CN108718317A - A kind of method and device of personal identification number protection - Google Patents
A kind of method and device of personal identification number protection Download PDFInfo
- Publication number
- CN108718317A CN108718317A CN201810602906.9A CN201810602906A CN108718317A CN 108718317 A CN108718317 A CN 108718317A CN 201810602906 A CN201810602906 A CN 201810602906A CN 108718317 A CN108718317 A CN 108718317A
- Authority
- CN
- China
- Prior art keywords
- data packet
- encryption
- data
- numeric field
- filling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the method and device that information security field more particularly to a kind of personal identification number are protected, this method includes:Device receives plaintext personal identification number, and determine encryption mode, the 6th preset value tissue filling numeric field data is used when encryption mode is the first encryption mode, according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, handling result is encrypted using the encryption key to prestore to obtain ciphertext data packet;Ciphertext data packet is sent to server;Random number is generated when encryption mode is the second encryption mode as filling numeric field data, according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, clear data packet is encrypted using the encryption key to prestore to obtain ciphertext data packet;Ciphertext data packet is sent to server so that personal identification number is safer in transmission process.
Description
Technical field
The present invention relates to the method and devices that information security field more particularly to a kind of personal identification number are protected.
Background technology
With the fast development of electronic information technologies, it is increasingly general in daily life to carry out electronic transaction using fiscard
And.It is in the prior art the safety for improving electronic transaction, needs to carry out authentication, existing body in electronic transaction process
Part verification method majority be fiscard user data interaction is carried out with fiscard host computer (host computer can be transaction eventually
End, for example, POS machine) on input personal identification number, and personal identification number is transferred to verification equipment and is verified.
In the prior art, authentication performed in electronic transaction process has the following defects:It is used in authentication
During being transferred to verification equipment progress personal identification number verification after inputting personal identification number in terminal, there are personal knowledges at family
The risk of other code leakage, opportunity is brought to unauthorized theft personal identification number.
Invention content
In order to solve the above technical problems, the present invention provides a kind of method and devices of personal identification number protection;
The present invention provides a kind of method of personal identification number protection, including:
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to encryption parameter, when adding
When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data,
According to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the account in encryption parameter is used
Numeric field data carries out the first default processing to clear data packet, is encrypted to obtain to handling result using the encryption key to prestore close
Literary data packet;Ciphertext data packet is sent to server;
Step S3, device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to
Numeric field data, plaintext personal identification number and region filling data organization clear data packet are controlled, using the encryption key to prestore in plain text
Data packet is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
The present invention provides a kind of device of personal identification number protection, including:
Receiving module, for receiving plaintext personal identification number and encryption parameter;
First judgment module, the encryption parameter for being received according to receiving module determine encryption mode;
First encryption mode module includes:
First control domain data generating unit, for when the first judgment module determines that encryption mode is the first encryption mode
Setting control numeric field data is the first preset value;
First region filling data generating unit, for when the first judgment module determines that encryption mode is the first encryption mode
Use the 6th preset value tissue filling numeric field data;
First clear data packet generation unit, the control domain number for being generated according to the first control domain data generating unit
The region filling data organization that the plaintext personal identification number and the first region filling data generating unit received according to, receiving module generates
Clear data packet;
First default processing unit, the account numeric field data pair first in the encryption parameter for being received using receiving module
The clear data packet that clear data packet generation unit generates carries out the first default processing;
First encryption unit, for using the handling result of the first default processing unit of the encryption key pair to prestore to add
It is close to obtain ciphertext data packet;
Sending module, the ciphertext data packet for generating the first encryption unit are sent to server;
Second encryption mode module includes:
Second control domain data generating unit, for when the first judgment module determines that encryption mode is the second encryption mode
Setting control numeric field data is the second preset value;
Second region filling data generating unit, for when the first judgment module determines that encryption mode is the second encryption mode
Random number is generated as filling numeric field data;
Second plaintext packet generation unit, the control domain number for being generated according to the second control domain data generating unit
The region filling data organization that the plaintext personal identification number and the second region filling data generating unit received according to, receiving module generates
Clear data packet;
Second encryption unit, the plaintext for using the encryption key to prestore to generate second plaintext packet generation unit
Data packet is encrypted to obtain ciphertext data packet;
Sending module is additionally operable to the ciphertext data packet that the second encryption unit generates being sent to server.
Beneficial effects of the present invention are:The present invention is effectively prevented by handling personal identification number and encrypting
Personal identification number is revealed so that personal identification number is safer in transmission process.
Description of the drawings
Illustrate the embodiment of the present invention or technical solution in the prior art in order to clearer, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow chart of the method for personal identification number protection that the embodiment of the present invention 2 provides;
Fig. 2 is a kind of block diagram of the device for personal identification number protection that the embodiment of the present invention 3 provides.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
The present embodiment provides a kind of methods of personal identification number protection, including:
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to encryption parameter, when adding
When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data,
According to control numeric field data, plaintext personal identification number and region filling data organization clear data packet, the account in encryption parameter is used
Numeric field data carries out the first default processing to clear data packet, is encrypted to obtain to handling result using the encryption key to prestore close
Literary data packet;Ciphertext data packet is sent to server;
Step S3, device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to
Numeric field data, plaintext personal identification number and region filling data organization clear data packet are controlled, using the encryption key to prestore in plain text
Data packet is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
Specifically, generation random number is specially as filling numeric field data:Device is true according to the length of plaintext personal identification number
Determine region filling data length, it is to fill the random number of length of field to generate length, using random number as filling numeric field data.
Specifically, clear data packet is encrypted to obtain ciphertext data packet using the encryption key to prestore be specially:Make
3DES encryption operation is carried out to clear data packet with the encryption key to prestore and obtains ciphertext data packet.
Preferably, further include in step S1:When device judge encryption mode for third encryption mode when, execute step S4;
Step S4 is that device setting control numeric field data is third preset value, and uses the 6th preset value tissue filling domain number
According to public using the I C cards to prestore according to control numeric field data, plaintext personal identification number and region filling data organization clear data packet
Key is encrypted clear data packet to obtain ciphertext data packet;APDU of the tissue comprising ciphertext data packet is instructed, and APDU is instructed
It is sent to card.
Specifically, being specially using the 6th preset value tissue filling numeric field data:Device is according to the length of plaintext personal identification number
Degree determines region filling data length, so that its length is reached region filling data length using the 6th preset value tissue filling numeric field data.
Preferably, in step S4, according to control numeric field data, plaintext personal identification number and region filling data organization clear data
After packet, specifically include:Device acquisition instruction from encryption parameter sends format, when it is that ciphertext is sent that instruction, which sends format,
Encryption mode is encrypted clear data packet to obtain ciphertext data packet using the I C cards public keys to prestore;Tissue includes ciphertext number
It is instructed according to the APDU of packet, and APDU instructions is sent to card;When it is to send in plain text that instruction, which sends format, tissue is comprising in plain text
The APDU of data packet is instructed, and APDU instructions are sent to card.
It should be noted that personal identification number (full name in English:Persona l I dent i f i cat i on
Number, english abbreviation:PI N);
Specifically, clear data packet is encrypted to obtain ciphertext data packet using the I C cards public keys to prestore be specially:Make
Rsa encryption operation is carried out to clear data packet with the I C cards public keys to prestore and obtains ciphertext data packet.
Preferably, further include in step S1:When device judgement encryption mode is four encryption mode, step S5 is executed;
Step S5 is that device setting control numeric field data is the 4th preset value, and generates random number, and second is carried out to random number
Default processing, using handling result as filling numeric field data, according to control numeric field data, plaintext personal identification number and region filling data group
Knit clear data packet;The first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, using prestoring
Encryption key handling result is encrypted to obtain ciphertext data packet;Ciphertext data packet is sent to server.
Specifically, the first default processing is carried out to clear data packet using the account numeric field data in encryption parameter, using pre-
The encryption key deposited is encrypted to obtain ciphertext data packet to handling result:Use the account numeric field data in encryption parameter
XOR operation is carried out to clear data packet, carrying out 3DES encryption operation to XOR operation result using the encryption key to prestore obtains
Ciphertext data packet.
Specifically, generating random number, the second default processing is carried out to random number, using handling result as filling numeric field data tool
Body is:Device determines that region filling data length, generation length are region filling data length according to the length of plaintext personal identification number
Random number, successively from random number obtain a byte, by the 9th preset value of byte pair got carry out complementation, root
Corresponding preset data is obtained according to remainder result, and replaces the current byte in random number using preset data, it will be whole
Random number after the completion of byte is replaced is used as filling numeric field data.
Preferably, further include in step S1:When device judgement encryption mode is five encryption mode, step S6 is executed;
Step S6 is that device sets control numeric field data to the 5th preset value, and generates region filling number using the 7th preset value
According to, and generate random number as random numeric field data, according to control numeric field data, plaintext personal identification number, filling numeric field data and with
Machine numeric field data tissue clear data packet, is encrypted clear data packet using the AES key to prestore, using in encryption parameter
Account numeric field data the first default processing is carried out to encrypted result, reuse AES key handling result is encrypted to obtain it is close
Literary data packet;Ciphertext data packet is sent to server.
Specifically, being specially using the 7th preset value generation filling numeric field data:Device is according to the length of plaintext personal identification number
Degree determines region filling data length, so that its length is dealt into region filling data length using the 7th preset value tissue filling numeric field data.
It should be noted that further including after tissue clear data packet in the present embodiment:Device destroys personal identification in plain text
Code;Obtaining ciphertext data packet further includes later:Device destroys clear data packet.
Preferably, after device receives plaintext personal identification number and encryption parameter, further include:Device judges personal knowledge in plain text
Whether other code is legal, is to continue;Otherwise terminate.
Embodiment 2
The present embodiment provides a kind of methods of personal identification number protection, referring to Fig. 1, including:
Step 101, device receive plaintext personal identification number and encryption parameter;
Specifically, in the present embodiment, the plaintext personal identification number that device receives is specially 1234;
Encryption parameter is identified including at least encryption mode;Further include that account numeric field data or data send format;
When encryption mode is identified as 01, further include in encryption parameter:Account numeric field data;When encryption mode is 03, add
Further include in close parameter:Data send format;When encryption mode is 04, further include in encryption parameter:Account numeric field data;When adding
When close pattern is 05, further include in encryption parameter:Account numeric field data;
Step 102, device judge whether plaintext personal identification number is legal, are to then follow the steps 103, otherwise report an error, and terminate;
Specifically, device judge plaintext personal identification number length whether in 2 bytes between 6 bytes, being to judge
Plaintext personal identification number is legal, otherwise judges that plaintext personal identification number is illegal.
In the present embodiment, the length of plaintext personal identification number is that 2 bytes be in 2 bytes between 6 bytes, therefore individual in plain text
Identification code is legal.
Step 103, device obtain encryption mode mark from encryption parameter, are identified according to encryption mode and judge encryption mould
Formula executes step 104 when encryption mode is the first encryption mode;When encryption mode is the second encryption mode, step is executed
113;When encryption mode is third encryption mode, step 120 is executed;When encryption mode is four encryption mode, step is executed
Rapid 132;When encryption mode is five encryption mode, step 141 is executed;
Specifically, when encryption mode is identified as 01, then encryption mode is judged for the first encryption mode, when encryption mode mark
Know when being 02, then judge encryption mode for the second encryption mode, when encryption mode is identified as 03, then judges encryption mode for the
Three encryption modes then judge encryption mode for the 4th encryption mode, when encryption mode is identified as when encryption mode is identified as 04
When 05, then encryption mode is judged for the 5th encryption mode,
Step 104, device are using the first preset value as control numeric field data;
Specifically, the first preset value is specially 0;
Step 105, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device according to plaintext personal identification number determine filling length of field so that plaintext personal identification number length with
The summation for filling length of field is equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 106, device make its length reach filling length of field using the 6th preset value tissue filling numeric field data;
Specifically, the 6th preset value is F;In the present embodiment, filling numeric field data is specially FFFFFFFFFF.
Step 107, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling
Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 0, the length 4 of plaintext personal identification number, plaintext personal identification number 1234
Clear data packet is obtained with filling numeric field data FFFFFFFFFF sequential concatenations, clear data packet is specially
041234FFFFFFFFFF;
Step 108, device destroy plaintext personal identification number;
Step 109, device obtain account numeric field data from encryption parameter, judge whether the length of account numeric field data is more than the
Eight preset values are the end that reports an error, return to step 101;It is no to then follow the steps 110;
Specifically, the account numeric field data that device is got from encryption parameter is specially 0000123456789012;
8th preset value is specially 8 bytes;
Step 110, device access to your account numeric field data to clear data packet carry out XOR operation obtain operation result;
In the present embodiment, device carries out XOR operation using 0000123456789012 couple of 041234FFFFFFFFFF and obtains
Operation result be specially 041226CBA9876FED;
Step 111, device obtain the encryption key to prestore and obtain ciphertext data to operation result progress 3DES encryption operation
Packet;
The encryption key to prestore in the present embodiment is specially 1234567887654321;Using encryption key to XOR operation
As a result it is specially EC4B9E63EDFB4CFA that 041226CBA9876FED, which carries out the ciphertext data packet that 3DES encryption operation obtains,;
Step 112, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 113, device are using the second preset value as control numeric field data;
Specifically, the second preset value is specially 1;
Step 114, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that personal identification number length
It is equal to 7 bytes with the summation of filling length of field;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
It is to fill the random number of length of field that step 115, device, which generate length, using the random number of generation as region filling number
According to;
Specifically, encryption mode generates the random number that length is 5 bytes, random number is specially D24578ADEF;
Step 116, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling
Numeric field data tissue clear data packet;
Specifically, encryption mode will control numeric field data 1, length 4, the plaintext personal identification number 1234 of plaintext personal identification number
Clear data packet is obtained with filling numeric field data D24578ADEF sequential concatenations, clear data packet is specially
141234D24578ADEF;
Step 117, device destroy plaintext personal identification number;
Step 118, device obtain the encryption key to prestore and obtain ciphertext number to the progress 3DES encryption operation of clear data packet
According to packet;
In the present embodiment, encryption key is specially 1234567887654321, using encryption key to clear data packet into
The ciphertext data packet that row 3DES encryption operation obtains is specially:6F4C3A33BD36BB5F;
Step 119, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 120, device are using third preset value as control numeric field data;
In the present embodiment, third preset value is specially 2;
Step 121, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number
Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 122, device make its length reach filling length of field using the 6th preset value tissue filling numeric field data;
Specifically, the 6th preset value is F;In the present embodiment, filling numeric field data is specially FFFFFFFFFF.
Step 123, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling
Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 2, the length 4 of plaintext personal identification number, plaintext personal identification number 1234
Clear data packet is obtained with filling numeric field data FFFFFFFFFF sequential concatenations, clear data packet is specially
241234FFFFFFFFFF;
Step 124, device destroy plaintext personal identification number;
Step 125, the device acquisition instruction from encryption parameter send format;
Step 126, device decision instruction send format, are that ciphertext executes step 127 when sending when instruction sends format;When
It is to execute step 129 when sending in plain text that instruction, which sends format,;
Step 127, device carry out rsa encryption to clear data packet using the I C cards public keys to prestore and obtain ciphertext data packet;
Specifically, device is filled clear data packet so that the length after filling is equal to 256 bytes;
In the present embodiment fill after data be specially:
241234FFFFFFFFFF1505830324481733831594189525975565855368298654883571376119536
19708879349297526251006324694849167227209874282361125187624540843593283378904
64239971669114777371817180946715566062473981992157605717384222994389161821187
81347315493772884679768141837412661499488399555355298621684676696429583637959
10274837364556803432914265150334010070538257862907523257165208530614496721449
57654612156691247578653160573034681637218577718953258696804244870286673114546
32297341269464205853822885662907982979892633643489
The IC card public key to prestore in the present embodiment is specially:2048
DFD6366B30942883FA96D6D9563B848A90F15E03FE0FCD538017E7BBDAF18EB40529FE4BB2C5E
78259C1A436562F28B2FA143B4B5384DCA0C867EE93F996EE6DB212D847DAA806127093F9D8B4
54690FD236F907A09D45E1CBC0C1EA1CF3248B4A122DCC53487DC4E558AC0DFD22B8D2A15B3E1
CD5EC9A0BA0B733AD32B7040BA1832FB5A2A90E31452AC64F586534BB550EDB86E3DE9866DC2E
75D6E105F42E409047823292C439D53967CECE9428F5175254DE1937F7AE73661E7D267BBF805
003494C9869C2BC4EB87F65AD3DEFF2CEB5C582BB65045C99DD7D393E14FDD789E313A0583D01
9F2B08B2A27224050FCFCA6662FF26E7895211332C7595EEFF 00010001
Rsa encryption is carried out to the data after filling using the I C cards public keys to prestore and obtains ciphertext data packet;Ciphertext data packet
Specially:
38DA23039DB8E1795BD3D520EFEEC2DEC96063568108485670E18A363C8BA6E42AC9B06D20BD5
ECB0219FEAB3FB4336DF526BD3E0406362017B808F7D6031E16ADED860A
E2B873F7895AD8A98765F6E0B9D859E340D89396FA39AE8AE7D1C804BF117E1E0F501AAF43994
B045989D19641A147EE5FA83D107D2523CE7733A5AAA3FE6A1A8F382644A76D5CAA3BA91A3C82
DE7523200164F57AFBAF801AB0EEC285ED1FB3D2B052A45C2D
F7AD63565AB77513CD45A2E3EB665B28383FF26343248B47A53096A2FAFEFCA5853C
B3EBADFD7CEADAAE26465A31FB4EA6B44232CB68051BD4197A0D7ACEE4CD8FCEE7890F5745DE3
9FC2961654AEB8FDDEB3306AD83;
Step 128, device tissue include that the APDU of ciphertext data packet is instructed, and APDU instructions are sent to card;Execute step
Rapid 130;
In the present embodiment, the APDU instructions comprising ciphertext data packet of device tissue are specially:
002000880038DA23039DB8E1795BD3D520EFEEC2DEC96063568108485670E18A363C8BA6E42AC
9B06D20BD5ECB0219FEAB3FB4336DF526BD3E0406362017B808F7D6031E16ADED860AE2B873F7
895AD8A98765F6E0B9D859E340D89396FA39AE8AE7D1C804BF117E1E0F501AAF43994B045989D
19641A147EE5FA83D107D2523CE7733A5AAA3FE6A1A8F382644A76D5CAA3BA91A3C82DE752320
0164F57AFBAF801AB0EEC285ED1FB3D2B052A45C2DF7AD63565AB77513CD45A2E3EB665B28383
FF26343248B47A53096A2FA
FEFCA5853CB3EBADFD7CEADAAE26465A31FB4EA6B44232CB68051BD4197A0D7ACEE4CD8FCEE78
90F5745DE39FC2961654AEB8FDDEB3306AD83;
Step 129, device tissue include that the APDU of clear data packet is instructed, and APDU instructions are sent to card;
The APDU organized in the present embodiment is instructed:0020008000241234FFFFFFFFFF;
Step 130, device judge whether APDU instructions send success, are to then follow the steps 131;Otherwise report an error end;
Specifically, device receives the response data that card returns, judges whether response data is 9000, be to judge APDU
Instruction is sent successfully, otherwise judges that APDU instructions send failure.
Step 131, device destroy clear data packet, terminate;
Step 132, device are using the 4th preset value as control numeric field data;
In the present embodiment, the 4th preset value is specially 3;
Step 133, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number
Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
It is to fill the random number of length of field that step 134, device, which generate length, carries out default processing to random number, will handle
Result afterwards is as filling numeric field data;
In the present embodiment, the random number that device generates is specially:689A67B9A7;A word is obtained from random number successively
Section currently will replace with A when remainder result is 0 to 6 remainder of byte pair got from the byte of the acquisition in random number;
When remainder result is 1, currently B will be replaced with from the byte of the acquisition in random number;When remainder result be 2 when, will currently from
The byte of acquisition in random number replaces with C;When remainder result is 3, will currently be replaced from the byte of the acquisition in random number
For D;When remainder result is 4, currently E will be replaced with from the byte of the acquisition in random number;When remainder result is 5, will work as
The preceding byte from the acquisition in random number replaces with F;
For example, the first character section that is got from random number of device is 6, to 6 remainder of byte pair got, remainder
As a result it is 0, then the first character section of random number is replaced with into A;
It obtains filling numeric field data being specially ACDEABFDEB after carrying out remainder assignment processing in the present embodiment;
Step 135, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number and filling
Numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 3, the length 4 of plaintext personal identification number, plaintext personal identification number 1234
Clear data packet is obtained with filling numeric field data ACDEABFDEB sequential concatenations, clear data packet is specially
341234ACDEABFDEB;
Step 136, device destroy plaintext personal identification number;
Step 137, device obtain account numeric field data from encryption parameter, judge whether the length of account numeric field data is more than the
Eight preset values are the end that reports an error;It is no to then follow the steps 138;
Specifically, the account numeric field data that device is got from encryption parameter is specially 0000123456789012;
Specifically, the 5th preset value is specially 8 bytes;
Step 138, device access to your account numeric field data to clear data packet carry out XOR operation obtain operation result;
In the present embodiment, device carries out XOR operation using 0000123456789012 couple of 341234ACDEABFDEB and obtains
Operation result be specially 3412269888D36DF9;
Step 139, device obtain the encryption key to prestore and obtain ciphertext data to operation result progress 3DES encryption operation
Packet;
In the present embodiment, encryption key is specially 1234567887654321;Operation result is carried out using encryption key
3DES encryption obtains ciphertext data packet, and ciphertext data packet is specially BFE85569D72C8607;
Step 140, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Step 141, device are using the 5th preset value as control numeric field data;
In the present embodiment, the 5th preset value is specially 4;
Step 142, device determine filling length of field according to the length of plaintext personal identification number;
Specifically, device determines filling length of field according to the length of plaintext personal identification number so that plaintext personal identification number
Length with filling length of field summation be equal to 7 bytes;
In the present embodiment, the length of plaintext personal identification number is 2 bytes, therefore it is 5 bytes to fill length of field;
Step 143, device make its length reach filling length of field, and generate using the 7th preset value tissue filling numeric field data
Length is the random number of preset length as random numeric field data;
In the present embodiment, the 7th preset value is specially A;In the present embodiment, device uses the 6th preset value A tissue fillings domain
Data make its length reach filling 10 byte of length of field, and filling numeric field data is specially AAAAAAAAAA;And it is 8 bytes to generate length
Random number as random number field, random number field is specially in the present embodiment:8395487282872419;
Step 144, device are according to control numeric field data, the length of plaintext personal identification number, plaintext personal identification number, region filling
Data and random numeric field data tissue clear data packet;
In the present embodiment, device will control numeric field data 4, the length 4 of plaintext personal identification number, plaintext personal identification number
1234, it fills numeric field data AAAAAAAAAA and 8395487282872419 sequential concatenation of random number field obtains clear data packet, it is bright
The literary specific 441234AAAAAAAAAA8395487282872419 of data packet;
Step 145, device destroy plaintext personal identification number;
Step 146, device carry out AES encryption using the AES key to prestore to clear data packet, and access to your account numeric field data pair
Encrypted result carries out XOR operation, and XOR operation result is encrypted using AES key to obtain ciphertext data packet;
In the present embodiment, the AES key to prestore is specially:12345678876543211234567887654321;It uses
AES key carries out AES encryption to clear data packet, and encrypted result is specially
D84D4BC066244A5491EF1617B8463CAA;Account numeric field data is specially
01234567890120000000000000000000;The numeric field data that accesses to your account carries out XOR operation to encrypted result and obtains operation
As a result, operation result is specially D96E0EA7EF256A5491EF1617B8463CAA;Using AES key to the fortune of XOR operation
It calculates result to be encrypted to obtain ciphertext data packet again, ciphertext data packet is specially
088601C52A8EC350EBA79306F6B1E2B8;
Step 147, device destroy clear data packet, and ciphertext data packet are sent to server, terminate;
Embodiment 3
The present embodiment provides a kind of personal identification number protective devices, referring to Fig. 2, including:
Receiving module 11, for receiving plaintext personal identification number and encryption parameter;
First judgment module 12, the encryption parameter for being received according to receiving module 11 determine encryption mode;
First encryption mode module 13 includes:
First control domain data generating unit 131, for determining that encryption mode is the first encryption when the first judgment module 12
Setting control numeric field data is the first preset value when pattern;
First region filling data generating unit 132, for determining that encryption mode is the first encryption when the first judgment module 12
The 6th preset value tissue filling numeric field data is used when pattern;
First clear data packet generation unit 133, the control for being generated according to the first control domain data generating unit 131
The filling that the plaintext personal identification number and the first region filling data generating unit 132 that numeric field data, receiving module 11 receive generate
Numeric field data tissue clear data packet;
First default processing unit 134, the account numeric field data in the encryption parameter for being received using receiving module 11
First default processing is carried out to the clear data packet that the first clear data packet generation unit 133 generates;
First encryption unit 135, the handling result for using the first default processing unit 134 of encryption key pair to prestore
It is encrypted to obtain ciphertext data packet;
Sending module 14, the ciphertext data packet for generating the first encryption unit 135 are sent to server;
Second encryption mode module 15 includes:
Second control domain data generating unit 151, for determining that encryption mode is the second encryption when the first judgment module 12
Setting control numeric field data is the second preset value when pattern;
Second region filling data generating unit 152, for determining that encryption mode is the second encryption when the first judgment module 12
Random number is generated when pattern as filling numeric field data;
Second plaintext packet generation unit 153, the control for being generated according to the second control domain data generating unit 151
The filling that the plaintext personal identification number and the second region filling data generating unit 152 that numeric field data, receiving module 11 receive generate
Numeric field data tissue clear data packet;
Second encryption unit 154, for using the encryption key to prestore to generate second plaintext packet generation unit 153
Clear data packet be encrypted to obtain ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the second encryption unit 154 generates being sent to server.
Specifically, the second region filling data generating unit 152, specifically for the plaintext received according to receiving module 11
The length of people's identification code determines region filling data length, generates the random number that length is region filling data length, random number is made
To fill numeric field data.
Specifically, the second encryption unit 154, specifically for using the encryption key to prestore to generate second plaintext data packet
The clear data packet that unit 153 generates carries out 3DES encryption operation and obtains ciphertext data packet.
Specifically, the first region filling data generating unit 132, is specifically used for determining encryption mode when the first judgment module 12
The length of plaintext personal identification number to be received according to receiving module 11 when the first encryption mode determines region filling data length,
Its length is set to reach region filling data length using the 6th preset value tissue filling numeric field data.
Specifically, the first default processing unit 134, specifically in the encryption parameter that is received using receiving module 11
The clear data packet that account numeric field data pair the first clear data packet generation unit 133 generates uses the account domain number in encryption parameter
XOR operation is carried out according to clear data packet;
First encryption unit 135, specifically for using the first default processing unit 134 of encryption key pair to prestore to generate
XOR operation result carries out 3DES encryption operation and encrypts to obtain ciphertext data packet.
Preferably, which further includes third encryption mode module;
Third encryption mode module includes:
Third control domain data generating unit, for determining that encryption mode is third encryption mode when the first judgment module 12
When setting control numeric field data be third preset value;
Third region filling data generating unit, for determining that encryption mode is third encryption mode when the first judgment module 12
When use the 6th preset value tissue filling numeric field data;
Third clear data packet generation unit, the control domain number for being generated according to third control domain data generating unit
The region filling data group that the plaintext personal identification number and third region filling data generating unit received according to, receiving module 11 generates
Knit clear data packet;
Third encryption unit, the plaintext for using the IC card public key to prestore to generate third clear data packet generation unit
Data packet is encrypted to obtain ciphertext data packet;
APDU instruction generation units, the APDU instructions for generating the ciphertext data packet generated comprising third encryption unit;
Sending module 14 is additionally operable to the APDU instructions that APDU instruction generation units generate being sent to card.
Preferably, third encryption mode module further includes:Judging unit;
Judging unit, specifically for the acquisition instruction transmission format from the encryption parameter that receiving module 11 receives;Judge
Instruction sends format;
Third encryption unit is specifically used for when it is that ciphertext is sent that judging unit decision instruction, which sends format, using prestoring
IC card public key clear data packet that third clear data packet generation unit is generated be encrypted to obtain ciphertext data packet;
APDU instruction generation units are additionally operable to when judging unit decision instruction sends format be that tissue includes when plaintext is sent
The APDU instructions for the clear data packet that third clear data packet generation unit generates.
Specifically, third encryption unit, single specifically for using the I C cards public keys to prestore to generate third clear data packet
The clear data packet that member generates carries out rsa encryption operation and obtains ciphertext data packet.
Preferably, which further includes the 4th encryption mode module;
4th encryption mode module includes:
4th control domain data generating unit, for determining that encryption mode is the 4th encryption mode when the first judgment module 12
When setting control numeric field data be the 4th preset value;
4th region filling data generating unit, for determining that encryption mode is the 4th encryption mode when the first judgment module 12
Shi Shengcheng random numbers carry out the second default processing, using handling result as filling numeric field data to random number;
4th clear data packet generation unit, the control domain number for being generated according to the 4th control domain data generating unit
The region filling data group that the plaintext personal identification number and the 4th region filling data generating unit received according to, receiving module 11 generates
Knit clear data packet;
Second default processing unit, the account numeric field data pair in the encryption parameter for being received using receiving module 11
The clear data packet that four clear data packet generation units generate carries out the first default processing;
4th encryption unit, for use the handling result that the second default processing unit of the encryption key pair to prestore obtains into
Row encryption obtains ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the 4th encryption unit is encrypted being sent to server.
Specifically, the 4th region filling data generating unit, specifically for determining that encryption mode is when the first judgment module 12
The length of the plaintext personal identification number received according to receiving module 11 when four encryption modes determines region filling data length, raw
At the random number that length is region filling data length, a byte is obtained from random number successively, by the byte pair got the
Nine preset values carry out complementation, obtain corresponding preset data according to remainder result, and using preset data replace with
Current byte in machine number, the random number after the completion of whole bytes are replaced is as filling numeric field data.
Preferably, which further includes the 5th encryption mode module;
5th, which encrypts mode module, includes:
5th control domain data generating unit, for determining that encryption mode is the 5th encryption mode when the first judgment module 12
When setting control numeric field data be the 5th preset value;
5th region filling data generating unit, for determining that encryption mode is the 5th encryption mode when the first judgment module 12
When using the 7th preset value generate filling numeric field data;
Random numeric field data generation unit, for when the first judgment module 12 determines that encryption mode is five encryption mode
Generate random number;
5th clear data packet generation unit, the control domain number for being generated according to the 5th control domain data generating unit
Filling numeric field data that plaintext personal identification number, the 5th region filling data generating unit received according to, receiving module 11 generates and
The random numeric field data tissue clear data packet that random numeric field data generation unit generates;
5th encryption unit, the plaintext for using the 5th clear data packet generation unit of AES key pair to prestore to generate
Data packet is encrypted to obtain encrypted result;
Third presets processing unit, the account numeric field data pair in the encryption parameter for being received using receiving module 11
The encrypted result that five encryption units are encrypted carries out the first default processing;
6th encryption unit, for use the AES key to prestore to third preset handling result that processing unit obtains into
Row encryption obtains ciphertext data packet;
Sending module 14 is additionally operable to the ciphertext data packet that the 6th encryption unit is encrypted being sent to server.
Specifically, the 5th region filling data generating unit, specifically for determining that encryption mode is when the first judgment module 12
Region filling data length is determined according to the length of plaintext personal identification number when five encryption modes, is filled out using the 7th preset value tissue
Filling numeric field data makes its length be dealt into region filling data length.
Preferably, which further includes:
First destroys module, bright for being destroyed after the first clear data packet generation unit 133 generates clear data packet
Literary personal identification number;It is additionally operable to destroy after second plaintext packet generation unit 153 generates clear data packet personal in plain text
Identification code;
Second destroys module, for destroying clear data packet after the first encryption unit 135 generates ciphertext data packet;Also
For destroying clear data packet after the second encryption unit 154 generates ciphertext data packet.
Preferably, which further includes:
Second judgment module, for judging whether the plaintext personal identification number that receiving module 11 receives is legal;
First judgment module 12 is specifically used for when the second judgment module judgement plaintext personal identification number is legal, according to connecing
It receives the encryption parameter that module 11 receives and determines encryption mode.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Any one skilled in the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, all
It is covered by the protection scope of the present invention.Therefore, protection scope of the present invention is answered described with scope of the claims
Subject to.
Claims (28)
1. a kind of method of personal identification number protection, which is characterized in that
Step S1, device receives plaintext personal identification number and encryption parameter, and encryption mode is determined according to the encryption parameter, when adding
When close pattern is the first encryption mode, step S2 is executed;When encryption mode is the second encryption mode, step S3 is executed;
Step S2, described device setting control numeric field data is the first preset value, and uses the 6th preset value tissue filling numeric field data,
According to control numeric field data, the plaintext personal identification number and the region filling data organization clear data packet, the encryption is used
Account numeric field data in parameter carries out the first default processing to the clear data packet, is tied to processing using the encryption key to prestore
Fruit is encrypted to obtain ciphertext data packet;The ciphertext data packet is sent to server;
Step S3, described device setting control numeric field data is the second preset value, and generates random number and be used as filling numeric field data, according to
Numeric field data, the plaintext personal identification number and the region filling data organization clear data packet are controlled, it is close using the encryption to prestore
Key is encrypted to obtain ciphertext data packet to the clear data packet;The ciphertext data packet is sent to server.
2. the method as described in claim 1, which is characterized in that the generation random number conduct fills numeric field data and is specially:Institute
It states device and determines that region filling data length, generation length are the filling length of field according to the length of the plaintext personal identification number
Random number, using the random number as filling numeric field data.
3. the method as described in claim 1, which is characterized in that described to use the encryption key to prestore to the clear data packet
Be encrypted to obtain ciphertext data packet be specially:3DES encryption fortune is carried out to the clear data packet using the encryption key to prestore
Calculation obtains ciphertext data packet.
4. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt
When pattern is third encryption mode, step S4 is executed;
The step S4 is that described device setting control numeric field data is third preset value, and uses the 6th preset value tissue filling domain
Data use the IC to prestore according to control numeric field data, plaintext personal identification number and the region filling data organization clear data packet
Card public key is encrypted to obtain ciphertext data packet to the clear data packet;APDU of the tissue comprising ciphertext data packet is instructed, and
APDU instructions are sent to card.
5. method as described in claim 1 or 4, which is characterized in that described to be had using the 6th preset value tissue filling numeric field data
Body is:Described device determines region filling data length according to the length of the plaintext personal identification number, uses the 6th preset value group
Knitting filling numeric field data makes its length reach the region filling data length.
6. method as claimed in claim 4, which is characterized in that in the step S4, according to control numeric field data, in plain text personal knowledge
After other code and the region filling data organization clear data packet, specifically include:Described device acquisition instruction from encryption parameter
Format is sent, when it is that ciphertext is sent that instruction, which sends format, the encryption mode is using the IC card public key to prestore to the plaintext
Data packet is encrypted to obtain ciphertext data packet;APDU of the tissue comprising ciphertext data packet is instructed, and the APDU is instructed and is sent out
Give card;When it is to send in plain text that instruction, which sends format, APDU of the tissue comprising the clear data packet is instructed, and will be described
APDU instructions are sent to card.
7. method as claimed in claim 4, which is characterized in that described to use the IC card public key to prestore to the clear data packet
Be encrypted to obtain ciphertext data packet be specially:Rsa encryption fortune is carried out to the clear data packet using the IC card public key to prestore
Calculation obtains ciphertext data packet.
8. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt
When pattern is four encryption mode, step S5 is executed;
The step S5 is that described device setting control numeric field data is the 4th preset value, and generates random number, to the random number
The second default processing is carried out, using handling result as filling numeric field data, according to controlling numeric field data, plaintext personal identification number and described
Region filling data organization clear data packet;The is carried out to the clear data packet using the account numeric field data in the encryption parameter
One default processing, is encrypted handling result using the encryption key to prestore to obtain ciphertext data packet;By the ciphertext data
Packet is sent to server.
9. the method as described in claim 1 or 8, which is characterized in that the account numeric field data using in the encryption parameter
First default processing is carried out to the clear data packet, handling result is encrypted using the encryption key to prestore to obtain ciphertext
Data packet is specially:XOR operation is carried out to clear data packet using the account numeric field data in encryption parameter, is added using what is prestored
Close key pair XOR operation result carries out 3DES encryption operation and obtains ciphertext data packet.
10. method as claimed in claim 8, which is characterized in that it is pre- to carry out second to the random number for the generation random number
If processing, it is specially using handling result as filling numeric field data:Described device is true according to the length of the plaintext personal identification number
Determine region filling data length, generate the random number that length is region filling data length, obtain a byte from random number successively,
The 9th preset value of byte pair got is subjected to complementation, corresponding preset data is obtained according to remainder result, and
The current byte in random number is replaced using preset data, the random number after the completion of whole bytes are replaced is as region filling number
According to.
11. the method as described in claim 1, which is characterized in that further include in the step S1:When described device judges to encrypt
When pattern is five encryption mode, step S6 is executed;
The step S6 is that described device sets control numeric field data to the 5th preset value, and generates filling using the 7th preset value
Numeric field data, and random number is generated as random numeric field data, according to control numeric field data, plaintext personal identification number, the region filling
Data and the random numeric field data tissue clear data packet, add the clear data packet using the AES key to prestore
It is close, the first default processing is carried out to encrypted result using the account numeric field data in the encryption parameter, reuses the AES key
Handling result is encrypted to obtain ciphertext data packet;The ciphertext data packet is sent to server.
12. the method as described in claim 1 or 4 or 8 or 11, which is characterized in that further include after tissue clear data packet:Institute
It states device and destroys plaintext personal identification number;Obtaining ciphertext data packet further includes later:Described device destroys clear data packet.
13. method as claimed in claim 11, which is characterized in that described specific using the 7th preset value generation filling numeric field data
For:Described device determines region filling data length according to the length of the plaintext personal identification number, uses the 7th preset value tissue
Filling numeric field data makes its length be dealt into the region filling data length.
14. the method as described in claim 1, which is characterized in that described device receives plaintext personal identification number and encryption parameter
Later, further include:Described device judges whether the plaintext personal identification number is legal, is to continue;Otherwise terminate.
15. a kind of device of personal identification number protection, which is characterized in that including:
Receiving module, for receiving plaintext personal identification number and encryption parameter;
First judgment module, the encryption parameter for being received according to the receiving module determine encryption mode;
First encryption mode module includes:
First control domain data generating unit determines that the encryption mode is the first encryption mould for working as first judgment module
Setting control numeric field data is the first preset value when formula;
First region filling data generating unit determines that the encryption mode is the first encryption mould for working as first judgment module
The 6th preset value tissue filling numeric field data is used when formula;
First clear data packet generation unit, the control domain number for being generated according to the first control domain data generating unit
The institute that the plaintext personal identification number and the first region filling data generating unit received according to, the receiving module generates
State region filling data organization clear data packet;
First default processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module
The clear data packet that the first clear data packet generation unit generates carries out the first default processing;
First encryption unit, for using the encryption key to prestore to add the handling result of the described first default processing unit
It is close to obtain ciphertext data packet;
Sending module, the ciphertext data packet for generating first encryption unit are sent to server;
Second encryption mode module includes:
Second control domain data generating unit determines that the encryption mode is the second encryption mould for working as first judgment module
Setting control numeric field data is the second preset value when formula;
Second region filling data generating unit determines that the encryption mode is the second encryption mould for working as first judgment module
Random number is generated when formula as filling numeric field data;
Second plaintext packet generation unit, the control domain number for being generated according to the second control domain data generating unit
The institute that the plaintext personal identification number and the second region filling data generating unit received according to, the receiving module generates
State region filling data organization clear data packet;
Second encryption unit, for using the encryption key to prestore to described in second plaintext packet generation unit generation
Clear data packet is encrypted to obtain ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that second encryption unit generates being sent to server.
16. device as claimed in claim 15, which is characterized in that the second region filling data generating unit is specifically used for
The length of the plaintext personal identification number received according to the receiving module determines region filling data length, generates length and is
The random number of the region filling data length, using the random number as filling numeric field data.
17. device as claimed in claim 15, which is characterized in that second encryption unit prestores specifically for using
Encryption key carries out 3DES encryption operation to the clear data packet that the second plaintext packet generation unit generates and obtains
Ciphertext data packet.
18. device as claimed in claim 15, which is characterized in that the first region filling data generating unit is specifically used for
When first judgment module determines the encryption mode as the institute that is received according to the receiving module when the first encryption mode
The length for stating literary personal identification number clearly determines region filling data length, makes its length using the 6th preset value tissue filling numeric field data
Reach the region filling data length.
19. device as claimed in claim 15, which is characterized in that the first default processing unit is specifically used for using institute
The account numeric field data stated in the encryption parameter that receiving module receives generates the first clear data packet generation unit
The clear data packet XOR operation is carried out to clear data packet using the account numeric field data in encryption parameter;
First encryption unit, it is different specifically for using the encryption key to prestore to generate the described first default processing unit
Or operation result carries out 3DES encryption operation and obtains ciphertext data packet.
20. device as claimed in claim 15, which is characterized in that further include third encryption mode module;
The third encryption mode module includes:
Third control domain data generating unit determines that the encryption mode is that third encrypts mould for working as first judgment module
Setting control numeric field data is third preset value when formula;
Third region filling data generating unit determines that the encryption mode is that third encrypts mould for working as first judgment module
The 6th preset value tissue filling numeric field data is used when formula;
Third clear data packet generation unit, the control domain number for being generated according to the third control domain data generating unit
The institute that the plaintext personal identification number and the third region filling data generating unit received according to, the receiving module generates
State region filling data organization clear data packet;
Third encryption unit, the plaintext for using the IC card public key to prestore to generate the third clear data packet generation unit
Data packet is encrypted to obtain ciphertext data packet;
APDU instruction generation units, the APDU instructions for generating the ciphertext data packet generated comprising the third encryption unit;
The sending module is additionally operable to the APDU instructions that the APDU instruction generation units generate being sent to card.
21. device as claimed in claim 20, which is characterized in that the third encryption mode module further includes:Judging unit;
The judging unit, specifically for the acquisition instruction transmission format from the encryption parameter that the receiving module receives;Sentence
Disconnected described instruction sends format;
The third encryption unit is specifically used for when judging unit judgement described instruction sends format and sent for ciphertext,
The clear data packet generated to the third clear data packet generation unit using the IC card public key to prestore is encrypted to obtain close
Literary data packet;
The APDU instruction generation units are additionally operable to when judging unit judgement described instruction sends format to send in plain text
The APDU instructions for the clear data packet that tissue is generated comprising the third clear data packet generation unit.
22. device as claimed in claim 20, which is characterized in that third encryption unit, specifically for using the IC card to prestore
Public key carries out rsa encryption operation to the clear data packet that the third clear data packet generation unit generates and obtains ciphertext data
Packet.
23. device as claimed in claim 15, which is characterized in that further include the 4th encryption mode module;
The 4th encryption mode module includes:
4th control domain data generating unit determines that the encryption mode is the 4th encryption mould for working as first judgment module
Setting control numeric field data is the 4th preset value when formula;
4th region filling data generating unit determines that the encryption mode is the 4th encryption mould for working as first judgment module
Random number is generated when formula, the second default processing is carried out to the random number, using handling result as filling numeric field data;
4th clear data packet generation unit, the control domain number for being generated according to the 4th control domain data generating unit
The institute that the plaintext personal identification number and the 4th region filling data generating unit received according to, the receiving module generates
State region filling data organization clear data packet;
Second default processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module
The clear data packet that the 4th clear data packet generation unit generates carries out the first default processing;
4th encryption unit, for use the handling result that the encryption key to prestore obtains the described second default processing unit into
Row encryption obtains ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that the 4th encryption unit is encrypted being sent to server.
24. device as claimed in claim 23, which is characterized in that the 4th region filling data generating unit is specifically used for working as institute
Stating the first judgment module determines the encryption mode by being stated clearly according to what the receiving module received when four encryption modes
The length of literary personal identification number determines region filling data length, generates the random number that length is region filling data length, successively from
A byte is obtained in random number, and the 9th preset value of byte pair got is subjected to complementation, is obtained according to remainder result
Corresponding preset data, and the current byte in random number is replaced using preset data, whole bytes are replaced into completion
Random number afterwards is as filling numeric field data.
25. device as claimed in claim 15, which is characterized in that further include the 5th encryption mode module;
Described 5th, which encrypts mode module, includes:
5th control domain data generating unit determines that the encryption mode is the 5th encryption mould for working as first judgment module
Setting control numeric field data is the 5th preset value when formula;
5th region filling data generating unit determines that the encryption mode is the 5th encryption mould for working as first judgment module
When formula filling numeric field data is generated using the 7th preset value;
Random numeric field data generation unit determines that the encryption mode is the 5th encryption mode for working as first judgment module
Shi Shengcheng random numbers;
5th clear data packet generation unit, the control domain number for being generated according to the 5th control domain data generating unit
The institute that the plaintext personal identification number, the 5th region filling data generating unit received according to, the receiving module generates
State the random numeric field data tissue clear data packet that filling numeric field data and the random numeric field data generation unit generate;
5th encryption unit, the plaintext for using the AES key to prestore to generate the 5th clear data packet generation unit
Data packet is encrypted to obtain encrypted result;
Third presets processing unit, the account numeric field data pair in the encryption parameter for being received using the receiving module
The encrypted result that 5th encryption unit is encrypted carries out the first default processing;
6th encryption unit, for use the AES key to prestore to the third preset the obtained handling result of processing unit into
Row encryption obtains ciphertext data packet;
The sending module is additionally operable to the ciphertext data packet that the 6th encryption unit is encrypted being sent to server.
26. device as claimed in claim 24, which is characterized in that the 5th region filling data generating unit is specifically used for working as institute
State the first judgment module determine the encryption mode be five encryption modes when it is true according to the length of the plaintext personal identification number
Determine region filling data length, so that its length is dealt into the region filling data length using the 7th preset value tissue filling numeric field data.
27. device as claimed in claim 15, which is characterized in that further include:
First destroys module, for destroying plaintext after the first clear data packet generation unit generates clear data packet
People's identification code;It is additionally operable to destroy personal identification in plain text after the second plaintext packet generation unit generates clear data packet
Code;
Second destroys module, for destroying clear data packet after first encryption unit generates ciphertext data packet;Also use
In destruction clear data packet after second encryption unit generates ciphertext data packet.
28. device as claimed in claim 15, which is characterized in that further include:
Second judgment module, for judging whether the plaintext personal identification number that the receiving module receives is legal;
First judgment module is specifically used for when second judgment module judges that the plaintext personal identification number is legal,
Encryption mode is determined according to the encryption parameter that the receiving module receives.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810602906.9A CN108718317A (en) | 2018-06-12 | 2018-06-12 | A kind of method and device of personal identification number protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810602906.9A CN108718317A (en) | 2018-06-12 | 2018-06-12 | A kind of method and device of personal identification number protection |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108718317A true CN108718317A (en) | 2018-10-30 |
Family
ID=63911951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810602906.9A Pending CN108718317A (en) | 2018-06-12 | 2018-06-12 | A kind of method and device of personal identification number protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108718317A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109379180A (en) * | 2018-12-20 | 2019-02-22 | 湖南国科微电子股份有限公司 | Aes algorithm implementation method, device and solid state hard disk |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103905196A (en) * | 2012-12-28 | 2014-07-02 | 北京握奇数据系统有限公司 | PIN switch encryption method |
CN104092683A (en) * | 2014-07-04 | 2014-10-08 | 飞天诚信科技股份有限公司 | PIN code protecting method and system |
CN104915602A (en) * | 2015-04-22 | 2015-09-16 | 飞天诚信科技股份有限公司 | PIN code protection method under Android platform |
CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
KR20160118841A (en) * | 2015-04-03 | 2016-10-12 | 주식회사 키페어 | System and method for PIN certification |
-
2018
- 2018-06-12 CN CN201810602906.9A patent/CN108718317A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103905196A (en) * | 2012-12-28 | 2014-07-02 | 北京握奇数据系统有限公司 | PIN switch encryption method |
CN104092683A (en) * | 2014-07-04 | 2014-10-08 | 飞天诚信科技股份有限公司 | PIN code protecting method and system |
KR20160118841A (en) * | 2015-04-03 | 2016-10-12 | 주식회사 키페어 | System and method for PIN certification |
CN104915602A (en) * | 2015-04-22 | 2015-09-16 | 飞天诚信科技股份有限公司 | PIN code protection method under Android platform |
CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109379180A (en) * | 2018-12-20 | 2019-02-22 | 湖南国科微电子股份有限公司 | Aes algorithm implementation method, device and solid state hard disk |
CN109379180B (en) * | 2018-12-20 | 2022-04-19 | 湖南国科微电子股份有限公司 | AES algorithm implementation method and device and solid state disk |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4652990A (en) | Protected software access control apparatus and method | |
CN100592687C (en) | Encryption communication system for generating passwords on the basis of start information on both parties of communication | |
US5200999A (en) | Public key cryptosystem key management based on control vectors | |
EP0674795B1 (en) | Combination pin pad and terminal | |
JP2746352B2 (en) | Secure security communication system and method for communication by a remotely located computer | |
US4369332A (en) | Key variable generator for an encryption/decryption device | |
US20190188703A1 (en) | Pos system with white box encryption key sharing | |
JP2001514834A (en) | Secure deterministic cryptographic key generation system and method | |
CA1326535C (en) | Device and method to render secure the transfer of data between a videotex terminal and a server | |
CN102419804A (en) | Reliable software product confirmation and activation with redundancy security | |
JP2005510095A (en) | Apparatus and method for reducing information leakage | |
US20150006404A1 (en) | Cryptographic Authentication And Identification Method Using Real-Time Encryption | |
CN104464048B (en) | A kind of electronic password lock method for unlocking and device | |
CN103559454B (en) | Data protection system and method | |
CN108270561A (en) | Data transmission method for uplink and device, the generation method of cipher key index and device | |
CN110166236A (en) | Cipher key processing method, device and system and electronic equipment | |
CN105306200B (en) | The encryption method and device of network account password | |
CN108718317A (en) | A kind of method and device of personal identification number protection | |
US20020168067A1 (en) | Copy protection method and system for a field-programmable gate array | |
KR100948043B1 (en) | Method and apparatus for preventing cloning of security elements | |
CN107026729A (en) | Method and apparatus for transmitting software | |
CN108259428A (en) | A kind of system and method for realizing data transmission | |
CN108809925B (en) | POS equipment data encryption transmission method, terminal equipment and storage medium | |
JP2005208841A (en) | Communication system, portable terminal and program | |
JP2007183931A (en) | Secure device, information processing terminal, server, and authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181030 |
|
RJ01 | Rejection of invention patent application after publication |