CN109784076B - Encryption and decryption method of 8583 protocol - Google Patents
Encryption and decryption method of 8583 protocol Download PDFInfo
- Publication number
- CN109784076B CN109784076B CN201910024059.7A CN201910024059A CN109784076B CN 109784076 B CN109784076 B CN 109784076B CN 201910024059 A CN201910024059 A CN 201910024059A CN 109784076 B CN109784076 B CN 109784076B
- Authority
- CN
- China
- Prior art keywords
- data
- group
- protocol
- encrypted
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an encryption and decryption method of 8583 protocol, wherein a terminal adopting the 8583 protocol is provided with a master key, when in encryption, the master key is firstly used as the key to carry out DES encryption on a bitmap field in a 8583 protocol data packet, encrypted data is used for replacing an original bitmap field, secondly, 55-field data in the 8583 protocol data packet is encrypted and replaced, and finally, the data in the 8583 protocol data packet after being encrypted is processed into a ciphertext; during decryption, firstly, the ciphertext is reversely processed to obtain decrypted data, secondly, the decrypted data is analyzed to obtain a bitmap domain, DES decryption is carried out on the bitmap domain by using a main key to obtain an original bitmap domain, and finally, the encrypted 55-domain data is restored. The invention encrypts and decrypts the 8583 protocol data packet, and can prevent sensitive information from being leaked in the information transmission process.
Description
Technical Field
The invention relates to the technical field of network information communication encryption and decryption, in particular to an encryption and decryption method of 8583 protocol.
Background
The 8583 protocol is a communication protocol based on a packet format of an international standard of an ISO8583 message, and the 8583 packet is composed of 128 field fields at most, each field has a uniform specification and has a fixed length and a variable length. The front section of the 8583 packet is a bitmap which is a key substitute of a field domain determined by packaging and unpacking, the bitmap is a soul of the 8583 packet which is a key of the field domain determined by packaging and unpacking, and the knowledge of the attribute of each field domain is the basis of filling data. The 8583 protocol is mostly used in the development of POS. The 8583 protocol is a public protocol, and the format of the public protocol is public, so that anyone can parse the 8583 data packet according to a public document, which may cause sensitive information (such as a merchant number, a terminal number, bank card data and the like) to be leaked.
At present, the Union pay usually adopts 55 fields of 8583 protocols, and 55 fields are machines, namely POS machines or ATM equipment and the like, and are calculated through Union pay specifications. The consumption transaction occurs, the transaction message is sent to the card issuer, and the card issuer firstly checks the validity of 55 fields.
Disclosure of Invention
The invention provides an encryption and decryption method of 8583 protocol, which is used for encrypting and decrypting 8583 protocol data packets and preventing sensitive information from being leaked, and aims to solve the problem that sensitive information is possibly leaked during the transmission of the current 8583 protocol.
In order to achieve the purpose, the invention adopts the following technical scheme: a terminal adopting 8583 protocol is provided with a master key, when encryption is carried out, the master key is used as the key to carry out DES encryption on a bitmap field in a 8583 protocol data packet, encrypted data is used for replacing an original bitmap field, 55-field data in the 8583 protocol data packet is encrypted and replaced, and finally the data in the 8583 protocol data packet after encryption is processed into a ciphertext; during decryption, firstly, the ciphertext is reversely processed to obtain decrypted data, secondly, the decrypted data is analyzed to obtain a bitmap domain, DES decryption is carried out on the bitmap domain by using a main key to obtain an original bitmap domain, and finally, the encrypted 55-domain data is restored. In the scheme, a master key is pmk for short, and according to the current Unionpay standard, each terminal capable of conducting 8583 transactions must be filled with the master key first, and the master key is generally 16 bytes; bitmap is a bitmap; DES Encryption, namely Encryption according to the Data Encryption Standard, which is also called Data Encryption Standard.
Preferably, the process of encrypting and replacing 55-field data in the 8583 protocol data packet is as follows: all tags appearing in the 55 fields are firstly arranged into a table according to the 8583 standard, the table is called a tag table, the index of each tag is represented by one byte, and tags in the 55 fields are replaced by tag indexes of one byte. The Tag in the scheme can also be called as a label, the 55-field original data is in a Tag-Length-Value format, firstly, all tags which may appear in the 55 field are arranged into a table according to 8583 standard, which is called as a Tag table, according to the standard, the number of entries of the table does not exceed 255, so that the index of each Tag can be represented by one byte.
Preferably, the processing of the data in the encrypted 8583 protocol data packet into the ciphertext comprises the following steps: 1) dividing the whole 8583 protocol data packet data into n groups in sequence, wherein each group has 8 bytes, and finally, less than 8 bytes are complemented by 0; 2) the first group of data is unchanged, starting from the second group, carrying out exclusive OR on each group and the previous group, and taking the exclusive OR result as new second to nth groups of data; 3) and forming a matrix with n rows and x 8 columns by the unchanged first group of data and the new second group to nth group of data, and exchanging the rows and the columns of the matrix to obtain a new matrix with 8 rows and x n columns, wherein the new matrix is the ciphertext.
Preferably, the ciphertext reverse processing to obtain the decrypted data includes the following steps: 1) dividing the ciphertext into 8 rows, wherein each row of n data is regarded as a matrix with 8 rows and x n columns; 2) interchanging the matrix row and column, thereby obtaining a permutation matrix of n rows and x 8 columns; 3) starting from the nth group, carrying out XOR on each group and the previous group, and taking the result of XOR as a new nth group, and repeating the operation until the second group is XOR-replaced with the first group into a new second group, wherein the first group does not change to obtain new n groups of decryption data.
Preferably, in the process of restoring the encrypted 55-domain data, the tag index in the decrypted 55-domain data is replaced with the actual tag, and the decryption is completed completely.
Therefore, the invention has the following beneficial effects: the 8583 protocol data packet is encrypted and decrypted, and sensitive information can be prevented from being leaked in the information transmission process.
Detailed Description
A terminal adopting 8583 protocol is provided with a master key, when encryption is carried out, the master key is used as the key to carry out DES encryption on a bitmap field in a 8583 protocol data packet, encrypted data is used for replacing an original bitmap field, 55-field data in the 8583 protocol data packet is encrypted and replaced, and finally the data in the 8583 protocol data packet after encryption is processed into a ciphertext; during decryption, firstly, the ciphertext is reversely processed to obtain decrypted data, secondly, the decrypted data is analyzed to obtain a bitmap domain, DES decryption is carried out on the bitmap domain by using a main key to obtain an original bitmap domain, and finally, the encrypted 55-domain data is restored;
the encryption replacement process for the 55-field data in the 8583 protocol data packet is as follows: firstly, according to 8583 standard, arranging all tags appearing in 55 fields into a table, namely a tag table, wherein the index of each tag is represented by one byte, and replacing the tags in the 55 fields with the tag index of one byte;
the processing of the data in the encrypted 8583 protocol data packet into the ciphertext comprises the following steps: 1) dividing the whole 8583 protocol data packet data into n groups in sequence, wherein each group has 8 bytes, and finally, less than 8 bytes are complemented by 0; 2) the first group of data is unchanged, starting from the second group, carrying out exclusive OR on each group and the previous group, and taking the exclusive OR result as new second to nth groups of data; 3) forming a matrix with n rows and x 8 columns by the unchanged first group of data and the new second group to nth group of data, and exchanging the rows and columns of the matrix to obtain a new matrix with 8 rows and x n columns, wherein the new matrix is a ciphertext;
the ciphertext reverse processing to obtain the decrypted data comprises the following steps: 1) dividing the ciphertext into 8 rows, wherein each row of n data is regarded as a matrix with 8 rows and x n columns; 2) interchanging the matrix row and column, thereby obtaining a permutation matrix of n rows and x 8 columns; 3) starting from the nth group, carrying out XOR on each group and the previous group, taking the result of XOR as a new nth group, and repeating the steps until the XOR of the second group and the first group is replaced by a new second group, and the first group does not change to obtain new n groups of decryption data;
and in the process of restoring the encrypted 55-domain data, the tag index in the 55-domain data obtained by decryption is replaced by the actual tag, and all decryption is completed.
The specific implementation process is that, during encryption, firstly, the main key is used as a key to carry out DES encryption on the bitmap domain in the 8583 protocol data packet, and the encrypted data is used for replacing the original bitmap domain;
secondly, encrypting and replacing 55-field data in the 8583 protocol data packet; the encryption replacement process is as follows: firstly, according to 8583 standard, all tags appearing in 55 fields are arranged into a table, called tag table, the index of each tag is represented by one byte, and tags in 55 fields are replaced by tag indexes of one byte
Finally, processing the data in the 8583 protocol data packet after encryption into a ciphertext; the method comprises the following steps: 1) the data of the whole 8583 protocol data packet is sequentially divided into n groups, each group has 8 bytes, and finally less than 8 bytes are complemented by 0 to form the following data groups:
group 1: m11, m12, m13, m14, m15, m16, m17, m18
Group 2: m21, m22, m23, m24, m25, m26, m27, m28
……………………
Group n: mn1, mn2, mn3, mn4, mn5, mn6, mn7, mn 8;
2) the first group of data is unchanged, starting from the second group, each group is subjected to exclusive OR with the previous group, and the exclusive OR result is used as new second group to nth group of data, so that a new data group is obtained as follows:
group 1: m11, m12, m13, m14, m15, m16, m17, m18
And (3) new group 2: m21, m22, m23, m24, m25, m26, m27, m28
……………………
A new group n: mn1, mn2, mn3, mn4, mn5, mn6, mn7, mn 8;
3) forming a matrix M with n rows and x 8 columns by the unchanged first group of data and new second to nth groups of data, and exchanging rows and columns of the matrix M to obtain a new matrix MT with 8 rows and x n columns, wherein the new matrix MT is a ciphertext;
during decryption, which is actually the reverse process of the encryption process, firstly, a ciphertext is divided into 8 rows, and each row of n data is regarded as a matrix MT with 8 rows and x n columns;
the matrix MT is then interchanged in rows and columns, so that a permutation matrix M of n rows x 8 columns is obtained:
group 1: m11, m12, m13, m14, m15, m16, m17, m18
Group 2: m21, m22, m23, m24, m25, m26, m27, m28
……………………
Group n: mn1, mn2, mn3, mn4, mn5, mn6, mn7, mn 8;
and finally, starting from the nth group, carrying out exclusive OR on each group and the previous group, taking the exclusive OR result as a new nth group, and repeating the steps until the second group is exclusive OR of the first group and is replaced by a new second group, and the first group does not change to obtain new n groups of decryption data:
group 1: m11, m12, m13, m14, m15, m16, m17, m18
And (3) new group 2: m21, m22, m23, m24, m25, m26, m27, m28
……………………
A new group n: mn1, mn2, mn3, mn4, mn5, mn6, mn7, mn 8;
analyzing the finally obtained data (the offset of the bitmap domain is fixed) to obtain the bitmap domain, and performing DES decryption on the obtained bitmap domain by using a master key to obtain an original bitmap domain;
after the original bitmap field is obtained, the data can be analyzed according to 8583, the TAG in the 55 field obtained at this time is replaced by a TAG index in the encryption process, the TAG index in the 55 field data obtained is replaced by an actual TAG according to the content of a TAG table, and then all decryption is completed.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (2)
1. An encryption and decryption method of 8583 protocol, a terminal adopting 8583 protocol is provided with a master key, and the method is characterized in that: when in encryption, firstly, the main key is used as a key to carry out DES encryption on a bitmap field in an 8583 protocol data packet, the encrypted data is used for replacing an original bitmap field, secondly, 55-field data in the 8583 protocol data packet is encrypted and replaced, and finally, the data in the 8583 protocol data packet after being encrypted is processed into a ciphertext; during decryption, firstly, the ciphertext is reversely processed to obtain decrypted data, secondly, the decrypted data is analyzed to obtain a bitmap domain, DES decryption is carried out on the bitmap domain by using a main key to obtain an original bitmap domain, and finally, the encrypted 55-domain data is restored;
the process of encrypting and replacing 55-field data in the 8583 protocol data packet is as follows: firstly, according to 8583 standard, arranging all tags appearing in 55 fields into a table, namely a tag table, wherein the index of each tag is represented by one byte, and replacing the tags in the 55 fields with the tag index of one byte;
the processing of the data in the encrypted 8583 protocol data packet into the ciphertext comprises the following steps: 1) dividing the whole 8583 protocol data packet data into n groups in sequence, wherein each group has 8 bytes, and finally, less than 8 bytes are complemented by 0; 2) the first group of data is unchanged, starting from the second group, carrying out exclusive OR on each group and the previous group, and taking the exclusive OR result as new second to nth groups of data; 3) forming a matrix with n rows and x 8 columns by the unchanged first group of data and the new second group to nth group of data, and exchanging the rows and columns of the matrix to obtain a new matrix with 8 rows and x n columns, wherein the new matrix is a ciphertext;
the ciphertext reverse processing to obtain the decrypted data comprises the following steps: 1) dividing the ciphertext into 8 rows, wherein each row of n data is regarded as a matrix with 8 rows and x n columns; 2) interchanging the matrix row and column, thereby obtaining a permutation matrix of n rows and x 8 columns; 3) and the data of the first line is kept unchanged, and from the nth line, the data of each line and the data of the n-1 line are subjected to exclusive OR, and the exclusive OR result is used as the new data from the nth line to the second line, so as to obtain decrypted data.
2. The encryption and decryption method of 8583 protocol according to claim 1, wherein the recovery process of the encrypted 55-field data is to replace the tag index in the 55-field data obtained by decryption with the actual tag to complete the decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910024059.7A CN109784076B (en) | 2019-01-10 | 2019-01-10 | Encryption and decryption method of 8583 protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910024059.7A CN109784076B (en) | 2019-01-10 | 2019-01-10 | Encryption and decryption method of 8583 protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109784076A CN109784076A (en) | 2019-05-21 |
| CN109784076B true CN109784076B (en) | 2021-07-06 |
Family
ID=66500164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910024059.7A Active CN109784076B (en) | 2019-01-10 | 2019-01-10 | Encryption and decryption method of 8583 protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109784076B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877100A (en) * | 2010-03-23 | 2010-11-03 | 苏州德融嘉信信用管理技术有限公司 | Multi-channel access module based on bank preposing service platform and access method thereof |
| CN108270549A (en) * | 2017-12-28 | 2018-07-10 | 深圳市泛海三江科技发展有限公司 | The key encryption of remote control gate inhibition a kind of and decryption method |
-
2019
- 2019-01-10 CN CN201910024059.7A patent/CN109784076B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877100A (en) * | 2010-03-23 | 2010-11-03 | 苏州德融嘉信信用管理技术有限公司 | Multi-channel access module based on bank preposing service platform and access method thereof |
| CN108270549A (en) * | 2017-12-28 | 2018-07-10 | 深圳市泛海三江科技发展有限公司 | The key encryption of remote control gate inhibition a kind of and decryption method |
Non-Patent Citations (3)
| Title |
|---|
| 吕晶.银行增值服务系统通讯子系统的研究与实现.《中国优秀硕士学位论文全文数据库 信息科技辑》.2005, * |
| 浅谈 ISO8583协议数据加密和网络安全传输技术;胡艳 等;《信息通信》;20121231;第143-144页 * |
| 银行增值服务系统通讯子系统的研究与实现;吕晶;《中国优秀硕士学位论文全文数据库 信息科技辑》;20050715;第11-16、26-27页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109784076A (en) | 2019-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2016386405B2 (en) | Fast format-preserving encryption for variable length data | |
| WO1995034042A1 (en) | Security system for eft using magnetic strip cards | |
| JPH0218512B2 (en) | ||
| CN101923654B (en) | Ultrahigh frequency reader-writer suitable for remote security control by different users | |
| CN107980212A (en) | The encryption method and computer-readable recording medium of anti-DPA attacks | |
| Nazarkevych et al. | Data protection based on encryption using Ateb-functions | |
| CN109784076B (en) | Encryption and decryption method of 8583 protocol | |
| Teh et al. | New differential cryptanalysis results for the lightweight block cipher BORON | |
| CN102932135A (en) | 3DES (triple data encrypt standard) encryption method | |
| CN112235101B (en) | Coding method and device based on hybrid coding mechanism, decoding method and device | |
| CN106982116A (en) | A kind of local file encryption method of the AES based on reversible logic circuits | |
| CN113746642B (en) | Method and system for communication between computers | |
| CN114820175A (en) | Loan purpose supervision method based on block chain | |
| CN109039585A (en) | Remote encryption electric power energy consumption data collecting system and method based on DES algorithm | |
| Panda et al. | Encryption and Decryption algorithm using two dimensional cellular automata rules in Cryptography | |
| CN111639943A (en) | Digital currency transaction method and system | |
| Hossain et al. | An extension of vigenere technique to enhance the security of communication | |
| CN111639937A (en) | Digital currency risk management and control method and system | |
| CN117032592B (en) | Cash register collection data storage system based on blockchain | |
| CN110247754A (en) | A kind of implementation method and device of block cipher FBC | |
| CN114422219B (en) | Data encryption transmission method based on dimension-reducing polynomial | |
| Bekkaoui et al. | A robust scheme to improving security of data using graph theory | |
| CN114757774A (en) | Fund transaction path tracking method based on block chain | |
| CN107231354A (en) | The data transmission method and system of a kind of data transmission unit | |
| CN110519055B (en) | Method and device for image comparison encryption and decryption algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |