CN105635164B - The method and apparatus of safety certification - Google Patents
The method and apparatus of safety certification Download PDFInfo
- Publication number
- CN105635164B CN105635164B CN201610040856.0A CN201610040856A CN105635164B CN 105635164 B CN105635164 B CN 105635164B CN 201610040856 A CN201610040856 A CN 201610040856A CN 105635164 B CN105635164 B CN 105635164B
- Authority
- CN
- China
- Prior art keywords
- mpos
- equipment
- target
- certification
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Finance (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention provides a kind of method and apparatus of safety certification, this method comprises: the device identification at least one POS terminal that server sends terminal according to preset database information and device address are screened, it determines the first MPOS equipment, and the corresponding first certification factor in the device identification of the first MPOS equipment and device address and the first MPOS equipment is sent to terminal;Server receives the response message that target MPOS equipment is sent by terminal, and target MPOS equipment is authenticated according to the encryption key of the target MPOS equipment in database information and response message, and after certification passes through, it will treated that the second certification factor by terminal is sent to target MPOS equipment, to complete certification to target MPOS equipment related when paying and terminal, without user in each payment manual confirmation, so the present invention while improving user experience, ensure that the safety of payment.
Description
Technical field
The present invention relates to the communication technology more particularly to a kind of method and apparatus of safety certification.
Background technique
With the continuous development of the communication technology, all kinds of communication equipments come into being, and can establish between all kinds of communication equipments
Various communication connections.By taking bluetooth connection as an example, the connection mode between two bluetooth equipments is divided into secure connection mode
With two kinds of unsecured connections mode.Under secure connection mode, for two equipment during interconnection, user needs craft
Setting, input, confirmation connection password (PIN) or matching code;Under unsecured connections mode, two equipment can directly connect
The step of connecing, having skipped user's manual confirmation.
Above-mentioned bluetooth connection mode be currently widely used in mobile security payment aspect, involved in equipment include
Terminal device and mobile sale terminal MPOS equipment.MPOS equipment is a kind of peace based on intelligent terminals such as mobile phone, tablet computers
Full finance external device, MPOS equipment itself can independently complete to swipe the card (magnetic stripe card), card reading (IC card), PIN input, amount of money input
Deng operation, and realize the encryption to above-mentioned transaction sensitive information, but its own does not have long-range linkage function.Therefore, MPOS is set
It is standby to need to be attached by bluetooth mode and terminal device, and pass through application (Application, the abbreviation on terminal device
App it) is in communication with each other with remote server realization, is finally completed financial transaction.
User is required in the prior art in order to improve the user experience, when avoiding using every time manually completes confirmation,
The unsecured connections mode that bluetooth is generallyd use between MPOS equipment and terminal device is attached, i.e., terminal device is arrived in scanning
After the bluetooth equipment of particular device name, media access control (the Media Access of the bluetooth equipment is just connected automatically
Control, abbreviation MAC) it is communicated on mailing address.But in this process, the bluetooth equipment name and indigo plant of MPOS equipment
Tooth MAC Address is possible to be intercepted and captured and then be forged by malice, and for MPOS equipment, the connection request of terminal device can also
It can be not from legal terminal, therefore, there is a certain security risk for this means of payment of the prior art.
Therefore when carrying out transaction payment under the connection of bluetooth non-security mode, how payment every time to be avoided to require user
While manually completing confirmation, the risk of payment is reduced, a technical problem to be solved urgently is become.
Summary of the invention
The present invention provides a kind of method and apparatus of safety certification, carries out to solve in the case where bluetooth non-security mode connects
When transaction payment, the prior art avoid paying every time require user and manually complete confirmation when, there are the technologies of security risk
Problem.
In a first aspect, the present invention provides a kind of method of safety certification, comprising:
At least one the mobile sale terminal MPOS equipment that server sends terminal according to preset database information
Device identification and device address are screened, and determine the first MPOS equipment;The database information includes that at least one is legal
The device identification of MPOS equipment, the device address of the legitimate device, the legitimate device password PIN and described legal set
Standby encryption key;
The server by the device address of the device identification of the first MPOS equipment and the first MPOS equipment with
And the first MPOS equipment corresponding first authenticates the factor and is sent to the terminal;
The server receives the response message that target MPOS equipment is sent by the terminal, and the response message includes
The second certification factor of the first PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext;The target MPOS equipment
The equipment determined from the first MPOS equipment for the terminal;
Encryption key and the response of the server according to the target MPOS equipment in the database information
Message authenticates the target MPOS equipment, and after certification passes through, will treated that the second certification factor passes through is described
Terminal is sent to the target MPOS equipment, so that the target MPOS equipment is according to treated the second certification factor pair
The terminal is authenticated.
Optionally, when the response message includes the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, the server root
The target MPOS is set according to the encryption key and the response message of the target MPOS equipment in the database information
It is standby to be authenticated, it specifically includes:
The server is according to the encryption key of the target MPOS equipment in the database information to described first
It authenticates the factor and the second certification factor carries out the first processing, obtain the first process key;
The server decrypts the first PIN ciphertext according to first process key, obtains the first PIN;
When the server judges the PIN of the target MPOS equipment in the first PIN and the database information
When identical, the server determines that the target MPOS equipment certification passes through.
Optionally, when the response message includes the 2nd PIN ciphertext, the server is according in the database information
The target MPOS equipment encryption key and the response message target MPOS equipment is authenticated, it is specific to wrap
It includes:
The server is decrypted according to the private key of the encryption key of the target MPOS equipment in the database information
The 2nd PIN ciphertext obtains ciphertext data;
The server is according to the public key of the encryption key of the target MPOS equipment in the database information to institute
The PIN for stating the target MPOS equipment in the first certification factor and the database information carries out second processing, obtains process
Data;
When the server judges that the process data is identical as the ciphertext data, described in the server determination
The certification of MPOS equipment passes through.
Further, described will treated that the second certification factor is sent to the target MPOS by the terminal and sets
It is standby, it specifically includes:
The server carries out mac calculating to the second certification factor, obtains treated the second certification factor,
And treated that the second certification factor by the terminal is sent to the target MPOS equipment by described.
Further, described will treated that the second certification factor is sent to the target MPOS by the terminal and sets
It is standby, it specifically includes:
The server signs to the second certification factor according to the private key of the encryption key of the target MPOS equipment,
It obtains treated the second certification factor, and treated the second certification factor is sent to institute by the terminal
State target MPOS equipment.
Second aspect, the present invention provide a kind of method of safety certification, comprising:
Target mobile sale terminal MPOS equipment receives the certification request that terminal is sent;Service is carried in the certification request
The first certification factor that device issues;
The target MPOS equipment according to it is described first certification the factor, the target MPOS equipment second certification the factor and
The password PIN of the target MPOS equipment obtains response message;The response message includes the first PIN ciphertext and the target
The second certification factor of MPOS equipment, alternatively, the 2nd PIN ciphertext;
The response message is sent to the server by the terminal by the target MPOS equipment, so that the clothes
Business device is according to the encryption key and the response message of the target MPOS equipment in preset database information to the mesh
Mark MPOS equipment is authenticated;
The target MPOS equipment receives the server by the terminal and passes through in the certification target MPOS equipment
The second certification factor that sends that treated afterwards;
The target MPOS equipment according to the encryption key of the target MPOS equipment, the target MPOS equipment second
Certification the factor, it is described treated second certification factor pair described in terminal authenticated.
Optionally, the target MPOS equipment second is recognized according to the first certification factor, the target MPOS equipment
The password PIN for demonstrate,proving the factor and the target MPOS equipment obtains response message, specifically includes:
The target MPOS equipment is according to the encryption key of the target MPOS equipment to the first certification factor and institute
It states the second certification factor and carries out the first processing, obtain the second process key;
The target MPOS equipment is encrypted according to PIN of the second process password to the target MPOS equipment,
Obtain the first PIN ciphertext;
The first PIN ciphertext and the second certification factor are determined as the response and reported by the target MPOS equipment
Text.
Optionally, the target MPOS equipment second is recognized according to the first certification factor, the target MPOS equipment
The password PIN for demonstrate,proving the factor and the target MPOS equipment obtains response message, specifically includes:
The target MPOS equipment carries out at second the PIN of the first certification factor and the target MPOS equipment
Reason, obtains be-encrypted data;
Target MPOS equipment number to be encrypted according to the public key encryption of the encryption key of the target MPOS equipment
The factor is authenticated according to described second, obtains the 2nd PIN ciphertext;
The target MPOS equipment determines that the 2nd PIN ciphertext is the response message.
The third aspect, the present invention provide a kind of device of safety certification, comprising:
Screening module, at least one mobile sale terminal MPOS for being sent according to preset database information to terminal
The device identification of equipment and device address are screened, and determine the first MPOS equipment;The database information includes at least one
The device identification of legal MPOS equipment, the device address of the legitimate device, the password PIN of the legitimate device and the conjunction
The encryption key of method equipment;
Sending module, for by the device address of the device identification of the first MPOS equipment and the first MPOS equipment
And the first MPOS equipment corresponding first authenticates the factor and is sent to the terminal;
Receiving module, for receiving the response message that target MPOS equipment is sent, the response message by the terminal
The second certification factor including the first PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext;The target MPOS
Equipment is the equipment that the terminal is determined from the first MPOS equipment;
Authentication module, for the encryption key and the sound according to the target MPOS equipment in the database information
Message is answered to authenticate the target MPOS equipment, and after certification passes through, the second certification factor passes through institute by treated
It states terminal and is sent to the target MPOS equipment, so that the target MPOS equipment is according to treated the second certification factor
The terminal is authenticated.
Optionally, when the response message includes the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, the certification mould
Block specifically includes:
First acquisition unit, for according to the encryption key of the target MPOS equipment in the database information to institute
It states the first certification factor and the second certification factor carries out the first processing, obtain the first process key;
Second acquisition unit obtains the first PIN for decrypting the first PIN ciphertext according to first process key;
First authentication unit, for judging that the first PIN sets with the target MPOS in the database information
When standby PIN is identical, determine that the target MPOS equipment certification passes through.
Optionally, when the response message includes the 2nd PIN ciphertext, the authentication module is specifically included:
Third acquiring unit, for the private according to the encryption key of the target MPOS equipment in the database information
Key decrypts the 2nd PIN ciphertext, obtains ciphertext data;
4th acquiring unit, for the public affairs according to the encryption key of the target MPOS equipment in the database information
Key carries out second processing to the PIN of the target MPOS equipment in the first certification factor and the database information, obtains
Obtain process data;
Second authentication unit, for determining the MPOS when judging that the process data is identical as the ciphertext data
Equipment certification passes through.
Further, the authentication module, further includes:
Computing unit, for carrying out mac calculating to the second certification factor, obtain treated second certification because
Son;
The then sending module, be also used to for treated the second certification factor being sent to by the terminal described in
Target MPOS equipment.
Further, the authentication module, further includes:
Signature unit, the private key for the encryption key according to the target MPOS equipment authenticate factor label to described second
, the second certification factor that treated described in acquisition;
The then sending module, be also used to for treated the second certification factor being sent to by the terminal described in
Target MPOS equipment.
Fourth aspect, the present invention provide a kind of device of safety certification, comprising:
Receiving module, for receiving the certification request of terminal transmission;Server issues the is carried in the certification request
The one certification factor;
Module is obtained, for according to the first certification factor, the second certification factor of the target MPOS equipment and institute
The password PIN for stating target MPOS equipment obtains response message;The response message includes the first PIN ciphertext and the target MPOS
The second certification factor of equipment, alternatively, the 2nd PIN ciphertext;
Sending module, for the response message to be sent to the server by the terminal, so that the service
Device is according to the encryption key and the response message of the target MPOS equipment in preset database information to the target
MPOS equipment is authenticated;
The receiving module is also used to receive the server by the terminal logical in the certification target MPOS equipment
Later the second certification factor that sends that treated;
Authentication module, for being recognized according to the encryption key of the target MPOS equipment, the second of the target MPOS equipment
Card the factor, it is described treated second certification factor pair described in terminal authenticated.
Optionally, the acquisition module, comprising:
First acquisition unit, for the encryption key according to the target MPOS equipment to the first certification factor and institute
It states the second certification factor and carries out the first processing, obtain the second process key;
Second acquisition unit, for being encrypted according to PIN of the second process password to the target MPOS equipment,
Obtain the first PIN ciphertext;
First determination unit, for the first PIN ciphertext and the second certification factor to be determined as the response and report
Text.
Optionally, the acquisition module, comprising:
Third acquiring unit carries out at second for the PIN to the first certification factor and the target MPOS equipment
Reason, obtains be-encrypted data;
4th acquiring unit, for the number to be encrypted according to the public key encryption of the encryption key of the target MPOS equipment
The factor is authenticated according to described second, obtains the 2nd PIN ciphertext;
Second determination unit, for determining that the 2nd PIN ciphertext is the response message.
The method and apparatus of safety certification provided in an embodiment of the present invention, by server according to preset database information
The device identification and device address of at least one MPOS equipment of terminal transmission are screened, the first MPOS equipment is obtained, and
The device identification of first MPOS equipment and device address and the first certification factor are sent to terminal, so that terminal root
A target MPOS equipment is determined according to the first MPOS equipment, and is communicated with target MPOS equipment, and by target MPOS
The response message of equipment is transmitted to server, so that the target MPOS equipment saved in the information of server based on data library adds
Key and the response message authenticate target MPOS equipment, and after certification passes through, will treated the second certification because
Son is sent to target MPOS equipment by terminal, so that second after target MPOS equipment is managed according to this authenticates factor pair terminal
Authenticated, to complete to complete certification to target MPOS equipment related when paying and terminal, it is ensured that terminal and
The legitimacy of target MPOS equipment, reduces the danger coefficient of payment, and without user in each payment manual confirmation,
So the present invention while improving user experience, ensure that the safety of payment.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of safety payment system provided by the invention;
Fig. 2 is the flow diagram of the embodiment of the method one of safety certification provided by the invention;
Fig. 3 is the flow diagram of the embodiment of the method two of safety certification provided by the invention;
Fig. 4 is the signaling process figure of the embodiment of the method three of safety certification provided by the invention;
Fig. 5 is the structural schematic diagram of the Installation practice one of safety certification provided by the invention;
Fig. 6 is the structural schematic diagram of the Installation practice two of safety certification provided by the invention;
Fig. 7 is the structural schematic diagram of the Installation practice three of safety certification provided by the invention;
Fig. 8 is the structural schematic diagram of the Installation practice four of safety certification provided by the invention.
Fig. 9 is the structural schematic diagram of the Installation practice five of safety certification provided by the invention.
Figure 10 is the structural schematic diagram of the Installation practice six of safety certification provided by the invention.
Specific embodiment
Method involved in the embodiment of the present invention can be adapted for safety payment system shown in FIG. 1, the secure payment system
System includes terminal, MPOS equipment and server.Wherein, terminal can be communicated with MPOS equipment by bluetooth mode, and terminal can be with
It being carried out telecommunication between server, MPOS equipment does not have the function of telecommunication, so the MPOS equipment and server
Between do not have direct communication function.
Terminal involved in the embodiment of the present invention can be the intelligence that mobile phone, tablet computer etc. have wireless communication function
Equipment, the communication include remote radio communication, near-field communication and Blue-tooth communication method etc..
MPOS equipment involved in the embodiment of the present invention can be a kind of peace based on intelligent terminals such as mobile phone, tablet computers
Full finance external device, MPOS equipment itself can independently complete to swipe the card (magnetic stripe card), card reading (IC card), PIN input, amount of money input
Deng operation, and realize the encryption to above-mentioned transaction sensitive information, but its own does not have long-range linkage function.
Server involved in the embodiment of the present invention can be the remote server that telecommunication can be completed with terminal,
The server can integrate on the finance device of respective financial institutions.The prior art is in order to improve user experience, thus at end
The unsecured connections mode that bluetooth is generallyd use between end and MPOS equipment is attached, and still, in this process, MPOS is set
Standby bluetooth equipment name and Bluetooth MAC address are possible to be intercepted and captured and then be forged by malice, and for MPOS equipment, eventually
The connection request of end equipment may also be not from legal terminal, and therefore, server involved in the embodiment of the present invention can be with
It is authenticated for the legitimacy to MPOS equipment and terminal.
The method and apparatus of safety certification involved in the embodiment of the present invention, it is intended to solve to connect in bluetooth non-security mode
When lower progress transaction payment, in the prior art avoid paying every time require user and manually complete confirmation when, there are safety winds
The technical problem of danger.
Technical solution of the present invention is described in detail with specifically embodiment below.These specific implementations below
Example can be combined with each other, and the same or similar concept or process may be repeated no more in certain embodiments.
Fig. 2 is the flow diagram of the embodiment of the method one of safety certification provided by the invention.The present embodiment what is involved is
Server authenticates target MPOS equipment by the response message sent according to target MPOS equipment, and sets in target MPOS
After standby certification passes through, pass through what is authenticated to the target MPOS equipment second certification factor that sends that treated with complete paired terminal
Detailed process.As shown in Fig. 2, this method comprises:
S101: server sets at least one mobile sale terminal MPOS that terminal is sent according to preset database information
Standby device identification and device address is screened, and determines target MPOS equipment;The database information includes at least one conjunction
The device identification of method MPOS equipment, the device address of the legitimate device, the password PIN of the legitimate device and described legal
The encryption key of equipment.
Specifically, server can individualize different MPOS equipment, i.e. server meeting in the factory of MPOS equipment
Different device identifications, device address, PIN are distributed for different MPOS equipment according to preset database information and are encrypted close
Key, the MPOS equipment for being assigned with these information become legal MPOS equipment, are provided with oneself in the legal MPOS equipment
Device identification, device address, the PIN of equipment and equipment encryption key.Optionally, which can be specific name
The device name of format, the corresponding specific PIN and specific encryption key of a MPOS equipment, which can
To be symmetric key, it is also possible to unsymmetrical key (unified public key certificate can be used), which includes public key
With private key a pair of secret keys, wherein public key is used for encryption data, and private key is used for ciphertext data.Optionally, the number in above-mentioned server
According to library information can be server oneself generation information, can also be research staff by the device identification of legal MPOS equipment,
The information such as device address, PIN and encryption key are loaded onto MPOS equipment, the embodiment of the present invention to the source of database information simultaneously
With no restrictions.
When terminal is traded, terminal can log in specific application software (APP) and then search for the symbol of surrounding
The bluetooth equipment (i.e. MPOS equipment) of specific name format as defined in hop server, and the device address of the MPOS equipment is obtained,
The device address can be Bluetooth address.Later, terminal by the device identification of these MPOS equipment searched and can be set
Standby address is sent to server.Optionally, what terminal was searched meet, and the MPOS of specific name format as defined in server is set
It is standby to can be one, it is also possible to multiple.
Server is after receiving the device identification of at least one MPOS equipment of terminal transmission and device address, according to pre-
If database information it is screened, with filter out with the device identification of legitimate device saved in database information and
The identical MPOS equipment in device address, as the first MPOS equipment.Optionally, the first MPOS equipment can be one, can also
To be multiple.
S102: server by the device address of the device identification of the first MPOS equipment and the first MPOS equipment with
And the first MPOS equipment corresponding first authenticates the factor and is sent to the terminal.
Specifically, working as server for the equipment of the device identification of the first MPOS equipment of above-mentioned determination and the first MPOS equipment
After address and the corresponding first certification factor of the first MPOS equipment are sent to terminal, terminal is true from the first MPOS equipment
Surely the MPOS equipment that will be communicated with terminal is as target MPOS equipment.Optionally, when the first MPOS equipment is one,
Terminal can be directly as target MPOS equipment, and when the first MPOS equipment is multiple, terminal can show one to user
Selection interface determines target MPOS equipment according to the user's choice.
After terminal determines target MPOS equipment, Bluetooth connection request is initiated to target MPOS equipment, in bluetooth module
Level completes connection, at this time it should be noted that terminal can not carry out subsequent transaction operation at once.After terminal successful connection,
Certification request can be sent from trend target MPOS equipment, above-mentioned server is handed down to terminal the is carried in the certification request
The one certification factor.
S103: server receives the response message that the target MPOS equipment is sent, the response report by the terminal
Text includes the second certification factor of the first PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext.
Specifically, MPOS equipment generates second at random after target MPOS equipment receives the certification request of terminal transmission
The factor is authenticated, and response message is obtained according to the PIN of the first certification factor, the second certification factor and target MPOS equipment itself,
And the response message is sent to server.Optionally, the response message may include the first PIN ciphertext and second certification because
Son, optional, which may include the 2nd PIN ciphertext.The response message of server reception target MPOS equipment.
S104: encryption key and the response of the server according to the target MPOS equipment in the database information
Message authenticates the target MPOS equipment, and after certification passes through, will treated that the second certification factor passes through is described
Terminal is sent to the target MPOS equipment, so that the target MPOS equipment is according to treated the second certification factor pair
The terminal is authenticated.
Specifically, believing after server receives the response message of target MPOS equipment transmission in conjunction with above-mentioned database
The encryption key and received response message of the target MPOS equipment saved in breath, recognize target MPOS equipment
Card, to judge whether target MPOS equipment is fake equipment.Optionally, server can be by according in database information
Whether the encryption key of the target MPOS equipment saved determines target MPOS equipment to the mode that response message is decrypted
Certification passes through.When server determine target MPOS equipment certification pass through after, in above-mentioned response message second certification the factor into
The corresponding processing of row, with the second certification factor that obtains that treated.Optionally, which, which can be, carries out the second certification factor
Mac is calculated, and be can also be and is carried out the processing such as sign to the second certification factor.
After the server second certification factor that obtains that treated, by this, treated that the second certification factor is sent to mesh
Mark MPOS equipment so that target MPOS equipment can according to treated the second certification factor the carries out corresponding checking computations come
Terminal is authenticated.For example, due to target MPOS equipment itself be known that itself second certification the factor, can using with
Server carries out identical processing to the second certification factor of the identical processing mode of the second certification factor to itself, thus target
MPOS equipment can obtain oneself treated the second certification factor, and then target MPOS equipment judges oneself treated second
Authenticating the factor, whether the second certification factor is identical with treated transmitted by server, and if they are the same, then checking computations pass through, in explanation
Stating and sending certification request to the terminal of target MPOS equipment is legal terminal.
To sum up, method involved in the embodiment of the present invention just completes being mutually authenticated for terminal and target MPOS equipment, really
The legitimacy of terminal and target MPOS equipment has been protected, and then ensure that the safety of payment.
The method of safety certification provided in an embodiment of the present invention, by server according to preset database information to terminal
The device identification of at least one the MPOS equipment sent and device address are screened, and obtain the first MPOS equipment, and by this
The device identification of one MPOS equipment and device address and the first certification factor are sent to terminal so that terminal according to this
One MPOS equipment determines a target MPOS equipment, and is communicated with target MPOS equipment, and by target MPOS equipment
Response message is transmitted to server, so that the encryption key of the target MPOS equipment saved in the information of server based on data library
Target MPOS equipment is authenticated with the response message, and after certification passes through, by treated, the second certification factor passes through
Terminal is sent to target MPOS equipment, so that the second certification factor pair terminal after target MPOS equipment is managed according to this is recognized
Card, to complete to complete certification to target MPOS equipment related when paying and terminal, it is ensured that terminal and target
The legitimacy of MPOS equipment, reduces the danger coefficient of payment, and without user in each payment manual confirmation, so
The present invention ensure that the safety of payment while improving user experience.
Fig. 3 is the flow diagram of safety certifying method embodiment two provided by the invention.What is involved is mesh for the present embodiment
MPOS equipment is marked by sending response message to server, so that certification of the server completion to target MPOS equipment, and according to
Server send treated second certification the complete paired terminal of the factor certification detailed process.As shown in figure 3, this method packet
It includes:
S201: target MPOS equipment receives the certification request that terminal is sent;Server is carried in the certification request to issue
First certification the factor.
Specifically, terminal is needed by target MPOS when terminal needs to carry out transaction business with target MPOS equipment
Equipment sends certification request, is authenticated with request server to target MPOS equipment.In the factory of MPOS equipment, server meeting
Different MPOS equipment is individualized, i.e., server can be that different MPOS equipment is distributed according to preset database information
Different device identification, device address, PIN and encryption keys, the MPOS equipment for being assigned with these information become legal MPOS
Equipment, be provided in the legal MPOS equipment oneself device identification, device address, the PIN of equipment and equipment encryption
Key.
When terminal is traded, terminal can log in specific application software (APP) and then search for the symbol of surrounding
The bluetooth equipment (i.e. MPOS equipment) of specific name format as defined in hop server, and the device address of the MPOS equipment is obtained,
The device address can be Bluetooth address.Later, terminal by the device identification of these MPOS equipment searched and can be set
Standby address is sent to server.Optionally, what terminal was searched meet, and the MPOS of specific name format as defined in server is set
It is standby to can be one, it is also possible to multiple.
Server is after receiving the device identification of at least one MPOS equipment of terminal transmission and device address, according to pre-
If database information it is screened, with filter out with the device identification of legitimate device saved in database information and
The identical MPOS equipment in device address, as the first MPOS equipment.Optionally, the first MPOS equipment can be one, can also
To be multiple.
When server by the device address of the device identification of the first MPOS equipment of above-mentioned determination and the first MPOS equipment with
And after the corresponding first certification factor of the first MPOS equipment is sent to terminal, determination will from the first MPOS equipment for terminal
The MPOS equipment communicated with terminal is as target MPOS equipment.Optionally, when the first MPOS equipment is one, terminal can
With directly as target MPOS equipment, when the first MPOS equipment is multiple, terminal can show a selection circle to user
Face determines target MPOS equipment according to the user's choice.
After terminal determines target MPOS equipment, Bluetooth connection request is initiated to target MPOS equipment, in bluetooth module
Level completes connection, at this time it should be noted that terminal can not carry out subsequent transaction operation at once.After terminal successful connection,
Certification request can be sent from trend target MPOS equipment, above-mentioned server is handed down to terminal the is carried in the certification request
The one certification factor.
S202: target MPOS equipment is according to the first certification factor, the second certification factor of the target MPOS equipment
Response message is obtained with the password PIN of the target MPOS equipment;The response message includes the first PIN ciphertext and the target
The second certification factor of MPOS equipment, alternatively, the 2nd PIN ciphertext.
Specifically, MPOS equipment generates second at random after target MPOS equipment receives the certification request of terminal transmission
The factor is authenticated, and response message is obtained according to the PIN of the first certification factor, the second certification factor and target MPOS equipment itself,
And the response message is sent to server.Optionally, the response message may include the first PIN ciphertext and second certification because
Son, optional, which may include the 2nd PIN ciphertext.
S203: the response message is sent to the server by the terminal by target MPOS equipment, so that described
Server is according to the encryption key and the response message of the target MPOS equipment in preset database information to described
Target MPOS equipment is authenticated.
Specifically, server combines upper after response message is sent to server by terminal by target MPOS equipment
The encryption key and received response message for stating the target MPOS equipment saved in database information, to target MPOS
Equipment is authenticated, to judge whether target MPOS equipment is fake equipment.Optionally, server can be by according to number
The target is determined to the mode that response message is decrypted according to the encryption key of the target MPOS equipment saved in the information of library
Whether MPOS equipment, which authenticates, passes through.
S204: target MPOS equipment receives the server by the terminal and passes through in the certification target MPOS equipment
The second certification factor that sends that treated afterwards.
S205: target MPOS equipment according to the encryption key of the target MPOS equipment, the target MPOS equipment
Two certification the factors, it is described treated second certification factor pair described in terminal authenticated.
Specifically, after server determines that the certification of target MPOS equipment passes through, to the second certification in above-mentioned response message
The factor performs corresponding processing, with the second certification factor that obtains that treated.Optionally, the processing can be to second certification because
Son carries out mac calculating, can also be and carries out the processing such as sign to the second certification factor.
After the server second certification factor that obtains that treated, by this, treated that the second certification factor is sent to mesh
Mark MPOS equipment so that target MPOS equipment can according to treated the second certification factor the carries out corresponding checking computations come
Terminal is authenticated.For example, due to target MPOS equipment itself be known that itself second certification the factor, can using with
Server carries out identical processing to the second certification factor of the identical processing mode of the second certification factor to itself, thus target
MPOS equipment can obtain oneself treated the second certification factor, and then target MPOS equipment judges oneself treated second
Authenticating the factor, whether the second certification factor is identical with treated transmitted by server, and if they are the same, then checking computations pass through, in explanation
Stating and sending certification request to the terminal of target MPOS equipment is legal terminal.
To sum up, method involved in the embodiment of the present invention just completes being mutually authenticated for terminal and target MPOS equipment, really
The legitimacy of terminal and target MPOS equipment has been protected, and then ensure that the safety of payment.
Fig. 4 is the signaling process figure of the embodiment of the method three of safety certification provided by the invention.The present embodiment what is involved is
Complete the overall process of the certification of target MPOS equipment and terminal.As shown in figure 4, this method comprises the following steps:
Meet the MPOS equipment of specific name format as defined in server around S301, terminal searching, and is somebody's turn to do
The device address of MPOS equipment.
The device identification of at least one the MPOS equipment searched and device address are sent to service by S302, terminal
Device.
S303: the device identification at least one the MPOS equipment that server sends terminal according to preset database information
It is screened with device address, determines the first MPOS equipment.
S304: server by the device address of the device identification of the first MPOS equipment and the first MPOS equipment with
And the first MPOS equipment corresponding first authenticates the factor and is sent to the terminal.
S305: terminal determines target MPOS equipment from the first MPOS equipment, and target MPOS equipment is sent and is carried
The certification request of the first certification factor.
Specifically, the detailed process of above-mentioned S301 to S305 may refer to the tool of S101 and S102 in above-described embodiment one
Body description, details are not described herein.
S306: target MPOS equipment generates the second certification factor after receiving certification request.
Optionally, which can receive any generated at random after certification request for target MPOS equipment
Authenticate the factor.
S307: when the encryption key of target MPOS equipment itself is symmetric key, target MPOS equipment is according to the mesh
The encryption key for marking MPOS equipment carries out the first processing to the first certification factor and the second certification factor, obtains second
Process key.
S308: target MPOS equipment is encrypted according to PIN of the second process password to the target MPOS equipment,
The first PIN ciphertext is obtained, and the first PIN ciphertext and the second certification factor are determined as the response message.
Specifically, then authenticating the use of target MPOS equipment when the encryption key in target MPOS equipment is symmetric key
Symmetric key, and then the encryption key of itself can be used to the first certification factor a and the second certification factor b in target MPOS equipment
It carries out the first processing and generates the second process key, optionally, which may include multiple encryption, exclusive or, hash etc. one
Kind or a variety of combination processings;Then, target MPOS equipment using second process key to the PIN of target MPOS equipment itself into
Row encryption, obtains the first PIN ciphertext, and the first PIN ciphertext and the second certification factor b are then determined as response message.I.e.
S307 and S308 is the process that target MPOS equipment obtains response message, and following S307 ' and S308 ' are also that target MPOS equipment obtains
Obtain another process of response message.
S309: response message is sent to terminal by target MPOS equipment.
S310: the response message is sent to server by terminal.
That is, server receives the first PIN ciphertext and the second certification factor of terminal forwarding.
S311: when the encryption key of the target MPOS equipment saved in the database information of server is symmetrical close
When key, server is according to the encryption key of the target MPOS equipment saved to the first certification factor and described second
It authenticates the factor and carries out the first processing, obtain the first process key.
S312: server decrypts the first PIN ciphertext in the response message according to first process key, obtains the
One PIN.
S313: when the server judges the target MPOS equipment in the first PIN and the database information
PIN it is identical when, the server determines that target MPOS equipment certification passes through.
Specifically, when the encryption key of the target MPOS equipment saved in the database information of server is symmetric key
When, then server authenticates target POS terminal using symmetric key, and specific: server is using institute in database information
The encryption key of the target MPOS equipment of preservation, and combine processing mode same as above-mentioned target MPOS equipment (at i.e. first
Reason) the first processing is carried out to the first certification factor and the second certification factor, obtain the first process key;Then basis
The first PIN ciphertext that first process key decryption target MPOS equipment uses same treatment mode to obtain, obtains the first PIN.
If the first PIN that server decrypts is identical as the PIN of target MPOS equipment that server originally saved, server
Determine that the certification of target MPOS equipment passes through.
That is, target MPOS equipment itself has the allocated PIN of server, protected in the PIN and server
The PIN for the target MPOS equipment deposited is identical, and target MPOS equipment inherently knows that the first certification factor and second is recognized
The factor is demonstrate,proved, therefore target MPOS equipment carries out the first processing to the first certification factor and the second certification factor, obtains the second mistake
Journey key, and PIN possessed by target MPOS equipment is encrypted to obtain the first PIN ciphertext using second process key;
It is whether legal in order to authenticate target MPOS equipment, server using same processing mode (first processing) to the first certification because
Son and the second certification factor carry out identical processing, obtain the first process key (the first process key and the second process key phase
Together), and using the first process key the first PIN ciphertext obtained is decrypted, so that the first PIN is obtained, as the first PIN
When identical as the legal PIN of target MPOS equipment originally saved in server, it could illustrate to generate the first PIN ciphertext
Target MPOS equipment be it is legal, certification passes through.Based on this, server is completed to the target MPOS for generating the first PIN ciphertext
The certification of equipment.
That is S311 to S313 is the process of server authentication target MPOS equipment, and following S311 ' to S313 ' are also server
Authenticate another process of target MPOS equipment.
S314: after server determines that the certification of target MPOS equipment passes through, server carries out the second certification factor
Mac is calculated, the second certification factor that treated described in acquisition.
It should be noted that carrying out mac calculating to the second certification factor herein, which is referred to existing
Technology, details are not described herein.
Optionally, when the encryption key of target MPOS equipment itself is unsymmetrical key, above-mentioned S307 can be replaced
It may alternatively be following S308 ' for following S307 ', above-mentioned S308, specifically:
S307 ': target MPOS equipment carries out at second the PIN of the first certification factor and the target MPOS equipment
Reason, obtains be-encrypted data.
S308 ': target MPOS equipment be-encrypted data according to the public key encryption of the encryption key of target MPOS equipment
With the second certification factor, the 2nd PIN ciphertext is obtained, and determines that the 2nd PIN ciphertext is the response message.
Specifically, then authenticating target MPOS equipment makes when the encryption key in target MPOS equipment is unsymmetrical key
With unsymmetrical key, and then the encryption key of itself can be used to the first certification factor a and target MPOS in target MPOS equipment
The PIN of equipment carries out second processing and obtains be-encrypted data, and optionally, which may include the processing such as exclusive or, hash;
Then, target MPOS equipment uses the above-mentioned be-encrypted data of public key encryption and second of the encryption key of above-mentioned target MPOS equipment
The certification factor obtains the 2nd PIN ciphertext, and the 2nd PIN ciphertext is then determined as response message.
In S307 ' and S308 ' after, continue to execute above-mentioned S309 and S310.
Correspondingly, when the encryption key of the target MPOS equipment saved in the database information of server is non-right
When claiming key, above-mentioned S311 may alternatively be following S311 ', and above-mentioned S312 may alternatively be following S312 ', above-mentioned
S313 may alternatively be following S313 ', and above-mentioned S314 may alternatively be following S314 ', specifically:
S311 ': server is according to the encryption key of the target MPOS equipment saved in the database information
Private key decrypts the 2nd PIN ciphertext, obtains ciphertext data.
S312 ': server is according to the encryption key of the target MPOS equipment saved in the database information
Public key carries out second processing to the PIN of the target MPOS equipment in the first certification factor and the database information,
Obtain process data.
S313 ': when the server judges that the process data is identical as the ciphertext data, the server is determined
The MPOS equipment certification passes through.
S314 ': server is according to the private key of the encryption key of the target MPOS equipment to the second certification factor label
, the second certification factor that treated described in acquisition.
Specifically, when the encryption key of the target MPOS equipment saved in the database information of server is asymmetric close
When key, then server is authenticated using asymmetric key pair target POS terminal, specific: server uses database information
2nd PIN ciphertext transmitted by the private key decryption target MPOS equipment of the encryption key of middle saved target MPOS equipment, obtains
To ciphertext data;Then, the public key of the encryption key for the target MPOS equipment that server is saved using database information and
Using processing mode (i.e. second processing) identical with target MPOS equipment to the first certification factor and the target MPOS saved
The PIN of equipment carries out identical processing, obtains process data.When the process data and the decryption number decrypted that server obtains
According to it is identical when, server determine the target MPOS equipment certification pass through.
That is, PIN and encryption key that target MPOS equipment itself has server the allocated, also have received
Server distributes to the first certification factor of terminal, therefore target MPOS equipment is to the first certification factor and target MPOS equipment
PIN carry out second processing, obtain be-encrypted data, and using the public key of the encryption key of target MPOS equipment to number to be encrypted
It is encrypted to obtain the 2nd PIN ciphertext according to the second certification factor, and server is sent to by terminal;In order to authenticate the target
Whether MPOS equipment is legal, and server is using same processing mode (second processing) to the first certification factor and the conjunction saved
The PIN of the target MPOS equipment of method carries out identical processing, obtains process data, and using saved target MPOS equipment
The private key of encryption key decrypts above-mentioned 2nd PIN ciphertext, and the public key of encryption key by being saved in server and private key are
Corresponding, therefore, if the target MPOS equipment for sending the 2nd PIN ciphertext is legal, server uses same treatment side
The process data that formula obtains just should be identical as the ciphertext data decrypted, i.e., process data should be with above-mentioned be-encrypted data
Identical (because the 2nd PIN ciphertext is that above-mentioned target MPOS equipment is got using public key encryption be-encrypted data, the decryption number
According to actually should be identical as be-encrypted data), that is to say, that when the ciphertext data phase that process data is decrypted with server
Meanwhile could illustrate generate the 2nd PIN ciphertext target MPOS equipment be it is legal, certification passes through.Based on this, server is completed
Certification to the target MPOS equipment for generating the 2nd PIN ciphertext.
After server authentication target MPOS equipment passes through, signature processing is carried out to the second certification factor using private key, is obtained
To treated the second certification factor, signature processing is referred to the description of the prior art, and details are not described herein.
After above-mentioned S314 or S314 ', following S315 and S316 are continued to execute:
S315: treated that the second certification factor is sent to the target MPOS by the terminal and sets by described for server
It is standby.
S316: target MPOS equipment according to the encryption key of the target MPOS equipment, the target MPOS equipment
Two certification the factors, it is described treated second certification factor pair described in terminal authenticated.
Specifically, when target MPOS equipment receive server send treated second certification the factor, due to target
The second certification factor of MPOS equipment is to generate after the certification request for receiving terminal transmission, therefore recognize to verify transmission
Whether the terminal for demonstrate,proving request is legal, target MPOS equipment identical processing mode when using with the certification factor of server process second
The second certification factor for handling itself, then judge to obtain handled by itself treated the second certification factor whether with reception
The server that arrives sends that treated, and the second certification factor is identical, and if they are the same, then target MPOS equipment determines that sending certification asks
The terminal asked is legal, and then starts the interaction traded with the APP in terminal.
Optionally, when server by terminal be sent to target MPOS equipment treated the second certification factor be by
What mac was calculated, therefore, target MPOS equipment can also handle the second certification factor of itself according to identical calculation,
Obtain target MPOS equipment itself the second certification factor that is calculated that treated.
Optionally, it is sent to target MPOS equipment treated that the second certification factor is to use by terminal when server
Private key carries out what signature was handled to the second certification factor, and therefore, target MPOS equipment also can be according to identical processing mode
The second certification factor for handling itself obtains obtaining treated the second certification factor handled by target MPOS equipment itself.
The present embodiments relate to safety certification method, in conjunction with the encryption key of various forms of target MPOS equipment
(symmetric key and unsymmetrical key) is in different ways mutually authenticated target MPOS equipment and terminal completion, it is ensured that
The legitimacy of terminal and target MPOS equipment, reduces the danger coefficient of payment, and without user in each payment hand
Dynamic confirmation, so the present invention while improving user experience, ensure that the safety of payment.
Fig. 5 is the structural schematic diagram of the Installation practice one of safety certification provided by the invention.The device can integrate
In server, or individual server.As shown in figure 5, the device includes: screening module 10, sending module 11, receives
Module 12 and authentication module 13.
Wherein, screening module 10, at least one mobile sale for being sent according to preset database information to terminal
The device identification of terminal MPOS equipment and device address are screened, and determine the first MPOS equipment;The database information includes
The device identification of at least one legal MPOS equipment, the device address of the legitimate device, the legitimate device password PIN with
And the encryption key of the legitimate device;
Sending module 11, for by the equipment of the device identification of the first MPOS equipment and the first MPOS equipment
Location and the corresponding first certification factor of the first MPOS equipment are sent to the terminal;
Receiving module 12, for receiving the response message that target MPOS equipment is sent, the response report by the terminal
Text includes the second certification factor of the first PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext;The target
MPOS equipment is the equipment that the terminal is determined from the first MPOS equipment;
Authentication module 13, for according to the encryption key of the target MPOS equipment in the database information and described
Response message authenticates the target MPOS equipment, and after certification passes through, and by treated, the second certification factor passes through
The terminal is sent to the target MPOS equipment so that the target MPOS equipment according to treated second certification because
Son authenticates the terminal.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Fig. 6 is the structural schematic diagram of the Installation practice two of safety certification provided by the invention.Implement shown in above-mentioned Fig. 5
On the basis of example, when the response message includes the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, the authentication module 13,
It specifically includes:
First acquisition unit 131, for the encryption key according to the target MPOS equipment in the database information
First processing is carried out to the first certification factor and the second certification factor, obtains the first process key;
Second acquisition unit 132 obtains first for decrypting the first PIN ciphertext according to first process key
PIN;
First authentication unit 133, for judging the target MPOS in the first PIN and the database information
When the PIN of equipment is identical, determine that the target MPOS equipment certification passes through.
Further, which further includes computing unit 137, for carrying out mac to the second certification factor
It calculates, the second certification factor that treated described in acquisition;
The then sending module 11, is also used to described that treated that the second certification factor by the terminal is sent to institute
State target MPOS equipment.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Fig. 7 is the structural schematic diagram of the Installation practice three of safety certification provided by the invention.Implement shown in above-mentioned Fig. 5
On the basis of example, when the response message includes the 2nd PIN ciphertext, the authentication module 13 is specifically included:
Third acquiring unit 134, for the encryption key according to the target MPOS equipment in the database information
Private key decrypt the 2nd PIN ciphertext, obtain ciphertext data;
4th acquiring unit 135, for the encryption key according to the target MPOS equipment in the database information
Public key to it is described first certification the factor and the database information in the target MPOS equipment PIN carry out second at
Reason obtains process data;
Second authentication unit 136, described in determining when judging that the process data is identical as the ciphertext data
The certification of MPOS equipment passes through.
Further, which further includes signature unit 138, for the encryption according to the target MPOS equipment
The private key of key signs to the second certification factor, the second certification factor that treated described in acquisition;
The then sending module 11, is also used to described that treated that the second certification factor by the terminal is sent to institute
State target MPOS equipment.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Fig. 8 is the structural schematic diagram of the Installation practice four of safety certification provided by the invention.The device of the safety certification
It can integrate in target MPOS equipment, can also be individual target MPOS equipment.As shown in figure 8, the device includes: to receive
Module 20 obtains module 21, sending module 22 and authentication module 23.
Wherein, receiving module 20, for receiving the certification request of terminal transmission;It is carried under server in the certification request
The first certification factor of hair;
Obtain module 21, for according to it is described first certification the factor, the target MPOS equipment second certification the factor and
The password PIN of the target MPOS equipment obtains response message;The response message includes the first PIN ciphertext and the target
The second certification factor of MPOS equipment, alternatively, the 2nd PIN ciphertext;
Sending module 22, for the response message to be sent to the server by the terminal, so that the clothes
Business device is according to the encryption key and the response message of the target MPOS equipment in preset database information to the mesh
Mark MPOS equipment is authenticated;
The receiving module 20 is also used to receive the server by the terminal in the certification target MPOS equipment
By rear transmission treated second certification the factor;
Authentication module 23, for according to the second of the encryption key of the target MPOS equipment, the target MPOS equipment
Certification the factor, it is described treated second certification factor pair described in terminal authenticated.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Fig. 9 is the structural schematic diagram of the Installation practice five of safety certification provided by the invention.Implement shown in above-mentioned Fig. 8
On the basis of example, further, above-mentioned acquisition module 21, comprising:
First acquisition unit 211, for the encryption key according to the target MPOS equipment to the first certification factor
The first processing is carried out with the second certification factor, obtains the second process key;
Second acquisition unit 212, for being added according to PIN of the second process password to the target MPOS equipment
It is close, obtain the first PIN ciphertext;
First determination unit 213, for the first PIN ciphertext and the second certification factor to be determined as the response
Message.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Figure 10 is the structural schematic diagram of the Installation practice six of safety certification provided by the invention.It is real shown in above-mentioned Fig. 8
On the basis of applying example, further, above-mentioned acquisition module 21, comprising:
Third acquiring unit 214 carries out second for the PIN to the first certification factor and the target MPOS equipment
Processing, obtains be-encrypted data;
4th acquiring unit 215, for be added according to the public key encryption of the encryption key of the target MPOS equipment
Ciphertext data and the second certification factor, obtain the 2nd PIN ciphertext;
Second determination unit 216, for determining that the 2nd PIN ciphertext is the response message.
The device of safety certification provided in an embodiment of the present invention, can execute above method embodiment, realization principle and
Technical effect is similar, and details are not described herein.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to
The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey
When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or
The various media that can store program code such as person's CD.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of method of safety certification characterized by comprising
The equipment at least one the mobile sale terminal MPOS equipment that server sends terminal according to preset database information
Mark and device address are screened, and determine the first MPOS equipment;The database information includes that at least one legal MPOS is set
The standby device address of device identification, the legitimate device, the password PIN of the legitimate device and the legitimate device plus
Key;
The server is by device address and the institute of the device identification of the first MPOS equipment and the first MPOS equipment
It states the corresponding first certification factor of the first MPOS equipment and is sent to the terminal;
The server receives the response message that target MPOS equipment is sent by the terminal, and the response message includes first
The second certification factor of PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext;The target MPOS equipment is institute
State the equipment that terminal is determined from the first MPOS equipment;
When the response message includes the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, the server is according to the data
The encryption key and the response message of the target MPOS equipment in the information of library authenticate the target MPOS equipment,
And after certification passes through, will treated that the second certification factor by the terminal is sent to the target MPOS equipment so that
Target MPOS equipment terminal according to treated the second certification factor pair is authenticated;
When the response message includes the 2nd PIN ciphertext, the server is according to the target in the database information
The encryption key of MPOS equipment and the response message authenticate the target MPOS equipment.
2. the method according to claim 1, wherein when the response message includes the first PIN ciphertext and described
Second certification is because of the period of the day from 11 p.m. to 1 a.m, encryption key and institute of the server according to the target MPOS equipment in the database information
It states response message to authenticate the target MPOS equipment, specifically include:
The server is according to the encryption key of the target MPOS equipment in the database information to first certification
The factor and the second certification factor carry out the first processing, obtain the first process key;
The server decrypts the first PIN ciphertext according to first process key, obtains the first PIN;
When the server judges that the first PIN is identical as the PIN of the target MPOS equipment in the database information
When, the server determines that the target MPOS equipment certification passes through.
3. the method according to claim 1, wherein when the response message include the 2nd PIN ciphertext when, it is described
Server is according to the encryption key and the response message of the target MPOS equipment in the database information to the mesh
Mark MPOS equipment is authenticated, and is specifically included:
The server is according to the decryption of the private key of the encryption key of the target MPOS equipment in the database information
2nd PIN ciphertext obtains ciphertext data;
The server is according to the public key of the encryption key of the target MPOS equipment in the database information to described
The PIN of the one certification factor and the target MPOS equipment in the database information carries out second processing, obtains process data;
When the server judges that the process data is identical as the ciphertext data, the server determines that the MPOS is set
Standby certification passes through.
4. according to the method described in claim 2, it is characterized in that, it is described will treated second certification the factor pass through the end
End is sent to the target MPOS equipment, specifically includes:
The server carries out mac calculating to the second certification factor, obtains treated the second certification factor, and will
It is described that treated that the second certification factor by the terminal is sent to the target MPOS equipment.
5. according to the method described in claim 3, it is characterized in that, it is described will treated second certification the factor pass through the end
End is sent to the target MPOS equipment, specifically includes:
The server, to the second certification factor signature, is obtained according to the private key of the encryption key of the target MPOS equipment
Treated the second certification factor, and treated that the second certification factor by the terminal is sent to the mesh by described
Mark MPOS equipment.
6. a kind of method of safety certification characterized by comprising
Target mobile sale terminal MPOS equipment receives the certification request that terminal is sent;It is carried under server in the certification request
The first certification factor of hair;
The target MPOS equipment is according to the first certification factor, the second certification factor and described of the target MPOS equipment
The password PIN of target MPOS equipment obtains response message;The response message includes that the first PIN ciphertext and the target MPOS are set
The second standby certification factor, alternatively, the 2nd PIN ciphertext;
The response message is sent to the server by the terminal by the target MPOS equipment, so that the server
According to the encryption key of the target MPOS equipment in preset database information and the response message to the target
MPOS equipment is authenticated;
When the response message includes the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, the target MPOS equipment passes through institute
It states terminal and receives the server second certification factor that sends that treated after authenticating the target MPOS equipment and passing through;Institute
State target MPOS equipment according to the encryption key of the target MPOS equipment, the target MPOS equipment the second certification factor,
It is described treated second certification factor pair described in terminal authenticated;
When the response message includes the 2nd PIN ciphertext, the server is according to the target in the database information
The encryption key of MPOS equipment and the response message authenticate the target MPOS equipment.
7. according to the method described in claim 6, it is characterized in that, the target MPOS equipment according to it is described first certification because
The second certification factor of sub, the described target MPOS equipment and the password PIN of the target MPOS equipment obtain response message, specifically
Include:
The target MPOS equipment is according to the encryption key of the target MPOS equipment to the first certification factor and described the
The two certification factors carry out the first processing, obtain the second process key;
The target MPOS equipment is encrypted according to PIN of the second process password to the target MPOS equipment, is obtained
The first PIN ciphertext;
The first PIN ciphertext and the second certification factor are determined as the response message by the target MPOS equipment.
8. according to the method described in claim 6, it is characterized in that, the target MPOS equipment according to it is described first certification because
The second certification factor of sub, the described target MPOS equipment and the password PIN of the target MPOS equipment obtain response message, specifically
Include:
The target MPOS equipment carries out second processing to the PIN of the first certification factor and the target MPOS equipment, obtains
To be-encrypted data;
Target MPOS equipment be-encrypted data according to the public key encryption of the encryption key of the target MPOS equipment and
The second certification factor, obtains the 2nd PIN ciphertext;
The target MPOS equipment determines that the 2nd PIN ciphertext is the response message.
9. a kind of device of safety certification characterized by comprising
Screening module, at least one mobile sale terminal MPOS equipment for being sent according to preset database information to terminal
Device identification and device address screened, determine the first MPOS equipment;The database information includes that at least one is legal
The device identification of MPOS equipment, the device address of the legitimate device, the legitimate device password PIN and described legal set
Standby encryption key;
Sending module, for by the device address of the device identification of the first MPOS equipment and the first MPOS equipment and
The first MPOS equipment corresponding first authenticates the factor and is sent to the terminal;
Receiving module, for receiving the response message that target MPOS equipment is sent by the terminal, the response message includes
The second certification factor of the first PIN ciphertext and the target MPOS equipment, alternatively, the 2nd PIN ciphertext;The target MPOS equipment
The equipment determined from the first MPOS equipment for the terminal;
Authentication module, for including the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m in the response message, according to the number
The target MPOS equipment is recognized according to the encryption key and the response message of the target MPOS equipment in the information of library
Treated the second certification factor by the terminal is sent to the target MPOS equipment and after certification passes through by card, with
Authenticate target MPOS equipment terminal according to treated the second certification factor pair;
Authentication module is also used to when the response message includes the 2nd PIN ciphertext, and the server is believed according to the database
The encryption key and the response message of the target MPOS equipment in breath authenticate the target MPOS equipment.
10. a kind of device of safety certification characterized by comprising
Receiving module, for receiving the certification request of terminal transmission;Server issues first is carried in the certification request to recognize
Demonstrate,prove the factor;
Module is obtained, for according to the first certification factor, the second certification factor of the target MPOS equipment and the mesh
The password PIN for marking MPOS equipment obtains response message;The response message includes the first PIN ciphertext and the target MPOS equipment
Second certification the factor, alternatively, the 2nd PIN ciphertext;
Sending module, for the response message to be sent to the server by the terminal, so that the server root
According to the encryption key and the response message of the target MPOS equipment in preset database information to the target MPOS
Equipment is authenticated;
The receiving module is also used in the response message include the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m, pass through
The terminal receives the server second certification factor that sends that treated after authenticating the target MPOS equipment and passing through;
Authentication module, for including the first PIN ciphertext and second certification because of the period of the day from 11 p.m. to 1 a.m in the response message, according to the mesh
Mark the encryption key of MPOS equipment, the second certification factor of the target MPOS equipment, treated the second certification factor
The terminal is authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610040856.0A CN105635164B (en) | 2016-01-21 | 2016-01-21 | The method and apparatus of safety certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610040856.0A CN105635164B (en) | 2016-01-21 | 2016-01-21 | The method and apparatus of safety certification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105635164A CN105635164A (en) | 2016-06-01 |
CN105635164B true CN105635164B (en) | 2019-01-08 |
Family
ID=56049654
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610040856.0A Active CN105635164B (en) | 2016-01-21 | 2016-01-21 | The method and apparatus of safety certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105635164B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453246B (en) * | 2016-08-30 | 2018-06-08 | 北京小米移动软件有限公司 | Equipment identity information distribution method, device and system |
CN108737341B (en) * | 2017-04-19 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Service processing method, terminal and server |
CN112003958A (en) * | 2020-07-03 | 2020-11-27 | 拉卡拉支付股份有限公司 | System and method for positioning transaction address |
CN111861221A (en) * | 2020-07-22 | 2020-10-30 | 海尔优家智能科技(北京)有限公司 | Equipment fault information pushing method and device, storage medium and electronic device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699989A (en) * | 2013-12-27 | 2014-04-02 | 福建联迪商用设备有限公司 | Payment platform and payment method on basis of intelligent equipment |
CN104661219A (en) * | 2015-01-15 | 2015-05-27 | 天地融科技股份有限公司 | Communication method of wireless equipment, wireless equipment and server |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201315314D0 (en) * | 2013-08-28 | 2013-10-09 | Mastercard International Inc | Value add service for mobile point of sale |
-
2016
- 2016-01-21 CN CN201610040856.0A patent/CN105635164B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699989A (en) * | 2013-12-27 | 2014-04-02 | 福建联迪商用设备有限公司 | Payment platform and payment method on basis of intelligent equipment |
CN104661219A (en) * | 2015-01-15 | 2015-05-27 | 天地融科技股份有限公司 | Communication method of wireless equipment, wireless equipment and server |
Also Published As
Publication number | Publication date |
---|---|
CN105635164A (en) | 2016-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102304778B1 (en) | System and method for initially establishing and periodically confirming trust in a software application | |
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
CN101300808B (en) | Method and arrangement for secure autentication | |
US20220237590A1 (en) | Systems and methods for phone-based card activation | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
JP2018532301A (en) | User authentication method and apparatus | |
CN110073387A (en) | Confirm being associated between communication equipment and user | |
TWI679556B (en) | Transaction method, device and system for virtual reality environment | |
JP2013512503A (en) | Secure mobile payment processing | |
CN102111271B (en) | Network security certification method and device thereof | |
CN112602104A (en) | System and method for password authentication of contactless cards | |
CN103944736A (en) | Data security interactive method | |
CN112889046A (en) | System and method for password authentication of contactless cards | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN105635164B (en) | The method and apparatus of safety certification | |
CN103942690A (en) | Data security interactive system | |
CN103944729A (en) | Data security interactive method | |
CN113168631A (en) | System and method for password authentication of contactless cards | |
CN103944734A (en) | Data security interactive method | |
CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
US20230252451A1 (en) | Contactless card with multiple rotating security keys | |
CN103944735A (en) | Data security interactive method | |
CN103944728A (en) | Data security interactive system | |
Abughazalah et al. | Secure mobile payment on NFC-enabled mobile phones formally analysed using CasperFDR |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200917 Address after: 210000 Sinpo Road, Jiangpu street, Pukou District, Nanjing, Jiangsu Province, No. 120 Patentee after: Nanjing Puyu Investment Co.,Ltd. Address before: 100088, 2 floor, building 1, Tai Yue garden, 202, Beijing, Haidian District Patentee before: BEIJING INTELLIGENT FRUIT TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right |