CN108768924A - Cash processing terminal safety certifying method, device and cash processing terminal - Google Patents
Cash processing terminal safety certifying method, device and cash processing terminal Download PDFInfo
- Publication number
- CN108768924A CN108768924A CN201810283113.5A CN201810283113A CN108768924A CN 108768924 A CN108768924 A CN 108768924A CN 201810283113 A CN201810283113 A CN 201810283113A CN 108768924 A CN108768924 A CN 108768924A
- Authority
- CN
- China
- Prior art keywords
- information
- key
- check value
- data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/211—Software architecture within ATMs or in relation to the ATM network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- Software Systems (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a kind of cash processing terminal safety certifying method, device and cash processing terminals, wherein the method includes:Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext Transaction Information;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are transferred to movement processor;Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data of feedback and data check value;Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second identity verifying information;Second identity verifying information and data check value are verified, verification result is obtained.The communication information can be effectively prevent to be tampered using this method, prevent trading instruction from being manipulated by illegal computers or illegal program, improve the safety of cash transaction processing.
Description
Technical field
The present invention relates to cash processing and safety communication technology fields, recognize safely more particularly to a kind of cash processing terminal
Demonstrate,prove method, apparatus and cash processing terminal.
Background technology
With advances in technology with society development, ATM (Automated Teller Machine:ATM),
VTM(Video Teller Machine:Long-distance video automatic teller machine), the applications of the cash processing terminals such as cleaning-sorting machine and ticket machine gets over
Come it is more universal, it is higher and higher to the safety requirements of the cash transaction of cash processing terminal processing.Generally conventional cash processing is eventually
The transaction process flow at end is:Upper layer application sends movement (cash processing mould of the plaintext control instruction to cash processing terminal
Block), after cash processing module has executed instruction, handling result is returned into upper layer application, and then complete cash transaction.
During realization, inventor has found that at least there are the following problems in traditional technology:Traditional cash processing terminal
During realizing cash transaction processing by plaintext control instruction, the control command of plaintext is easily tampered and retransmits, and causes existing
Golden processing module is subject to the manipulation of exhaustive attack, illegal computers or illegal program, reduces showing for cash processing terminal
The safety of golden trading processing.
Invention content
Based on this, it is necessary to for low to the cash transaction of cash processing terminal processing safety in traditional technical solution
The problem of, a kind of cash processing terminal safety certifying method, device and cash processing terminal are provided.
A kind of cash processing terminal safety certifying method, includes the following steps:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter
Breath;
By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And by ciphertext Transaction Information and instruction check
Value is transferred to movement processor;
Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data sum number of feedback
According to check value;
Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second proof of identity letter
Breath;
Second identity verifying information and data check value are verified, verification result is obtained.
A kind of cash processing terminal safety certifying method, includes the following steps:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe
Breath carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information;
When the first identity verifying information is proved to be successful and instruction check value is proved to be successful, plaintext trading instruction is executed, is obtained
To implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to implementing result clear data and the second identity verifying information
According to;
By MAC algorithm process implementing result clear datas, data check value is obtained;And by response results ciphertext data and
Data check value is transferred to primary processor by movement driver.
A kind of cash processing terminal safety certification device, including:
Encryption unit is instructed, is added for carrying out key to the plaintext trading instruction of the first identity verifying information and acquisition
It is close, obtain ciphertext Transaction Information;
Instruction check value acquiring unit, for by MAC algorithm process plaintext trading instructions, obtaining instruction check value;And
Ciphertext Transaction Information and instruction check value are transferred to movement processor;
Data capture unit is used for sound of the receiver die processor based on ciphertext Transaction Information and instruction check value, feedback
Answer result ciphertext data and data check value;
Data decryption unit obtains implementing result clear data for carrying out secret key decryption to response results ciphertext data
With the second identity verifying information;
Information Authentication unit obtains verification result for being verified to the second identity verifying information and data check value.
A kind of cash processing terminal safety certification device, including:
Instruction decryption unit, the ciphertext Transaction Information for receiving primary processor transmission by movement driver and instruction school
Value is tested, secret key decryption is carried out to ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit, for when the first identity verifying information is proved to be successful and instruction check value is proved to be successful, holding
Row plaintext trading instruction, obtains implementing result clear data;
DEU data encryption unit is obtained for carrying out key encryption to implementing result clear data and the second identity verifying information
To response results ciphertext data;
Data check value acquiring unit, for by MAC algorithm process implementing result clear datas, obtaining data check
Value;And response results ciphertext data and data check value are transferred to primary processor by movement driver.
A kind of cash processing terminal, including primary processor and the movement processor for connecting primary processor;
Primary processor can realize following steps when executing:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter
Breath;
By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And by ciphertext Transaction Information and instruction check
Value is transferred to movement processor;
Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext data sum number of feedback
According to check value;
Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second proof of identity letter
Breath;
Second identity verifying information and data check value are verified, verification result is obtained.
Movement processor can realize following steps when executing:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe
Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;
When the first identity verifying information is proved to be successful and instruction check value is proved to be successful, plaintext trading instruction is executed, is obtained
To implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to implementing result clear data and the second identity verifying information
According to;
By MAC algorithm process implementing result clear datas, data check value is obtained;And by response results ciphertext data and
Data check value is transferred to primary processor by movement driver.
A kind of computer readable storage medium, is stored thereon with computer program, which realizes when being executed by processor
The step of above-mentioned cash processing terminal safety certifying method.
A technical solution in above-mentioned technical proposal has the following advantages that and advantageous effect:
Primary processor carries out key to the first identity verifying information of primary processor and the plaintext trading instruction of acquisition and adds
It is close, obtain ciphertext Transaction Information.Primary processor obtains instruction check value, and will be close by MAC algorithm process plaintext trading instructions
Literary Transaction Information and instruction check value are transferred to movement processor.Primary processor is receiving response results ciphertext data and data school
When testing value, secret key decryption is carried out to response results ciphertext data, obtains the second of implementing result clear data and movement processor
Identity verifying information verifies the second identity verifying information and data check value, obtains verification result.Primary processor and machine
Die processor is communicated by ciphertext, and carries out legitimacy verifies to identity information and the communication information, can effectively prevent communication from believing
Breath is tampered, and prevents illegal computers or illegal program from manipulating trading instruction, and then the cash for improving cash processing terminal is handed over
Tractable safety.
