CN105591746B - A kind of processing method and processing system of online binding accepting terminal - Google Patents
A kind of processing method and processing system of online binding accepting terminal Download PDFInfo
- Publication number
- CN105591746B CN105591746B CN201410753995.9A CN201410753995A CN105591746B CN 105591746 B CN105591746 B CN 105591746B CN 201410753995 A CN201410753995 A CN 201410753995A CN 105591746 B CN105591746 B CN 105591746B
- Authority
- CN
- China
- Prior art keywords
- terminal
- hsn
- host computer
- accepting terminal
- user information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to the processing methods of online binding accepting terminal.This method includes the following steps: preset HSN, all preset terminal key TK in background system and accepting terminal for being used to uniquely identify accepting terminal in accepting terminal, and corresponding relationship between HSN and TK is being recorded in background system;Operator initiates the bindings of accepting terminal in host computer, and host computer is sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement, and by the user information of input;After confirming whether user information is correct by user in accepting terminal, HSN and user information are encrypted with TK, form encryption information EM, and the HSN of EM and plaintext is returned into host computer;The request that host computer is bound to background system initiating terminal, and on send the HSN of encryption information EM, plaintext;In background system according to the information received, confirm whether binding relationship is true.
Description
Technical field
The present invention relates to the data interaction technologies of a kind of terminal and system, can safely and reliably exist more particularly to one kind
First bind the processing method and processing system of accepting terminal.
Background technique
Currently there are accepting terminals to realize business processing by connection host computer and carry out data interaction with backstage,
Representative product includes: the audio card reader and internet IC card card reader for individual's payment, the shifting for the business of collecting money
Dynamic POS, simple POS etc..Accepting terminal generally provides the function of reading data and encryption and decryption, but under original state usually not with
Actual user's binding needs to complete binding in service fulfillment, so that the data that the terminal obtains are used for actual user.
Since host computer is usually the universal electrics commodity such as mobile phone, tablet computer, thereby increases and it is possible to pass through public network and backstage
System interaction, safety are lower.Once host computer is attacked, program is taken over, in fact it could happen that following situations: operator thinks to work as
It is preceding with oneself user name login system, and accepting terminal is tied under one's name by the user name by on-line operation;In fact, attack
Person's adapter tube host computer application program, the information of replacement real user input and display, terminal are bound under attacker's user name.
Follow-on attack person controls host computer by continuing, and all data obtained by the terminal and respective transaction are included in attacker's use
Name in an account book is under one's name.
In the prior art and Related product and device, terminal and the online binding procedure of user are not provided with validation of information and guarantor
Protection mechanism, there are drawbacks described above, so that terminal is bound, particularly be related to the terminal bindings of funds transaction, there are potential safety is hidden
Suffer from.
Summary of the invention
In view of the above problems, the present invention is intended to provide a kind of can guarantee that binding relationship accuracy and the online of safety are tied up
Determine the processing method and processing system of accepting terminal.
The processing method of online binding accepting terminal of the invention, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number HSN of accepting terminal in accepting terminal,
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in background system and accepting terminal,
Corresponding relationship between HSN and TK is recorded in background system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates accepting terminal in host computer
Bindings, host computer sends the user information of operator to and accepts end to accepting terminal initiating terminal binding acknowledgement
End;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in the case where it is correct for confirming user information, described in accepting terminal utilization
TK encrypts the HSN and the user information, forms encryption information EM, and by the encryption information EM and bright
The HSN of text returns to host computer;
Bind request step: request that host computer is bound to background system initiating terminal and on send the encryption information EM,
The HSN of the plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, the HSN is obtained only according to the HSN of the plaintext
On the other hand one corresponding terminal key TK solves encryption information EM with the terminal key TK obtained in background system
It is close, obtain user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether unanimously, it is consistent in the two
In the case of, then confirm that binding relationship is set up and stores the binding relationship in background system;
Binding result notifying process: background system returns to binding result to host computer.
Preferably, the binding step of initiating includes following sub-steps:
Operator inputs user information progress system remote by host computer and logs in;
Communication connection accepting terminal;
Operator initiates the bindings of accepting terminal in host computer;
Host computer is sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement and by the user information of operator.
Preferably, in the user information verification step, as operator confirms that user information is correct user really
Information, then user completes the confirmation of user information by defined input operation.
Preferably, the user information is user name, that is, UserID.
Preferably, the user information encipherment protection step includes following sub-steps:
Background system is found out uniquely corresponding with the HSN according to based on the corresponding relationship has been stored according to plaintext HSN
Terminal key TK;
Background system obtain terminal key TK encryption information EM is decrypted, obtain user name UserID and
HSN';
Background system compares the HSN of HSN ' and plaintext that decryption obtains, is confirmed whether consistent;
Under the two unanimous circumstances, in tying up for background system storage user name UserID and terminal unique identifying number HSN
Determine relationship.
The processing method of online binding accepting terminal of the invention, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number i.e. HSN of accepting terminal in accepting terminal,
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in background system and accepting terminal,
Corresponding relationship between HSN and TK is being recorded in background system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates accepting terminal in host computer
Bindings, host computer sends the user information of operator to and accepts end to accepting terminal initiating terminal binding acknowledgement
End;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in accepting terminal, obtaining a working key WK protected by terminal key TK,
The HSN and the user information are encrypted using the working key WK replacement terminal cipher key T K, form encryption
Information EM, and the HSN of the encryption information EM and plaintext is returned into host computer;
Bind request step: the request that host computer is bound to background system initiating terminal, and on send the encryption information EM,
The HSN of the plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, the HSN is obtained only according to the HSN of the plaintext
One corresponding terminal key TK, on the other hand, with WK pairs of terminal key TK the protected working key obtained in background system
Encryption information EM is decrypted, and obtains user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether
Unanimously, under the two unanimous circumstances, then confirm that binding relationship is set up and stores the binding relationship in background system;
Binding result notifying process: background system returns to binding result to host computer.
Preferably, the working key WK is a key either group key for carrying out encryption fortune to different data
The key of calculation.
The processing method of online binding accepting terminal of the invention, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number i.e. HSN of accepting terminal in accepting terminal,
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in background system and accepting terminal,
Corresponding relationship between HSN and TK is being recorded in background system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates accepting terminal in host computer
Bindings, host computer sends the user information of operator to and accepts end to accepting terminal initiating terminal binding acknowledgement
End;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in the case where it is correct for confirming user information, described in accepting terminal utilization
TK encrypts the HSN and the user information, forms encryption information EM, and by the encryption information EM, bright
The HSN and transaction data of text return to host computer;
Bind request step: the request that host computer is bound to background system initiating terminal, and on send the encryption information EM,
The HSN and transaction data of the plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, the HSN is obtained only according to the HSN of the plaintext
On the other hand one corresponding terminal key TK solves encryption information EM with the terminal key TK obtained in background system
It is close, obtain user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether unanimously, it is only consistent in the two
In the case where, just transaction data is handled;
Binding result notifying process: background system returns to transaction data processing result to host computer.
Preferably, in the user information verification step, as operator confirms that user information is correct user really
Information, then user completes the confirmation of user information by defined input operation.
The processing system of online binding accepting terminal of the invention, which is characterized in that including accepting terminal, host computer, after
Platform system,
The module that accepts includes:
First memory module, for terminal unique identifying number HSN and terminal key TK to be stored in advance;
First input module, for being advised when confirming whether following user informations from host computer are correct by user
Fixed input;
First encryption/decryption module, for being encrypted with terminal key TK to terminal unique identifying number HSN and generating encryption
Information EM;
First communication module, for carrying out sending and receiving for data between the accepting terminal and the host computer,
For sending host computer for the HSN of the encryption information EM and plaintext;
First display module, for showing the user information confirmed for user in the accepting terminal;And
First processing module, for handling the information sent from the host computer;
The host computer includes:
Input module, for inputting user information and password;
Processing module, for initiating bindings from host computer to accepting terminal and being bound to accepting terminal initiating terminal true
Recognize;
Second communication module, for carrying out sending and receiving and being used for for data between host computer and accepting terminal
It carries out data between host computer and background system to send and receive, for by the encryption information EM that receives and plaintext
HSN is forwarded to host computer;
The background system includes:
Third memory module, for storing the corresponding relationship between terminal unique identifying number HSN and terminal key TK, with
And for storing the binding relationship in the case where establishment of the binding relationship of accepting terminal and host computer;
Third encryption/decryption module obtains the HSN only according to the HSN of the plaintext received according to the corresponding relationship
On the other hand one corresponding terminal key TK is decrypted encryption information EM with the terminal key TK of acquisition, obtain user's letter
Breath and HSN ';
Business module, the HSN of HSN ' and plaintext obtained for comparing decryption are confirmed whether unanimously, consistent in the two
In the case of, then confirm that binding relationship is set up;
Third communication module, for carrying out sending and receiving for data between the accepting terminal and the host computer.
Preferably, the host computer is mobile phone, tablet computer, computer.
Preferably, each terminal key TK only uniquely corresponds to an accepting terminal.
Using the processing method and processing system of online binding accepting terminal of the invention can guarantee operator with by
The accuracy for the binding relationship established between reason terminal, and can guarantee that the subsequent operation based on accepting terminal is directed to just
True user thereby guarantees that the safety of the information related to user and operation such as data, fund.Moreover, being added by introducing
Decryption step, and the accepting terminal by having greater security completes the encipherment protection of critical data (UserID and HSN etc.), at
The basis realized for security function.Further, in the present invention, accepting terminal to UserID carry out display and by operator it is true
Recognize, it is ensured that UserID is not tampered before encryption.
Detailed description of the invention
Fig. 1 is the organigram for indicating the processing system of online binding accepting terminal of the invention.
Fig. 2 is the structure of the specific structure of each component units in the processing system for indicate online binding accepting terminal of the invention
Make schematic diagram.
Specific embodiment
What is be described below is some in multiple embodiments of the invention, it is desirable to provide to basic understanding of the invention.And
It is not intended to and confirms crucial or conclusive element of the invention or limit scope of the claimed.
The present invention proposes that a kind of accepting terminal completes the processing method and processing system of user's binding online.Place of the invention
Reason system includes accepting terminal, mobile communication equipment (or mobile terminal, in the present invention referred to as host computer), background system
Parts such as (i.e. teleprocessing systems), processing system of the invention be used for by remote mode realization accepting terminal and user
Line binding, and ensures the accuracy and safety of the binding relationship, prevent because mobile communication equipment or transmission network under fire due to
Caused illegal binding or because of mistake binding caused by maloperation.
Meanwhile accepting terminal of the invention is completed the processing method of user's binding and processing system online and be can also be used at end
Hold the binding relationship protection in use process.
Accepting terminal of the invention complete online user binding processing method and processing system be suitable for bank card (or its
His account) accepting terminal and trade company (or personal) system account binding, be also applied for terminal and the user of other purposes
The binding of system account.
Embodiment 1
Fig. 1 is the organigram for indicating the processing system of online binding accepting terminal of the invention.
As shown in Figure 1, the processing system of online binding accepting terminal of the invention includes: accepting terminal 100, host computer
200 and background system 300.It is connected between host computer 200 and background system 300 by transmission path.
Fig. 2 is the structure of the specific structure of each component units in the processing system for indicate online binding accepting terminal of the invention
Make schematic diagram.
As shown in Figure 1, accepting terminal 100 has: display module 101, Encryption Decryption module 103, leads to input module 102
Interrogate module 104, processing module 105, storage module 106.
Host computer 200 has display module 201, input module 202, processing module 203, communication module 204 and storage
Module 205.Host computer 200 can be mobile phone, tablet computer, apparatus such as computer, be mounted with corresponding application.
Background system 300 has business module 301, Encryption Decryption module 302, storage module 303 and communication module
304。
The binding procedure realized below for the processing system of the online binding accepting terminal using aforementioned present invention carries out
It illustrates.
The processing method (binding method) of online binding accepting terminal of the invention mainly includes the following steps:
Step S100: initial (such as when factory or before formal granting) in its memory module 106 in accepting terminal 100
Preset terminal unique identifying number (being referred to as HSN in the present invention), which uniquely identifies accepting terminal.Moreover, on backstage
All preset terminal key TK in the encryption/decryption module 302 of system 300 and the encryption/decryption module 103 of accepting terminal 100, and for
Terminal key TK realizes " machine one is close ", i.e. a terminal key TK only uniquely corresponds to an accepting terminal.In background system 300
Storage module 303 in record terminal unique identifying number HSN and terminal key TK between corresponding relationship.
Step S101: operator inputs user information (user information packet here by the input module 202 of host computer 200
Include: user number (UserID), identification card number, cell-phone number etc. can identity user information) and password PW carry out system remote step on
Land, and by the communication module 104 of the connection accepting terminal 100 of communication module 204, such as connected by wired or wireless way
It connects.Herein, the processes such as current operator's online registration are no longer described, operator, that is, accepting terminal real user.
Step S102: operator initiates the bindings of accepting terminal 100 in host computer 200, and host computer 200 is to accepting end
100 initiating terminal binding acknowledgements are held, and send accepting terminal 100 for the user information of operator.
Step S103: accepting terminal 100 receives the username information for the operator that host computer 200 is sent, by accepting
The display module 101 of terminal 100 for example shows user name UserID on the screen, and operator is prompted to confirm, such as can show
Show that " please check user, correctly please press [confirmation] key " etc. prompts.
Step S104: if operator confirms that UserID is correct user name really, by specified input operation (including but
It is not limited to: by specified button, a certain region of touch etc.) complete user name confirmation.
Step S105: in the encryption/decryption module 103 of accepting terminal 100, using terminal key TK to terminal unique identification
Number HSN and UserID is encrypted, and forms encryption information EM.Preferably, remote cipher key is carried out using TK to issue
When, an available working key WK(is protected by TK), WK can be a key, be also possible to a group key for not
Cryptographic calculation is carried out with data.
Step S106: the HSN and other identification informations that accepting terminal 100 returns to EM and plaintext to host computer 200 are (here
Other identifier information refers to the other information such as the SOT state of termination, version).
Step S107: request that host computer 200 is bound to 300 initiating terminal of background system and on send encryption information EM, bright
Literary HSN.As preferred mode, other possible accepting terminals and host computer identification information can also be further included, these
Identification information can be such as host computer APP version, geographical location, host computer type and model, master system type.
Step S108: in background system 300, based on the terminal unique identifying number being already stored in storage module 303
The corresponding relationship of HSN and terminal key TK are found out and the unique corresponding terminal key TK of the HSN, another party according to plaintext HSN
Face is decrypted encryption information EM with the terminal key TK of acquisition, obtains user name UserID in encryption/decryption module 302
And HSN ' compares the HSN of HSN ' and plaintext that decryption obtains in business module 301, is confirmed whether unanimously, it is consistent in the two
In the case where, the binding relationship of user name UserID and terminal unique identifying number HSN are stored in memory module 303.
Step S109: background system 300 returns to binding result, and host computer 200 or accepting terminal 100 show binding result,
Bindings are completed.
Variation 1
Then, the variation 1 of the processing method (binding method) of online binding accepting terminal of the invention is said
It is bright.
It is subsequent in use, accepting terminal 100 also all may be used when being connected to host computer 200 after completion binding as described above
To verify binding relationship correctness again by the above method.Specifically, above-mentioned steps S101~step can be repeated
S109, but what is returned in step S109 will not be binding result, but bind situation verification result.
Variation 2
Then, the variation 2 of the processing method (binding method) of online binding accepting terminal of the invention is said
It is bright.
When carrying out bank card business dealing or other operations for having a major impact or acting on to operator using accepting terminal, on
The method for stating embodiment 1 can be coupled in transaction data, to guarantee that data interactive every time and made operation are all based on standard
True accepting terminal binding relationship and carry out.
User UserID is sent accepting terminal 100 by host computer 200 when transaction, and accepting terminal 100 is sent out to host computer 200
While sending transaction data, the information such as EM and plaintext HSN are included, background system 300 is first verified by above-mentioned steps S108
Binding relationship validity, then reprocesses transaction data.It is specific as follows:
Step S201: operator inputs user information by the input module 202 of host computer 200 and password PW is carried out
System remote logs in, and the communication module 104 of accepting terminal 100 is connected by communication module 204.
Step S202: operator initiates the bindings of accepting terminal 100 in host computer 200, and host computer 200 is to accepting end
100 initiating terminal binding acknowledgements are held, and send accepting terminal 100 for the user information of operator.
Step S203: accepting terminal 100 receives the user's letter including user name for the operator that host computer 200 is sent
Breath, shows user name UserID by the display module 101 of accepting terminal 100, and operator is prompted to confirm on the screen.
Step S204: it if operator confirms that user name UserID is correct user name really, is operated by specified input
Complete user name confirmation.
Step S205: in the encryption/decryption module 103 of accepting terminal 100, using terminal key TK to terminal unique identification
Number HSN and UserID is encrypted, and forms encryption information EM.
Step S206: accepting terminal 100 returns to the HSN and transaction data of EM, plaintext to host computer 200.
Step S207: host computer 200 returns to the HSN of EM, plaintext receiving the host computer 200 from accepting terminal 100
And after transaction data, the request that host computer 200 is bound to 300 initiating terminal of background system, and on send encryption information EM, bright
Literary HSN and transaction data.
Step S208: in background system 300, based on the terminal unique identifying number being already stored in storage module 303
The corresponding relationship of HSN and terminal key TK are found out and the unique corresponding terminal key TK of the HSN, another party according to plaintext HSN
Face is decrypted encryption information EM with the terminal key TK of acquisition, obtains user name UserID in encryption/decryption module 302
And HSN ' compares the HSN of HSN ' and plaintext that decryption obtains in business module 301, is confirmed whether unanimously, it is consistent in the two
In the case where, illustrate binding relationship be it is effective, herein under the premise of, 300 ability of background system handles transaction data.
Step S209: it after background system 300 is completed to transaction data processing, to host computer 200 or/and accepts
The processing result of the return transaction data of terminal 100.
Variation 3
On the basis of above-described embodiment 1, step S105 wherein is further handled: being carried out using TK
When remote cipher key issues, an available working key WK(is protected by TK), WK can be a key, be also possible to one group
Key is used to carry out cryptographic calculation to different data.
When above-mentioned steps S105 use WK in the case where, when delivering key obtain be one group of WK when, selection with backstage
One use of system agreement.Meanwhile WK can be dispersed, formed when time meeting when terminal each time is interacted with backstage
Key SK is talked about, is encrypted with SK, is not repeated to describe.
In addition, in the present invention, accepting terminal 100 is special equipment needed for the business processing of place, such as in bank card
In payment transaction, accepting terminal 100 refers to the equipment for meeting software and hardware safety requirements, and solution is shown, inputted and added to sensitive data
Close function has anti-attack ability.
The processing method and processing system difference with the prior art of online binding accepting terminal of the invention are as follows:
It (1) is each accepting terminal point using the terminal unique identifying number HSN of accepting terminal device hardware as unique identification
With a unique TK, and progress is preset in accepting terminal, and corresponding relationship is documented in background system;
(2) binding of accepting terminal and operator are associated by terminal unique identifying number HSN and user name UserID;
(3) terminal unique identifying number HSN and user name UserID be by TK encryption, avoid with background system interactive process
In the binding relationship be tampered;
(4) user name UserID enters accepting terminal, and is shown, while accepting terminal prompt operator's confirmation, leads to
Cross the process and complete operator itself and safe identification and authorization are carried out to binding information, due to accepting terminal compared with host computer in safety
Higher in ability, display and encryption process can be prevented unique to user name UserID and terminal in TK by special protection
Even if attacker distorts UserID(host computer and attacked before identification number HSN encryption, UserID is replaced, and accepting terminal is shown
The incoming UserID of host computer will not be operator ID;Conversely, the ID will as accepting terminal shows that UserID is really operator ID
It completes to encrypt in accepting terminal internal security region, can not be tampered other than accepting terminal).
Following technology can be obtained using the processing method and processing system of online binding accepting terminal of the invention to imitate
Fruit:
(1) it ensure that the accuracy for the binding relationship established between operator and accepting terminal;
(2) it ensure that the subsequent operation based on accepting terminal is directed to correct user, guarantee data, fund etc. and user
The safety of relevant information and operation;
(3) introduce encryption and decryption mechanism, and the accepting terminal by having greater security complete critical data (UserID and
HSN etc.) encipherment protection, become security function realization basis;
(4) accepting terminal show and confirmed by operator to UserID, it is ensured that UserID is not tampered before encryption;
(5) operator sufficiently participates in, but easy to operate, and user experience is good.
Example above primarily illustrates the processing method and processing system that accepting terminal of the invention completes user's binding online
System, although only some of a specific embodiment of the invention are described, those of ordinary skill in the art should
Understand, the present invention can implemented without departing from its spirit in range in many other form.Therefore, the example that is shown with
Embodiment is considered as illustrative and not restrictive, is not departing from the spirit of that invention as defined in appended claims
And in the case where range, the present invention may cover various modification and replacement.
Claims (12)
1. a kind of processing method of online binding accepting terminal, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number i.e. HSN of accepting terminal in accepting terminal, rear
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in platform system and accepting terminal, rear
Corresponding relationship between HSN and TK is recorded in platform system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates tying up for accepting terminal in host computer
Fixed operation, host computer are sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement, and by the user information of operator;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in the case where it is correct for confirming user information, described TK pairs is utilized in accepting terminal
The HSN and the user information encrypt, and form encryption information EM, and by the encryption information EM and plaintext
HSN returns to host computer;
Bind request step: the request that host computer is bound to background system initiating terminal, and on send the encryption information EM, described
The HSN of plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, it is uniquely right that the HSN is obtained according to the HSN of the plaintext
On the other hand the terminal key TK answered is decrypted encryption information EM with the terminal key TK obtained in background system, obtains
To user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether unanimously, in the two unanimous circumstances
Under, then confirm that binding relationship is set up and stores the binding relationship in background system;
Binding result notifying process: background system returns to binding result to host computer.
2. the processing method of online binding accepting terminal as described in claim 1, which is characterized in that
The binding step of initiating includes following sub-steps:
Operator inputs user information progress system remote by host computer and logs in;
Communication connection accepting terminal;
Operator initiates the bindings of accepting terminal in host computer;
Host computer is sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement and by the user information of operator.
3. the processing method of online binding accepting terminal as described in claim 1, which is characterized in that
In the user information verification step, if operator confirms that user information is correct user information really, then user
The confirmation of user information is completed by defined input operation.
4. the processing method of the online binding accepting terminal as described in claim 1 ~ 3 any one, which is characterized in that
The user information is user name, that is, UserID.
5. the processing method of online binding accepting terminal as claimed in claim 4, which is characterized in that
The user information encipherment protection step includes following sub-steps:
Background system is found out and the unique corresponding terminal key of the HSN according to plaintext HSN according to having stored the corresponding relationship
TK;
Encryption information EM is decrypted in the terminal key TK that background system obtains, and obtains user name UserID and HSN ';
Background system compares the HSN of HSN ' and plaintext that decryption obtains, is confirmed whether consistent;
Under the two unanimous circumstances, closed in the binding of background system storage user name UserID and terminal unique identifying number HSN
System.
6. a kind of processing method of online binding accepting terminal, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number i.e. HSN of accepting terminal in accepting terminal, rear
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in platform system and accepting terminal, rear
Corresponding relationship between HSN and TK is recorded in platform system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates tying up for accepting terminal in host computer
Fixed operation, host computer are sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement, and by the user information of operator;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in accepting terminal, a working key WK protected by terminal key TK is obtained, is utilized
The working key WK replacement terminal cipher key T K encrypts the HSN and the user information, forms encryption information
EM, and the HSN of the encryption information EM and plaintext is returned into host computer;
Bind request step: the request that host computer is bound to background system initiating terminal, and on send the encryption information EM, described
The HSN of plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, it is uniquely right that the HSN is obtained according to the HSN of the plaintext
The terminal key TK answered, on the other hand, with the protected working key WK of terminal key TK obtained to encryption in background system
Information EM is decrypted, and obtains user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether unanimously,
Under the two unanimous circumstances, then confirm that binding relationship is set up and stores the binding relationship in background system;
Binding result notifying process: background system returns to binding result to host computer.
7. the processing method of online binding accepting terminal as claimed in claim 6, which is characterized in that
The working key WK is the key that a key either group key is used to carry out different data cryptographic calculation.
8. a kind of processing method of online binding accepting terminal, which is characterized in that include the following steps:
Initialization step: it is preset for uniquely identifying the terminal unique identifying number i.e. HSN of accepting terminal in accepting terminal, rear
Preset terminal key TK and the TK and the HSN are one-to-one corresponding relationship in platform system and accepting terminal, rear
Corresponding relationship between HSN and TK is recorded in platform system;
Bind step of initiating: operator inputs user information by host computer, and operator initiates tying up for accepting terminal in host computer
Fixed operation, host computer are sent to accepting terminal to accepting terminal initiating terminal binding acknowledgement, and by the user information of operator;
User information verification step: whether the user information at least acknowledged receipt of in accepting terminal by user is correct;
User information encipherment protection step: in the case where it is correct for confirming user information, described TK pairs is utilized in accepting terminal
The HSN and the user information encrypt, and form encryption information EM, and by the encryption information EM, plaintext
HSN and transaction data return to host computer;
Bind request step: the request that host computer is bound to background system initiating terminal, and on send the encryption information EM, described
The HSN and transaction data of plaintext;
Binding acknowledgement step: in background system according to the corresponding relationship, it is uniquely right that the HSN is obtained according to the HSN of the plaintext
On the other hand the terminal key TK answered is decrypted encryption information EM with the terminal key TK obtained in background system, obtains
To user information and HSN ', the HSN of HSN ' and plaintext that decryption obtains are compared, is confirmed whether unanimously, only in the consistent feelings of the two
Under condition, just transaction data is handled;
Binding result notifying process: background system returns to transaction data processing result to host computer.
9. the processing method of online binding accepting terminal as claimed in claim 7, which is characterized in that
In the user information verification step, if operator confirms that user information is correct user information really, then user
The confirmation of user information is completed by defined input operation.
10. a kind of processing system of online binding accepting terminal, which is characterized in that be including accepting terminal, host computer, backstage
System,
The accepting terminal includes:
First memory module, for terminal unique identifying number HSN and terminal key TK to be stored in advance;
First input module, as defined in being carried out when confirming whether following user informations from host computer are correct as user
Input;
First encryption/decryption module, for being encrypted with terminal key TK to terminal unique identifying number HSN and generating encryption information
EM;
First communication module is used for for carrying out sending and receiving for data between the accepting terminal and the host computer
Host computer is sent by the HSN of the encryption information EM and plaintext;
First display module, for showing the user information confirmed for user in the accepting terminal;And
First processing module, for handling the information sent from the host computer;
The host computer includes:
Input module, for inputting user information and password;
Processing module, for initiating bindings from host computer to accepting terminal and to accepting terminal initiating terminal binding acknowledgement;
Second communication module, for carrying out sending and receiving and being used for upper for data between host computer and accepting terminal
Sending and receiving for data is carried out between machine and background system, for turning the HSN of the encryption information EM and plaintext that receive
It is dealt into host computer;
The background system includes:
Third memory module, for storing the corresponding relationship between terminal unique identifying number HSN and terminal key TK, Yi Jiyong
In accepting terminal and host computer binding relationship establishment in the case where store the binding relationship;
It is uniquely right to obtain the HSN according to the HSN of the plaintext received according to the corresponding relationship for third encryption/decryption module
The terminal key TK answered, on the other hand, encryption information EM is decrypted with the terminal key TK of acquisition, obtain user information and
HSN';
Business module is confirmed whether for comparing the HSN of HSN ' and plaintext that decryption obtains unanimously, in the two unanimous circumstances
Under, then confirm that binding relationship is set up;
Third communication module, for carrying out sending and receiving for data between the accepting terminal and the host computer.
11. the processing system of online binding accepting terminal as claimed in claim 10, which is characterized in that
The host computer is mobile phone or computer.
12. the processing system of online binding accepting terminal as claimed in claim 10, which is characterized in that
Each terminal key TK only uniquely corresponds to an accepting terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410753995.9A CN105591746B (en) | 2014-12-11 | 2014-12-11 | A kind of processing method and processing system of online binding accepting terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410753995.9A CN105591746B (en) | 2014-12-11 | 2014-12-11 | A kind of processing method and processing system of online binding accepting terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105591746A CN105591746A (en) | 2016-05-18 |
CN105591746B true CN105591746B (en) | 2019-01-18 |
Family
ID=55931022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410753995.9A Active CN105591746B (en) | 2014-12-11 | 2014-12-11 | A kind of processing method and processing system of online binding accepting terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105591746B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650214B (en) * | 2018-03-16 | 2021-09-17 | 交通银行股份有限公司 | Dynamic page encryption anti-unauthorized method and device |
CN109600377B (en) * | 2018-12-13 | 2022-11-22 | 平安科技(深圳)有限公司 | Method and device for preventing unauthorized use computer device and storage medium |
CN110458569A (en) * | 2019-07-01 | 2019-11-15 | 阿里巴巴集团控股有限公司 | A kind of brush face method of payment and device |
CN110727678B (en) * | 2019-09-25 | 2021-01-01 | 湖南新云网科技有限公司 | Method and device for binding user information and mobile terminal and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101404574A (en) * | 2008-11-19 | 2009-04-08 | 北京握奇数据系统有限公司 | Method and system for handling service through mobile sale point terminal |
CN102457842A (en) * | 2010-10-22 | 2012-05-16 | 中国移动通信集团宁夏有限公司 | Method, device and system for transaction by mobile phone |
CN103974248A (en) * | 2013-01-24 | 2014-08-06 | 中国移动通信集团公司 | Terminal security protection method, device and system in ability open system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4675618B2 (en) * | 2004-01-16 | 2011-04-27 | パナソニック株式会社 | Authentication server device, unauthorized terminal detection method, unauthorized terminal detection system, and program |
-
2014
- 2014-12-11 CN CN201410753995.9A patent/CN105591746B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101404574A (en) * | 2008-11-19 | 2009-04-08 | 北京握奇数据系统有限公司 | Method and system for handling service through mobile sale point terminal |
CN102457842A (en) * | 2010-10-22 | 2012-05-16 | 中国移动通信集团宁夏有限公司 | Method, device and system for transaction by mobile phone |
CN103974248A (en) * | 2013-01-24 | 2014-08-06 | 中国移动通信集团公司 | Terminal security protection method, device and system in ability open system |
Non-Patent Citations (2)
Title |
---|
关于解决手机钱包资金账户安全问题的思考;艾芮荟;《科技信息》;20110325;78-79 |
移动支付安全技术体系研究与应用;徐燕军等;《金融电子化》;20140815;68-70 |
Also Published As
Publication number | Publication date |
---|---|
CN105591746A (en) | 2016-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5959410B2 (en) | Payment method, payment server for executing the method, program for executing the method, and system for executing the same | |
CN103443813B (en) | System and method by mobile device authenticating transactions | |
CN102789607B (en) | A kind of network trading method and system | |
CN102801710B (en) | A kind of network trading method and system | |
EP2733655A1 (en) | Electronic payment method and device for securely exchanging payment information | |
CN1956016B (en) | Storage media issuing method | |
US20110213711A1 (en) | Method, system and apparatus for providing transaction verification | |
WO2016092318A1 (en) | Systems and method for enabling secure transaction | |
CA2930752A1 (en) | System and method for location-based financial transaction authentication | |
CN102945526B (en) | A kind of device and method for improving mobile equipment on-line safety of payment | |
CN103123706A (en) | Management method, device and system of bill payment for another | |
CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
CN104408622B (en) | System and method for realizing electronic transaction confirmation based on independent password equipment | |
CN104662864A (en) | User-convenient authentication method and apparatus using a mobile authentication application | |
JP2013512503A (en) | Secure mobile payment processing | |
WO2015065249A1 (en) | Method and system for protecting information against unauthorized use (variants) | |
KR20160119803A (en) | Authentication system and method | |
CN103400265A (en) | Quick payment method and system based on position information | |
CN101335754B (en) | Method for information verification using remote server | |
CN105591746B (en) | A kind of processing method and processing system of online binding accepting terminal | |
US20170337553A1 (en) | Method and appartus for transmitting payment data using a public data network | |
CN105635164B (en) | The method and apparatus of safety certification | |
CN108092764A (en) | A kind of cipher management method, equipment and the device with store function | |
CN107395600B (en) | Service data verification method, service platform and mobile terminal | |
KR20130095363A (en) | A cash remittance method based on digital codes using hash function and electronic signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |