WO2018040972A1 - Method and system for improving application security of payment terminal - Google Patents

Method and system for improving application security of payment terminal Download PDF

Info

Publication number
WO2018040972A1
WO2018040972A1 PCT/CN2017/098252 CN2017098252W WO2018040972A1 WO 2018040972 A1 WO2018040972 A1 WO 2018040972A1 CN 2017098252 W CN2017098252 W CN 2017098252W WO 2018040972 A1 WO2018040972 A1 WO 2018040972A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
identifier
permission
terminal
function
Prior art date
Application number
PCT/CN2017/098252
Other languages
French (fr)
Chinese (zh)
Inventor
吴旋
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2018040972A1 publication Critical patent/WO2018040972A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Definitions

  • the present invention relates to the field of secure payment, and in particular, to a method and system for improving security of a payment terminal application.
  • terminals used in the payment field basically support multiple applications.
  • the terminal customers in addition to self-issuing applications, also commission third-party application software, such as: Invoicing system, navigation /Map service, etc.
  • the application scenarios of the terminal customers are basically payment-related applications, and financial security needs to be considered. Therefore, if third-party application software is installed on the terminal, there may be security vulnerabilities due to problems such as low security awareness of third-party applications, and there may be malicious use of payment-related devices. This requires the security of third-party applications.
  • the technical problem to be solved by the present invention is to provide a method and system for improving the security of a payment terminal application, and effectively prohibiting a third party application from illegally using the payment related function.
  • a method for improving security of a payment terminal application includes:
  • the terminal acquires the identifier of the application
  • the terminal acquires the permission table corresponding to the identifier according to the association relationship
  • the terminal determines, according to the permission table, whether the application has the right to invoke the function.
  • a system for improving security of a payment terminal application comprising:
  • a generating module configured to preset a permission of the application, and generate a permission table corresponding to the application
  • a signature module configured by the publisher to digitally sign the application and its permission table
  • an allocation module configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table
  • an association module configured to establish an association relationship between an application, an identifier, and a permission table
  • a first obtaining module configured to: when the application invokes a function related to the payment operation, the terminal acquires an identifier of the application;
  • a second obtaining module configured to acquire, according to the association relationship, a permission table corresponding to the identifier;
  • a determining module configured to determine, according to the permission table, whether the application has the call Functional permissions.
  • the beneficial effects of the present invention are as follows: There is a problem that there is an insecure factor in the third-party application software used by the terminal in the prior art.
  • the present invention provides a method and device for improving the security of a payment terminal application.
  • the publisher pre-determines the permission table of the third-party application, and then obtains the third-party application securely in the terminal, and obtains the corresponding permission table in the third-party application.
  • After calling the payment related function it can judge whether the operation is allowed according to the permission table, realize the authority management of the third party application, effectively prohibit the third party application from illegally using the payment related function, and ensure the payment security of the terminal.
  • FIG. 1 is a schematic flow chart of a method for improving security of a payment terminal application according to the present invention
  • FIG. 3 is a schematic structural diagram of a system for improving security of a payment terminal application according to the present invention.
  • FIG. 4 is a schematic structural diagram of a system for improving security of a payment terminal application according to an embodiment of the present invention.
  • the most important idea of the present invention is: After the third party application invokes the payment related function, it determines whether there is a calling right according to the permission table preset by the publisher, and ensures the payment security of the terminal.
  • the identifier corresponds to the operation handle.
  • the present invention provides a method for improving security of a payment terminal application, including: [0040] presetting a permission of an application, and generating a permission table corresponding to the application;
  • the publisher digitally signs the application and its permission table
  • the terminal acquires the identifier of the application; [0045] the terminal acquires the permission table corresponding to the identifier according to the association relationship;
  • the terminal determines, according to the permission table, whether the application has the right to invoke the function.
  • the present invention has the following advantages: On the basis of the application rights management mechanism of the terminal operating system, the rights to the payment device and the security-sensitive operation are expanded. After the third-party application is installed, the operation authority of the application declared by the signed publisher is obtained, and the security of the declaration is ensured during the transmission; the third-party application calls the payment related function, and the verification is performed according to the above statement to ensure the terminal's Payment security.
  • the terminal acquires the identifier of the application; the terminal acquires the permission table corresponding to the identifier according to the association relationship, according to the permission table. Determining whether the application has permission to invoke the function, specifically:
  • the device driver background service acquires the identifier of the application, and sends the identifier to the rights management service
  • the rights management service obtains the permission table corresponding to the identifier according to the association relationship
  • the rights management service determines, according to the permission table, whether the application has permission to invoke the function
  • the rights management service returns the determination result to the device driver background service.
  • the rights management service returns the determination result to the device driver background service, and then further includes:
  • the device driver background service determines, according to the determination result, whether to allocate the device/operation handle corresponding to the function to the application.
  • the device-driven background service determines whether to allocate a third-party application device/operation handle according to the determination result of the rights management service; if the third-party application cannot obtain the device/operation handle, the operation of the payment-related function cannot be performed. Therefore, the operation of the third-party application is effectively controlled, and the legality of the operation of the third-party application is guaranteed from the root cause.
  • the identifier is a user ID.
  • the peer when the terminal downloads and acquires the third-party application and its permission table, the peer assigns a user ID to it, and establishes a third-party application, a permission table, and a third-party application corresponding user ID.
  • the association provides a basis for subsequently calling the permission table of the third-party application, and realizing the quick and accurate permission for obtaining the preset of the third-party application.
  • a system for improving the security of a payment terminal application includes:
  • the generating module 1 is configured to preset a permission of the application, and generate a permission table corresponding to the application;
  • a signature module 2 configured for the publisher to digitally sign the application and its permission table
  • the distribution module 3 is configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table, and assign an identifier to the application;
  • an association module 4 configured to establish an association relationship between an application, an identifier, and a permission table;
  • the first obtaining module 5 is configured to: when the application invokes a function related to the payment operation, the terminal acquires an identifier of the application;
  • the second obtaining module 6 is configured to acquire, by the terminal, the permission table corresponding to the identifier according to the association relationship;
  • the determining module 7 is configured to determine, by the terminal, whether the application has a call according to the permission table. The permissions of the function.
  • the method further includes:
  • the calling module 8 is configured to allow the application to invoke the function if the determination result obtained by the determining module is YES, and to not allow the application to be determined if the determining result obtained by the determining module is negative Call the function.
  • the first acquiring module 5 includes:
  • the notification unit 51 is configured to notify the device to drive the background service when the application invokes a function related to the payment operation
  • the obtaining unit 52 is configured to: acquire, by the device-driven background service, an identifier of the application, and send the identifier to the rights management service;
  • the second obtaining module 6 is specifically configured to acquire, according to the association relationship, a permission table corresponding to the identifier according to the association relationship;
  • the determining module 7 includes:
  • determining unit 71 configured to determine, by the rights management service, whether the application has the right to invoke the function according to the permission table
  • the returning unit 72 is configured to return the determination result to the device driver background service by the rights management service.
  • the determining module 7 further includes:
  • the allocating unit 73 is configured to determine, according to the determining result, whether to allocate the device/operation handle corresponding to the function to the application according to the determining result.
  • the identifier is a user ID.
  • this embodiment provides a method for improving the security of a payment terminal application, which is applicable to a terminal device having a payment function, in particular, a payment terminal that introduces a third-party application, which can well protect the terminal. Payment security.
  • the method can include the following steps:
  • S1 The third-party application publisher declares that the published application may use the payment-related function during use, and corresponds to the permission corresponding to the relevant function setting, and generates a permission table corresponding to the application;
  • the permission table lists whether the IC card, magnetic card, RF card, and print can be used; whether to allow the PIN to be entered; whether to allow the use of payment related functions such as downloading keys; for example, for the invoicing software, disable all payment related functions, Including safety related, card type, printing, etc.
  • S2 The publisher digitally signs the application and its permission table; specifically, the permission table may be placed at the end of the application for overall digital signature; this step is used to download the third-party application to the terminal, The terminal verifies that the third party application has been tampered with.
  • the permission table is also digitally signed, which not only ensures the security of the third-party application acquired by the terminal, but also ensures the security of the permission table of the third-party application declared by the publisher, and ensures its security. Not illegally tampering;
  • S3 the terminal downloads the foregoing application, and for the terminal, the application is a third-party application; the terminal acquires the digitally signed third-party application and its permission table;
  • S4 The terminal verifies the signed third-party application and its permission table according to the key that is legally obtained from the publisher in advance; if the verification is passed, the third-party application and its permission table are obtained, and the terminal is proved to have Higher security; continue to execute S5; if the verification fails, it proves that there is an insecure factor in the third-party application or its permission table, and the third-party application fails to be installed;
  • S5 The terminal allocates a unique identifier to the obtained third-party application; preferably, the identifier is a user ID; each application in the Android operating system may be isolated from each other, and each application The program can have a separate Linux user ID and group ID, so the user ID is used as the unique identifier of the third-party application to distinguish different applications;
  • S6 establishing an association relationship between the acquired third application and its permission table and user ID; preferably, storing the association relationship into the association table; and storing, in the association table, different third-party applications Associated information;
  • step S7 When a third-party application is executed, a function of payment related operations is needed, and the terminal system performs a permission check, and obtains a relationship from the association relationship according to the user ID of the third-party application. Determining the permission table corresponding to the user ID; and then determining, according to the permission table, whether the third-party application has the right to legally invoke the above function; [0095] Preferably, step S7 may include the following sub-steps:
  • S71 When the application invokes a function related to the payment operation, the device driver is required to drive the background service to perform the corresponding operation; for example, the RF card is used to acquire the device handle;
  • S72 the device driver background service first obtains the user ID of the application, and then sends the user ID to the rights management service check permission;
  • S72 The rights management service obtains, according to the user ID, the permission table corresponding to the user ID from the stored association relationship; that is, the application that invokes the function is installed in the permission table;
  • S73 The rights management service determines, according to the permission table, whether the application has permission to invoke the function.
  • S74 The rights management service returns a determination result that does not allow the operation to the device driver background service. For example, for a device operation, the device driver background service does not assign a device handle to the application, but directly returns an error; since the application cannot obtain the device handle of the RF card, subsequent RF card operations cannot be performed.
  • S75 the rights management service returns a determination result of the permission operation to the device driver background service; the device driver background service allocates a device handle to the third party application; the third party application uses the device handle for subsequent operations.
  • the device drives the background service to check the permissions.
  • the application can use the device handle to perform subsequent peripheral operations.
  • some devices need to subdivide different operation rights. Therefore, in addition to checking the permissions of the device, some operations will also perform permission checks. If the permission check fails, the device driver background service will not perform the operation. Return an error to the application.
  • PINPAD devices in addition to accessing PINPAD device rights, also control whether PIN entry is possible. In this way, in addition to the PINPAD device, there is a permission check. When the application calls the API for PIN input, the permission check is also performed. If the permission check fails, an error is returned, and the PIN input operation is not executed. .
  • a rights management mechanism for the third-party application is established, and the rights management of the third-party application is implemented, so that the third-party application is implemented. Restricted when using payment-related functions, avoiding the payment terminal being introduced After the application of the three parties, it is misused or misused, resulting in the loss of people's property. At the same time, it is not necessary to spend a lot of energy and financial resources to conduct source code audits on third-party applications, and to improve the security of terminal payment, and to save resources.
  • the embodiment provides a system for improving security of a payment terminal application, including:
  • the generating module 1 is configured to preset a permission of the application, and generate a permission table corresponding to the application; [0107] a signature module 2, configured to perform digital signature on the application and its permission table by the publisher;
  • the distribution module 3 is configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table, and assign an identifier to the application;
  • an association module 4 configured to establish an association relationship between an application, an identifier, and a permission table
  • a first obtaining module 5 configured to: when an application invokes a function related to a payment operation, the terminal acquires an identifier of the application;
  • the second obtaining module 6 is configured to acquire, by the terminal, the permission table corresponding to the identifier according to the association relationship; [0112] the determining module 7 is configured to determine, by the terminal, whether the application has a call according to the permission table. The permissions of the function.
  • [0113] also includes:
  • a calling module 8 is configured to allow the application to invoke the function if the determination result obtained by the determining module is YES; and to not allow the application to be determined if the determining result obtained by the determining module is negative Call the function.
  • the first acquiring module 5 includes:
  • the notification unit 51 is configured to notify the device to drive the background service when the application invokes a function related to the payment operation
  • the obtaining unit 52 is configured to acquire, by the device-driven background service, the identifier of the application, and send the identifier to the rights management service.
  • the identifier is a user ID.
  • the second obtaining module 6 is specifically configured to acquire, according to the association relationship, a permission table corresponding to the identifier according to the association relationship;
  • the determining module 7 includes:
  • a determining unit 71 configured to determine, by the permission table, whether the application has the call Functional authority
  • the returning unit 72 is configured to return the determination result to the device driver background service by the rights management service.
  • the determining module 7 further includes:
  • the allocating unit 73 is configured to determine, by the device driving background service, whether to allocate the device/operation handle corresponding to the function to the application according to the determining result.
  • the method and device for improving the security of a payment terminal application provided by the present invention not only save the review process of the third-party application source code, but also save manpower and material resources; and belong to pre-verification and effectively prevent security.
  • the problem occurs.
  • the present application does not need to introduce additional equipment, and directly uses the existing configuration of the terminal to perform authority control, which not only improves the versatility of the present invention, but also its security and simplicity are self-evident.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

A method for improving application security of a payment terminal, and apparatus for same. The method comprises: pre-configuring permissions of an application program, and generating a permission list corresponding to the application program; an issuer digitally signing the application program and the permission list thereof; after a terminal authenticates the digital signature, acquiring the application program and the permission list thereof, and allocating an identifier to the application program; establishing an association relationship of the application program, identifier, and permission list; when the application program calls a function related to a payment operation, the terminal acquiring the identifier of the application program; the terminal acquiring, according to the association relationship, the permission list corresponding to the identifier; and the terminal determining, according to the permission list, whether the application program has the permission to call said function. The method of the present invention establishes, on the basis of coordination between a signing tool, a permission management service, and a device driver back-end service, a permission management mechanism for third-party application programs, thus achieving permission management of third-party applications, and improving payment security of terminals.

Description

说明书 发明名称:提高支付终端应用安全性的方法及系统 技术领域  Description: Method and system for improving security of payment terminal application
[0001] 本发明涉及安全支付领域, 具体说的是提高支付终端应用安全性的方法及系统 背景技术  [0001] The present invention relates to the field of secure payment, and in particular, to a method and system for improving security of a payment terminal application.
[0002] 目前用于支付领域的终端基本都支持多应用, 随着智能终端的引入, 终端客户 除了自行幵发应用外, 也会委托第三方幵发应用软件, 比如: 进销存系统、 导 航 /地图服务等。  [0002] Currently, terminals used in the payment field basically support multiple applications. With the introduction of intelligent terminals, the terminal customers, in addition to self-issuing applications, also commission third-party application software, such as: Invoicing system, navigation /Map service, etc.
[0003] 终端客户的应用场景基本都是支付相关应用, 需要考虑金融安全性。 所以, 在 终端上安装第三方幵发的应用软件使用吋, 由于第三方应用幵发方安全意识较 低等问题, 可能存在安全漏洞, 也可能存在恶意使用支付相关设备等行为。 这 就需要对第三方应用软件的安全进行管控。  [0003] The application scenarios of the terminal customers are basically payment-related applications, and financial security needs to be considered. Therefore, if third-party application software is installed on the terminal, there may be security vulnerabilities due to problems such as low security awareness of third-party applications, and there may be malicious use of payment-related devices. This requires the security of third-party applications.
[0004] 目前, 客户只能通过对第三方应用软件源码进行审核, 或与第三方签署协议的 方式来保证使用的第三方软件的安全。 但是, 上述方式存在以下缺点: 1、 第三 方应用大都比较复杂, 难以通过审核源码确定其安全风险; 2、 部分第三方应用 幵发方出于商业秘密考虑, 不愿意幵放源码给终端所有者; 3、 就算签署安全风 险协议, 也只是在出现安全问题后的措施, 无法有效防止安全问题出现。  [0004] At present, customers can only guarantee the security of third-party software used by reviewing the source code of third-party application software or by signing an agreement with a third party. However, the above methods have the following disadvantages: 1. Third-party applications are mostly complicated, and it is difficult to determine their security risks by auditing source code. 2. Some third-party application senders are unwilling to release source code to terminal owners for commercial secrets. 3, even if the signing of a security risk agreement, it is only after the occurrence of security problems, can not effectively prevent security problems.
[0005] 因此, 有必要提供一种提高支付终端应用安全性的方法及系统。  [0005] Therefore, it is necessary to provide a method and system for improving the security of a payment terminal application.
技术问题  technical problem
[0006] 本发明所要解决的技术问题是: 提供一种提高支付终端应用安全性的方法及系 统, 有效禁止第三方应用非法使用支付相关功能。  The technical problem to be solved by the present invention is to provide a method and system for improving the security of a payment terminal application, and effectively prohibiting a third party application from illegally using the payment related function.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0007] 为了解决上述技术问题, 本发明采用的技术方案为:  [0007] In order to solve the above technical problem, the technical solution adopted by the present invention is:
[0008] 提高支付终端应用安全性的方法, 包括:  [0008] A method for improving security of a payment terminal application includes:
[0009] 预设应用程序的权限, 生成对应所述应用程序的权限表; [0010] 发布者对应用程序及其权限表进行数字签名; [0009] presetting the permission of the application, generating a permission table corresponding to the application; [0010] The publisher digitally signs the application and its permission table;
[0011] 终端验证所述数字签名通过后, 获取所述应用程序及其权限表, 并为所述应用 程序分配一标识;  [0011] after the terminal verifies that the digital signature is passed, acquiring the application and its permission table, and assigning an identifier to the application;
[0012] 建立应用程序、 标识和权限表的关联关系;  [0012] establishing an association relationship between an application, an identifier, and a permission table;
[0013] 当应用程序调用涉及支付操作的功能吋, 终端获取所述应用程序的标识; [0013] when the application invokes a function related to the payment operation, the terminal acquires the identifier of the application;
[0014] 终端依据所述关联关系, 获取所述标识对应的权限表; [0014] the terminal acquires the permission table corresponding to the identifier according to the association relationship;
[0015] 终端依据所述权限表确定所述应用程序是否有调用所述功能的权限。  [0015] The terminal determines, according to the permission table, whether the application has the right to invoke the function.
[0016] 本发明提供的另一个技术方案为:  [0016] Another technical solution provided by the present invention is:
[0017] 提高支付终端应用安全性的系统, 包括:  [0017] A system for improving security of a payment terminal application, comprising:
[0018] 生成模块, 用于预设应用程序的权限, 生成对应所述应用程序的权限表; [0018] a generating module, configured to preset a permission of the application, and generate a permission table corresponding to the application;
[0019] 签名模块, 用于发布者对应用程序及其权限表进行数字签名; [0019] a signature module, configured by the publisher to digitally sign the application and its permission table;
[0020] 分配模块, 用于终端验证所述数字签名通过后, 获取所述应用程序及其权限表 [0020] an allocation module, configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table
, 并为所述应用程序分配一标识; And assigning an identifier to the application;
[0021] 关联模块, 用于建立应用程序、 标识和权限表的关联关系; [0021] an association module, configured to establish an association relationship between an application, an identifier, and a permission table;
[0022] 第一获取模块, 用于当应用程序调用涉及支付操作的功能吋, 终端获取所述应 用程序的标识; [0022] a first obtaining module, configured to: when the application invokes a function related to the payment operation, the terminal acquires an identifier of the application;
[0023] 第二获取模块, 用于终端依据所述关联关系, 获取所述标识对应的权限表; [0024] 确定模块, 用于终端依据所述权限表确定所述应用程序是否有调用所述功能的 权限。  [0023] a second obtaining module, configured to acquire, according to the association relationship, a permission table corresponding to the identifier; [0024] a determining module, configured to determine, according to the permission table, whether the application has the call Functional permissions.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0025] 本发明的有益效果在于: 区别于现有技术中终端所使用的第三方应用软件存在 不安全因素的问题。 本发明提供一种提高支付终端应用安全性的方法及其装置 , 通过发布者预设第三方应用的权限表, 然后在终端安全获取第三方应用吋一 并获取与其对应权限表, 在第三方应用调用支付相关功能吋可以依据权限表判 断是否允许操作, 实现了对第三方应用的权限管理, 有效禁止第三方应用程序 非法使用支付相关功能, 保证终端的支付安全性。  [0025] The beneficial effects of the present invention are as follows: There is a problem that there is an insecure factor in the third-party application software used by the terminal in the prior art. The present invention provides a method and device for improving the security of a payment terminal application. The publisher pre-determines the permission table of the third-party application, and then obtains the third-party application securely in the terminal, and obtains the corresponding permission table in the third-party application. After calling the payment related function, it can judge whether the operation is allowed according to the permission table, realize the authority management of the third party application, effectively prohibit the third party application from illegally using the payment related function, and ensure the payment security of the terminal.
对附图的简要说明 附图说明 Brief description of the drawing DRAWINGS
[0026] 图 1为本发明提高支付终端应用安全性的方法的流程示意图;  1 is a schematic flow chart of a method for improving security of a payment terminal application according to the present invention;
[0027] 图 2为本发明一具体实施方式的信息交互图;  2 is an information interaction diagram according to an embodiment of the present invention;
[0028] 图 3为本发明提高支付终端应用安全性的系统的结构组成示意图;  3 is a schematic structural diagram of a system for improving security of a payment terminal application according to the present invention;
[0029] 图 4为本发明一具体实施方式提高支付终端应用安全性的系统的结构组成示意 图。  4 is a schematic structural diagram of a system for improving security of a payment terminal application according to an embodiment of the present invention.
[0030] 标号说明:  [0030] Description of the label:
[0031] 1、 生成模块; 2、 签名模块; 3、 分配模块; 4、 关联模块;  [0031] 1, a generating module; 2, a signature module; 3, an allocation module; 4, an associated module;
[0032] 5、 第一获取模块; 6、 第二获取模块; 7、 确定模块; 8、 调用模块 [0032] 5, the first acquisition module; 6, the second acquisition module; 7, the determination module; 8, call the module
[0033] 51、 通知单元; 52、 获取单元; 71、 确定单元; 72、 返回单元; [0033] 51, the notification unit; 52, the acquisition unit; 71, the determination unit; 72, the return unit;
[0034] 73、 分配单元。 [0034] 73, an allocation unit.
具体实施方式 detailed description
[0035] 本发明最关键的构思在于: 在第三方应用调用支付相关功能吋, 依据发布者预 设的权限表判断是否有调用权限, 保证终端支付安全。  [0035] The most important idea of the present invention is: After the third party application invokes the payment related function, it determines whether there is a calling right according to the permission table preset by the publisher, and ensures the payment security of the terminal.
[0036]  [0036]
[0037] 本发明涉及的技术术语解释:  [0037] The technical terms involved in the present invention are explained:
[] []
[表 1] [Table 1]
Figure imgf000006_0001
若要求的功能对应你的是操作, 则标识 符对应操作句柄。
Figure imgf000006_0001
If the requested function corresponds to your operation, the identifier corresponds to the operation handle.
[0038] [0038]
[0039] 请参照图 1以及图 2, 本发明提供一种提高支付终端应用安全性的方法, 包括: [0040] 预设应用程序的权限, 生成对应所述应用程序的权限表;  Referring to FIG. 1 and FIG. 2, the present invention provides a method for improving security of a payment terminal application, including: [0040] presetting a permission of an application, and generating a permission table corresponding to the application;
[0041] 发布者对应用程序及其权限表进行数字签名; [0041] The publisher digitally signs the application and its permission table;
[0042] 终端验证所述数字签名通过后, 获取所述应用程序及其权限表, 并为所述应用 程序分配一标识;  [0042] after the terminal verifies that the digital signature is passed, acquiring the application and its permission table, and assigning an identifier to the application;
[0043] 建立应用程序、 标识和权限表的关联关系; [0043] establishing an association relationship between the application, the identifier, and the permission table;
[0044] 当应用程序调用涉及支付操作的功能吋, 终端获取所述应用程序的标识; [0045] 终端依据所述关联关系, 获取所述标识对应的权限表;  [0044] When the application invokes a function related to the payment operation, the terminal acquires the identifier of the application; [0045] the terminal acquires the permission table corresponding to the identifier according to the association relationship;
[0046] 终端依据所述权限表确定所述应用程序是否有调用所述功能的权限。 [0046] The terminal determines, according to the permission table, whether the application has the right to invoke the function.
[0047] 从上述描述可知, 本发明的有益效果在于: 在终端操作系统的应用权限管理机 制的基础上, 拓展对支付设备和安全敏感操作的权限。 在第三方应用安装吋便 获取经过签名的发布者声明的该应用的操作权限, 确保该声明在传输过程中的 安全性; 在第三方应用调用支付相关功能吋依据上述声明进行验证, 确保终端 的支付安全。 [0047] As can be seen from the above description, the present invention has the following advantages: On the basis of the application rights management mechanism of the terminal operating system, the rights to the payment device and the security-sensitive operation are expanded. After the third-party application is installed, the operation authority of the application declared by the signed publisher is obtained, and the security of the declaration is ensured during the transmission; the third-party application calls the payment related function, and the verification is performed according to the above statement to ensure the terminal's Payment security.
[0048] 进一步的, 所述依据所述权限表确定所述应用程序是否有调用所述功能的权限 [0048] Further, determining, according to the permission table, whether the application has permission to invoke the function
, 之后, 进一步包括: After that, further include:
[0049] 若是, 则允许所述应用程序调用所述功能; [0049] if yes, allowing the application to invoke the function;
[0050] 若否, 则不允许所述应用程序调用所述功能。 [0050] If not, the application is not allowed to invoke the function.
[0051] 由上述描述可知, 只有终端验证第三方应用具有合法调用该涉及支付操作的功 能的权限, 才能允许第三方应用的调用操作, 确保第三方应用的操作在合法范 围内。  [0051] As can be seen from the above description, only the terminal verifies that the third-party application has the right to legally invoke the function related to the payment operation, so that the calling operation of the third-party application can be allowed to ensure that the operation of the third-party application is within the legal range.
[0052] 进一步的, 所述当应用程序调用涉及支付操作的功能吋, 终端获取所述应用程 序的标识; 终端依据所述关联关系, 终端获取所述标识对应的权限表, 依据所 述权限表确定所述应用程序是否有调用所述功能的权限, 具体为:  [0052] Further, when the application invokes a function related to the payment operation, the terminal acquires the identifier of the application; the terminal acquires the permission table corresponding to the identifier according to the association relationship, according to the permission table. Determining whether the application has permission to invoke the function, specifically:
[0053] 当应用程序调用涉及支付操作的功能吋, 通知设备驱动后台服务; [0054] 设备驱动后台服务获取所述应用程序的标识, 并发送所述标识至权限管理服务 [0053] when the application invokes a function related to the payment operation, notifying the device to drive the background service; [0054] the device driver background service acquires the identifier of the application, and sends the identifier to the rights management service
[0055] 权限管理服务依据所述关联关系, 获取所述标识对应的权限表; [0055] the rights management service obtains the permission table corresponding to the identifier according to the association relationship;
[0056] 权限管理服务依据权限表确定所述应用程序是否有调用所述功能的权限; [0056] the rights management service determines, according to the permission table, whether the application has permission to invoke the function;
[0057] 权限管理服务返回确定结果至设备驱动后台服务。 [0057] The rights management service returns the determination result to the device driver background service.
[0058] 由上述描述可知, 通过签名工具、 终端权限管理服务以及终端设备驱动后台服 务的协同配合, 实现了对第三方应用权限的管理, 有效控制第三方应用非法使 用支付相关功能, 保证支付终端应用安全性。  [0058] It can be seen from the above description that through the cooperation of the signature tool, the terminal rights management service, and the terminal device driving the background service, the third party application authority is managed, and the third party application illegally uses the payment related function, thereby ensuring the payment terminal. Application security.
[0059] 进一步的, 所述权限管理服务返回确定结果至设备驱动后台服务, 之后, 进一 步包括:  [0059] Further, the rights management service returns the determination result to the device driver background service, and then further includes:
[0060] 设备驱动后台服务依据所述确定结果判断是否给所述应用程序分配所述功能对 应的设备 /操作句柄。  [0060] The device driver background service determines, according to the determination result, whether to allocate the device/operation handle corresponding to the function to the application.
[0061] 由上述描述可知, 设备驱动后台服务依据权限管理服务的确定结果, 决定是否 分配第三方应用设备 /操作句柄; 若第三方应用无法获取设备 /操作句柄, 将无法 进行支付相关功能的操作, 从而有效控制第三方应用的操作, 从根源上保证第 三方应用操作的合法性。  [0061] It can be seen from the above description that the device-driven background service determines whether to allocate a third-party application device/operation handle according to the determination result of the rights management service; if the third-party application cannot obtain the device/operation handle, the operation of the payment-related function cannot be performed. Therefore, the operation of the third-party application is effectively controlled, and the legality of the operation of the third-party application is guaranteed from the root cause.
[0062] 进一步的, 所述标识为用户 ID。  [0062] Further, the identifier is a user ID.
[0063] 由上述描述可知, 在终端下载获取第三方应用及其权限表的吋候, 同吋为其分 配一用户 ID, 并建立第三方应用、 权限表、 第三方应用对应用户 ID三者的关联 , 为后续调用第三方应用的权限表提供依据, 实现快速、 准确的获取第三方应 用预设的权限。  [0063] It can be seen from the above description that when the terminal downloads and acquires the third-party application and its permission table, the peer assigns a user ID to it, and establishes a third-party application, a permission table, and a third-party application corresponding user ID. The association provides a basis for subsequently calling the permission table of the third-party application, and realizing the quick and accurate permission for obtaining the preset of the third-party application.
[0064] 请参阅图 3和图 4, 本发明提供的另一个技术方案为:  [0064] Referring to FIG. 3 and FIG. 4, another technical solution provided by the present invention is:
[0065] 提高支付终端应用安全性的系统, 包括: [0065] A system for improving the security of a payment terminal application includes:
[0066] 生成模块 1, 用于预设应用程序的权限, 生成对应所述应用程序的权限表; [0066] The generating module 1 is configured to preset a permission of the application, and generate a permission table corresponding to the application;
[0067] 签名模块 2, 用于发布者对应用程序及其权限表进行数字签名; [0067] a signature module 2, configured for the publisher to digitally sign the application and its permission table;
[0068] 分配模块 3, 用于终端验证所述数字签名通过后, 获取所述应用程序及其权限 表, 并为所述应用程序分配一标识;  [0068] The distribution module 3 is configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table, and assign an identifier to the application;
[0069] 关联模块 4, 用于建立应用程序、 标识和权限表的关联关系; [0070] 第一获取模块 5, 用于当应用程序调用涉及支付操作的功能吋, 终端获取所述 应用程序的标识; [0069] an association module 4, configured to establish an association relationship between an application, an identifier, and a permission table; [0070] The first obtaining module 5 is configured to: when the application invokes a function related to the payment operation, the terminal acquires an identifier of the application;
[0071] 第二获取模块 6, 用于终端依据所述关联关系, 获取所述标识对应的权限表; [0072] 确定模块 7, 用于终端依据所述权限表确定所述应用程序是否有调用所述功能 的权限。  [0071] The second obtaining module 6 is configured to acquire, by the terminal, the permission table corresponding to the identifier according to the association relationship; [0072] the determining module 7 is configured to determine, by the terminal, whether the application has a call according to the permission table. The permissions of the function.
[0073] 进一步的, 还包括: [0073] Further, the method further includes:
[0074] 调用模块 8, 用于若确定模块得到的确定结果为是, 则允许所述应用程序调用 所述功能; 还用于若确定模块得到的确定结果为否, 则不允许所述应用程序调 用所述功能。  [0074] The calling module 8 is configured to allow the application to invoke the function if the determination result obtained by the determining module is YES, and to not allow the application to be determined if the determining result obtained by the determining module is negative Call the function.
[0075] 进一步的, 所述第一获取模块 5包括:  [0075] Further, the first acquiring module 5 includes:
[0076] 通知单元 51, 用于当应用程序调用涉及支付操作的功能吋, 通知设备驱动后台 服务;  [0076] the notification unit 51 is configured to notify the device to drive the background service when the application invokes a function related to the payment operation;
[0077] 获取单元 52, 用于设备驱动后台服务获取所述应用程序的标识, 并发送所述标 识至权限管理服务;  [0077] The obtaining unit 52 is configured to: acquire, by the device-driven background service, an identifier of the application, and send the identifier to the rights management service;
[0078] 第二获取模块 6, 具体用于权限管理服务依据所述关联关系, 获取所述标识对 应的权限表;  [0078] The second obtaining module 6 is specifically configured to acquire, according to the association relationship, a permission table corresponding to the identifier according to the association relationship;
[0079] 所述确定模块 7包括: [0079] The determining module 7 includes:
[0080] 确定单元 71, 用于权限管理服务依据权限表确定所述应用程序是否有调用所述 功能的权限;  [0080] determining unit 71, configured to determine, by the rights management service, whether the application has the right to invoke the function according to the permission table;
[0081] 返回单元 72, 用于权限管理服务返回确定结果至设备驱动后台服务。  [0081] The returning unit 72 is configured to return the determination result to the device driver background service by the rights management service.
[0082] 进一步的, 所述确定模块 7还包括: [0082] Further, the determining module 7 further includes:
[0083] 分配单元 73, 用于设备驱动后台服务依据所述确定结果判断是否给所述应用程 序分配所述功能对应的设备 /操作句柄。  [0083] The allocating unit 73 is configured to determine, according to the determining result, whether to allocate the device/operation handle corresponding to the function to the application according to the determining result.
[0084] 进一步的, 所述标识为用户 ID。 [0084] Further, the identifier is a user ID.
[0085] 实施例一 Embodiment 1
[0086] 请参照图 2, 本实施例提供一种提高支付终端应用安全性的方法, 适用于具有 支付功能的终端设备, 特别是引入第三方应用程序的支付终端, 能够很好的保 障终端的支付安全。 [0087] 该方法可以包括以下步骤: [0086] Please refer to FIG. 2, this embodiment provides a method for improving the security of a payment terminal application, which is applicable to a terminal device having a payment function, in particular, a payment terminal that introduces a third-party application, which can well protect the terminal. Payment security. [0087] The method can include the following steps:
[0088] S1 : 第三方应用发布者声明其发布的应用程序在使用过程中可能会用到的支付 相关功能, 对应该支付相关功能设置对应的权限, 生成该应用程序对应的权限 表; 所述权限表中列出对应是否可以使用 IC卡、 磁卡、 射频卡、 打印; 是否允 许输入 PIN; 是否允许下载密钥等支付相关功能的使用权限; 比如对于进销存软 件, 禁用所有支付相关功能, 包括安全相关、 卡类、 打印等;  [0088] S1: The third-party application publisher declares that the published application may use the payment-related function during use, and corresponds to the permission corresponding to the relevant function setting, and generates a permission table corresponding to the application; The permission table lists whether the IC card, magnetic card, RF card, and print can be used; whether to allow the PIN to be entered; whether to allow the use of payment related functions such as downloading keys; for example, for the invoicing software, disable all payment related functions, Including safety related, card type, printing, etc.
[0089] S2: 发布者对应用程序及其权限表进行数字签名; 具体的, 可以将权限表放在 应用程序尾部进行整体数字签名; 该步骤用于在第三方应用程序下载到终端上 吋, 终端检验第三方应用程序是否被篡改。 在此, 对权限表也一并进行数字签 名, 不仅能够保障终端所获取的第三方应用程序的安全性, 又能保障发布者声 明的对应该第三方应用程序的权限表的安全性, 确保其未经非法篡改;  [0089] S2: The publisher digitally signs the application and its permission table; specifically, the permission table may be placed at the end of the application for overall digital signature; this step is used to download the third-party application to the terminal, The terminal verifies that the third party application has been tampered with. Here, the permission table is also digitally signed, which not only ensures the security of the third-party application acquired by the terminal, but also ensures the security of the permission table of the third-party application declared by the publisher, and ensures its security. Not illegally tampering;
[0090] S3: 终端下载上述应用程序, 对于终端而言, 上述应用程序为第三方应用程序 ; 终端获取经过数字签名的第三方应用程序及其权限表;  [0090] S3: the terminal downloads the foregoing application, and for the terminal, the application is a third-party application; the terminal acquires the digitally signed third-party application and its permission table;
[0091] S4: 终端依据事先合法地从发布者获取的密钥对签名后的第三方应用程序及其 权限表进行验证; 若验证通过, 则获取第三方应用程序及其权限表, 证明其具 备较高安全性; 继续执行 S5; 若验证不通过, 则证明第三方应用程序或者其权 限表存在不安全因素, 第三方应用程序安装失败;  [0091] S4: The terminal verifies the signed third-party application and its permission table according to the key that is legally obtained from the publisher in advance; if the verification is passed, the third-party application and its permission table are obtained, and the terminal is proved to have Higher security; continue to execute S5; if the verification fails, it proves that there is an insecure factor in the third-party application or its permission table, and the third-party application fails to be installed;
[0092] S5: 终端为所获取的第三方应用程序分配一唯一的标识; 优选的, 所述标识为 用户 ID; 基于安卓操作系统中每个应用程序之间可以做到相互隔离, 每个应用 程序都可以有独立的 Linux的用户 ID和组 ID, 因此, 以用户 ID作为第三方应用程 序的唯一标识, 用于区分不同的应用程序;  [0092] S5: The terminal allocates a unique identifier to the obtained third-party application; preferably, the identifier is a user ID; each application in the Android operating system may be isolated from each other, and each application The program can have a separate Linux user ID and group ID, so the user ID is used as the unique identifier of the third-party application to distinguish different applications;
[0093] S6: 建立所获取的第三应用程序及其权限表、 用户 ID的关联关系; 优选的, 存 储所述关联关系至关联表中; 所述关联表中对应存储有不同第三方应用程序的 关联信息;  [0093] S6: establishing an association relationship between the acquired third application and its permission table and user ID; preferably, storing the association relationship into the association table; and storing, in the association table, different third-party applications Associated information;
[0094] S7: 当一第三方应用程序执行过程中, 需要用到支付相关操作的功能吋, 终端 系统将执行权限检査, 依据该第三方应用程序的用户 ID, 从关联关系中获取与 所述用户 ID对应的权限表; 然后依据权限表判断该第三方应用程序是否有合法 调用上述功能的权限; [0095] 优选的, 步骤 S7可以包括以下子步骤: [0094] S7: When a third-party application is executed, a function of payment related operations is needed, and the terminal system performs a permission check, and obtains a relationship from the association relationship according to the user ID of the third-party application. Determining the permission table corresponding to the user ID; and then determining, according to the permission table, whether the third-party application has the right to legally invoke the above function; [0095] Preferably, step S7 may include the following sub-steps:
[0096] S71 : 当应用程序调用涉及支付操作的功能吋, 需要通知设备驱动后台服务执 行相应操作; 比如打幵射频卡获取设备句柄;  [0096] S71: When the application invokes a function related to the payment operation, the device driver is required to drive the background service to perform the corresponding operation; for example, the RF card is used to acquire the device handle;
[0097] S72: 设备驱动后台服务先获取所述应用程序的用户 ID, 然后发送该用户 ID至 权限管理服务检査权限; [0097] S72: the device driver background service first obtains the user ID of the application, and then sends the user ID to the rights management service check permission;
[0098] S72: 权限管理服务依据上述用户 ID, 从存储的关联关系中获取所述用户 ID对 应的权限表; 即调用该功能的应用程序在安装吋随带的权限表; [0098] S72: The rights management service obtains, according to the user ID, the permission table corresponding to the user ID from the stored association relationship; that is, the application that invokes the function is installed in the permission table;
[0099] S73: 权限管理服务依据权限表确定所述应用程序是否有调用所述功能的权限[0099] S73: The rights management service determines, according to the permission table, whether the application has permission to invoke the function.
; 如判断该应用程序是否有使用射频卡的权限; 若否, 则执行 S74; 若是, 则执 行 S75; If it is determined whether the application has the right to use the RF card; if not, execute S74; if yes, execute S75;
[0100] S74: 权限管理服务返回不允许操作的确定结果给设备驱动后台服务。 比如, 对于打幵设备操作, 设备驱动后台服务不给该应用程序分配设备句柄, 而是直 接返回错误; 由于应用程序无法获取射频卡的设备句柄, 则无法进行后续射频 卡操作。  [0100] S74: The rights management service returns a determination result that does not allow the operation to the device driver background service. For example, for a device operation, the device driver background service does not assign a device handle to the application, but directly returns an error; since the application cannot obtain the device handle of the RF card, subsequent RF card operations cannot be performed.
[0101] S75: 权限管理服务返回允许操作的确定结果给设备驱动后台服务; 设备驱动 后台服务给所述第三方应用程序分配设备句柄; 第三方应用程序使用设备句柄 进行后续操作。  [0101] S75: the rights management service returns a determination result of the permission operation to the device driver background service; the device driver background service allocates a device handle to the third party application; the third party application uses the device handle for subsequent operations.
[0102] 需要说明的是, 大部分外设是在打幵设备吋, 由设备驱动后台服务检査权限, 通过后分配设备句柄给应用, 应用可以使用该设备句柄进行后续外设操作。 但 有些设备需要细分不同操作权限, 所以, 除了在打幵设备吋进行权限检査, 某 些操作也会进行权限检査, 如果权限检査不通过, 设备驱动后台服务不会进行 该操作并返回错误给应用程序。 比如: PINPAD设备, 除了访问 PINPAD设备权 限外, 还会控制是否可以进行 PIN输入的权限。 这样, 除了打幵 PINPAD设备吋 有权限检査外, 在应用程序调用 API进行 PIN输入吋, 也会进行权限检査; 如果 权限检査不通过, 则返回错误, 且 PIN输入操作不会被执行。  [0102] It should be noted that most of the peripheral devices are in the device, and the device drives the background service to check the permissions. After the device handle is assigned to the application, the application can use the device handle to perform subsequent peripheral operations. However, some devices need to subdivide different operation rights. Therefore, in addition to checking the permissions of the device, some operations will also perform permission checks. If the permission check fails, the device driver background service will not perform the operation. Return an error to the application. For example: PINPAD devices, in addition to accessing PINPAD device rights, also control whether PIN entry is possible. In this way, in addition to the PINPAD device, there is a permission check. When the application calls the API for PIN input, the permission check is also performed. If the permission check fails, an error is returned, and the PIN input operation is not executed. .
[0103] 本实施例基于签名工具、 权限管理服务、 设备驱动后台服务之间的协同配合, 建立针对第三方应用程序的权限管理机制, 实现了对第三方应用的权限管理, 使得第三方应用程序在使用支付相关功能吋受到限制, 避免支付终端在引入第 三方应用后被误用或滥用, 造成人民财产的损失; 同吋, 又不用花费大量精力 和财力对第三方应用进行源码审核, 在提高终端支付安全性的同吋, 又能做到 资源节省。 [0103] In this embodiment, based on the cooperation between the signature tool, the rights management service, and the device driver background service, a rights management mechanism for the third-party application is established, and the rights management of the third-party application is implemented, so that the third-party application is implemented. Restricted when using payment-related functions, avoiding the payment terminal being introduced After the application of the three parties, it is misused or misused, resulting in the loss of people's property. At the same time, it is not necessary to spend a lot of energy and financial resources to conduct source code audits on third-party applications, and to improve the security of terminal payment, and to save resources.
[0104] 实施例二 Embodiment 2
[0105] 请参照图 4, 本实施例提供一种提高支付终端应用安全性的系统, 包括:  [0105] Please refer to FIG. 4, the embodiment provides a system for improving security of a payment terminal application, including:
[0106] 生成模块 1, 用于预设应用程序的权限, 生成对应所述应用程序的权限表; [0107] 签名模块 2, 用于发布者对应用程序及其权限表进行数字签名; [0106] The generating module 1 is configured to preset a permission of the application, and generate a permission table corresponding to the application; [0107] a signature module 2, configured to perform digital signature on the application and its permission table by the publisher;
[0108] 分配模块 3, 用于终端验证所述数字签名通过后, 获取所述应用程序及其权限 表, 并为所述应用程序分配一标识; [0108] The distribution module 3 is configured to: after the terminal verifies that the digital signature is passed, obtain the application and its permission table, and assign an identifier to the application;
[0109] 关联模块 4, 用于建立应用程序、 标识和权限表的关联关系; [0109] an association module 4, configured to establish an association relationship between an application, an identifier, and a permission table;
[0110] 第一获取模块 5, 用于当应用程序调用涉及支付操作的功能吋, 终端获取所述 应用程序的标识; [0110] a first obtaining module 5, configured to: when an application invokes a function related to a payment operation, the terminal acquires an identifier of the application;
[0111] 第二获取模块 6, 用于终端依据所述关联关系, 获取所述标识对应的权限表; [0112] 确定模块 7, 用于终端依据所述权限表确定所述应用程序是否有调用所述功能 的权限。  [0111] The second obtaining module 6 is configured to acquire, by the terminal, the permission table corresponding to the identifier according to the association relationship; [0112] the determining module 7 is configured to determine, by the terminal, whether the application has a call according to the permission table. The permissions of the function.
[0113] 还包括: [0113] also includes:
[0114] 调用模块 8, 用于若确定模块得到的确定结果为是, 则允许所述应用程序调用 所述功能; 还用于若确定模块得到的确定结果为否, 则不允许所述应用程序调 用所述功能。  [0114] a calling module 8 is configured to allow the application to invoke the function if the determination result obtained by the determining module is YES; and to not allow the application to be determined if the determining result obtained by the determining module is negative Call the function.
[0115] 优选的, 所述第一获取模块 5包括:  [0115] Preferably, the first acquiring module 5 includes:
[0116] 通知单元 51, 用于当应用程序调用涉及支付操作的功能吋, 通知设备驱动后台 服务;  [0116] the notification unit 51 is configured to notify the device to drive the background service when the application invokes a function related to the payment operation;
[0117] 获取单元 52, 用于设备驱动后台服务获取所述应用程序的标识, 并发送所述标 识至权限管理服务; 优选的, 所述标识为用户 ID。  [0117] The obtaining unit 52 is configured to acquire, by the device-driven background service, the identifier of the application, and send the identifier to the rights management service. Preferably, the identifier is a user ID.
[0118] 第二获取模块 6, 具体用于权限管理服务依据所述关联关系, 获取所述标识对 应的权限表; [0118] The second obtaining module 6 is specifically configured to acquire, according to the association relationship, a permission table corresponding to the identifier according to the association relationship;
[0119] 所述确定模块 7包括: [0119] The determining module 7 includes:
[0120] 确定单元 71, 用于权限管理服务依据权限表确定所述应用程序是否有调用所述 功能的权限; [0120] a determining unit 71, configured to determine, by the permission table, whether the application has the call Functional authority;
[0121] 返回单元 72, 用于权限管理服务返回确定结果至设备驱动后台服务。  [0121] The returning unit 72 is configured to return the determination result to the device driver background service by the rights management service.
[0122] 优选的, 所述确定模块 7还包括: [0122] Preferably, the determining module 7 further includes:
[0123] 分配单元 73, 用于设备驱动后台服务依据所述确定结果判断是否给所述应用程 序分配所述功能对应的设备 /操作句柄。  [0123] The allocating unit 73 is configured to determine, by the device driving background service, whether to allocate the device/operation handle corresponding to the function to the application according to the determining result.
[0124] 综上所述, 本发明提供的提高支付终端应用安全性的方法及其装置, 不仅省去 了对第三方应用源码的审核过程, 节省人力物力资源; 而且属于事前验证, 有 效防止安全问题的发生; 进一步的, 本申请无需引入额外的设备, 直接运用终 端现有配置进行权限管控, 不仅提高了本发明的通用性, 而且其安全性和简便 性不言而喻。  [0124] In summary, the method and device for improving the security of a payment terminal application provided by the present invention not only save the review process of the third-party application source code, but also save manpower and material resources; and belong to pre-verification and effectively prevent security. The problem occurs. Further, the present application does not need to introduce additional equipment, and directly uses the existing configuration of the terminal to perform authority control, which not only improves the versatility of the present invention, but also its security and simplicity are self-evident.
[0125]  [0125]

Claims

权利要求书 Claim
[权利要求 1] 提高支付终端应用安全性的方法, 其特征在于, 包括:  [Claim 1] A method for improving security of a payment terminal application, comprising:
预设应用程序的权限, 生成对应所述应用程序的权限表;  Presetting the permissions of the application, generating a permission table corresponding to the application;
发布者对应用程序及其权限表进行数字签名;  The publisher digitally signs the application and its permission table;
终端验证所述数字签名通过后, 获取所述应用程序及其权限表, 并为 所述应用程序分配一标识;  After the terminal verifies that the digital signature is passed, the application and its permission table are obtained, and an identifier is assigned to the application;
建立应用程序、 标识和权限表的关联关系;  Establish associations between applications, identities, and permission tables;
当应用程序调用涉及支付操作的功能吋, 终端获取所述应用程序的标 识;  When the application invokes a function related to the payment operation, the terminal acquires the identification of the application;
终端依据所述关联关系, 获取所述标识对应的权限表;  The terminal obtains the permission table corresponding to the identifier according to the association relationship;
终端依据所述权限表确定所述应用程序是否有调用所述功能的权限。  The terminal determines, according to the permission table, whether the application has the right to invoke the function.
[权利要求 2] 如权利要求 1所述的提高支付终端应用安全性的方法, 其特征在于, 所述依据所述权限表确定所述应用程序是否有调用所述功能的权限, 之后, 进一步包括:  [Claim 2] The method for improving security of a payment terminal application according to claim 1, wherein the determining, according to the permission table, whether the application has permission to invoke the function, and further comprising :
若是, 则允许所述应用程序调用所述功能;  If yes, allowing the application to invoke the function;
若否, 则不允许所述应用程序调用所述功能。  If not, the application is not allowed to invoke the function.
[权利要求 3] 如权利要求 1所述的提高支付终端应用安全性的方法, 其特征在于, 所述当应用程序调用涉及支付操作的功能吋, 终端获取所述应用程序 的标识; 终端依据所述关联关系, 终端获取所述标识对应的权限表, 依据所述权限表确定所述应用程序是否有调用所述功能的权限, 具体 为: [Claim 3] The method for improving security of a payment terminal application according to claim 1, wherein when the application invokes a function related to a payment operation, the terminal acquires an identifier of the application; In the association relationship, the terminal obtains the permission table corresponding to the identifier, and determines, according to the permission table, whether the application has the permission to invoke the function, specifically:
当应用程序调用涉及支付操作的功能吋, 通知设备驱动后台服务; 设备驱动后台服务获取所述应用程序的标识, 并发送所述标识至权限 管理服务;  When the application invokes a function related to the payment operation, notifying the device to drive the background service; the device driver background service acquires the identifier of the application, and sends the identifier to the rights management service;
权限管理服务依据所述关联关系, 获取所述标识对应的权限表; 权限管理服务依据权限表确定所述应用程序是否有调用所述功能的权 限;  The rights management service obtains the permission table corresponding to the identifier according to the association relationship; the rights management service determines, according to the permission table, whether the application has the right to invoke the function;
权限管理服务返回确定结果至设备驱动后台服务。 The rights management service returns the determination result to the device driver background service.
[权利要求 4] 如权利要求 3所述的提高支付终端应用安全性的方法, 其特征在于, 所述权限管理服务返回确定结果至设备驱动后台服务, 之后, 进一步 包括: [Claim 4] The method for improving security of a payment terminal application according to claim 3, wherein the rights management service returns a determination result to the device driver background service, and then further includes:
设备驱动后台服务依据所述确定结果判断是否给所述应用程序分配所 述功能对应的设备 /操作句柄。  The device driver background service determines, according to the determination result, whether to allocate the device/operation handle corresponding to the function to the application.
[权利要求 5] 如权利要求 1所述的提高支付终端应用安全性的方法, 其特征在于, 所述标识为用户 ID。 [Claim 5] The method for improving security of a payment terminal application according to claim 1, wherein the identifier is a user ID.
[权利要求 6] 提高支付终端应用安全性的系统, 其特征在于, 包括: [Claim 6] A system for improving the security of a payment terminal application, comprising:
生成模块, 用于预设应用程序的权限, 生成对应所述应用程序的权限 表;  a generating module, configured to preset a permission of the application, and generate a permission table corresponding to the application;
签名模块, 用于发布者对应用程序及其权限表进行数字签名; 分配模块, 用于终端验证所述数字签名通过后, 获取所述应用程序及 其权限表, 并为所述应用程序分配一标识;  a signature module, configured to perform a digital signature on the application and its permission table by the publisher; and an allocation module, configured to: after the terminal verifies the digital signature, obtain the application and its permission table, and assign a Identification
关联模块, 用于建立应用程序、 标识和权限表的关联关系; 第一获取模块, 用于当应用程序调用涉及支付操作的功能吋, 终端获 取所述应用程序的标识;  An association module, configured to establish an association relationship between the application, the identifier, and the permission table; a first obtaining module, configured to: when the application invokes a function related to the payment operation, the terminal obtains the identifier of the application;
第二获取模块, 用于终端依据所述关联关系, 获取所述标识对应的权 限表;  a second obtaining module, configured to acquire, according to the association relationship, a privilege table corresponding to the identifier;
确定模块, 用于终端依据所述权限表确定所述应用程序是否有调用所 述功能的权限。  And a determining module, configured by the terminal, according to the permission table, to determine whether the application has the right to invoke the function.
[权利要求 7] 如权利要求 6所述的提高支付终端应用安全性的系统, 其特征在于, 还包括:  [Claim 7] The system for improving the security of a payment terminal application according to claim 6, further comprising:
调用模块, 用于若确定模块得到的确定结果为是, 则允许所述应用程 序调用所述功能; 还用于若确定模块得到的确定结果为否, 则不允许 所述应用程序调用所述功能。  Calling a module, if the determining result obtained by the determining module is yes, allowing the application to invoke the function; and if the determining result obtained by the determining module is negative, the application is not allowed to invoke the function .
[权利要求 8] 如权利要求 6所述的提高支付终端应用安全性的系统, 其特征在于, 所述第一获取模块包括: [Claim 8] The system for improving security of a payment terminal application according to claim 6, wherein the first obtaining module comprises:
通知单元, 用于当应用程序调用涉及支付操作的功能吋, 通知设备驱 动后台服务; a notification unit, configured to notify the device driver when the application calls a function involving a payment operation Background service;
获取单元, 用于设备驱动后台服务获取所述应用程序的标识, 并发送 所述标识至权限管理服务;  An obtaining unit, configured to: acquire, by the device-driven background service, an identifier of the application, and send the identifier to the rights management service;
第二获取模块, 具体用于权限管理服务依据所述关联关系, 获取所述 标识对应的权限表;  The second obtaining module is specifically configured to acquire, according to the association relationship, the permission table corresponding to the identifier;
所述确定模块包括:  The determining module includes:
确定单元, 用于权限管理服务依据权限表确定所述应用程序是否有调 用所述功能的权限;  a determining unit, configured to determine, by the permission table, whether the application has permission to invoke the function according to the permission table;
返回单元, 用于权限管理服务返回确定结果至设备驱动后台服务。  The return unit is used by the rights management service to return the determination result to the device driver background service.
[权利要求 9] 如权利要求 8所述的提高支付终端应用安全性的系统, 其特征在于, 所述确定模块还包括:  [Claim 9] The system for improving security of a payment terminal application according to claim 8, wherein the determining module further comprises:
分配单元, 用于设备驱动后台服务依据所述确定结果判断是否给所述 应用程序分配所述功能对应的设备 /操作句柄。  And an allocating unit, configured to determine, by the device driving background service, whether to allocate the device/operation handle corresponding to the function to the application according to the determining result.
[权利要求 10] 如权利要求 6所述的提高支付终端应用安全性的系统, 其特征在于, 所述标识为用户 ID。 [Claim 10] The system for improving security of a payment terminal application according to claim 6, wherein the identifier is a user ID.
PCT/CN2017/098252 2016-08-31 2017-08-21 Method and system for improving application security of payment terminal WO2018040972A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610784075.2A CN106372496A (en) 2016-08-31 2016-08-31 Method and system for improving payment terminal application security
CN201610784075.2 2016-08-31

Publications (1)

Publication Number Publication Date
WO2018040972A1 true WO2018040972A1 (en) 2018-03-08

Family

ID=57899271

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/098252 WO2018040972A1 (en) 2016-08-31 2017-08-21 Method and system for improving application security of payment terminal

Country Status (2)

Country Link
CN (1) CN106372496A (en)
WO (1) WO2018040972A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106372496A (en) * 2016-08-31 2017-02-01 福建联迪商用设备有限公司 Method and system for improving payment terminal application security
WO2019079998A1 (en) * 2017-10-25 2019-05-02 福建联迪商用设备有限公司 Method and terminal for managing and controlling permission of application, and pos terminal
CN108073428B (en) * 2017-12-06 2022-09-09 福建新大陆支付技术有限公司 QDbus-based payment terminal plug-in-device service implementation method and device
CN108717507A (en) * 2018-04-20 2018-10-30 烽火通信科技股份有限公司 A kind of management method and system of Android application programs permission
CN112150137A (en) * 2019-06-28 2020-12-29 北京奇虎科技有限公司 Method and apparatus for controlling network payment, electronic device and medium
CN111427705B (en) * 2020-03-16 2023-05-02 北京字节跳动网络技术有限公司 Data synchronization method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499153A (en) * 2008-12-26 2009-08-05 北京握奇数据系统有限公司 Method and device for implementing security mobile payment
CN102413220A (en) * 2011-11-24 2012-04-11 中兴通讯股份有限公司 Method for controlling right of using connection function and mobile terminal
US20130055387A1 (en) * 2011-08-24 2013-02-28 Pantech Co., Ltd. Apparatus and method for providing security information on background process
CN104346559A (en) * 2014-11-26 2015-02-11 北京奇虎科技有限公司 Authority request response method and device thereof
CN105741444A (en) * 2016-01-29 2016-07-06 广州广电运通金融电子股份有限公司 Application authentication method and device for financial self-service equipment based on Linux system
CN106372496A (en) * 2016-08-31 2017-02-01 福建联迪商用设备有限公司 Method and system for improving payment terminal application security

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140026198A1 (en) * 2012-07-23 2014-01-23 Kabushiki Kaisha Toshiba Information processing apparatus and control method
CN104464114A (en) * 2014-12-11 2015-03-25 上海富友支付服务有限公司 System and method for managing and monitoring safety of application of financial terminals
CN105592039B (en) * 2015-07-24 2018-12-25 中国银联股份有限公司 The safety equipment of settable permission realizes system and its implementation
CN105373727B (en) * 2015-12-15 2018-04-20 福建实达电脑设备有限公司 The equipment blocking method redirected based on virtual unit
CN105631654A (en) * 2015-12-25 2016-06-01 中国民航信息网络股份有限公司 Self-service counter payment method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499153A (en) * 2008-12-26 2009-08-05 北京握奇数据系统有限公司 Method and device for implementing security mobile payment
US20130055387A1 (en) * 2011-08-24 2013-02-28 Pantech Co., Ltd. Apparatus and method for providing security information on background process
CN102413220A (en) * 2011-11-24 2012-04-11 中兴通讯股份有限公司 Method for controlling right of using connection function and mobile terminal
CN104346559A (en) * 2014-11-26 2015-02-11 北京奇虎科技有限公司 Authority request response method and device thereof
CN105741444A (en) * 2016-01-29 2016-07-06 广州广电运通金融电子股份有限公司 Application authentication method and device for financial self-service equipment based on Linux system
CN106372496A (en) * 2016-08-31 2017-02-01 福建联迪商用设备有限公司 Method and system for improving payment terminal application security

Also Published As

Publication number Publication date
CN106372496A (en) 2017-02-01

Similar Documents

Publication Publication Date Title
WO2018040972A1 (en) Method and system for improving application security of payment terminal
US11637707B2 (en) System and method for managing installation of an application package requiring high-risk permission access
US11126754B2 (en) Personalized and cryptographically secure access control in operating systems
CN104104672B (en) The method that dynamic authorization code is established in identity-based certification
US9112854B1 (en) Secure communication between applications on untrusted platforms
US20190138698A1 (en) System and method for controlled access to application programming interfaces
US9954850B2 (en) Service locking method, apparatuses and systems thereof
CN103744686A (en) Control method and system for installing application in intelligent terminal
WO2020173019A1 (en) Access certificate verification method and device, computer equipment and storage medium
CN111526111A (en) Control method, device and equipment for logging in light application and computer storage medium
CN111159657A (en) Application program authentication method and system
CN101686129A (en) Novel method for strong safety service and user resource management
CN105743651A (en) Method and apparatus for utilizing card application in chip security domain, and application terminal
CN110581833B (en) Service security protection method and device
WO2016045042A1 (en) Method and device for managing content in secure element
CN111163063B (en) Edge application management method and related product
CN105335673A (en) Information safety processing method and device
CN112464176B (en) Authority management method and device, electronic equipment and storage medium
US10367644B2 (en) Methods for managing content, computer program products and secure element
CN110971670B (en) Network certificate calling method and device based on network certificate platform and storage medium
CN113962711A (en) Data processing method, device and equipment
CN113890738A (en) Electronic signature method and device
CN112187725A (en) Cloud computing resource access method and device, service line service and gateway
CN106534047A (en) Information transmitting method and apparatus based on Trust application
KR20150043954A (en) Access control system and method to security engine of mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17845274

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17845274

Country of ref document: EP

Kind code of ref document: A1