Description of the drawings
Fig. 1 is the applied environment figure of cash processing terminal safety certifying method in one embodiment;
Fig. 2 is the flow diagram of cash processing terminal safety certifying method primary processor side in one embodiment;
Fig. 3 is that the current master key of primary processor side in one embodiment updates the flow diagram of step;
Fig. 4 is the flow diagram of the work at present key updating step of primary processor side in one embodiment;
Fig. 5 is the flow diagram of the first identity information verification step of primary processor side in one embodiment;
Fig. 6 is the flow diagram of cash processing terminal safety certifying method movement processor side in one embodiment;
Fig. 7 is that the current master key of movement processor side in one embodiment updates the flow diagram of step;
Fig. 8 is the flow diagram of the work at present key updating step of movement processor side in one embodiment;
Fig. 9 is the flow diagram of the second identity information verification step of movement processor side in one embodiment;
Figure 10 is that the current master key of cash processing terminal safety certifying method in one embodiment updates the flow of step
Schematic diagram;
Figure 11 is that the current master key of cash processing terminal safety certifying method in one embodiment updates the flow of step
Structure chart;
Figure 12 is the stream of the work at present key updating step of cash processing terminal safety certifying method in one embodiment
Journey structure chart;
Figure 13 is the flow knot of the identity information verification step of cash processing terminal safety certifying method in one embodiment
Composition;
Figure 14 is the flowage structure figure of the coded communication step of cash processing terminal safety certifying method in one embodiment;
Figure 15 is the structural schematic diagram of the primary processor side of cash processing terminal safety certification device in one embodiment;
Figure 16 is the structural schematic diagram of the movement processor side of cash processing terminal safety certification device in one embodiment;
Figure 17 is the structural schematic diagram of cash processing terminal in one embodiment;
Figure 18 is the structural schematic diagram of cash processing terminal in another embodiment.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing
Give the preferred embodiment of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes
The embodiment of description.On the contrary, purpose of providing these embodiments is make it is more thorough and comprehensive to the disclosure.
Unless otherwise defined, all of technologies and scientific terms used here by the article and belong to the technical field of the present invention
The normally understood meaning of technical staff is identical.Used term is intended merely to description tool in the description of the invention herein
The purpose of the embodiment of body, it is not intended that in the limitation present invention.Term " and or " used herein includes one or more phases
Any and all combinations of the Listed Items of pass.
Cash processing terminal safety certifying method provided in this embodiment, can be applied to application environment as shown in Figure 1
In.Wherein, ((Universal Serial Bus, general serial are total for such as serial ports or USB by the communications cable for primary processor 102
Line) interface) it is connect with movement processor 104.Primary processor 102 refers to the plaintext transaction of the first identity verifying information and acquisition
It enables and carries out key encryption, obtain ciphertext Transaction Information;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And
Ciphertext Transaction Information and instruction check value are transferred to movement processor;Receiver die processor 104 is based on ciphertext Transaction Information
With instruction check value, the response results ciphertext data of feedback and data check value;Key solution is carried out to response results ciphertext data
It is close, obtain implementing result clear data and the second identity verifying information;It is proved to be successful and data school in the second identity verifying information
When testing value and being proved to be successful, feedback result clear data.Wherein, primary processor 102 can be, but not limited to be industrial personal computer or various meters
Calculation machine, movement processor 104 are the banknote identification modules (core module) in atm device.
In one embodiment, as shown in Fig. 2, providing a kind of cash processing terminal safety certifying method, in this way
Applied to being illustrated for the primary processor in Fig. 1, include the following steps:
Step S210 carries out key encryption to the plaintext trading instruction of the first identity verifying information and acquisition, obtains close
Literary Transaction Information.
Wherein, the first identity verifying information refers to the identity verifying information of primary processor, and the first identity verifying information can
To be identity signing messages.Plaintext trading instruction refers to the plain-text instructions operated to movement processor, and transaction in plain text refers to
Order can be the trading instruction that the operator that primary processor is got sends.Key encryption is referred to using identical or symmetrical
The encryption method of operation is encrypted in key pair in plain text.Key can be character string.Ciphertext Transaction Information may include the first identity
The ciphertext of check information and the ciphertext of trading instruction.Optionally, plaintext trading instruction can be counting instruction, withdrawing the money instructs or deposit
Storage instruction.
Specifically, primary processor can obtain the plaintext trading instruction of operator's transmission, and by plaintext trading instruction and itself
The first identity verifying information carry out key encryption, obtain ciphertext Transaction Information, realize the encryption to trading instruction and the first body
The encryption of part check information, and then realize that primary processor is communicated with the ciphertext between movement processor, it improves at cash transaction
The safety of reason.
Step S220 obtains instruction check value by MAC algorithm process plaintext trading instructions;And by ciphertext Transaction Information
It is transferred to movement processor with instruction check value.
Wherein, MAC (Message Authentication Codes:Message authentication code) algorithm can be with key
Hash function algorithms, instruction check value refer to the check value of plaintext trading instruction.
Specifically, primary processor carries out MAC algorithm process to plaintext trading instruction, instruction check value can be obtained, and will refer to
Check value and ciphertext Transaction Information is enabled to be transferred to movement processor.By acquisition instruction check value, it can be achieved that trading instruction
Safety verification.
Step S230, receiver die processor are close based on ciphertext Transaction Information and instruction check value, the response results of feedback
Literary data and data check value.
Wherein, response results ciphertext data can be movement processor to implementing result clear data and the second proof of identity
Information carries out what key was encrypted.Implementing result clear data can be that movement processor is obtained according to decryption ciphertext Transaction Information
The plaintext trading instruction arrived and the first identity verifying information are executed and are merchandised in plain text when the first identity verifying information is proved to be successful
What instruction obtained.Data check value is what movement processor was obtained by MAC algorithm process implementing result clear datas.
Specifically, the response results ciphertext data and data check value of primary processor receiver die processor feedback.Wherein
Movement processor can be based on response results ciphertext data and data check value feedback ciphertext Transaction Information and instruction check value.It realizes
Ciphertext between primary processor and movement processor communicates, and improves the safety of cash transaction.
Step S240 carries out secret key decryption to response results ciphertext data, obtains implementing result clear data and the second body
Part check information.
Wherein, secret key decryption refers to the decryption side that operation is decrypted in plain text using identical or symmetrical key pair
Method.Implementing result clear data refers to that movement processor executes plaintext trading instruction, the result data of generation.Second identity school
The identity verifying information that information refers to movement processor is tested, the second identity verifying information can be identity signing messages.
Specifically, primary processor carries out secret key decryption to response results ciphertext data, and implementing result clear data can be obtained
With the second identity verifying information of movement processor.The ciphertext communication for realizing implementing result data, improves at cash transaction
The safety of reason.
Step S250 verifies the second identity verifying information and data check value, obtains verification result.
Specifically, the second identity verifying information of primary processor pair and data check value are verified respectively, in the second identity
When check information is proved to be successful and data check value is proved to be successful, execution result back clear data.Believe in the second proof of identity
When breath verification and data check value verify at least one authentication failed, feeding back unsuccessful information.By to identity information and data school
The verification for testing value enhances the safety of cash transaction.
In above-described embodiment, the plaintext trading instruction of the first identity verifying information of primary processor pair and acquisition carries out key
Encryption, obtains ciphertext Transaction Information.Primary processor obtains instruction check value, and will by MAC algorithm process plaintext trading instructions
Ciphertext Transaction Information and instruction check value are transferred to movement processor.Primary processor is receiving response results ciphertext data and data
When check value, secret key decryption is carried out to response results ciphertext data, obtains the of implementing result clear data and movement processor
Two identity verifying informations.Second identity verifying information and data check value are verified, verification result is obtained.Primary processor with
It is communicated by ciphertext between movement processor, and legitimacy verifies is carried out to identity information and the communication information (instruction and data),
Effectively the communication information can be prevented to be tampered, prevent illegal computers or illegal program from manipulating trading instruction, and then improved existing
The safety of the cash transaction processing of golden processing terminal.
In one embodiment, as shown in figure 3, the current master key update step of primary processor side includes:
Step S310 generates current master key when getting plaintext trading instruction.
Wherein, current master key can be used for cryptographic work key, it can also be used to decryption work key.
Specifically, primary processor generates current master key when getting plaintext trading instruction.Preferably, primary processor
When getting plaintext trading instruction every time, current master key is updated, generates updated current master key.
Step S320 encrypts the first identity verifying information and current master key by Preset Transfer key, it is close to obtain first
Key cipher-text information;And first key cipher-text information and the first master key check value are transferred to movement processor;First master key
The current master key encryption of check value first is preset check field and is obtained.
Wherein, transmission key can be used for encryption main key, it can also be used to decrypt master key.First key cipher-text information can wrap
Include the ciphertext of the ciphertext and current master key of the first identity verifying information.Optionally, the first default check field can be 4 bytes
Verification data, the verification data etc. of the verification data of 8 bytes or 16 bytes.Verification data can be the 0 of 16 systems.
Specifically, primary processor encrypts the first identity verifying information and current master key by Preset Transfer key, obtains
First key cipher-text information.Primary processor presets check field by current master key encryption first and obtains the verification of the first master key
Value, and first key cipher-text information and the first master key check value are transferred to movement processor, and then realize master key
Update.
In above-described embodiment, by when getting plaintext trading instruction, generating current master key, and to current master key
Transmission is encrypted, to realize the update of master key, and realize master key primary processor and movement processor it
Between interaction, improve the communication information (trading instruction and implementing result data) ciphertext communication safety.
In one embodiment, step S140 may include following steps:
Response results ciphertext data are decrypted by current master key, obtain implementing result clear data and the second proof of identity
Information.
Specifically, primary processor can decrypt response results ciphertext data by current master key, obtain implementing result in plain text
Second identity verifying information of data and movement processor.To realize the ciphertext communication of implementing result data, improve existing
The safety of golden trading processing.
In one embodiment, as shown in figure 4, the work at present key updating step of primary processor side includes:
Step S410 generates work at present key when getting plaintext trading instruction.
Wherein, work at present key can be used for coded communication information (trading instruction or implementing result data), it can also be used to
Decrypt the communication information.
Specifically, primary processor generates work at present key when getting plaintext trading instruction.Preferably, main process task
When device gets plaintext trading instruction every time, work at present key is updated, updated work at present key is generated.
Step S420 obtains the second key cipher-text information by current master key encryption work at present key;And by second
Key cipher-text information and the second working key check value are transferred to movement processor;Second working key check value is work at present
Key encrypts what the second default check field obtained.
Wherein, the second key cipher-text information may include the ciphertext of work at present key.Optionally, the second default check field
Can be the verification data of 4 bytes, the verification data etc. of the verification data of 8 bytes or 16 bytes.Verification data can be 16 into
The 0 of system.
Specifically, primary processor obtains the second key cipher-text information by current master key encryption work at present key.It is main
Processor encrypts the second default check field by work at present key and obtains the second master key check value, and the second key is close
Literary information and the second master key check value are transferred to movement processor, and then realize the update of working key.
In above-described embodiment, by when getting plaintext trading instruction, generating work at present key, and to work at present
Transmission is encrypted in key, to realize the update of working key, and realizes working key in primary processor and movement
Interaction between processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data).
In one embodiment, step S110 includes the following steps:
By work at present key encrypting plaintext trading instruction and the first identity verifying information, ciphertext Transaction Information is obtained.
Specifically, primary processor can by work at present key encrypting plaintext trading instruction and the first identity verifying information,
Obtain ciphertext Transaction Information.To realize the ciphertext communication of implementing result data, the safety of cash transaction processing is improved.
In one embodiment, as shown in figure 5, the first identity information verification step of primary processor side includes:
Step S510 verifies the first identity verifying information when getting plaintext trading instruction.
Specifically, the first identity verifying information can be the identity verifying information of primary processor.Primary processor is being got
When plaintext trading instruction, the identity legitimacy of the first identity verifying information by verifying primary processor improves cash transaction
Safety.
Plaintext trading instruction and the first identity verifying information are carried out key encryption, obtained by step S520 if being proved to be successful
Ciphertext Transaction Information.
Specifically, primary processor, can be by plaintext trading instruction and the first body when verifying the success of the first identity verifying information
Part check information carries out key encryption, to obtain ciphertext Transaction Information.
In one embodiment, primary processor returns to authentication failed information when verifying the failure of the first identity verifying information,
Thus prevent illegal computers or illegal program control machine die processor note output.
In one embodiment, as shown in fig. 6, providing a kind of cash processing terminal safety certifying method, in this way
Applied to being illustrated for the movement processor in Fig. 1, include the following steps:
Step S610 receives the ciphertext Transaction Information and instruction check value of primary processor transmission by movement driver, right
Ciphertext Transaction Information carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information.
Wherein, movement driver can be used for the transmission of the instruction between primary processor and movement processor, it can also be used to main place
Manage the data transmission between device and movement processor.
Specifically, movement processor can receive ciphertext Transaction Information and the instruction of primary processor transmission by movement driver
Check value.Movement processor can carry out secret key decryption to ciphertext Transaction Information, obtain plaintext trading instruction and the first proof of identity
Information.It is communicated by the ciphertext between movement processor and primary processor, improves the safety of cash transaction processing.
Step S620 is executed and is handed in plain text when the first identity verifying information is proved to be successful and instruction check value is proved to be successful
Easily instruction, obtains implementing result clear data.
Specifically, movement processor respectively verifies the first identity verifying information and instruction check value, in the first body
When part check information is proved to be successful and instruction check value is proved to be successful, movement processor can perform plaintext trading instruction, be held
Row result clear data.By the verification to identity information and instruction check value, the safety of cash transaction is enhanced.
Step S630 carries out key encryption to implementing result clear data and the second identity verifying information, and meet with a response knot
Fruit ciphertext data.
Specifically, movement processor can obtain the second identity verifying information of movement processor, and to the second proof of identity
Information and implementing result clear data carry out key encryption, the result that meets with a response ciphertext data.To realize to the second identity school
The encryption of the encryption and implementing result data of information is tested, and then realizes that the ciphertext between movement processor and primary processor communicates,
Improve the safety of cash transaction processing.
Step S640 obtains data check value by MAC algorithm process implementing result clear datas;And by response results
Ciphertext data and data check value are transferred to primary processor by movement driver.
Specifically, movement processor carries out MAC algorithm process to implementing result clear data, and data check value can be obtained,
And data check value and response results ciphertext data are transferred to primary processor by movement driver.By obtaining data check
It is worth the safety verification, it can be achieved that implementing result data.
In above-described embodiment, movement processor can carry out secret key decryption to receiving ciphertext Transaction Information, obtain handing in plain text
Easily instruction and the first identity verifying information.Movement processor can be proved to be successful in the first identity verifying information and instruction check value is tested
When demonstrate,proving successfully, plaintext trading instruction is executed, implementing result clear data is obtained.Movement processor to implementing result clear data with
The progress key encryption of second identity verifying information, the result that meets with a response ciphertext data, and it is bright by MAC algorithm process implementing results
Literary data obtain data check value.To which response results ciphertext data and data check value are transferred to by movement driver
Primary processor.It is communicated by ciphertext between movement processor and primary processor, and to identity information and the communication information (instruction sum number
According to) legitimacy verifies are carried out, effectively the communication information can be prevented to be tampered, prevent illegal computers or illegal program from manipulating transaction
Instruction, and then improve the safety of the cash transaction processing of cash processing terminal.
In one embodiment, as shown in fig. 7, the current master key update step of movement processor side includes:
Step S710, according to the first key cipher-text information and the first master key check value of primary processor transmission, by pre-
If transmission key decrypts first key cipher-text information, current master key and the first identity verifying information are obtained.
Specifically, the first key ciphertext that movement processor can be transmitted by Preset Transfer secret key decryption primary processor is believed
Breath, obtains current master key and the first identity verifying information.By the encrypted transmission of current master key, movement processor can be decrypted
Get current master key.
Step S720 presets check field by current master key encryption first, obtains current master key check value.
Specifically, movement processor presets check field by current master key encryption first, and current master key can be obtained
Check value.Current master key check value can be used for being compared verification with the first master key check value that primary processor transmits.
Step S730 preserves current master key when current master key check value is equal to the first master key check value.
Specifically, movement processor verifies current master key check value and the first master key check value, in current master key
When check value is equal to the first master key check value, current master key is preserved.To realize the master key update of movement processor side.
In above-described embodiment, it is decrypted by the first key cipher-text information transmitted to primary processor, and to first
Master key check value is verified, and to realize the update of master key, and realizes master key in movement processor and master
Interaction between processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data).
In one embodiment, step S610 includes the following steps:
Ciphertext Transaction Information is decrypted by current master key, obtains plaintext trading instruction and the first identity verifying information.
Specifically, movement processor can by current master key decrypt ciphertext Transaction Information, obtain plaintext trading instruction and
First identity verifying information of primary processor.To realize the ciphertext communication of trading instruction, cash transaction processing is improved
Safety.
In one embodiment, as shown in figure 8, the work at present key updating step of movement processor side includes:
Step S810 passes through according to the second key cipher-text information and the second working key check value of primary processor transmission
Current master key decrypts the second key cipher-text information, obtains work at present key.
Specifically, movement processor decrypts the second key cipher-text information of primary processor transmission by current master key, can
Work at present key is obtained, by the encrypted transmission of work at present key, movement processor can decrypt that get work at present close
Key.
Step S820 encrypts the second default check field by work at present key, obtains work at present keycheck value.
Specifically, movement processor encrypts the second default check field by work at present key, and work at present can be obtained
Keycheck value.The second master key check value that work at present keycheck value can be used for primary processor transmits, which is compared, to be tested
Card.
Step S830 preserves work at present key when work at present keycheck value is equal to the second master key check value.
Specifically, movement processor verification work at present keycheck value and the second master key check value, in work at present
When keycheck value is equal to the second master key check value, work at present key is preserved.To realize the work of movement processor side
Key updating.
In above-described embodiment, by the way that the second key cipher-text information that primary processor transmits is decrypted, and to second
Master key check value is verified, and to realize the update of working key, and realizes working key in movement processor
Interaction between primary processor improves the safety of the ciphertext communication of the communication information (trading instruction and implementing result data)
Property.
In one embodiment, step S630 includes the following steps:
Implementing result clear data is encrypted by work at present key and the second identity verifying information, the result that meets with a response are close
Literary data.
Specifically, movement processor can encrypt implementing result clear data and the second proof of identity by work at present key
Information, the result that meets with a response ciphertext data.To realize the ciphertext communication of implementing result data, cash transaction processing is improved
Safety.
In one embodiment, as shown in figure 9, the second identity information verification step of movement processor side includes:
Step S910 verifies the second identity verifying information when getting ciphertext Transaction Information.
Specifically, the second identity verifying information can be the identity verifying information of movement processor.Movement processor is obtaining
When getting ciphertext Transaction Information, by the identity legitimacy of the second identity verifying information of verification machine die processor, cash is improved
The safety of transaction.
Step S920 is decrypted ciphertext Transaction Information if being proved to be successful, and obtains plaintext trading instruction and the first identity
Check information.
Specifically, movement processor can carry out ciphertext Transaction Information close when verifying the success of the second identity verifying information
Key is decrypted, to obtain plaintext trading instruction and the first identity verifying information.
In one embodiment, movement processor returns to authentication failed letter when verifying the failure of the second identity verifying information
Breath, thus prevents illegal computers or illegal program control machine die processor note output.
In one embodiment, as shown in Figure 10, it is the current master key update of cash processing terminal safety certifying method
The flow diagram of step.The detailed process of current master key update step is:Movement driver initiates master key update request.
Primary processor can be updated according to master key asks, and generates master key and generates the first master key check value.Primary processor can pass through
First identity verifying information of transmission key encryption main key and primary processor obtains encrypted master key information, and will add
Master key information after close is transferred to movement driver.Machine drive can send the encrypted master key information received
Give movement processor.Movement processor can decrypt encrypted master key information by transmission key, obtain master key and first
Identity verifying information.Movement processor produces current master key check value, and verifies whether current master key check value is equal to
First master key check value of primary processor transmission returns successfully if being equal to, and otherwise returns to failure.To realize to master key
Update, and realize that the master key between primary processor and movement processor interacts.
In one embodiment, as shown in figure 11, it is the current master key update of cash processing terminal safety certifying method
The flowage structure figure of step.The detailed process of current master key update step is:
1, the transmission secret key TK (TransferKey) of 16 bytes is preset;
2, primary processor generates the first identity verifying information IPCID of 8 bytes;
3, primary processor generates the main secret key MK (MasterKey) of 16 bytes;
4, primary processor generates check value KVV (the Key Verify Value of 4 bytes:Keycheck value), wherein verifying
Value KVV can encrypt to obtain by MK couples of 8 0x00 of master key;
5, primary processor obtains DATA_ by transmitting secret key TK encryptions the first identity verifying information IPCID and main secret key MK
A splices data DATA_A and KVV, and DATA_A and KVV is transferred to movement processor, and 3DES can be used in wherein primary processor
Cipher mode be encrypted;
6, movement processor decrypts DATA_A by transmitting secret key TK, obtains the first identity verifying information IPCID and master is secret
Key MK, movement processor generate new KVV, and verify the KVV whether new KVV is equal to primary processor transmission and returned if being equal to
Otherwise successful information returns to failure information.Wherein movement processor can be used the manner of decryption of 3DES and be decrypted.
In one embodiment, as shown in figure 12, more for the work at present key of cash processing terminal safety certifying method
The flowage structure figure of new step.The detailed process of work at present key updating step is:
1, the check field T of 8 bytes is preset;
2, primary processor generates the work secret key WK (WorkKey) of 16 bytes, and passes through main secret key MK decryption work secret keys
WK obtains the DATA_B of 16 bytes;Wherein primary processor can be used the manner of decryption of 3DES and be decrypted;
3, primary processor obtains the DATA_C of 8 bytes by the secret key WK cryptographic check field T that work;Wherein primary processor
The cipher mode that 3DES can be used is encrypted;
4, primary processor splices DATA_B and DATA_C, and DATA_B and DATA_C are transferred to movement processor;
5, movement processor encrypts DATA_B by main secret key MK, obtains work secret key WK;Pass through the secret key WK decryption that works
DATA_C obtains check field T1;And verify whether check field T1 is equal to preset check field T, successfully believe if so, returning
Breath, otherwise returns to failure information.
In one embodiment, as shown in figure 13, it is the identity information verification step of cash processing terminal safety certifying method
Rapid flowage structure figure.Currently the detailed process of identity information verification step is:
1, the first identity verifying information certification
After receiving trade command, the legitimacy that movement driver initiates the first identity verifying information to primary processor is tested
Trading instruction and the first identity verifying information are obtained transaction ciphertext letter by card request after being verified by working key encryption
Breath, and transaction cipher-text information is sent to movement processor.
When movement processor receives transaction cipher-text information, transaction cipher-text information is decrypted by working key, is obtained
Trade command and the first identity verifying information;Movement processor deposits the first identity verifying information that primary processor transmits with inside
First identity verifying information of storage binding is matched;Successful match then executes trading instruction, obtains implementing result data;And
By working key encryption implementing result data, the ciphertext that meets with a response data, and response cyphertext data are transferred to primary processor.
2, the second identity verifying information certification
When primary processor receives the transaction response cyphertext data of movement processor transmission, second is initiated to primary processor
The legitimate verification of identity verifying information.The second identity verifying information and storage inside that primary processor transmits movement processor
Second identity verifying information of binding is matched;Response cyphertext data deciphering of merchandising is obtained implementing result number by successful match
According to.
In one embodiment, as shown in figure 14, it is the coded communication step of cash processing terminal safety certifying method
Flowage structure figure.The detailed process of coded communication step is:
1, trading instruction DATA0 and movement random number HWRand1 are sent to primary processor by movement driver;
2, primary processor handles DATA0, HWRand1 and PCRand0 (primary processor random number) by working key WK and obtains
To check value MAC_0, DATA0+MAC_0 is transferred to by movement processor by movement driver;Wherein DATA0, HWRand1 and
When the integral multiple of inadequate 8 byte of total length of data of PCRand0, it can be supplemented by 0x00;
3, movement processor can generate check value 1_MAC by step 2, and check value 1_MAC and primary processor are transmitted
MAC_0 matched, if successful match, execute trade command, otherwise report an error;
4, movement processor generates transaction response data DATA1, updates movement random number HWRand2, passes through working key
WK processing DATA1, HWRand2 and PCRand0 obtain check value MAC_1, and DATA1 and MAC_1 are sent to movement driver;
When the integral multiple of inadequate 8 byte of total length of data of wherein DATA1, HWRand2 and PCRand0, it can be supplemented by 0x00;
5, transaction response data DATA1 and movement random number HWRand2 is sent to primary processor by movement driver;
6, primary processor can generate check value m_MAC by step 4, and check value m_MAC and movement processor are transmitted
Check value MAC_1 matched, if successful match, continue to execute, otherwise return failure.
It should be understood that although each step in the flow chart of Fig. 2-10 is shown successively according to the instruction of arrow,
Be these steps it is not that the inevitable sequence indicated according to arrow executes successively.Unless expressly stating otherwise herein, these steps
There is no stringent sequences to limit for rapid execution, these steps can execute in other order.Moreover, in Fig. 2-10 at least
A part of step may include that either these sub-steps of multiple stages or stage are not necessarily in same a period of time to multiple sub-steps
Quarter executes completion, but can execute at different times, the execution in these sub-steps or stage be sequentially also not necessarily according to
Secondary progress, but can either the sub-step of other steps or at least part in stage in turn or replace with other steps
Ground executes.
In one embodiment, as shown in figure 15, a kind of cash processing terminal safety certification device is provided, including:Refer to
Enable encryption unit 110, instruction check value acquiring unit 120, data capture unit 130, data decryption unit 140, Information Authentication
Unit 150, wherein:
Encryption unit 110 is instructed, for carrying out key to the plaintext trading instruction of the first identity verifying information and acquisition
Encryption, obtains ciphertext Transaction Information;
Instruction check value acquiring unit 120, for by MAC algorithm process plaintext trading instructions, obtaining instruction check value;
And ciphertext Transaction Information and instruction check value are transferred to movement processor;
Data capture unit 130, for receiver die processor based on ciphertext Transaction Information and instruction check value, feedback
Response results ciphertext data and data check value;
Data decryption unit 140 obtains implementing result plaintext number for carrying out secret key decryption to response results ciphertext data
According to the second identity verifying information;
Information Authentication unit 150 obtains verification knot for being verified to the second identity verifying information and data check value
Fruit.
In one embodiment, as shown in figure 16, a kind of cash processing terminal safety certification device is provided, including:Refer to
210 instruction execution unit of decryption unit, 220 DEU data encryption unit, 230 data check value acquiring unit 240 is enabled, wherein:
Instruction decryption unit 210, for receiving the ciphertext Transaction Information and refer to that primary processor transmits by movement driver
Check value is enabled, secret key decryption is carried out to ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit 220, for when the first identity verifying information is proved to be successful and instruction check value is proved to be successful,
Plaintext trading instruction is executed, implementing result clear data is obtained;
DEU data encryption unit 230, for carrying out key encryption to implementing result clear data and the second identity verifying information,
The result that meets with a response ciphertext data;
Data check value acquiring unit 240, for by MAC algorithm process implementing result clear datas, obtaining data school
Test value;And response results ciphertext data and data check value are transferred to primary processor by movement driver.
It will be understood by those skilled in the art that structure shown in Figure 15 and Figure 16, only with this embodiment scheme phase
The block diagram of the part-structure of pass does not constitute the restriction for the cash processing terminal being applied thereon to this embodiment scheme, tool
The cash processing terminal of body may include either combining certain components than more or fewer components as shown in the figure or having
Different component arrangements.
In one embodiment, as shown in figure 17, a kind of cash processing terminal (such as atm device), including main place are provided
It manages device 310 and connects the movement processor 320 of primary processor 310;
Primary processor 310 can realize following steps when executing:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter
Breath;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are passed
It is defeated by movement processor 320;Response knot of the receiver die processor 320 based on ciphertext Transaction Information and instruction check value, feedback
Fruit ciphertext data and data check value;To response results ciphertext data carry out secret key decryption, obtain implementing result clear data and
Second identity verifying information;When the second identity verifying information is proved to be successful and data check value is proved to be successful, to the second identity
Check information and data check value are verified, and verification result is obtained.
Movement processor 320 can realize following steps when executing:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe
Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;It is proved to be successful and refers in the first identity verifying information
When check value being enabled to be proved to be successful, plaintext trading instruction is executed, implementing result clear data is obtained;To implementing result clear data with
Second identity verifying information carries out key encryption, the result that meets with a response ciphertext data;In plain text by MAC algorithm process implementing result
Data obtain data check value;And response results ciphertext data and data check value are transferred to main place by movement driver
Manage device 310.
In one embodiment, as shown in figure 18, cash processing terminal may include movement driver 430 and connection movement
Primary processor 410, the movement processor 420 of driver 430.Wherein primary processor 410 can be used for the data at primary processor end and add
Close decryption operation, offer authentication ability etc.;Movement processor 420 can be used for the data ciphering and deciphering operation at movement end, carry
For authentication ability etc..Preferably, primary processor 420 can be industrial personal computer, and movement driver 430 can also be to be mounted on master
Movement dynamic base in processor.
Cash processing terminal realizes that the detailed process of transactional operation is:
1, trading instruction is initiated;
2, corresponding operational order in trading instruction is sent to primary processor 410, main process task by movement driver 430 in plain text
Device 410 obtains ciphertext operation information by key cryptographic operation instruction plaintext and the first identity verifying information of affix;Wherein
One identity verifying information section includes the identity signing messages of industrial personal computer and the identity signing messages of application program;
3, ciphertext operation information is sent to movement processor 420 by movement driver 430;
4, movement processor 420 decrypts ciphertext operation information, obtains operational order and the first identity verifying information, and
The legitimacy of one identity verifying information will execute operational order when verification passes through;
5, plaintext response results data are obtained after movement processor 420 has executed operational order, and by plaintext response results
The second identity verifying information is enclosed after data encryption, obtains cyphertext responses result data, and cyphertext responses result data is sent
To movement driver 430;
6, cyphertext responses result data is transferred to primary processor 410 by movement driver 430, and primary processor 410 is to ciphertext
Response results data are decrypted, and obtain plaintext response results data, and plaintext response results data are sent to movement driving
Device 430;
In above-described embodiment, cash processing terminal carries out layering peace by physical hardware layer, data link layer and driving layer
Full certification from bottom software to business software, covers the safety certification of the transaction flow of entire terminal from hardware to software.
It is communicated by the ciphertext between primary processor and movement processor, dynamic enchancement factor is contained in ciphertext, can be effectively prevent
Serial ports is retransmitted so that movement does not stop note output, even cracks the communication protocol between movement and PC.At primary processor and movement
The legitimate verification for managing the identity information between device can effectively prevent illegal computers or illegal program, control cash equipment to go out
Paper money.By the communication information legitimate verification between primary processor and movement processor, the data of communication are taken at MAC algorithms
Reason carries out legitimacy verifies by MAC algorithms, and the data realization for distorting legitimate correspondence can be effectively prevent to have more paper money.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program realizes following steps when being executed by processor:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext transaction letter
Breath;By MAC algorithm process plaintext trading instructions, instruction check value is obtained;And ciphertext Transaction Information and instruction check value are passed
It is defeated by movement processor;Receiver die processor is based on ciphertext Transaction Information and instruction check value, the response results ciphertext of feedback
Data and data check value;Secret key decryption is carried out to response results ciphertext data, obtains implementing result clear data and the second body
Part check information;Second identity verifying information and data check value are verified, verification result is obtained.
In one embodiment, following steps are also realized when computer program is executed by processor:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to ciphertext and believe
Breath is decrypted, and obtains plaintext trading instruction and the first identity verifying information;It is proved to be successful and refers in the first identity verifying information
When check value being enabled to be proved to be successful, plaintext trading instruction is executed, implementing result clear data is obtained;To implementing result clear data with
Second identity verifying information carries out key encryption, the result that meets with a response ciphertext data;In plain text by MAC algorithm process implementing result
Data obtain data check value;And response results ciphertext data and data check value are transferred to main place by movement driver
Manage device.
Its function can be realized when being executed by processor about the computer program stored in computer readable storage medium
Specific method may refer to the explanation above for cash processing terminal safety certifying method, and details are not described herein.Above-mentioned meter
Modules in calculation machine readable storage medium storing program for executing can be realized fully or partially through software, hardware and combinations thereof.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, it is all considered to be the range of this specification record.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the stream of the embodiment of above-mentioned each division operation method
Journey.Wherein, used in each embodiment provided herein to any of memory, storage, database or other media
Reference, may each comprise non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), can
Programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory
It may include random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is with a variety of shapes
Shi Ke get, such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram
(DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus
(Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram
(RDRAM) etc..
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention
Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (15)
1. a kind of cash processing terminal safety certifying method, which is characterized in that include the following steps:
Key encryption is carried out to the plaintext trading instruction of the first identity verifying information and acquisition, obtains ciphertext Transaction Information;
By plaintext trading instruction described in MAC algorithm process, instruction check value is obtained;And by the ciphertext Transaction Information and described
Instruction check value is transferred to movement processor;
Receive response results ciphertext of the movement processor based on the ciphertext Transaction Information and described instruction check value, feedback
Data and data check value;
Secret key decryption is carried out to the response results ciphertext data, obtains implementing result clear data and the second proof of identity letter
Breath;
Second identity verifying information and the data check value are verified, verification result is obtained.
2. cash processing terminal safety certifying method according to claim 1, which is characterized in that described to the first identity school
Include before testing the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information:
When getting the plaintext trading instruction, current master key is generated;
First identity verifying information and the current master key are encrypted by Preset Transfer key, obtains first key ciphertext
Information;And the first key cipher-text information and the first master key check value are transferred to the movement processor;Described first
The master key check value current master key encryption first is preset check field and is obtained.
3. cash processing terminal safety certifying method according to claim 2, which is characterized in that described to be tied to the response
Fruit ciphertext data carry out secret key decryption, and the step of obtaining implementing result clear data and the second identity verifying information includes:
The response results ciphertext data are decrypted by the current master key, obtain the implementing result clear data and described
Second identity verifying information.
4. cash processing terminal safety certifying method according to claim 2, which is characterized in that described to the first identity school
Include before testing the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information:
When getting the plaintext trading instruction, work at present key is generated;
By work at present key described in the current master key encryption, the second key cipher-text information is obtained;And by described second
Key cipher-text information and the second working key check value are transferred to the movement processor;The second working key check value is
The work at present key encrypts what the second default check field obtained.
5. cash processing terminal safety certifying method according to claim 4, which is characterized in that described to the first identity school
It tests the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information and includes:
The plaintext trading instruction and first identity verifying information are encrypted by the work at present key, is obtained described close
Literary Transaction Information.
6. cash processing terminal safety certifying method according to claim 1, which is characterized in that described to the first identity school
It tests the step of the plaintext trading instruction of information and acquisition carries out key encryption, obtains ciphertext Transaction Information and includes:
When getting the plaintext trading instruction, first identity verifying information is verified;
If being proved to be successful, the plaintext trading instruction and first identity verifying information are subjected to key encryption, obtained described
Ciphertext Transaction Information.
7. a kind of cash processing terminal safety certifying method, which is characterized in that include the following steps:
The ciphertext Transaction Information and instruction check value that primary processor transmission is received by movement driver, merchandise to the ciphertext and believe
Breath carries out secret key decryption, obtains plaintext trading instruction and the first identity verifying information;
When first identity verifying information is proved to be successful and described instruction check value is proved to be successful, the plaintext transaction is executed
Instruction, obtains implementing result clear data;
Key encryption, the result that meets with a response ciphertext number are carried out to the implementing result clear data and the second identity verifying information
According to;
By implementing result clear data described in MAC algorithm process, data check value is obtained;And by the response results ciphertext number
The primary processor is transferred to by the movement driver according to the data check value.
8. cash processing terminal safety certifying method according to claim 7, which is characterized in that described to be driven by movement
Device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and secret key decryption is carried out to the ciphertext Transaction Information,
It obtains plaintext trading instruction and includes before the step of the first identity verifying information:
According to the first key cipher-text information and the first master key check value of primary processor transmission, pass through Preset Transfer key
The first key cipher-text information is decrypted, current master key and first identity verifying information are obtained;
Check field is preset by the current master key encryption first, obtains current master key check value;
When the current master key check value is equal to the first master key check value, the current master key is preserved.
9. cash processing terminal safety certifying method according to claim 8, which is characterized in that described to be driven by movement
Device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and secret key decryption is carried out to the ciphertext Transaction Information,
Obtain plaintext trading instruction includes with the step of the first identity verifying information:
The ciphertext Transaction Information is decrypted by the current master key, obtains the plaintext trading instruction and first identity
Check information.
10. cash processing terminal safety certifying method according to claim 8, which is characterized in that described to be driven by movement
Dynamic device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and key solution is carried out to the ciphertext Transaction Information
Close, obtain plaintext trading instruction includes with the step of the first identity verifying information:
According to the second key cipher-text information and the second working key check value of primary processor transmission, pass through the current master
Second key cipher-text information described in secret key decryption, obtains work at present key;
The second default check field is encrypted by the work at present key, obtains work at present keycheck value;
When the work at present keycheck value is equal to the second master key check value, the work at present key is preserved.
11. cash processing terminal safety certifying method according to claim 10, which is characterized in that described to the execution
As a result the step of clear data and the second identity verifying information carry out key encryption, the result that meets with a response ciphertext data include:
The implementing result clear data and second identity verifying information are encrypted by the work at present key, obtains institute
State response results ciphertext data.
12. cash processing terminal safety certifying method according to claim 7, which is characterized in that described to be driven by movement
Dynamic device receives the ciphertext Transaction Information and instruction check value of primary processor transmission, and key solution is carried out to the ciphertext Transaction Information
Close, obtain plaintext trading instruction includes with the step of the first identity verifying information:
When getting the ciphertext Transaction Information, second identity verifying information is verified;
If being proved to be successful, the ciphertext Transaction Information is decrypted, obtains the plaintext trading instruction and first identity
Check information.
13. a kind of cash processing terminal safety certification device, which is characterized in that including:
Encryption unit is instructed, for carrying out key encryption to the plaintext trading instruction of the first identity verifying information and acquisition, is obtained
To ciphertext Transaction Information;
Instruction check value acquiring unit, for by plaintext trading instruction described in MAC algorithm process, obtaining instruction check value;And
The ciphertext Transaction Information and described instruction check value are transferred to movement processor;
Data capture unit, for receive the movement processor be based on the ciphertext Transaction Information and described instruction check value,
The response results ciphertext data and data check value of feedback;
Data decryption unit obtains implementing result clear data for carrying out secret key decryption to the response results ciphertext data
With the second identity verifying information;
Information Authentication unit obtains verification for being verified to second identity verifying information and the data check value
As a result.
14. a kind of cash processing terminal safety certification device, which is characterized in that including:
Instruction decryption unit, ciphertext Transaction Information and instruction check for receiving primary processor transmission by movement driver
Value carries out secret key decryption to the ciphertext Transaction Information, obtains plaintext trading instruction and the first identity verifying information;
Instruction execution unit, for being proved to be successful in first identity verifying information and described instruction check value is proved to be successful
When, the plaintext trading instruction is executed, implementing result clear data is obtained;
DEU data encryption unit is obtained for carrying out key encryption to the implementing result clear data and the second identity verifying information
To response results ciphertext data;
Data check value acquiring unit, for by implementing result clear data described in MAC algorithm process, obtaining data check
Value;And the response results ciphertext data and the data check value are transferred to the main process task by the movement driver
Device.
15. a kind of cash processing terminal, which is characterized in that the movement processing including primary processor and the connection primary processor
Device;
The primary processor requires the cash processing terminal safety certifying method described in any one of 1 to 6 for perform claim;
The movement processor requires the cash processing terminal safety certification side described in any one of 7 to 12 for perform claim
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810283113.5A CN108768924B (en) | 2018-04-02 | 2018-04-02 | Cash processing terminal security authentication method and device and cash processing terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810283113.5A CN108768924B (en) | 2018-04-02 | 2018-04-02 | Cash processing terminal security authentication method and device and cash processing terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108768924A true CN108768924A (en) | 2018-11-06 |
CN108768924B CN108768924B (en) | 2021-06-08 |
Family
ID=63980542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810283113.5A Active CN108768924B (en) | 2018-04-02 | 2018-04-02 | Cash processing terminal security authentication method and device and cash processing terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108768924B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110650477A (en) * | 2019-08-19 | 2020-01-03 | 中移(杭州)信息技术有限公司 | Interaction method, platform, server and storage medium of NB-IOT (NB-IOT) equipment |
CN111212042A (en) * | 2019-12-24 | 2020-05-29 | 腾讯科技(深圳)有限公司 | Data transmission method, device and system |
CN111416788A (en) * | 2019-01-04 | 2020-07-14 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmitted data from being tampered |
CN113392419A (en) * | 2021-07-05 | 2021-09-14 | 南方电网科学研究院有限责任公司 | Safety synchronization control method, device and equipment based on Chinese remainder theorem |
CN115118439A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201397546Y (en) * | 2009-03-19 | 2010-02-03 | 东方通信股份有限公司 | Communication encrypting device for ATM cash dispenser |
CN102426642A (en) * | 2011-10-28 | 2012-04-25 | 深圳市江波龙电子有限公司 | Information reading processor, card swiping system and method for live transaction |
CN103064678A (en) * | 2012-12-24 | 2013-04-24 | 广州广电运通金融电子股份有限公司 | Method and device for call control of hardware instruction |
CN104123783A (en) * | 2013-04-28 | 2014-10-29 | 恒银金融科技有限公司 | Safety device for cash-out module and realization method of safety device |
CN104408834A (en) * | 2014-12-05 | 2015-03-11 | 湖南长城信息金融设备有限责任公司 | Method and system for controlling depositing and withdrawing safety based on safety core |
CN204557665U (en) * | 2015-03-13 | 2015-08-12 | 东方通信股份有限公司 | A kind of ATM encryption authorization hub |
CN205541148U (en) * | 2016-01-22 | 2016-08-31 | 广州御银科技股份有限公司 | Go out paper money system based on close algorithm of state |
WO2017109994A1 (en) * | 2015-12-25 | 2017-06-29 | 日立オムロンターミナルソリューションズ株式会社 | Automated transaction system |
CN107657452A (en) * | 2017-09-20 | 2018-02-02 | 深圳怡化电脑股份有限公司 | A kind of processing method and processing device of trading instruction |
CN107786550A (en) * | 2017-10-17 | 2018-03-09 | 中电长城(长沙)信息技术有限公司 | A kind of safety communicating method of self-service device, safe communication system and self-service device |
-
2018
- 2018-04-02 CN CN201810283113.5A patent/CN108768924B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201397546Y (en) * | 2009-03-19 | 2010-02-03 | 东方通信股份有限公司 | Communication encrypting device for ATM cash dispenser |
CN102426642A (en) * | 2011-10-28 | 2012-04-25 | 深圳市江波龙电子有限公司 | Information reading processor, card swiping system and method for live transaction |
CN103064678A (en) * | 2012-12-24 | 2013-04-24 | 广州广电运通金融电子股份有限公司 | Method and device for call control of hardware instruction |
CN104123783A (en) * | 2013-04-28 | 2014-10-29 | 恒银金融科技有限公司 | Safety device for cash-out module and realization method of safety device |
CN104408834A (en) * | 2014-12-05 | 2015-03-11 | 湖南长城信息金融设备有限责任公司 | Method and system for controlling depositing and withdrawing safety based on safety core |
CN204557665U (en) * | 2015-03-13 | 2015-08-12 | 东方通信股份有限公司 | A kind of ATM encryption authorization hub |
WO2017109994A1 (en) * | 2015-12-25 | 2017-06-29 | 日立オムロンターミナルソリューションズ株式会社 | Automated transaction system |
CN205541148U (en) * | 2016-01-22 | 2016-08-31 | 广州御银科技股份有限公司 | Go out paper money system based on close algorithm of state |
CN107657452A (en) * | 2017-09-20 | 2018-02-02 | 深圳怡化电脑股份有限公司 | A kind of processing method and processing device of trading instruction |
CN107786550A (en) * | 2017-10-17 | 2018-03-09 | 中电长城(长沙)信息技术有限公司 | A kind of safety communicating method of self-service device, safe communication system and self-service device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111416788A (en) * | 2019-01-04 | 2020-07-14 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmitted data from being tampered |
CN111416788B (en) * | 2019-01-04 | 2023-08-08 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmission data from being tampered |
CN110650477A (en) * | 2019-08-19 | 2020-01-03 | 中移(杭州)信息技术有限公司 | Interaction method, platform, server and storage medium of NB-IOT (NB-IOT) equipment |
CN110650477B (en) * | 2019-08-19 | 2023-07-11 | 中移(杭州)信息技术有限公司 | Interaction method, platform, server and storage medium of NB-IOT equipment |
CN111212042A (en) * | 2019-12-24 | 2020-05-29 | 腾讯科技(深圳)有限公司 | Data transmission method, device and system |
CN113392419A (en) * | 2021-07-05 | 2021-09-14 | 南方电网科学研究院有限责任公司 | Safety synchronization control method, device and equipment based on Chinese remainder theorem |
CN115118439A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
CN115118439B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
Also Published As
Publication number | Publication date |
---|---|
CN108768924B (en) | 2021-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108768924A (en) | Cash processing terminal safety certifying method, device and cash processing terminal | |
CN102317904B (en) | System and methods for encryption with authentication integrity | |
US6678270B1 (en) | Packet interception system including arrangement facilitating authentication of intercepted packets | |
CA2257477C (en) | Process for cryptographic code management between a first computer unit and a second computer unit | |
CN109756343A (en) | Authentication method, device, computer equipment and the storage medium of digital signature | |
CN109347627A (en) | Data encryption/decryption method, device, computer equipment and storage medium | |
EP0292790A2 (en) | Controlling the use of cryptographic keys via generating station established control values | |
CN107948736A (en) | A kind of audio and video preservation of evidence method and system | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
JPS625544B2 (en) | ||
CN109495445A (en) | Identity identifying method, device, terminal, server and medium based on Internet of Things | |
CN102484638A (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
KR20220117211A (en) | Contactless Card Personal Identification System | |
CN106411926A (en) | Data encryption communication method and system | |
CN105897748B (en) | A kind of transmission method and equipment of symmetric key | |
CN108199847A (en) | Security processing method, computer equipment and storage medium | |
CN108243197A (en) | A kind of data distribution, retransmission method and device | |
US9553729B2 (en) | Authentication method between a reader and a radio tag | |
CN108599926A (en) | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys | |
CN108809936A (en) | A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm | |
CN107615703B (en) | Embedding protected memory access into RFID authentication process based on challenge-response mechanism | |
CN113259116A (en) | Sensor data uplink method and system based on aggregated signature | |
CN108200085A (en) | A kind of data distribution, retransmission method and device | |
CN111327591A (en) | Data transmission method, system and storage medium based on block chain | |
CN107395600A (en) | Business datum verification method, service platform and mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |