Encryption Machine Application in Trading System

With the digitization and networking of banking services, encryption machines as host security modules (HSM) have already been deeply applied to data security systems of banking services.

1. Introduction to cryptographic algorithms

Symmetric cryptosystems are also called single-key systems or covert key systems. Under this system, the encryption key and the decryption key are the same, or one can be derived from the other; possessing the encryption capability means having the decryption capability, and vice versa. Symmetric cryptosystems have high confidentiality but poor openness and require reliable key transmission channels. Commonly used algorithms include DES, IDEA, AES, SSF33 and other asymmetric cryptosystems, also known as public key systems. Under this system, the encryption and decryption keys are separated; the encryption key is open, the decryption key is not public, and it is computationally infeasible to derive another key from one key. Asymmetric cryptosystems are suitable for open environments, and key management is relatively simple. However, the work efficiency is generally lower than that of symmetric cryptosystems. Commonly used algorithms are RSA, ECC and so on.

Message digests are unidirectional hash functions that take variable-length information as input and compress it into a fixed-length value output. If the input information changes, the output fixed length value (summary) will change accordingly. The information summary can be used to generate "uniqueness marks" for programs or documents to discover illegal modifications to these data. Commonly used algorithms include MD5, SHA-1, and the like.

EMV2000 uses a symmetric and asymmetric hybrid encryption system. It uses asymmetric key algorithm in offline data authentication and symmetric key algorithm in online data authentication. EMV2000 approved algorithms: DES, RSA, SHA-1.

2. Application of Encryption Machine in Bank Card Business 2.1. Encryption Machine Supports Security Requirements in Conventional Bank Card Business

The operation of the PIN:

Generate PIN

Print PIN

Conversion PIN

Secure Key Verification PIN for Encrypted PIN and Convert PIN

Generate MAC

Verify MAC

Verify and convert MAC

MASTER card CVC (card valid code)

VISA card CVV (card check value)

PIN Offset Offset Handling Mechanism 2.2. Functional Requirements of Encryptor in EMV System

In the EMV system, the encryptor must also support the following functions.

Generate RSA key pair Use RSA public key encryption Use RSA private key to decrypt Use RSA key for digital signature Use RSA key for signature verification Use cipher text data for cipher text conversion between two public keys Generate with SHA-1 and MD5 Information Summary ARPC Verification ARQC Generation
2.3. The Role of Encryptors in Card Issuing Systems

The card issuing system includes a host (or server), a punch, an encrypter, and a password envelope printer. The following figure shows the relationship between these devices:

Generally, the EMV issuing process is divided into two phases: pre-issuance and punching. In the pre-issued card phase, the host generates private information (such as key generation, digital signature, initial password, etc.) of each IC card to be sent. These private information are all generated by the host invoking the encryption engine and performing encryption processing. The second phase of the privatization of the card issuance system includes the writing of private information into cards and other card making work. The password envelope is printed using a password envelope printer attached to the encryption machine to ensure the security of the user's password.

2.4. Application of Encryption Machine in Trading System

In online transactions, the encrypter guarantees the confidentiality of the transaction data (encryption of key information) and integrity (MAC calculation and verification) and completes the corresponding authentication function at the host side of the issuing bank.

Generally, terminal-initiated connection transactions need to go through the front-end machine and related transit agencies (acquiring bank and financial network institutions such as UnionPay) to reach the issuer's business system. In each transaction node, an encryption engine is needed to guarantee the integrity of transactions and confidentiality.

Ice Mug & Ice Bucket

Ice Bucket,Ice Buckets,Plastic Bucket

Qili Metal Products Factory , http://www.china-sportsbottle.com