CN104881782B - A kind of method based on Secure Transaction, system - Google Patents

A kind of method based on Secure Transaction, system Download PDF

Info

Publication number
CN104881782B
CN104881782B CN201510236533.4A CN201510236533A CN104881782B CN 104881782 B CN104881782 B CN 104881782B CN 201510236533 A CN201510236533 A CN 201510236533A CN 104881782 B CN104881782 B CN 104881782B
Authority
CN
China
Prior art keywords
transaction
accepting terminal
message
client
control instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510236533.4A
Other languages
Chinese (zh)
Other versions
CN104881782A (en
Inventor
翁秀诚
方湖东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201510236533.4A priority Critical patent/CN104881782B/en
Publication of CN104881782A publication Critical patent/CN104881782A/en
Application granted granted Critical
Publication of CN104881782B publication Critical patent/CN104881782B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of method based on Secure Transaction, system, and method includes that client sends trading processing control instruction to accepting terminal;Accepting terminal obtains user's card information according to trading processing control instruction, encrypts user's card information;Accepting terminal sends the successful respond without encrypted user's card information or unsuccessfully replys to client;After client receives successful respond, sends message and assemble control instruction to the accepting terminal;Accepting terminal assembles control instruction assembling financial transaction element and encrypted user's card information according to the message, obtains transaction message;Accepting terminal sends the transaction message to client;Client sends the transaction message to transaction processing system.The control right transfer of logical transaction to client is completed the assembling and encryption of transaction message by accepting terminal by the present invention;It realizes under the premise of guaranteeing transaction security, reduces accepting terminal work load and cost, while improving the scalability of transaction system.

Description

A kind of method based on Secure Transaction, system
Technical field
It trades field the present invention relates to smart machine, particularly relates to a kind of method based on Secure Transaction, system.
Background technique
With science and technology continue to develop, popularized based on transaction payment mode, specifically can by by SmartClient (such as Smart phone, tablet computer, PAD etc.) wireless communication capability, (such as mPOS is mobile for external accepting terminal on a client device Payment terminal), the acquisition for bank card information and personal account password;It is fitted in client and accepting terminal again It pays application software and provides payment and settlement and business information management service to businessman.
Technical solution there are two types of providing in existing client-based transaction payment method: the first is examined for safety Consider, transaction data assembles generation all in accepting terminal, and particular transactions process is as shown in Figure 1;Second is for transaction payment The scalability of system, all assembling generates transaction data in the client, and particular transactions process is as shown in Figure 2.
As it can be seen that the logical transaction of the first above-mentioned prior art is controlled by accepting terminal, just there is business in this way It is big to upgrade difficulty, heavy workload, and the problem of the poor expandabilities such as at high cost;And although second of prior art is by upper Position machine client defines logical transaction, but client is to be located at open environment, just there is transaction data and the friendship of financial transaction Easy message is easy to be stolen and distort, for the security risks such as Replay Attack, the problem of safety difference.Therefore, it is necessary to provide A kind of method based on Secure Transaction, system, to solve the above problems.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of method based on Secure Transaction, system, realization is guaranteeing Under the premise of transaction security, accepting terminal work load and cost are reduced, while improving the scalability of transaction system.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention are as follows:
A method of based on Secure Transaction, comprising:
Client sends trading processing control instruction to accepting terminal, and the trading processing control instruction includes financial transaction Element;
Accepting terminal receives trading processing control instruction, and obtains subscriber card letter according to the trading processing control instruction Breath, encrypts user's card information;
Accepting terminal sends the successful respond without encrypted user's card information or unsuccessfully replys to client;
After client receives successful respond, sends message and assemble control instruction to the accepting terminal;
Accepting terminal receives the message and assembles control instruction, and hands over according to message assembling control instruction assembling finance Easy element and encrypted user's card information, obtain transaction message;
Accepting terminal sends the transaction message to client;
Client sends the transaction message to transaction processing system.
Second technical solution provided by the invention are as follows:
A kind of system based on trading processing, including accepting terminal, client and transaction processing system;
Accepting terminal includes the first receiving module, encrypting module, the first sending module and assembling module;
Client includes the second sending module and the second receiving module;
First receiving module receives trading processing control instruction for accepting terminal, and receives message assembling control System instruction;
The encrypting module obtains user's card information, encryption according to the trading processing control instruction for accepting terminal User's card information;
First sending module sends the successful respond for being free of encrypted user's card information for accepting terminal Or it unsuccessfully replys to client, and send transaction message to transaction processing system;
The assembling module according to message assembling control instruction assembling financial transaction element and adds for accepting terminal User's card information after close, obtains transaction message;
Second sending module sends trading processing control instruction to accepting terminal, at the transaction for client Managing control instruction includes financial transaction element, sends message and assembles control instruction to the accepting terminal, and transmission transaction report Text is to transaction processing system;
Second receiving module receives successful respond for client and receives transaction message.
The above-mentioned method and system based on trading processing, the beneficial effect is that: control instruction is sent by client, Accepting terminal receives and carries out the processing that respective treated mode carries out transaction data according to the control instruction, by logical transaction Control right transfer to client;Realize the work load of accepting terminal and the reduction of cost;Meanwhile there is upgrading service demand When, the upgrading of transaction system can be directly realized by the upgrading of client, promote the scalability of transaction system;Into one Step, it is assembled by accepting terminal and encryption is related to the transaction message of data of financial transaction, ensure that transaction message is being transmitted across Safety in journey;Finally, in process of exchange, due to that can not complete to hand in the case where client sends corresponding control instruction The packing of easy message, therefore avoid a possibility that Replay Attack is used for after transaction data is stolen.Final realize is guaranteeing to pacify Under the premise of full transaction, accepting terminal work load and cost are reduced, while improving the scalability of transaction system.
Third technical solution provided by the invention are as follows:
A kind of client, including control module, sending module and receiving module;
The control module, for generating trading processing control instruction and generating message assembling control instruction;
The sending module sends message and assembles control instruction, and send and hand over for sending trading processing control instruction Easy message;The trading processing control instruction includes financial transaction element;
The receiving module for receiving successful respond or unsuccessfully reply, and receives transaction message.
Above-mentioned client, the beneficial effect is that: transaction flow is controlled by generating and sending corresponding control instruction The logic of journey realizes the logical transaction power controlled in process of exchange, promotes the scalability of transaction system.
Detailed description of the invention
Fig. 1 is a kind of transaction flow timing diagram of transaction payment of the prior art;
Fig. 2 is a kind of transaction flow timing diagram of transaction payment of the prior art;
Fig. 3 is a kind of the basic flow diagram of the method based on Secure Transaction of a specific embodiment of the invention;
Fig. 4 is a kind of transaction flow timing diagram of the method based on Secure Transaction of a specific embodiment of the invention;
Fig. 5 is a kind of structural block diagram of the system based on Secure Transaction of a specific embodiment of the invention;
Fig. 6 is a kind of structural block diagram of client of a specific embodiment of the invention.
Label declaration:
1, accepting terminal;2, client;3, transaction processing system;
11, the first receiving module;12, encrypting module;13, the first sending module;14, module is assembled;
22, the second sending module;23, the second receiving module;
24, sending module;25, receiving module;26, control module.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached Figure is explained.
The most critical design of the present invention is: according to the had processing capacity difference in different ends and data of financial transaction It sets out with difference of the non financial transaction data to security requirement, by the control right transfer of logical transaction to client, by accepting The assembling and encryption of terminal completion transaction message.
Explanation of technical terms of the present invention:
Referring to figure 3. to Fig. 6,
As shown in figure 3, the present invention provides a kind of method based on Secure Transaction, comprising:
Client 2 sends trading processing control instruction to accepting terminal 1, and the trading processing control instruction includes that finance is handed over Easy element;
Accepting terminal 1 receives trading processing control instruction, and obtains subscriber card letter according to the trading processing control instruction Breath, encrypts user's card information;
Accepting terminal 1 sends the successful respond without encrypted user's card information or unsuccessfully replys to client 2;
After client 2 receives successful respond, sends message and assemble control instruction to the accepting terminal 1;
Accepting terminal 1 receives the message assembling control instruction, and according to message assembling control instruction assembling finance Element of transaction and encrypted user's card information, obtain transaction message;
Accepting terminal 1 sends the transaction message to client 2;
Client 2 sends the transaction message to transaction processing system 3.
As can be seen from the above description, the method for the present invention based on Secure Transaction, compared to the first prior art side Case has the advantage that 1, data of financial transaction is same all in the assembling encryption of accepting terminal 1, open environment can not steal or It distorts, there is same safety;2,1 application program of accepting terminal is unrelated with specific business, does not need with business function It changes and upgrades, 2 application program of updating client is only needed in upgrading service;Compared to second prior art, is being handed over Easily during, be related to that there is the packaging ciphering of the data of financial transaction of security requirement to be completed by accepting terminal 1, can not obtain or Transaction data is distorted, ensure that the safety of transaction data;Compare with all prior arts, by the control right transfer of logical transaction To client 2, the work load of accepting terminal 1 is reduced, reduces the cost of accepting terminal 1;Client 2 can be made full use of again simultaneously Stronger processing capacity.
As it can be seen that the method for the present invention based on Secure Transaction, solve the prior art cannot be considered in terms of scalability and While safety issue, the otherness of 2 processing capacity of accepting terminal 1 and client from transaction system, and combine The advantages of prior art, final realization under the premise of transaction data safety, realize transaction system in guaranteeing process of exchange The raising of the scalability of optimization and transaction system in terms of trading processing distribution.
Further, further comprise after described " after client 2 receives successful respond ":
Client 2, which is sent, obtains subscriber card PIN code control instruction to the accepting terminal 1;
Accepting terminal 1 successfully obtains subscriber card PIN code according to the acquisition subscriber card PIN code control instruction;Described in encryption Subscriber card PIN code;
Accepting terminal 1 sends the successful respond without the encrypted subscriber card PIN code or unsuccessfully replys to client 2;
Client 2 receives successful respond;
Subscriber card PIN code is assembled into transaction message by accepting terminal 1 according to message assembling control instruction.
Seen from the above description, for different application APP is accepted in fit end 2 transaction payment project Difference realizes more flexible configuration.Such as: the application APP of client 2 does not need the transaction of PIN code, such as credit accepting When card activity participates in the business such as Membership Queries, the PIN code of subscriber card is provided without user.
In the case where above-mentioned user is not necessarily to provide subscriber card PIN code, in the data of financial transaction that accepting terminal 1 obtains just PIN code information not comprising subscriber card, encrypts without the PIN code to subscriber card.And work as the friendship of transaction system institute stress When the easy item of payment needs user to provide the PIN code of subscriber card, just need to obtain subscriber card PIN code, assembling subscriber card PIN code extremely The process of transaction message has prevented transaction data and has been stolen in data transmission procedure to ensure the safety of data of financial transaction A possibility that taking and distorting.
Further, described " to assemble control instruction assembling financial transaction element, encrypted subscriber card according to the message Information and subscriber card PIN code, obtain transaction message " specifically:
Accepting terminal 1 assembles control instruction assembling financial transaction element, encrypted user's card information according to the message With subscriber card PIN code, transaction data is generated;
Accepting terminal 1 encrypts the transaction data, calculates the MAC value of encrypted transaction data, obtains transaction message.
Seen from the above description, it is transmitted by being encrypted and being calculated to transaction message with ciphertext form after MAC value, Guarantee the validity and integrality of transaction data, realizes the raising of transaction data safety.
It further, further include: the encrypted user's card information of storage after described " encrypting user's card information " To safety zone;
It further include: that the encrypted subscriber card PIN code of storage is extremely pacified after described " encrypting the subscriber card PIN code " The whole district.
Seen from the above description, by the encrypted user's card information for being related to financial transaction and subscriber card PIN code store to Safety zone, prevent to be stolen the possibility distorted.
Further, further comprise after described " after client 2 receives successful respond ":
Client 2 sends non financial transaction element to the accepting terminal 1;
Accepting terminal 1 receives and verifies the legitimacy of the non financial transaction element, and storage is non-by legitimate verification Financial transaction element;
Accepting terminal 1 sends successful respond or unsuccessfully replys to client 2;
Client 2 receives successful respond;
Non financial transaction element is assembled into transaction message by accepting terminal 1 according to message assembling control instruction.
Further, the financial transaction element includes transaction amount, transaction currency type and type of transaction;The non-financial friendship Easy element includes that trade date and authorization short message receive cell-phone number.
Seen from the above description, it is related to non financial transaction element (such as positioning function, the increment for function of activating business Business etc.) it is to be generated by client 2, realization facilitates user to extend the relevant function of non financial transaction.
Further, further comprise after described " transaction message described in 2 transparent transmission of client to transaction processing system 3 ":
Transaction processing system 3 receives and processes the transaction message, generates the transaction comprising processing result and returns to response report Text;
Transaction processing system 3 encrypts the transaction and returns to response message;It sends the encrypted transaction and returns to response report Text is to client 2;
Client 2 receives and the encrypted transaction of transparent transmission returns to response message to accepting terminal 1.
The transaction of 1 good authentication of accepting terminal by encryption returns to response message, obtains transaction results;
Accepting terminal 1 shows transaction results.
It can be seen from the above, verifying behaviour can only be decrypted by transaction processing system 3 in transaction message transaction transmission process Control, other transmission nodes are all unable to get transaction data in plain text;The transaction generated after being handled by transaction processing system 3 is returned Returning response message is equally the transmission carried out again after encryption, and is in a manner of transparent transmission through client in transmission process End 2 is sent to accepting terminal 1;The security performance for promoting payment transaction process has prevented financial critical data in open net completely The possibility for being stolen and distorting in network environment.
Further, described " 1 good authentication of accepting terminal by encryption the transaction return response message " it is laggard One step includes:
The transaction after the storage decryption of accepting terminal 1 returns to response message to safety zone;Successful respond is returned to client End 2;
After client 2 receives successful respond, processing response control instruction is sent to accepting terminal 1;
Accepting terminal 1 obtains the transaction knot in the transaction return response message according to the processing response control instruction Fruit.
Further, further comprise after described " accepting terminal 1 shows transaction results ":
Accepting terminal 1 empties safety zone data;
Accepting terminal 1 returns to the transaction results to client 2;
Client 2 shows transaction results.
It can be seen from the above, being to receive client 2 after accepting terminal 1 receives and decrypted transaction returns to response message The extraction transaction results just executed after the processing response control instruction sended over, and empty and be stored in after showing transaction results The transaction data of safety zone realizes the guarantee of transaction data safety.
Referring to Fig. 5, another technical solution provided by the invention are as follows:
A kind of system based on trading processing, including accepting terminal 1, client 2 and transaction processing system 3;It is described to accept Data exchange is carried out by internet and/or wireless network interaction between terminal 1, client 2 and transaction processing system 3;
Accepting terminal 1 includes the first receiving module 11, encrypting module 12, the first sending module 13 and assembling module 14;
Client 2 includes the second sending module 22 and the second receiving module 23;
First receiving module 11 receives trading processing control instruction for accepting terminal 1, and receives message assembling Control instruction;
The encrypting module 12 obtains user's card information according to the trading processing control instruction for accepting terminal 1, adds Close user's card information;
First sending module 13 sends the success for being free of encrypted user's card information for accepting terminal 1 Response is unsuccessfully replied to client 2, and sends transaction message to transaction processing system 3;
The assembling module 14 assembles control instruction assembling financial transaction element according to the message for accepting terminal 1 With encrypted user's card information, transaction message is obtained;
Second sending module 22 sends trading processing control instruction to accepting terminal 1, the friendship for client 2 Easy to handle control instruction includes financial transaction element, sends message and assembles control instruction to the accepting terminal 1, and transmission friendship Easy message is to transaction processing system 3;
Second receiving module 23 receives successful respond for client 2 and receives transaction message.
Referring to Fig. 6, third technical solution provided by the invention are as follows:
A kind of client 2, including control module 26, sending module 24 and receiving module 25;
The control module 26, for generating trading processing control instruction and generating message assembling control instruction;
The sending module 24 sends message and assembles control instruction, and send for sending trading processing control instruction Transaction message;The trading processing control instruction includes financial transaction element;
The receiving module 25 for receiving successful respond or unsuccessfully reply, and receives transaction message.
It can be seen from the above, the control module 26 by client 2 generates the relevant control for controlling transaction system process The control of the logical transaction power of transaction system, the extending space for making full use of client 2 sufficiently large and stronger place are realized in instruction Reason ability promotes the extended capability of transaction system business, while to also achieve transaction system excellent in terms of trading processing distribution Change.
It further, further include display module;
The display module, for showing transaction results;
The control module 26 is also used to generate acquisition subscriber card PIN code control instruction, generates non financial transaction element, And generate processing response control instruction;
The sending module 24 is also used to send acquisition subscriber card PIN code control instruction, sends non financial transaction element, And send processing response control instruction;
The receiving module 25 is also used to receive encrypted transaction and returns to response message.
Seen from the above description, subscriber card PIN code control instruction, non financial transaction element are obtained by generating and sending, And processing response control instruction, realize that client 2 controls the execution of specific steps in transaction flow.
Referring to figure 4., the embodiment of the present invention one are as follows:
A kind of method based on trading processing is provided, specific on-line transaction process is as follows:
1, by client 2 carry out type of transaction, transaction amount, trade currency type element of transaction selection and input;
2, client 2 sends trading processing control instruction to accepting terminal 1, and the trading processing control instruction includes this The financial transactions elements such as transaction amount, type of transaction, the transaction currency type of transaction;
3, accepting terminal 1 receives trading processing control instruction;And transaction amount, transaction class are shown to holder by screen The information such as type, after holder's confirmation, accepting terminal 1 prompts plug-in card or swipes the card or wave card;
Accepting terminal 1 encrypts magnetic track information with TDK after reading user's card information;By encrypted user's card information It caches to safety zone;
4, accepting terminal 1 returns to the successful respond of " card reading success " to client 2;
5, client 2 receives the response of " card reading success ", and sends acquisition subscriber card PIN code control instruction and accept to described Terminal 1;
6, accepting terminal 1 receives above-mentioned control instruction, and reads subscriber card PIN code according to control instruction;It encrypts and saves Subscriber card PIN code;Encrypted subscriber card PIN code is cached to safety zone;
7, accepting terminal 1 sends the successful respond of " read PIN code success " to client 2;
8, client 2 receives the response of " reading PIN code success ", and sends non financial transaction element to the accepting terminal 1 to the accepting terminal 1;The non financial transaction element includes trade date, and user's short message receives cell-phone number etc.;
9, accepting terminal 1 receives non financial transaction element, and verify data legitimacy;The non financial transaction of verifying will be passed through Element storage;
10, accepting terminal 1 sends the successful respond of " saving successfully " to client 2;
11, client 2 receives the response of " saving successfully ", and sends message and assemble control instruction to the accepting terminal 1;
12, accepting terminal 1 receives above-mentioned control instruction, and according to control instruction assembling financial transaction element, non-financial friendship Easy element and encrypted user's card information and subscriber card PIN code, obtain transaction data;
The transaction data is encrypted, the MAC value of encrypted transaction data is calculated, obtains transaction message.
13, the transaction message is sent to client 2 by accepting terminal 1;
14,2 transparent transmission transaction message of client is to transaction processing system 3;
Transaction processing system 3 receives and processes the transaction message, generates the transaction comprising processing result and returns to response report Text;
Transaction processing system 3 encrypts the transaction and returns to response message;It sends the encrypted transaction and returns to response report Text is to client 2;
15, client 2 receives transaction described in simultaneously transparent transmission and returns to response message to accepting terminal 1;
16, accepting terminal 1, which receives and decrypts the transaction, returns to response message, and the transaction after verifying decryption returns to response report The MAC value of text stores the transaction for successfully passing decryption verification return response message to safety zone;
17, accepting terminal 1 returns to the successful respond of " being verified " to client 2;
18, client 2 receives the response of " being verified ", and sends processing response control instruction to accepting terminal 1;
19, accepting terminal 1, which receives and extracts the transaction in safety zone according to the processing response control instruction, returns to response Transaction results in message;
Transaction results are shown in accepting terminal 1, while emptying safety zone data;
20, accepting terminal 1 sends the transaction results to client 2;
Client 2 shows transaction results.
It can be seen from the above, in the present invention, passive " card reader " equipment of the accepting terminal 1 as client 2, transaction Process all defines in client 2, it ensure that the expansibility of system;And solution is beaten by " card reader " responsible transaction message Packet guarantees the safety of system transaction with this.Fig. 1 and 2 that the method for above-mentioned trading processing generallys use compared to the prior art Technical solution, there are following advantages:
Referring to figure 5., the embodiment of the present invention two are as follows:
A kind of client 2, including control module 26, sending module 24, receiving module 25 and display module;
The control module 26 is generated and is obtained for generating trading processing control instruction, generating message assembling control instruction Subscriber card PIN code control instruction generates non financial transaction element, and generates processing response control instruction;
The sending module 24 sends message and assembles control instruction, send and obtain for sending trading processing control instruction Subscriber card PIN code control instruction sends non financial transaction element, sends processing response control instruction, and send transaction message; The trading processing control instruction includes financial transaction element;
The receiving module 25, after receiving successful respond or unsuccessfully replying, receive transaction message, and reception encryption Transaction return response message;
The display module, for showing transaction results.
In conclusion a kind of method based on Secure Transaction, system and client 2 provided by the invention, not only ensure that Safety of the data of financial transaction in process of exchange prevents data of financial transaction and is stolen, distorts in open network environment A possibility that;And the extending space that makes full use of client 2 sufficiently large and stronger processing capacity promote transaction system industry The extended capability of business;Realize the operation expanding performance that transaction system is significantly improved under the premise of guaranteeing Secure Transaction;Simultaneously Also distribution of the transaction system in terms of trading processing is optimized.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include In scope of patent protection of the invention.

Claims (10)

1. a kind of method based on Secure Transaction characterized by comprising
Client sends trading processing control instruction to accepting terminal, and the trading processing control instruction is wanted comprising financial transaction Element;
Accepting terminal receives trading processing control instruction, and obtains user's card information according to the trading processing control instruction, adds Close user's card information;
Accepting terminal sends the successful respond without encrypted user's card information or unsuccessfully replys to client;
After client receives successful respond, sends message and assemble control instruction to the accepting terminal;
Accepting terminal receives the message and assembles control instruction, and wants according to message assembling control instruction assembling financial transaction Plain and encrypted user's card information, obtains transaction message;
Accepting terminal sends the transaction message to client;
Client sends the transaction message to transaction processing system.
2. a kind of method based on Secure Transaction according to claim 1, which is characterized in that it is described " client receive at After function response " after, before described " send message and assemble control instruction to the accepting terminal ", further comprise:
Client, which is sent, obtains subscriber card PIN code control instruction to the accepting terminal;
Accepting terminal successfully obtains subscriber card PIN code according to the acquisition subscriber card PIN code control instruction;Encrypt the subscriber card PIN code;
Accepting terminal sends the successful respond without the encrypted subscriber card PIN code or unsuccessfully replys to client;
Client receives successful respond;
After " accepting terminal receives the message and assembles control instruction ", further includes:
Subscriber card PIN code is assembled into transaction message by accepting terminal according to message assembling control instruction.
3. a kind of method based on Secure Transaction according to claim 2, which is characterized in that described " according to the message Control instruction assembling financial transaction element and encrypted user's card information are assembled, transaction message is obtained " and it is described " according to described in Subscriber card PIN code is assembled into transaction message by message assembling control instruction " specifically:
Accepting terminal is according to message assembling control instruction assembling financial transaction element, encrypted user's card information and user Card PIN code generates transaction data;
Accepting terminal encrypts the transaction data, calculates the MAC value of encrypted transaction data, obtains transaction message.
4. a kind of method based on Secure Transaction according to claim 2, which is characterized in that described " to encrypt the user It further include: to store encrypted user's card information to safety zone after card information ";
It further include: to store the encrypted subscriber card PIN code to safety after described " encrypting the subscriber card PIN code " Area.
5. a kind of method based on Secure Transaction according to claim 1, which is characterized in that it is described " client receive at After function response " further comprise later:
Client sends non financial transaction element to the accepting terminal;
Accepting terminal receives and verifies the legitimacy of the non financial transaction element, and storage passes through the non-financial friendship of legitimate verification Easy element;
Accepting terminal sends successful respond or unsuccessfully replys to client;
Client receives successful respond;
Non financial transaction element is assembled into transaction message by accepting terminal according to message assembling control instruction.
6. a kind of method based on Secure Transaction according to claim 5, which is characterized in that the financial transaction element packet Include transaction amount, transaction currency type and type of transaction;The non financial transaction element includes that trade date and authorization short message receive hand Machine number.
7. a kind of method based on Secure Transaction according to claim 1, which is characterized in that described " client sends institute Transaction message is stated to transaction processing system " further comprise later:
Transaction processing system receives and processes the transaction message, generates the transaction comprising processing result and returns to response message;
Transaction processing system encrypts the transaction and returns to response message;It sends the encrypted transaction and returns to response message to visitor Family end;
Client, which receives and sends the encrypted transaction, returns to response message to accepting terminal;
The transaction of the accepting terminal good authentication by encryption returns to response message, obtains transaction results;
Accepting terminal shows transaction results.
8. a kind of method based on Secure Transaction according to claim 7, which is characterized in that " the accepting terminal success The transaction of the verifying by encryption returns to response message " further comprise later:
The transaction after accepting terminal storage decryption returns to response message to safety zone;Successful respond is returned to client;
After client receives successful respond, processing response control instruction is sent to accepting terminal;
Accepting terminal obtains the transaction results in the transaction return response message according to the processing response control instruction.
9. a kind of method based on Secure Transaction according to claim 7, which is characterized in that described " accepting terminal is shown Further comprise after transaction results ":
Accepting terminal empties safety zone data;
Accepting terminal returns to the transaction results to client;
Client shows transaction results.
10. a kind of system based on trading processing, which is characterized in that including accepting terminal, client and transaction processing system;
Accepting terminal includes the first receiving module, encrypting module, the first sending module and assembling module;
Client includes the second sending module and the second receiving module;
First receiving module receives trading processing control instruction for accepting terminal, and receives message assembling control and refer to It enables;
The encrypting module obtains user's card information according to the trading processing control instruction for accepting terminal, described in encryption User's card information;
First sending module sends the successful respond or mistake for being free of encrypted user's card information for accepting terminal Response is lost to client, and sends transaction message to transaction processing system;
The assembling module, for accepting terminal according to message assembling control instruction assembling financial transaction element and after encrypting User's card information, obtain transaction message;
Second sending module sends trading processing control instruction to accepting terminal, the trading processing control for client System instruction includes financial transaction element, transmission message assembling control instruction to the accepting terminal, and sends transaction message extremely Transaction processing system;
Second receiving module receives successful respond for client and receives transaction message.
CN201510236533.4A 2015-05-11 2015-05-11 A kind of method based on Secure Transaction, system Active CN104881782B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510236533.4A CN104881782B (en) 2015-05-11 2015-05-11 A kind of method based on Secure Transaction, system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510236533.4A CN104881782B (en) 2015-05-11 2015-05-11 A kind of method based on Secure Transaction, system

Publications (2)

Publication Number Publication Date
CN104881782A CN104881782A (en) 2015-09-02
CN104881782B true CN104881782B (en) 2019-02-05

Family

ID=53949269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510236533.4A Active CN104881782B (en) 2015-05-11 2015-05-11 A kind of method based on Secure Transaction, system

Country Status (1)

Country Link
CN (1) CN104881782B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201515408U (en) * 2009-08-28 2010-06-23 深圳市健马科技开发有限公司 Smart mobile phone capable of swiping card
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment
WO2014048990A1 (en) * 2012-09-28 2014-04-03 Bell Identification Bv Method and apparatus for providing secure services using a mobile device
CN103714453A (en) * 2013-12-27 2014-04-09 福建联迪商用设备有限公司 Payment platform system and payment method based on intelligent device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077688A (en) * 2014-06-09 2014-10-01 中国建设银行股份有限公司 Internet payment method based on IC card and relevant device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201515408U (en) * 2009-08-28 2010-06-23 深圳市健马科技开发有限公司 Smart mobile phone capable of swiping card
WO2014048990A1 (en) * 2012-09-28 2014-04-03 Bell Identification Bv Method and apparatus for providing secure services using a mobile device
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment
CN103714453A (en) * 2013-12-27 2014-04-09 福建联迪商用设备有限公司 Payment platform system and payment method based on intelligent device

Also Published As

Publication number Publication date
CN104881782A (en) 2015-09-02

Similar Documents

Publication Publication Date Title
US11341480B2 (en) Systems and methods for phone-based card activation
KR20210069055A (en) System and method for cryptographic authentication of contactless card
KR20210065946A (en) System and method for cryptographic authentication of contactless card
KR20210069033A (en) System and method for cryptographic authentication of contactless card
US10783519B2 (en) Systems and methods for cryptographic authentication of contactless cards
US10965465B2 (en) Systems and methods for cryptographic authentication of contactless cards
KR20210065088A (en) System and method for cryptographic authentication of contactless card
KR20210065937A (en) System and method for cryptographic authentication of contactless card
US11438164B2 (en) Systems and methods for email-based card activation
CN104881781B (en) A kind of method, system and client based on Secure Transaction
KR20210065961A (en) System and method for cryptographic authentication of contactless card
KR20210069035A (en) System and method for cryptographic authentication of contactless card
JP2022502891A (en) Systems and methods for cryptographic authentication of non-contact cards
KR20210066787A (en) Systems and methods for signaling potential attacks on contactless cards
KR20210066798A (en) System and method for cryptographic authentication of contactless card
CN104102934A (en) Portable IC card read-write device, system and method
WO2008154872A1 (en) A mobile terminal, a method and a system for downloading bank card information or payment application information
CN104881782B (en) A kind of method based on Secure Transaction, system
KR20210068391A (en) System and method for cryptographic authentication of contactless card
KR20210153592A (en) System and method for contactless card reissuance

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant