CN103107883A - Safe protection method of personal identification number (PIN) and client - Google Patents

Safe protection method of personal identification number (PIN) and client Download PDF

Info

Publication number
CN103107883A
CN103107883A CN2013100013331A CN201310001333A CN103107883A CN 103107883 A CN103107883 A CN 103107883A CN 2013100013331 A CN2013100013331 A CN 2013100013331A CN 201310001333 A CN201310001333 A CN 201310001333A CN 103107883 A CN103107883 A CN 103107883A
Authority
CN
China
Prior art keywords
pin code
ciphertext
code input
middleware
input system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013100013331A
Other languages
Chinese (zh)
Other versions
CN103107883B (en
Inventor
陈柳章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Excelsecu Data Technology Co Ltd
Original Assignee
Shenzhen Excelsecu Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Excelsecu Data Technology Co Ltd filed Critical Shenzhen Excelsecu Data Technology Co Ltd
Priority to CN201310001333.1A priority Critical patent/CN103107883B/en
Publication of CN103107883A publication Critical patent/CN103107883A/en
Application granted granted Critical
Publication of CN103107883B publication Critical patent/CN103107883B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种PIN码的安全防护方法及客户端,该方法包括:中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;PIN码输入系统记录用户输入的PIN码,对PIN码进行加密和编码处理得到PIN码密文,将PIN码密文通过数据交互接口传送至中间件;中间件获取PIN码密文,判断PIN码密文是否符合PIN码输入规则;若是,则解密PIN码密文,获取PIN码;具有在驱动层对PIN码进行加固的有益效果,增强了PIN码的安全性,有效地防止了驱动层和应用层的PIN码截取操作,具有较强的反键盘钩子的能力。

The invention discloses a PIN code security protection method and a client. The method includes: loading a PIN code input system by middleware, and setting a PIN code input rule through a data interaction interface when the loading is successful; displaying a PIN code input box for The user enters the PIN code; the PIN code input system records the PIN code entered by the user, encrypts and encodes the PIN code to obtain the PIN code ciphertext, and transmits the PIN code ciphertext to the middleware through the data interaction interface; the middleware obtains the PIN code ciphertext text, to determine whether the PIN code cipher text conforms to the PIN code input rules; if so, decrypt the PIN code cipher text to obtain the PIN code; it has the beneficial effect of strengthening the PIN code at the driver layer, enhancing the security of the PIN code, and effectively It prevents the PIN code interception operation of the driver layer and the application layer, and has a strong ability of anti-keyboard hooking.

