Financial/Social Insurance System

Financial PIN Keypad Solution

Banking industry is developing towards network, more and more banks join in the network to exchange funds information, thus improve and ensure the security of information transmit, to prevent illegal information stealing and data tampering, become the main target in Bank construction. Based on DES encryption technology, a set of bank encryption platform is designed using encrypted software algorithm and encryption hardware, and a secret key management strategy is proposed for this application scheme.

1. DES Encryption Algorithm

DES is a single secret key algorithm, is a kind of typical key according to the grouping work, its basic idea is the plaintext of binary sequence can be divided into 64 bit in each group, with 64 bit key to 16 rounds of substitution and transposition encryption, and finally form a cipher text. The cleverness of DES is that the encryption and decryption steps of DES are the same besides the key input sequence, which makes it easy to realize labeling and universal when making DES chips.

2. Banking Applications

In the bank savings system, the PIN is widely used for the depositors to ensure the funds in account safety. As the banking system on the improvement of security requirements, the original plaintext password safety has some risks, small keyboard for customer personal password if transmitted from a terminal to the front desk host in the form of plaintext is easy to monitor and leakage in the process of communication. In order to prevent the customer's password from being stolen in the communication process, the simplest way is to replace the plaintext password keyboard with the DES encryption keyboard widely used in POS, ATM and other devices. Encryption basic working process is very simple, keyboard customers after the password keyboard input your password, don't immediately sent to the front desk host, but as the input data, the reserved keyboard work secret key as the encryption keys, according to certain cipher algorithm to generate the customer password, and then upload the host at the front desk. From the encrypted keyboard working process, the encryption algorithm, reserved work key is the key element of the encrypted keyboard. For Banks, the international standard of encryption algorithm is ANSI X3.92DES and ANSI X9.8PIN BLOCK bank card password standard. In recent years, newly produced encryption equipment also supports the ANSI X9.9 and ANSI X9.19 labeling of triple DES.

3. Secret key and management

Password technology is used to protect the security of modern information system mainly depends on the protection of key, rather than the protection of the algorithm itself, namely the security of cryptographic algorithms completely depends on the key, the key of the conservation and management is very important in the data system. Work key is download prior to the password keyboard as key encryption algorithm, because of its key role in the DES encryption algorithm, must ensure that the key in the keyboard can't be read outside, download key must be the cipher text transmission in the process, to ensure safe work key generally DES keyboard Settings) key management system, is divided into the original key, the management and working keys. Original work key is encrypted key and the keyboard factory prior written original keys, transportation to the bank after bank according to the original download their own management keys, replace the original as the root keys, according to the requirements of the application, then download the group key. Secret key is original password keyboard manufacturers and Banks agreed in advance and products before they go out onto keyboard root password management key. once downloaded to the password keyboard, the original keys will be replaced by the management of the key, the original key can restore through instruction. After the instruction to restore the original key is used, the administrative key and the working key are destroyed. PIN keyboard restored to factory status. The administrative key is the real root key of the PIN keyboard. The original key of the PIN keyboard is downloaded to the password keyboard by the bank according to the original key encryption and replaced with the original key of the password keyboard as the root key. The administrative key is downloaded for the first time through the original key encryption, and the administrative key must be downloaded through the previous administrative key encryption for subsequent modification. The work key is the key that is really used for DES encryption operations, and the work key is managed by the administrative key to which it belongs. Each management key to manage multiple sets of different work key, work key is key to download through subordinate management, Depending on the application, you can define a working key for keypad encryption input and a MAC secret key for MAC validation operations.

4. Encryption Platform Solution

(1). Management Secret Key Initialization

The encryption keyboard initialization process is to register the password device in the system. First need to create a key database on a host in the bank, when a new encryption keyboard need to install, to encrypt the keyboard device to bank number, then according to the keyboard factory original key encryption management key to download the keyboard, the colleague to update the bank host key library, record the password keyboard device number and the management of the keyboard keys, complete encryption keyboard initialization. The initialization of DES encryption keyboard needs to be carried out in the security environment. The password keyboard initializer will inject the management key into the password keyboard through the serial port, and then it can be used normally.   

(2).Encryption and decryption workflow

After installation in the site, and each counter log on, at the same time need to encrypt the keyboard to check-in, encryption keyboard check-in process is based on encryption keyboard device number, host key library from the bank to retrieve the password keyboard keys and generate new jobs key management (PIN Key) and MAC key, and then download encryption to password keyboard. After successful download, update the work key and MAC key in the host key database, associate it with the counter number, and complete the password keyboard check-in