CN108768924A - Cash processing terminal safety certifying method, device and cash processing terminal - Google Patents

Cash processing terminal safety certifying method, device and cash processing terminal Download PDF

Info

Publication number
CN108768924A
CN108768924A CN201810283113.5A CN201810283113A CN108768924A CN 108768924 A CN108768924 A CN 108768924A CN 201810283113 A CN201810283113 A CN 201810283113A CN 108768924 A CN108768924 A CN 108768924A
Authority
CN
China
Prior art keywords
information
key
check value
data
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810283113.5A
Other languages
Chinese (zh)
Other versions
CN108768924B (en
Inventor
王利华
陈保生
黄三朋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GRG Banking Equipment Co Ltd
Guangdian Yuntong Financial Electronic Co Ltd
Original Assignee
Guangdian Yuntong Financial Electronic Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdian Yuntong Financial Electronic Co Ltd filed Critical Guangdian Yuntong Financial Electronic Co Ltd
Priority to CN201810283113.5A priority Critical patent/CN108768924B/en
Publication of CN108768924A publication Critical patent/CN108768924A/en
Application granted granted Critical
Publication of CN108768924B publication Critical patent/CN108768924B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/211Software architecture within ATMs or in relation to the ATM network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a kind of cash processing terminal safety certifying method, device and cash processing terminals, wherein the method includes:Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext Transaction Information;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are transferred to movement processor;Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data of feedback and data check value;Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second identity verifying information;Second identity verifying information and data check value are verified, verification result is obtained.The communication information can be effectively prevent to be tampered using this method, prevent trading instruction from being manipulated by illegal computers or illegal program, improve the safety of cash transaction processing.

Description

Cash processing terminal safety certifying method, device and cash processing terminal
Technical field
The present invention relates to cash processing and safety communication technology fields, recognize safely more particularly to a kind of cash processing terminal Demonstrate,prove method, apparatus and cash processing terminal.
Background technology
With advances in technology with society development, ATM (Automated Teller Machine:ATM), VTM(Video Teller Machine:Long-distance video automatic teller machine), the applications of the cash processing terminals such as cleaning-sorting machine and ticket machine gets over Come it is more universal, it is higher and higher to the safety requirements of the cash transaction of cash processing terminal processing.Generally conventional cash processing is eventually The transaction process flow at end is:Upper layer application sends movement (cash processing mould of the plaintext control instruction to cash processing terminal Block), after cash processing module has executed instruction, handling result is returned into upper layer application, and then complete cash transaction.
During realization, inventor has found that at least there are the following problems in traditional technology:Traditional cash processing terminal During realizing cash transaction processing by plaintext control instruction, the control command of plaintext is easily tampered and retransmits, and causes existing Golden processing module is subject to the manipulation of exhaustive attack, illegal computers or illegal program, reduces showing for cash processing terminal The safety of golden trading processing.
Invention content
Based on this, it is necessary to for low to the cash transaction of cash processing terminal processing safety in traditional technical solution The problem of, a kind of cash processing terminal safety certifying method, device and cash processing terminal are provided.
A kind of cash processing terminal safety certifying method, includes the following steps:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter Breath;
By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And by ciphertext Transaction Information and instruction check Value is transferred to movement processor;
Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data sum number of feedback According to check value;
Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second proof of identity letter Breath;
Second identity verifying information and data check value are verified, verification result is obtained.
A kind of cash processing terminal safety certifying method, includes the following steps:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe Breath carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information;
When the first identity verifying information is proved to be successful and instruction check value is proved to be successful, plaintext trading instruction is executed, is obtained To implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to implementing result clear data and the second identity verifying information According to;
By MAC algorithm process implementing result clear datas, data check value is obtained;And by response results ciphertext data and Data check value is transferred to primary processor by movement driver.
A kind of cash processing terminal safety certification device, including:
Encryption unit is instructed, is added for carrying out key to the plaintext trading instruction of the first identity verifying information and acquisition It is close, obtain ciphertext Transaction Information;
Instruction check value acquiring unit, for by MAC algorithm process plaintext trading instructions, obtaining instruction check value;And Ciphertext Transaction Information and instruction check value are transferred to movement processor;
Data capture unit is used for sound of the receiver die processor based on ciphertext Transaction Information and instruction check value, feedback Answer result ciphertext data and data check value;
Data decryption unit obtains implementing result clear data for carrying out secret key decryption to response results ciphertext data With the second identity verifying information;
Information Authentication unit obtains verification result for being verified to the second identity verifying information and data check value.
A kind of cash processing terminal safety certification device, including:
Instruction decryption unit, the ciphertext Transaction Information for receiving primary processor transmission by movement driver and instruction school Value is tested, secret key decryption is carried out to ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit, for when the first identity verifying information is proved to be successful and instruction check value is proved to be successful, holding Row plaintext trading instruction, obtains implementing result clear data;
DEU data encryption unit is obtained for carrying out key encryption to implementing result clear data and the second identity verifying information To response results ciphertext data;
Data check value acquiring unit, for by MAC algorithm process implementing result clear datas, obtaining data check Value;And response results ciphertext data and data check value are transferred to primary processor by movement driver.
A kind of cash processing terminal, including primary processor and the movement processor for connecting primary processor;
Primary processor can realize following steps when executing:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter Breath;
By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And by ciphertext Transaction Information and instruction check Value is transferred to movement processor;
Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data sum number of feedback According to check value;
Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second proof of identity letter Breath;
Second identity verifying information and data check value are verified, verification result is obtained.
Movement processor can realize following steps when executing:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;
When the first identity verifying information is proved to be successful and instruction check value is proved to be successful, plaintext trading instruction is executed, is obtained To implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to implementing result clear data and the second identity verifying information According to;
By MAC algorithm process implementing result clear datas, data check value is obtained;And by response results ciphertext data and Data check value is transferred to primary processor by movement driver.
A kind of computer readable storage medium, is stored thereon with computer program, which realizes when being executed by processor The step of above-mentioned cash processing terminal safety certifying method.
A technical solution in above-mentioned technical proposal has the following advantages that and advantageous effect:
Primary processor carries out key to the first identity verifying information of primary processor and the plaintext trading instruction of acquisition and adds It is close, obtain ciphertext Transaction Information.Primary processor obtains instruction check value, and will be close by MAC algorithm process plaintext trading instructions Literary Transaction Information and instruction check value are transferred to movement processor.Primary processor is receiving response results ciphertext data and data school When testing value, secret key decryption is carried out to response results ciphertext data, obtains the second of implementing result clear data and movement processor Identity verifying information verifies the second identity verifying information and data check value, obtains verification result.Primary processor and machine Die processor is communicated by ciphertext, and carries out legitimacy verifies to identity information and the communication information, can effectively prevent communication from believing Breath is tampered, and prevents illegal computers or illegal program from manipulating trading instruction, and then the cash for improving cash processing terminal is handed over Tractable safety.
Description of the drawings
Fig. 1 is the applied environment figure of cash processing terminal safety certifying method in one embodiment;
Fig. 2 is the flow diagram of cash processing terminal safety certifying method primary processor side in one embodiment;
Fig. 3 is that the current master key of primary processor side in one embodiment updates the flow diagram of step;
Fig. 4 is the flow diagram of the work at present key updating step of primary processor side in one embodiment;
Fig. 5 is the flow diagram of the first identity information verification step of primary processor side in one embodiment;
Fig. 6 is the flow diagram of cash processing terminal safety certifying method movement processor side in one embodiment;
Fig. 7 is that the current master key of movement processor side in one embodiment updates the flow diagram of step;
Fig. 8 is the flow diagram of the work at present key updating step of movement processor side in one embodiment;
Fig. 9 is the flow diagram of the second identity information verification step of movement processor side in one embodiment;
Figure 10 is that the current master key of cash processing terminal safety certifying method in one embodiment updates the flow of step Schematic diagram;
Figure 11 is that the current master key of cash processing terminal safety certifying method in one embodiment updates the flow of step Structure chart;
Figure 12 is the stream of the work at present key updating step of cash processing terminal safety certifying method in one embodiment Journey structure chart;
Figure 13 is the flow knot of the identity information verification step of cash processing terminal safety certifying method in one embodiment Composition;
Figure 14 is the flowage structure figure of the coded communication step of cash processing terminal safety certifying method in one embodiment;
Figure 15 is the structural schematic diagram of the primary processor side of cash processing terminal safety certification device in one embodiment;
Figure 16 is the structural schematic diagram of the movement processor side of cash processing terminal safety certification device in one embodiment;
Figure 17 is the structural schematic diagram of cash processing terminal in one embodiment;
Figure 18 is the structural schematic diagram of cash processing terminal in another embodiment.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing Give the preferred embodiment of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes The embodiment of description.On the contrary, purpose of providing these embodiments is make it is more thorough and comprehensive to the disclosure.
Unless otherwise defined, all of technologies and scientific terms used here by the article and belong to the technical field of the present invention The normally understood meaning of technical staff is identical.Used term is intended merely to description tool in the description of the invention herein The purpose of the embodiment of body, it is not intended that in the limitation present invention.Term " and or " used herein includes one or more phases Any and all combinations of the Listed Items of pass.
Cash processing terminal safety certifying method provided in this embodiment, can be applied to application environment as shown in Figure 1 In.Wherein, ((Universal Serial Bus, general serial are total for such as serial ports or USB by the communications cable for primary processor 102 Line) interface) it is connect with movement processor 104.Primary processor 102 refers to the plaintext transaction of the first identity verifying information and acquisition It enables and carries out key encryption, obtain ciphertext Transaction Information;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And Ciphertext Transaction Information and instruction check value are transferred to movement processor;Receiver die processor 104 is based on ciphertext Transaction Information With instruction check value, the response results ciphertext data of feedback and data check value;Key solution is carried out to response results ciphertext data It is close, obtain implementing result clear data and the second identity verifying information;It is proved to be successful and data school in the second identity verifying information When testing value and being proved to be successful, feedback result clear data.Wherein, primary processor 102 can be, but not limited to be industrial personal computer or various meters Calculation machine, movement processor 104 are the banknote identification modules (core module) in atm device.
In one embodiment, as shown in Fig. 2, providing a kind of cash processing terminal safety certifying method, in this way Applied to being illustrated for the primary processor in Fig. 1, include the following steps:
Step S210 carries out key encryption to the plaintext trading instruction of the first identity verifying information and acquisition, obtains close Literary Transaction Information.
Wherein, the first identity verifying information refers to the identity verifying information of primary processor, and the first identity verifying information can To be identity signing messages.Plaintext trading instruction refers to the plain-text instructions operated to movement processor, and transaction in plain text refers to Order can be the trading instruction that the operator that primary processor is got sends.Key encryption is referred to using identical or symmetrical The encryption method of operation is encrypted in key pair in plain text.Key can be character string.Ciphertext Transaction Information may include the first identity The ciphertext of check information and the ciphertext of trading instruction.Optionally, plaintext trading instruction can be counting instruction, withdrawing the money instructs or deposit Storage instruction.
Specifically, primary processor can obtain the plaintext trading instruction of operator's transmission, and by plaintext trading instruction and itself The first identity verifying information carry out key encryption, obtain ciphertext Transaction Information, realize the encryption to trading instruction and the first body The encryption of part check information, and then realize that primary processor is communicated with the ciphertext between movement processor, it improves at cash transaction The safety of reason.
Step S220 obtains instruction check value by MAC algorithm process plaintext trading instructions;And by ciphertext Transaction Information It is transferred to movement processor with instruction check value.
Wherein, MAC (Message Authentication Codes:Message authentication code) algorithm can be with key Hash function algorithms, instruction check value refer to the check value of plaintext trading instruction.
Specifically, primary processor carries out MAC algorithm process to plaintext trading instruction, instruction check value can be obtained, and will refer to Check value and ciphertext Transaction Information is enabled to be transferred to movement processor.By acquisition instruction check value, it can be achieved that trading instruction Safety verification.
Step S230, receiver die processor are close based on ciphertext Transaction Information and instruction check value, the response results of feedback Literary data and data check value.
Wherein, response results ciphertext data can be movement processor to implementing result clear data and the second proof of identity Information carries out what key was encrypted.Implementing result clear data can be that movement processor is obtained according to decryption ciphertext Transaction Information The plaintext trading instruction arrived and the first identity verifying information are executed and are merchandised in plain text when the first identity verifying information is proved to be successful What instruction obtained.Data check value is what movement processor was obtained by MAC algorithm process implementing result clear datas.
Specifically, the response results ciphertext data and data check value of primary processor receiver die processor feedback.Wherein Movement processor can be based on response results ciphertext data and data check value feedback ciphertext Transaction Information and instruction check value.It realizes Ciphertext between primary processor and movement processor communicates, and improves the safety of cash transaction.
Step S240 carries out secret key decryption to response results ciphertext data, obtains implementing result clear data and the second body Part check information.
Wherein, secret key decryption refers to the decryption side that operation is decrypted in plain text using identical or symmetrical key pair Method.Implementing result clear data refers to that movement processor executes plaintext trading instruction, the result data of generation.Second identity school The identity verifying information that information refers to movement processor is tested, the second identity verifying information can be identity signing messages.
Specifically, primary processor carries out secret key decryption to response results ciphertext data, and implementing result clear data can be obtained With the second identity verifying information of movement processor.The ciphertext communication for realizing implementing result data, improves at cash transaction The safety of reason.
Step S250 verifies the second identity verifying information and data check value, obtains verification result.
Specifically, the second identity verifying information of primary processor pair and data check value are verified respectively, in the second identity When check information is proved to be successful and data check value is proved to be successful, execution result back clear data.Believe in the second proof of identity When breath verification and data check value verify at least one authentication failed, feeding back unsuccessful information.By to identity information and data school The verification for testing value enhances the safety of cash transaction.
In above-described embodiment, the plaintext trading instruction of the first identity verifying information of primary processor pair and acquisition carries out key Encryption, obtains ciphertext Transaction Information.Primary processor obtains instruction check value, and will by MAC algorithm process plaintext trading instructions Ciphertext Transaction Information and instruction check value are transferred to movement processor.Primary processor is receiving response results ciphertext data and data When check value, secret key decryption is carried out to response results ciphertext data, obtains the of implementing result clear data and movement processor Two identity verifying informations.Second identity verifying information and data check value are verified, verification result is obtained.Primary processor with It is communicated by ciphertext between movement processor, and legitimacy verifies is carried out to identity information and the communication information (instruction and data), Effectively the communication information can be prevented to be tampered, prevent illegal computers or illegal program from manipulating trading instruction, and then improved existing The safety of the cash transaction processing of golden processing terminal.
In one embodiment, as shown in figure 3, the current master key update step of primary processor side includes:
Step S310 generates current master key when getting plaintext trading instruction.
Wherein, current master key can be used for cryptographic work key, it can also be used to decryption work key.
Specifically, primary processor generates current master key when getting plaintext trading instruction.Preferably, primary processor When getting plaintext trading instruction every time, current master key is updated, generates updated current master key.
Step S320 encrypts the first identity verifying information and current master key by Preset Transfer key, it is close to obtain first Key cipher-text information;And first key cipher-text information and the first master key check value are transferred to movement processor;First master key The current master key encryption of check value first is preset check field and is obtained.
Wherein, transmission key can be used for encryption main key, it can also be used to decrypt master key.First key cipher-text information can wrap Include the ciphertext of the ciphertext and current master key of the first identity verifying information.Optionally, the first default check field can be 4 bytes Verification data, the verification data etc. of the verification data of 8 bytes or 16 bytes.Verification data can be the 0 of 16 systems.
Specifically, primary processor encrypts the first identity verifying information and current master key by Preset Transfer key, obtains First key cipher-text information.Primary processor presets check field by current master key encryption first and obtains the verification of the first master key Value, and first key cipher-text information and the first master key check value are transferred to movement processor, and then realize master key Update.
In above-described embodiment, by when getting plaintext trading instruction, generating current master key, and to current master key Transmission is encrypted, to realize the update of master key, and realize master key primary processor and movement processor it Between interaction, improve the communication information (trading instruction and implementing result data) ciphertext communication safety.
In one embodiment, step S140 may include following steps:
Response results ciphertext data are decrypted by current master key, obtain implementing result clear data and the second proof of identity Information.
Specifically, primary processor can decrypt response results ciphertext data by current master key, obtain implementing result in plain text Second identity verifying information of data and movement processor.To realize the ciphertext communication of implementing result data, improve existing The safety of golden trading processing.
In one embodiment, as shown in figure 4, the work at present key updating step of primary processor side includes:
Step S410 generates work at present key when getting plaintext trading instruction.
Wherein, work at present key can be used for coded communication information (trading instruction or implementing result data), it can also be used to Decrypt the communication information.
Specifically, primary processor generates work at present key when getting plaintext trading instruction.Preferably, main process task When device gets plaintext trading instruction every time, work at present key is updated, updated work at present key is generated.
Step S420 obtains the second key cipher-text information by current master key encryption work at present key;And by second Key cipher-text information and the second working key check value are transferred to movement processor;Second working key check value is work at present Key encrypts what the second default check field obtained.
Wherein, the second key cipher-text information may include the ciphertext of work at present key.Optionally, the second default check field Can be the verification data of 4 bytes, the verification data etc. of the verification data of 8 bytes or 16 bytes.Verification data can be 16 into The 0 of system.
Specifically, primary processor obtains the second key cipher-text information by current master key encryption work at present key.It is main Processor encrypts the second default check field by work at present key and obtains the second master key check value, and the second key is close Literary information and the second master key check value are transferred to movement processor, and then realize the update of working key.
In above-described embodiment, by when getting plaintext trading instruction, generating work at present key, and to work at present Transmission is encrypted in key, to realize the update of working key, and realizes working key in primary processor and movement Interaction between processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data).
In one embodiment, step S110 includes the following steps:
By work at present key encrypting plaintext trading instruction and the first identity verifying information, ciphertext Transaction Information is obtained.
Specifically, primary processor can by work at present key encrypting plaintext trading instruction and the first identity verifying information, Obtain ciphertext Transaction Information.To realize the ciphertext communication of implementing result data, the safety of cash transaction processing is improved.
In one embodiment, as shown in figure 5, the first identity information verification step of primary processor side includes:
Step S510 verifies the first identity verifying information when getting plaintext trading instruction.
Specifically, the first identity verifying information can be the identity verifying information of primary processor.Primary processor is being got When plaintext trading instruction, the identity legitimacy of the first identity verifying information by verifying primary processor improves cash transaction Safety.
Plaintext trading instruction and the first identity verifying information are carried out key encryption, obtained by step S520 if being proved to be successful Ciphertext Transaction Information.
Specifically, primary processor, can be by plaintext trading instruction and the first body when verifying the success of the first identity verifying information Part check information carries out key encryption, to obtain ciphertext Transaction Information.
In one embodiment, primary processor returns to authentication failed information when verifying the failure of the first identity verifying information, Thus prevent illegal computers or illegal program control machine die processor note output.
In one embodiment, as shown in fig. 6, providing a kind of cash processing terminal safety certifying method, in this way Applied to being illustrated for the movement processor in Fig. 1, include the following steps:
Step S610 receives the ciphertext Transaction Information and instruction check value of primary processor transmission by movement driver, right Ciphertext Transaction Information carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information.
Wherein, movement driver can be used for the transmission of the instruction between primary processor and movement processor, it can also be used to main place Manage the data transmission between device and movement processor.
Specifically, movement processor can receive ciphertext Transaction Information and the instruction of primary processor transmission by movement driver Check value.Movement processor can carry out secret key decryption to ciphertext Transaction Information, obtain plaintext trading instruction and the first proof of identity Information.It is communicated by the ciphertext between movement processor and primary processor, improves the safety of cash transaction processing.
Step S620 is executed and is handed in plain text when the first identity verifying information is proved to be successful and instruction check value is proved to be successful Easily instruction, obtains implementing result clear data.
Specifically, movement processor respectively verifies the first identity verifying information and instruction check value, in the first body When part check information is proved to be successful and instruction check value is proved to be successful, movement processor can perform plaintext trading instruction, be held Row result clear data.By the verification to identity information and instruction check value, the safety of cash transaction is enhanced.
Step S630 carries out key encryption to implementing result clear data and the second identity verifying information, and meet with a response knot Fruit ciphertext data.
Specifically, movement processor can obtain the second identity verifying information of movement processor, and to the second proof of identity Information and implementing result clear data carry out key encryption, the result that meets with a response ciphertext data.To realize to the second identity school The encryption of the encryption and implementing result data of information is tested, and then realizes that the ciphertext between movement processor and primary processor communicates, Improve the safety of cash transaction processing.
Step S640 obtains data check value by MAC algorithm process implementing result clear datas;And by response results Ciphertext data and data check value are transferred to primary processor by movement driver.
Specifically, movement processor carries out MAC algorithm process to implementing result clear data, and data check value can be obtained, And data check value and response results ciphertext data are transferred to primary processor by movement driver.By obtaining data check It is worth the safety verification, it can be achieved that implementing result data.
In above-described embodiment, movement processor can carry out secret key decryption to receiving ciphertext Transaction Information, obtain handing in plain text Easily instruction and the first identity verifying information.Movement processor can be proved to be successful in the first identity verifying information and instruction check value is tested When demonstrate,proving successfully, plaintext trading instruction is executed, implementing result clear data is obtained.Movement processor to implementing result clear data with The progress key encryption of second identity verifying information, the result that meets with a response ciphertext data, and it is bright by MAC algorithm process implementing results Literary data obtain data check value.To which response results ciphertext data and data check value are transferred to by movement driver Primary processor.It is communicated by ciphertext between movement processor and primary processor, and to identity information and the communication information (instruction sum number According to) legitimacy verifies are carried out, effectively the communication information can be prevented to be tampered, prevent illegal computers or illegal program from manipulating transaction Instruction, and then improve the safety of the cash transaction processing of cash processing terminal.
In one embodiment, as shown in fig. 7, the current master key update step of movement processor side includes:
Step S710, according to the first key cipher-text information and the first master key check value of primary processor transmission, by pre- If transmission key decrypts first key cipher-text information, current master key and the first identity verifying information are obtained.
Specifically, the first key ciphertext that movement processor can be transmitted by Preset Transfer secret key decryption primary processor is believed Breath, obtains current master key and the first identity verifying information.By the encrypted transmission of current master key, movement processor can be decrypted Get current master key.
Step S720 presets check field by current master key encryption first, obtains current master key check value.
Specifically, movement processor presets check field by current master key encryption first, and current master key can be obtained Check value.Current master key check value can be used for being compared verification with the first master key check value that primary processor transmits.
Step S730 preserves current master key when current master key check value is equal to the first master key check value.
Specifically, movement processor verifies current master key check value and the first master key check value, in current master key When check value is equal to the first master key check value, current master key is preserved.To realize the master key update of movement processor side.
In above-described embodiment, it is decrypted by the first key cipher-text information transmitted to primary processor, and to first Master key check value is verified, and to realize the update of master key, and realizes master key in movement processor and master Interaction between processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data).
In one embodiment, step S610 includes the following steps:
Ciphertext Transaction Information is decrypted by current master key, obtains plaintext trading instruction and the first identity verifying information.
Specifically, movement processor can by current master key decrypt ciphertext Transaction Information, obtain plaintext trading instruction and First identity verifying information of primary processor.To realize the ciphertext communication of trading instruction, cash transaction processing is improved Safety.
In one embodiment, as shown in figure 8, the work at present key updating step of movement processor side includes:
Step S810 passes through according to the second key cipher-text information and the second working key check value of primary processor transmission Current master key decrypts the second key cipher-text information, obtains work at present key.
Specifically, movement processor decrypts the second key cipher-text information of primary processor transmission by current master key, can Work at present key is obtained, by the encrypted transmission of work at present key, movement processor can decrypt that get work at present close Key.
Step S820 encrypts the second default check field by work at present key, obtains work at present keycheck value.
Specifically, movement processor encrypts the second default check field by work at present key, and work at present can be obtained Keycheck value.The second master key check value that work at present keycheck value can be used for primary processor transmits, which is compared, to be tested Card.
Step S830 preserves work at present key when work at present keycheck value is equal to the second master key check value.
Specifically, movement processor verification work at present keycheck value and the second master key check value, in work at present When keycheck value is equal to the second master key check value, work at present key is preserved.To realize the work of movement processor side Key updating.
In above-described embodiment, by the way that the second key cipher-text information that primary processor transmits is decrypted, and to second Master key check value is verified, and to realize the update of working key, and realizes working key in movement processor Interaction between primary processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data) Property.
In one embodiment, step S630 includes the following steps:
Implementing result clear data is encrypted by work at present key and the second identity verifying information, the result that meets with a response are close Literary data.
Specifically, movement processor can encrypt implementing result clear data and the second proof of identity by work at present key Information, the result that meets with a response ciphertext data.To realize the ciphertext communication of implementing result data, cash transaction processing is improved Safety.
In one embodiment, as shown in figure 9, the second identity information verification step of movement processor side includes:
Step S910 verifies the second identity verifying information when getting ciphertext Transaction Information.
Specifically, the second identity verifying information can be the identity verifying information of movement processor.Movement processor is obtaining When getting ciphertext Transaction Information, by the identity legitimacy of the second identity verifying information of verification machine die processor, cash is improved The safety of transaction.
Step S920 is decrypted ciphertext Transaction Information if being proved to be successful, and obtains plaintext trading instruction and the first identity Check information.
Specifically, movement processor can carry out ciphertext Transaction Information close when verifying the success of the second identity verifying information Key is decrypted, to obtain plaintext trading instruction and the first identity verifying information.
In one embodiment, movement processor returns to authentication failed letter when verifying the failure of the second identity verifying information Breath, thus prevents illegal computers or illegal program control machine die processor note output.
In one embodiment, as shown in Figure 10, it is the current master key update of cash processing terminal safety certifying method The flow diagram of step.The detailed process of current master key update step is:Movement driver initiates master key update request. Primary processor can be updated according to master key asks, and generates master key and generates the first master key check value.Primary processor can pass through First identity verifying information of transmission key encryption main key and primary processor obtains encrypted master key information, and will add Master key information after close is transferred to movement driver.Machine drive can send the encrypted master key information received Give movement processor.Movement processor can decrypt encrypted master key information by transmission key, obtain master key and first Identity verifying information.Movement processor produces current master key check value, and verifies whether current master key check value is equal to First master key check value of primary processor transmission returns successfully if being equal to, and otherwise returns to failure.To realize to master key Update, and realize that the master key between primary processor and movement processor interacts.
In one embodiment, as shown in figure 11, it is the current master key update of cash processing terminal safety certifying method The flowage structure figure of step.The detailed process of current master key update step is:
1, the transmission secret key TK (TransferKey) of 16 bytes is preset;
2, primary processor generates the first identity verifying information IPCID of 8 bytes;
3, primary processor generates the main secret key MK (MasterKey) of 16 bytes;
4, primary processor generates check value KVV (the Key Verify Value of 4 bytes:Keycheck value), wherein verifying Value KVV can encrypt to obtain by MK couples of 8 0x00 of master key;
5, primary processor obtains DATA_ by transmitting secret key TK encryptions the first identity verifying information IPCID and main secret key MK A splices data DATA_A and KVV, and DATA_A and KVV is transferred to movement processor, and 3DES can be used in wherein primary processor Cipher mode be encrypted;
6, movement processor decrypts DATA_A by transmitting secret key TK, obtains the first identity verifying information IPCID and master is secret Key MK, movement processor generate new KVV, and verify the KVV whether new KVV is equal to primary processor transmission and returned if being equal to Otherwise successful information returns to failure information.Wherein movement processor can be used the manner of decryption of 3DES and be decrypted.
In one embodiment, as shown in figure 12, more for the work at present key of cash processing terminal safety certifying method The flowage structure figure of new step.The detailed process of work at present key updating step is:
1, the check field T of 8 bytes is preset;
2, primary processor generates the work secret key WK (WorkKey) of 16 bytes, and passes through main secret key MK decryption work secret keys WK obtains the DATA_B of 16 bytes;Wherein primary processor can be used the manner of decryption of 3DES and be decrypted;
3, primary processor obtains the DATA_C of 8 bytes by the secret key WK cryptographic check field T that work;Wherein primary processor The cipher mode that 3DES can be used is encrypted;
4, primary processor splices DATA_B and DATA_C, and DATA_B and DATA_C are transferred to movement processor;
5, movement processor encrypts DATA_B by main secret key MK, obtains work secret key WK;Pass through the secret key WK decryption that works DATA_C obtains check field T1;And verify whether check field T1 is equal to preset check field T, successfully believe if so, returning Breath, otherwise returns to failure information.
In one embodiment, as shown in figure 13, it is the identity information verification step of cash processing terminal safety certifying method Rapid flowage structure figure.Currently the detailed process of identity information verification step is:
1, the first identity verifying information certification
After receiving trade command, the legitimacy that movement driver initiates the first identity verifying information to primary processor is tested Trading instruction and the first identity verifying information are obtained transaction ciphertext letter by card request after being verified by working key encryption Breath, and transaction cipher-text information is sent to movement processor.
When movement processor receives transaction cipher-text information, transaction cipher-text information is decrypted by working key, is obtained Trade command and the first identity verifying information;Movement processor deposits the first identity verifying information that primary processor transmits with inside First identity verifying information of storage binding is matched;Successful match then executes trading instruction, obtains implementing result data;And By working key encryption implementing result data, the ciphertext that meets with a response data, and response cyphertext data are transferred to primary processor.
2, the second identity verifying information certification
When primary processor receives the transaction response cyphertext data of movement processor transmission, second is initiated to primary processor The legitimate verification of identity verifying information.The second identity verifying information and storage inside that primary processor transmits movement processor Second identity verifying information of binding is matched;Response cyphertext data deciphering of merchandising is obtained implementing result number by successful match According to.
In one embodiment, as shown in figure 14, it is the coded communication step of cash processing terminal safety certifying method Flowage structure figure.The detailed process of coded communication step is:
1, trading instruction DATA0 and movement random number HWRand1 are sent to primary processor by movement driver;
2, primary processor handles DATA0, HWRand1 and PCRand0 (primary processor random number) by working key WK and obtains To check value MAC_0, DATA0+MAC_0 is transferred to by movement processor by movement driver;Wherein DATA0, HWRand1 and When the integral multiple of inadequate 8 byte of total length of data of PCRand0, it can be supplemented by 0x00;
3, movement processor can generate check value 1_MAC by step 2, and check value 1_MAC and primary processor are transmitted MAC_0 matched, if successful match, execute trade command, otherwise report an error;
4, movement processor generates transaction response data DATA1, updates movement random number HWRand2, passes through working key WK processing DATA1, HWRand2 and PCRand0 obtain check value MAC_1, and DATA1 and MAC_1 are sent to movement driver; When the integral multiple of inadequate 8 byte of total length of data of wherein DATA1, HWRand2 and PCRand0, it can be supplemented by 0x00;
5, transaction response data DATA1 and movement random number HWRand2 is sent to primary processor by movement driver;
6, primary processor can generate check value m_MAC by step 4, and check value m_MAC and movement processor are transmitted Check value MAC_1 matched, if successful match, continue to execute, otherwise return failure.
It should be understood that although each step in the flow chart of Fig. 2-10 is shown successively according to the instruction of arrow, Be these steps it is not that the inevitable sequence indicated according to arrow executes successively.Unless expressly stating otherwise herein, these steps There is no stringent sequences to limit for rapid execution, these steps can execute in other order.Moreover, in Fig. 2-10 at least A part of step may include that either these sub-steps of multiple stages or stage are not necessarily in same a period of time to multiple sub-steps Quarter executes completion, but can execute at different times, the execution in these sub-steps or stage be sequentially also not necessarily according to Secondary progress, but can either the sub-step of other steps or at least part in stage in turn or replace with other steps Ground executes.
In one embodiment, as shown in figure 15, a kind of cash processing terminal safety certification device is provided, including:Refer to Enable encryption unit 110, instruction check value acquiring unit 120, data capture unit 130, data decryption unit 140, Information Authentication Unit 150, wherein:
Encryption unit 110 is instructed, for carrying out key to the plaintext trading instruction of the first identity verifying information and acquisition Encryption, obtains ciphertext Transaction Information;
Instruction check value acquiring unit 120, for by MAC algorithm process plaintext trading instructions, obtaining instruction check value; And ciphertext Transaction Information and instruction check value are transferred to movement processor;
Data capture unit 130, for receiver die processor based on ciphertext Transaction Information and instruction check value, feedback Response results ciphertext data and data check value;
Data decryption unit 140 obtains implementing result plaintext number for carrying out secret key decryption to response results ciphertext data According to the second identity verifying information;
Information Authentication unit 150 obtains verification knot for being verified to the second identity verifying information and data check value Fruit.
In one embodiment, as shown in figure 16, a kind of cash processing terminal safety certification device is provided, including:Refer to 210 instruction execution unit of decryption unit, 220 DEU data encryption unit, 230 data check value acquiring unit 240 is enabled, wherein:
Instruction decryption unit 210, for receiving the ciphertext Transaction Information and refer to that primary processor transmits by movement driver Check value is enabled, secret key decryption is carried out to ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit 220, for when the first identity verifying information is proved to be successful and instruction check value is proved to be successful, Plaintext trading instruction is executed, implementing result clear data is obtained;
DEU data encryption unit 230, for carrying out key encryption to implementing result clear data and the second identity verifying information, The result that meets with a response ciphertext data;
Data check value acquiring unit 240, for by MAC algorithm process implementing result clear datas, obtaining data school Test value;And response results ciphertext data and data check value are transferred to primary processor by movement driver.
It will be understood by those skilled in the art that structure shown in Figure 15 and Figure 16, only with this embodiment scheme phase The block diagram of the part-structure of pass does not constitute the restriction for the cash processing terminal being applied thereon to this embodiment scheme, tool The cash processing terminal of body may include either combining certain components than more or fewer components as shown in the figure or having Different component arrangements.
In one embodiment, as shown in figure 17, a kind of cash processing terminal (such as atm device), including main place are provided It manages device 310 and connects the movement processor 320 of primary processor 310;
Primary processor 310 can realize following steps when executing:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter Breath;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are passed It is defeated by movement processor 320;Response knot of the receiver die processor 320 based on ciphertext Transaction Information and instruction check value, feedback Fruit ciphertext data and data check value;To response results ciphertext data carry out secret key decryption, obtain implementing result clear data and Second identity verifying information;When the second identity verifying information is proved to be successful and data check value is proved to be successful, to the second identity Check information and data check value are verified, and verification result is obtained.
Movement processor 320 can realize following steps when executing:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;It is proved to be successful and refers in the first identity verifying information When check value being enabled to be proved to be successful, plaintext trading instruction is executed, implementing result clear data is obtained;To implementing result clear data with Second identity verifying information carries out key encryption, the result that meets with a response ciphertext data;In plain text by MAC algorithm process implementing result Data obtain data check value;And response results ciphertext data and data check value are transferred to main place by movement driver Manage device 310.
In one embodiment, as shown in figure 18, cash processing terminal may include movement driver 430 and connection movement Primary processor 410, the movement processor 420 of driver 430.Wherein primary processor 410 can be used for the data at primary processor end and add Close decryption operation, offer authentication ability etc.;Movement processor 420 can be used for the data ciphering and deciphering operation at movement end, carry For authentication ability etc..Preferably, primary processor 420 can be industrial personal computer, and movement driver 430 can also be to be mounted on master Movement dynamic base in processor.
Cash processing terminal realizes that the detailed process of transactional operation is:
1, trading instruction is initiated;
2, corresponding operational order in trading instruction is sent to primary processor 410, main process task by movement driver 430 in plain text Device 410 obtains ciphertext operation information by key cryptographic operation instruction plaintext and the first identity verifying information of affix;Wherein One identity verifying information section includes the identity signing messages of industrial personal computer and the identity signing messages of application program;
3, ciphertext operation information is sent to movement processor 420 by movement driver 430;
4, movement processor 420 decrypts ciphertext operation information, obtains operational order and the first identity verifying information, and The legitimacy of one identity verifying information will execute operational order when verification passes through;
5, plaintext response results data are obtained after movement processor 420 has executed operational order, and by plaintext response results The second identity verifying information is enclosed after data encryption, obtains cyphertext responses result data, and cyphertext responses result data is sent To movement driver 430;
6, cyphertext responses result data is transferred to primary processor 410 by movement driver 430, and primary processor 410 is to ciphertext Response results data are decrypted, and obtain plaintext response results data, and plaintext response results data are sent to movement driving Device 430;
In above-described embodiment, cash processing terminal carries out layering peace by physical hardware layer, data link layer and driving layer Full certification from bottom software to business software, covers the safety certification of the transaction flow of entire terminal from hardware to software. It is communicated by the ciphertext between primary processor and movement processor, dynamic enchancement factor is contained in ciphertext, can be effectively prevent Serial ports is retransmitted so that movement does not stop note output, even cracks the communication protocol between movement and PC.At primary processor and movement The legitimate verification for managing the identity information between device can effectively prevent illegal computers or illegal program, control cash equipment to go out Paper money.By the communication information legitimate verification between primary processor and movement processor, the data of communication are taken at MAC algorithms Reason carries out legitimacy verifies by MAC algorithms, and the data realization for distorting legitimate correspondence can be effectively prevent to have more paper money.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program realizes following steps when being executed by processor:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter Breath;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are passed It is defeated by movement processor;Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext of feedback Data and data check value;Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second body Part check information;Second identity verifying information and data check value are verified, verification result is obtained.
In one embodiment, following steps are also realized when computer program is executed by processor:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;It is proved to be successful and refers in the first identity verifying information When check value being enabled to be proved to be successful, plaintext trading instruction is executed, implementing result clear data is obtained;To implementing result clear data with Second identity verifying information carries out key encryption, the result that meets with a response ciphertext data;In plain text by MAC algorithm process implementing result Data obtain data check value;And response results ciphertext data and data check value are transferred to main place by movement driver Manage device.
Its function can be realized when being executed by processor about the computer program stored in computer readable storage medium Specific method may refer to the explanation above for cash processing terminal safety certifying method, and details are not described herein.Above-mentioned meter Modules in calculation machine readable storage medium storing program for executing can be realized fully or partially through software, hardware and combinations thereof.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, it is all considered to be the range of this specification record.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the stream of the embodiment of above-mentioned each division operation method Journey.Wherein, used in each embodiment provided herein to any of memory, storage, database or other media Reference, may each comprise non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), can Programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory It may include random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is with a variety of shapes Shi Ke get, such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (15)

1. a kind of cash processing terminal safety certifying method, which is characterized in that include the following steps:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext Transaction Information;
By plaintext trading instruction described in MAC algorithm process, instruction check value is obtained;And by the ciphertext Transaction Information and described Instruction check value is transferred to movement processor;
Receive response results ciphertext of the movement processor based on the ciphertext Transaction Information and described instruction check value, feedback Data and data check value;
Secret key decryption is carried out to the response results ciphertext data, obtains implementing result clear data and the second proof of identity letter Breath;
Second identity verifying information and the data check value are verified, verification result is obtained.
2. cash processing terminal safety certifying method according to claim 1, which is characterized in that described to the first identity school Include before testing the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information:
When getting the plaintext trading instruction, current master key is generated;
First identity verifying information and the current master key are encrypted by Preset Transfer key, obtains first key ciphertext Information;And the first key cipher-text information and the first master key check value are transferred to the movement processor;Described first The master key check value current master key encryption first is preset check field and is obtained.
3. cash processing terminal safety certifying method according to claim 2, which is characterized in that described to be tied to the response Fruit ciphertext data carry out secret key decryption, and the step of obtaining implementing result clear data and the second identity verifying information includes:
The response results ciphertext data are decrypted by the current master key, obtain the implementing result clear data and described Second identity verifying information.
4. cash processing terminal safety certifying method according to claim 2, which is characterized in that described to the first identity school Include before testing the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information:
When getting the plaintext trading instruction, work at present key is generated;
By work at present key described in the current master key encryption, the second key cipher-text information is obtained;And by described second Key cipher-text information and the second working key check value are transferred to the movement processor;The second working key check value is The work at present key encrypts what the second default check field obtained.
5. cash processing terminal safety certifying method according to claim 4, which is characterized in that described to the first identity school It tests the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information and includes:
The plaintext trading instruction and first identity verifying information are encrypted by the work at present key, is obtained described close Literary Transaction Information.
6. cash processing terminal safety certifying method according to claim 1, which is characterized in that described to the first identity school It tests the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information and includes:
When getting the plaintext trading instruction, first identity verifying information is verified;
If being proved to be successful, the plaintext trading instruction and first identity verifying information are subjected to key encryption, obtained described Ciphertext Transaction Information.
7. a kind of cash processing terminal safety certifying method, which is characterized in that include the following steps:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to the ciphertext and believe Breath carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information;
When first identity verifying information is proved to be successful and described instruction check value is proved to be successful, the plaintext transaction is executed Instruction, obtains implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to the implementing result clear data and the second identity verifying information According to;
By implementing result clear data described in MAC algorithm process, data check value is obtained;And by the response results ciphertext number The primary processor is transferred to by the movement driver according to the data check value.
8. cash processing terminal safety certifying method according to claim 7, which is characterized in that described to be driven by movement Device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and secret key decryption is carried out to the ciphertext Transaction Information, It obtains plaintext trading instruction and includes before the step of the first identity verifying information:
According to the first key cipher-text information and the first master key check value of primary processor transmission, pass through Preset Transfer key The first key cipher-text information is decrypted, current master key and first identity verifying information are obtained;
Check field is preset by the current master key encryption first, obtains current master key check value;
When the current master key check value is equal to the first master key check value, the current master key is preserved.
9. cash processing terminal safety certifying method according to claim 8, which is characterized in that described to be driven by movement Device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and secret key decryption is carried out to the ciphertext Transaction Information, Obtain plaintext trading instruction includes with the step of the first identity verifying information:
The ciphertext Transaction Information is decrypted by the current master key, obtains the plaintext trading instruction and first identity Check information.
10. cash processing terminal safety certifying method according to claim 8, which is characterized in that described to be driven by movement Dynamic device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and key solution is carried out to the ciphertext Transaction Information Close, obtain plaintext trading instruction includes with the step of the first identity verifying information:
According to the second key cipher-text information and the second working key check value of primary processor transmission, pass through the current master Second key cipher-text information described in secret key decryption, obtains work at present key;
The second default check field is encrypted by the work at present key, obtains work at present keycheck value;
When the work at present keycheck value is equal to the second master key check value, the work at present key is preserved.
11. cash processing terminal safety certifying method according to claim 10, which is characterized in that described to the execution As a result the step of clear data and the second identity verifying information carry out key encryption, the result that meets with a response ciphertext data include:
The implementing result clear data and second identity verifying information are encrypted by the work at present key, obtains institute State response results ciphertext data.
12. cash processing terminal safety certifying method according to claim 7, which is characterized in that described to be driven by movement Dynamic device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and key solution is carried out to the ciphertext Transaction Information Close, obtain plaintext trading instruction includes with the step of the first identity verifying information:
When getting the ciphertext Transaction Information, second identity verifying information is verified;
If being proved to be successful, the ciphertext Transaction Information is decrypted, obtains the plaintext trading instruction and first identity Check information.
13. a kind of cash processing terminal safety certification device, which is characterized in that including:
Encryption unit is instructed, for carrying out key encryption to the plaintext trading instruction of the first identity verifying information and acquisition, is obtained To ciphertext Transaction Information;
Instruction check value acquiring unit, for by plaintext trading instruction described in MAC algorithm process, obtaining instruction check value;And The ciphertext Transaction Information and described instruction check value are transferred to movement processor;
Data capture unit, for receive the movement processor be based on the ciphertext Transaction Information and described instruction check value, The response results ciphertext data and data check value of feedback;
Data decryption unit obtains implementing result clear data for carrying out secret key decryption to the response results ciphertext data With the second identity verifying information;
Information Authentication unit obtains verification for being verified to second identity verifying information and the data check value As a result.
14. a kind of cash processing terminal safety certification device, which is characterized in that including:
Instruction decryption unit, ciphertext Transaction Information and instruction check for receiving primary processor transmission by movement driver Value carries out secret key decryption to the ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit, for being proved to be successful in first identity verifying information and described instruction check value is proved to be successful When, the plaintext trading instruction is executed, implementing result clear data is obtained;
DEU data encryption unit is obtained for carrying out key encryption to the implementing result clear data and the second identity verifying information To response results ciphertext data;
Data check value acquiring unit, for by implementing result clear data described in MAC algorithm process, obtaining data check Value;And the response results ciphertext data and the data check value are transferred to the main process task by the movement driver Device.
15. a kind of cash processing terminal, which is characterized in that the movement processing including primary processor and the connection primary processor Device;
The primary processor requires the cash processing terminal safety certifying method described in any one of 1 to 6 for perform claim;
The movement processor requires the cash processing terminal safety certification side described in any one of 7 to 12 for perform claim Method.
CN201810283113.5A 2018-04-02 2018-04-02 Cash processing terminal security authentication method and device and cash processing terminal Active CN108768924B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810283113.5A CN108768924B (en) 2018-04-02 2018-04-02 Cash processing terminal security authentication method and device and cash processing terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810283113.5A CN108768924B (en) 2018-04-02 2018-04-02 Cash processing terminal security authentication method and device and cash processing terminal

Publications (2)

Publication Number Publication Date
CN108768924A true CN108768924A (en) 2018-11-06
CN108768924B CN108768924B (en) 2021-06-08

Family

ID=63980542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810283113.5A Active CN108768924B (en) 2018-04-02 2018-04-02 Cash processing terminal security authentication method and device and cash processing terminal

Country Status (1)

Country Link
CN (1) CN108768924B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110650477A (en) * 2019-08-19 2020-01-03 中移(杭州)信息技术有限公司 Interaction method, platform, server and storage medium of NB-IOT (NB-IOT) equipment
CN111212042A (en) * 2019-12-24 2020-05-29 腾讯科技(深圳)有限公司 Data transmission method, device and system
CN111416788A (en) * 2019-01-04 2020-07-14 北京京东尚科信息技术有限公司 Method and device for preventing transmitted data from being tampered
CN113392419A (en) * 2021-07-05 2021-09-14 南方电网科学研究院有限责任公司 Safety synchronization control method, device and equipment based on Chinese remainder theorem
CN115118439A (en) * 2022-08-29 2022-09-27 北京智芯微电子科技有限公司 Method and system for verifying terminal digital identity
CN115208554A (en) * 2022-09-13 2022-10-18 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201397546Y (en) * 2009-03-19 2010-02-03 东方通信股份有限公司 Communication encrypting device for ATM cash dispenser
CN102426642A (en) * 2011-10-28 2012-04-25 深圳市江波龙电子有限公司 Information reading processor, card swiping system and method for live transaction
CN103064678A (en) * 2012-12-24 2013-04-24 广州广电运通金融电子股份有限公司 Method and device for call control of hardware instruction
CN104123783A (en) * 2013-04-28 2014-10-29 恒银金融科技有限公司 Safety device for cash-out module and realization method of safety device
CN104408834A (en) * 2014-12-05 2015-03-11 湖南长城信息金融设备有限责任公司 Method and system for controlling depositing and withdrawing safety based on safety core
CN204557665U (en) * 2015-03-13 2015-08-12 东方通信股份有限公司 A kind of ATM encryption authorization hub
CN205541148U (en) * 2016-01-22 2016-08-31 广州御银科技股份有限公司 Go out paper money system based on close algorithm of state
WO2017109994A1 (en) * 2015-12-25 2017-06-29 日立オムロンターミナルソリューションズ株式会社 Automated transaction system
CN107657452A (en) * 2017-09-20 2018-02-02 深圳怡化电脑股份有限公司 A kind of processing method and processing device of trading instruction
CN107786550A (en) * 2017-10-17 2018-03-09 中电长城(长沙)信息技术有限公司 A kind of safety communicating method of self-service device, safe communication system and self-service device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201397546Y (en) * 2009-03-19 2010-02-03 东方通信股份有限公司 Communication encrypting device for ATM cash dispenser
CN102426642A (en) * 2011-10-28 2012-04-25 深圳市江波龙电子有限公司 Information reading processor, card swiping system and method for live transaction
CN103064678A (en) * 2012-12-24 2013-04-24 广州广电运通金融电子股份有限公司 Method and device for call control of hardware instruction
CN104123783A (en) * 2013-04-28 2014-10-29 恒银金融科技有限公司 Safety device for cash-out module and realization method of safety device
CN104408834A (en) * 2014-12-05 2015-03-11 湖南长城信息金融设备有限责任公司 Method and system for controlling depositing and withdrawing safety based on safety core
CN204557665U (en) * 2015-03-13 2015-08-12 东方通信股份有限公司 A kind of ATM encryption authorization hub
WO2017109994A1 (en) * 2015-12-25 2017-06-29 日立オムロンターミナルソリューションズ株式会社 Automated transaction system
CN205541148U (en) * 2016-01-22 2016-08-31 广州御银科技股份有限公司 Go out paper money system based on close algorithm of state
CN107657452A (en) * 2017-09-20 2018-02-02 深圳怡化电脑股份有限公司 A kind of processing method and processing device of trading instruction
CN107786550A (en) * 2017-10-17 2018-03-09 中电长城(长沙)信息技术有限公司 A kind of safety communicating method of self-service device, safe communication system and self-service device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111416788A (en) * 2019-01-04 2020-07-14 北京京东尚科信息技术有限公司 Method and device for preventing transmitted data from being tampered
CN111416788B (en) * 2019-01-04 2023-08-08 北京京东尚科信息技术有限公司 Method and device for preventing transmission data from being tampered
CN110650477A (en) * 2019-08-19 2020-01-03 中移(杭州)信息技术有限公司 Interaction method, platform, server and storage medium of NB-IOT (NB-IOT) equipment
CN110650477B (en) * 2019-08-19 2023-07-11 中移(杭州)信息技术有限公司 Interaction method, platform, server and storage medium of NB-IOT equipment
CN111212042A (en) * 2019-12-24 2020-05-29 腾讯科技(深圳)有限公司 Data transmission method, device and system
CN113392419A (en) * 2021-07-05 2021-09-14 南方电网科学研究院有限责任公司 Safety synchronization control method, device and equipment based on Chinese remainder theorem
CN115118439A (en) * 2022-08-29 2022-09-27 北京智芯微电子科技有限公司 Method and system for verifying terminal digital identity
CN115118439B (en) * 2022-08-29 2023-01-20 北京智芯微电子科技有限公司 Method and system for verifying terminal digital identity
CN115208554A (en) * 2022-09-13 2022-10-18 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering

Also Published As

Publication number Publication date
CN108768924B (en) 2021-06-08

Similar Documents

Publication Publication Date Title
CN108768924A (en) Cash processing terminal safety certifying method, device and cash processing terminal
CN102317904B (en) System and methods for encryption with authentication integrity
US6678270B1 (en) Packet interception system including arrangement facilitating authentication of intercepted packets
CA2257477C (en) Process for cryptographic code management between a first computer unit and a second computer unit
CN109756343A (en) Authentication method, device, computer equipment and the storage medium of digital signature
CN109347627A (en) Data encryption/decryption method, device, computer equipment and storage medium
EP0292790A2 (en) Controlling the use of cryptographic keys via generating station established control values
CN107948736A (en) A kind of audio and video preservation of evidence method and system
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
JPS625544B2 (en)
CN109495445A (en) Identity identifying method, device, terminal, server and medium based on Internet of Things
CN102484638A (en) Layered protection and validation of identity data delivered online via multiple intermediate clients
KR20220117211A (en) Contactless Card Personal Identification System
CN106411926A (en) Data encryption communication method and system
CN105897748B (en) A kind of transmission method and equipment of symmetric key
CN108199847A (en) Security processing method, computer equipment and storage medium
CN108243197A (en) A kind of data distribution, retransmission method and device
US9553729B2 (en) Authentication method between a reader and a radio tag
CN108599926A (en) A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN108809936A (en) A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm
CN107615703B (en) Embedding protected memory access into RFID authentication process based on challenge-response mechanism
CN113259116A (en) Sensor data uplink method and system based on aggregated signature
CN108200085A (en) A kind of data distribution, retransmission method and device
CN111327591A (en) Data transmission method, system and storage medium based on block chain
CN107395600A (en) Business datum verification method, service platform and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant