CN105978856B - A kind of POS machine key downloading method, apparatus and system - Google Patents
A kind of POS machine key downloading method, apparatus and system Download PDFInfo
- Publication number
- CN105978856B CN105978856B CN201610243644.2A CN201610243644A CN105978856B CN 105978856 B CN105978856 B CN 105978856B CN 201610243644 A CN201610243644 A CN 201610243644A CN 105978856 B CN105978856 B CN 105978856B
- Authority
- CN
- China
- Prior art keywords
- card
- key
- random number
- ciphertext
- pos machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
- G07G1/14—Systems including one or more distant stations co-operating with a central processing unit
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
This application provides a kind of POS machine key downloading method, apparatus and system, POS machine key downloading method includes: to obtain IC card key;It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded;It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;Store the POS machine master key to be used.In this application, since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to the mode of the POS machine of key to be downloaded compared in such a way that serial ports transmits plaintext from the single Platform Server of receipts, POS machine master key is not easy to be trapped in downloading process, therefore improves the safety of POS machine master key downloading.
Description
Technical field
This application involves POS machine key downloading field, in particular to a kind of POS machine key downloading method, apparatus and system.
Background technique
With the raising of level of mass consumption, POS (point of sale, point-of-sale terminal) machine is widely used, so that with
Family is no longer limited to cash when doing shopping and pays a bill, but uses to swipe the card and pay a bill.
Wherein, POS machine needs to have terminal key, to guarantee the safety of transaction.The key of POS machine includes POS machine master
Key and working key, working key are the data encryption key of bottom (for preventing terminal transmission information from distorting and protecting use
Family bank card password).Since working key is completed to update by online transaction of registering, POS machine master key is used in renewal process
Encryption and decryption is carried out to ensure safety, therefore POS machine master key needs downloading in advance.
Currently, the downloading mode of POS machine master key are as follows: female POS downloads each POS machine from single Platform Server batch is received
POS machine master key, then the POS machine master key of each POS machine is decrypted in mother POS, will be each after decryption by serial ports
POS machine master key is transferred to corresponding POS machine.Since the POS machine master key transmitted by serial ports is plaintext, it is easy to be gone here and there
Mouth reading data tool is intercepted and captured, and POS machine master key is caused to be easy leakage in downloading process, and safety is poor.
Summary of the invention
In order to solve the above technical problems, the embodiment of the present application provides a kind of POS machine key downloading method, apparatus and system,
To achieve the purpose that improve the safety of POS machine master key downloading, technical solution is as follows:
A kind of POS machine key downloading method, comprising:
Obtain IC card key, the IC card medium that the IC card key is connected by the point-of-sale terminal POS machine of key to be downloaded
The card key of City Operation Manager's card;
It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, the POS
Key ciphertext is to use the IC card key, and POS machine master key assigned by the POS machine to the key to be downloaded adds
Close obtained ciphertext;
It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;
Store the POS machine master key to be used.
Preferably, the POS key ciphertext for receiving that the POS machine that single Platform Server is directed to the key to be downloaded issues is received
Process, comprising:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted,
Obtain the first random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, the first two-way authentication information is uploaded to described
Receive single Platform Server, the first two-way authentication information includes at least IC card numbers, the first random number, the second random number and the
One random number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes second random
Number ciphertext and the POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table
The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information
The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information,
Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective
Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information
Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext form first response message.
Preferably, close using the IC card after receiving first response message for receiving single Platform Server transmission
Before the POS key ciphertext is decrypted in key, further includes:
It is decrypted using the second random number ciphertext described in the IC card key pair, the second random number after being decrypted;
Whether identical verify the second random number and second random number after the decryption;
If so, executing the step of being decrypted using POS key ciphertext described in the IC card key pair.
Preferably, further includes:
When mistake occurs for any one step in the POS machine key downloading method, error code and mistake letter are prompted
Breath.
Preferably, further includes: execute inspection process flow;
The inspection process flow includes:
After prompt City Operation Manager inputs inspection action, the inspection action of City Operation Manager's input is received;
After prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received;
In prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detecting and the key to be downloaded
The connected card of POS machine be that IC medium City Operation Manager blocks, then obtain the IC medium being connected with the POS machine of the key to be downloaded and transport
The IC card key of battalion's manager's card;
Third random number and the 4th random number are generated, and is transported with the IC medium being connected with the POS machine of the key to be downloaded
Third random number described in the IC card key pair of battalion's manager's card is encrypted, and third random number ciphertext is obtained;
After sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information and inspection letter are uploaded
Breath to the single Platform Server of receipts, the second two-way authentication information including at least IC card numbers, third random number, the 4th with
Machine number and third random number ciphertext, the inspection information include inspection action, the operation of City Operation Manager's input
Handle the terminal number of the POS machine of the equipment state inputted, trade company number and the key to be downloaded;
Second response message receiving single Platform Server and sending is received, second response message includes the 4th random
Number ciphertext;
4th described in the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded
Random number ciphertext is decrypted, the 4th random number after being decrypted;
Whether identical verify the 4th random number and the 4th random number after the decryption;
If so, printing inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding
The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number
POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table
The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information
The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding
IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used
4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
Preferably, when mistake occurs for a certain step in inspection process flow, error code and error message are prompted.
A kind of POS machine key download apparatus, comprising:
First acquisition unit, for obtaining IC card key, the IC card key is the point-of-sale terminal POS machine of key to be downloaded
The card key of the IC card medium City Operation Manager card connected;
First receiving unit, for receiving the POS for receiving single Platform Server and issuing for the POS machine of the key to be downloaded
Key ciphertext, the POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded
The ciphertext that POS machine master key is encrypted;
First decryption unit is obtained to be used for being decrypted using POS key ciphertext described in the IC card key pair
POS machine master key;
Storage unit, for storing the POS machine master key to be used.
Preferably, first receiving unit includes:
First encryption unit, for generating the first random number and the second random number, and the described in the IC card key pair
One random number is encrypted, and the first random number ciphertext is obtained;
First uploading unit, for uploading first after sending downloading master key request to the single Platform Server of the receipts
Two-way authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, first with
Machine number, the second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium operation warp of the IC card key
Manage the card number of card;
First receiving subelement, the first response message sent for receiving the single Platform Server of the receipts, described first
Response message includes that the second random number ciphertext and the list Platform Server of receiving are issued for the POS machine of the key to be downloaded
POS key ciphertext;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table
The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information
The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information,
Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective
Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information
Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext form first response message.
Preferably, further includes:
Second decryption unit is solved for being decrypted using the second random number ciphertext described in the IC card key pair
Second random number after close;
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if
It is that the first decryption unit of triggering is decrypted using POS key ciphertext described in the IC card key pair.
Preferably, further includes:
First prompt unit when mistake occurs for any one step in the POS machine key downloading method, prompts mistake
Code and error message.
Preferably, further includes:
Second receiving unit, for receiving City Operation Manager's input after prompt City Operation Manager inputs inspection action
Inspection action;
Third receiving unit, for receiving the equipment of City Operation Manager's input after prompt City Operation Manager inputs equipment state
State;
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detecting
It is IC medium City Operation Manager card to the card being connected with the POS machine of the key to be downloaded, then obtains and the key to be downloaded
The IC card key of the connected IC medium City Operation Manager card of POS machine;
Second encryption unit, for generating third random number and the 4th random number, and with the POS with the key to be downloaded
Third random number described in the IC card key pair of the connected IC medium City Operation Manager card of machine encrypts, and it is close to obtain third random number
Text;
Second uploading unit, for uploading second pair after sending inspection transaction request to the single Platform Server of the receipts
To authentication information and inspection information to the single Platform Server of the receipts, the second two-way authentication information includes at least IC card card
Number, third random number, the 4th random number and third random number ciphertext, the inspection information includes patrolling for City Operation Manager's input
Examine the terminal number of the POS machine of action, the equipment state of City Operation Manager input, trade company number and the key to be downloaded;
4th receiving unit, for receiving second response message receiving single Platform Server and sending, described second is answered
Answering message includes the 4th random number ciphertext;
Third decryption unit, for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block
4th random number ciphertext described in IC card key pair is decrypted, the 4th random number after being decrypted;
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if
It is to print inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding
The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number
POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table
The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information
The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding
IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used
4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
Preferably, further includes:
Second prompt unit, in inspection process flow a certain step occur mistake when, prompt error code and
Error message.
A kind of POS machine key download system, including the single Platform Server of IC card medium City Operation Manager card, receipts and such as above-mentioned
POS machine key download apparatus described in meaning one;
The IC card medium City Operation Manager card is stored with IC card key;
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS is close
Key ciphertext is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to it is described to
Download the ciphertext that POS machine master key assigned by the POS machine of key is encrypted.
Preferably, the single Platform Server of the receipts includes:
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus;
Third acquiring unit, for from the IC card card obtained in IC card key mapping table in the first two-way authentication information
Number corresponding IC card key;
4th decryption unit, for using the corresponding IC card key pair of IC card numbers in the first two-way authentication information
The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information
When first random number is identical, download permission, the IC of the corresponding IC card of IC card numbers in the first two-way authentication information are checked
Card-like state and IC card validity period;
Third encryption unit, for being the corresponding IC of IC card numbers in the first two-way authentication information in inspection result
It is to have received with IC card validity period when being effective that card, which has download permission, IC card state, using in the first two-way authentication information
The corresponding IC card key pair of IC card numbers described in the second random number encrypted, obtain the second random number ciphertext;
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the key to be downloaded
The POS key ciphertext that POS machine issues forms the first response message;
Second inspection unit, legitimacy and the terminal number for checking corresponding trade company of the trade company number it is corresponding to
Download the legitimacy of the POS machine of key;
4th acquiring unit, in the legal and described terminal number pair that inspection result is corresponding trade company of the trade company number
The POS machine for the key to be downloaded answered it is legal when, the single Platform Server of the receipts obtains described the from IC card key mapping table
The corresponding IC card key of IC card numbers in two two-way authentication information;
5th decryption unit, for using the corresponding IC card key pair of IC card numbers in the second two-way authentication information
The third random number ciphertext is decrypted, third random number after being decrypted;
Third inspection unit, for examining when third random number is identical with the third random number after verifying the decryption
Look into the inspection permission of the corresponding IC card of the IC card numbers;
4th encryption unit, for making when inspection result is that the corresponding IC card of the IC card numbers has inspection permission
The 4th random number described in the corresponding IC card key pair of the IC card numbers in the second two-way authentication information is encrypted, and is obtained
4th random number ciphertext;
Determination unit, for using the 4th random number ciphertext as second response message.
Compared with prior art, the application has the beneficial effect that
In this application, the POS machine of key to be downloaded passes through directly from single Platform Server reception POS key ciphertext is received
The IC card key pair POS key ciphertext got is decrypted, and obtains POS machine master key to be used, and store POS machine to be used
Master key realizes the downloading of POS machine master key.
Since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to under from the single Platform Server of receipts
Carry key POS machine mode compared to serial ports transmit plaintext by way of, POS machine master key be not easy in downloading process by
It intercepts and captures, therefore improves the safety of POS machine master key downloading.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for
For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is a kind of flow chart of POS machine key downloading method provided by the present application;
Fig. 2 is the process schematic of generation and the storage of IC card key;
Fig. 3 is another flow chart of POS machine key downloading method provided by the present application;
Fig. 4 is a kind of sub-process figure of POS machine key downloading method provided by the present application;
Fig. 5 is another sub-process figure of POS machine key downloading method provided by the present application;
Fig. 6 is another sub-process figure of POS machine key downloading method provided by the present application;
Fig. 7 is a kind of logical construction schematic diagram of POS machine key download apparatus provided by the present application;
Fig. 8 is a kind of logical construction schematic diagram of POS machine key download system provided by the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall in the protection scope of this application.
Embodiment one
In the present embodiment, a kind of POS machine key downloading method is provided, POS machine is applied to.
Referring to Figure 1, it illustrates a kind of flow chart of POS machine key downloading method provided by the present application, may include
Following steps:
Step S11: IC card key is obtained.
In the present embodiment, the IC card medium City Operation Manager that the IC card key is connected by the POS machine of key to be downloaded
The card key of card.
In the present embodiment, POS machine is installed by City Operation Manager to trade company, is inserted into one in the POS machine of key to be downloaded
IC card medium City Operation Manager card is opened, and is blocked using the code keyboard of the POS machine of key to be downloaded input IC card medium City Operation Manager
Corresponding key IC card password, the POS machine of key to be downloaded is in the correct situation of key IC card password of verifying input, from inserting
Enter in the IC card medium City Operation Manager card in the POS machine of key to be downloaded and read IC card key, to complete the acquisition of IC card key.
In the present embodiment, the generation of the IC card key of IC card medium City Operation Manager card storage and storing process are as follows:
In the present embodiment, it is successively from top to down using three-level key management system in accordance with the key safety standard requirements of China Unionpay
(i.e. POS machine master key and POS machine working key, POS machine master are close for master key (LMK), key exchange key (ZMK), data key
Key is TMK, and POS machine working key is TPK and ZAK).Higher level's key is for encrypting junior's key, specifically: a: master key is used
It is locally stored in encrypted key exchange key and data key;B: key exchange key makees network biography for encrypted data key
It is defeated;C: data key is used to carry out encryption and decryption to data.Corporate operations personnel inputs LMK and ZMK into encryption equipment, and encryption equipment is raw
At IC card key, encryption equipment encrypts ZMK using LMK, generates ZMK root key ciphertext, and encryption equipment uses ZMK encrypting IC card key,
Generate IC card key ciphertext.IC card key ciphertext is sent to the single Platform Server of receipts by encryption equipment, receives single Platform Server for IC
Card key ciphertext imports card-issuing equipment (such as female POS machine), and corporate operations personnel inputs ZMK to card-issuing equipment, and to card-issuing equipment
The ZMK of input is identical with the ZMK inputted into encryption equipment, and card-issuing equipment carries out IC card key ciphertext using the ZMK received
Decryption obtains IC card key, and by IC card key write-in IC card medium City Operation Manager card, as shown in Figure 2.
By corporate operations personnel (i.e. company operation administrator and cooperation machine when being stuck in distribution due to IC card medium City Operation Manager
Structure administrator) to card-issuing equipment input ZMK, and when being blocked using IC card medium City Operation Manager by City Operation Manager using to be downloaded
The code keyboard input IC card medium City Operation Manager of the POS machine of key blocks corresponding key IC card password, it is therefore desirable to pass through three
Grade authorization could use, if any level-one authorization is obstructed and can IC card be made to fail in three-level authorization, realize IC card medium and transport
The multi-stage authentication management of battalion's manager's card can meet trade company's POS machine that service cooperation quotient expands it and carry out master key downloading installation
Needs.
In the present embodiment, every IC card medium City Operation Manager card only stores an IC card key.Since every IC card is situated between
Matter City Operation Manager card can only use in specified POS machine, cannot use in other POS machine, so even an IC card is situated between
Matter City Operation Manager, which blocks, to lose, and only will affect the downloading that seldom sub-fraction POS machine carries out master key.
In the present embodiment, since when carrying out the downloading of POS machine master key, an IC card medium City Operation Manager card is only to one
A POS machine carries out the downloading of master key, therefore IC card is tightened up by the control on backstage, and safety is higher.
Wherein it is possible to the distribution of IC card medium City Operation Manager card, receive, recycle, modify, freeze/thaw, cancel offer
It is managed.It can be operated by " freezing " and realize reporting the loss for IC card medium City Operation Manager card, make the IC card medium operation lost
Manager's card failure, prevents IC card medium City Operation Manager card to be illegally used.
In the present embodiment, the usage record of every IC card medium City Operation Manager card can be queried to, every IC card
The usage record of medium City Operation Manager card is mainly included POS terminal number, (is alerted by POS machine telephone-moving using the time, using position
System obtains) and user's information, if it find that the usage record of IC card medium City Operation Manager card is abnormal, it can be to abnormal IC card
Medium City Operation Manager, which blocks, carries out freeze operation, and IC card medium City Operation Manager is made to block failure.
Step S12: it receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded.
The POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded
The ciphertext that POS machine master key is encrypted, as shown in Figure 2.Encryption equipment is added using IC card key pair POS machine master key
It is close, POS key ciphertext is generated, POS key ciphertext is sent to the single Platform Server of receipts, it is close that the single Platform Server of receipts issues POS
Key ciphertext to key to be downloaded POS machine.
In the present embodiment, since the master key of the POS machine of different keys to be downloaded is different, single platform service is received
The POS key ciphertext that device is issued for the POS machine of different keys to be downloaded is different.
Step S13: being decrypted using POS key ciphertext described in the IC card key pair, and it is close to obtain POS machine master to be used
Key.
Step S14: the storage POS machine master key to be used.
In this application, the POS machine of key to be downloaded passes through directly from single Platform Server reception POS key ciphertext is received
The IC card key pair POS key ciphertext got is decrypted, and obtains POS machine master key to be used, and store POS machine to be used
Master key realizes the downloading of POS machine master key.
Since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to under from the single Platform Server of receipts
Carry key POS machine mode compared to serial ports transmit plaintext by way of, POS machine master key be not easy in downloading process by
It intercepts and captures, therefore improves the safety of POS machine master key downloading.
Embodiment two
In the present embodiment, another flow chart of POS machine key downloading method provided by the present application is shown, can wrap
Include following steps:
Step S31: IC card key is obtained.
Step S31 is identical as the step S11 in the POS machine key downloading method shown in embodiment one, and details are not described herein.
Step S32: generating the first random number and the second random number, and the first random number described in the IC card key pair into
Row encryption, obtains the first random number ciphertext.
Step S33: after sending downloading master key request to the single Platform Server of the receipts, the first two-way authentication letter is uploaded
Breath to the single Platform Server of receipts, the first two-way authentication information including at least IC card numbers, the first random number, second with
Machine number and the first random number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key.
Certainly, in the present embodiment, the first two-way authentication information can also include: the corresponding IC medium operation of IC card key
Handle the equipment Serial Number and key IC card password of the POS machine of sequence number, key to be downloaded in the card of card.
Step S34: receiving first response message receiving single Platform Server and sending, and first response message includes
Second random number ciphertext and the POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded.
Step S32 to step S34 is to receive the single Platform Server of receipts to issue for the POS machine of the key to be downloaded
The detailed process of POS key ciphertext.
Step S35: being decrypted using the second random number ciphertext described in the IC card key pair, after being decrypted second with
Machine number.
Step S36: it is whether identical that the second random number and second random number after the decryption are verified.
If so, executing step S37.
In the present embodiment, whether identical by the second random number after the verifying decryption and second random number, come
Whether the single Platform Server of confirmation receipts is legal, when the second random number is identical with second random number after verifying decryption, confirmation
It is legal to receive single Platform Server, and after the single Platform Server of confirmation receipts is legal, executes subsequent step.
Step S37: being decrypted using POS key ciphertext described in the IC card key pair, and it is close to obtain POS machine master to be used
Key.
Step S38: the storage POS machine master key to be used.
Step S37 to the step S38 and step S13 to step S14 in the POS machine key downloading method shown in embodiment one
Identical, details are not described herein.
In the present embodiment, the detailed process of the first response message refers to Fig. 4, may comprise steps of:
Step S41: it receives single Platform Server and receives the first two-way authentication information.
Step S42: it receives single Platform Server and is obtained in the first two-way authentication information from IC card key mapping table
The corresponding IC card key of IC card numbers.
Step S43: it receives single Platform Server and uses the corresponding IC card of IC card numbers in the first two-way authentication information
The first random number ciphertext in first two-way authentication information described in key pair is decrypted, the first random number after being decrypted.
Step S44: first after verifying the decryption in the first random number and the first two-way authentication information is random
When number is identical, check the download permission of the corresponding IC card of IC card numbers in the first two-way authentication information, IC card state and
IC card validity period.
In the present embodiment, it is identical with first random number to receive single Platform Server first random number after verifying decryption
When, the POS machine that confirmation uploads the first two-way authentication information is legal.It is legal in the POS machine that confirmation uploads the first two-way authentication information
Later, subsequent step is executed.
Step S45: there is downloading in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
Permission, IC card state are to have received with IC card validity period when being effective, use the IC card card in the first two-way authentication information
Second random number described in number corresponding IC card key pair is encrypted, and the second random number ciphertext is obtained.
Step S46: by the second random number ciphertext and the list Platform Server of receiving for the key to be downloaded
The POS key ciphertext that POS machine issues forms first response message.
In the present embodiment, it compared to the POS machine key downloading method shown in embodiment one, increases POS machine and receives single
The process that two-way authentication is carried out between Platform Server (receives single Platform Server confirmation and uploads the first two-way authentication information
POS machine is legal and the legal process of single Platform Server is received in POS machine confirmation) so that receiving single Platform Server prevents illegal IC card
Downloading POS machine master key prevents the single Platform Server of illegal counterfeit receipts from stealing POS machine number to crack encryption data and POS machine
According to reaching prevents POS machine master key and operation data to be trapped the safety requirements for cracking and distorting.
In the present embodiment, when mistake occurs for any one step in above-mentioned steps, error code and mistake letter are prompted
Breath.
Embodiment three
It can also include executing inspection process flow in the POS machine key downloading method shown in embodiment one, wherein patrol
The process of inspection process flow refers to Fig. 5, may comprise steps of:
Step S51: it after prompt City Operation Manager inputs inspection action, receives in the inspection work of City Operation Manager's input
Hold.
Step S52: after prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received.
Step S53: in prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detect with it is described to
The connected card of the POS machine of downloading key is IC medium City Operation Manager card, then acquisition is connected with the POS machine of the key to be downloaded
The IC card key of IC medium City Operation Manager card.
Step S54: generating third random number and the 4th random number, and with being connected with the POS machine of the key to be downloaded
Third random number described in the IC card key pair of IC medium City Operation Manager card encrypts, and obtains third random number ciphertext.
Step S55: after sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information is uploaded
With inspection information to the single Platform Server of the receipts, it is random that the second two-way authentication information includes at least IC card numbers, third
Number, the 4th random number and third random number ciphertext, the inspection information include City Operation Manager's input inspection action,
The terminal number of the POS machine of equipment state, trade company number and the key to be downloaded that the City Operation Manager inputs.
Step S56: receiving second response message receiving single Platform Server and sending, and second response message includes
4th random number ciphertext.
Step S57: the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded
The 4th random number ciphertext is decrypted, the 4th random number after being decrypted.
Step S58: it is whether identical that the 4th random number and the 4th random number after the decryption are verified.
If so, executing step S59.
In the present embodiment, whether identical by the 4th random number after verifying decryption and the 4th random number, to confirm
Whether legal receive single Platform Server, when the 4th random number is identical with the 4th random number after verifying decryption, confirmation is received single
Platform Server is legal, and after the single Platform Server of confirmation receipts is legal, executes subsequent step.
Step S59: printing inspection voucher.
In the present embodiment, the generating process of the second response message refers to Fig. 6, may comprise steps of:
Step S61: receive single Platform Server check corresponding trade company of the trade company number legitimacy and the terminal number pair
The legitimacy of the POS machine for the key to be downloaded answered.
Step S62: corresponding under in the legal and described terminal number that inspection result is corresponding trade company of the trade company number
Carry the POS machine of key it is legal when, receipts list Platform Server obtains described second from IC card key mapping table two-way to be recognized
Demonstrate,prove the corresponding IC card key of IC card numbers in information.
Step S63: it receives single Platform Server and uses the corresponding IC card of IC card numbers in the second two-way authentication information
Third random number ciphertext described in key pair is decrypted, third random number after being decrypted.
Step S64: when third random number is identical with the third random number after verifying the decryption, the IC card is checked
The inspection permission of the corresponding IC card of card number.
In the present embodiment, single Platform Server third random number and third random number after verifying the decryption are received
When identical, the POS machine that confirmation uploads the second two-way authentication information is legal.The POS machine of the second two-way authentication information is uploaded in confirmation
After legal, subsequent step is executed.
Step S65: when inspection result is that the corresponding IC card of the IC card numbers has inspection permission, described second is used
4th random number described in the corresponding IC card key pair of IC card numbers in two-way authentication information is encrypted, and the 4th random number is obtained
Ciphertext.
Step S66: using the 4th random number ciphertext as second response message.
In inspection process flow, receives and carried out two-way authentication between single Platform Server and POS machine, closed in confirmation both sides
When method, corresponding operation can be just executed, safety is improved.
Wherein, blocked using IC card medium City Operation Manager and carry out inspection processing, it is middle compared with the prior art to use magnet medium
City Operation Manager block carry out inspection processing, it is ensured that City Operation Manager card is hardly damaged and forges.
In the present embodiment, when mistake occurs for a certain step in inspection process flow, error code and mistake are prompted
Information.
Example IV
It is corresponding with above method embodiment, a kind of POS machine key download apparatus is present embodiments provided, Fig. 7 is referred to,
POS machine key download apparatus includes: first acquisition unit 71, the first receiving unit 72, the first decryption unit 73 and storage unit
74。
First acquisition unit 71, for obtaining IC card key, the IC card key is the point-of-sale terminal POS of key to be downloaded
The card key for the IC card medium City Operation Manager card that machine is connected.
First receiving unit 72 receives what single Platform Server was issued for the POS machine of the key to be downloaded for receiving
POS key ciphertext, the POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded
The ciphertext that is encrypted of POS machine master key.
First decryption unit 73 is obtained for being decrypted using POS key ciphertext described in the IC card key pair wait make
With POS machine master key.
Storage unit 74, for storing the POS machine master key to be used.
In the present embodiment, POS machine key download apparatus can be realized by POS machine.
In the present embodiment, the first receiving unit can specifically include: the first encryption unit, the first uploading unit and first
Receiving subelement.
First encryption unit, for generating the first random number and the second random number, and the described in the IC card key pair
One random number is encrypted, and the first random number ciphertext is obtained.
First uploading unit, for uploading first after sending downloading master key request to the single Platform Server of the receipts
Two-way authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, first with
Machine number, the second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium operation warp of the IC card key
Manage the card number of card.
First receiving subelement, the first response message sent for receiving the single Platform Server of the receipts, described first
Response message includes that the second random number ciphertext and the list Platform Server of receiving are issued for the POS machine of the key to be downloaded
POS key ciphertext.
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table
The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information
The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information,
Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective
Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information
Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext form first response message.
In the present embodiment, above-mentioned POS machine key download apparatus can also include: that the second decryption unit and the first verifying are single
Member.
Second decryption unit is solved for being decrypted using the second random number ciphertext described in the IC card key pair
Second random number after close.
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if
It is that the first decryption unit of triggering is decrypted using POS key ciphertext described in the IC card key pair.
In the present embodiment, above-mentioned POS machine key download apparatus can also include: the first prompt unit, in the POS machine
When mistake occurs for any one step in key downloading method, error code and error message are prompted.
In the present embodiment, the POS machine key download apparatus shown in Fig. 7 can also include: that the second receiving unit, third connect
Receive unit, second acquisition unit, the second encryption unit, the second uploading unit, the 4th receiving unit, third decryption unit and second
Authentication unit.
Second receiving unit, for receiving City Operation Manager's input after prompt City Operation Manager inputs inspection action
Inspection action.
Third receiving unit, for receiving the equipment of City Operation Manager's input after prompt City Operation Manager inputs equipment state
State.
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detecting
It is IC medium City Operation Manager card to the card being connected with the POS machine of the key to be downloaded, then obtains and the key to be downloaded
The IC card key of the connected IC medium City Operation Manager card of POS machine.
Second encryption unit, for generating third random number and the 4th random number, and with the POS with the key to be downloaded
Third random number described in the IC card key pair of the connected IC medium City Operation Manager card of machine encrypts, and it is close to obtain third random number
Text.
Second uploading unit, for uploading second pair after sending inspection transaction request to the single Platform Server of the receipts
To authentication information and inspection information to the single Platform Server of the receipts, it includes IC card card that the second two-way authentication information, which executes,
Number, third random number, the 4th random number and third random number ciphertext, the inspection information includes patrolling for City Operation Manager's input
Examine the terminal number of the POS machine of action, the equipment state of City Operation Manager input, trade company number and the key to be downloaded.
4th receiving unit, for receiving second response message receiving single Platform Server and sending, described second is answered
Answering message includes the 4th random number ciphertext.
Third decryption unit, for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block
4th random number ciphertext described in IC card key pair is decrypted, the 4th random number after being decrypted.
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if
It is to print inspection voucher.
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding
The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number
POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table
The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information
The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding
IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used
4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
It can also include: the second prompt unit in above-mentioned POS machine key download apparatus, in inspection process flow
In a certain step when mistake occurs, prompt error code and error message.
Embodiment five
In the present embodiment, a kind of POS machine key download system is provided, Fig. 8, POS machine key download system are referred to
Include: IC card medium City Operation Manager card 81, receive single Platform Server 82 and POS machine key download apparatus 83.
The specific structure of POS machine key download apparatus 83 refers to the POS machine key download apparatus shown in example IV,
This is repeated no more.
IC card medium City Operation Manager card is stored with IC card key.
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS is close
Key ciphertext is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to it is described to
Download the ciphertext that POS machine master key assigned by the POS machine of key is encrypted.
It should be noted that it is close to receive the POS key that single Platform Server is issued for the POS machine of different keys to be downloaded
It is literary different.
In the present embodiment, receiving single Platform Server includes: the 5th receiving unit, third acquiring unit, the 4th decryption list
Member, the first inspection unit, third encryption unit, component units, the second inspection unit, the 4th acquiring unit, the 5th decryption unit,
Third inspection unit, the 4th encryption unit and determination unit.
Wherein, the 5th receiving unit, third acquiring unit, the 4th decryption unit, the first inspection unit, third encryption unit
With component units for generating the first response message.
Second inspection unit, the 4th acquiring unit, the 5th decryption unit, third inspection unit, the 4th encryption unit and really
Order member is for generating the second response message.
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus.
Third acquiring unit, for from the IC card card obtained in IC card key mapping table in the first two-way authentication information
Number corresponding IC card key.
4th decryption unit, for using the corresponding IC card key pair of IC card numbers in the first two-way authentication information
The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted.
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information
When first random number is identical, download permission, the IC of the corresponding IC card of IC card numbers in the first two-way authentication information are checked
Card-like state and IC card validity period.
Third encryption unit, for being the corresponding IC of IC card numbers in the first two-way authentication information in inspection result
It is to have received with IC card validity period when being effective that card, which has download permission, IC card state, using in the first two-way authentication information
The corresponding IC card key pair of IC card numbers described in the second random number encrypted, obtain the second random number ciphertext.
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the key to be downloaded
The POS key ciphertext that POS machine issues forms the first response message.
Second inspection unit, legitimacy and the terminal number for checking corresponding trade company of the trade company number it is corresponding to
Download the legitimacy of the POS machine of key.
4th acquiring unit, in the legal and described terminal number pair that inspection result is corresponding trade company of the trade company number
The POS machine for the key to be downloaded answered it is legal when, the single Platform Server of the receipts obtains described the from IC card key mapping table
The corresponding IC card key of IC card numbers in two two-way authentication information.
5th decryption unit, for using the corresponding IC card key pair of IC card numbers in the second two-way authentication information
The third random number ciphertext is decrypted, third random number after being decrypted.
Third inspection unit, for examining when third random number is identical with the third random number after verifying the decryption
Look into the inspection permission of the corresponding IC card of the IC card numbers.
4th encryption unit, for making when inspection result is that the corresponding IC card of the IC card numbers has inspection permission
The 4th random number described in the corresponding IC card key pair of the IC card numbers in the second two-way authentication information is encrypted, and is obtained
4th random number ciphertext.
Determination unit, for using the 4th random number ciphertext as second response message.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight
Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
For device class embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place ginseng
See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or apparatus that includes the element.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment
Method described in part.
A kind of POS machine key downloading method provided herein, apparatus and system are described in detail above, this
Specific case is applied in text, and the principle and implementation of this application are described, the explanation of above example is only intended to
Help understands the present processes and its core concept;At the same time, for those skilled in the art, the think of according to the application
Think, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as pair
The limitation of the application.
Claims (12)
1. a kind of POS machine key downloading method characterized by comprising
Obtain IC card key, the IC card medium operation that the IC card key is connected by the point-of-sale terminal POS machine of key to be downloaded
Handle the card key of card;
It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, the POS key
Ciphertext is to use the IC card key, and POS machine master key assigned by the POS machine to the key to be downloaded encrypt
The ciphertext arrived;
It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;
Store the POS machine master key to be used;
It is described to receive the process for receiving the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, packet
It includes:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted, and is obtained
First random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, it is single to the receipts to upload the first two-way authentication information
Platform Server, the first two-way authentication information include at least IC card numbers, the first random number, the second random number and first with
Machine number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes that the second random number is close
The literary and described POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table
Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information
The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check
Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective
Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext forms first response message.
2. the method according to claim 1, wherein being answered in receive the single Platform Server transmission of the receipts first
After answering message, before being decrypted using POS key ciphertext described in the IC card key pair, further includes:
It is decrypted using the second random number ciphertext described in the IC card key pair, the second random number after being decrypted;
Whether identical verify the second random number and second random number after the decryption;
If so, executing the step of being decrypted using POS key ciphertext described in the IC card key pair.
3. according to the method described in claim 2, it is characterized by further comprising:
When mistake occurs for any one step in the POS machine key downloading method, error code and error message are prompted.
4. the method according to claim 1, wherein further include: execute inspection process flow;
The inspection process flow includes:
After prompt City Operation Manager inputs inspection action, the inspection action of City Operation Manager's input is received;
After prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received;
In prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detecting and the key to be downloaded
The connected card of POS machine is IC medium City Operation Manager card, then obtains the IC medium operation being connected with the POS machine of the key to be downloaded
Handle the IC card key of card;
Third random number and the 4th random number are generated, and is passed through with the IC medium operation being connected with the POS machine of the key to be downloaded
It manages third random number described in the IC card key pair of card to be encrypted, obtains third random number ciphertext;
After sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information and inspection information are uploaded extremely
The single Platform Server of the receipts, the second two-way authentication information include at least IC card numbers, third random number, the 4th random number
With third random number ciphertext, the inspection information includes the inspection action of City Operation Manager's input, the City Operation Manager
The terminal number of the POS machine of the equipment state of input, trade company number and the key to be downloaded;
Second response message receiving single Platform Server and sending is received, second response message includes that the 4th random number is close
Text;
4th is random described in the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded
Number ciphertext is decrypted, the 4th random number after being decrypted;
Whether identical verify the 4th random number and the 4th random number after the decryption;
If so, printing inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding under
Carry the legitimacy of the POS machine of key;
In the POS machine for the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number
It is legal when, the single Platform Server of the receipts is from the IC card obtained in the second two-way authentication information in IC card key mapping table
The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the second two-way authentication information
It states third random number ciphertext to be decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, the corresponding IC of the IC card numbers is checked
The inspection permission of card;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, the second two-way authentication information is used
In the corresponding IC card key pair of IC card numbers described in the 4th random number encrypted, obtain the 4th random number ciphertext;
Using the 4th random number ciphertext as second response message.
5. according to the method described in claim 4, it is characterized in that, mistake occurs for a certain step in inspection process flow
When, prompt error code and error message.
6. a kind of POS machine key download apparatus characterized by comprising
First acquisition unit, for obtaining IC card key, the IC card key for key to be downloaded company of point-of-sale terminal POS machine institute
The card key of the IC card medium City Operation Manager card connect;
First receiving unit, for receiving the POS key receiving single Platform Server and issuing for the POS machine of the key to be downloaded
Ciphertext, the POS key ciphertext are to use the IC card key, POS machine assigned by the POS machine to the key to be downloaded
The ciphertext that master key is encrypted;
First decryption unit obtains POS to be used for being decrypted using POS key ciphertext described in the IC card key pair
Owner's key;
Storage unit, for storing the POS machine master key to be used;
First receiving unit includes:
First encryption unit, for generating the first random number and the second random number, and described in the IC card key pair first with
Machine number is encrypted, and the first random number ciphertext is obtained;
First uploading unit, for it is two-way to upload first after sending downloading master key request to the single Platform Server of the receipts
Authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, the first random number,
Second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium City Operation Manager card of the IC card key
Card number;
First receiving subelement, for receiving first response message receiving single Platform Server and sending, first response
Message includes the second random number ciphertext and the POS for receiving single Platform Server and issuing for the POS machine of the key to be downloaded
Key ciphertext;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table
Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information
The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check
Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective
Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext forms first response message.
7. device according to claim 6, which is characterized in that further include:
Second decryption unit, for being decrypted using the second random number ciphertext described in the IC card key pair, after obtaining decryption
Second random number;
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if so, touching
The first decryption unit is sent out to be decrypted using POS key ciphertext described in the IC card key pair.
8. device according to claim 7, which is characterized in that further include:
First prompt unit when mistake occurs for any one step in the POS machine key downloading method, prompts error code
And error message.
9. device according to claim 6, which is characterized in that further include:
Second receiving unit, for receiving the inspection of City Operation Manager's input after prompt City Operation Manager inputs inspection action
Action;
Third receiving unit, for receiving the equipment state of City Operation Manager's input after prompt City Operation Manager inputs equipment state;
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detect and
The connected card of the POS machine of the key to be downloaded is IC medium City Operation Manager card, then obtains the POS machine with the key to be downloaded
The IC card key of connected IC medium City Operation Manager card;
Second encryption unit, for generating third random number and the 4th random number, and with the POS machine phase with the key to be downloaded
Third random number described in the IC card key pair of IC medium City Operation Manager card even encrypts, and obtains third random number ciphertext;
Second uploading unit, for after sending inspection transaction request to the single Platform Server of the receipts, upload second is two-way to be recognized
Information and inspection information are demonstrate,proved to the single Platform Server of receipts, the second two-way authentication information is including at least IC card numbers, the
Three random numbers, the 4th random number and third random number ciphertext, the inspection information include the patrol worker of City Operation Manager's input
Make the terminal number of the POS machine of content, the equipment state of City Operation Manager input, trade company number and the key to be downloaded;
4th receiving unit, for receiving second response message receiving single Platform Server and sending, the second response report
Text includes the 4th random number ciphertext;
Third decryption unit, the IC card for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block
4th random number ciphertext described in key pair is decrypted, the 4th random number after being decrypted;
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if so, beating
Print inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding under
Carry the legitimacy of the POS machine of key;
In the POS machine for the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number
It is legal when, the single Platform Server of the receipts is from the IC card obtained in the second two-way authentication information in IC card key mapping table
The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the second two-way authentication information
It states third random number ciphertext to be decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, the corresponding IC of the IC card numbers is checked
The inspection permission of card;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, the second two-way authentication information is used
In the corresponding IC card key pair of IC card numbers described in the 4th random number encrypted, obtain the 4th random number ciphertext;
Using the 4th random number ciphertext as second response message.
10. device according to claim 9, which is characterized in that further include:
Second prompt unit when mistake occurs for a certain step in inspection process flow, prompts error code and mistake
Information.
11. a kind of POS machine key download system, which is characterized in that including IC card medium City Operation Manager card, receive single Platform Server
With the POS machine key download apparatus as described in claim 6-10 any one;
The IC card medium City Operation Manager card is stored with IC card key;
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS key is close
Text is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to the key to be downloaded
POS machine assigned by the ciphertext that is encrypted of POS machine master key;
It is described to receive the process for receiving the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, packet
It includes:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted, and is obtained
First random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, it is single to the receipts to upload the first two-way authentication information
Platform Server, the first two-way authentication information include at least IC card numbers, the first random number, the second random number and first with
Machine number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes that the second random number is close
The literary and described POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table
Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information
The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check
Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information
It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective
Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded
POS key ciphertext forms first response message.
12. system according to claim 11, which is characterized in that the single Platform Server of the receipts includes:
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus;
Third acquiring unit, for from the IC card numbers pair obtained in IC card key mapping table in the first two-way authentication information
The IC card key answered;
4th decryption unit, for using described in the corresponding IC card key pair of IC card numbers in the first two-way authentication information
The first random number ciphertext in first two-way authentication information is decrypted, the first random number after being decrypted;
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information first
When random number is identical, download permission, the IC card shape of the corresponding IC card of IC card numbers in the first two-way authentication information are checked
State and IC card validity period;
Third encryption unit, for being that the corresponding IC card of IC card numbers in the first two-way authentication information has in inspection result
Download permission, IC card state are to have received with IC card validity period when being effective, use the IC in the first two-way authentication information
Second random number described in the corresponding IC card key pair of card card number is encrypted, and the second random number ciphertext is obtained;
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the POS of the key to be downloaded
The POS key ciphertext that machine issues forms the first response message;
Second inspection unit, the corresponding key to be downloaded of legitimacy and the terminal number for checking corresponding trade company of trade company number
POS machine legitimacy;
4th acquiring unit, for corresponding in the legal and described terminal number that inspection result is corresponding trade company of the trade company number
The POS machine of key to be downloaded it is legal when, the single Platform Server of the receipts obtains second from IC card key mapping table two-way to be recognized
Demonstrate,prove the corresponding IC card key of IC card numbers in information;
5th decryption unit, for using the corresponding IC card key pair third of IC card numbers in the second two-way authentication information
Random number ciphertext is decrypted, third random number after being decrypted;
Third inspection unit, for checking institute when third random number is identical with the third random number after verifying the decryption
State the inspection permission of the corresponding IC card of IC card numbers;
4th encryption unit, for using institute when inspection result is that the corresponding IC card of the IC card numbers has inspection permission
It states corresponding the 4th random number of IC card key pair of the IC card numbers in the second two-way authentication information to be encrypted, it is random to obtain the 4th
Number ciphertext;
Determination unit, for using the 4th random number ciphertext as the second response message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610243644.2A CN105978856B (en) | 2016-04-18 | 2016-04-18 | A kind of POS machine key downloading method, apparatus and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610243644.2A CN105978856B (en) | 2016-04-18 | 2016-04-18 | A kind of POS machine key downloading method, apparatus and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105978856A CN105978856A (en) | 2016-09-28 |
CN105978856B true CN105978856B (en) | 2019-01-25 |
Family
ID=56993233
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610243644.2A Active CN105978856B (en) | 2016-04-18 | 2016-04-18 | A kind of POS machine key downloading method, apparatus and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105978856B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106712939A (en) * | 2016-12-27 | 2017-05-24 | 百富计算机技术(深圳)有限公司 | Offline key transmission method and device |
CN107466455B (en) * | 2017-03-15 | 2021-05-04 | 深圳大趋智能科技有限公司 | POS machine security verification method and device |
WO2019023979A1 (en) * | 2017-08-02 | 2019-02-07 | 福建联迪商用设备有限公司 | Method for generating configurable pos machine secret key pair, and storage medium |
WO2019178760A1 (en) * | 2018-03-21 | 2019-09-26 | 福建联迪商用设备有限公司 | Method for transmitting key and pos terminal |
CN109309567A (en) * | 2018-09-04 | 2019-02-05 | 福建联迪商用设备有限公司 | A kind of method and system for transmitting key |
CN110430052B (en) * | 2019-08-05 | 2023-01-31 | 中国工商银行股份有限公司 | POS key online filling method and device |
CN112532567A (en) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | Transaction encryption method and POSP system |
CN110782544A (en) * | 2019-10-24 | 2020-02-11 | 青岛英泰软件技术有限公司 | POS machine inspection method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
CN103701812A (en) * | 2013-03-15 | 2014-04-02 | 福建联迪商用设备有限公司 | TMK (Terminal Master Key) secure downloading method and system |
-
2016
- 2016-04-18 CN CN201610243644.2A patent/CN105978856B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101930644A (en) * | 2009-06-25 | 2010-12-29 | 中国银联股份有限公司 | Method for safely downloading master key automatically in bank card payment system and system thereof |
CN101593389A (en) * | 2009-07-01 | 2009-12-02 | 中国建设银行股份有限公司 | A kind of key management method and system that is used for the POS terminal |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
CN103701812A (en) * | 2013-03-15 | 2014-04-02 | 福建联迪商用设备有限公司 | TMK (Terminal Master Key) secure downloading method and system |
CN103714641A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Security downloading method and system of TMK |
Also Published As
Publication number | Publication date |
---|---|
CN105978856A (en) | 2016-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105978856B (en) | A kind of POS machine key downloading method, apparatus and system | |
US11853987B2 (en) | System and method for secure communication in a retail environment | |
CN103714633B (en) | A kind of method of safe generating transmission key and POS terminal | |
US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
CN106656488B (en) | Key downloading method and device for POS terminal | |
CN100496025C (en) | Ternary equal identification based reliable network access control method | |
US7720769B1 (en) | Card activated cash dispensing automated banking machine system and method | |
US7904713B1 (en) | Card activated cash dispensing automated banking machine system and method | |
EP2780854A2 (en) | A smart card reader with a secure logging feature | |
CN101494541B (en) | System and method for implementing security protection of PIN code | |
CN106233342B (en) | Automatic trading apparatus and automated trading system | |
EP1081891A2 (en) | Autokey initialization of cryptographic devices | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
CN103914774A (en) | O2O safety payment method and system | |
WO2022227648A1 (en) | Control method and apparatus for intelligent vending cabinet, electronic device, and storage medium | |
CN110401613A (en) | A kind of authentication management method and relevant device | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
US7110986B1 (en) | Automated banking machine system and method | |
JP4372919B2 (en) | Automatic cash transaction apparatus and method | |
EP3051476B1 (en) | Authority trusted secure system component | |
CN109889489A (en) | It is a kind of for carrying out the method and system of online or offline secure transmission to invoice data | |
CN103220139B (en) | The management method of the condom password of ATM and system | |
CN107395600A (en) | Business datum verification method, service platform and mobile terminal | |
CN100390699C (en) | Right identification method using plug-in device and system applying the method | |
CN116091190A (en) | Bank physical management method, device and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |