CN103107883B - The safety protecting method of PIN code and client - Google Patents

The safety protecting method of PIN code and client Download PDF

Info

Publication number
CN103107883B
CN103107883B CN201310001333.1A CN201310001333A CN103107883B CN 103107883 B CN103107883 B CN 103107883B CN 201310001333 A CN201310001333 A CN 201310001333A CN 103107883 B CN103107883 B CN 103107883B
Authority
CN
China
Prior art keywords
pin code
ciphertext
code input
middleware
input system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310001333.1A
Other languages
Chinese (zh)
Other versions
CN103107883A (en
Inventor
陈柳章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Excelsecu Data Technology Co Ltd
Original Assignee
Shenzhen Excelsecu Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Excelsecu Data Technology Co Ltd filed Critical Shenzhen Excelsecu Data Technology Co Ltd
Priority to CN201310001333.1A priority Critical patent/CN103107883B/en
Publication of CN103107883A publication Critical patent/CN103107883A/en
Application granted granted Critical
Publication of CN103107883B publication Critical patent/CN103107883B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种PIN码的安全防护方法及客户端,该方法包括:中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;PIN码输入系统记录用户输入的PIN码,对PIN码进行加密和编码处理得到PIN码密文,将PIN码密文通过数据交互接口传送至中间件;中间件获取PIN码密文,判断PIN码密文是否符合PIN码输入规则;若是,则解密PIN码密文,获取PIN码;具有在驱动层对PIN码进行加固的有益效果,增强了PIN码的安全性,有效地防止了驱动层和应用层的PIN码截取操作,具有较强的反键盘钩子的能力。

The invention discloses a PIN code security protection method and a client. The method includes: loading a PIN code input system by middleware, and setting a PIN code input rule through a data interaction interface when the loading is successful; displaying a PIN code input box for The user enters the PIN code; the PIN code input system records the PIN code entered by the user, encrypts and encodes the PIN code to obtain the PIN code ciphertext, and transmits the PIN code ciphertext to the middleware through the data interaction interface; the middleware obtains the PIN code ciphertext text, to determine whether the PIN code cipher text conforms to the PIN code input rules; if so, decrypt the PIN code cipher text to obtain the PIN code; it has the beneficial effect of strengthening the PIN code at the driver layer, enhancing the security of the PIN code, and effectively It prevents the PIN code interception operation of the driver layer and the application layer, and has a strong ability of anti-keyboard hooking.

Description

PIN码的安全防护方法及客户端Security Protection Method and Client of PIN Code

技术领域 technical field

本发明涉及信息安全技术领域,尤其涉及一种PIN码的安全防护方法及客户端。The invention relates to the technical field of information security, in particular to a PIN code security protection method and a client.

背景技术 Background technique

目前常用的客户端界面上的PIN(Personal Identification Number,个人识别码)框对PIN码的防护级别很低,很容易通过一些盗号软件或键盘监听手段获得PIN码,无法防止远程盗号等操作;且常用的PIN码防护方法与应用程序功能的实现相结合,很难实现对PIN码防护的移植和修改等操作。At present, the PIN (Personal Identification Number) box on the commonly used client interface has a very low level of protection for the PIN code, and it is easy to obtain the PIN code through some hacking software or keyboard monitoring methods, which cannot prevent remote hacking and other operations; and Commonly used PIN code protection methods are combined with the realization of application program functions, so it is difficult to implement operations such as transplantation and modification of PIN code protection.

发明内容 Contents of the invention

本发明的主要目的是提供一种PIN码的安全防护方法及客户端,旨在增强PIN码的安全等级,使PIN码的传输更具安全性。The main purpose of the present invention is to provide a PIN code security protection method and a client, aiming at enhancing the security level of the PIN code and making the transmission of the PIN code more secure.

本发明实施例公开一种PIN码的安全防护方法,包括以下步骤:The embodiment of the present invention discloses a security protection method of a PIN code, comprising the following steps:

中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;The middleware loads the PIN code input system. When the loading is successful, set the PIN code input rules through the data interaction interface; display the PIN code input box for the user to enter the PIN code;

所述PIN码输入系统记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件;The PIN code input system records the PIN code input by the user, encrypts and encodes the PIN code to obtain a PIN code ciphertext, and transmits the PIN code ciphertext to the middleware through the data interaction interface;

所述中间件获取所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码。The middleware obtains the PIN code ciphertext, and judges whether the PIN code ciphertext complies with the PIN code input rule; if so, decrypts the PIN code ciphertext to obtain the PIN code.

优选地,所述PIN码输入系统对所述PIN码进行加密和编码处理得到PIN码密文包括:Preferably, the PIN code input system encrypts and encodes the PIN code to obtain a PIN code ciphertext including:

生成一个或多个随机数,将所述随机数或对所述随机数进行加密运算的结果作为加密密钥;或者generate one or more random numbers, and use the random numbers or the result of cryptographic operations on the random numbers as encryption keys; or

将预置的一字符串或对所述字符串进行加密运算的结果作为加密密钥;或者Using a preset character string or the result of encrypting the character string as the encryption key; or

生成一个或多个随机数,将所述随机数和预置的一字符串或对所述随机数和字符串进行加密运算的结果作为加密密钥;Generate one or more random numbers, and use the random number and a preset string or the result of encrypting the random number and the string as an encryption key;

用所述加密密钥对所述PIN码进行加密,得到P1密文,对所述P1密文进行编码,得到所述PIN码密文。Encrypt the PIN code with the encryption key to obtain P1 ciphertext, and encode the P1 ciphertext to obtain the PIN code ciphertext.

优选地,所述判断所述PIN码密文是否符合所述PIN码输入规则的步骤之后还包括:Preferably, after the step of judging whether the PIN code ciphertext complies with the PIN code input rules, it also includes:

若否,则通过所述数据交互接口清空所述PIN码输入框,并返回执行步骤:显示PIN码输入框,供用户输入PIN码。If not, clear the PIN code input box through the data interaction interface, and return to the execution step: display the PIN code input box for the user to input the PIN code.

优选地,所述中间件加载PIN码输入系统之后还包括步骤:Preferably, after the middleware loads the PIN code input system, the steps also include:

所述PIN码输入系统初始化所述数据交互接口。The PIN code input system initializes the data interaction interface.

优选地,还包括步骤:Preferably, it also includes the steps of:

所述中间件通过所述数据交互接口,清空所述PIN码框中的所有字符,释放所述PIN码输入系统。The middleware clears all characters in the PIN code box through the data interaction interface, and releases the PIN code input system.

本发明实施例还公开了一种用于PIN码安全防护的客户端,包括中间件和PIN码输入系统;The embodiment of the invention also discloses a client for PIN code security protection, including middleware and a PIN code input system;

所述中间件用于,加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;The middleware is used to load the PIN code input system, and when the loading is successful, set the PIN code input rules through the data interaction interface; display the PIN code input box for the user to input the PIN code;

所述PIN码输入系统用于,记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件;The PIN code input system is used to record the PIN code input by the user, encrypt and encode the PIN code to obtain a PIN code ciphertext, and transmit the PIN code ciphertext to the intermediate through the data interaction interface. pieces;

所述中间件还用于,获取所述PIN码输入系统传送的所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码。The middleware is also used to obtain the PIN code ciphertext transmitted by the PIN code input system, and judge whether the PIN code ciphertext conforms to the PIN code input rule; if so, decrypt the PIN code ciphertext to obtain the PIN code.

优选地,所述PIN码输入系统还用于:Preferably, the PIN code input system is also used for:

生成一个或多个随机数,将所述随机数或对所述随机数进行加密运算的结果作为加密密钥;或者generate one or more random numbers, and use the random numbers or the result of cryptographic operations on the random numbers as encryption keys; or

将预置的一字符串或对所述字符串进行加密运算的结果作为加密密钥;或者Using a preset character string or the result of encrypting the character string as the encryption key; or

生成一个或多个随机数,将所述随机数和预置的一字符串或对所述随机数和字符串进行加密运算的结果作为加密密钥;Generate one or more random numbers, and use the random number and a preset string or the result of encrypting the random number and the string as an encryption key;

用所述加密密钥对所述PIN码进行加密,得到P1密文,对所述P1密文进行编码,得到所述PIN码密文。Encrypt the PIN code with the encryption key to obtain P1 ciphertext, and encode the P1 ciphertext to obtain the PIN code ciphertext.

优选地,所述中间件还用于:Preferably, the middleware is also used for:

在判断所述PIN码密文不符合所述PIN码输入规则时,通过所述数据交互接口清空所述PIN码输入框,并返回执行步骤:显示PIN码输入框,供用户输入PIN码。When it is judged that the PIN code ciphertext does not comply with the PIN code input rules, clear the PIN code input box through the data interaction interface, and return to the execution step: display the PIN code input box for the user to input the PIN code.

优选地,所述PIN码输入系统还用于:Preferably, the PIN code input system is also used for:

初始化所述数据交互接口。Initialize the data interaction interface.

优选地,所述中间件还用于:Preferably, the middleware is also used for:

通过所述数据交互接口,清空所述PIN码框中的所有字符,释放所述PIN码输入系统。Through the data interaction interface, all characters in the PIN code box are cleared, and the PIN code input system is released.

本发明通过中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;所述PIN码输入系统记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件;所述中间件获取所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码的方法,具有在驱动层对PIN码进行加固、增强PIN码安全性的有益效果,有效地实现了对调用者身份的认证,防止了驱动层和应用层的PIN码截取操作;同时,具有较强的反键盘钩子的能力,能够对主流的键盘钩子进行防护,打断钩子链的传输,有效地防止了键盘钩子类木马程序对PIN码所造成的安全威胁。而且,对PIN码的防护采用独立的PIN码输入系统进行,方便了PIN码防护的移植和修改等操作。The present invention loads the PIN code input system through the middleware, and when the loading is successful, sets the PIN code input rules through the data interaction interface; displays the PIN code input box for the user to input the PIN code; the PIN code input system records the PIN code input by the user , the PIN code is encrypted and encoded to obtain a PIN code ciphertext, and the PIN code ciphertext is transmitted to the middleware through the data interaction interface; the middleware obtains the PIN code ciphertext, and judges Whether described PIN code ciphertext accords with described PIN code input rule; If so, then decrypt described PIN code ciphertext, obtain the method for described PIN code, have the ability to reinforce PIN code and enhance the security of PIN code at driver layer Beneficial effects, effectively realize the authentication of the identity of the caller, and prevent the PIN code interception operation of the driver layer and the application layer; at the same time, it has a strong ability to prevent keyboard hooks, and can protect mainstream keyboard hooks and interrupt The transmission of the hook chain effectively prevents the security threat caused by the keyboard hook Trojan horse program to the PIN code. Moreover, the protection of the PIN code is carried out by an independent PIN code input system, which facilitates operations such as transplantation and modification of the PIN code protection.

附图说明 Description of drawings

图1是本发明PIN码的安全防护方法第一实施例流程示意图;Fig. 1 is the schematic flow chart of the first embodiment of the security protection method of PIN code of the present invention;

图2是本发明PIN码的安全防护方法中,PIN码输入系统对输入的PIN码进行加密时,获取加密密钥一实施例流程示意图;Fig. 2 is in the security protection method of PIN code of the present invention, when the PIN code input system encrypts the input PIN code, obtains the schematic flow chart of an embodiment of encryption key;

图3是本发明PIN码的安全防护方法第二实施例流程示意图;Fig. 3 is the schematic flow chart of the second embodiment of the security protection method of the PIN code of the present invention;

图4是本发明PIN码的安全防护方法第三实施例流程示意图;Fig. 4 is the schematic flow chart of the third embodiment of the security protection method of the PIN code of the present invention;

图5是本发明PIN码输入系统与中间件的交互流程示意图;Fig. 5 is the interactive flow diagram of PIN code input system and middleware of the present invention;

图6是本发明用于PIN码安全防护的客户端一实施例结构示意图。FIG. 6 is a schematic structural diagram of an embodiment of a client for PIN code security protection according to the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose of the present invention, functional characteristics and advantages will be further described in conjunction with the embodiments and with reference to the accompanying drawings.

具体实施方式 detailed description

本发明用于PIN码安全防护的客户端采用PIN码的安全防护方法,达到对PIN码进行安全防护的目的;PIN码的安全防护方法为:通过中间件在加载PIN码输入系统成功时,显示PIN码输入框,供用户输入PIN码;在用户输入PIN码后,PIN码输入系统对PIN码进行加密并编码,得到PIN码密文,并将PIN码密文通过特定的数据交互接口传送至中间件,中间件判断该PIN码密文符合PIN码输入规则时,解密PIN码密文,得到符合输入规则的PIN码。The client of the present invention is used for the security protection of PIN code adopts the security protection method of PIN code, reaches the purpose that PIN code is carried out security protection; The PIN code input box is for the user to enter the PIN code; after the user enters the PIN code, the PIN code input system encrypts and encodes the PIN code to obtain the PIN code ciphertext, and transmits the PIN code ciphertext to the The middleware, when judging that the ciphertext of the PIN code complies with the input rules of the PIN code, the middleware decrypts the ciphertext of the PIN code to obtain the PIN code conforming to the input rules.

以下结合说明书附图及具体实施例进一步说明本发明的技术方案。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

参照图1,图1是本发明PIN码的安全防护方法第一实施例流程示意图;如图1所示,本发明PIN码的安全防护方法包括以下步骤:With reference to Fig. 1, Fig. 1 is the schematic flow chart of the first embodiment of the security protection method of PIN code of the present invention; As shown in Fig. 1, the security protection method of PIN code of the present invention comprises the following steps:

步骤S01、中间件加载PIN码输入系统,在加载成功时,通过数据交互接口设置PIN码输入规则;Step S01, the middleware loads the PIN code input system, and when the loading is successful, sets the PIN code input rules through the data interaction interface;

步骤S02、中间件显示PIN码输入框,供用户输入PIN码;Step S02, the middleware displays a PIN code input box for the user to input a PIN code;

在用户开启中间件并运行中间件后,中间件加载PIN码输入系统;如果加载失败,则获取加载失败的错误码,并提示用户本次加载失败;如果加载成功,则通过与PIN码输入系统进行数据交互的安全接口设置PIN码输入规则;所述中间件设置PIN码输入规则包括:设置字符规则、允许输入的最大和最小字符数。After the user starts the middleware and runs the middleware, the middleware loads the PIN code and enters the system; if the loading fails, it gets the error code of the loading failure and prompts the user that the loading failed this time; if the loading is successful, it enters the system through the PIN code The security interface for data interaction sets PIN code input rules; the middleware setting PIN code input rules includes: setting character rules, maximum and minimum characters allowed to be input.

在设置完成后,中间件显示PIN码输入框,提示用户可以输入对应的PIN码。After the setting is completed, the middleware displays the PIN code input box, prompting the user to enter the corresponding PIN code.

步骤S03、PIN码输入系统记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过数据交互接口传送至中间件。Step S03, the PIN code input system records the PIN code input by the user, encrypts and encodes the PIN code to obtain a PIN code ciphertext, and transmits the PIN code ciphertext to the middleware through the data interaction interface.

用户在PIN码输入框中输入对应的PIN码后,PIN码输入系统立刻记录用户输入的PIN码,同时,统计该PIN码的字符数,并在驱动层对PIN码进行加密。PIN码输入系统根据随机数和预置硬编码字符串,获取加密密钥,在驱动层对PIN码进行加密。After the user enters the corresponding PIN code in the PIN code input box, the PIN code input system immediately records the PIN code entered by the user, and at the same time, counts the number of characters of the PIN code, and encrypts the PIN code at the driver layer. The PIN code input system obtains the encryption key according to the random number and the preset hard-coded character string, and encrypts the PIN code at the driver layer.

PIN码输入系统获取加密密钥的方式包括:PIN码输入系统生成一个或多个随机数,直接将所述随机数作为加密密钥,或者对该随机数进行加密运算,将加密后的随机数作为加密密钥;将预置的字符串作为加密密钥,或者对该预置的字符串进行加密运算,将加密后的预置字符串作为加密密钥;将生成的随机数和预置的字符串作为加密密钥,或者将该随机数和预置字符串进行加密运算,将上述加密运算结果作为加密密钥。对上述相关数据进行加密运算可以采用3DES加密算法。请参照图2,图2是本发明PIN码的安全防护方法中,PIN码输入系统对输入的PIN码进行加密时,获取加密密钥一实施例流程示意图;如图2所示,PIN码输入系统调用PIN码加密所需的相关函数,并对所述相关函数传入的一随机数进行SHA1(Secure Hash Algorithm,安全哈希算法)散列,即采用安全哈希算法对传入的随机数进行处理,得到第一哈希数据即Hash数据1,取Hash数据1的前6位,将其保存为S1。PIN码输入系统对预置硬编码字符串进行SHA1散列,即采用安全哈希算法对预置硬编码字符串进行处理,得到第二哈希数据即Hash数据2,取Hash数据2的后4位,将其保存为S2。根据S1和S2,获取新的字符串S1+S2+S1,将其作为S3;此时,取字符串S1的后3位作为字符串S4;将S3和S4的组成字符串M1作为加密密钥对用户输入的PIN码进行加密,其中“M1=S3+S4+S3”。PIN码输入系统利用加密密钥M1对输入的PIN码进行加密,得到P1密文后,再对P1密文进行编码,得到所述PIN码密文。PIN码输入系统将PIN码密文通过特定的数据交互接口传送至中间件。The way for the PIN code input system to obtain the encryption key includes: the PIN code input system generates one or more random numbers, directly uses the random number as the encryption key, or performs an encryption operation on the random number, and encrypts the encrypted random number As an encryption key; use the preset character string as the encryption key, or perform an encryption operation on the preset character string, and use the encrypted preset character string as the encryption key; use the generated random number and the preset The character string is used as the encryption key, or the random number and the preset character string are encrypted, and the result of the encryption operation is used as the encryption key. A 3DES encryption algorithm may be used to perform encryption operations on the above-mentioned relevant data. Please refer to Fig. 2, Fig. 2 is in the security protection method of PIN code of the present invention, when the PIN code input system encrypts the input PIN code, obtains the flow diagram of an embodiment of encryption key; As shown in Fig. 2, PIN code input The system calls the relevant function required for PIN code encryption, and performs SHA1 (Secure Hash Algorithm, secure hash algorithm) hash on a random number passed in by the relevant function, that is, uses the secure hash algorithm to hash the incoming random number Process to obtain the first hash data, that is, Hash data 1, take the first 6 bits of Hash data 1, and save it as S1. The PIN code input system performs SHA1 hash on the preset hard-coded string, that is, uses the secure hash algorithm to process the preset hard-coded string to obtain the second hash data, namely Hash data 2, and take the last 4 of Hash data 2 bit, save it as S2. According to S1 and S2, obtain a new string S1+S2+S1, and use it as S3; at this time, take the last 3 digits of the string S1 as the string S4; use the string M1 composed of S3 and S4 as the encryption key Encrypt the PIN code entered by the user, where "M1=S3+S4+S3". The PIN code input system uses the encryption key M1 to encrypt the input PIN code to obtain the P1 ciphertext, and then encodes the P1 ciphertext to obtain the PIN ciphertext. The PIN code input system transmits the PIN code ciphertext to the middleware through a specific data interaction interface.

由于加密密钥是PIN码输入系统动态生成的,因此保证了加密密钥的唯一性;且对写入共享内存的P1密文进行了编码处理,使PIN码的传输更有安全性。Since the encryption key is dynamically generated by the PIN code input system, the uniqueness of the encryption key is guaranteed; and the P1 ciphertext written into the shared memory is encoded to make the transmission of the PIN code more secure.

本发明实施例中,PIN码输入系统对P1密文进行编码的方法可以采用BASE64编码方式。In the embodiment of the present invention, the method for encoding the P1 ciphertext by the PIN code input system may adopt BASE64 encoding.

步骤S04、中间件获取所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则执行步骤S05;若否,则返回执行步骤S02。Step S04, the middleware acquires the PIN code ciphertext, and judges whether the PIN code ciphertext conforms to the PIN code input rule; if yes, execute step S05; if not, return to execute step S02.

步骤S05、解密所述PIN码密文,获取所述PIN码。Step S05, decrypting the ciphertext of the PIN code to obtain the PIN code.

中间件获取PIN码输入系统传送的PIN码密文,同时获取该PIN码密文的字符数,判断该PIN码密文的字符数是否符合PIN码输入规则。若该PIN码密文的字符数不符合PIN码输入规则,则中间件通过特定的数据交互接口,清空PIN码框中的字符,并返回至步骤S02、中间件显示PIN码输入框,要求用户重新输入PIN码。如果中间件判断PIN码密文的字符数符合PIN码输入规则,则解析PIN码密文。所述中间件解析PIN码密文采用与PIN码输入系统相适配的解密算法,所述解密算法可以是安全哈希算法;若PIN码输入系统采用3DES加密算法,则中间件对PIN码密文解密时,也采用3DES解密算法。The middleware obtains the PIN code ciphertext sent by the PIN code input system, and at the same time obtains the number of characters of the PIN code ciphertext, and judges whether the number of characters of the PIN code ciphertext complies with the PIN code input rules. If the number of characters of the PIN code cipher text does not meet the PIN code input rules, the middleware clears the characters in the PIN code box through a specific data interaction interface, and returns to step S02, the middleware displays the PIN code input box, and requires the user Re-enter the PIN code. If the middleware judges that the number of characters of the PIN code ciphertext conforms to the PIN code input rule, it parses the PIN code ciphertext. The middleware analyzes the PIN code ciphertext and adopts a decryption algorithm compatible with the PIN code input system, and the decryption algorithm can be a secure hash algorithm; if the PIN code input system adopts the 3DES encryption algorithm, then the middleware encrypts the PIN code. When decrypting the text, the 3DES decryption algorithm is also used.

若中间件对PIN码密文解析失败,则发出解析失败的提示信息,提示用户未能成功获取所述PIN码。If the middleware fails to parse the ciphertext of the PIN code, it sends a prompt message of parsing failure, prompting the user to fail to obtain the PIN code.

中间件解析PIN码密文,获取到PIN码后,判断PIN码是否符合PIN码输入规则,若是,则通过PIN码输入系统的数据交互接口,清空PIN码框中的所有字符,并释放PIN码输入系统;若中间件判断解析后的PIN码不符合PIN码输入规则,则通过PIN码输入系统的数据交互接口,清空PIN码框中的所有字符,并返回执行步骤S02、中间件显示PIN码输入框,要求用户重新输入PIN码。The middleware analyzes the PIN code ciphertext, and after obtaining the PIN code, judges whether the PIN code complies with the PIN code input rules. If so, clears all the characters in the PIN code box through the data interaction interface of the PIN code input system, and releases the PIN code Input system; if the middleware judges that the PIN code after analysis does not meet the PIN code input rules, then through the data interaction interface of the PIN code input system, clear all the characters in the PIN code box, and return to execute step S02, and the middleware displays the PIN code Input box that requires the user to re-enter the PIN code.

进一步地,请参照图3,图3是本发明PIN码的安全防护方法第二实施例流程示意图;本实施例与图1所述实施例的区别是,仅增加了:Further, please refer to FIG. 3, which is a schematic flow chart of the second embodiment of the PIN code security protection method of the present invention; the difference between this embodiment and the embodiment described in FIG. 1 is that only:

步骤S00、所述PIN码输入系统初始化所述数据交互接口。Step S00, the PIN code input system initializes the data interaction interface.

在中间件加载PIN码输入系统成功并设置PIN码输入规则后,为保证PIN码传输的安全性,PIN码输入系统与中间件的交互采用特定的数据交互接口。PIN码输入系统根据中间件设置的PIN码输入规则,对特定的所述数据交互接口进行初始化一具体实施过程如下:After the middleware successfully loads the PIN code input system and sets the PIN code input rules, in order to ensure the security of PIN code transmission, the interaction between the PIN code input system and the middleware adopts a specific data interaction interface. The PIN code input system initializes the specific described data interaction interface according to the PIN code input rules set by the middleware-the specific implementation process is as follows:

<1>、void Clear(void)<1>, void Clear(void)

[功能]清空PIN码框中的字符。[Function] Clear the characters in the PIN code box.

<2>、void GetLen(LONG *nLen)<2>, void GetLen(LONG *nLen)

[功能]获取PIN码框中已输入字符的长度。[Function] Get the length of the input characters in the PIN code box.

<3>、void GetVerCtrl (BSTR *szVer)<3>, void GetVerCtrl (BSTR *szVer)

[功能]获取PIN码系统,控件的版本号。[Function] Get the PIN code system, the version number of the control.

<4>、void GetVerDrv (BSTR *szVer)<4>, void GetVerDrv (BSTR *szVer)

[功能]获取PIN码系统,驱动文件的版本号。[Function] Obtain the PIN code system and the version number of the driver file.

<5>、void GetPin (LPCTSTR bstrRand,LPCTSTR bstrContent,BSTR *szPin)<5>, void GetPin (LPCTSTR bstrRand, LPCTSTR bstrContent, BSTR *szPin)

[功能]获取PIN码框的密文数据。[Function] Obtain the ciphertext data of the PIN code box.

<6>、void GetLastError(LONG *nCode)<6>, void GetLastError(LONG *nCode)

[功能]获取Pin码控件最后一次错误代码值。[Function] Get the last error code value of the Pin code control.

<7>、void InitPinInput(LONG minLength,LONG maxLength,LPCTSTR strRand,LPCTSTR strRule)<7>, void InitPinInput(LONG minLength, LONG maxLength, LPCTSTR strRand, LPCTSTR strRule)

[功能]PIN码输入控件系统初始化接口。[Function] PIN code input control system initialization interface.

<8>、void FocusOnOrNot(LONG *pRet)<8>, void FocusOnOrNot(LONG *pRet)

[功能]判断当前输入焦点是否在pin码输入框控件中。[Function] Determine whether the current input focus is in the pin code input box control.

PIN码输入系统通过对数据交互接口的初始化,将PIN码的保护模块独立化,使PIN码的保护模块的调用更加便捷。The PIN code input system makes the PIN code protection module independent by initializing the data interaction interface, making the call of the PIN code protection module more convenient.

进一步地,请参照图4,图4是本发明PIN码的安全防护方法第三实施例流程示意图;本实施例与图3实施例的区别是,仅增加了:Further, please refer to FIG. 4, which is a schematic flow chart of the third embodiment of the PIN code security protection method of the present invention; the difference between this embodiment and the embodiment in FIG. 3 is that only:

步骤S06、中间件通过所述数据交互接口,清空所述PIN码框中的所有字符,释放所述PIN码输入系统。Step S06, the middleware clears all characters in the PIN code box through the data interaction interface, and releases the PIN code input system.

中间件解析PIN码密文,获取到符合PIN码输入规则的PIN码后,通过特定的数据交互接口,情况PIN码框中的所有字符,并释放PIN码输入系统。The middleware analyzes the ciphertext of the PIN code, obtains the PIN code that conforms to the PIN code input rules, checks all the characters in the PIN code box through a specific data interaction interface, and releases the PIN code input system.

本实施例中,所述中间件可以为常用的U盾程序;以U盾程序为例,中间件与PIN码输入系统的交互流程请参照图5,图5是本发明PIN码输入系统与中间件的交互流程示意图;如图5所示,用户运行U盾程序后,U盾程序校准PIN码输入系统,设置包括字符规则、最大及最小输入字符数的PIN码输入规则,并显示PIN码输入框,供用户输入PIN码;用户输入完成后,点击<提交>按钮,PIN码输入系统获取用户输入的PIN码,对输入的PIN码进行加密和编码处理后,返回PIN码密文至U盾程序,U盾程序接收该PIN码密文,判断该PIN码密文的字符数符合PIN码输入规则后,对PIN码密文进行解析,在解析成功后,获取PIN码,在判断该PIN码符合PIN码输入规则时,通过特定的数据交互接口,清空PIN码框中的所有字符,并释放PIN码输入系统;U盾程序在判断PIN码密文不符合PIN码输入规则、对PIN码密文解析失败、对获取的PIN码不符合PIN码输入规则时,均向用户发出提示信息。In this embodiment, the middleware can be a commonly used USB-shield program; taking the USB-shield program as an example, please refer to Fig. 5 for the interaction process between the middleware and the PIN code input system, and Fig. Schematic diagram of the interaction process of the software; as shown in Figure 5, after the user runs the USB-shield program, the USB-shield program calibrates the PIN code input system, sets the PIN code input rules including character rules, maximum and minimum input characters, and displays the PIN code input box for the user to enter the PIN code; after the user completes the input, click the <Submit> button, the PIN code input system will obtain the PIN code entered by the user, encrypt and encode the entered PIN code, and return the PIN code cipher text to the USB-Shield program, the U-shield program receives the PIN code ciphertext, judges that the number of characters in the PIN code ciphertext conforms to the PIN code input rules, analyzes the PIN code ciphertext, obtains the PIN code after the analysis is successful, and judges the PIN code When the PIN code input rules are met, clear all the characters in the PIN code box through a specific data interaction interface, and release the PIN code input system; If the text analysis fails or the obtained PIN code does not comply with the PIN code input rules, a prompt message will be sent to the user.

由于中间件如图5所示的U盾程序与PIN码输入系统均采用特定的数据交互接口,且PIN码输入系统的安全级别与客户端登陆控件保持一致,因此,减少了客户端加解密的使用时间;同时,由于PIN码输入系统采用了动态生成加密密钥的方法,因此,确保了加密密钥的唯一性,提高了PIN码的安全性。Since the U-shield program and the PIN code input system of the middleware as shown in Figure 5 both use a specific data interaction interface, and the security level of the PIN code input system is consistent with the client login control, therefore, the encryption and decryption of the client is reduced. Time of use; meanwhile, since the PIN code input system adopts the method of dynamically generating an encryption key, the uniqueness of the encryption key is ensured and the security of the PIN code is improved.

本实施例通过在驱动层对PIN码进行加固,有效地实现了对调用者身份的认证,防止了驱动层和应用层的PIN码截取操作;同时,具有较强的反键盘钩子的能力,能够对主流的键盘钩子进行防护,打断钩子链的传输,有效地防止了键盘钩子类木马程序对PIN码造成的安全威胁,增强了PIN码的安全性。In this embodiment, by reinforcing the PIN code at the driver layer, the authentication of the caller's identity is effectively realized, and the PIN code interception operation of the driver layer and the application layer is prevented; at the same time, it has a strong ability to reverse keyboard hooks, and can Protect the mainstream keyboard hooks, interrupt the transmission of the hook chain, effectively prevent the security threat to the PIN code caused by the keyboard hook Trojan horse program, and enhance the security of the PIN code.

参照图6,图6是本发明用于PIN码安全防护的客户端一实施例结构示意图。如图6所示,本发明用于PIN码安全防护的客户端包括:中间件01和PIN码输入系统02。Referring to FIG. 6 , FIG. 6 is a structural diagram of an embodiment of a client terminal for PIN code security protection according to the present invention. As shown in FIG. 6 , the client for PIN code security protection in the present invention includes: middleware 01 and PIN code input system 02 .

中间件01用于,加载PIN码输入系统02,在加载成功时,通过数据交互接口设置PIN码输入规则;显示PIN码输入框,供用户输入PIN码;The middleware 01 is used to load the PIN code input system 02, and when the loading is successful, set the PIN code input rules through the data interaction interface; display the PIN code input box for the user to input the PIN code;

PIN码输入系统02用于,记录用户输入的PIN码,对所述PIN码进行加密和编码处理得到PIN码密文,将所述PIN码密文通过所述数据交互接口传送至所述中间件01;The PIN code input system 02 is used to record the PIN code input by the user, encrypt and encode the PIN code to obtain a PIN code ciphertext, and transmit the PIN code ciphertext to the middleware through the data interaction interface 01;

中间件01还用于,获取所述PIN码输入系统02传送的所述PIN码密文,判断所述PIN码密文是否符合所述PIN码输入规则;若是,则解密所述PIN码密文,获取所述PIN码。The middleware 01 is also used to obtain the PIN code ciphertext transmitted by the PIN code input system 02, and judge whether the PIN code ciphertext conforms to the PIN code input rule; if so, decrypt the PIN code ciphertext to obtain the PIN code.

具体地,请再次参照图5,中间件01与PIN码输入系统02的交互过程为:Specifically, referring to FIG. 5 again, the interaction process between the middleware 01 and the PIN code input system 02 is as follows:

在中间件01加载PIN码输入系统成功并设置PIN码输入规则后,为保证PIN码传输的安全性,PIN码输入系统02与中间件01的交互采用特定的数据交互接口。PIN码输入系统02根据中间件01设置的PIN码输入规则,对该特定的数据交互接口进行初始化,其具体实施过程如下:After the middleware 01 successfully loads the PIN code input system and sets the PIN code input rules, in order to ensure the security of PIN code transmission, the interaction between the PIN code input system 02 and the middleware 01 adopts a specific data interaction interface. The PIN code input system 02 initializes the specific data interaction interface according to the PIN code input rules set by the middleware 01. The specific implementation process is as follows:

<1>、void Clear(void)<1>, void Clear(void)

[功能]清空PIN码框中的字符。[Function] Clear the characters in the PIN code box.

<2>、void GetLen(LONG *nLen)<2>, void GetLen(LONG *nLen)

[功能]获取PIN码框中已输入字符的长度。[Function] Get the length of the input characters in the PIN code box.

<3>、void GetVerCtrl (BSTR *szVer)<3>, void GetVerCtrl (BSTR *szVer)

[功能]获取PIN码系统,控件的版本号。[Function] Get the PIN code system, the version number of the control.

<4>、void GetVerDrv (BSTR *szVer)<4>, void GetVerDrv (BSTR *szVer)

[功能]获取PIN码系统,驱动文件的版本号。[Function] Obtain the PIN code system and the version number of the driver file.

<5>、void GetPin (LPCTSTR bstrRand,LPCTSTR bstrContent,BSTR *szPin)<5>, void GetPin (LPCTSTR bstrRand, LPCTSTR bstrContent, BSTR *szPin)

[功能]获取PIN码框的密文数据。[Function] Obtain the ciphertext data of the PIN code box.

<6>、void GetLastError(LONG *nCode)<6>, void GetLastError(LONG *nCode)

[功能]获取Pin码控件最后一次错误代码值。[Function] Get the last error code value of the Pin code control.

<7>、void InitPinInput(LONG minLength,LONG maxLength,LPCTSTR strRand,LPCTSTR strRule)<7>, void InitPinInput(LONG minLength, LONG maxLength, LPCTSTR strRand, LPCTSTR strRule)

[功能]PIN码输入控件系统初始化接口。[Function] PIN code input control system initialization interface.

<8>、void FocusOnOrNot(LONG *pRet)<8>, void FocusOnOrNot(LONG *pRet)

[功能]判断当前输入焦点是否在pin码输入框控件中。[Function] Determine whether the current input focus is in the pin code input box control.

PIN码输入系统02通过对数据交互接口的初始化,将PIN码的保护模块独立化,使PIN码的保护模块的调用更加便捷。The PIN code input system 02 makes the PIN code protection module independent through the initialization of the data interaction interface, making the call of the PIN code protection module more convenient.

在用户开启中间件01并运行中间件01后,中间件01加载PIN码输入系统02;如果加载失败,则获取加载失败的错误码,并提示用户本次加载失败;如果加载成功,则通过与PIN码输入系统02进行数据交互的安全接口设置PIN码输入规则;所述中间件01设置PIN码输入规则包括:设置字符规则、允许输入的最大和最小字符数。After the user starts the middleware 01 and runs the middleware 01, the middleware 01 loads the PIN code and enters the system 02; if the loading fails, it will get the error code of the loading failure, and prompt the user that the loading failed this time; if the loading is successful, then pass and The security interface of the PIN code input system 02 for data interaction sets the PIN code input rules; the middleware 01 sets the PIN code input rules including: setting character rules, maximum and minimum characters allowed to be input.

在设置完成后,中间件01显示PIN码输入框,提示用户可以输入对应的PIN码。After the setting is completed, the middleware 01 displays a PIN code input box, prompting the user to input the corresponding PIN code.

用户在PIN码输入框中输入对应的PIN码后,PIN码输入系统02立刻记录用户输入的PIN码,同时,统计该PIN码的字符数,并在驱动层对PIN码进行加密。PIN码输入系统02根据随机数和预置硬编码字符串,获取加密密钥,在驱动层对PIN码进行加密。After the user enters the corresponding PIN code in the PIN code input box, the PIN code input system 02 immediately records the PIN code entered by the user, and at the same time, counts the number of characters of the PIN code, and encrypts the PIN code at the driver layer. The PIN code input system 02 obtains the encryption key according to the random number and the preset hard-coded character string, and encrypts the PIN code at the driver layer.

PIN码输入系统02对输入的PIN码进行加密时,获取加密密钥的方式包括:PIN码输入系统生成一个或多个随机数,直接将所述随机数作为加密密钥,或者对该随机数进行加密运算,将加密后的随机数作为加密密钥;将预置的字符串作为加密密钥,或者对该预置的字符串进行加密运算,将加密后的预置字符串作为加密密钥;将生成的随机数和预置的字符串作为加密密钥,或者将该随机数和预置字符串进行加密运算,将上述加密运算结果作为加密密钥。对上述相关数据进行加密运算可以采用3DES加密算法。PIN码输入系统02获取加密密钥的具体过程请参照图2所述实施例的具体描述,在此不再赘述。PIN码输入系统02利用加密密钥对输入的PIN码进行加密,得到P1密文后,再对P1密文进行编码,得到所述PIN码密文。PIN码输入系统02将PIN码密文通过特定的数据交互接口传送至中间件01。由于加密密钥是PIN码输入系统02动态生成的,因此保证了加密密钥的唯一性;且PIN码输入系统02对写入共享内存的P1密文进行了编码处理,使PIN码的传输更有安全性。When the PIN code input system 02 encrypts the input PIN code, the way to obtain the encryption key includes: the PIN code input system generates one or more random numbers, directly uses the random number as the encryption key, or the random number Perform encryption operation, use the encrypted random number as the encryption key; use the preset character string as the encryption key, or perform encryption operation on the preset character string, and use the encrypted preset character string as the encryption key ; Use the generated random number and the preset character string as an encryption key, or perform an encryption operation on the random number and the preset character string, and use the result of the encryption operation as the encryption key. A 3DES encryption algorithm may be used to perform encryption operations on the above-mentioned relevant data. For the specific process of obtaining the encryption key by the PIN code input system 02 , please refer to the specific description of the embodiment shown in FIG. 2 , which will not be repeated here. The PIN code input system 02 encrypts the input PIN code with an encryption key to obtain the P1 ciphertext, and then encodes the P1 ciphertext to obtain the PIN ciphertext. The PIN code input system 02 transmits the PIN code ciphertext to the middleware 01 through a specific data interaction interface. Since the encryption key is dynamically generated by the PIN code input system 02, the uniqueness of the encryption key is guaranteed; and the PIN code input system 02 encodes the P1 ciphertext written into the shared memory, making the transmission of the PIN code more efficient. There is security.

本发明实施例中,PIN码输入系统02对P1密文进行编码的方法可以采用BASE64编码方式。In the embodiment of the present invention, the method for encoding the P1 ciphertext by the PIN code input system 02 may adopt the BASE64 encoding method.

中间件01获取PIN码输入系统02传送的PIN码密文,同时获取该PIN码密文的字符数,判断该PIN码密文的字符数是否符合PIN码输入规则。若该PIN码密文的字符数不符合PIN码输入规则,则中间件01通过特定的数据交互接口,清空PIN码框中的字符,并显示PIN码输入框,要求用户重新输入PIN码。如果中间件01判断PIN码密文的字符数符合PIN码输入规则,则解析PIN码密文。所述中间件01解析PIN码密文采用与PIN码输入系统02相适配的解密算法,所述解密算法可以是安全哈希算法;若PIN码输入系统02采用3DES加密算法,则中间件01对PIN码密文解密时,也采用3DES解密算法。若中间件01对PIN码密文解析失败,则发出解析失败的提示信息,提示用户未能成功获取所述PIN码。The middleware 01 obtains the PIN code ciphertext sent by the PIN code input system 02, and at the same time obtains the number of characters of the PIN code ciphertext, and judges whether the number of characters of the PIN code ciphertext complies with the PIN code input rules. If the number of characters in the ciphertext of the PIN code does not comply with the PIN code input rules, the middleware 01 clears the characters in the PIN code box through a specific data interaction interface, and displays the PIN code input box, requiring the user to re-enter the PIN code. If the middleware 01 judges that the number of characters of the PIN code cipher text conforms to the PIN code input rule, then analyze the PIN code cipher text. The middleware 01 analyzes the PIN code ciphertext and adopts a decryption algorithm compatible with the PIN code input system 02, and the decryption algorithm can be a secure hash algorithm; if the PIN code input system 02 adopts the 3DES encryption algorithm, then the middleware 01 When decrypting the PIN code ciphertext, the 3DES decryption algorithm is also used. If the middleware 01 fails to parse the ciphertext of the PIN code, it will send a prompt message of parsing failure, prompting the user to fail to obtain the PIN code.

中间件01解析PIN码密文,获取到PIN码后,判断PIN码是否符合PIN码输入规则,若是,则通过PIN码输入系统02的数据交互接口,清空PIN码框中的所有字符,并释放PIN码输入系统02;若中间件01判断解析后的PIN码不符合PIN码输入规则,则通过PIN码输入系统02的数据交互接口,清空PIN码框中的所有字符,并显示PIN码输入框,要求用户重新输入PIN码。Middleware 01 analyzes the PIN code ciphertext, and after obtaining the PIN code, judges whether the PIN code complies with the PIN code input rules. PIN code input system 02; if the middleware 01 judges that the analyzed PIN code does not conform to the PIN code input rules, clear all the characters in the PIN code box through the data interaction interface of PIN code input system 02, and display the PIN code input box , requiring the user to re-enter the PIN.

由于中间件01与PIN码输入系统02均采用特定的数据交互接口,且PIN码输入系统02的安全级别与客户端登陆控件保持一致,因此,减少了客户端加解密的使用时间;同时,由于PIN码输入系统02采用了动态生成加密密钥的方法,因此,确保了加密密钥的唯一性,提高了PIN码的安全性。Since the middleware 01 and the PIN code input system 02 both adopt a specific data interaction interface, and the security level of the PIN code input system 02 is consistent with the client login control, therefore, the use time of client encryption and decryption is reduced; at the same time, due to The PIN code input system 02 adopts the method of dynamically generating an encryption key, thus ensuring the uniqueness of the encryption key and improving the security of the PIN code.

本实施例通过在驱动层对PIN码进行加固,有效地实现了对调用者身份的认证,防止了驱动层和应用层的PIN码截取操作;同时,具有较强的反键盘钩子的能力,能够对主流的键盘钩子进行防护,打断钩子链的传输,有效地防止了键盘钩子类木马程序对PIN码造成的安全威胁,增强了PIN码的安全性。In this embodiment, by reinforcing the PIN code at the driver layer, the authentication of the caller's identity is effectively realized, and the PIN code interception operation of the driver layer and the application layer is prevented; at the same time, it has a strong ability to reverse keyboard hooks, and can Protect the mainstream keyboard hooks, interrupt the transmission of the hook chain, effectively prevent the security threat to the PIN code caused by the keyboard hook Trojan horse program, and enhance the security of the PIN code.

以上所述仅为本发明的优选实施例,并非因此限制其专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only a preferred embodiment of the present invention, and does not limit the scope of its patents. Any equivalent structure or equivalent process transformation made by using the description of the present invention and the contents of the accompanying drawings is directly or indirectly used in other related technical fields. All are included in the scope of patent protection of the present invention in the same way.

Claims (10)

1. the safety protecting method of a PIN code, it is characterised in that comprise the following steps:
Middleware loads PIN code input system, when loading successfully, arranges PIN by data interaction interface Code input rule;Described middleware display PIN code input frame, inputs PIN code for user;
The PIN code of described PIN code input system record user input, adds described PIN code driving layer Close and coded treatment obtains PIN code ciphertext, by described PIN code ciphertext by described data interaction interface transmission To described middleware;
Described middleware obtains described PIN code ciphertext, it is judged that whether described PIN code ciphertext meets described PIN Code input rule;The most then decipher described PIN code ciphertext, obtain described PIN code.
2. the method for claim 1, it is characterised in that described PIN code input system is to described PIN Code is encrypted and obtains PIN code ciphertext with coded treatment and include:
Generate one or more random number, be encrypted computing by described random number or to described random number Result is as encryption key;Or
It is encrypted the result of computing as encryption key using a preset character string or to described character string; Or
Generate one or more random number, by described random number and a preset character string or to described at random Number and character string are encrypted the result of computing as encryption key;
With described encryption key, described PIN code is encrypted, obtains P1 ciphertext, described P1 ciphertext is carried out Coding, obtains described PIN code ciphertext.
3. the method for claim 1, it is characterised in that described whether judge described PIN code ciphertext Also include after meeting the step of described PIN code input rule:
If it is not, then empty described PIN code input frame by described data interaction interface, and return execution step: Display PIN code input frame, inputs PIN code for user.
4. the method for claim 1, it is characterised in that described middleware loads PIN code input and is Further comprise the steps of: after system
Described PIN code input system initializes described data interaction interface.
5. the method for claim 1, it is characterised in that further comprise the steps of:
Described middleware, by described data interaction interface, empties all characters in described PIN code frame, releases Put described PIN code input system.
6. the client for PIN code security protection, it is characterised in that include middleware and PIN Code input system;
Described middleware is used for, and loads PIN code input system, when loading successfully, passes through data interaction Interface arranges PIN code input rule;Display PIN code input frame, inputs PIN code for user;
Described PIN code input system is used for, the PIN code of record user's input, is driving layer to described PIN Code is encrypted and obtains PIN code ciphertext with coded treatment, described PIN code ciphertext is handed over by described data Described middleware is delivered in mutual connection oral instructions;
Described middleware is additionally operable to, and obtains the described PIN code ciphertext that described PIN code input system transmits, Judge whether described PIN code ciphertext meets described PIN code input rule;The most then decipher described PIN Code ciphertext, obtains described PIN code.
7. client as claimed in claim 6, it is characterised in that described PIN code input system is also used In:
Generate one or more random number, be encrypted computing by described random number or to described random number Result is as encryption key;Or
It is encrypted the result of computing as encryption key using a preset character string or to described character string; Or
Generate one or more random number, by described random number and a preset character string or to described at random Number and character string are encrypted the result of computing as encryption key;
With described encryption key, described PIN code is encrypted, obtains P1 ciphertext, described P1 ciphertext is carried out Coding, obtains described PIN code ciphertext.
8. client as claimed in claim 6, it is characterised in that described middleware is additionally operable to:
When judging that described PIN code ciphertext does not meets described PIN code input rule, by described data interaction Interface empties described PIN code input frame, and returns execution step: display PIN code input frame, defeated for user Enter PIN code.
Client the most as claimed in claims 6 or 7, it is characterised in that described PIN code input system It is additionally operable to:
Initialize described data interaction interface.
10. the client as described in claim 6 or 8, it is characterised in that described middleware is additionally operable to:
By described data interaction interface, empty all characters in described PIN code frame, discharge described PIN Code input system.
CN201310001333.1A 2013-01-04 2013-01-04 The safety protecting method of PIN code and client Expired - Fee Related CN103107883B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310001333.1A CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310001333.1A CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Publications (2)

Publication Number Publication Date
CN103107883A CN103107883A (en) 2013-05-15
CN103107883B true CN103107883B (en) 2016-09-28

Family

ID=48315469

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310001333.1A Expired - Fee Related CN103107883B (en) 2013-01-04 2013-01-04 The safety protecting method of PIN code and client

Country Status (1)

Country Link
CN (1) CN103107883B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539620B (en) * 2014-12-29 2017-09-22 飞天诚信科技股份有限公司 A kind of safe two-way SSL authentication methods and device
EP3291502B1 (en) * 2016-09-01 2021-07-28 Roche Diagnostics GmbH Method for authenticating an instrument for processing a biological sample or reagent, and system comprising an instrument for processing a biological sample or reagent
TWI649669B (en) * 2017-11-30 2019-02-01 大陸商北京集創北方科技股份有限公司 Method for safely transmitting PIN code of touch screen and information processing device using same
CN110392016B (en) * 2018-04-18 2022-05-31 阿里巴巴集团控股有限公司 Method, device and system for preventing traffic from being hijacked
CN111222128B (en) * 2019-12-31 2024-11-01 北京握奇数据股份有限公司 Method and module for safely inputting and checking USBKey PIN code
CN113596811B (en) * 2021-06-30 2022-06-21 荣耀终端有限公司 Data transmission method and terminal equipment
CN118378288B (en) * 2024-06-24 2024-09-06 山东省计算中心(国家超级计算济南中心) A dynamic detection method and system for encryption algorithm based on Pin tool

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6340116B1 (en) * 1999-09-16 2002-01-22 Kenneth B. Cecil Proximity card with incorporated pin code protection
CN101765080A (en) * 2008-12-25 2010-06-30 中国移动通信集团公司 Method, device and system for charging business account
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN102469080A (en) * 2010-11-11 2012-05-23 中国电信股份有限公司 Method for pass user to realize safety login application client and system thereof
CN102571810A (en) * 2012-02-09 2012-07-11 赵淦森 Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6340116B1 (en) * 1999-09-16 2002-01-22 Kenneth B. Cecil Proximity card with incorporated pin code protection
CN101765080A (en) * 2008-12-25 2010-06-30 中国移动通信集团公司 Method, device and system for charging business account
CN102469080A (en) * 2010-11-11 2012-05-23 中国电信股份有限公司 Method for pass user to realize safety login application client and system thereof
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN102571810A (en) * 2012-02-09 2012-07-11 赵淦森 Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof

Also Published As

Publication number Publication date
CN103107883A (en) 2013-05-15

Similar Documents

Publication Publication Date Title
CN103107883B (en) The safety protecting method of PIN code and client
CN110868287B (en) Authentication encryption ciphertext coding method, system, device and storage medium
CN103577221B (en) The update of the operating system of safety element
US8565436B2 (en) Secure self managed data (SSMD)
TWI489315B (en) System and method for temporary secure boot of an electronic device
US20020066039A1 (en) Anti-spoofing password protection
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN106372497B (en) Application programming interface API protection method and protection device
CN112564887A (en) Key protection processing method, device, equipment and storage medium
CN106533663B (en) Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN102970139A (en) Data security validation method and device
CN106452771A (en) Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation
US8769301B2 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
US9210134B2 (en) Cryptographic processing method and system using a sensitive data item
CN109784072B (en) Security file management method and system
CN110929266B (en) System based on security reinforcement framework, encryption and decryption method, Internet of vehicles terminal and vehicle
CN112559991A (en) System secure login method, device, equipment and storage medium
CN112199730A (en) Method and device for processing application data on terminal and electronic equipment
CN105592431A (en) Short message encryption method based on iOS system mobile terminal
CN111949999A (en) Apparatus and method for managing data
CN112995204B (en) Method, device, equipment and storage medium for safely reading Protonmail encrypted mail
CN103605927A (en) Encryption and decryption method based on embedded Linux system
CN115529591B (en) Authentication method, device, equipment and storage medium based on token
JP6574675B2 (en) Information distribution system, information distribution apparatus, information distribution method, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160928

OSZAR »