Description

The safety protecting method of PIN code and client
Technical field
The present invention relates to field of information security technology, relate in particular to a kind of safety protecting method and client of PIN code.
Background technology
PIN(Personal Identification Number on the client end interface of commonly using at present, PIN) frame is very low to the protection level of PIN code, be easy to obtain PIN code by some steal-number software or keyboard monitoring means, can't prevent the operations such as long-range steal-number; And PIN code means of defence commonly used combines with the realization of function of application, is difficult to realize the operations such as transplanting that PIN code is protected and modification.
Summary of the invention
Main purpose of the present invention is to provide a kind of safety protecting method and client of PIN code, is intended to strengthen the safe class of PIN code, makes the transmission of PIN code have more fail safe.
The embodiment of the present invention discloses a kind of safety protecting method of PIN code, comprises the following steps:
Middleware loads the PIN code input system, when loading successfully, by the data interaction interface, the PIN code input rule is set; Show the PIN code input frame, input PIN code for the user;
The PIN code of described PIN code input system recording user input is encrypted and encodes to process described PIN code and obtains the PIN code ciphertext, and described PIN code ciphertext is sent to described middleware by described data interaction interface;
Described middleware obtains described PIN code ciphertext, judges whether described PIN code ciphertext meets described PIN code input rule; If, decipher described PIN code ciphertext, obtain described PIN code.
Preferably, described PIN code input system is encrypted described PIN code and encodes to process and obtains the PIN code ciphertext and comprise:
Generate one or more random numbers, be encrypted the result of computing as encryption key with described random number or to described random number; Perhaps
With the character string that presets or described character string is encrypted the result of computing as encryption key; Perhaps
Generate one or more random numbers, with described random number and the character string that presets or described random number and character string are encrypted the result of computing as encryption key;
With described encryption key, described PIN code is encrypted, obtains the P1 ciphertext, described P1 ciphertext is encoded, obtain described PIN code ciphertext.
Preferably, describedly judge described PIN code ciphertext also comprises after whether meeting the step of described PIN code input rule:
If not, empty described PIN code input frame by described data interaction interface, and return to execution in step: show the PIN code input frame, input PIN code for the user.
Preferably, also comprise step after described middleware loading PIN code input system:
The described data interaction interface of described PIN code input system initialization.
Preferably, also comprise step:
Described middleware empties all characters in described PIN code frame by described data interaction interface, discharges described PIN code input system.
The embodiment of the invention also discloses a kind of client for the PIN code security protection, comprise middleware and PIN code input system;
Described middleware is used for, and loads the PIN code input system, when loading successfully, by the data interaction interface, the PIN code input rule is set; Show the PIN code input frame, input PIN code for the user;
Described PIN code input system is used for, and the PIN code of recording user input is encrypted and encodes to process described PIN code and obtains the PIN code ciphertext, and described PIN code ciphertext is sent to described middleware by described data interaction interface;
Described middleware also is used for, and obtains the described PIN code ciphertext that described PIN code input system transmits, and judges whether described PIN code ciphertext meets described PIN code input rule; If, decipher described PIN code ciphertext, obtain described PIN code.
Preferably, described PIN code input system also is used for:
Generate one or more random numbers, be encrypted the result of computing as encryption key with described random number or to described random number; Perhaps
With the character string that presets or described character string is encrypted the result of computing as encryption key; Perhaps
Generate one or more random numbers, with described random number and the character string that presets or described random number and character string are encrypted the result of computing as encryption key;
With described encryption key, described PIN code is encrypted, obtains the P1 ciphertext, described P1 ciphertext is encoded, obtain described PIN code ciphertext.
Preferably, described middleware also is used for:
When the described PIN code ciphertext of judgement does not meet described PIN code input rule, empty described PIN code input frame by described data interaction interface, and return to execution in step: show the PIN code input frame, input PIN code for the user.
Preferably, described PIN code input system also is used for:
The described data interaction interface of initialization.
Preferably, described middleware also is used for:
By described data interaction interface, empty all characters in described PIN code frame, discharge described PIN code input system.
The present invention loads the PIN code input system by middleware, when loading successfully, by the data interaction interface, the PIN code input rule is set; Show the PIN code input frame, input PIN code for the user; The PIN code of described PIN code input system recording user input is encrypted and encodes to process described PIN code and obtains the PIN code ciphertext, and described PIN code ciphertext is sent to described middleware by described data interaction interface; Described middleware obtains described PIN code ciphertext, judges whether described PIN code ciphertext meets described PIN code input rule; If, decipher described PIN code ciphertext, obtain the method for described PIN code, have at the driving layer and PIN code is reinforced, strengthened the beneficial effect of PIN code fail safe, effectively realize the authentication to the caller identity, prevented from driving the PIN code intercept operation of layer and application layer; Simultaneously, have the ability of stronger antibonding dish hook, can the keyboard hook of main flow be protected, interrupt the transmission of hook chain, effectively prevented the security threat that keyboard hook class trojan horse program causes PIN code.And, adopt independently the PIN code input system to carry out to the protection of PIN code, facilitated the operations such as the transplanting of PIN code protection and modification.
Description of drawings
Fig. 1 is the safety protecting method first embodiment schematic flow sheet of PIN code of the present invention;
Fig. 2 is in the safety protecting method of PIN code of the present invention, when the PIN code input system is encrypted the PIN code of inputting, obtains encryption key one embodiment schematic flow sheet;
Fig. 3 is the safety protecting method second embodiment schematic flow sheet of PIN code of the present invention;
Fig. 4 is safety protecting method the 3rd embodiment schematic flow sheet of PIN code of the present invention;
Fig. 5 is the interaction flow schematic diagram of PIN code input system of the present invention and middleware;
Fig. 6 is the client one example structure schematic diagram that the present invention is used for the PIN code security protection.
The realization of the object of the invention, functional characteristics and advantage are described further with reference to accompanying drawing in connection with embodiment.
Embodiment
The present invention is used for the safety protecting method of the customer end adopted PIN code of PIN code security protection, reaches the purpose of PIN code being carried out security protection; The safety protecting method of PIN code is: when loading the success of PIN code input system, show the PIN code input frame by middleware, input PIN code for the user; After the user inputs PIN code, the PIN code input system is encrypted PIN code and encodes, obtain the PIN code ciphertext, and the PIN code ciphertext is sent to middleware by specific data interaction interface, when this PIN code ciphertext of middleware judges meets the PIN code input rule, decipher the PIN code ciphertext, obtain meeting the PIN code of input rule.
Further illustrate technical scheme of the present invention below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
With reference to Fig. 1, Fig. 1 is the safety protecting method first embodiment schematic flow sheet of PIN code of the present invention; As shown in Figure 1, the safety protecting method of PIN code of the present invention comprises the following steps:
Step S01, middleware load the PIN code input system, when loading successfully, by the data interaction interface, the PIN code input rule are set;
Step S02, middleware show the PIN code input frame, input PIN code for the user;
After the user opened middleware and moves middleware, middleware loaded the PIN code input system; If load unsuccessfully, obtain and load failed error code, and point out the user this load unsuccessfully; If load successfully, by the safe interface that carries out data interaction with the PIN code input system, the PIN code input rule is set; Described middleware arranges the PIN code input rule and comprises: the minimum and maximum number of characters that character rule, permission input are set.
After setting was completed, middleware showed the PIN code input frame, and the prompting user can input corresponding PIN code.
The PIN code of step S03, PIN code input system recording user input is encrypted and encodes to process described PIN code and obtains the PIN code ciphertext, and described PIN code ciphertext is sent to middleware by the data interaction interface.
The user inputs corresponding PIN code in the PIN code input frame after, the PIN code of PIN code input system recording user input at once simultaneously, is added up the number of characters of this PIN code, and at the driving layer, PIN code is encrypted.The PIN code input system is according to random number and preset the hard coded character string, obtains encryption key, at the driving layer, PIN code is encrypted.
The mode that the PIN code input system is obtained encryption key comprises: the PIN code input system generates one or more random numbers, directly with described random number as encryption key, perhaps this random number is encrypted computing, with the random number after encrypting as encryption key; The character string that presets as encryption key, perhaps is encrypted computing to this character string that presets, will presets character string as encryption key after encrypting; With the random number that generates and the character string that presets as encryption key, perhaps with this random number with preset character string and be encrypted computing, with above-mentioned cryptographic calculation result as encryption key.Above-mentioned related data is encrypted computing can adopts the 3DES cryptographic algorithm.Please refer to Fig. 2, Fig. 2 is in the safety protecting method of PIN code of the present invention, when the PIN code input system is encrypted the PIN code of inputting, obtains encryption key one embodiment schematic flow sheet; As shown in Figure 2, the PIN code input system is called PIN code and is encrypted required correlation function, and the random number that described correlation function imports into is carried out SHA1(Secure Hash Algorithm, Secure Hash Algorithm) hash, namely adopt Secure Hash Algorithm that the random number of importing into is processed, obtaining the first Hash data is Hash data 1, get Hash data 1 front 6, it is saved as S1.The PIN code input system is carried out the SHA1 hash to presetting the hard coded character string, namely adopts Secure Hash Algorithm to process presetting the hard coded character string, and obtaining the second Hash data is Hash data 2, get Hash data 2 rear 4, it is saved as S2.According to S1 and S2, obtain new character string S1+S2+S1, with it as S3; At this moment, get character string S1 rear 3 as character string S4; The composition character string M1 of S3 and S4 is encrypted wherein " M1=S3+S4+S3 " as the PIN code of encryption key to user's input.The PIN code input system utilizes encryption key M1 that the PIN code of input is encrypted, and after obtaining the P1 ciphertext, then the P1 ciphertext is encoded, and obtains described PIN code ciphertext.The PIN code input system is sent to middleware with the PIN code ciphertext by specific data interaction interface.
Because encryption key is that the PIN code input system dynamically generates, therefore guaranteed the uniqueness of encryption key; And the P1 ciphertext that writes shared drive has been carried out coding processed, made the transmission of PIN code that fail safe more be arranged.
In the embodiment of the present invention, the method that the PIN code input system is encoded to the P1 ciphertext can adopt the BASE64 coded system.
Step S04, middleware obtain described PIN code ciphertext, judge whether described PIN code ciphertext meets described PIN code input rule; If, execution in step S05; If not, return to execution in step S02.
Step S05, the described PIN code ciphertext of deciphering are obtained described PIN code.
Middleware obtains the PIN code ciphertext that the PIN code input system transmits, and obtains simultaneously the number of characters of this PIN code ciphertext, judges whether the number of characters of this PIN code ciphertext meets the PIN code input rule.If the number of characters of this PIN code ciphertext does not meet the PIN code input rule, middleware by specific data interaction interface, empties the character in the PIN code frame, and is back to step S02, middleware demonstration PIN code input frame, requires the user to re-enter PIN code.If the number of characters of middleware judges PIN code ciphertext meets the PIN code input rule, resolve the PIN code ciphertext.Described middleware is resolved the PIN code ciphertext and is adopted the decipherment algorithm suitable with the PIN code input system, and described decipherment algorithm can be Secure Hash Algorithm; If the PIN code input system adopts the 3DES cryptographic algorithm, when middleware is to the PIN code decrypt ciphertext, also adopt the 3DES decipherment algorithm.
If middleware is resolved unsuccessfully the PIN code ciphertext, send and resolve failed information, the prompting user fails and obtains described PIN code.
Middleware is resolved the PIN code ciphertext, after getting PIN code, judges whether PIN code meets the PIN code input rule, if by the data interaction interface of PIN code input system, empty all characters in the PIN code frame, and discharge the PIN code input system; If the PIN code after middleware judges is resolved does not meet the PIN code input rule, pass through the data interaction interface of PIN code input system, empty all characters in the PIN code frame, and return to execution in step S02, middleware demonstration PIN code input frame, require the user to re-enter PIN code.
Further, please refer to Fig. 3, Fig. 3 is the safety protecting method second embodiment schematic flow sheet of PIN code of the present invention; The difference of the present embodiment and the described embodiment of Fig. 1 is only to have increased:
Step S00, the described data interaction interface of described PIN code input system initialization.
After middleware loads PIN code input system success and the PIN code input rule is set, for guaranteeing the fail safe of PIN code transmission, the specific data interaction interface of the mutual employing of PIN code input system and middleware.The PIN code input rule that the PIN code input system arranges according to middleware, carry out initialization one specific implementation process to specific described data interaction interface as follows:
<1>、void?Clear(void)
[function] empties the character in the PIN code frame.
<2>、void?GetLen(LONG?*nLen)
[function] obtains in the PIN code frame length of input character.
<3>、void?GetVerCtrl?(BSTR?*szVer)
[function] obtains PIN code system, the version number of control.
<4>、void?GetVerDrv?(BSTR?*szVer)
[function] obtains the PIN code system, drives the version number of file.
<5>、void?GetPin?(LPCTSTR?bstrRand,LPCTSTR?bstrContent,BSTR?*szPin)
[function] obtains the encrypt data of PIN code frame.
<6>、void?GetLastError(LONG?*nCode)
[function] obtains the last error code value of Pin code control.
<7>、void?InitPinInput(LONG?minLength,LONG?maxLength,LPCTSTR?strRand,LPCTSTR?strRule)
[function] PIN code input control system initialization interface.
<8>、void?FocusOnOrNot(LONG?*pRet)
[function] judges that current input focus is whether in pin code input frame control.
The PIN code input system is by to the initialization of data interactive interface, with the protection module independent of PIN code, make PIN code protection module call more convenient.
Further, please refer to Fig. 4, Fig. 4 is safety protecting method the 3rd embodiment schematic flow sheet of PIN code of the present invention; The difference of the present embodiment and Fig. 3 embodiment is only to have increased:
Step S06, middleware empty all characters in described PIN code frame by described data interaction interface, discharge described PIN code input system.
Middleware is resolved the PIN code ciphertext, after getting the PIN code that meets the PIN code input rule, and by specific data interaction interface, all characters in situation PIN code frame, and discharge the PIN code input system.
In the present embodiment, described middleware can be U shield program commonly used; Take U shield program as example, the interaction flow of middleware and PIN code input system please refer to Fig. 5, and Fig. 5 is the interaction flow schematic diagram of PIN code input system of the present invention and middleware; As shown in Figure 5, after the user moved U shield program, U shield program calibration PIN code input system arranged the PIN code input rule that comprises character rule, maximum and minimum input character number, and shows the PIN code input frame, inputs PIN code for the user; After user's input is completed, click<submit to button, the PIN code input system is obtained the PIN code of user's input, to the PIN code of input be encrypted and encode process after, return to the PIN code ciphertext to U shield program, U shield program receives this PIN code ciphertext, after the number of characters that judges this PIN code ciphertext meets the PIN code input rule, the PIN code ciphertext is resolved, after successfully resolved, obtain PIN code, when this PIN code of judgement meets the PIN code input rule, by specific data interaction interface, empty all characters in the PIN code frame, and discharge the PIN code input system; U shield program does not meet the PIN code input rule, the PIN code ciphertext is resolved unsuccessfully, when the PIN code of obtaining is not met the PIN code input rule, all sent information to the user in judgement PIN code ciphertext.
Because middleware U shield program and PIN code input system as shown in Figure 5 all adopts specific data interaction interface, and the level of security of PIN code input system and client log in control and be consistent, and therefore, reduced the service time of client encryption and decryption; Simultaneously, adopt the method for dynamic generation encryption key due to the PIN code input system, therefore, guaranteed the uniqueness of encryption key, improved the fail safe of PIN code.
The present embodiment has been realized the authentication to the caller identity effectively by at the driving layer, PIN code being reinforced, and has prevented from driving the PIN code intercept operation of layer and application layer; Simultaneously, have the ability of stronger antibonding dish hook, can the keyboard hook of main flow be protected, interrupt the transmission of hook chain, prevented that effectively keyboard hook class trojan horse program to the security threat that PIN code causes, having strengthened the fail safe of PIN code.
With reference to Fig. 6, Fig. 6 is the client one example structure schematic diagram that the present invention is used for the PIN code security protection.As shown in Figure 6, the present invention comprises for the client of PIN code security protection: middleware 01 and PIN code input system 02.
Middleware 01 is used for, and loads PIN code input system 02, when loading successfully, by the data interaction interface, the PIN code input rule is set; Show the PIN code input frame, input PIN code for the user;
PIN code input system 02 is used for, and the PIN code of recording user input is encrypted and encodes to process described PIN code and obtains the PIN code ciphertext, and described PIN code ciphertext is sent to described middleware 01 by described data interaction interface;
Middleware 01 also is used for, and obtains the described PIN code ciphertext that described PIN code input system 02 transmits, and judges whether described PIN code ciphertext meets described PIN code input rule; If, decipher described PIN code ciphertext, obtain described PIN code.
Particularly, please referring again to Fig. 5, middleware 01 with the reciprocal process of PIN code input system 02 is:
After middleware 01 loads PIN code input system success and the PIN code input rule is set, for guaranteeing the fail safe of PIN code transmission, the specific data interaction interface of mutual employing of PIN code input system 02 and middleware 01.PIN code input system 02 is carried out initialization according to the PIN code input rule that middleware 01 arranges to this specific data interaction interface, and its specific implementation process is as follows:
<1>、void?Clear(void)
[function] empties the character in the PIN code frame.
<2>、void?GetLen(LONG?*nLen)
[function] obtains in the PIN code frame length of input character.
<3>、void?GetVerCtrl?(BSTR?*szVer)
[function] obtains PIN code system, the version number of control.
<4>、void?GetVerDrv?(BSTR?*szVer)
[function] obtains the PIN code system, drives the version number of file.
<5>、void?GetPin?(LPCTSTR?bstrRand,LPCTSTR?bstrContent,BSTR?*szPin)
[function] obtains the encrypt data of PIN code frame.
<6>、void?GetLastError(LONG?*nCode)
[function] obtains the last error code value of Pin code control.
<7>、void?InitPinInput(LONG?minLength,LONG?maxLength,LPCTSTR?strRand,LPCTSTR?strRule)
[function] PIN code input control system initialization interface.
<8>、void?FocusOnOrNot(LONG?*pRet)
[function] judges that current input focus is whether in pin code input frame control.
PIN code input system 02 is by the initialization to the data interactive interface, with the protection module independent of PIN code, make PIN code protection module call more convenient.
After the user opened middleware 01 and moves middleware 01, middleware 01 loaded PIN code input system 02; If load unsuccessfully, obtain and load failed error code, and point out the user this load unsuccessfully; If load successfully, by the safe interface that carries out data interaction with PIN code input system 02, the PIN code input rule is set; Described middleware 01 arranges the PIN code input rule and comprises: the minimum and maximum number of characters that character rule, permission input are set.
After setting was completed, middleware 01 showed the PIN code input frame, and the prompting user can input corresponding PIN code.
The user inputs corresponding PIN code in the PIN code input frame after, the PIN code of PIN code input system 02 recording user input at once simultaneously, is added up the number of characters of this PIN code, and at the driving layer, PIN code is encrypted.PIN code input system 02 is according to random number and preset the hard coded character string, obtains encryption key, at the driving layer, PIN code is encrypted.
When the PIN code of 02 pair of input of PIN code input system is encrypted, the mode of obtaining encryption key comprises: the PIN code input system generates one or more random numbers, directly with described random number as encryption key, perhaps this random number is encrypted computing, with the random number after encrypting as encryption key; The character string that presets as encryption key, perhaps is encrypted computing to this character string that presets, will presets character string as encryption key after encrypting; With the random number that generates and the character string that presets as encryption key, perhaps with this random number with preset character string and be encrypted computing, with above-mentioned cryptographic calculation result as encryption key.Above-mentioned related data is encrypted computing can adopts the 3DES cryptographic algorithm.The detailed process that PIN code input system 02 is obtained encryption key please refer to the specific descriptions of the described embodiment of Fig. 2, does not repeat them here.PIN code input system 02 utilizes encryption key that the PIN code of input is encrypted, and after obtaining the P1 ciphertext, then the P1 ciphertext is encoded, and obtains described PIN code ciphertext.PIN code input system 02 is sent to middleware 01 with the PIN code ciphertext by specific data interaction interface.Because encryption key is that PIN code input system 02 dynamically generates, therefore guaranteed the uniqueness of encryption key; And 02 pair of PIN code input system writes the P1 ciphertext of shared drive and has carried out the coding processing, makes the transmission of PIN code that fail safe more be arranged.
In the embodiment of the present invention, the method that 02 pair of P1 ciphertext of PIN code input system is encoded can adopt the BASE64 coded system.
Middleware 01 obtains the PIN code ciphertext that PIN code input system 02 transmits, and obtains simultaneously the number of characters of this PIN code ciphertext, judges whether the number of characters of this PIN code ciphertext meets the PIN code input rule.If the number of characters of this PIN code ciphertext does not meet the PIN code input rule, middleware 01 by specific data interaction interface, empties the character in the PIN code frame, and shows the PIN code input frame, requires the user to re-enter PIN code.If the number of characters of middleware 01 judgement PIN code ciphertext meets the PIN code input rule, resolve the PIN code ciphertext.Described middleware 01 is resolved the PIN code ciphertext and is adopted the decipherment algorithm suitable with PIN code input system 02, and described decipherment algorithm can be Secure Hash Algorithm; If PIN code input system 02 adopts the 3DES cryptographic algorithm, during 01 pair of PIN code decrypt ciphertext of middleware, also adopt the 3DES decipherment algorithm.If 01 pair of PIN code ciphertext of middleware is resolved unsuccessfully, send and resolve failed information, the prompting user fails and obtains described PIN code.
Middleware 01 is resolved the PIN code ciphertext, after getting PIN code, judges whether PIN code meets the PIN code input rule, if by the data interaction interface of PIN code input system 02, empty all characters in the PIN code frame, and discharge PIN code input system 02; If the PIN code after middleware 01 judgement is resolved does not meet the PIN code input rule, by the data interaction interface of PIN code input system 02, empty all characters in the PIN code frame, and show the PIN code input frame, require the user to re-enter PIN code.
Because middleware 01 and PIN code input system 02 all adopt specific data interaction interface, and the level of security of PIN code input system 02 and client log in control and be consistent, and therefore, reduced the service time of client encryption and decryption; Simultaneously, adopt the method for dynamic generation encryption key due to PIN code input system 02, therefore, guaranteed the uniqueness of encryption key, improved the fail safe of PIN code.
The present embodiment has been realized the authentication to the caller identity effectively by at the driving layer, PIN code being reinforced, and has prevented from driving the PIN code intercept operation of layer and application layer; Simultaneously, have the ability of stronger antibonding dish hook, can the keyboard hook of main flow be protected, interrupt the transmission of hook chain, prevented that effectively keyboard hook class trojan horse program to the security threat that PIN code causes, having strengthened the fail safe of PIN code.
The above is only the preferred embodiments of the present invention; not thereby limit its scope of the claims; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; directly or indirectly be used in other relevant technical fields, all in like manner be included in scope of patent protection of the present invention.

Claims (10)

1.一种PIN码的安全防护方法,其特征在于,包括以下步骤:1. A security protection method for a PIN code, comprising the following steps: 中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;The middleware loads the PIN code input system. When the loading is successful, set the PIN code input rules through the data interaction interface; display the PIN code input box for the user to enter the PIN code; 所述PIN码输入系统记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件;The PIN code input system records the PIN code input by the user, encrypts and encodes the PIN code to obtain a PIN code ciphertext, and transmits the PIN code ciphertext to the middleware through the data interaction interface; 所述中间件获取所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码。The middleware obtains the PIN code ciphertext, and judges whether the PIN code ciphertext complies with the PIN code input rule; if so, decrypts the PIN code ciphertext to obtain the PIN code. 2.如权利要求1所述的方法,其特征在于,所述PIN码输入系统对所述PIN码进行加密和编码处理得到PIN码密文包括:2. The method according to claim 1, wherein the PIN code input system encrypts and encodes the PIN code to obtain a PIN code ciphertext comprising: 生成一个或多个随机数,将所述随机数或对所述随机数进行加密运算的结果作为加密密钥;或者generate one or more random numbers, and use the random numbers or the result of cryptographic operations on the random numbers as encryption keys; or 将预置的一字符串或对所述字符串进行加密运算的结果作为加密密钥;或者Using a preset character string or the result of encrypting the character string as the encryption key; or 生成一个或多个随机数,将所述随机数和预置的一字符串或对所述随机数和字符串进行加密运算的结果作为加密密钥;Generate one or more random numbers, and use the random number and a preset string or the result of encrypting the random number and the string as an encryption key; 用所述加密密钥对所述PIN码进行加密,得到P1密文,对所述P1密文进行编码,得到所述PIN码密文。Encrypt the PIN code with the encryption key to obtain P1 ciphertext, and encode the P1 ciphertext to obtain the PIN code ciphertext. 3.如权利要求1所述的方法,其特征在于,所述判断所述PIN码密文是否符合所述PIN码输入规则的步骤之后还包括:3. The method according to claim 1, wherein, after the step of judging whether the PIN code ciphertext complies with the PIN code input rules, it also includes: 若否,则通过所述数据交互接口清空所述PIN码输入框,并返回执行步骤:显示PIN码输入框,供用户输入PIN码。If not, clear the PIN code input box through the data interaction interface, and return to the execution step: display the PIN code input box for the user to input the PIN code. 4.如权利要求1所述的方法,其特征在于,所述中间件加载PIN码输入系统之后还包括步骤:4. The method according to claim 1, characterized in that, after the middleware loads the PIN code input system, the steps also include: 所述PIN码输入系统初始化所述数据交互接口。The PIN code input system initializes the data interaction interface. 5.如权利要求1所述的方法,其特征在于,还包括步骤:5. The method of claim 1, further comprising the steps of: 所述中间件通过所述数据交互接口,清空所述PIN码框中的所有字符,释放所述PIN码输入系统。The middleware clears all characters in the PIN code box through the data interaction interface, and releases the PIN code input system. 6.一种用于PIN码安全防护的客户端,其特征在于,包括中间件和PIN码输入系统;6. A client for PIN code security protection, characterized in that it includes middleware and a PIN code input system; 所述中间件用于,加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;The middleware is used to load the PIN code input system, and when the loading is successful, set the PIN code input rules through the data interaction interface; display the PIN code input box for the user to input the PIN code; 所述PIN码输入系统用于,记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件;The PIN code input system is used to record the PIN code input by the user, encrypt and encode the PIN code to obtain a PIN code ciphertext, and transmit the PIN code ciphertext to the intermediate through the data interaction interface. pieces; 所述中间件还用于,获取所述PIN码输入系统传送的所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码。The middleware is also used to obtain the PIN code ciphertext transmitted by the PIN code input system, and judge whether the PIN code ciphertext conforms to the PIN code input rule; if so, decrypt the PIN code ciphertext to obtain the PIN code. 7.如权利要求6所述的客户端,其特征在于,所述PIN码输入系统还用于:7. The client according to claim 6, wherein the PIN code input system is also used for: 生成一个或多个随机数,将所述随机数或对所述随机数进行加密运算的结果作为加密密钥;或者generate one or more random numbers, and use the random numbers or the result of cryptographic operations on the random numbers as encryption keys; or 将预置的一字符串或对所述字符串进行加密运算的结果作为加密密钥;或者Using a preset character string or the result of encrypting the character string as the encryption key; or 生成一个或多个随机数,将所述随机数和预置的一字符串或对所述随机数和字符串进行加密运算的结果作为加密密钥;Generate one or more random numbers, and use the random number and a preset string or the result of encrypting the random number and the string as an encryption key; 用所述加密密钥对所述PIN码进行加密,得到P1密文,对所述P1密文进行编码,得到所述PIN码密文。Encrypt the PIN code with the encryption key to obtain P1 ciphertext, and encode the P1 ciphertext to obtain the PIN code ciphertext. 8.如权利要求6所述的客户端,其特征在于,所述中间件还用于:8. The client according to claim 6, wherein the middleware is also used for: 在判断所述PIN码密文不符合所述PIN码输入规则时,通过所述数据交互接口清空所述PIN码输入框,并返回执行步骤:显示PIN码输入框,供用户输入PIN码。When it is judged that the PIN code ciphertext does not comply with the PIN code input rules, clear the PIN code input box through the data interaction interface, and return to the execution step: display the PIN code input box for the user to input the PIN code. 9.如权利要求6或7所述的客户端,其特征在于,所述PIN码输入系统还用于:9. The client according to claim 6 or 7, wherein the PIN code input system is also used for: 初始化所述数据交互接口。Initialize the data interaction interface. 10.如权利要求6或8所述的客户端,其特征在于,所述中间件还用于:10. The client according to claim 6 or 8, wherein the middleware is also used for: 通过所述数据交互接口,清空所述PIN码框中的所有字符,释放所述PIN码输入系统。Through the data interaction interface, all characters in the PIN code box are cleared, and the PIN code input system is released.
CN201310001333.1A 2013-01-04 2013-01-04 The safety protecting method of PIN code and client Expired - Fee Related CN103107883B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310001333.1A CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310001333.1A CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Publications (2)

Publication Number Publication Date
CN103107883A true CN103107883A (en) 2013-05-15
CN103107883B CN103107883B (en) 2016-09-28

Family

ID=48315469

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310001333.1A Expired - Fee Related CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Country Status (1)

Country Link
CN (1) CN103107883B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539620A (en) * 2014-12-29 2015-04-22 飞天诚信科技股份有限公司 Safe bidirectional SSL authentication method and middleware
CN107798234A (en) * 2016-09-01 2018-03-13 豪夫迈·罗氏有限公司 Method for authentication apparatus and the system including the instrument
TWI649669B (en) * 2017-11-30 2019-02-01 大陸商北京集創北方科技股份有限公司 Method for safely transmitting PIN code of touch screen and information processing device using same
CN110392016A (en) * 2018-04-18 2019-10-29 阿里巴巴集团控股有限公司 Prevent the methods, devices and systems that flow is held as a hostage
CN111222128A (en) * 2019-12-31 2020-06-02 北京握奇数据股份有限公司 Method and module for safely inputting and checking USBKey PIN code
CN113596811A (en) * 2021-06-30 2021-11-02 荣耀终端有限公司 Data transmission method and terminal equipment
CN118378288A (en) * 2024-06-24 2024-07-23 山东省计算中心(国家超级计算济南中心) Encryption algorithm dynamic detection method and system based on Pin tool

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6340116B1 (en) * 1999-09-16 2002-01-22 Kenneth B. Cecil Proximity card with incorporated pin code protection
CN101765080A (en) * 2008-12-25 2010-06-30 中国移动通信集团公司 Method, device and system for charging business account
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN102469080A (en) * 2010-11-11 2012-05-23 中国电信股份有限公司 Method for pass user to realize safety login application client and system thereof
CN102571810A (en) * 2012-02-09 2012-07-11 赵淦森 Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6340116B1 (en) * 1999-09-16 2002-01-22 Kenneth B. Cecil Proximity card with incorporated pin code protection
CN101765080A (en) * 2008-12-25 2010-06-30 中国移动通信集团公司 Method, device and system for charging business account
CN102469080A (en) * 2010-11-11 2012-05-23 中国电信股份有限公司 Method for pass user to realize safety login application client and system thereof
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN102571810A (en) * 2012-02-09 2012-07-11 赵淦森 Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539620A (en) * 2014-12-29 2015-04-22 飞天诚信科技股份有限公司 Safe bidirectional SSL authentication method and middleware
CN104539620B (en) * 2014-12-29 2017-09-22 飞天诚信科技股份有限公司 A kind of safe two-way SSL authentication methods and device
CN107798234A (en) * 2016-09-01 2018-03-13 豪夫迈·罗氏有限公司 Method for authentication apparatus and the system including the instrument
CN107798234B (en) * 2016-09-01 2021-07-02 豪夫迈·罗氏有限公司 Method for certifying an instrument and system including the same
TWI649669B (en) * 2017-11-30 2019-02-01 大陸商北京集創北方科技股份有限公司 Method for safely transmitting PIN code of touch screen and information processing device using same
CN110392016A (en) * 2018-04-18 2019-10-29 阿里巴巴集团控股有限公司 Prevent the methods, devices and systems that flow is held as a hostage
CN110392016B (en) * 2018-04-18 2022-05-31 阿里巴巴集团控股有限公司 Method, device and system for preventing traffic from being hijacked
CN111222128A (en) * 2019-12-31 2020-06-02 北京握奇数据股份有限公司 Method and module for safely inputting and checking USBKey PIN code
CN111222128B (en) * 2019-12-31 2024-11-01 北京握奇数据股份有限公司 Method and module for safely inputting and checking USBKey PIN code
CN113596811A (en) * 2021-06-30 2021-11-02 荣耀终端有限公司 Data transmission method and terminal equipment
CN113596811B (en) * 2021-06-30 2022-06-21 荣耀终端有限公司 Data transmission method and terminal equipment
CN118378288A (en) * 2024-06-24 2024-07-23 山东省计算中心(国家超级计算济南中心) Encryption algorithm dynamic detection method and system based on Pin tool

Also Published As

Publication number Publication date
CN103107883B (en) 2016-09-28

Similar Documents

Publication Publication Date Title
US10769628B2 (en) Transaction messaging
CN101064595B (en) Computer network safe input authentication system and method
US10142107B2 (en) Token binding using trust module protected keys
CN1599311B (en) Secure communication with a keyboard or related device
CN103107883A (en) Safe protection method of personal identification number (PIN) and client
EP2382536B1 (en) System and methods for encryption with authentication integrity
CN103929306B (en) The approaches to IM of intelligent cipher key equipment and intelligent cipher key equipment
US20020066039A1 (en) Anti-spoofing password protection
US10693641B2 (en) Secure container based protection of password accessible master encryption keys
US20030159053A1 (en) Secure reconfigurable input device with transaction card reader
CN112564887A (en) Key protection processing method, device, equipment and storage medium
CN204360381U (en) mobile device
CN101551784A (en) Method and device for encrypting data in ATA memory device with USB interface
CN102419805A (en) Terminal equipment and user information encryption method thereof
RU2579990C2 (en) Protection from passive sniffing
CN107528689B (en) Password modification method based on Ukey
CN106533663A (en) Data encryption method, encryption party device, data decryption method, and decryption party device
CN100583174C (en) Data safety processing method using online banking system safety terminal
CN102227106B (en) Method and system for intelligent secret key equipment to communicate with computer
US8769301B2 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
US10728026B2 (en) Data management method
CN109784072B (en) Security file management method and system
CN105391677A (en) Information transmission method and mobile terminal
CN103605927A (en) Encryption and decryption method based on embedded Linux system
CN105468957A (en) Safety keyboard for network transaction

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160928

OSZAR »