CN105654281A - Safe payment system and safe payment method - Google Patents
Safe payment system and safe payment method Download PDFInfo
- Publication number
- CN105654281A CN105654281A CN201511010528.8A CN201511010528A CN105654281A CN 105654281 A CN105654281 A CN 105654281A CN 201511010528 A CN201511010528 A CN 201511010528A CN 105654281 A CN105654281 A CN 105654281A
- Authority
- CN
- China
- Prior art keywords
- information
- payment
- data stream
- pos terminal
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
The invention relates to a safe payment system and a safe payment method. The safe payment system is provided with the components of a POS terminal which is used for transmitting a data flow to a safe payment pool and receiving control information that is fed back from the safe payment pool and is related with the data flow, and forwarding the data flow to a corresponding destination according to the control information; and the safe payment pool which is used for collecting and storing payment information which passes safety authentication and furthermore is used for receiving the data flow transmitted from the POS terminal and acquiring control information that is related with the data flow according to the payment information and returning to the POS terminal. The safe payment system and the safe payment method according to the invention can effectively improve payment safety.
Description
Technical field
The present invention relates to information security technology, particularly relate to a kind of safety payment system based on POS terminal and safe payment method.
Background technology
Along with intelligent movable operating system, 3G network universal, the extensive use of cloud computing, mobile electronic device and various abundant application emerge in an endless stream, and also advance internet intelligent POS to replace the trend of traditional dialing gradually.
Intelligent POS in the market generally carries Android intelligent operating system, and it takes full advantage of the advantage of 3G express network, allows big data quickly be possibly realized alternately, enjoys the wireless unimpeded of cloud payment. Operating level, finger directly operates on screen, chooses simple, intuitive, and input is convenient, pays and easily settles.
It is arranged on franchised business or bank card accepts in site, can be achieved with the forwarding function of electronic money. Generally, when service fulfillment, intelligence POS has consumption, pre-authorization, pre-authorization is cancelled, pre-authorization completes, pre-authorization completes the functions such as cancellation, the online return of goods, uses efficient, safety.
The safety of existing intelligence POS ensures mainly through the following aspects:
1. hardware security
(1) security module
The security module of system contains the function of three below aspect:
Secure data stores;
Key storage and management;
The encryption and decryption of data, signature and checking.
(2) code keypad and secure connection thereof: advise external employing conventional cipher keyboard, requires consistent with traditional financial POS code keypad.
2. application software safety
Security development and safeguard third-party application provider exploitation sector application, it is carried out security audit, signature and ALM by backstage.
1. data safety
Data include safely: data storage security; Data transmission security; Safety management.
Also the intelligence POS safety paid can be ensured from above several aspects, consider that intelligence POS is generally android system, one as open source software, application miscellaneous is also attached in android system, intelligence POS is under the environment of the Internet of an opening, although it is faster more convenient to transmit, but other internet uses person also can be directly connected to intelligence POS terminal.
Fig. 1 indicates that the payment system of existing intelligence POS.
This payment system includes application 500, POS system 600 and background system 700. POS system 600 carries out forwarding data so that payment information to be forwarded to background system 700 according to the payment information of application 500. But, it is contemplated that problem such as the intelligence leak of POS application and development, back door etc., once application is tampered, POS system 600 cannot judge again payment information whether safety, certainly will affect the fund security of payment, cause the property loss of client.
Summary of the invention
In view of the above problems, it is desirable to provide the safe payment method of a kind of POS terminal that can improve payment safety and safety payment system.
The safety payment system of the present invention, it is characterised in that possess:
POS terminal, to following secure payment pond and receives the control information relevant to described data stream come from above-mentioned secure payment pond feedback for sending data stream, and according to this control information, described stream compression is dealt into corresponding destination;
Secure payment pond, for collecting storage payment information through safety certification, and for accepting send, from described POS terminal, the data stream come and obtain the control information relevant to this data stream according to described payment information and return to POS terminal.
Preferably, it is further equipped with: be used for the application server of follow-up payment flow,
Described POS terminal includes:
Proxy module, for monitoring and analyze the data stream of POS terminal generation and being forwarded to described secure payment pond;
Forwarding module, receive the data stream from described secure payment pond feedback and described control information, according to described control information, the trust data circulation in the data stream of feedback is dealt into described application server, the untrusted stream compression in the data stream of feedback is dealt into following safe black hole module;
Safe black hole module, sends, from described forwarding module, the untrusted data stream of coming for abandoning.
Described secure payment pond includes:
Safe pool module, for collecting storage payment information through safety certification;
Flow control apparatus, receives the data stream from described POS terminal, obtains the control information relevant to this data stream according to the described payment information of storage in described safe pool module and this data stream and control information are returned to described POS terminal.
Preferably, in described safe pool module, application software information and server ip information are at least stored as payment information.
Preferably, this application software information, for analyzing the data stream of described POS terminal generation and obtaining application software information, is forwarded to described secure payment pond by described proxy module.
Preferably, in described safe pool module, described application software information and server ip information store accordingly.
Preferably, described flow control apparatus receives the data stream from described POS terminal, the control information that this data stream is corresponding is obtained, if trust data stream then notification server IP information is if untrusted data stream then informs safe black hole IP information according to the described payment information of storage in described safe pool module.
The safe payment method of the present invention, it is characterised in that this safe payment method utilizes POS terminal and secure payment pond to realize, and comprises the steps:
Data-flow detection step: POS terminal detects the data stream of generation, analyzes this data stream, and analysis result and described data stream are sent to secure payment pond;
Control information generating step, in the secure payment pond inquiry control information corresponding with this analysis result and described control information is fed back to POS terminal according to described analysis result;And
Forwarding data flow step, described stream compression is dealt into corresponding destination according to feeding back described control information by POS terminal.
Preferably, described data-flow detection step includes following sub-step:
POS terminal detects the data stream of generation;
Analyze this data stream at least to obtain the application software information that this data stream includes;
Application software information is sent to secure payment pond as analyzing result.
Preferably, described control information generating step includes following sub-step:
According to described application software information, in secure payment pond, whether inquiry exists the server ip information corresponding with this application software information; And
If there is the server ip information corresponding with this software information, it is judged as trust data stream, if there is no corresponding with this software information server ip information is then judged as untrusted data stream, and by control information namely, trust data stream informed to the server ip information corresponding with this application software information, suspect traffic informed to the safe black hole such control information of IP information feeds back to POS terminal.
Preferably, in described forwarding data flow step, the circulation of described trust data is dealt into the server ip address of correspondence, the safe black hole being discarded into by suspect traffic in POS terminal according to feeding back described control information by POS terminal.
In the safe payment method and safety payment system of the present invention, utilize the retransmission unit with transfer capability having in the secure payment pond and POS terminal controlling function, trusted payment data stream can be forwarded to by the retransmission unit of POS terminal the application server of correspondence, and the circulation of untrusted payment data is dealt into safe black hole module. So, even if POS application is tampered, namely when the payment data stream produced is non-trust data stream, payment system is when forwarding this payment data stream, pond is paid by query safe, may be notified that the payment data stream abandoning this untrusted, thereby, it is possible to fundamentally ensure the safety of fund.
Accompanying drawing explanation
Fig. 1 indicates that the payment system of existing intelligence POS.
Fig. 2 indicates that the organigram of the safety payment system of the POS terminal of an embodiment of the present invention.
Detailed description of the invention
Be described below be the present invention multiple embodiments in some, it is desirable to provide the basic understanding to the present invention. It is not intended as confirming the crucial of the present invention or conclusive key element or limiting scope of the claimed.
Fig. 2 indicates that the organigram of the safety payment system of the POS terminal of an embodiment of the present invention.
The safety payment system of an embodiment of the present invention includes: POS terminal 100, secure payment pond 200 and application server 300. By the Internet transmission signal between POS terminal 100 and secure payment pond 200.
Wherein, POS terminal 100 includes: proxy module 101, retransmission unit 102 and safe black hole module 103. Secure payment pond 200 includes: flow control apparatus 201 and safe pool module 202. Application server 300 has been used for follow-up payment action.
POS terminal 100 is for receiving the data stream (can also be called payment data stream) of the external screen of android system, keyboard, the inquiry of video input, payment etc., and sending this data stream and to secure payment pond 200 and receive the control information of the data stream returned from secure payment pond 200 and according to this control information transmitting data flow to corresponding destination, corresponding purpose includes the application service end 300 for performing continuation payment operation and for abandoning the safe black hole 103 of untrusted data stream here.Secure payment pond 200 is for collecting and store payment information through safety certification, and is used for accepting send, from POS terminal 100, the data stream come and obtain the control information of this data stream according to payment information and return to POS terminal 100.
Specifically, in POS terminal 100, proxy module 101 is for monitoring and analyze the data stream of POS terminal 100 generation and this stream compression being dealt into secure payment pond 200, mainly, proxy module 101 is for monitoring the data stream that POS terminal 100 produces, and analyze this data stream, for instance at least analyze and obtain application software information therein, and this application software information is forwarded to secure payment pond 200. Trust data circulation in the data stream of feedback, for receiving the data stream and control information fed back from secure payment pond 200, is dealt into the application server 300 of subsequent transaction, the untrusted stream compression in the data stream of feedback is dealt into safe black hole module 103 according to described control information by forwarding module 102. Safe black hole module 103 sends, from forwarding module 102, the untrusted data stream of coming for abandoning.
Specifically, in secure payment pond 200, safe pool module 201 is for collecting storage payment information through safety certification. This payment information includes: application software information, server ip information, certificate information etc., and this payment information is for the inquiry of following flow control apparatus 202. Wherein, at least application software information and server ip information are to store correspondingly.
Flow control apparatus 202, for accepting and analyze POS device 100 to send the data stream of coming, is inquired about the control information of data stream, and is returned result to POS device 100 according to the data flow safe pool module 201 after analyzing. Specifically, flow control apparatus 202 receives the data stream from POS terminal 100, based on the payment information above by safety certification of storage in described safe pool module 201, such as, according to the server ip information that the application software acquisition of information in data stream is corresponding with this application software information, trust data stream is informed to the server ip information that the destination needing to forward is namely corresponding, safe black hole IP is informed for untrusted data stream.
Then, the safe payment method for the POS terminal of the one embodiment of the present invention realized based on the safety payment system of the invention described above illustrates. Present an embodiment of prepaid mobile phone recharging in this embodiment.
Similarly, with reference to Fig. 2, the safe payment method of this embodiment is illustrated.
As in figure 2 it is shown, the safe payment method of one embodiment of the present invention comprises the steps:
Step S100(is not shown): enter POS terminal 100 prepaid mobile phone recharging application, input supplement with money phone number, cost the amount of money after submit to pay application;
The proxy module 101 of step S101:POS terminal 100 detects that system has payment data miscarriage raw, analyzes payment data stream and obtains the software information of this prepaid mobile phone recharging application, and the software information that this prepaid mobile phone recharging is applied is sent to secure payment pond 200;
Step S102: after the flow control apparatus 201 in secure payment pond 200 receives above-mentioned software information, to safe pool module polls software information and server ip;
Step S103: safe pool module receives Query Information and obtains the control information to this payment data stream according to Query Information, specifically, in payment information through safety certification in safe pool module 202, according to the above-mentioned software information inquiry server ip corresponding with this software information, the server ip information corresponding with this software information is obtained for trusted payment data stream, for the untrusted payment data stream safe black hole IP of acquisition;
Step S104: flow control apparatus 201 sends the above-mentioned control information retransmission unit 102 to POS terminal 100;
Step S105: if trusted payment data stream, the payment data circulation that 102 these prepaid mobile phone rechargings of retransmission unit are applied is dealt into corresponding believable server, completes transaction request;
Step S106: if insincere payment data stream, retransmission unit 102 is then dealt into safe black hole module 107 to abandon data stream the circulation of this payment data.
In the safe payment method and safety payment system of the present invention, utilize the retransmission unit 102 with transfer capability having in the secure payment pond 200 and POS terminal 100 controlling function, trusted payment data stream can be forwarded to by the retransmission unit 102 of POS terminal 100 application server 300 of correspondence, and the circulation of untrusted payment data is dealt into safe black hole module 103. So, even if POS application is tampered, namely when the payment data stream produced is non-trust data stream, payment system is when forwarding this payment data stream, pond is paid by query safe, may be notified that the payment data stream abandoning this untrusted, thereby, it is possible to fundamentally ensure the safety of fund.
Example above primarily illustrates safe payment method and the safety payment system of the present invention. Although only some of them the specific embodiment of the present invention being described, but those of ordinary skill in the art it is to be appreciated that the present invention can without departing from its spirit with scope in many other form implement. Therefore, the example shown and embodiment are considered illustrative and not restrictive, and when the of the present invention spirit and scope defined without departing from such as appended claims, the present invention is likely to contain various amendments and replacement.
Claims (10)
1. a safety payment system, it is characterised in that possess:
POS terminal, to following secure payment pond and receives the control information relevant to described data stream come from above-mentioned secure payment pond feedback for sending data stream, and according to this control information, described stream compression is dealt into corresponding destination;
Secure payment pond, for collecting storage payment information through safety certification, and for accepting send, from described POS terminal, the data stream come and obtain the control information relevant to this data stream according to described payment information and return to POS terminal.
2. safety payment system as claimed in claim 1, it is characterised in that
It is further equipped with: be used for the application server of follow-up payment flow,
Described POS terminal includes:
Proxy module, for monitoring and analyze the data stream of POS terminal generation and being forwarded to described secure payment pond;
Forwarding module, receive the data stream from described secure payment pond feedback and described control information, according to described control information, the trust data circulation in the data stream of feedback is dealt into described application server, the untrusted stream compression in the data stream of feedback is dealt into following safe black hole module;
Safe black hole module, sends, from described forwarding module, the untrusted data stream of coming for abandoning,
Described secure payment pond includes:
Safe pool module, for collecting storage payment information through safety certification;
Flow control apparatus, receives the data stream from described POS terminal, obtains the control information relevant to this data stream according to the described payment information of storage in described safe pool module and control information is returned to described POS terminal.
3. safety payment system as claimed in claim 2, it is characterised in that
In described safe pool module, application software information and server ip information are at least stored as payment information.
4. safety payment system as claimed in claim 3, it is characterised in that
This application software information, for analyzing the data stream of described POS terminal generation and obtaining application software information, is forwarded to described secure payment pond by described proxy module.
5. safety payment system as claimed in claim 4, it is characterised in that
In described safe pool module, described application software information and server ip information store accordingly.
6. safety payment system as claimed in claim 5, it is characterised in that
Described flow control apparatus receives the data stream from described POS terminal, the control information that this data stream is corresponding is obtained, if trust data stream then notification server IP information is if untrusted data stream then informs safe black hole IP information according to the described payment information of storage in described safe pool module.
7. a safe payment method, it is characterised in that this safe payment method utilizes POS terminal and secure payment pond to realize, and comprises the steps:
Data-flow detection step: POS terminal detects the data stream of generation, analyzes this data stream, and analysis result and described data stream are sent to secure payment pond;
Control information generating step, in the secure payment pond inquiry control information corresponding with this analysis result and described control information is fed back to POS terminal according to described analysis result; And
Forwarding data flow step, described stream compression is dealt into corresponding destination according to feeding back described control information by POS terminal.
8. safe payment method as claimed in claim 7, it is characterised in that described data-flow detection step includes following sub-step:
POS terminal detects the data stream of generation;
Analyze this data stream at least to obtain the application software information that this data stream includes;
Application software information is sent to secure payment pond as analyzing result.
9. safe payment method as claimed in claim 7, it is characterised in that described control information generating step includes following sub-step:
According to described application software information, in secure payment pond, whether inquiry exists the server ip information corresponding with this application software information; And
If there is the server ip information corresponding with this software information, it is judged as trust data stream, if there is no corresponding with this software information server ip information is then judged as untrusted data stream, and by control information namely, trust data stream informed to the server ip information corresponding with this application software information, suspect traffic informed to the safe black hole such control information of IP information feeds back to POS terminal.
10. safe payment method as claimed in claim 9, it is characterised in that
In described forwarding data flow step, the circulation of described trust data is dealt into the server ip address of correspondence, the safe black hole being discarded into by suspect traffic in POS terminal according to the described control information fed back by POS terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511010528.8A CN105654281A (en) | 2015-12-30 | 2015-12-30 | Safe payment system and safe payment method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511010528.8A CN105654281A (en) | 2015-12-30 | 2015-12-30 | Safe payment system and safe payment method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105654281A true CN105654281A (en) | 2016-06-08 |
Family
ID=56478229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511010528.8A Pending CN105654281A (en) | 2015-12-30 | 2015-12-30 | Safe payment system and safe payment method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105654281A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117252599A (en) * | 2023-11-17 | 2023-12-19 | 深圳合纵富科技有限公司 | Dual security authentication method and system for intelligent POS machine |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103108245A (en) * | 2011-11-15 | 2013-05-15 | 中国银联股份有限公司 | Smart television payment secret key system and payment method based on smart television |
| CN104361491A (en) * | 2014-11-03 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile paying method and system |
| CN104715360A (en) * | 2013-12-16 | 2015-06-17 | 中国银联股份有限公司 | Card-free payment and collection system and method |
-
2015
- 2015-12-30 CN CN201511010528.8A patent/CN105654281A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103108245A (en) * | 2011-11-15 | 2013-05-15 | 中国银联股份有限公司 | Smart television payment secret key system and payment method based on smart television |
| CN104715360A (en) * | 2013-12-16 | 2015-06-17 | 中国银联股份有限公司 | Card-free payment and collection system and method |
| CN104361491A (en) * | 2014-11-03 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile paying method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117252599A (en) * | 2023-11-17 | 2023-12-19 | 深圳合纵富科技有限公司 | Dual security authentication method and system for intelligent POS machine |
| CN117252599B (en) * | 2023-11-17 | 2024-03-15 | 深圳合纵富科技有限公司 | Dual security authentication method and system for intelligent POS machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220368705A1 (en) | Logical Validation of Devices Against Fraud and Tampering | |
| CN101438255B (en) | Network and application attack protection based on application layer message inspection | |
| KR101354898B1 (en) | Electronic commerce transactions over a peer-to-peer communications channel | |
| CN104811428A (en) | Method, device and system for verifying client identity by social relation data | |
| US7117366B2 (en) | Public key based authentication method for transaction delegation in service-based computing environments | |
| CN110971656B (en) | Secure storage of data in a blockchain | |
| KR102119449B1 (en) | Aggregation open api platform system, method for prividing financial services using the same and computer program for the same | |
| JP2019530040A (en) | Device logical validation against fraud and tampering | |
| CN104767613A (en) | Signature verification method, device and system | |
| CN104620225A (en) | Certifying server side web applications against security vulnerabilities | |
| CN101388096A (en) | Multi-platform data standardization processing method and system | |
| CN110599155A (en) | Payment method and payment system | |
| US20170270602A1 (en) | Object manager | |
| CN104301293A (en) | Data processing method, device and system | |
| CN105654281A (en) | Safe payment system and safe payment method | |
| US20200043016A1 (en) | Network node for processing measurement data | |
| CN110852744A (en) | Method, device, terminal equipment and medium for switching transaction channels | |
| Dorigo | Security information and event management | |
| CN106886865A (en) | A kind of processing method and processing device, system for storing voucher | |
| CN111367993A (en) | Data service method and device based on end-to-end | |
| CN105592013B (en) | A kind of sensitive information processing method, device and client | |
| CN113673979A (en) | Overseas department store management system | |
| KR102085695B1 (en) | Apparatus and method for providing data service using blockchain network | |
| CN109934009A (en) | A kind of personal information data query interaction authorization method | |
| US20230091965A1 (en) | Systems and methods for application-based management of transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |
|
| RJ01 | Rejection of invention patent application after publication |