234 of plaintext personal identification number Clear data packet is obtained with filling numeric field data D24578ADEF sequential concatenations, clear data packet is specially 141234D24578ADEF;
Step 117, device destroy plaintext personal identification number;
Step 118, device obtain the encryption key to prestore and obtain ciphertext number to the progress 3DES encryption operation of clear data packet According to packet;
In the present embodiment, encryption key is specially 1234567887654321, using encryption key to clear data packet into The ciphertext data packet that row 3DES encryption operation obtains is specially:6F4C3A33BD36BB5F;
Step 119, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 120, device are using third preset value as control numeric field data;
In the present embodiment, third preset value is specially 2;
Step 121, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 122, device make its length reach filling length of field using the 6th preset value tissue filling numeric field data;
Specifically, the 6th preset value is F;In the present embodiment, filling numeric field data is specially FFFFFFFFFF.
Step 123, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 2, the length 4 of plaintext personal identification number, plaintext personal identification number 1234 Clear data packet is obtained with filling numeric field data FFFFFFFFFF sequential concatenations, clear data packet is specially 241234FFFFFFFFFF;
Step 124, device destroy plaintext personal identification number;
Step 125, the device acquisition instruction from encryption parameter send format;
Step 126, device decision instruction send format, are that ciphertext executes step 127 when sending when instruction sends format;When It is to execute step 129 when sending in plain text that instruction, which sends format,;
Step 127, device carry out rsa encryption to clear data packet using the I C cards public keys to prestore and obtain ciphertext data packet;
Specifically, device is filled clear data packet so that the length after filling is equal to 256 bytes;
In the present embodiment fill after data be specially:
241234FFFFFFFFFF1505830324481733831594189525975565855368298654883571376119536 19708879349297526251006324694849167227209874282361125187624540843593283378904 64239971669114777371817180946715566062473981992157605717384222994389161821187 81347315493772884679768141837412661499488399555355298621684676696429583637959 10274837364556803432914265150334010070538257862907523257165208530614496721449 57654612156691247578653160573034681637218577718953258696804244870286673114546 32297341269464205853822885662907982979892633643489
The IC card public key to prestore in the present embodiment is specially:2048
DFD6366B30942883FA96D6D9563B848A90F15E03FE0FCD538017E7BBDAF18EB40529FE4BB2C5E 78259C1A436562F28B2FA143B4B5384DCA0C867EE93F996EE6DB212D847DAA806127093F9D8B4 54690FD236F907A09D45E1CBC0C1EA1CF3248B4A122DCC53487DC4E558AC0DFD22B8D2A15B3E1 CD5EC9A0BA0B733AD32B7040BA1832FB5A2A90E31452AC64F586534BB550EDB86E3DE9866DC2E 75D6E105F42E409047823292C439D53967CECE9428F5175254DE1937F7AE73661E7D267BBF805 003494C9869C2BC4EB87F65AD3DEFF2CEB5C582BB65045C99DD7D393E14FDD789E313A0583D01 9F2B08B2A27224050FCFCA6662FF26E7895211332C7595EEFF 00010001
Rsa encryption is carried out to the data after filling using the I C cards public keys to prestore and obtains ciphertext data packet;Ciphertext data packet Specially:
38DA23039DB8E1795BD3D520EFEEC2DEC96063568108485670E18A363C8BA6E42AC9B06D20BD5 ECB0219FEAB3FB4336DF526BD3E0406362017B808F7D6031E16ADED860A E2B873F7895AD8A98765F6E0B9D859E340D89396FA39AE8AE7D1C804BF117E1E0F501AAF43994 B045989D19641A147EE5FA83D107D2523CE7733A5AAA3FE6A1A8F382644A76D5CAA3BA91A3C82 DE7523200164F57AFBAF801AB0EEC285ED1FB3D2B052A45C2D F7AD63565AB77513CD45A2E3EB665B28383FF26343248B47A53096A2FAFEFCA5853C B3EBADFD7CEADAAE26465A31FB4EA6B44232CB68051BD4197A0D7ACEE4CD8FCEE7890F5745DE3 9FC2961654AEB8FDDEB3306AD83;
Step 128, device tissue include that the APDU of ciphertext data packet is instructed, and APDU instructions are sent to card;Execute step Rapid 130;
In the present embodiment, the APDU instructions comprising ciphertext data packet of device tissue are specially:
002000880038DA23039DB8E1795BD3D520EFEEC2DEC96063568108485670E18A363C8BA6E42AC 9B06D20BD5ECB0219FEAB3FB4336DF526BD3E0406362017B808F7D6031E16ADED860AE2B873F7 895AD8A98765F6E0B9D859E340D89396FA39AE8AE7D1C804BF117E1E0F501AAF43994B045989D 19641A147EE5FA83D107D2523CE7733A5AAA3FE6A1A8F382644A76D5CAA3BA91A3C82DE752320 0164F57AFBAF801AB0EEC285ED1FB3D2B052A45C2DF7AD63565AB77513CD45A2E3EB665B28383 FF26343248B47A53096A2FA FEFCA5853CB3EBADFD7CEADAAE26465A31FB4EA6B44232CB68051BD4197A0D7ACEE4CD8FCEE78 90F5745DE39FC2961654AEB8FDDEB3306AD83;
Step 129, device tissue include that the APDU of clear data packet is instructed, and APDU instructions are sent to card;
The APDU organized in the present embodiment is instructed:0020008000241234FFFFFFFFFF;
Step 130, device judge whether APDU instructions send success, are to then follow the steps 131;Otherwise report an error end;
Specifically, device receives the response data that card returns, judges whether response data is 9000, be to judge APDU Instruction is sent successfully, otherwise judges that APDU instructions send failure.
Step 131, device destroy clear data packet, terminate;
Step 132, device are using the 4th preset value as control numeric field data;
In the present embodiment, the 4th preset value is specially 3;
Step 133, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
It is to fill the random number of length of field that step 134, device, which generate length, carries out default processing to random number, will handle Result afterwards is as filling numeric field data;
In the present embodiment, the random number that device generates is specially:689A67B9A7;A word is obtained from random number successively Section currently will replace with A when remainder result is 0 to 6 remainder of byte pair got from the byte of the acquisition in random number; When remainder result is 1, currently B will be replaced with from the byte of the acquisition in random number;When remainder result be 2 when, will currently from The byte of acquisition in random number replaces with C;When remainder result is 3, will currently be replaced from the byte of the acquisition in random number For D;When remainder result is 4, currently E will be replaced with from the byte of the acquisition in random number;When remainder result is 5, will work as The preceding byte from the acquisition in random number replaces with F;
For example, the first character section that is got from random number of device is 6, to 6 remainder of byte pair got, remainder As a result it is 0, then the first character section of random number is replaced with into A;
It obtains filling numeric field data being specially ACDEABFDEB after carrying out remainder assignment processing in the present embodiment;
Step 135, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 3, the length 4 of plaintext personal identification number, plaintext personal identification number 1234 Clear data packet is obtained with filling numeric field data ACDEABFDEB sequential concatenations, clear data packet is specially 341234ACDEABFDEB;
Step 136, device destroy plaintext personal identification number;
Step 137, device obtain account numeric field data from encryption parameter, judge whether the length of account numeric field data is more than the Eight preset values are the end that reports an error;It is no to then follow the steps 138;
Specifically, the account numeric field data that device is got from encryption parameter is specially 0000123456789012;
Specifically, the 5th preset value is specially 8 bytes;
Step 138, device access to your account numeric field data to clear data packet carry out XOR operation obtain operation result;
In the present embodiment, device carries out XOR operation using 0000123456789012 couple of 341234ACDEABFDEB and obtains Operation result be specially 3412269888D36DF9;
Step 139, device obtain the encryption key to prestore and obtain ciphertext data to operation result progress 3DES encryption operation Packet;
In the present embodiment, encryption key is specially 1234567887654321;Operation result is carried out using encryption key 3DES encryption obtains ciphertext data packet, and ciphertext data packet is specially BFE85569D72C8607;
Step 140, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 141, device are using the 5th preset value as control numeric field data;
In the present embodiment, the 5th preset value is specially 4;
Step 142, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 143, device make its length reach filling length of field, and generate using the 7th preset value tissue filling numeric field data Length is the random number of preset length as random numeric field data;
In the present embodiment, the 7th preset value is specially A;In the present embodiment, device uses the 6th preset value A tissue fillings domain Data make its length reach filling 10 byte of length of field, and filling numeric field data is specially AAAAAAAAAA;And it is 8 bytes to generate length Random number as random number field, random number field is specially in the present embodiment:8395487282872419;
Step 144, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number, region filling Data and random numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 4, the length 4 of plaintext personal identification number, plaintext personal identification number 1234, it fills numeric field data AAAAAAAAAA and 8395487282872419 sequential concatenation of random number field obtains clear data packet, it is bright The literary specific 441234AAAAAAAAAA8395487282872419 of data packet;
Step 145, device destroy plaintext personal identification number;
Step 146, device carry out AES encryption using the AES key to prestore to clear data packet, and access to your account numeric field data pair Encrypted result carries out XOR operation, and XOR operation result is encrypted using AES key to obtain ciphertext data packet;
In the present embodiment, the AES key to prestore is specially:12345678876543211234567887654321;It uses AES key carries out AES encryption to clear data packet, and encrypted result is specially D84D4BC066244A5491EF1617B8463CAA;Account numeric field data is specially 01234567890120000000000000000000;The numeric field data that accesses to your account carries out XOR operation to encrypted result and obtains operation As a result, operation result is specially D96E0EA7EF256A5491EF1617B8463CAA;Using AES key to the fortune of XOR operation It calculates result to be encrypted to obtain ciphertext data packet again, ciphertext data packet is specially 088601C52A8EC350EBA79306F6B1E2B8;
Step 147, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Embodiment 3
The present embodiment provides a kind of personal identification number protective devices, referring to Fig. 2, including:
Receiving module 11, for receiving plaintext personal identification number and encryption parameter;
First judgment module 12, the encryption parameter for being received according to receiving module 11 determine encryption mode;
First encryption mode module 13 includes:
First control domain data generating unit 131, for determining that encryption mode is the first encryption when the first judgment module 12 Setting control numeric field data is the first preset value when pattern;
First region filling data generating unit 132, for determining that encryption mode is the first encryption when the first judgment module 12 The 6th preset value tissue filling numeric field data is used when pattern;
First clear data packet generation unit 133, the control for being generated according to the first control domain data generating unit 131 The filling that the plaintext personal identification number and the first region filling data generating unit 132 that numeric field data, receiving module 11 receive generate Numeric field data tissue clear data packet;
First default processing unit 134, the account numeric field data in the encryption parameter for being received using receiving module 11 First default processing is carried out to the clear data packet that the first clear data packet generation unit 133 generates;
First encryption unit 135, the handling result for using the first default processing unit 134 of encryption key pair to prestore It is encrypted to obtain ciphertext data packet;
Sending module 14, the ciphertext data packet for generating the first encryption unit 135 are sent to server;
Second encryption mode module 15 includes:
Second control domain data generating unit 151, for determining that encryption mode is the second encryption when the first judgment module 12 Setting control numeric field data is the second preset value when pattern;
Second region filling data generating unit 152, for determining that encryption mode is the second encryption when the first judgment module 12 Random number is generated when pattern as filling numeric field data;
Second plaintext packet generation unit 153, the control for being generated according to the second control domain data generating unit 151 The filling that the plaintext personal identification number and the second region filling data generating unit 152 that numeric field data, receiving module 11 receive generate Numeric field data tissue clear data packet;
Second encryption unit 154, for using the encryption key to prestore to generate second plaintext packet generation unit 153 Clear data packet be encrypted to obtain ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the second encryption unit 154 generates being sent to server.
Specifically, the second region filling data generating unit 152, specifically for the plaintext received according to receiving module 11 The length of people's identification code determines region filling data length, generates the random number that length is region filling data length, random number is made To fill numeric field data.
Specifically, the second encryption unit 154, specifically for using the encryption key to prestore to generate second plaintext data packet The clear data packet that unit 153 generates carries out 3DES encryption operation and obtains ciphertext data packet.
Specifically, the first region filling data generating unit 132, is specifically used for determining encryption mode when the first judgment module 12 The length of plaintext personal identification number to be received according to receiving module 11 when the first encryption mode determines region filling data length, Its length is set to reach region filling data length using the 6th preset value tissue filling numeric field data.
Specifically, the first default processing unit 134, specifically in the encryption parameter that is received using receiving module 11 The clear data packet that account numeric field data pair the first clear data packet generation unit 133 generates uses the account domain number in encryption parameter XOR operation is carried out according to clear data packet;
First encryption unit 135, specifically for using the first default processing unit 134 of encryption key pair to prestore to generate XOR operation result carries out 3DES encryption operation and encrypts to obtain ciphertext data packet.
Preferably, which further includes third encryption mode module;
Third encryption mode module includes:
Third control domain data generating unit, for determining that encryption mode is third encryption mode when the first judgment module 12 When setting control numeric field data be third preset value;
Third region filling data generating unit, for determining that encryption mode is third encryption mode when the first judgment module 12 When use the 6th preset value tissue filling numeric field data;
Third clear data packet generation unit, the control domain number for being generated according to third control domain data generating unit The region filling data group that the plaintext personal identification number and third region filling data generating unit received according to, receiving module 11 generates Knit clear data packet;
Third encryption unit, the plaintext for using the IC card public key to prestore to generate third clear data packet generation unit Data packet is encrypted to obtain ciphertext data packet;
APDU instruction generation units, the APDU instructions for generating the ciphertext data packet generated comprising third encryption unit;
Sending module 14 is additionally operable to the APDU instructions that APDU instruction generation units generate being sent to card.
Preferably, third encryption mode module further includes:Judging unit;
Judging unit, specifically for the acquisition instruction transmission format from the encryption parameter that receiving module 11 receives;Judge Instruction sends format;
Third encryption unit is specifically used for when it is that ciphertext is sent that judging unit decision instruction, which sends format, using prestoring IC card public key clear data packet that third clear data packet generation unit is generated be encrypted to obtain ciphertext data packet;
APDU instruction generation units are additionally operable to when judging unit decision instruction sends format be that tissue includes when plaintext is sent The APDU instructions for the clear data packet that third clear data packet generation unit generates.
Specifically, third encryption unit, single specifically for using the I C cards public keys to prestore to generate third clear data packet The clear data packet that member generates carries out rsa encryption operation and obtains ciphertext data packet.
Preferably, which further includes the 4th encryption mode module;
4th encryption mode module includes:
4th control domain data generating unit, for determining that encryption mode is the 4th encryption mode when the first judgment module 12 When setting control numeric field data be the 4th preset value;
4th region filling data generating unit, for determining that encryption mode is the 4th encryption mode when the first judgment module 12 Shi Shengcheng random numbers carry out the second default processing, using handling result as filling numeric field data to random number;
4th clear data packet generation unit, the control domain number for being generated according to the 4th control domain data generating unit The region filling data group that the plaintext personal identification number and the 4th region filling data generating unit received according to, receiving module 11 generates Knit clear data packet;
Second default processing unit, the account numeric field data pair in the encryption parameter for being received using receiving module 11 The clear data packet that four clear data packet generation units generate carries out the first default processing;
4th encryption unit, for use the handling result that the second default processing unit of the encryption key pair to prestore obtains into Row encryption obtains ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the 4th encryption unit is encrypted being sent to server.
Specifically, the 4th region filling data generating unit, specifically for determining that encryption mode is when the first judgment module 12 The length of the plaintext personal identification number received according to receiving module 11 when four encryption modes determines region filling data length, raw At the random number that length is region filling data length, a byte is obtained from random number successively, by the byte pair got the Nine preset values carry out complementation, obtain corresponding preset data according to remainder result, and using preset data replace with Current byte in machine number, the random number after the completion of whole bytes are replaced is as filling numeric field data.
Preferably, which further includes the 5th encryption mode module;
5th, which encrypts mode module, includes:
5th control domain data generating unit, for determining that encryption mode is the 5th encryption mode when the first judgment module 12 When setting control numeric field data be the 5th preset value;
5th region filling data generating unit, for determining that encryption mode is the 5th encryption mode when the first judgment module 12 When using the 7th preset value generate filling numeric field data;
Random numeric field data generation unit, for when the first judgment module 12 determines that encryption mode is five encryption mode Generate random number;
5th clear data packet generation unit, the control domain number for being generated according to the 5th control domain data generating unit Filling numeric field data that plaintext personal identification number, the 5th region filling data generating unit received according to, receiving module 11 generates and The random numeric field data tissue clear data packet that random numeric field data generation unit generates;
5th encryption unit, the plaintext for using the 5th clear data packet generation unit of AES key pair to prestore to generate Data packet is encrypted to obtain encrypted result;
Third presets processing unit, the account numeric field data pair in the encryption parameter for being received using receiving module 11 The encrypted result that five encryption units are encrypted carries out the first default processing;
6th encryption unit, for use the AES key to prestore to third preset handling result that processing unit obtains into Row encryption obtains ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the 6th encryption unit is encrypted being sent to server.
Specifically, the 5th region filling data generating unit, specifically for determining that encryption mode is when the first judgment module 12 Region filling data length is determined according to the length of plaintext personal identification number when five encryption modes, is filled out using the 7th preset value tissue Filling numeric field data makes its length be dealt into region filling data length.
Preferably, which further includes:
First destroys module, bright for being destroyed after the first clear data packet generation unit 133 generates clear data packet Literary personal identification number;It is additionally operable to destroy after second plaintext packet generation unit 153 generates clear data packet personal in plain text Identification code;
Second destroys module, for destroying clear data packet after the first encryption unit 135 generates ciphertext data packet;Also For destroying clear data packet after the second encryption unit 154 generates ciphertext data packet.
Preferably, which further includes:
Second judgment module, for judging whether the plaintext personal identification number that receiving module 11 receives is legal;
First judgment module 12 is specifically used for when the second judgment module judgement plaintext personal identification number is legal, according to connecing It receives the encryption parameter that module 11 receives and determines encryption mode.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Any one skilled in the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, all It is covered by the protection scope of the present invention.Therefore, protection scope of the present invention is answered described with scope of the claims Subject to.

Claims (28)

1. a kind of method of personal identification number protection, which is characterized in that
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to the encryption parameter, when adding When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, described device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data, According to control numeric field data, the plaintext personal identification number and the region filling data organization clear data packet, the encryption is used Account numeric field data in parameter carries out the first default processing to the clear data packet, is tied to processing using the encryption key to prestore Fruit is encrypted to obtain ciphertext data packet;The ciphertext data packet is sent to server;
Step S3, described device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to Numeric field data, the plaintext personal identification number and the region filling data organization clear data packet are controlled, it is close using the encryption to prestore Key is encrypted to obtain ciphertext data packet to the clear data packet;The ciphertext data packet is sent to server.
2. the method as described in claim 1, which is characterized in that the generation random number conduct fills numeric field data and is specially:Institute It states device and determines that region filling data length, generation length are the filling length of field according to the length of the plaintext personal identification number Random number, using the random number as filling numeric field data.
3. the method as described in claim 1, which is characterized in that described to use the encryption key to prestore to the clear data packet Be encrypted to obtain ciphertext data packet be specially:3DES encryption fortune is carried out to the clear data packet using the encryption key to prestore Calculation obtains ciphertext data packet.
4. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt When pattern is third encryption mode, step S4 is executed;
The step S4 is that described device setting control numeric field data is third preset value, and uses the 6th preset value tissue filling domain Data use the IC to prestore according to control numeric field data, plaintext personal identification number and the region filling data organization clear data packet Card public key is encrypted to obtain ciphertext data packet to the clear data packet;APDU of the tissue comprising ciphertext data packet is instructed, and APDU instructions are sent to card.
5. method as described in claim 1 or 4, which is characterized in that described to be had using the 6th preset value tissue filling numeric field data Body is:Described device determines region filling data length according to the length of the plaintext personal identification number, uses the 6th preset value group Knitting filling numeric field data makes its length reach the region filling data length.
6. method as claimed in claim 4, which is characterized in that in the step S4, according to control numeric field data, in plain text personal knowledge After other code and the region filling data organization clear data packet, specifically include:Described device acquisition instruction from encryption parameter Format is sent, when it is that ciphertext is sent that instruction, which sends format, the encryption mode is using the IC card public key to prestore to the plaintext Data packet is encrypted to obtain ciphertext data packet;APDU of the tissue comprising ciphertext data packet is instructed, and the APDU is instructed and is sent out Give card;When it is to send in plain text that instruction, which sends format, APDU of the tissue comprising the clear data packet is instructed, and will be described APDU instructions are sent to card.
7. method as claimed in claim 4, which is characterized in that described to use the IC card public key to prestore to the clear data packet Be encrypted to obtain ciphertext data packet be specially:Rsa encryption fortune is carried out to the clear data packet using the IC card public key to prestore Calculation obtains ciphertext data packet.
8. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt When pattern is four encryption mode, step S5 is executed;
The step S5 is that described device setting control numeric field data is the 4th preset value, and generates random number, to the random number The second default processing is carried out, using handling result as filling numeric field data, according to controlling numeric field data, plaintext personal identification number and described Region filling data organization clear data packet;The is carried out to the clear data packet using the account numeric field data in the encryption parameter One default processing, is encrypted handling result using the encryption key to prestore to obtain ciphertext data packet;By the ciphertext data Packet is sent to server.
9. the method as described in claim 1 or 8, which is characterized in that the account numeric field data using in the encryption parameter First default processing is carried out to the clear data packet, handling result is encrypted using the encryption key to prestore to obtain ciphertext Data packet is specially:XOR operation is carried out to clear data packet using the account numeric field data in encryption parameter, is added using what is prestored Close key pair XOR operation result carries out 3DES encryption operation and obtains ciphertext data packet.
10. method as claimed in claim 8, which is characterized in that it is pre- to carry out second to the random number for the generation random number If processing, it is specially using handling result as filling numeric field data:Described device is true according to the length of the plaintext personal identification number Determine region filling data length, generate the random number that length is region filling data length, obtain a byte from random number successively, The 9th preset value of byte pair got is subjected to complementation, corresponding preset data is obtained according to remainder result, and The current byte in random number is replaced using preset data, the random number after the completion of whole bytes are replaced is as region filling number According to.
11. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt When pattern is five encryption mode, step S6 is executed;
The step S6 is that described device sets control numeric field data to the 5th preset value, and generates filling using the 7th preset value Numeric field data, and random number is generated as random numeric field data, according to control numeric field data, plaintext personal identification number, the region filling Data and the random numeric field data tissue clear data packet, add the clear data packet using the AES key to prestore It is close, the first default processing is carried out to encrypted result using the account numeric field data in the encryption parameter, reuses the AES key Handling result is encrypted to obtain ciphertext data packet;The ciphertext data packet is sent to server.
12. the method as described in claim 1 or 4 or 8 or 11, which is characterized in that further include after tissue clear data packet:Institute It states device and destroys plaintext personal identification number;Obtaining ciphertext data packet further includes later:Described device destroys clear data packet.
13. method as claimed in claim 11, which is characterized in that described specific using the 7th preset value generation filling numeric field data For:Described device determines region filling data length according to the length of the plaintext personal identification number, uses the 7th preset value tissue Filling numeric field data makes its length be dealt into the region filling data length.
14. the method as described in claim 1, which is characterized in that described device receives plaintext personal identification number and encryption parameter Later, further include:Described device judges whether the plaintext personal identification number is legal, is to continue;Otherwise terminate.
15. a kind of device of personal identification number protection, which is characterized in that including:
Receiving module, for receiving plaintext personal identification number and encryption parameter;
First judgment module, the encryption parameter for being received according to the receiving module determine encryption mode;
First encryption mode module includes:
First control domain data generating unit determines that the encryption mode is the first encryption mould for working as first judgment module Setting control numeric field data is the first preset value when formula;
First region filling data generating unit determines that the encryption mode is the first encryption mould for working as first judgment module The 6th preset value tissue filling numeric field data is used when formula;
First clear data packet generation unit, the control domain number for being generated according to the first control domain data generating unit The institute that the plaintext personal identification number and the first region filling data generating unit received according to, the receiving module generates State region filling data organization clear data packet;
First default processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module The clear data packet that the first clear data packet generation unit generates carries out the first default processing;
First encryption unit, for using the encryption key to prestore to add the handling result of the described first default processing unit It is close to obtain ciphertext data packet;
Sending module, the ciphertext data packet for generating first encryption unit are sent to server;
Second encryption mode module includes:
Second control domain data generating unit determines that the encryption mode is the second encryption mould for working as first judgment module Setting control numeric field data is the second preset value when formula;
Second region filling data generating unit determines that the encryption mode is the second encryption mould for working as first judgment module Random number is generated when formula as filling numeric field data;
Second plaintext packet generation unit, the control domain number for being generated according to the second control domain data generating unit The institute that the plaintext personal identification number and the second region filling data generating unit received according to, the receiving module generates State region filling data organization clear data packet;
Second encryption unit, for using the encryption key to prestore to described in second plaintext packet generation unit generation Clear data packet is encrypted to obtain ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that second encryption unit generates being sent to server.
16. device as claimed in claim 15, which is characterized in that the second region filling data generating unit is specifically used for The length of the plaintext personal identification number received according to the receiving module determines region filling data length, generates length and is The random number of the region filling data length, using the random number as filling numeric field data.
17. device as claimed in claim 15, which is characterized in that second encryption unit prestores specifically for using Encryption key carries out 3DES encryption operation to the clear data packet that the second plaintext packet generation unit generates and obtains Ciphertext data packet.
18. device as claimed in claim 15, which is characterized in that the first region filling data generating unit is specifically used for When first judgment module determines the encryption mode as the institute that is received according to the receiving module when the first encryption mode The length for stating literary personal identification number clearly determines region filling data length, makes its length using the 6th preset value tissue filling numeric field data Reach the region filling data length.
19. device as claimed in claim 15, which is characterized in that the first default processing unit is specifically used for using institute The account numeric field data stated in the encryption parameter that receiving module receives generates the first clear data packet generation unit The clear data packet XOR operation is carried out to clear data packet using the account numeric field data in encryption parameter;
First encryption unit, it is different specifically for using the encryption key to prestore to generate the described first default processing unit Or operation result carries out 3DES encryption operation and obtains ciphertext data packet.
20. device as claimed in claim 15, which is characterized in that further include third encryption mode module;
The third encryption mode module includes:
Third control domain data generating unit determines that the encryption mode is that third encrypts mould for working as first judgment module Setting control numeric field data is third preset value when formula;
Third region filling data generating unit determines that the encryption mode is that third encrypts mould for working as first judgment module The 6th preset value tissue filling numeric field data is used when formula;
Third clear data packet generation unit, the control domain number for being generated according to the third control domain data generating unit The institute that the plaintext personal identification number and the third region filling data generating unit received according to, the receiving module generates State region filling data organization clear data packet;
Third encryption unit, the plaintext for using the IC card public key to prestore to generate the third clear data packet generation unit Data packet is encrypted to obtain ciphertext data packet;
APDU instruction generation units, the APDU instructions for generating the ciphertext data packet generated comprising the third encryption unit;
The sending module is additionally operable to the APDU instructions that the APDU instruction generation units generate being sent to card.
21. device as claimed in claim 20, which is characterized in that the third encryption mode module further includes:Judging unit;
The judging unit, specifically for the acquisition instruction transmission format from the encryption parameter that the receiving module receives;Sentence Disconnected described instruction sends format;
The third encryption unit is specifically used for when judging unit judgement described instruction sends format and sent for ciphertext, The clear data packet generated to the third clear data packet generation unit using the IC card public key to prestore is encrypted to obtain close Literary data packet;
The APDU instruction generation units are additionally operable to when judging unit judgement described instruction sends format to send in plain text The APDU instructions for the clear data packet that tissue is generated comprising the third clear data packet generation unit.
22. device as claimed in claim 20, which is characterized in that third encryption unit, specifically for using the IC card to prestore Public key carries out rsa encryption operation to the clear data packet that the third clear data packet generation unit generates and obtains ciphertext data Packet.
23. device as claimed in claim 15, which is characterized in that further include the 4th encryption mode module;
The 4th encryption mode module includes:
4th control domain data generating unit determines that the encryption mode is the 4th encryption mould for working as first judgment module Setting control numeric field data is the 4th preset value when formula;
4th region filling data generating unit determines that the encryption mode is the 4th encryption mould for working as first judgment module Random number is generated when formula, the second default processing is carried out to the random number, using handling result as filling numeric field data;
4th clear data packet generation unit, the control domain number for being generated according to the 4th control domain data generating unit The institute that the plaintext personal identification number and the 4th region filling data generating unit received according to, the receiving module generates State region filling data organization clear data packet;
Second default processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module The clear data packet that the 4th clear data packet generation unit generates carries out the first default processing;
4th encryption unit, for use the handling result that the encryption key to prestore obtains the described second default processing unit into Row encryption obtains ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that the 4th encryption unit is encrypted being sent to server.
24. device as claimed in claim 23, which is characterized in that the 4th region filling data generating unit is specifically used for working as institute Stating the first judgment module determines the encryption mode by being stated clearly according to what the receiving module received when four encryption modes The length of literary personal identification number determines region filling data length, generates the random number that length is region filling data length, successively from A byte is obtained in random number, and the 9th preset value of byte pair got is subjected to complementation, is obtained according to remainder result Corresponding preset data, and the current byte in random number is replaced using preset data, whole bytes are replaced into completion Random number afterwards is as filling numeric field data.
25. device as claimed in claim 15, which is characterized in that further include the 5th encryption mode module;
Described 5th, which encrypts mode module, includes:
5th control domain data generating unit determines that the encryption mode is the 5th encryption mould for working as first judgment module Setting control numeric field data is the 5th preset value when formula;
5th region filling data generating unit determines that the encryption mode is the 5th encryption mould for working as first judgment module When formula filling numeric field data is generated using the 7th preset value;
Random numeric field data generation unit determines that the encryption mode is the 5th encryption mode for working as first judgment module Shi Shengcheng random numbers;
5th clear data packet generation unit, the control domain number for being generated according to the 5th control domain data generating unit The institute that the plaintext personal identification number, the 5th region filling data generating unit received according to, the receiving module generates State the random numeric field data tissue clear data packet that filling numeric field data and the random numeric field data generation unit generate;
5th encryption unit, the plaintext for using the AES key to prestore to generate the 5th clear data packet generation unit Data packet is encrypted to obtain encrypted result;
Third presets processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module The encrypted result that 5th encryption unit is encrypted carries out the first default processing;
6th encryption unit, for use the AES key to prestore to the third preset the obtained handling result of processing unit into Row encryption obtains ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that the 6th encryption unit is encrypted being sent to server.
26. device as claimed in claim 24, which is characterized in that the 5th region filling data generating unit is specifically used for working as institute State the first judgment module determine the encryption mode be five encryption modes when it is true according to the length of the plaintext personal identification number Determine region filling data length, so that its length is dealt into the region filling data length using the 7th preset value tissue filling numeric field data.
27. device as claimed in claim 15, which is characterized in that further include:
First destroys module, for destroying plaintext after the first clear data packet generation unit generates clear data packet People's identification code;It is additionally operable to destroy personal identification in plain text after the second plaintext packet generation unit generates clear data packet Code;
Second destroys module, for destroying clear data packet after first encryption unit generates ciphertext data packet;Also use In destruction clear data packet after second encryption unit generates ciphertext data packet.
28. device as claimed in claim 15, which is characterized in that further include:
Second judgment module, for judging whether the plaintext personal identification number that the receiving module receives is legal;
First judgment module is specifically used for when second judgment module judges that the plaintext personal identification number is legal, Encryption mode is determined according to the encryption parameter that the receiving module receives.
CN201810602906.9A 2018-06-12 2018-06-12 A kind of method and device of personal identification number protection Pending CN108718317A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810602906.9A CN108718317A (en) 2018-06-12 2018-06-12 A kind of method and device of personal identification number protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810602906.9A CN108718317A (en) 2018-06-12 2018-06-12 A kind of method and device of personal identification number protection

Publications (1)

Publication Number Publication Date
CN108718317A true CN108718317A (en) 2018-10-30

Family

ID=63911951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810602906.9A Pending CN108718317A (en) 2018-06-12 2018-06-12 A kind of method and device of personal identification number protection

Country Status (1)

Country Link
CN (1) CN108718317A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109379180A (en) * 2018-12-20 2019-02-22 湖南国科微电子股份有限公司 Aes algorithm implementation method, device and solid state hard disk

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905196A (en) * 2012-12-28 2014-07-02 北京握奇数据系统有限公司 PIN switch encryption method
CN104092683A (en) * 2014-07-04 2014-10-08 飞天诚信科技股份有限公司 PIN code protecting method and system
CN104915602A (en) * 2015-04-22 2015-09-16 飞天诚信科技股份有限公司 PIN code protection method under Android platform
CN105897748A (en) * 2016-05-27 2016-08-24 飞天诚信科技股份有限公司 Symmetric secrete key transmission method and device
KR20160118841A (en) * 2015-04-03 2016-10-12 주식회사 키페어 System and method for PIN certification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905196A (en) * 2012-12-28 2014-07-02 北京握奇数据系统有限公司 PIN switch encryption method
CN104092683A (en) * 2014-07-04 2014-10-08 飞天诚信科技股份有限公司 PIN code protecting method and system
KR20160118841A (en) * 2015-04-03 2016-10-12 주식회사 키페어 System and method for PIN certification
CN104915602A (en) * 2015-04-22 2015-09-16 飞天诚信科技股份有限公司 PIN code protection method under Android platform
CN105897748A (en) * 2016-05-27 2016-08-24 飞天诚信科技股份有限公司 Symmetric secrete key transmission method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109379180A (en) * 2018-12-20 2019-02-22 湖南国科微电子股份有限公司 Aes algorithm implementation method, device and solid state hard disk
CN109379180B (en) * 2018-12-20 2022-04-19 湖南国科微电子股份有限公司 AES algorithm implementation method and device and solid state disk

Similar Documents

Publication Publication Date Title
US4652990A (en) Protected software access control apparatus and method
CN100592687C (en) Encryption communication system for generating passwords on the basis of start information on both parties of communication
US5200999A (en) Public key cryptosystem key management based on control vectors
EP0674795B1 (en) Combination pin pad and terminal
JP2746352B2 (en) Secure security communication system and method for communication by a remotely located computer
US4369332A (en) Key variable generator for an encryption/decryption device
US20190188703A1 (en) Pos system with white box encryption key sharing
JP2001514834A (en) Secure deterministic cryptographic key generation system and method
CA1326535C (en) Device and method to render secure the transfer of data between a videotex terminal and a server
CN102419804A (en) Reliable software product confirmation and activation with redundancy security
JP2005510095A (en) Apparatus and method for reducing information leakage
US20150006404A1 (en) Cryptographic Authentication And Identification Method Using Real-Time Encryption
CN104464048B (en) A kind of electronic password lock method for unlocking and device
CN103559454B (en) Data protection system and method
CN108270561A (en) Data transmission method for uplink and device, the generation method of cipher key index and device
CN110166236A (en) Cipher key processing method, device and system and electronic equipment
CN105306200B (en) The encryption method and device of network account password
CN108718317A (en) A kind of method and device of personal identification number protection
US20020168067A1 (en) Copy protection method and system for a field-programmable gate array
KR100948043B1 (en) Method and apparatus for preventing cloning of security elements
CN107026729A (en) Method and apparatus for transmitting software
CN108259428A (en) A kind of system and method for realizing data transmission
CN108809925B (en) POS equipment data encryption transmission method, terminal equipment and storage medium
JP2005208841A (en) Communication system, portable terminal and program
JP2007183931A (en) Secure device, information processing terminal, server, and authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181030

RJ01 Rejection of invention patent application after publication