CN107911480B - Method for enhancing information security of POS terminal - Google Patents

Method for enhancing information security of POS terminal Download PDF

Info

Publication number
CN107911480B
CN107911480B CN201711297640.3A CN201711297640A CN107911480B CN 107911480 B CN107911480 B CN 107911480B CN 201711297640 A CN201711297640 A CN 201711297640A CN 107911480 B CN107911480 B CN 107911480B
Authority
CN
China
Prior art keywords
file
program
blacklist
downloaded
blacklist program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711297640.3A
Other languages
Chinese (zh)
Other versions
CN107911480A (en
Inventor
郭鸿志
胡继龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianhai Lianda Shenzhen Technology Co ltd
Original Assignee
Qianhai Lianda Shenzhen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianhai Lianda Shenzhen Technology Co ltd filed Critical Qianhai Lianda Shenzhen Technology Co ltd
Priority to CN201711297640.3A priority Critical patent/CN107911480B/en
Publication of CN107911480A publication Critical patent/CN107911480A/en
Application granted granted Critical
Publication of CN107911480B publication Critical patent/CN107911480B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method for enhancing information security of a POS terminal, wherein a system program is installed in the POS terminal, and the method comprises the following steps: a blacklist program is placed in a POS terminal in advance, and files which are published but have BUG are stored in the blacklist program; the system program detects whether the file to be downloaded is listed in the blacklist program in real time, and if so, the downloading is refused; and if the file to be downloaded is not listed in the blacklist program, performing signature authentication on the file to be downloaded, judging whether the signature is legal or not, if not, refusing to download, and if so, allowing to download. The invention puts a blacklist program which can be updated remotely and timely into the POS terminal in advance, can avoid downloading published files with BUG, improves the information security of the POS terminal, and reduces the risks of information leakage and personal property loss to the minimum.

Description

Method for enhancing information security of POS terminal
Technical Field
The invention relates to the field of financial POS terminal information security, in particular to a POS terminal information security enhancing method.
Background
The POS terminal involves processing important information such as a personal account number, PIN, amount of money, etc., so that it has a very high demand for security of data information.
Existing solutions typically ensure that the loaded and running program is legally authorized by means of signature authentication, and use encryption to prevent critical data of the communication link from being revealed.
However, for a program or a file which has been released and has a bug, the existing scheme can only make up the bug through a manual or remote upgrading mode, which needs to comprehensively evaluate the aspects of labor cost, network environment and load, terminal performance and the like.
Thus, there is a need for improvements and enhancements in the art.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present invention aims to provide a method for enhancing information security of a POS terminal, which aims to improve the information security of the POS terminal and minimize the risks of information leakage and personal property loss.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for enhancing information security of a POS terminal, wherein a system program is installed in the POS terminal, comprises the following steps:
a, a blacklist program is pre-placed in a POS terminal, and files which are published but have BUGs are stored in the blacklist program;
b, the system program detects whether the file to be downloaded is listed in the blacklist program in real time, and if so, the downloading is refused;
and C, if the file to be downloaded is not listed in the blacklist program, performing signature authentication on the file to be downloaded, judging whether the signature is legal or not, if not, refusing to download, and if so, allowing to download.
Preferably, the file published in step a but having a BUG calculates a characteristic value thereof by a hash algorithm, and the blacklist program stores the characteristic value.
Preferably, the blacklist program can be updated remotely and timely.
Preferably, the blacklist program is further configured to detect whether the file to be downloaded is an upgrade file of the blacklist program.
Preferably, the step C specifically includes:
c1, if the file to be downloaded is not listed in the blacklist program, judging whether the file to be downloaded is an upgrade file of the blacklist program;
c2, if the file to be downloaded is judged to be the upgrading file of the blacklist program, performing signature authentication on the public key corresponding to the upgrading file of the blacklist program;
if the file to be downloaded is judged to be other files of the upgrading file which is not the blacklist program, performing signature authentication on the public keys corresponding to the other files;
c3, judging whether the signature of the upgrading file of the blacklist program is legal, if not, refusing to download, if so, judging whether the version and date of the upgrading file of the blacklist program are higher than the version and date of the current blacklist program, if so, running the download, and if not, refusing the download;
and judging whether the signatures of the other files are legal or not, if not, refusing to download, and if so, allowing to download.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, the blacklist program is put in the POS terminal, the published files with some BUGs are managed and listed, the blacklist program is timely and remotely updated in the using process of the POS terminal, the files to be downloaded are detected in real time, the published files with BUGs can be prevented from being downloaded, the information safety of the POS terminal is improved, and the risks of information leakage and personal property loss are reduced to the minimum.
Drawings
FIG. 1 is a flowchart illustrating a method for enhancing information security of a POS terminal according to a preferred embodiment of the present invention.
Fig. 2 is a schematic diagram of an embodiment of the method for enhancing information security of a POS terminal according to the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a method for enhancing information security of a POS terminal, wherein a system program is installed in the POS terminal, please refer to FIGS. 1-2, and as shown in the figure, the method comprises the following steps:
s100, a blacklist program is pre-placed in the POS terminal, and the blacklist program contains published files with BUGs.
In the embodiment of the invention, published files but BUG files are listed in the blacklist program; in this embodiment, the blacklist procedure is used as one of the legal references for the document.
S200, the system program detects whether the file to be downloaded is listed in the blacklist program in real time, and if so, the downloading is refused.
In the embodiment of the invention, if the current file to be downloaded is listed in the blacklist program, the file to be downloaded is judged to be an illegal file, downloading is refused, and error information is prompted through the POS terminal.
S300, if the file to be downloaded is not listed in the blacklist program, performing signature authentication on the file to be downloaded, judging whether the signature is legal or not, if not, refusing to download, and if so, allowing to download.
In the embodiment of the invention, if the current file to be downloaded is not listed in the blacklist program, the legal authorization of the blacklist program is obtained, the signature authentication is carried out on the public key corresponding to the file to be downloaded, whether the signature of the file to be downloaded is legal or not is judged, if the signature of the file to be downloaded is legal, the downloading is carried out, and if the signature of the file to be downloaded is illegal, the downloading is refused, and the error information is prompted through the POS terminal.
Further, the file published but having the BUG in step S100 is calculated by a hash algorithm to obtain a feature value, and the blacklist program stores the feature value.
In the embodiment of the invention, the blacklist program contains the characteristic value of the published but existing BUG file, but not the file itself; because the blacklist program generally contains a plurality of published files with BUG, in order to reduce the occupied space of the blacklist program, the characteristic value of the published files with BUG is calculated by adopting a hash algorithm, so that the blacklist files are smaller, and local update or remote update is convenient.
Further, the blacklist program can be updated remotely and timely.
In the embodiment of the invention, the blacklist program can be remotely updated in time so as to keep the timeliness of the blacklist program.
Further, the blacklist program is further configured to detect whether the file to be downloaded is an upgrade file of the blacklist program.
In the embodiment of the invention, in order to keep the functions of loss prevention, tampering prevention and replacement prevention of the blacklist program, the upgrade file of the blacklist program needs to be distinguished and judged.
Further, the step S300 specifically includes:
s301, if the file to be downloaded is not listed in the blacklist program, judging whether the file to be downloaded is an upgrade file of the blacklist program;
s302, if the file to be downloaded is judged to be the upgrading file of the blacklist program, signature authentication is carried out on the public key corresponding to the upgrading file of the blacklist program;
if the file to be downloaded is judged to be other files of the upgrading file which is not the blacklist program, performing signature authentication on the public keys corresponding to the other files;
s303, judging whether the signature of the upgrading file of the blacklist program is legal or not, if not, refusing to download, if so, judging whether the version and the date of the upgrading file of the blacklist program are higher than those of the current blacklist program or not, if so, running to download, and if not, refusing to download;
and judging whether the signatures of the other files are legal or not, if not, refusing to download, and if so, allowing to download.
In the embodiment of the invention, whether the file to be downloaded is an upgrading file of a blacklist program is judged, if the current file to be downloaded is the upgrading file of the blacklist program, legal authorization of the blacklist program is required, and signature verification is passed, finally, in order to prevent the blacklist program from being lost, tampered and replaced, the version and date of the upgrading file of the current blacklist program to be downloaded must be judged, whether the version and date of the upgrading file of the current blacklist program are higher than those of the current blacklist program is judged, if yes, downloading is operated, if not, downloading is refused, and error information is prompted through a POS terminal; the blacklist program has the functions of loss prevention, tampering prevention and replacement prevention, whether in the POS terminal starting process or the downloading process, the validity of the blacklist is checked to be indispensable, whether the blacklist program stored in the POS terminal is tampered or not can be judged by checking the signature validity of the relevant file of the blacklist program, and whether the blacklist program is replaced by the blacklist program with a lower version but a legal signature or not can be judged by checking the registration information of the blacklist program; once the upgrade file of the blacklist program passes the check and is downloaded and updated, a new blacklist program can be extracted for subsequent authentication.
If the current file to be downloaded is judged to be other files of the upgrading file which is not the blacklist program, the current file to be downloaded can be operated and downloaded only by authorization and legal signature of the blacklist program.
In summary, the present invention discloses a method for enhancing information security of a POS terminal, where the POS terminal is installed with a system program, and the method includes the following steps: a blacklist program is placed in a POS terminal in advance, and files which are published but have BUG are stored in the blacklist program; the system program detects whether the file to be downloaded is listed in the blacklist program in real time, and if so, the downloading is refused; and if the file to be downloaded is not listed in the blacklist program, performing signature authentication on the file to be downloaded, judging whether the signature is legal or not, if not, refusing to download, and if so, allowing to download. The invention puts a blacklist program which can be updated remotely and timely into the POS terminal in advance, can avoid downloading published files with BUG, improves the information security of the POS terminal, and reduces the risks of information leakage and personal property loss to the minimum.
It should be understood that equivalents and modifications of the technical solution and inventive concept thereof may occur to those skilled in the art, and all such modifications and alterations should fall within the scope of the appended claims.

Claims (4)

1. A POS terminal information security enhancement method is provided, wherein a system program is installed in the POS terminal, and the method is characterized by comprising the following steps:
a, a blacklist program is pre-placed in a POS terminal, and a published but existing BUG file is stored in the blacklist program; the blacklist program per se meets the functions of loss prevention, tampering prevention and replacement prevention;
b, the system program detects whether the file to be downloaded is listed in the blacklist program in real time, and if so, the downloading is refused;
c, if the file to be downloaded is not listed in the blacklist program, performing signature authentication on the file to be downloaded, judging whether the signature is legal or not, if not, refusing to download, and if so, allowing to download;
the step C specifically comprises the following steps:
c1, if the file to be downloaded is not listed in the blacklist program, judging whether the file to be downloaded is an upgrade file of the blacklist program;
c2, if the file to be downloaded is judged to be the upgrading file of the blacklist program, performing signature authentication on the public key corresponding to the upgrading file of the blacklist program;
if the file to be downloaded is judged to be other files of the upgrading file which is not the blacklist program, performing signature authentication on the public keys corresponding to the other files;
c3, judging whether the signature of the upgrading file of the blacklist program is legal, if not, refusing to download, if so, judging whether the version and date of the upgrading file of the blacklist program are higher than the version and date of the current blacklist program, if so, running the download, and if not, refusing the download;
and judging whether the signatures of the other files are legal or not, if not, refusing to download, and if so, allowing to download.
2. The enhancement method according to claim 1, wherein the file published but having the BUG in step a has its feature value calculated by a hash algorithm, and the blacklisting program stores the feature value.
3. The enhancement method of claim 1 wherein the blacklisting procedure is remotely and timely updatable.
4. The enhancement method of claim 1, wherein the blacklist program is further configured to detect whether the file to be downloaded is an upgrade file of the blacklist program.
CN201711297640.3A 2017-12-08 2017-12-08 Method for enhancing information security of POS terminal Active CN107911480B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711297640.3A CN107911480B (en) 2017-12-08 2017-12-08 Method for enhancing information security of POS terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711297640.3A CN107911480B (en) 2017-12-08 2017-12-08 Method for enhancing information security of POS terminal

Publications (2)

Publication Number Publication Date
CN107911480A CN107911480A (en) 2018-04-13
CN107911480B true CN107911480B (en) 2021-05-18

Family

ID=61865147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711297640.3A Active CN107911480B (en) 2017-12-08 2017-12-08 Method for enhancing information security of POS terminal

Country Status (1)

Country Link
CN (1) CN107911480B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102419808A (en) * 2011-09-28 2012-04-18 奇智软件(北京)有限公司 Method, device and system for detecting safety of download link
CN106487793A (en) * 2016-10-19 2017-03-08 广东欧珀移动通信有限公司 application installation method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103473505B (en) * 2012-06-06 2016-03-23 腾讯科技(深圳)有限公司 A kind of scanning reminding method of software vulnerability and device
CN103561006B (en) * 2013-10-24 2017-05-10 北京奇虎科技有限公司 Application authentication method and device and application authentication server based on Android
EP3085165B1 (en) * 2013-12-20 2020-06-10 Orange Selection of a radio network for toll-free applications
CN104484599B (en) * 2014-12-16 2017-12-12 北京奇虎科技有限公司 A kind of behavior treating method and apparatus based on application program
CN106371866A (en) * 2016-08-29 2017-02-01 福建联迪商用设备有限公司 POS terminal application package downloading method and apparatus, and communication method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102419808A (en) * 2011-09-28 2012-04-18 奇智软件(北京)有限公司 Method, device and system for detecting safety of download link
CN106487793A (en) * 2016-10-19 2017-03-08 广东欧珀移动通信有限公司 application installation method and device

Also Published As

Publication number Publication date
CN107911480A (en) 2018-04-13

Similar Documents

Publication Publication Date Title
EP1479187B1 (en) Controlling access levels in phones by certificates
US9251336B1 (en) Secure versioning of software packages
CN107748668B (en) Method and device for upgrading application program
US20100100966A1 (en) Method and system for blocking installation of some processes
CN103761471A (en) Application program installation method and device based on intelligent terminal
KR20150083878A (en) Methods for providing anti-rollback protection in a device which has no internal non-volatile memory
CN103761472A (en) Application program accessing method and device based on intelligent terminal
CN104573435A (en) Method for terminal authority management and terminal
CN103870306A (en) Method and device for installing application program on basis of intelligent terminal equipment
CN103839000A (en) Application program installation method and device based on intelligent terminal equipment
US8095987B2 (en) Software anti-piracy protection
CN107466455B (en) POS machine security verification method and device
CN102930184B (en) A kind of functional module loading method and device
US12093385B2 (en) Zero dwell time process library and script monitoring
CN104751049A (en) Application program installing method and mobile terminal
CN105931042A (en) Application authority management method and intelligent POS terminal
AU2021414143A9 (en) Zero dwell time process library and script monitoring
US20150277887A1 (en) Tamperproof installation of building control software in approved runtime environments
CN118051918A (en) Security vulnerability restoration management method and device
CN107911480B (en) Method for enhancing information security of POS terminal
KR101638257B1 (en) Method for protecting source code of application and apparatus for performing the method
KR101322402B1 (en) System and Method for Security of Application, Communication Terminal Therefor
KR102053493B1 (en) Safe patch system and method of white list
KR102201218B1 (en) Access control system and method to security engine of mobile terminal
CN104866348A (en) Method and device for realizing safe installation of application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant