CN111627173A - Bluetooth POS equipment and payment system - Google Patents
Bluetooth POS equipment and payment system Download PDFInfo
- Publication number
- CN111627173A CN111627173A CN202010130620.2A CN202010130620A CN111627173A CN 111627173 A CN111627173 A CN 111627173A CN 202010130620 A CN202010130620 A CN 202010130620A CN 111627173 A CN111627173 A CN 111627173A
- Authority
- CN
- China
- Prior art keywords
- information
- payment
- bluetooth
- payment terminal
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 238000004891 communication Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 24
- 238000012790 confirmation Methods 0.000 claims description 19
- 230000009471 action Effects 0.000 claims description 6
- 238000000034 method Methods 0.000 abstract description 11
- 230000008569 process Effects 0.000 abstract description 8
- 230000006855 networking Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 9
- 230000003287 optical effect Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 206010019233 Headaches Diseases 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 231100000869 headache Toxicity 0.000 description 1
- 238000009413 insulation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/206—Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0018—Constructional details, e.g. of drawer, printing means, input means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the technical field of electronic payment, and discloses a Bluetooth POS device and a payment system, wherein the Bluetooth POS device comprises: the POS terminal Bluetooth device can be in communication connection with the payment terminal and performs directional data transmission; the secure element comprises a signature private key and a key for encryption, and the signature private key can sign the generated payment message; and the information generating device is connected with the secure element circuit and is used for generating information comprising the serial number, the time information and the random number of the Bluetooth POS equipment, and signing and encrypting through the secure element. The Bluetooth POS equipment acquires corresponding physical address information and quickly establishes Bluetooth connection by performing data transmission with the payment terminal and the cloud, and then performs transaction operation through Bluetooth, so that the safety of information transmission is greatly improved, and the fund safety in the transaction process is ensured. Meanwhile, the payment system can realize the connection between the payment terminal and the Bluetooth POS equipment under the condition of unilateral networking so as to finish payment.
Description
Technical Field
The invention relates to the technical field of electronic payment, in particular to Bluetooth POS equipment for signal transmission through Bluetooth and a payment system using the Bluetooth POS equipment.
Background
At present, with the rapid development of computer and internet technologies, electronic payment changes people's lifestyle due to its high efficiency and convenience. A common terminal for payment includes: smart phones, tablets, payment cards, and the like. In the prior art, the POS device generally adopts NFC as a short-range communication method. However, since each terminal manufacturer controls the public key management system of NFC separately and does not cooperate with each other, the NFC payment fragmentation occurs, and Apple Pay, hua shi Pay, samsung Pay, and the like are not communicated with each other. Therefore, we propose to replace NFC with bluetooth short range communication. Since almost every mobile terminal is equipped with a bluetooth communication module, we want to establish a payment ecology that is not fragmented anymore.
However, currently, bluetooth requires a pairing connection method for encryption and authentication to be preset, so that the handshake speed is slow and the bluetooth is not suitable for a payment scenario. In the application, a Bluetooth connection mode without NFC (near field communication) similar to OOB (out Of band) protocol is proposed, and only encryption and verification settings including Bluetooth address information Of one side are sent to the other side, so that pairing connection Of two Bluetooth modules can be accelerated.
Disclosure of Invention
The present invention is made in view of the above problems, and it is an object of the present invention to provide a bluetooth POS device payment system, wherein a bluetooth POS device performs data transmission with a payment terminal and a cloud to obtain physical address information of the corresponding payment terminal and establish bluetooth connection, and then performs a transaction operation through bluetooth.
Specifically, the bluetooth POS device provided by the present invention includes: the POS terminal Bluetooth device can be in communication connection with the payment terminal and performs directional information transmission; the information acquisition device can acquire the encrypted information, decrypt the encrypted information and generate decrypted information; the secure element at least comprises a signature private key, and the signature private key can sign the payment message generated by the Bluetooth POS equipment; the POS terminal secret key can encrypt information sent by the Bluetooth POS equipment or decrypt information received by the Bluetooth POS equipment; and the verifying device at least comprises a verifying public key, and the verifying public key can verify the signature of the received information.
Compared with the prior art, the Bluetooth POS device provided by the invention can acquire the information of the user registration number, the time information and the random number of the payment terminal, and interacts with the cloud end, so that the physical address information of the payment terminal is acquired, the Bluetooth connection between the Bluetooth POS device and the payment terminal is conveniently established, the information encrypted by the signature private key is sent through the Bluetooth connection, the information transmission safety in the payment process is greatly improved, and the fund safety in the transaction process is ensured.
Preferably, the information acquiring device is one or more of a camera, a microphone or a photosensitive device, and can acquire picture information, sound information or light intensity information.
The information acquisition device of the Bluetooth POS device can collect the information which is sent by the information generation device of the payment terminal and contains the account information, the time information and the random number of the payment terminal, and acquires the corresponding information after verification, so that Bluetooth connection can be realized, and the reliability, the safety and the connection speed of Bluetooth connection in a payment system are improved.
The invention also provides a payment system which comprises the Bluetooth POS equipment, a payment terminal and a cloud end capable of being in communication connection with the payment terminal, wherein a payment end Bluetooth device is arranged in the payment terminal.
Compared with the prior art, the payment system can complete functions of payment, account balance updating and the like under the condition that the payment terminal is not networked. In the existing two-dimensional code payment system, if a complete payment program is to be completed, the payment terminal such as a mobile phone and the like and the Bluetooth POS equipment are required to be connected with the Internet at the same time. This is a headache problem for short term international travellers. Short-term visitors who do not open local telecommunication services while traveling can only obtain WiFi services at the hotel, but can generate frequent payment requirements after leaving the hotel. The techniques of the present application may satisfy such a need. Meanwhile, the payment system can transmit the physical address information of the Bluetooth POS device to the payment terminal through the linkage among the Bluetooth POS device, the payment terminal and the cloud end through the information generation device, and finally realizes the Bluetooth connection between the Bluetooth POS device and the payment terminal through multiple verification. And then transmitting the payment message through the established Bluetooth connection, and sending the payment message to the cloud.
Further, preferably, the payment terminal further comprises a payment terminal key and an information generation device, the payment terminal key can encrypt information including the user registration number, the time information and the random number of the payment terminal, and the information generation device can generate encrypted information including the encrypted information encrypted by the payment terminal key and send the encrypted information to the bluetooth POS device.
The payment terminal encrypts information including a user registration number, time information and a random number of the payment terminal through a payment terminal secret key, sends the information to the Bluetooth POS equipment, and improves the safety of information transmission through encryption. And the encrypted information comprises the user registration number, the time and the random number of the payment terminal, so that even if the encryption is cracked, the user registration number can be obtained, but the physical address information of the payment terminal cannot be obtained, thereby providing a safer payment environment for the payment terminal.
Further, preferably, the information generating device is one or more of a two-dimensional code generator, a sounding device and a flash lamp, and the encrypted information is picture information, sound information or light intensity information.
The information generating device can encrypt the user registration number, the time information and the random number of the payment terminal into picture information, sound information and light intensity information, so that the picture information, the sound information and the light intensity information can be identified by a corresponding device on the Bluetooth POS equipment, and data transmission between the payment terminal and the Bluetooth POS equipment is completed.
Further, preferably, the cloud further comprises a cloud public key, and the cloud public key can verify the signature of the signature private key of the Bluetooth POS device; and a signature private key of the Bluetooth POS device signs the encrypted information, sends the signed encrypted information to the cloud end, and verifies the signature of the received information by a cloud end public key of the cloud end.
The cloud public key can verify the signature of the signature private key of the Bluetooth POS device, so that the information sent by the Bluetooth POS device is verified, the received information containing the physical address information of the payment terminal is ensured to come from the cloud, the authenticity of the information received by the Bluetooth POS device is improved, and the payment safety is improved.
In addition, preferably, a storage device and a cloud signature private key are arranged in the cloud, the storage device is used for storing physical address information of the payment terminal, and the physical address information of the payment terminal corresponds to an account number of the payment terminal one by one;
the cloud signature private key can sign information containing physical address information sent by a cloud and send the information to the Bluetooth POS equipment, and after the signature of the physical address information is verified through a verification public key of the Bluetooth POS equipment, the Bluetooth POS equipment establishes Bluetooth quick connection with the payment terminal according to the physical information.
The cloud private key can sign information sent by the cloud, and the signature can be verified by a verification public key in the Bluetooth POS device. Therefore, the Bluetooth POS device can confirm that the received information comes from the cloud end, and therefore the safety of the payment environment of the Bluetooth POS device is improved.
In addition, as a preferred option, the payment terminal further comprises a shell, a screen arranged on the shell and an identity confirmation device, and the payment terminal can display a payment message for a user to confirm; the identity confirmation device is used for confirming the payment message by the user; the Bluetooth POS equipment generates a payment message and sends the payment message to the payment terminal, and the payment terminal displays the payment message, encrypts a confirmation message of the payment message and sends the confirmation message to the cloud end through the Bluetooth POS equipment.
The screen is used for displaying the corresponding payment message and informing the user of the specific payment content in the payment message in time. The user inputs biological identification information such as a password, a fingerprint, face identification and the like through the identity confirmation device so as to enable the system to identify whether the user is really the holder of the payment terminal. And after the user identity is confirmed, sending the received payment message to the cloud. The cloud terminal carries out subsequent payment operation, a safer payment environment is provided, and the safety and the reliability of the payment process are effectively improved. At this moment, even if the payment terminal is not networked, the payment terminal can still realize the connection with the Bluetooth POS equipment to complete the payment.
Further, as a preferred option, the cloud further comprises an analyzer, which can analyze the received payment message and complete the payment action according to the payment message.
And analyzing the payment content of the payment message through an analyzer at the cloud end, and finishing a corresponding payment action according to the payment content.
Further, as a preferred option, the account update information after the payment is completed is encrypted and transmitted to the payment terminal through the bluetooth connection via the bluetooth POS device.
In other words, after payment is completed, the account updating information after payment is received from the cloud end to the Bluetooth POS equipment after encryption, the account updating information after payment is received from the cloud end, and the APP of the payment terminal is received through Bluetooth connection.
The scheme has significance for tourists leaving the country in a short time, the tourists leaving the country in a short time often do not visit the national telecommunication networking (such as 4G) service, and by utilizing the payment system, code scanning payment actions can be completed in tourist attractions of foreign countries even if a mobile phone is not networked, so that the use of users is greatly facilitated.
Drawings
Fig. 1 is a block diagram of a bluetooth POS device according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of a Bluetooth POS device with a camera as an information acquisition device according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a bluetooth POS device in which the information acquisition apparatus is a microphone according to the first embodiment of the present invention;
fig. 4 is a schematic diagram of a bluetooth POS device in which the information acquisition apparatus is a photosensitive device according to the first embodiment of the present invention;
fig. 5A is a schematic diagram (one) of a payment system of a second embodiment of the present invention;
fig. 5B is a schematic diagram (two) of a payment system of the second embodiment of the present invention;
fig. 6 is a schematic block diagram of a cloud according to a second embodiment of the present invention;
fig. 7 is a module schematic diagram of a payment terminal according to a second embodiment of the present invention;
fig. 8 is a schematic diagram of a payment terminal including a private key of a payment terminal according to a second embodiment of the present invention.
Description of reference numerals:
1-a housing; 2-screen; 3-pressing a key; 4-a microphone; 5-a photosensitive device; 6-a frame structure; 7-camera.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings. The bluetooth POS device and payment system are schematically shown in simplified form in the figure.
Implementation mode one
This embodiment provides a bluetooth POS device, as shown in fig. 1 to 4, including: the POS terminal Bluetooth device can be in communication connection with the payment terminal and performs directional information transmission; the information acquisition device can acquire the encrypted information, decrypt the encrypted information and generate decrypted information; the secure element at least comprises a signature private key, and the signature private key can sign the payment message generated by the Bluetooth POS equipment; the POS terminal secret key can encrypt information sent by the Bluetooth POS equipment or decrypt information received by the Bluetooth POS equipment; and the verifying device at least comprises a verifying public key, and the verifying public key can verify the signature of the received information. Also, a screen 2 capable of displaying information and a key 3 for operation are provided on the housing 1 of the bluetooth POS device.
Briefly, the Bluetooth POS device provided by the invention can acquire the information of a user registration account number, time information and a random number of a payment terminal and interact with the cloud end, so that the physical address information of the payment terminal is acquired, the Bluetooth connection between the Bluetooth POS device and the payment terminal is conveniently established, the information encrypted by a signature private key is sent through the Bluetooth connection, the information transmission safety in the payment process is greatly improved, and the fund safety in the transaction process is ensured. Wherein the physical address information refers to encryption and authentication setting information including a physical address.
In the present embodiment, the information acquiring device is one or more of the camera 7, the microphone 4, or the photosensitive device 5, and can acquire picture information, sound information, or light intensity information.
Simply, bluetooth POS equipment and payment terminal get into the state of preparing to pay, and through user's operation payment terminal and in time gather the time stamp (instant time information) at the moment of the operation, and generate a string of random number, later encrypt payment terminal's user registration number, time stamp and random number by the payment end secret key, later transmit to payment terminal's information generation device. The payment terminal key can be encrypted in a symmetric encryption mode or an asymmetric encryption mode, and only the information safety can be guaranteed. The number of bits of the random number may be set as needed, and in the present embodiment, an eight-bit random number is used as an example. In the present embodiment, the user registration number of each payment terminal corresponds to the physical address information of a unique payment terminal.
When the information obtaining device is the camera 7, as shown in fig. 2, the payment terminal can display an image of the two-dimensional code on a device such as a screen of the payment terminal, so that the two-dimensional code can be obtained by the bluetooth POS device, and the user registration number, the time information, and the random number of the payment terminal in the two-dimensional code can be obtained by decrypting the POS terminal key of the corresponding bluetooth POS device. Of course, the image information may be a barcode or the like other than the two-dimensional code.
When the information acquisition device is a microphone 4, as shown in fig. 3, the bluetooth POS device acquires, through the microphone 4, that the sound generation device generates corresponding sound according to the encrypted result, and decrypts through a corresponding POS terminal key to acquire the user registration number, the time information, and the random number of the payment terminal therein.
When the information acquiring device is the photosensitive device 5, as shown in fig. 4, a flash lamp on the payment terminal can emit a flickering optical signal according to an encrypted result, so that the flickering optical signal can be acquired by the payment terminal, and the user registration number, the time information and the random number of the payment terminal in the payment terminal can be acquired through decryption of a corresponding POS terminal key. In this embodiment, the principle of the optical signal sent by the payment terminal is as follows: based on the binary character of the encrypted information, "0" is set as no light emission, "1" is set as light emission, and a flash light signal is emitted from a flash lamp.
Of course, in this embodiment, the bluetooth POS device may be provided with a plurality of information acquisition devices at the same time, and the information acquired by each information acquisition device is different, so as to further improve the security of the payment place and improve the applicability of the bluetooth POS device.
More specifically, in order to improve the effect of collecting information by the bluetooth POS device, a blocking device may be disposed at the information collecting device to reduce interference caused by other factors in the environment. In the present embodiment, the protective structure is a frame structure 6 surrounding the microphone 4 or the photo detector 5, and the frame structure 6 is 6-8mm higher than the sound generating device or the flash lamp and is provided on the side connected to the side provided with the screen 2 or the side opposite thereto. Wherein, frame construction 6 adopts the better and lightproof material of sound insulation effect and shell 1 an organic whole to form, and payment terminal contacts with frame construction 6 during the use to reduce the influence of external noise or light to the information transmission between bluetooth POS equipment and the payment terminal. Of course, the information generating device and the protection structure can also be arranged at other positions of the Bluetooth POS device as long as the obtained information related to payment can be conveniently displayed.
After the Bluetooth connection is established, the Bluetooth POS equipment can firstly sign the payment message information through the signature private key and then send the payment message information to the corresponding payer through Bluetooth. The payer can confirm whether the payee is the Bluetooth POS device in hand-shake with the payee by verifying the signature of the signature private key. If the Bluetooth POS equipment is in handshake with the payment terminal, the payment terminal can perform subsequent operation, so that the safety of payment operation is improved.
Second embodiment
A second embodiment of the present invention provides a payment system, as shown in fig. 1 to 8, including a bluetooth POS device as described in the first embodiment, a payment terminal, and a cloud end capable of being in communication connection with the payment terminal, where a payment-end bluetooth device is disposed in the payment terminal.
Compared with the prior art, the payment system can transmit the physical address information of the Bluetooth POS device to the payment terminal through the linkage among the Bluetooth POS device, the payment terminal and the cloud end, and finally realizes the Bluetooth connection between the Bluetooth POS device and the payment terminal through multiple verification. And then transmitting the payment message through the established Bluetooth connection, and sending the payment message to the cloud.
Specifically, in this embodiment, the payment terminal further includes a payment terminal key and an information generation device, the payment terminal key is capable of encrypting information including a user registration number, time information, and a random number of the payment terminal, and the information generation device is capable of generating encrypted information including information encrypted by the payment terminal key and transmitting the encrypted information to the bluetooth POS device.
The payment terminal further comprises a payment terminal secret key, the payment terminal secret key can encrypt information sent to the Bluetooth POS terminal, the information is decrypted through the POS terminal secret key of the Bluetooth POS device, and the information is signed by a signature private key in the Bluetooth POS machine and then sent to the cloud end.
In this embodiment, the cloud further includes a cloud public key, and the cloud public key can verify the signature of the signature private key of the bluetooth POS device. A storage device and a cloud signature private key are arranged in the cloud, the storage device is used for storing physical address information of the payment terminal, and the physical address information of the payment terminal is in one-to-one correspondence with an account number of the payment terminal; the cloud signature private key can sign information containing physical address information sent by a cloud and send the information to the Bluetooth POS equipment, and after the signature of the physical address information is verified through a verification public key of the Bluetooth POS equipment, the Bluetooth POS equipment establishes Bluetooth connection with the payment terminal according to the physical information.
The cloud public key can verify the signature of the signature private key of the Bluetooth POS device, so that whether the received information comes from the Bluetooth POS device or not is confirmed. And after the verification is correct, the cloud terminal calls the physical address information matched with the user registration number from the storage device, and the physical address information is encrypted and sent to the Bluetooth POS equipment after being signed by the cloud terminal signature private key. The signature of the cloud signature private key can be verified by the verification public key in the verification device, and if and only when the verification is correct, the Bluetooth POS equipment can establish Bluetooth connection with the payment terminal according to the physical address information, so that the authenticity of the information received by the Bluetooth POS equipment can be ensured to be improved, and the payment safety is improved.
Moreover, as shown in fig. 5A, a screen and an identity confirmation device are arranged on the housing 1 of the payment terminal, and the screen can display a payment message for a user to confirm; the identity confirmation device is used for confirming the identity of the user; after the payment message and the user identity are confirmed, the payment terminal encrypts the confirmation message of the payment message and transmits the confirmation message to the cloud end through the Bluetooth POS equipment. The screen is used for displaying the corresponding payment message and informing the user of the specific payment content in the payment message in time. The user verifies the identity of the user through the identity confirmation device, and therefore the received payment information is sent to the cloud. Subsequent payment operation is carried out by the high in the clouds, provides safer payment environment, can effectively improve the security and the reliability of payment process. Wherein the identity confirmation means typically employs a fingerprint recognizer mounted on the payment terminal housing 1. The payment terminal is a mobile communication device with a screen, such as a smart phone or a tablet computer. The payment terminal does not need to be networked, the confirmation message of the payment message can be forwarded to the cloud end through the Bluetooth POS device, and the payment action is directly completed.
And the cloud end is internally provided with an analyzer which can analyze the received payment message and complete the payment action.
The payment system is described by taking a payment process as an example.
Firstly, a POS end Bluetooth device of the Bluetooth POS equipment and a payment end Bluetooth device of the payment terminal are both in an open state, the payment terminal timely collects a timestamp (instant time information) at the moment of operation through the operation of a user and generates a string of random numbers, then a user registration number, the timestamp and a random number stored in the payment terminal are transmitted to a payment end key to be encrypted, one or more of corresponding image information, sound information or light intensity information are generated through an information generation device, and the Bluetooth POS equipment is sent.
And taking the user registration number of the payment terminal as PayXYZ and the time stamp as 2017/01/01/10: 00:00, random number as an example. The information generating device emits corresponding two-dimensional code image information, sound information or flickering light signals. The bluetooth POS device can receive the information through the camera 7 or the microphone 4 or the photosensitive device 5, and decrypt the information through the corresponding key to obtain the user registration number, the time information, and the random number of the payment terminal therein, and the obtained information becomes decryption information.
And then, the Bluetooth POS equipment uploads the decryption information to the cloud after signing through the signature private key, and the cloud public key is used for verification, wherein the cloud public key is a public key matched with the signature private key. After the verification is passed, the cloud searches physical address information corresponding to the user registration number in a storage device for storing the physical address information of the payment terminal according to the user registration number in the received information, and sends the physical address information to the Bluetooth POS equipment after the physical address information is signed by a cloud signature private key. The Bluetooth POS equipment verifies the signature of the information returned by the cloud end through the verification public key, and after the verification is passed, the Bluetooth device at the POS end is controlled to handshake with the Bluetooth device at the payment terminal of PayXYZ payment equipment with the user registration number according to the received physical address information.
In addition, in this embodiment, after the cloud confirms that the signature is correct, it is verified whether the time information meets the requirements. In this embodiment, the validity period of the timestamp is 60s, and if the time difference between the information received by the cloud and the information generated by the payment terminal exceeds 60s, the information received by the cloud is determined to be invalid. For example, in the embodiment, if the timestamp of the information received by the cloud is 2017/01/01/10:01:01, the information is determined to be invalid and is fed back to the payment terminal; and if the timestamp of the received information is 2017/01/01/10:01:00, the cloud sends the physical address information of the payment terminal with the user registration number of PayXYZ to the Bluetooth POS equipment.
After the Bluetooth connection is established, a signature private key in the Bluetooth POS equipment signs a payment message for payment, the payment message is sent to a payment terminal through the Bluetooth connection, the signature of the public key certificate payment message is verified by the payment terminal, and after the signature is correct, corresponding payment information is displayed on a screen of the payment terminal. And the payer confirms the payment information and then confirms through the identity confirmation device to verify the identity of the payer. After the verification is passed, the payment terminal uploads the payment message to the cloud end, and the payment message is analyzed by an analyzer of the cloud end, so that the payment operation is completed.
In other embodiments of the present invention, a payment terminal signature private key may be further configured in the payment terminal, and the signature may be performed on information including the user registration number, the time information, and the random number, and the signature may be verified by a verification public key of a verification device in the bluetooth POS device, and whether the information is from a real payment terminal is determined, thereby further improving the security of payment.
In other embodiments of the present invention, after the bluetooth POS device bluetooth handshakes with the payment terminal, the payment can be completed through the following steps.
And the Bluetooth POS equipment encrypts the payment message, signs through a signature private key in the Bluetooth POS equipment and then sends the payment message to the payment terminal. Meanwhile, the Bluetooth POS equipment makes a hash value on the payment message, signs the hash value and sends the hash value to the cloud.
The payment terminal verifies the received information, decrypts the received information to obtain a payment message, and sends the payment message to the cloud after the payment message is confirmed by the identity confirmation device and subjected to hash value processing.
The cloud verifies the information sent by the payment terminal and the Bluetooth POS device. And after the verification is passed, the cloud compares the hash values received twice. And when the two hash values are the same, judging that the comparison is passed, and performing payment operation by the cloud, otherwise, failing to perform payment operation.
Further, as shown in fig. 5B, the account update information after the payment is completed is encrypted and sent to the payment terminal through the bluetooth connection via the bluetooth POS device. In other words, after payment is completed, the account updating information can be sent to the Bluetooth POS equipment from the cloud after being encrypted, the account updating information after payment is received from the cloud, and the account updating information is sent to the APP of the payment terminal through Bluetooth connection, so that even if the payment terminal is not networked, the account information in the APP of the payment terminal can still be changed.
Here, the account update information includes remaining money update, details of the transaction, and the like.
It will be appreciated by those of ordinary skill in the art that in the embodiments described above, numerous technical details are set forth in order to provide a better understanding of the present application. However, the technical solutions claimed in the claims of the present application can be basically implemented without these technical details and various changes and modifications based on the above-described embodiments. Accordingly, in actual practice, various changes in form and detail may be made to the above-described embodiments without departing from the spirit and scope of the invention.
Claims (10)
1. A Bluetooth POS device, comprising:
the POS terminal Bluetooth device can be in communication connection with the payment terminal and performs directional information transmission;
the information acquisition device can acquire the encrypted information, decrypt the encrypted information and generate decrypted information;
the secure element at least comprises a signature private key, and the signature private key can sign the payment message generated by the Bluetooth POS equipment;
the POS terminal secret key can encrypt the information sent by the Bluetooth POS equipment or decrypt the information received by the Bluetooth POS equipment;
the verification device at least comprises a verification public key, and the verification public key can verify the signature of the received information.
2. The bluetooth POS device of claim 1, wherein the information obtaining device is one or more of a camera, a microphone, or a light sensing device, and is capable of obtaining picture information, sound information, or light intensity information.
3. A payment system, comprising the bluetooth POS device of claim 1 or 2, a payment terminal, and a cloud end capable of being communicatively connected to the payment terminal, wherein the payment terminal is provided with a payment-end bluetooth device.
4. The payment system according to claim 3, wherein the payment terminal further comprises a payment side key capable of encrypting information including a user registration number, time information, and a random number of the payment terminal, and an information generation means capable of generating encrypted information including the encrypted information by the payment side key and transmitting the encrypted information to the Bluetooth POS device.
5. The payment system according to claim 4, wherein the information generating device is one or more of a two-dimensional code generator, a sounding device and a flash lamp, and the encrypted information is picture information, sound information or light intensity information.
6. The payment system of claim 5, wherein the cloud further comprises a cloud public key, the cloud public key being capable of verifying a signature of the signature private key of the Bluetooth POS device;
the signature private key of the Bluetooth POS device signs the encrypted information, the signed encrypted information is sent to the cloud end, and the cloud end public key of the cloud end verifies the signature of the received information.
7. The payment system according to claim 5, wherein a storage device and a cloud signature private key are arranged in the cloud, the storage device is used for storing physical address information of the payment terminal, and the physical address information of the payment terminal is in one-to-one correspondence with an account number of the payment terminal;
the cloud signature private key can sign information which is sent by the cloud and contains the physical address information, and sends the information to the Bluetooth POS equipment, and when the signature of the physical address information passes through the verification of the verification public key of the Bluetooth POS equipment, the Bluetooth POS equipment establishes Bluetooth connection in the payment terminal according to the physical information.
8. The payment system of claim 6, wherein the payment terminal further comprises a housing, a screen disposed on the housing, and an identity confirmation device capable of displaying payment messages for confirmation by a user; the identity confirmation device is used for confirming the payment message by the user;
the Bluetooth POS equipment generates a payment message and sends the payment message to a payment terminal, and the payment terminal displays the payment message, encrypts a confirmation message of the payment message and sends the confirmation message to the cloud end through the Bluetooth POS equipment.
9. The payment system of claim 8, wherein the cloud further comprises a parser capable of parsing the received payment message and completing a payment action according to the payment message.
10. The payment system of claim 9, wherein the account update information after payment is completed is encrypted and sent to the payment terminal via a bluetooth POS device over a bluetooth connection.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920261186 | 2019-02-28 | ||
| CN2019202611864 | 2019-02-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111627173A true CN111627173A (en) | 2020-09-04 |
| CN111627173B CN111627173B (en) | 2024-08-27 |
Family
ID=72271817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010130620.2A Active CN111627173B (en) | 2019-02-28 | 2020-02-28 | Bluetooth POS equipment and payment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111627173B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2607175B (en) * | 2021-03-31 | 2024-09-18 | Jio Platforms Ltd | System and method for secure and contactless fund transfer in open and closed loop transactions |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105488672A (en) * | 2016-01-28 | 2016-04-13 | 广西咪付网络技术有限公司 | Bluetooth-based mobile payment method and system |
| US20170004475A1 (en) * | 2015-06-30 | 2017-01-05 | Square, Inc. | Pairing A Payment Object Reader With A Point-Of-Sale Terminal |
| CN107864124A (en) * | 2017-10-26 | 2018-03-30 | 北京深思数盾科技股份有限公司 | A kind of end message method for security protection, terminal and bluetooth lock |
| US10083436B1 (en) * | 2013-09-30 | 2018-09-25 | Asignio Inc. | Electronic payment systems and methods |
| CN108900490A (en) * | 2018-06-21 | 2018-11-27 | 咪付(广西)网络技术有限公司 | A kind of safety certifying method based on bluetooth and sound wave |
| CN109191301A (en) * | 2018-09-06 | 2019-01-11 | 南京摩铂汇信息技术有限公司 | Transaction and fund management method and its system and computer readable storage medium |
| CN208422027U (en) * | 2018-04-25 | 2019-01-22 | 北京百汇安科技有限公司 | A kind of intelligence POS system |
| CN109345241A (en) * | 2018-09-14 | 2019-02-15 | 企银易(北京)科技有限公司 | A kind of barcode scanning method of payment and system |
-
2020
- 2020-02-28 CN CN202010130620.2A patent/CN111627173B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10083436B1 (en) * | 2013-09-30 | 2018-09-25 | Asignio Inc. | Electronic payment systems and methods |
| US20170004475A1 (en) * | 2015-06-30 | 2017-01-05 | Square, Inc. | Pairing A Payment Object Reader With A Point-Of-Sale Terminal |
| CN105488672A (en) * | 2016-01-28 | 2016-04-13 | 广西咪付网络技术有限公司 | Bluetooth-based mobile payment method and system |
| CN107864124A (en) * | 2017-10-26 | 2018-03-30 | 北京深思数盾科技股份有限公司 | A kind of end message method for security protection, terminal and bluetooth lock |
| CN208422027U (en) * | 2018-04-25 | 2019-01-22 | 北京百汇安科技有限公司 | A kind of intelligence POS system |
| CN108900490A (en) * | 2018-06-21 | 2018-11-27 | 咪付(广西)网络技术有限公司 | A kind of safety certifying method based on bluetooth and sound wave |
| CN109191301A (en) * | 2018-09-06 | 2019-01-11 | 南京摩铂汇信息技术有限公司 | Transaction and fund management method and its system and computer readable storage medium |
| CN109345241A (en) * | 2018-09-14 | 2019-02-15 | 企银易(北京)科技有限公司 | A kind of barcode scanning method of payment and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2607175B (en) * | 2021-03-31 | 2024-09-18 | Jio Platforms Ltd | System and method for secure and contactless fund transfer in open and closed loop transactions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111627173B (en) | 2024-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111079103B (en) | Identity authentication method and equipment | |
| CN111899026B (en) | Payment method and device | |
| JP4545197B2 (en) | Wireless network system and communication method using the same | |
| KR102477453B1 (en) | Transaction messaging | |
| US9223994B2 (en) | Secure transaction method from a non-secure terminal | |
| US20180359103A1 (en) | Method and system for authenticating a trusted user interface | |
| RU2015126103A (en) | METHOD AND SYSTEM OF USER AUTHENTICATION BY MEANS OF MOBILE DEVICE USING CERTIFICATES | |
| CN103747012A (en) | Security verification method, device and system of network transaction | |
| CN110662222B (en) | System and method for peer-to-peer wireless communication | |
| CN101300808A (en) | Method and arrangement for secure autentication | |
| JP2017537421A (en) | How to secure payment tokens | |
| CN109345241B (en) | Code scanning payment method and system | |
| US20200258073A1 (en) | Method and apparatus for transmitting transaction data using a public data network | |
| CN106033571A (en) | Trading method of electronic signature devices, electronic signature devices and trading system | |
| CN107274283B (en) | Over-the-air card issuing method and device | |
| CN111627174A (en) | Bluetooth POS equipment and payment system | |
| CN111627173B (en) | Bluetooth POS equipment and payment system | |
| CN113383334A (en) | Device interactive connection system with authentication | |
| US20160110552A1 (en) | Method and Apparatus for Transmission of Visually Encoded Data | |
| CN114422266A (en) | IDaaS system based on dual verification mechanism | |
| KR20130065829A (en) | Method and system for providing service by using object mapped one time code | |
| KR20140012335A (en) | Apparatus and method for processing finance banking information of smart device using qr code | |
| US20150302506A1 (en) | Method for Securing an Order or Purchase Operation Means of a Client Device | |
| CN104104505A (en) | Electronic signature device, realization method and client | |
| WO2020142994A1 (en) | Control method, ticketing rule server, ticket checking rule server and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |