WO2011069325A1 - Method for verifying validity of personal identification number in proxy authorization business - Google Patents

Method for verifying validity of personal identification number in proxy authorization business Download PDF

Info

Publication number
WO2011069325A1
WO2011069325A1 PCT/CN2010/001823 CN2010001823W WO2011069325A1 WO 2011069325 A1 WO2011069325 A1 WO 2011069325A1 CN 2010001823 W CN2010001823 W CN 2010001823W WO 2011069325 A1 WO2011069325 A1 WO 2011069325A1
Authority
WO
WIPO (PCT)
Prior art keywords
pin
pvn
key
card
authorized
Prior art date
Application number
PCT/CN2010/001823
Other languages
French (fr)
Chinese (zh)
Inventor
李伟
李凯
周文
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2011069325A1 publication Critical patent/WO2011069325A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1075PIN is checked remotely
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1091Use of an encrypted form of the PIN

Landscapes

  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

A method for verifying the validity of a personal identification number(PIN) in proxy authorization business is provided, which comprises: the issuing bank that opens the proxy authorization business encrypts the PIN of every card with a cryptogram using the PIN verification number(PVN) algorithm to acquire the PVN value of every card, and automatically transmits the information about PVN values of all the cards in the format of pairs consisting of card numbers and PVN values, in the form of a file, to the proxy authorization organization that receives and stores it; when the authorization is made by the proxy authorization on behalf of a member banking system that fails to deal with the bank card business, the proxy authorization system decrypts the received encrypted PIN with the key from an accepting bank, regenerates a PVN value with the key from the issuing bank, and compares it with the stored PIN value to verify the validity of the cryptogram. The method reduces the probability of authorization errors in the proxy authorization business and enhances the security of using cards.

Description

一种代授权业务中 PIN正确性验正的方法  Method for correcting PIN correctness in generation authorization business
技术领域 本发明涉及银行卡代授权业务, 尤其涉及银行卡代授权业务中密码 睑证的方法。 背景技术 当成员银行系统发生问题无法处理银行卡业务, 则需要由代授权组 织 (例如, 中国银联) 为其代授权时, 为提高代理授权的准确性, 需要 对卡片的真实性和用卡安全做一定程度的确认, 当前的普遍做法是, 根 据发卡方的要求, 对包括卡号长度、 卡号校验位、 CVN的信息进行校验。 卡号长度校验是检查, 收单银行上送的交易报文中的卡号长度, 是 否与发卡银行提供的一致。 卡号校验位校验是检查, 收单银行上送的交易报文中的卡号的最后 一位, 是否与标准卡号校验位算法算出来的一样。 TECHNICAL FIELD The present invention relates to a bank card authorization service, and more particularly to a method for password authentication in a bank card authorization service. BACKGROUND When a member bank system fails to process a bank card service, it needs to be authorized by an authorized organization (for example, China UnionPay). In order to improve the accuracy of the agent authorization, the card authenticity and card security are required. To confirm to a certain extent, the current common practice is to verify the information including the length of the card number, the check digit of the card number, and the CVN according to the requirements of the card issuer. The card number length check is to check whether the length of the card number in the transaction message sent by the acquiring bank is the same as that provided by the issuing bank. The card number check digit check is check, and the last digit of the card number in the transaction message sent by the acquiring bank is the same as that calculated by the standard card number check digit algorithm.
CVN校验是检查, 收单银行上送的交易报文中的磁道信息中的 CVN 值是否正确。 卡号长度校验和卡号校验位校验的主要作用是预防误用, CVN校验 则在一定程度上防止了伪卡和假卡的情况。 由于国内以密码信用卡为主 的支付环境, 持卡人普遍以密码方式确保自身账户的安全性, 但上述几 种方案均无法对卡片密码的正确性进行校验。 本发明提出了一种 PIN正确性验证的方法, 解决了银行卡代授权业 务中密码正确性校验的问题, 在传统校猃方法的基础上再使用本方法, 可减少代授权业务中错误授权的概率, 提高用卡安全。 The CVN check is to check whether the CVN value in the track information in the transaction message sent by the acquiring bank is correct. The main function of the card number length check and the card number check bit check is to prevent misuse, and the CVN check prevents the situation of the fake card and the fake card to a certain extent. Due to the domestic payment environment based on password credit cards, cardholders generally use passwords to ensure the security of their accounts. However, none of the above solutions can verify the correctness of card passwords. The invention provides a method for verifying the correctness of the PIN, and solves the problem of correcting the password in the bank card authorization service. The method is further used on the basis of the traditional calibration method, thereby reducing the wrong authorization in the authorized service. The probability of improving the security of the card.
确认本 发明内容 本发明的目的在于: 提供一种代授权业务中 PIN正确性验证的方法, 可减少代授权业务中错误授权的概率, 提高用卡安全。 本发明揭示了一种代授权业务中 PIN正确性验证的方法, 当银行卡 在交易过程中需要进行代授权时, 进行 PIN验证, 包括如下步骤: 步骤 1、 发卡银行采用 PVN算法, 使用密钥 KEYPVN对每张带密卡 片的 PIN进行加密, 得到每张卡的 PVN值; 步骤 2、发卡银行将所有卡片的 PVN 值信息通过文件形式传输给代 授权组织, 代授权组织收到后, 将 PVN 值存入数据库; 步骤 3、 发卡银行将持卡人密码修改情况告知代授权组织, 代授权 组织的系统收到后替换数据库中原有 PVN 值; 步骤 4、 当银行卡交易中需要进行代授权时, 代授权组织的代授权系 统收到加密的 PIN后, 通过卡号在数据库中查找, 如果没找到, 则说明 该卡是不需要进行 PVN校验的, 密码校验通过, 如果找到则进行下一步 骤; 步骤 5、 如果找到, 则代授权系统首先对加密的 PIN进行解密, 然 后采用 PVN算法, 使用密钥 KEYPVN, 计算 PVN值, 并与数据库中所存 的 PVN 值进行比对, 如果一致则说明 PIN正确, 密码验证通过, 否则说 明 PIN不正确, 结束交易。 进一步地, 在所述步骤 2中 PVN值信息是以卡号与 PVN 值成对的 格式通过文件形式传输给代授权组织, 在所述步骤 3 中持卡人密码修改 情况是以卡号与 PVN 值成对的格式通过文件形式传输给代授权組织。 进一步地, 所述步骤 4 中代授权組织的代授权系统收到的加密的 PIN, 是受理银行以密钥 KEYPIf^†持卡人输入的 PIN进行加密后上送代 授权组织的, 在步骤 5中, 代授权组织的代授权系统通过密钥 KEY1)If^† 加密的 PIN进行解密, 所述受理银行是持卡人进行交易的受理单位。 进一步地, 所迷步骤 3 中持卡人密码修改情况是以设定的频率自动 传输给代授权组织, 所述设定的频率为每天至少一次。 进一步地, 所迷步骤 1 中 PVN值的计算步骤如下: a、 设定 PIN验证密钥 PVK的左侧 64位为密钥 KeyA, 右侧 64位为 密钥 KeyB; Confirmation SUMMARY OF THE INVENTION The object of the present invention is to provide a method for verifying PIN correctness in an authorized service, which can reduce the probability of erroneous authorization in the authorized service and improve the security of the card. The invention discloses a method for verifying PIN correctness in the authorization service. When the bank card needs to be authorized in the transaction process, the PIN verification is performed, including the following steps: Step 1. The card issuing bank adopts the PVN algorithm and uses the key. KEY PVN encrypts each PIN with a secret card to obtain the PVN value of each card. Step 2: The issuing bank transmits the PVN value information of all cards to the authorized organization through the file form, and after receiving the authorization, the issuing organization will The PVN value is stored in the database; Step 3: The issuing bank informs the authorized organization of the cardholder's password modification, and replaces the original PVN value in the database after receiving the system of the authorized organization; Step 4: When the bank card transaction needs to be authorized When the authorized authorization system of the authorized organization receives the encrypted PIN, it searches through the database through the card number. If it is not found, it indicates that the card does not need to be verified by PVN. The password verification is passed. If found, the next step is performed. a step; step 5, if found, the authorization system first decrypts the encrypted PIN, and then uses the PVN algorithm to make Key KEY PVN, PVN calculated value, and for comparison with PVN values stored in the database, and if the same then the correct PIN, password authentication. Otherwise, explain PIN is incorrect, the end of the transaction. Further, in the step 2, the PVN value information is transmitted to the authorized organization in a file format in the form of a card number and a PVN value. In the step 3, the cardholder password modification is performed by using the card number and the PVN value. The format of the pair is transferred to the authorized organization by file. Further, the encrypted PIN received by the authorized authorization system of the authorized organization in step 4 is received by the bank and encrypted by the PIN input by the card KEY PIf . Authorized organization, in step 5, the authorization system of the authorized organization is decrypted by the key KEY 1) If ^ 加密 encrypted PIN, the acceptance bank is the accepting unit of the cardholder to conduct the transaction. Further, the cardholder password modification in step 3 is automatically transmitted to the authorized organization at a set frequency, and the set frequency is at least once a day. Further, the steps of calculating the PVN value in step 1 are as follows: a. Setting the left 64 bits of the PIN verification key PVK is the key KeyA, and the right 64 bits are the key KeyB;
b、 取卡号右端除校验位以外的 U位数字、 PIN验证密钥 PVK的索 引号、 PIN明文左端 4位数字, 依次构成一个 16位数字串, 每位数字用 压缩 BCD码表示, 形成 1个 64位长的二进制计算块 Block;  b. Take the U-digit number except the check digit at the right end of the card number, the index number of the PIN verification key PVK, and the 4-digit digit of the left end of the PIN plaintext, which in turn form a 16-digit string, each digit is represented by a compressed BCD code, forming 1 a 64-bit long binary computation block Block;
c、 用密钥 KeyA对 Block做 DES加密运算, 得到结果 Blockl ; d、 用密钥 KeyB对 Blockl做 DES解密运算, 得到结果 Block2; e、 用密钥 KeyA对 Block2做 DES加密运算, 得到结果 Block3; f、 对 Block3从左到右抽取出所有的数字 (0 ~ 9); c. Perform DES encryption operation on the Block with the key KeyA, and get the result Blockl; d. Perform DES decryption operation on the Block1 with the key KeyB, and obtain the result Block 2 ; e. Perform DES encryption operation on the Block2 with the key KeyA, and obtain the result. Block3; f, extract all the numbers (0 ~ 9) from left to right for Block3;
g、对 Block3从左到右抽取出所有的十六进制字符 (A ~ F), 并对每一 个十六进制字符减十进制 10, 使之变为数字; h、 将步骤 f和 g得出的数字依次从左至右排列, 步骤 g得出的数字 放在步骤 f得出的数字之后; i、 取步骤 h结果的前 4位数字, 即为 PVN值。 通过本发明的方法, 解决了代授权业务中密码正确性的校验问题' 使得密码卡的代授权更加准确和可靠。 附图说明 图 1为代授权业务基本流程图; 图 2为本发明 PVN信息传递流程图; 图 3为本发明 PVN信息校验流程图。 具体实施方式 基于上述情况, 我们提出一种代授权业务中 PIN正确性验证的方法, 减少了代授权业务中错误授权的概率, 提高了用卡安全, 本发明代授权 业务的验证方法,是开通代授权业务的发卡银行首先采用代授权组织(例 如, 中国银联) 制定的 PVN ( PIN verification number ) 算法, 对每张带 密码卡片的 PIN进行加密, 得到每张卡片的 PVN值 (PVN VALUE ) , 并以 (卡号, PVN值)成对的格式将所有卡片的 PVN值信息通过文件形 式自动传输给代授权组织, 代授权组织收到后进行存储; 当成员银行系 统发生问题无法处理银行卡业务, 而由代授权组织为其代授权时, 代授 权系统将收到的加密 PIN, 用收单银行的密钥解密, 按发卡银行的密钥重 新生成 PVN值, 并与存储的 PVN 值比对是否一致, 以验证卡片的合法 性。 图 1 揭示了代授权业务基本流程, 现在银行代授权业务基本流程如 下: g. Extract all hexadecimal characters (A ~ F) from left to right for Block3, and subtract 10 from each hexadecimal character to make it a number; h, get steps f and g The numbers are sequentially arranged from left to right, and the number obtained in step g is placed after the number obtained in step f; i. The first 4 digits of the result of step h are taken as the PVN value. Through the method of the invention, the verification problem of the correctness of the password in the authorization service is solved, which makes the generation authorization of the password card more accurate and reliable. DRAWINGS 1 is a basic flow chart of the authorization service; FIG. 2 is a flow chart of PVN information transmission according to the present invention; FIG. 3 is a flow chart of PVN information verification according to the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT Based on the above situation, we propose a method for verifying PIN correctness in the authorized service, which reduces the probability of erroneous authorization in the authorized service, and improves the security of the card. The verification method of the authorized service of the present invention is opened. The issuing bank of the authorized business first encrypts each PIN with a PIN card by using the PVN (PIN verification number) algorithm developed by an authorized organization (for example, China UnionPay) to obtain the PVN value (PVN VALUE ) of each card. And the PVN value information of all cards is automatically transmitted to the authorized organization through the file form in a paired format (card number, PVN value), and stored on behalf of the authorized organization for storage; when the member bank system has problems, the bank card business cannot be processed. When authorized by the authorized organization for its behalf, the authorization system will decrypt the received encrypted PIN with the key of the acquiring bank, regenerate the PVN value according to the card issuing bank's key, and compare it with the stored PVN value. Consistent to verify the legality of the card. Figure 1 reveals the basic process of the authorized business. The basic process of the bank's authorized business is as follows:
1、 希望开展代授权业务的成员银行与代授权組织签订代授权协议, 明确双方的权利和义务; 1. Member banks wishing to carry out the agency business on behalf of the company shall sign a delegation agreement with the authorized organization to clarify the rights and obligations of both parties;
2、 成员银行将代授权业务开展所需的参数信息 (含 PVN 信息) 通 过文件传输的方式传递至代授权组织; 2. The member banks will transmit the required parameter information (including PVN information) on behalf of the authorized business to the authorized organization through file transfer;
3、成员银行系统计划内升级或紧急故障停机时,可通知代授权组织, 对本行卡的交易进行代授权; 3. When the member bank system plans to upgrade or emergency downtime, it may notify the authorized organization to authorize the transaction of the bank card;
4、 代授权组织代授权系统按成员银行的要求, 对跨行交易进行代校 验 (含 PVN校验) 和额度控制检查, 对检查通过的交易直接授权并经转 接系统送回受理银行, 检查不通过的则交易失败; 4. On behalf of the authorized organization, the authorization system will perform the inter-bank transaction on behalf of the member bank. Inspection (including PVN verification) and quota control inspection, direct authorization of the transaction passed through the inspection and return to the acceptance bank via the transfer system, if the inspection fails, the transaction fails;
5、 成员银行系统升级完成或故障解除时, 可通知代授权组织解除代 授权。 开通代授权业务的发卡银行首先采用 PVN算法, 对每张带密码卡片 的 PIN进行加密, 得到每张卡片的 PVN值, 并以 (卡号, PVN值)成对 的格式,将所有卡片的 PVN值信息通过文件形式自动传输给代授权組织, 代授权组织收到后进行存储。 具体流程如图 2, 步骤如下: 5. When the member bank system is upgraded or the fault is resolved, the authorized organization can be notified to release the authorization. The issuing bank that initiates the authorization service first uses the PVN algorithm to encrypt each PIN with a PIN card to obtain the PVN value of each card, and the PVN value of all cards in the paired format (card number, PVN value). The information is automatically transferred to the authorized organization through the file form, and is stored on behalf of the authorized organization. The specific process is shown in Figure 2. The steps are as follows:
1、 发卡银行采用 PVN 算法, 使用密钥 KEYPVN对每张带密卡片的 PIN进行加密, 得到每张卡的 PVN值; 1. The issuing bank adopts the PVN algorithm, encrypts each PIN with a secret card using the key KEY PVN , and obtains the PVN value of each card;
2、 发卡银行以卡号, PVN值对的格式, 将所有卡片的 PVN 值信息 通过文件形式传输给代授权组织, 代授权组织收到后, 将 PVN 值存入数 据库; 2. The issuing bank transmits the PVN value information of all cards to the authorized organization in the form of card number and PVN value pair. After receiving the data, the PVN value is stored in the database.
3、 发卡银行以设定的频率 (例如每天一次, 或者每天两次、 三次或 者更多次, 具体时间间隔可以根据需要来设定), 自动通过文件形式(以 卡号, 修改后的 PVN 值成对的格式), 将持卡人密码修改情况告知代授 权组织, 代授权组织的系统收到后替换原有 PVN 值。 成员银行系统升级停机或突发异常不能处理跨行业务时, 代授权组 织启动代授权服务, 图 3给出了 PVN校验的处理流程, 步骤如下: 3. The issuing bank will set the frequency (for example, once a day, or twice, three times or more times a day, the specific time interval can be set as needed), automatically through the file form (with the card number, the modified PVN value The format of the pair) informs the authorized organization of the modification of the cardholder's password, and replaces the original PVN value on behalf of the authorized organization's system. When the member bank system is upgraded or the outbreak is abnormal and the inter-row service cannot be processed, the authorized organization starts the generation of the authorization service. Figure 3 shows the process of PVN verification. The steps are as follows:
1、受理银行采用 PIN加密算法, 以密钥 KEYPIN对持卡人输入的 PIN 进行加密上送代授权组织, 受理银行是指持卡人进行交易的受理单位; 1. The acceptance bank adopts the PIN encryption algorithm, encrypts the PIN input by the cardholder with the key KEY PIN , and sends it to the authorized organization. The acceptance bank refers to the accepting unit that the cardholder conducts the transaction;
2、代授权组织的代授权系统收到加密的 PIN后,通过卡号在 PVN 值 数据库中查找, 如果没找到, 则说明该卡是不需要进行 PVN校验的, 密 码校验通过; 3、 如果找到, 则代授权系统首先以密钥 KEYPIN进行解密, 然后采 用 PVN算法,使用密钥 KEYPVN,计算 PVN值,并与 据库中所存的 PVN 值进行比对, 如杲一致则说明 PIN正确, 否则说明 PIN不正确。 其中步骤 2中, 当没找到卡号对应的 PVN值, 则说明该卡是不需要 进行 PVN校验的, 密码校验通过, 直接进行代授权; 在步骤 3中, 如果 计算的 PVN值与数据库中所存的 PVN值一致, 则验证通过, 进行代授 权, 否则拒绝代授权, 结束交易。 其中 PVN算法基本原理, PVN 值的计算步骤如下: 2. After the authorized authorization system of the authorized organization receives the encrypted PIN, it searches through the PVN value database through the card number. If it is not found, it indicates that the card does not need to be verified by PVN, and the password verification is passed; 3. If found, the authorization system first decrypts with the key KEYPIN, then uses the PVN algorithm to calculate the PVN value using the key KEY PVN , and compares it with the PVN value stored in the database. The PIN is correct, otherwise the PIN is incorrect. In step 2, when the PVN value corresponding to the card number is not found, it indicates that the card does not need to perform PVN verification, and the password verification is passed, and the generation authorization is directly performed; in step 3, if the calculated PVN value is in the database If the stored PVN values are the same, the verification is passed, and the authorization is performed. Otherwise, the authorization is rejected and the transaction is terminated. The basic principle of the PVN algorithm, the calculation steps of the PVN value are as follows:
1、 设 PIN验证密钥 PVK ( PIN verification key ) 的左侧 64位为密钥 eyA, 右侧 64位为密钥 KeyB; 1. Set the PIN verification key PVK ( PIN verification key ) to the left 64 bits for the key eyA and the right 64 bits for the key KeyB;
2、取卡号右端除校验位以外的 11位数字、 密钥 PVK的索引号、 PIN 明文左端 4位数字, 依次构成一个 16位数字串, 每位数字用压缩 BCD 码表示, 形成 1个 64位长的二进制计算块 Block; 2. Take the 11 digits except the check digit at the right end of the card number, the index number of the key PVK, and the 4 digits at the left end of the PIN plain text, which in turn form a 16-digit string. Each digit is represented by a compressed BCD code, forming a 64. Bit length binary calculation block Block;
3、 用 KeyA对 Block做 DES加密运算, 得到结果 Blockl ; 3. Use KeyA to perform DES encryption on Block and get the result Blockl;
4、 用 KeyB对 Blockl做 DES解密运算, 得到结果 Block2; 4, use KeyB to perform DES decryption operation on Blockl, and get the result Block2;
5、 用 KeyA对 Block2做 DES加密运算, 得到结杲 Block3; 5, using KeyA to do DES encryption operation on Block2, and get the block 3;
6、 对 Block3从左到右抽取出所有的数字 (0 ~ 9); 6. Extract all numbers (0 ~ 9) from Block left to right.
7、 对 Block3从左到右抽取出所有的十六进制字符 (A ~ F),并对每一 个十六进制字符减十进制 10, 使之变为数字; 7. Extract all hexadecimal characters (A ~ F) from left to right for Block3, and subtract 10 from each hexadecimal character to make it a number;
8、将步骤 6和 7得出的数字依次从左至右排列,步骤 7得出的数字放 在步骤 6得出的数字之后; 8. The numbers from steps 6 and 7 are arranged in order from left to right, and the numbers from step 7 are placed after the number from step 6.
9、 取步骤 8结果的前 4位数字, 即为 PVN值。 通过上述方法, 解决了代授权业务中密码正确性的校验问题, 使得 密码卡的代授权更加准确和可靠,安全级别与当前跨行业务中采用的 PIN 转换方法相当,但不可逆向解密,即通过 PVN值无法解密出 PIN的明码, 即从事代授权业务的代授权组织不能得到银行卡 PIN的明码。 上述 PVN 算法仅为能够实现本发明目的的算法之一, 本领域普通技术人员通过对 算法做些简单的数学变化或采用其它类似算法, 也能达到等同的目的, 均在本发明的保护范围之内。 9. Take the first 4 digits of the result of step 8, which is the PVN value. Through the above method, the verification problem of the correctness of the password in the authorized service is solved, so that the generation authorization of the password card is more accurate and reliable, and the security level is equivalent to the PIN conversion method adopted in the current inter-bank service, but irreversible decryption, that is, The PVN value cannot decrypt the clear code of the PIN, that is, the authorized organization that engages in the authorized service cannot obtain the clear code of the bank card PIN. The foregoing PVN algorithm is only one of the algorithms capable of achieving the object of the present invention. Those skilled in the art can achieve equivalent purposes by making simple mathematical changes to the algorithm or using other similar algorithms, which are all within the scope of the present invention. Inside.
PVN校验是代授权业务中需要进行的其中一种校验, 用于验证密码 正确性方面的, 其他校验无法验证密码正确性。 但是并不是说只单单进 行这一种校验, 在代授权业务中其他如前面提及的卡号校验位校验、 卡 号长度校验、 CVN校验等也需要进行, 代授权组织系统会在多种校验均 通过的情况下, 对交易进行代授权。 同时本发明采用自动文件传输的方式, 较快速的解决了持卡人更改 PIN后带来的校验失败问题,持卡人密码修改情况以设定的频率自动传输 给代授权组织, 这里设定的频率如果间隔时间太长, 容易造成持卡人更 改了密码, 但是代授权組织的数据库中 PVN值未更新, 造成 PIN验证失 败; 如果间隔时间太短, 造成频繁的传输文件, 因此需要根据实际使用 情况做出适当的调整, 一般建议每天更新一次。 The PVN check is one of the checks that need to be performed in the authorized service. It is used to verify the correctness of the password. Other verifications cannot verify the correctness of the password. However, it does not mean that only this type of verification is performed. In the authorization service, other card number check digit verification, card number length verification, CVN verification, etc., which are mentioned above, are also required, and the authorized organization system will When multiple verifications are passed, the transaction is authorized on behalf of the transaction. At the same time, the invention adopts the automatic file transmission method, and solves the verification failure problem caused by the cardholder changing the PIN relatively quickly, and the cardholder password modification situation is automatically transmitted to the authorized organization at the set frequency, and the setting is set here. If the interval is too long, it is easy for the cardholder to change the password, but the PVN value in the database of the authorized organization is not updated, causing the PIN verification to fail; if the interval is too short, causing frequent file transfer, it needs to be based on the actual Appropriate adjustments are made to the usage, and it is generally recommended to update it once a day.

Claims

权利要求 Rights request
1.一种代授权业务中 PIN正确性验证的方法, 当银行卡在交易过程 中需要进行代授权时, 进行 PIN验证, 其特征在于, 包括如下步骤: 步骤 1、 发卡银行采用 PVN算法, 使用密钥 KEYPVN对每张带密卡 片的 PIN进行加密, 得到每张卡的 PVN值; 步骤 2、发卡银行将所有卡片的 PVN 值信息通过文件形式传输给代 授权组织, 代授权組织收到后, 将 PVN 值存入数据库; 步骤 3、 发卡银行将持卡人密码修改情况告知代授权组织, 代授权 组织的系统收到后替换数据库中原有 PVN 值; 步骤 4、 当银行卡交易中需要进行代授权时, 代授权组织的代授权系 统收到加密的 PIN后, 通过卡号在数据库中查找, 如果没找到, 则说明 该卡是不需要进行 PVN校验的, 密码校验通过, 如果找到则进行下一步 骤; 步骤 5、 如果找到, 则代授权系统首先对加密的 PIN进行解密, 然 后采用 PVN算法, 使用密钥 KEYPVN, 计算 PVN值, 并与数据库中所存 的 PVN 值进行比对, 如果一致则说明 PIN正确, 密码验证通过, 否则说 明 PIN不正确, 结束交易。 A method for verifying the correctness of a PIN in an authorized service. When a bank card needs to be authorized in the transaction process, the PIN verification is performed, and the method includes the following steps: Step 1. The card issuing bank adopts a PVN algorithm, and uses The key KEY PVN encrypts each PIN with a secret card to obtain the PVN value of each card. Step 2. The issuing bank transmits the PVN value information of all the cards to the authorized organization through the file form, and the authorized organization receives the data. , the PVN value is stored in the database; Step 3, the issuing bank informs the authorized organization of the cardholder password modification, and replaces the original PVN value in the database after receiving the system of the authorized organization; Step 4: When the bank card transaction needs to be carried out On behalf of the authorization, the authorized authorization system of the authorized organization receives the encrypted PIN and searches through the database through the card number. If it is not found, it indicates that the card does not need to be verified by PVN. The password verification is passed. Go to the next step; Step 5, if found, then the authorization system first decrypts the encrypted PIN, and then uses the PVN algorithm. With key KEYPVN, PVN calculated value, and for comparison with PVN values stored in the database, and if the same then the correct PIN, password authentication. Otherwise, explain PIN is incorrect, the end of the transaction.
2.根据权利要求 1所述的一种代授权业务中 PIN正确性验证的方法, 其特征在于: 在所述步骤 2中 PVN值信息是以卡号与 PVN 值成对的格 式通过文件形式传输给代授权組织。 The method for verifying PIN correctness in a generation authorization service according to claim 1, wherein: in the step 2, the PVN value information is transmitted in a file format in a format paired with a card number and a PVN value. Authorized organization.
3.根据权利要求 1所述的一种代授权业务中 PIN正确性验证的方法, 其特征在于:在所述步骤 3中持卡人密码修改情况是以卡号与 PVN 值成 对的格式通过文件形式传输给代授权組织。 The method for verifying PIN correctness in a generation authorization service according to claim 1, wherein in the step 3, the cardholder password modification is in a format in which the card number and the PVN value are paired. The form is transmitted to the authorized organization.
4.根据权利要求 1所述的一种代授权业务中 PIN正确性验证的方法, 其特 ^正在于: 所述步骤 4中代授权组织的代授权系统收到的加密的 PIN, 是受理银行以密钥 1 ^丫^对持卡人输入的 PIN进行加密后上送代授权组 织的; 在步骤 5中, 代授权组织的代授权系统通过密钥 KEYPIN对加密的 P1N进行解密。 The method for verifying PIN correctness in a generation authorization service according to claim 1, wherein: the encrypted PIN received by the authorization system of the authorized organization in step 4 is accepted by the bank. The PIN input by the cardholder is encrypted by the key 1^丫^ and sent to the authorized organization; in step 5, the authorized authorization system of the authorized organization decrypts the encrypted P1N by the key KEY PIN .
5.根据权利要求 4所述的一种代授权业务中 PIN正确性验证的方法, 其特征在于: 所述受理银行是持卡人进行交易的受理单位。 The method for verifying PIN correctness in a generation authorization service according to claim 4, wherein: the acceptance bank is an acceptance unit for the cardholder to perform the transaction.
6.根据权利要求 3所述的一种代授权业务中 PIN正确性验证的方法, 其特征在于: 所述持卡人密码修改情况是以设定的频率自动传输给代授 权组织, 所述设定的频率为每天至少一次。 The method for verifying PIN correctness in a generation authorization service according to claim 3, wherein: the cardholder password modification condition is automatically transmitted to the authorized organization according to the set frequency, and the setting is The frequency is fixed at least once a day.
7.根据权利要求 1所述的一种代授权业务中 PIN正确性验证的方法, 其特征在于: 所述步骤 1 中 PVN值的计算步骤如下: a、 设定 PIN验证密钥 PVK的左侧 64位为密钥 KeyA, 右側 64位为 密钥 KeyB; b、 取卡号右端除校验位以外的 1 1位数字、 PIN验证密钥 PVK的索 引号、 PIN明文左端 4位数字, 依次构成一个 16位数字串, 每位数字用 压缩 BCD码表示, 形成 1个 64位长的二进制计算块 Block; c、 用密钥 KeyA对 Block做 DES加密运算, 得到结果 Bl.ockl ; d、 用密钥 KeyB对 Blockl做 DES解密运算, 得到结果 Block2; e、 用密钥 KeyA对 Block2做 DES加密运算, 得到结果 Block3; f、 对 Block3从左到右抽取出所有的数字(0 ~ 9); g、对 Block3从左到右抽取出所有的十六进制字符 (A ~ F), 并对每一 个十六进制字符减十进制 10, 使之变为数字; h、 将步骤 f和 g得出的数字依次从左至右排列, 步骤 g得出的数字 放在步骤 f得出的数字之后; The method for verifying PIN correctness in a generation authorization service according to claim 1, wherein: the step of calculating the PVN value in the step 1 is as follows: a. setting the left side of the PIN verification key PVK 64-bit is the key KeyA, and the right 64-bit is the key KeyB; b. The 1st digit of the right end of the card number except the check digit, the index number of the PIN verification key PVK, and the 4 digits of the left end of the PIN plaintext, which in turn constitute one 16-digit string, each digit is represented by a compressed BCD code, forming a 64-bit binary computing block Block; c, using the key KeyA to perform DES encryption on the Block, and obtaining the result Bl.ockl; d, using the key KeyB performs DES decryption operation on Block1, and obtains result Block2; e, DES encryption operation on Block2 with key KeyA, and the result Block3; f, extracts all numbers (0 ~ 9) from left to right for Block3; g, Extract all hexadecimal characters (A ~ F) from left to right for Block3, and subtract 10 from each hexadecimal character to make it a number; h, the numbers obtained in steps f and g are sequentially arranged from left to right, and the numbers obtained in step g are placed after the numbers obtained in step f;
i、 取步骤 h结果的前 4位数字, 即为 PVN值。  i. Take the first 4 digits of the result of step h, which is the PVN value.
PCT/CN2010/001823 2009-12-09 2010-11-15 Method for verifying validity of personal identification number in proxy authorization business WO2011069325A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2009102001741A CN102096968A (en) 2009-12-09 2009-12-09 Method for verifying accuracy of PIN (Personal Identification Number) in agent authorization service
CN200910200174.1 2009-12-09

Publications (1)

Publication Number Publication Date
WO2011069325A1 true WO2011069325A1 (en) 2011-06-16

Family

ID=44130043

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/001823 WO2011069325A1 (en) 2009-12-09 2010-11-15 Method for verifying validity of personal identification number in proxy authorization business

Country Status (2)

Country Link
CN (1) CN102096968A (en)
WO (1) WO2011069325A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177388B (en) * 2011-12-22 2016-12-07 中国银联股份有限公司 For authoring system and for authorization method
CN103903178B (en) * 2012-12-27 2018-03-27 中国银联股份有限公司 It is a kind of to be used for centralized control apparatus and the method that generation authorizes start and stop to trigger
CN103679965B (en) * 2013-12-28 2016-06-22 汪风珍 Bank card system with warning function and implementation thereof
CN104881595B (en) * 2015-04-27 2017-08-04 广东省电子商务认证有限公司 The self-help remote unlocking method managed based on PIN code
CN113536287A (en) * 2021-06-21 2021-10-22 苏州工业园区服务外包职业学院 Information checking method, system, computer equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1260894A (en) * 1997-06-27 2000-07-19 国民西敏寺银行 Payment process and system
WO2002063580A2 (en) * 2001-02-02 2002-08-15 Hodgson Robert B Apparatus for and method of secure atm debit card and credit card payment transactions via the internet
US20080077798A1 (en) * 2006-09-26 2008-03-27 Nachtigall Ernest H System and method for secure verification of electronic transactions

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BR0308965A (en) * 2002-04-03 2005-02-01 Swivel Secure Ltd System and method for secure credit and / or debit card transaction
EP1752937A1 (en) * 2005-07-29 2007-02-14 Research In Motion Limited System and method for encrypted smart card PIN entry

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1260894A (en) * 1997-06-27 2000-07-19 国民西敏寺银行 Payment process and system
WO2002063580A2 (en) * 2001-02-02 2002-08-15 Hodgson Robert B Apparatus for and method of secure atm debit card and credit card payment transactions via the internet
US20080077798A1 (en) * 2006-09-26 2008-03-27 Nachtigall Ernest H System and method for secure verification of electronic transactions

Also Published As

Publication number Publication date
CN102096968A (en) 2011-06-15

Similar Documents

Publication Publication Date Title
US7366903B1 (en) Card activated cash dispensing automated banking machine system and method
US8517262B2 (en) Automated banking machine that operates responsive to data bearing records
US7904713B1 (en) Card activated cash dispensing automated banking machine system and method
US6705517B1 (en) Automated banking machine system and method
CN105701661B (en) Method, apparatus and system for secure configuration, transmission and verification of payment data
US8090663B1 (en) Automated banking machine system and method
US11182783B2 (en) Electronic payment method and electronic device using ID-based public key cryptography
US9083533B2 (en) System and methods for online authentication
WO2021008453A1 (en) Method and system for offline blockchain transaction based on identifier authentication
US20180276664A1 (en) Key download method and apparatus for pos terminal
WO2007121631A1 (en) System and method of electronic bank safety certification based on cpk
WO2018096559A1 (en) System and method for translation and authentication of secure pin and sensitive data
KR20170005400A (en) System and method for encryption
TWI578253B (en) System and method for applying financial certificate using a mobile telecommunication device
WO2011069325A1 (en) Method for verifying validity of personal identification number in proxy authorization business
US9224144B2 (en) Securing communications with a pin pad
CN112419021B (en) Electronic invoice verification method, system, storage medium, computer equipment and terminal
CN101097626A (en) System and method for monitoring remittance draft with electronic label
US7434726B2 (en) Method and system for postdating of financial transactions
AU2009202963B2 (en) Token for use in online electronic transactions
EP3675013A1 (en) Method and device for secure push payments
CN201017377Y (en) System for monitoring remittance draft with electronic label
AU2018282255A1 (en) System and method for secure transmission of data and data authentication
RU2713873C1 (en) System for remote loading of a set of keys into a smart terminal
JP4334021B2 (en) Method for proving accumulation in a reader

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10835362

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10835362

Country of ref document: EP

Kind code of ref document: A1