CN105978856B - A kind of POS machine key downloading method, apparatus and system - Google Patents

A kind of POS machine key downloading method, apparatus and system Download PDF

Info

Publication number
CN105978856B
CN105978856B CN201610243644.2A CN201610243644A CN105978856B CN 105978856 B CN105978856 B CN 105978856B CN 201610243644 A CN201610243644 A CN 201610243644A CN 105978856 B CN105978856 B CN 105978856B
Authority
CN
China
Prior art keywords
card
key
random number
ciphertext
pos machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610243644.2A
Other languages
Chinese (zh)
Other versions
CN105978856A (en
Inventor
薛光宇
苏小泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Accompany Payment Co Ltd
Original Assignee
Accompany Payment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Accompany Payment Co Ltd filed Critical Accompany Payment Co Ltd
Priority to CN201610243644.2A priority Critical patent/CN105978856B/en
Publication of CN105978856A publication Critical patent/CN105978856A/en
Application granted granted Critical
Publication of CN105978856B publication Critical patent/CN105978856B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • G07G1/14Systems including one or more distant stations co-operating with a central processing unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

This application provides a kind of POS machine key downloading method, apparatus and system, POS machine key downloading method includes: to obtain IC card key;It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded;It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;Store the POS machine master key to be used.In this application, since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to the mode of the POS machine of key to be downloaded compared in such a way that serial ports transmits plaintext from the single Platform Server of receipts, POS machine master key is not easy to be trapped in downloading process, therefore improves the safety of POS machine master key downloading.

Description

A kind of POS machine key downloading method, apparatus and system
Technical field
This application involves POS machine key downloading field, in particular to a kind of POS machine key downloading method, apparatus and system.
Background technique
With the raising of level of mass consumption, POS (point of sale, point-of-sale terminal) machine is widely used, so that with Family is no longer limited to cash when doing shopping and pays a bill, but uses to swipe the card and pay a bill.
Wherein, POS machine needs to have terminal key, to guarantee the safety of transaction.The key of POS machine includes POS machine master Key and working key, working key are the data encryption key of bottom (for preventing terminal transmission information from distorting and protecting use Family bank card password).Since working key is completed to update by online transaction of registering, POS machine master key is used in renewal process Encryption and decryption is carried out to ensure safety, therefore POS machine master key needs downloading in advance.
Currently, the downloading mode of POS machine master key are as follows: female POS downloads each POS machine from single Platform Server batch is received POS machine master key, then the POS machine master key of each POS machine is decrypted in mother POS, will be each after decryption by serial ports POS machine master key is transferred to corresponding POS machine.Since the POS machine master key transmitted by serial ports is plaintext, it is easy to be gone here and there Mouth reading data tool is intercepted and captured, and POS machine master key is caused to be easy leakage in downloading process, and safety is poor.
Summary of the invention
In order to solve the above technical problems, the embodiment of the present application provides a kind of POS machine key downloading method, apparatus and system, To achieve the purpose that improve the safety of POS machine master key downloading, technical solution is as follows:
A kind of POS machine key downloading method, comprising:
Obtain IC card key, the IC card medium that the IC card key is connected by the point-of-sale terminal POS machine of key to be downloaded The card key of City Operation Manager's card;
It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, the POS Key ciphertext is to use the IC card key, and POS machine master key assigned by the POS machine to the key to be downloaded adds Close obtained ciphertext;
It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;
Store the POS machine master key to be used.
Preferably, the POS key ciphertext for receiving that the POS machine that single Platform Server is directed to the key to be downloaded issues is received Process, comprising:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted, Obtain the first random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, the first two-way authentication information is uploaded to described Receive single Platform Server, the first two-way authentication information includes at least IC card numbers, the first random number, the second random number and the One random number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes second random Number ciphertext and the POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext form first response message.
Preferably, close using the IC card after receiving first response message for receiving single Platform Server transmission Before the POS key ciphertext is decrypted in key, further includes:
It is decrypted using the second random number ciphertext described in the IC card key pair, the second random number after being decrypted;
Whether identical verify the second random number and second random number after the decryption;
If so, executing the step of being decrypted using POS key ciphertext described in the IC card key pair.
Preferably, further includes:
When mistake occurs for any one step in the POS machine key downloading method, error code and mistake letter are prompted Breath.
Preferably, further includes: execute inspection process flow;
The inspection process flow includes:
After prompt City Operation Manager inputs inspection action, the inspection action of City Operation Manager's input is received;
After prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received;
In prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detecting and the key to be downloaded The connected card of POS machine be that IC medium City Operation Manager blocks, then obtain the IC medium being connected with the POS machine of the key to be downloaded and transport The IC card key of battalion's manager's card;
Third random number and the 4th random number are generated, and is transported with the IC medium being connected with the POS machine of the key to be downloaded Third random number described in the IC card key pair of battalion's manager's card is encrypted, and third random number ciphertext is obtained;
After sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information and inspection letter are uploaded Breath to the single Platform Server of receipts, the second two-way authentication information including at least IC card numbers, third random number, the 4th with Machine number and third random number ciphertext, the inspection information include inspection action, the operation of City Operation Manager's input Handle the terminal number of the POS machine of the equipment state inputted, trade company number and the key to be downloaded;
Second response message receiving single Platform Server and sending is received, second response message includes the 4th random Number ciphertext;
4th described in the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded Random number ciphertext is decrypted, the 4th random number after being decrypted;
Whether identical verify the 4th random number and the 4th random number after the decryption;
If so, printing inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used 4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
Preferably, when mistake occurs for a certain step in inspection process flow, error code and error message are prompted.
A kind of POS machine key download apparatus, comprising:
First acquisition unit, for obtaining IC card key, the IC card key is the point-of-sale terminal POS machine of key to be downloaded The card key of the IC card medium City Operation Manager card connected;
First receiving unit, for receiving the POS for receiving single Platform Server and issuing for the POS machine of the key to be downloaded Key ciphertext, the POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded The ciphertext that POS machine master key is encrypted;
First decryption unit is obtained to be used for being decrypted using POS key ciphertext described in the IC card key pair POS machine master key;
Storage unit, for storing the POS machine master key to be used.
Preferably, first receiving unit includes:
First encryption unit, for generating the first random number and the second random number, and the described in the IC card key pair One random number is encrypted, and the first random number ciphertext is obtained;
First uploading unit, for uploading first after sending downloading master key request to the single Platform Server of the receipts Two-way authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, first with Machine number, the second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium operation warp of the IC card key Manage the card number of card;
First receiving subelement, the first response message sent for receiving the single Platform Server of the receipts, described first Response message includes that the second random number ciphertext and the list Platform Server of receiving are issued for the POS machine of the key to be downloaded POS key ciphertext;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext form first response message.
Preferably, further includes:
Second decryption unit is solved for being decrypted using the second random number ciphertext described in the IC card key pair Second random number after close;
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if It is that the first decryption unit of triggering is decrypted using POS key ciphertext described in the IC card key pair.
Preferably, further includes:
First prompt unit when mistake occurs for any one step in the POS machine key downloading method, prompts mistake Code and error message.
Preferably, further includes:
Second receiving unit, for receiving City Operation Manager's input after prompt City Operation Manager inputs inspection action Inspection action;
Third receiving unit, for receiving the equipment of City Operation Manager's input after prompt City Operation Manager inputs equipment state State;
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detecting It is IC medium City Operation Manager card to the card being connected with the POS machine of the key to be downloaded, then obtains and the key to be downloaded The IC card key of the connected IC medium City Operation Manager card of POS machine;
Second encryption unit, for generating third random number and the 4th random number, and with the POS with the key to be downloaded Third random number described in the IC card key pair of the connected IC medium City Operation Manager card of machine encrypts, and it is close to obtain third random number Text;
Second uploading unit, for uploading second pair after sending inspection transaction request to the single Platform Server of the receipts To authentication information and inspection information to the single Platform Server of the receipts, the second two-way authentication information includes at least IC card card Number, third random number, the 4th random number and third random number ciphertext, the inspection information includes patrolling for City Operation Manager's input Examine the terminal number of the POS machine of action, the equipment state of City Operation Manager input, trade company number and the key to be downloaded;
4th receiving unit, for receiving second response message receiving single Platform Server and sending, described second is answered Answering message includes the 4th random number ciphertext;
Third decryption unit, for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block 4th random number ciphertext described in IC card key pair is decrypted, the 4th random number after being decrypted;
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if It is to print inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used 4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
Preferably, further includes:
Second prompt unit, in inspection process flow a certain step occur mistake when, prompt error code and Error message.
A kind of POS machine key download system, including the single Platform Server of IC card medium City Operation Manager card, receipts and such as above-mentioned POS machine key download apparatus described in meaning one;
The IC card medium City Operation Manager card is stored with IC card key;
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS is close Key ciphertext is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to it is described to Download the ciphertext that POS machine master key assigned by the POS machine of key is encrypted.
Preferably, the single Platform Server of the receipts includes:
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus;
Third acquiring unit, for from the IC card card obtained in IC card key mapping table in the first two-way authentication information Number corresponding IC card key;
4th decryption unit, for using the corresponding IC card key pair of IC card numbers in the first two-way authentication information The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information When first random number is identical, download permission, the IC of the corresponding IC card of IC card numbers in the first two-way authentication information are checked Card-like state and IC card validity period;
Third encryption unit, for being the corresponding IC of IC card numbers in the first two-way authentication information in inspection result It is to have received with IC card validity period when being effective that card, which has download permission, IC card state, using in the first two-way authentication information The corresponding IC card key pair of IC card numbers described in the second random number encrypted, obtain the second random number ciphertext;
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the key to be downloaded The POS key ciphertext that POS machine issues forms the first response message;
Second inspection unit, legitimacy and the terminal number for checking corresponding trade company of the trade company number it is corresponding to Download the legitimacy of the POS machine of key;
4th acquiring unit, in the legal and described terminal number pair that inspection result is corresponding trade company of the trade company number The POS machine for the key to be downloaded answered it is legal when, the single Platform Server of the receipts obtains described the from IC card key mapping table The corresponding IC card key of IC card numbers in two two-way authentication information;
5th decryption unit, for using the corresponding IC card key pair of IC card numbers in the second two-way authentication information The third random number ciphertext is decrypted, third random number after being decrypted;
Third inspection unit, for examining when third random number is identical with the third random number after verifying the decryption Look into the inspection permission of the corresponding IC card of the IC card numbers;
4th encryption unit, for making when inspection result is that the corresponding IC card of the IC card numbers has inspection permission The 4th random number described in the corresponding IC card key pair of the IC card numbers in the second two-way authentication information is encrypted, and is obtained 4th random number ciphertext;
Determination unit, for using the 4th random number ciphertext as second response message.
Compared with prior art, the application has the beneficial effect that
In this application, the POS machine of key to be downloaded passes through directly from single Platform Server reception POS key ciphertext is received The IC card key pair POS key ciphertext got is decrypted, and obtains POS machine master key to be used, and store POS machine to be used Master key realizes the downloading of POS machine master key.
Since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to under from the single Platform Server of receipts Carry key POS machine mode compared to serial ports transmit plaintext by way of, POS machine master key be not easy in downloading process by It intercepts and captures, therefore improves the safety of POS machine master key downloading.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings His attached drawing.
Fig. 1 is a kind of flow chart of POS machine key downloading method provided by the present application;
Fig. 2 is the process schematic of generation and the storage of IC card key;
Fig. 3 is another flow chart of POS machine key downloading method provided by the present application;
Fig. 4 is a kind of sub-process figure of POS machine key downloading method provided by the present application;
Fig. 5 is another sub-process figure of POS machine key downloading method provided by the present application;
Fig. 6 is another sub-process figure of POS machine key downloading method provided by the present application;
Fig. 7 is a kind of logical construction schematic diagram of POS machine key download apparatus provided by the present application;
Fig. 8 is a kind of logical construction schematic diagram of POS machine key download system provided by the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
Embodiment one
In the present embodiment, a kind of POS machine key downloading method is provided, POS machine is applied to.
Referring to Figure 1, it illustrates a kind of flow chart of POS machine key downloading method provided by the present application, may include Following steps:
Step S11: IC card key is obtained.
In the present embodiment, the IC card medium City Operation Manager that the IC card key is connected by the POS machine of key to be downloaded The card key of card.
In the present embodiment, POS machine is installed by City Operation Manager to trade company, is inserted into one in the POS machine of key to be downloaded IC card medium City Operation Manager card is opened, and is blocked using the code keyboard of the POS machine of key to be downloaded input IC card medium City Operation Manager Corresponding key IC card password, the POS machine of key to be downloaded is in the correct situation of key IC card password of verifying input, from inserting Enter in the IC card medium City Operation Manager card in the POS machine of key to be downloaded and read IC card key, to complete the acquisition of IC card key.
In the present embodiment, the generation of the IC card key of IC card medium City Operation Manager card storage and storing process are as follows: In the present embodiment, it is successively from top to down using three-level key management system in accordance with the key safety standard requirements of China Unionpay (i.e. POS machine master key and POS machine working key, POS machine master are close for master key (LMK), key exchange key (ZMK), data key Key is TMK, and POS machine working key is TPK and ZAK).Higher level's key is for encrypting junior's key, specifically: a: master key is used It is locally stored in encrypted key exchange key and data key;B: key exchange key makees network biography for encrypted data key It is defeated;C: data key is used to carry out encryption and decryption to data.Corporate operations personnel inputs LMK and ZMK into encryption equipment, and encryption equipment is raw At IC card key, encryption equipment encrypts ZMK using LMK, generates ZMK root key ciphertext, and encryption equipment uses ZMK encrypting IC card key, Generate IC card key ciphertext.IC card key ciphertext is sent to the single Platform Server of receipts by encryption equipment, receives single Platform Server for IC Card key ciphertext imports card-issuing equipment (such as female POS machine), and corporate operations personnel inputs ZMK to card-issuing equipment, and to card-issuing equipment The ZMK of input is identical with the ZMK inputted into encryption equipment, and card-issuing equipment carries out IC card key ciphertext using the ZMK received Decryption obtains IC card key, and by IC card key write-in IC card medium City Operation Manager card, as shown in Figure 2.
By corporate operations personnel (i.e. company operation administrator and cooperation machine when being stuck in distribution due to IC card medium City Operation Manager Structure administrator) to card-issuing equipment input ZMK, and when being blocked using IC card medium City Operation Manager by City Operation Manager using to be downloaded The code keyboard input IC card medium City Operation Manager of the POS machine of key blocks corresponding key IC card password, it is therefore desirable to pass through three Grade authorization could use, if any level-one authorization is obstructed and can IC card be made to fail in three-level authorization, realize IC card medium and transport The multi-stage authentication management of battalion's manager's card can meet trade company's POS machine that service cooperation quotient expands it and carry out master key downloading installation Needs.
In the present embodiment, every IC card medium City Operation Manager card only stores an IC card key.Since every IC card is situated between Matter City Operation Manager card can only use in specified POS machine, cannot use in other POS machine, so even an IC card is situated between Matter City Operation Manager, which blocks, to lose, and only will affect the downloading that seldom sub-fraction POS machine carries out master key.
In the present embodiment, since when carrying out the downloading of POS machine master key, an IC card medium City Operation Manager card is only to one A POS machine carries out the downloading of master key, therefore IC card is tightened up by the control on backstage, and safety is higher.
Wherein it is possible to the distribution of IC card medium City Operation Manager card, receive, recycle, modify, freeze/thaw, cancel offer It is managed.It can be operated by " freezing " and realize reporting the loss for IC card medium City Operation Manager card, make the IC card medium operation lost Manager's card failure, prevents IC card medium City Operation Manager card to be illegally used.
In the present embodiment, the usage record of every IC card medium City Operation Manager card can be queried to, every IC card The usage record of medium City Operation Manager card is mainly included POS terminal number, (is alerted by POS machine telephone-moving using the time, using position System obtains) and user's information, if it find that the usage record of IC card medium City Operation Manager card is abnormal, it can be to abnormal IC card Medium City Operation Manager, which blocks, carries out freeze operation, and IC card medium City Operation Manager is made to block failure.
Step S12: it receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded.
The POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded The ciphertext that POS machine master key is encrypted, as shown in Figure 2.Encryption equipment is added using IC card key pair POS machine master key It is close, POS key ciphertext is generated, POS key ciphertext is sent to the single Platform Server of receipts, it is close that the single Platform Server of receipts issues POS Key ciphertext to key to be downloaded POS machine.
In the present embodiment, since the master key of the POS machine of different keys to be downloaded is different, single platform service is received The POS key ciphertext that device is issued for the POS machine of different keys to be downloaded is different.
Step S13: being decrypted using POS key ciphertext described in the IC card key pair, and it is close to obtain POS machine master to be used Key.
Step S14: the storage POS machine master key to be used.
In this application, the POS machine of key to be downloaded passes through directly from single Platform Server reception POS key ciphertext is received The IC card key pair POS key ciphertext got is decrypted, and obtains POS machine master key to be used, and store POS machine to be used Master key realizes the downloading of POS machine master key.
Since POS key ciphertext is not easy to be cracked, and POS key ciphertext is directly transferred to under from the single Platform Server of receipts Carry key POS machine mode compared to serial ports transmit plaintext by way of, POS machine master key be not easy in downloading process by It intercepts and captures, therefore improves the safety of POS machine master key downloading.
Embodiment two
In the present embodiment, another flow chart of POS machine key downloading method provided by the present application is shown, can wrap Include following steps:
Step S31: IC card key is obtained.
Step S31 is identical as the step S11 in the POS machine key downloading method shown in embodiment one, and details are not described herein.
Step S32: generating the first random number and the second random number, and the first random number described in the IC card key pair into Row encryption, obtains the first random number ciphertext.
Step S33: after sending downloading master key request to the single Platform Server of the receipts, the first two-way authentication letter is uploaded Breath to the single Platform Server of receipts, the first two-way authentication information including at least IC card numbers, the first random number, second with Machine number and the first random number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key.
Certainly, in the present embodiment, the first two-way authentication information can also include: the corresponding IC medium operation of IC card key Handle the equipment Serial Number and key IC card password of the POS machine of sequence number, key to be downloaded in the card of card.
Step S34: receiving first response message receiving single Platform Server and sending, and first response message includes Second random number ciphertext and the POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded.
Step S32 to step S34 is to receive the single Platform Server of receipts to issue for the POS machine of the key to be downloaded The detailed process of POS key ciphertext.
Step S35: being decrypted using the second random number ciphertext described in the IC card key pair, after being decrypted second with Machine number.
Step S36: it is whether identical that the second random number and second random number after the decryption are verified.
If so, executing step S37.
In the present embodiment, whether identical by the second random number after the verifying decryption and second random number, come Whether the single Platform Server of confirmation receipts is legal, when the second random number is identical with second random number after verifying decryption, confirmation It is legal to receive single Platform Server, and after the single Platform Server of confirmation receipts is legal, executes subsequent step.
Step S37: being decrypted using POS key ciphertext described in the IC card key pair, and it is close to obtain POS machine master to be used Key.
Step S38: the storage POS machine master key to be used.
Step S37 to the step S38 and step S13 to step S14 in the POS machine key downloading method shown in embodiment one Identical, details are not described herein.
In the present embodiment, the detailed process of the first response message refers to Fig. 4, may comprise steps of:
Step S41: it receives single Platform Server and receives the first two-way authentication information.
Step S42: it receives single Platform Server and is obtained in the first two-way authentication information from IC card key mapping table The corresponding IC card key of IC card numbers.
Step S43: it receives single Platform Server and uses the corresponding IC card of IC card numbers in the first two-way authentication information The first random number ciphertext in first two-way authentication information described in key pair is decrypted, the first random number after being decrypted.
Step S44: first after verifying the decryption in the first random number and the first two-way authentication information is random When number is identical, check the download permission of the corresponding IC card of IC card numbers in the first two-way authentication information, IC card state and IC card validity period.
In the present embodiment, it is identical with first random number to receive single Platform Server first random number after verifying decryption When, the POS machine that confirmation uploads the first two-way authentication information is legal.It is legal in the POS machine that confirmation uploads the first two-way authentication information Later, subsequent step is executed.
Step S45: there is downloading in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information Permission, IC card state are to have received with IC card validity period when being effective, use the IC card card in the first two-way authentication information Second random number described in number corresponding IC card key pair is encrypted, and the second random number ciphertext is obtained.
Step S46: by the second random number ciphertext and the list Platform Server of receiving for the key to be downloaded The POS key ciphertext that POS machine issues forms first response message.
In the present embodiment, it compared to the POS machine key downloading method shown in embodiment one, increases POS machine and receives single The process that two-way authentication is carried out between Platform Server (receives single Platform Server confirmation and uploads the first two-way authentication information POS machine is legal and the legal process of single Platform Server is received in POS machine confirmation) so that receiving single Platform Server prevents illegal IC card Downloading POS machine master key prevents the single Platform Server of illegal counterfeit receipts from stealing POS machine number to crack encryption data and POS machine According to reaching prevents POS machine master key and operation data to be trapped the safety requirements for cracking and distorting.
In the present embodiment, when mistake occurs for any one step in above-mentioned steps, error code and mistake letter are prompted Breath.
Embodiment three
It can also include executing inspection process flow in the POS machine key downloading method shown in embodiment one, wherein patrol The process of inspection process flow refers to Fig. 5, may comprise steps of:
Step S51: it after prompt City Operation Manager inputs inspection action, receives in the inspection work of City Operation Manager's input Hold.
Step S52: after prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received.
Step S53: in prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detect with it is described to The connected card of the POS machine of downloading key is IC medium City Operation Manager card, then acquisition is connected with the POS machine of the key to be downloaded The IC card key of IC medium City Operation Manager card.
Step S54: generating third random number and the 4th random number, and with being connected with the POS machine of the key to be downloaded Third random number described in the IC card key pair of IC medium City Operation Manager card encrypts, and obtains third random number ciphertext.
Step S55: after sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information is uploaded With inspection information to the single Platform Server of the receipts, it is random that the second two-way authentication information includes at least IC card numbers, third Number, the 4th random number and third random number ciphertext, the inspection information include City Operation Manager's input inspection action, The terminal number of the POS machine of equipment state, trade company number and the key to be downloaded that the City Operation Manager inputs.
Step S56: receiving second response message receiving single Platform Server and sending, and second response message includes 4th random number ciphertext.
Step S57: the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded The 4th random number ciphertext is decrypted, the 4th random number after being decrypted.
Step S58: it is whether identical that the 4th random number and the 4th random number after the decryption are verified.
If so, executing step S59.
In the present embodiment, whether identical by the 4th random number after verifying decryption and the 4th random number, to confirm Whether legal receive single Platform Server, when the 4th random number is identical with the 4th random number after verifying decryption, confirmation is received single Platform Server is legal, and after the single Platform Server of confirmation receipts is legal, executes subsequent step.
Step S59: printing inspection voucher.
In the present embodiment, the generating process of the second response message refers to Fig. 6, may comprise steps of:
Step S61: receive single Platform Server check corresponding trade company of the trade company number legitimacy and the terminal number pair The legitimacy of the POS machine for the key to be downloaded answered.
Step S62: corresponding under in the legal and described terminal number that inspection result is corresponding trade company of the trade company number Carry the POS machine of key it is legal when, receipts list Platform Server obtains described second from IC card key mapping table two-way to be recognized Demonstrate,prove the corresponding IC card key of IC card numbers in information.
Step S63: it receives single Platform Server and uses the corresponding IC card of IC card numbers in the second two-way authentication information Third random number ciphertext described in key pair is decrypted, third random number after being decrypted.
Step S64: when third random number is identical with the third random number after verifying the decryption, the IC card is checked The inspection permission of the corresponding IC card of card number.
In the present embodiment, single Platform Server third random number and third random number after verifying the decryption are received When identical, the POS machine that confirmation uploads the second two-way authentication information is legal.The POS machine of the second two-way authentication information is uploaded in confirmation After legal, subsequent step is executed.
Step S65: when inspection result is that the corresponding IC card of the IC card numbers has inspection permission, described second is used 4th random number described in the corresponding IC card key pair of IC card numbers in two-way authentication information is encrypted, and the 4th random number is obtained Ciphertext.
Step S66: using the 4th random number ciphertext as second response message.
In inspection process flow, receives and carried out two-way authentication between single Platform Server and POS machine, closed in confirmation both sides When method, corresponding operation can be just executed, safety is improved.
Wherein, blocked using IC card medium City Operation Manager and carry out inspection processing, it is middle compared with the prior art to use magnet medium City Operation Manager block carry out inspection processing, it is ensured that City Operation Manager card is hardly damaged and forges.
In the present embodiment, when mistake occurs for a certain step in inspection process flow, error code and mistake are prompted Information.
Example IV
It is corresponding with above method embodiment, a kind of POS machine key download apparatus is present embodiments provided, Fig. 7 is referred to, POS machine key download apparatus includes: first acquisition unit 71, the first receiving unit 72, the first decryption unit 73 and storage unit 74。
First acquisition unit 71, for obtaining IC card key, the IC card key is the point-of-sale terminal POS of key to be downloaded The card key for the IC card medium City Operation Manager card that machine is connected.
First receiving unit 72 receives what single Platform Server was issued for the POS machine of the key to be downloaded for receiving POS key ciphertext, the POS key ciphertext is to use the IC card key, assigned by the POS machine to the key to be downloaded The ciphertext that is encrypted of POS machine master key.
First decryption unit 73 is obtained for being decrypted using POS key ciphertext described in the IC card key pair wait make With POS machine master key.
Storage unit 74, for storing the POS machine master key to be used.
In the present embodiment, POS machine key download apparatus can be realized by POS machine.
In the present embodiment, the first receiving unit can specifically include: the first encryption unit, the first uploading unit and first Receiving subelement.
First encryption unit, for generating the first random number and the second random number, and the described in the IC card key pair One random number is encrypted, and the first random number ciphertext is obtained.
First uploading unit, for uploading first after sending downloading master key request to the single Platform Server of the receipts Two-way authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, first with Machine number, the second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium operation warp of the IC card key Manage the card number of card.
First receiving subelement, the first response message sent for receiving the single Platform Server of the receipts, described first Response message includes that the second random number ciphertext and the list Platform Server of receiving are issued for the POS machine of the key to be downloaded POS key ciphertext.
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card obtained in the first two-way authentication information in IC card key mapping table The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the first two-way authentication information The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, Check that the download permission, IC card state and IC card of the corresponding IC card of IC card numbers in the first two-way authentication information are effective Phase;
There are download permission, IC card in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information State is to have received with IC card validity period when being effective, uses the corresponding IC of IC card numbers in the first two-way authentication information Card key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext form first response message.
In the present embodiment, above-mentioned POS machine key download apparatus can also include: that the second decryption unit and the first verifying are single Member.
Second decryption unit is solved for being decrypted using the second random number ciphertext described in the IC card key pair Second random number after close.
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if It is that the first decryption unit of triggering is decrypted using POS key ciphertext described in the IC card key pair.
In the present embodiment, above-mentioned POS machine key download apparatus can also include: the first prompt unit, in the POS machine When mistake occurs for any one step in key downloading method, error code and error message are prompted.
In the present embodiment, the POS machine key download apparatus shown in Fig. 7 can also include: that the second receiving unit, third connect Receive unit, second acquisition unit, the second encryption unit, the second uploading unit, the 4th receiving unit, third decryption unit and second Authentication unit.
Second receiving unit, for receiving City Operation Manager's input after prompt City Operation Manager inputs inspection action Inspection action.
Third receiving unit, for receiving the equipment of City Operation Manager's input after prompt City Operation Manager inputs equipment state State.
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detecting It is IC medium City Operation Manager card to the card being connected with the POS machine of the key to be downloaded, then obtains and the key to be downloaded The IC card key of the connected IC medium City Operation Manager card of POS machine.
Second encryption unit, for generating third random number and the 4th random number, and with the POS with the key to be downloaded Third random number described in the IC card key pair of the connected IC medium City Operation Manager card of machine encrypts, and it is close to obtain third random number Text.
Second uploading unit, for uploading second pair after sending inspection transaction request to the single Platform Server of the receipts To authentication information and inspection information to the single Platform Server of the receipts, it includes IC card card that the second two-way authentication information, which executes, Number, third random number, the 4th random number and third random number ciphertext, the inspection information includes patrolling for City Operation Manager's input Examine the terminal number of the POS machine of action, the equipment state of City Operation Manager input, trade company number and the key to be downloaded.
4th receiving unit, for receiving second response message receiving single Platform Server and sending, described second is answered Answering message includes the 4th random number ciphertext.
Third decryption unit, for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block 4th random number ciphertext described in IC card key pair is decrypted, the 4th random number after being decrypted.
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if It is to print inspection voucher.
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding The legitimacy of the POS machine of key to be downloaded;
In the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number POS machine it is legal when, the single Platform Server of the receipts obtains in the second two-way authentication information from IC card key mapping table The corresponding IC card key of IC card numbers;
The list Platform Server of receiving uses the corresponding IC card key of IC card numbers in the second two-way authentication information The third random number ciphertext is decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, check that the IC card numbers are corresponding IC card inspection permission;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, second two-way authentication is used 4th random number described in the corresponding IC card key pair of IC card numbers in information is encrypted, and the 4th random number ciphertext is obtained;
Using the 4th random number ciphertext as second response message.
It can also include: the second prompt unit in above-mentioned POS machine key download apparatus, in inspection process flow In a certain step when mistake occurs, prompt error code and error message.
Embodiment five
In the present embodiment, a kind of POS machine key download system is provided, Fig. 8, POS machine key download system are referred to Include: IC card medium City Operation Manager card 81, receive single Platform Server 82 and POS machine key download apparatus 83.
The specific structure of POS machine key download apparatus 83 refers to the POS machine key download apparatus shown in example IV, This is repeated no more.
IC card medium City Operation Manager card is stored with IC card key.
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS is close Key ciphertext is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to it is described to Download the ciphertext that POS machine master key assigned by the POS machine of key is encrypted.
It should be noted that it is close to receive the POS key that single Platform Server is issued for the POS machine of different keys to be downloaded It is literary different.
In the present embodiment, receiving single Platform Server includes: the 5th receiving unit, third acquiring unit, the 4th decryption list Member, the first inspection unit, third encryption unit, component units, the second inspection unit, the 4th acquiring unit, the 5th decryption unit, Third inspection unit, the 4th encryption unit and determination unit.
Wherein, the 5th receiving unit, third acquiring unit, the 4th decryption unit, the first inspection unit, third encryption unit With component units for generating the first response message.
Second inspection unit, the 4th acquiring unit, the 5th decryption unit, third inspection unit, the 4th encryption unit and really Order member is for generating the second response message.
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus.
Third acquiring unit, for from the IC card card obtained in IC card key mapping table in the first two-way authentication information Number corresponding IC card key.
4th decryption unit, for using the corresponding IC card key pair of IC card numbers in the first two-way authentication information The first random number ciphertext in the first two-way authentication information is decrypted, the first random number after being decrypted.
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information When first random number is identical, download permission, the IC of the corresponding IC card of IC card numbers in the first two-way authentication information are checked Card-like state and IC card validity period.
Third encryption unit, for being the corresponding IC of IC card numbers in the first two-way authentication information in inspection result It is to have received with IC card validity period when being effective that card, which has download permission, IC card state, using in the first two-way authentication information The corresponding IC card key pair of IC card numbers described in the second random number encrypted, obtain the second random number ciphertext.
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the key to be downloaded The POS key ciphertext that POS machine issues forms the first response message.
Second inspection unit, legitimacy and the terminal number for checking corresponding trade company of the trade company number it is corresponding to Download the legitimacy of the POS machine of key.
4th acquiring unit, in the legal and described terminal number pair that inspection result is corresponding trade company of the trade company number The POS machine for the key to be downloaded answered it is legal when, the single Platform Server of the receipts obtains described the from IC card key mapping table The corresponding IC card key of IC card numbers in two two-way authentication information.
5th decryption unit, for using the corresponding IC card key pair of IC card numbers in the second two-way authentication information The third random number ciphertext is decrypted, third random number after being decrypted.
Third inspection unit, for examining when third random number is identical with the third random number after verifying the decryption Look into the inspection permission of the corresponding IC card of the IC card numbers.
4th encryption unit, for making when inspection result is that the corresponding IC card of the IC card numbers has inspection permission The 4th random number described in the corresponding IC card key pair of the IC card numbers in the second two-way authentication information is encrypted, and is obtained 4th random number ciphertext.
Determination unit, for using the 4th random number ciphertext as second response message.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other. For device class embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place ginseng See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or apparatus that includes the element.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment Method described in part.
A kind of POS machine key downloading method provided herein, apparatus and system are described in detail above, this Specific case is applied in text, and the principle and implementation of this application are described, the explanation of above example is only intended to Help understands the present processes and its core concept;At the same time, for those skilled in the art, the think of according to the application Think, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as pair The limitation of the application.

Claims (12)

1. a kind of POS machine key downloading method characterized by comprising
Obtain IC card key, the IC card medium operation that the IC card key is connected by the point-of-sale terminal POS machine of key to be downloaded Handle the card key of card;
It receives and receives the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, the POS key Ciphertext is to use the IC card key, and POS machine master key assigned by the POS machine to the key to be downloaded encrypt The ciphertext arrived;
It is decrypted using POS key ciphertext described in the IC card key pair, obtains POS machine master key to be used;
Store the POS machine master key to be used;
It is described to receive the process for receiving the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, packet It includes:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted, and is obtained First random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, it is single to the receipts to upload the first two-way authentication information Platform Server, the first two-way authentication information include at least IC card numbers, the first random number, the second random number and first with Machine number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes that the second random number is close The literary and described POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext forms first response message.
2. the method according to claim 1, wherein being answered in receive the single Platform Server transmission of the receipts first After answering message, before being decrypted using POS key ciphertext described in the IC card key pair, further includes:
It is decrypted using the second random number ciphertext described in the IC card key pair, the second random number after being decrypted;
Whether identical verify the second random number and second random number after the decryption;
If so, executing the step of being decrypted using POS key ciphertext described in the IC card key pair.
3. according to the method described in claim 2, it is characterized by further comprising:
When mistake occurs for any one step in the POS machine key downloading method, error code and error message are prompted.
4. the method according to claim 1, wherein further include: execute inspection process flow;
The inspection process flow includes:
After prompt City Operation Manager inputs inspection action, the inspection action of City Operation Manager's input is received;
After prompt City Operation Manager inputs equipment state, the equipment state of City Operation Manager's input is received;
In prompt City Operation Manager's plug-in card or after swiping the card or inputting City Operation Manager's card number, if detecting and the key to be downloaded The connected card of POS machine is IC medium City Operation Manager card, then obtains the IC medium operation being connected with the POS machine of the key to be downloaded Handle the IC card key of card;
Third random number and the 4th random number are generated, and is passed through with the IC medium operation being connected with the POS machine of the key to be downloaded It manages third random number described in the IC card key pair of card to be encrypted, obtains third random number ciphertext;
After sending inspection transaction request to the single Platform Server of the receipts, the second two-way authentication information and inspection information are uploaded extremely The single Platform Server of the receipts, the second two-way authentication information include at least IC card numbers, third random number, the 4th random number With third random number ciphertext, the inspection information includes the inspection action of City Operation Manager's input, the City Operation Manager The terminal number of the POS machine of the equipment state of input, trade company number and the key to be downloaded;
Second response message receiving single Platform Server and sending is received, second response message includes that the 4th random number is close Text;
4th is random described in the IC card key pair blocked using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded Number ciphertext is decrypted, the 4th random number after being decrypted;
Whether identical verify the 4th random number and the 4th random number after the decryption;
If so, printing inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding under Carry the legitimacy of the POS machine of key;
In the POS machine for the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number It is legal when, the single Platform Server of the receipts is from the IC card obtained in the second two-way authentication information in IC card key mapping table The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the second two-way authentication information It states third random number ciphertext to be decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, the corresponding IC of the IC card numbers is checked The inspection permission of card;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, the second two-way authentication information is used In the corresponding IC card key pair of IC card numbers described in the 4th random number encrypted, obtain the 4th random number ciphertext;
Using the 4th random number ciphertext as second response message.
5. according to the method described in claim 4, it is characterized in that, mistake occurs for a certain step in inspection process flow When, prompt error code and error message.
6. a kind of POS machine key download apparatus characterized by comprising
First acquisition unit, for obtaining IC card key, the IC card key for key to be downloaded company of point-of-sale terminal POS machine institute The card key of the IC card medium City Operation Manager card connect;
First receiving unit, for receiving the POS key receiving single Platform Server and issuing for the POS machine of the key to be downloaded Ciphertext, the POS key ciphertext are to use the IC card key, POS machine assigned by the POS machine to the key to be downloaded The ciphertext that master key is encrypted;
First decryption unit obtains POS to be used for being decrypted using POS key ciphertext described in the IC card key pair Owner's key;
Storage unit, for storing the POS machine master key to be used;
First receiving unit includes:
First encryption unit, for generating the first random number and the second random number, and described in the IC card key pair first with Machine number is encrypted, and the first random number ciphertext is obtained;
First uploading unit, for it is two-way to upload first after sending downloading master key request to the single Platform Server of the receipts Authentication information to the single Platform Server of the receipts, the first two-way authentication information include at least IC card numbers, the first random number, Second random number and the first random number ciphertext, the IC card numbers are the corresponding IC medium City Operation Manager card of the IC card key Card number;
First receiving subelement, for receiving first response message receiving single Platform Server and sending, first response Message includes the second random number ciphertext and the POS for receiving single Platform Server and issuing for the POS machine of the key to be downloaded Key ciphertext;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext forms first response message.
7. device according to claim 6, which is characterized in that further include:
Second decryption unit, for being decrypted using the second random number ciphertext described in the IC card key pair, after obtaining decryption Second random number;
First authentication unit, it is whether identical for verifying the second random number and second random number after the decryption, if so, touching The first decryption unit is sent out to be decrypted using POS key ciphertext described in the IC card key pair.
8. device according to claim 7, which is characterized in that further include:
First prompt unit when mistake occurs for any one step in the POS machine key downloading method, prompts error code And error message.
9. device according to claim 6, which is characterized in that further include:
Second receiving unit, for receiving the inspection of City Operation Manager's input after prompt City Operation Manager inputs inspection action Action;
Third receiving unit, for receiving the equipment state of City Operation Manager's input after prompt City Operation Manager inputs equipment state;
Second acquisition unit, in prompt City Operation Manager's plug-in card or after swiping the card or input City Operation Manager's card number, if detect and The connected card of the POS machine of the key to be downloaded is IC medium City Operation Manager card, then obtains the POS machine with the key to be downloaded The IC card key of connected IC medium City Operation Manager card;
Second encryption unit, for generating third random number and the 4th random number, and with the POS machine phase with the key to be downloaded Third random number described in the IC card key pair of IC medium City Operation Manager card even encrypts, and obtains third random number ciphertext;
Second uploading unit, for after sending inspection transaction request to the single Platform Server of the receipts, upload second is two-way to be recognized Information and inspection information are demonstrate,proved to the single Platform Server of receipts, the second two-way authentication information is including at least IC card numbers, the Three random numbers, the 4th random number and third random number ciphertext, the inspection information include the patrol worker of City Operation Manager's input Make the terminal number of the POS machine of content, the equipment state of City Operation Manager input, trade company number and the key to be downloaded;
4th receiving unit, for receiving second response message receiving single Platform Server and sending, the second response report Text includes the 4th random number ciphertext;
Third decryption unit, the IC card for using the IC medium City Operation Manager being connected with the POS machine of the key to be downloaded to block 4th random number ciphertext described in key pair is decrypted, the 4th random number after being decrypted;
Second authentication unit, it is whether identical for verifying the 4th random number and the 4th random number after the decryption, if so, beating Print inspection voucher;
Wherein, the generating process of second response message includes:
The single Platform Server of the receipts checks that the legitimacy of corresponding trade company of the trade company number and the terminal number are corresponding under Carry the legitimacy of the POS machine of key;
In the POS machine for the corresponding key to be downloaded of legal and described terminal number that inspection result is corresponding trade company of the trade company number It is legal when, the single Platform Server of the receipts is from the IC card obtained in the second two-way authentication information in IC card key mapping table The corresponding IC card key of card number;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the second two-way authentication information It states third random number ciphertext to be decrypted, third random number after being decrypted;
When third random number is identical with the third random number after verifying the decryption, the corresponding IC of the IC card numbers is checked The inspection permission of card;
When inspection result is that the corresponding IC card of the IC card numbers has inspection permission, the second two-way authentication information is used In the corresponding IC card key pair of IC card numbers described in the 4th random number encrypted, obtain the 4th random number ciphertext;
Using the 4th random number ciphertext as second response message.
10. device according to claim 9, which is characterized in that further include:
Second prompt unit when mistake occurs for a certain step in inspection process flow, prompts error code and mistake Information.
11. a kind of POS machine key download system, which is characterized in that including IC card medium City Operation Manager card, receive single Platform Server With the POS machine key download apparatus as described in claim 6-10 any one;
The IC card medium City Operation Manager card is stored with IC card key;
The single Platform Server of the receipts, issues POS key ciphertext for the POS machine for key to be downloaded, the POS key is close Text is the card key blocked using the IC card medium City Operation Manager connecting with the POS machine of key to be downloaded, to the key to be downloaded POS machine assigned by the ciphertext that is encrypted of POS machine master key;
It is described to receive the process for receiving the POS key ciphertext that single Platform Server is issued for the POS machine of the key to be downloaded, packet It includes:
The first random number and the second random number are generated, and the first random number described in the IC card key pair is encrypted, and is obtained First random number ciphertext;
After sending downloading master key request to the single Platform Server of the receipts, it is single to the receipts to upload the first two-way authentication information Platform Server, the first two-way authentication information include at least IC card numbers, the first random number, the second random number and first with Machine number ciphertext, the IC card numbers are the card number of the corresponding IC medium City Operation Manager card of the IC card key;
First response message receiving single Platform Server and sending is received, first response message includes that the second random number is close The literary and described POS key ciphertext receiving single Platform Server and being issued for the POS machine of the key to be downloaded;
Wherein, the generating process of first response message includes:
The single Platform Server of the receipts receives the first two-way authentication information;
The single Platform Server of the receipts is from the IC card numbers obtained in the first two-way authentication information in IC card key mapping table Corresponding IC card key;
The list Platform Server of receiving uses the corresponding IC card key pair institute of IC card numbers in the first two-way authentication information The the first random number ciphertext stated in the first two-way authentication information is decrypted, the first random number after being decrypted;
When the first random number after verifying the decryption is identical with the first random number in the first two-way authentication information, check Download permission, IC card state and the IC card validity period of the corresponding IC card of IC card numbers in the first two-way authentication information;
There are download permission, IC card state in inspection result for the corresponding IC card of IC card numbers in the first two-way authentication information It is close using the corresponding IC card of IC card numbers in the first two-way authentication information when to have received with IC card validity period being effective Key encrypts second random number, obtains the second random number ciphertext;
The second random number ciphertext and the single Platform Server of the receipts are issued for the POS machine of the key to be downloaded POS key ciphertext forms first response message.
12. system according to claim 11, which is characterized in that the single Platform Server of the receipts includes:
5th receiving unit, the first two-way authentication information uploaded for receiving the POS machine key download apparatus;
Third acquiring unit, for from the IC card numbers pair obtained in IC card key mapping table in the first two-way authentication information The IC card key answered;
4th decryption unit, for using described in the corresponding IC card key pair of IC card numbers in the first two-way authentication information The first random number ciphertext in first two-way authentication information is decrypted, the first random number after being decrypted;
First inspection unit, for after verifying the decryption in the first random number and the first two-way authentication information first When random number is identical, download permission, the IC card shape of the corresponding IC card of IC card numbers in the first two-way authentication information are checked State and IC card validity period;
Third encryption unit, for being that the corresponding IC card of IC card numbers in the first two-way authentication information has in inspection result Download permission, IC card state are to have received with IC card validity period when being effective, use the IC in the first two-way authentication information Second random number described in the corresponding IC card key pair of card card number is encrypted, and the second random number ciphertext is obtained;
Component units, for the second random number ciphertext and the single Platform Server of receipts to be directed to the POS of the key to be downloaded The POS key ciphertext that machine issues forms the first response message;
Second inspection unit, the corresponding key to be downloaded of legitimacy and the terminal number for checking corresponding trade company of trade company number POS machine legitimacy;
4th acquiring unit, for corresponding in the legal and described terminal number that inspection result is corresponding trade company of the trade company number The POS machine of key to be downloaded it is legal when, the single Platform Server of the receipts obtains second from IC card key mapping table two-way to be recognized Demonstrate,prove the corresponding IC card key of IC card numbers in information;
5th decryption unit, for using the corresponding IC card key pair third of IC card numbers in the second two-way authentication information Random number ciphertext is decrypted, third random number after being decrypted;
Third inspection unit, for checking institute when third random number is identical with the third random number after verifying the decryption State the inspection permission of the corresponding IC card of IC card numbers;
4th encryption unit, for using institute when inspection result is that the corresponding IC card of the IC card numbers has inspection permission It states corresponding the 4th random number of IC card key pair of the IC card numbers in the second two-way authentication information to be encrypted, it is random to obtain the 4th Number ciphertext;
Determination unit, for using the 4th random number ciphertext as the second response message.
CN201610243644.2A 2016-04-18 2016-04-18 A kind of POS machine key downloading method, apparatus and system Active CN105978856B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610243644.2A CN105978856B (en) 2016-04-18 2016-04-18 A kind of POS machine key downloading method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610243644.2A CN105978856B (en) 2016-04-18 2016-04-18 A kind of POS machine key downloading method, apparatus and system

Publications (2)

Publication Number Publication Date
CN105978856A CN105978856A (en) 2016-09-28
CN105978856B true CN105978856B (en) 2019-01-25

Family

ID=56993233

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610243644.2A Active CN105978856B (en) 2016-04-18 2016-04-18 A kind of POS machine key downloading method, apparatus and system

Country Status (1)

Country Link
CN (1) CN105978856B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712939A (en) * 2016-12-27 2017-05-24 百富计算机技术(深圳)有限公司 Offline key transmission method and device
CN107466455B (en) * 2017-03-15 2021-05-04 深圳大趋智能科技有限公司 POS machine security verification method and device
WO2019023979A1 (en) * 2017-08-02 2019-02-07 福建联迪商用设备有限公司 Method for generating configurable pos machine secret key pair, and storage medium
WO2019178760A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Method for transmitting key and pos terminal
CN109309567A (en) * 2018-09-04 2019-02-05 福建联迪商用设备有限公司 A kind of method and system for transmitting key
CN110430052B (en) * 2019-08-05 2023-01-31 中国工商银行股份有限公司 POS key online filling method and device
CN112532567A (en) * 2019-09-19 2021-03-19 中国移动通信集团湖南有限公司 Transaction encryption method and POSP system
CN110782544A (en) * 2019-10-24 2020-02-11 青岛英泰软件技术有限公司 POS machine inspection method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
CN101930644A (en) * 2009-06-25 2010-12-29 中国银联股份有限公司 Method for safely downloading master key automatically in bank card payment system and system thereof
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103701812A (en) * 2013-03-15 2014-04-02 福建联迪商用设备有限公司 TMK (Terminal Master Key) secure downloading method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101930644A (en) * 2009-06-25 2010-12-29 中国银联股份有限公司 Method for safely downloading master key automatically in bank card payment system and system thereof
CN101593389A (en) * 2009-07-01 2009-12-02 中国建设银行股份有限公司 A kind of key management method and system that is used for the POS terminal
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103701812A (en) * 2013-03-15 2014-04-02 福建联迪商用设备有限公司 TMK (Terminal Master Key) secure downloading method and system
CN103714641A (en) * 2013-03-15 2014-04-09 福建联迪商用设备有限公司 Security downloading method and system of TMK

Also Published As

Publication number Publication date
CN105978856A (en) 2016-09-28

Similar Documents

Publication Publication Date Title
CN105978856B (en) A kind of POS machine key downloading method, apparatus and system
US11853987B2 (en) System and method for secure communication in a retail environment
CN103714633B (en) A kind of method of safe generating transmission key and POS terminal
US9948624B2 (en) Key downloading method, management method, downloading management method, device and system
CN106656488B (en) Key downloading method and device for POS terminal
CN100496025C (en) Ternary equal identification based reliable network access control method
US7720769B1 (en) Card activated cash dispensing automated banking machine system and method
US7904713B1 (en) Card activated cash dispensing automated banking machine system and method
EP2780854A2 (en) A smart card reader with a secure logging feature
CN101494541B (en) System and method for implementing security protection of PIN code
CN106233342B (en) Automatic trading apparatus and automated trading system
EP1081891A2 (en) Autokey initialization of cryptographic devices
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN103914774A (en) O2O safety payment method and system
WO2022227648A1 (en) Control method and apparatus for intelligent vending cabinet, electronic device, and storage medium
CN110401613A (en) A kind of authentication management method and relevant device
CN106789024A (en) A kind of remote de-locking method, device and system
US7110986B1 (en) Automated banking machine system and method
JP4372919B2 (en) Automatic cash transaction apparatus and method
EP3051476B1 (en) Authority trusted secure system component
CN109889489A (en) It is a kind of for carrying out the method and system of online or offline secure transmission to invoice data
CN103220139B (en) The management method of the condom password of ATM and system
CN107395600A (en) Business datum verification method, service platform and mobile terminal
CN100390699C (en) Right identification method using plug-in device and system applying the method
CN116091190A (en) Bank physical management method, device and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant