CN112990916A - Intelligent payment terminal authority management method and device and electronic equipment - Google Patents

Intelligent payment terminal authority management method and device and electronic equipment Download PDF

Info

Publication number
CN112990916A
CN112990916A CN202110186934.9A CN202110186934A CN112990916A CN 112990916 A CN112990916 A CN 112990916A CN 202110186934 A CN202110186934 A CN 202110186934A CN 112990916 A CN112990916 A CN 112990916A
Authority
CN
China
Prior art keywords
payment terminal
module
intelligent payment
program
intelligent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110186934.9A
Other languages
Chinese (zh)
Inventor
余学武
郭敏鸿
蔡跃进
王玄德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110186934.9A priority Critical patent/CN112990916A/en
Publication of CN112990916A publication Critical patent/CN112990916A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of computer security, in particular to a method and a device for managing authority of an intelligent payment terminal and electronic equipment. The method comprises the following steps: when a call request of a third party APK to a security payment module of the intelligent payment terminal is received, judging whether the third party APK program is a legal program authorized and authenticated by a security management platform; and according to the judgment result, the intelligent payment terminal controls a security payment module of the intelligent payment terminal to call the target enabling parameter of the authority. The intelligent payment terminal authority management scheme disclosed by the application can prevent unauthorized access of illegal applications.

Description

Intelligent payment terminal authority management method and device and electronic equipment
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a device for managing authority of an intelligent payment terminal and electronic equipment.
Background
The intelligent payment terminal is a multifunctional terminal, can be installed in special commercial tenants of credit cards and acceptance network points to form a network with a computer, can realize automatic electronic fund transfer, and has the functions of supporting consumption, pre-authorization, balance inquiry, transfer and the like. Most intelligent payment terminals, for example intelligent payment terminal, for example intelligent POS use android as operating system to 4G, net twine, WIFI are main communication mode, provide richened functions such as bank card payment, sweep sign indicating number payment, O2O application, member management for the merchant. Compared with the traditional POS terminal, the intelligent POS terminal is capable of providing a stronger technical foundation, such as the operation and processing capability, the storage capability, the communication capability, the peripheral and the multimedia capability of a terminal system, and the technical foundation is laid for various abundant service scenes. However, at present, most of intelligent payment terminals, such as android and other open operating systems utilized by the intelligent POS terminal, face various security challenges due to the characteristics of the open systems, and in addition, increasingly complex application scenarios and business cooperation, and various industrial applications and third-party service applications are increasing, the above-mentioned various factors may cause the security management of the intelligent payment terminal, such as the intelligent POS terminal, to be increasingly complex, and the modules of the intelligent payment terminal, such as a card reader, a non-contact module, and a password keyboard of the intelligent POS terminal, are dedicated sensitive information processing key modules. How to control and manage the intelligent payment terminal, such as the authority of the hardware module of the intelligent POS terminal, will become a key basis for the development of the intelligent payment terminal, such as the intelligent POS service.
Disclosure of Invention
The present application aims to solve at least one of the above technical drawbacks. The technical scheme adopted by the application is as follows:
in a first aspect, an embodiment of the present application discloses an intelligent payment terminal authority management method, which is applied to an intelligent payment terminal, and includes:
when a call request of a third party APK to a security payment module of the intelligent payment terminal is received, judging whether the third party APK program is a legal program authorized and authenticated by a security management platform;
and according to the judgment result, the intelligent payment terminal controls a security payment module of the intelligent payment terminal to call the target enabling parameter of the authority.
Further, the step of judging whether the third party APK program is a legal program for authorization and authentication includes: judging whether the third party APK comprises a target module or not; the target module is a program file of a third party APK with a security management platform authorization identifier.
Further, the generation process of the target module with the security management platform authorization identifier comprises the following steps:
performing secondary signature on the third-party APK program compressed package which has finished the primary signature according to the Android rule by using the public key generated by the security management platform; the public key information is stored in the intelligent payment terminal;
and compressing the signature file generated by the second signature into the third party APK directory as a target module.
Further, the determining that the third party APK program is a legitimate program authorized and authenticated by the security management platform includes:
acquiring file information of a third party APK program;
the intelligent payment terminal verifies whether the third party APK program contains a target module according to public key information generated by a stored security management platform;
if yes, judging the third party APK as a legal program;
wherein judging whether the third party APK program includes the target module further comprises: judging whether the third party APK program file has a signed file generated by the public key information;
if yes, the third party APK program is judged to comprise the target module.
Further, the controlling, by the intelligent payment terminal, the target enabling parameter of the secure payment module invoking right includes:
when the third party APK is judged to be a legal program, controlling the target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
Further, the secure payment module of the intelligent payment terminal comprises: hardware modules and/or software modules of the intelligent payment terminal.
Further, the secure payment module of the intelligent payment terminal comprises: hardware modules and/or software modules of the intelligent payment terminal.
Further, the hardware module of the intelligent payment terminal includes but is not limited to: the intelligent payment terminal comprises a keyboard, a card reader, a camera and a data interface;
the software modules include, but are not limited to: the device comprises an input module and a data interface module.
Further, when a call request of a third party APK to a data download interface of the intelligent payment terminal is received and the third party APK program is judged to be a legal program authorized and authenticated by the security management platform, controlling the download data interface to be in an open state; and the third party APK program is downloaded to the intelligent payment terminal through the download data interface.
Further, the method further comprises: and after the target module in the third party APK program is identified and deleted, the third party APK program is installed or operated in the intelligent payment terminal.
When the third party APK program is a legal program authorized and authenticated by the security management platform, the method further comprises:
acquiring a calling application range of the third party APK to a security payment module of the intelligent payment terminal;
when the target security payment module called by the third party APK request does not belong to the calling application range, the intelligent payment terminal controls a target enabling parameter of the calling authority of the target security payment module to be a second parameter; the second parameter is used for indicating that the intelligent payment terminal controls the target secure payment module to call the permission enabling state to be closed.
On the other hand, the embodiment of the present application provides an intelligent payment terminal authority management device, the device operate in the intelligent payment terminal, the device includes: the device comprises a communication module, a processing module and a control module; wherein the content of the first and second substances,
the communication module is used for receiving a calling request of a third party APK to a safety payment module of the intelligent payment terminal;
the processing module is used for judging whether the third party APK program is a legal program authorized and authenticated by the security management platform;
and the control module is used for controlling the target enabling parameter of the secure payment module invoking authority according to the judgment result.
Further, the processing module is specifically configured to determine whether the third party APK includes a target module; the target module is a program file of a third party APK with a security management platform authorization identifier.
Further, when the processing module determines that the third party APK is a legal program, the control module is specifically configured to control a target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory;
the memory is used for storing operation instructions;
the processor is configured to execute the method in any of the embodiments by calling the operation instruction.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the method of any one of the above embodiments.
The intelligent payment terminal authority management scheme provided by the embodiment of the application comprises the steps of judging whether a third party APK program is a legal program authorized and authenticated by a safety management platform when a calling request of the third party APK to a safety payment module of the intelligent payment terminal is received; and according to the judgment result, the intelligent payment terminal controls a security payment module of the intelligent payment terminal to call the target enabling parameter of the authority. The intelligent payment terminal authority management scheme disclosed by the application prevents sensitive customer information such as customer card numbers and passwords from being leaked from basic hardware module calling authority and software module management through management and verification of calling authority of a third party application on an intelligent payment terminal such as a card reader and a password keyboard of an intelligent POS terminal, so that the operation safety of the intelligent payment terminal such as an intelligent POS key hardware module is guaranteed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a method for managing rights of an intelligent payment terminal according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an intelligent payment terminal authority management device according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
It will be understood by those skilled in the art that, unless otherwise specified, the singular forms "a", "an", "the" and "the" may include the plural forms, and the plural forms "a", "an", "a", and "the" are merely intended to illustrate the object definition for clarity and do not limit the object itself, and certainly, the object definition for "a" and "an" may be the same terminal, device, user, etc., and may also be the same terminal, device, user, etc. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items. In addition, it is to be understood that "at least one" in the embodiments of the present application means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a alone, both A and B, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a and b, a and c, b and c, or a, b and c, wherein a, b and c can be single or multiple.
Based on the problem of the increasing security of the intelligent payment terminal introduced in the background art, the following embodiments of the present invention provide an intelligent payment terminal rights management method to solve at least one of the above drawbacks.
It should be noted that, in the following embodiments, the secure payment module of the intelligent payment terminal includes a hardware component or module of the intelligent payment terminal, and may also include a software module of the intelligent payment terminal, specifically including but not limited to the following:
Figure BDA0002939997370000061
Figure BDA0002939997370000071
in addition, in order to more clearly introduce the technical solution of the present application, concepts, terms or devices that may be involved in the following embodiments are now introduced to help understand the intelligent payment terminal rights management scheme disclosed in the present application:
PCI authentication, known as the Payment Card Industry (PCI DSS) Data Security Standard, is a proprietary name for the Payment Card Industry (PCI) Data Security Standard. Is established by five global zhi payment brands of the founding members of the baiPCI safety standard committee du, and the consistent data safety standard is adopted internationally. PCI DSS makes standard requirements for all institutions involved with credit card information regarding the storage, transmission and processing of cardholder data. The method comprises the requirements on safety management, process strategies, network system architecture, software configuration, data encryption and the like, and the transaction safety is comprehensively guaranteed. The PCI DSS is applicable to all entities related to storage, transmission and processing of payment cards, and mainly comprises merchants, third-party payment institutions, card issuers, service providers and the like. The PCI DSS comprises a group of basic requirements for protecting the information of cardholders, and additional management and control measures are possibly added to further improve the security of data and reduce the risk of data leakage.
Fig. 1 shows a schematic flowchart of rights management of an intelligent payment terminal provided in an embodiment of the present application, where the method is applied to an intelligent payment terminal, and as shown in fig. 1, the method mainly includes:
s101, when a call request of a third party APK to a security payment module of the intelligent payment terminal is received, judging whether the third party APK program is a legal program authorized and authenticated by a security management platform; the management platform of the intelligent payment terminal in the safety management platform can be a management platform of an operation enterprise of the intelligent payment terminal or a financial institution controlling payment of the intelligent payment terminal in practice.
On the basis of the embodiment of the application, the safety payment module of the intelligent payment terminal comprises: hardware modules and/or software modules of the intelligent payment terminal. The hardware module of the intelligent payment terminal includes but is not limited to: keyboard, card reader, camera and data interface of intelligent payment terminal. The software modules include, but are not limited to: the device comprises an input module and a data interface module. Further secure payment modules may be exemplified with reference to the secure payment module of the table above.
On the basis of the foregoing embodiment, in a preferred embodiment, the determining whether the third party APK program is a legitimate program for authorization authentication includes: judging whether the third party APK comprises a target module or not; the target module is a program file of a third party APK with a security management platform authorization identifier. In a preferred embodiment, the target module generation process with the security management platform authorization identifier includes:
step 1, performing second signature on a third-party APK program compressed package which has finished first signature according to Android rules by using a public key generated by a security management platform; the public key information is stored in the intelligent payment terminal;
and 2, compressing the signature file generated by the second signature into the third party APK directory as a target module.
In the embodiment of the application, the second signature scheme is to directly sign the whole compressed third party APK file (the APK file itself is subjected to Android native signature, which is also called as first signature), and the generated signature file SGN is inserted into the META-INF directory in the third party APK program file. The signed third party APK program file still conforms to the APK file format, and only the signature file SGN exists in the internal META-INF directory of the APK file. It should be noted that the second signature does not affect the Android native signature verification.
On the basis of the foregoing embodiment, in a preferred embodiment, the determining that the third-party APK program is a legitimate program authorized and authenticated by the security management platform includes:
step 1, acquiring file information of a third party APK program;
step 2, the intelligent payment terminal verifies whether the third party APK program contains a target module according to public key information generated by a stored security management platform; wherein judging whether the third party APK program includes the target module further comprises:
step 2-1, judging whether the third party APK program file has a signed file generated by the public key information, wherein the specific process of judgment is as follows:
(1) and the intelligent payment end firstly checks the signature of the second signature when the third-party APK is installed, and then performs Android primary signature checking.
(2) In the second signature and signature verification process, a signature file SGN (necessarily the last added file) in the META-INF directory needs to be copied out and the compressed signature file SGN is decompressed to obtain information such as a signature body and a public key certificate of the APK;
(3) verifying the validity of the public key certificate by using the public key certificate stored by the intelligent payment terminal, and if the public key certificate fails, proving that the APK is illegal and stopping signature verification; and if the signature verification is successful, extracting the public key from the public key certificate.
And 2-2, if yes, judging that the third party APK program comprises the target module.
Step 3, if yes, judging the third party APK as a legal program;
s102, according to the judgment result, the intelligent payment terminal controls the target enabling parameter of the security payment module calling authority.
In a preferred embodiment, the target enabling parameter for the intelligent payment terminal to control the secure payment module to invoke the authority includes: when the third party APK is judged to be a legal program, controlling the target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
On the basis of the above embodiment, in a preferred embodiment, when a call request of a third party APK to a data download interface of the intelligent payment terminal is received and it is determined that the third party APK program is a legal program authorized and authenticated by a security management platform, the download data interface is controlled to be in an open state; and the third party APK program is downloaded to the intelligent payment terminal through the download data interface. In a preferred embodiment, a third-party service APK that wants to be installed or operated in the intelligent payment terminal needs to declare and apply for a used secure payment module, such as a hardware module, and can sign and put on the shelf after signature processing and verification are performed by a business department and a technical department of the secure management platform according to the manner disclosed in the above embodiment. After the third party APK is processed, the public key information generated by the security management platform according to the business or organization attributes of the intelligent payment terminal needs to be preset in the intelligent payment terminal to verify the signature of the third party APK which is signed and specially processed by using the public key information, and the third party APK can be downloaded to the intelligent payment terminal after the signature passes.
On the basis of the above embodiment, in a preferred embodiment, the method further includes: after the target module in the third party APK program is identified and deleted, the third party APK program is installed or operated in the intelligent payment terminal, so that the purpose is to ensure the integrity of the third party APK program file, the third party APK program without the target module is free of other introduced foreign files, and the whole program file can be normally installed and operated.
In a preferred embodiment, when the third party APK program is a legitimate program authorized for authentication by the security management platform, the method further includes:
step 1, obtaining a calling application range of the third party APK to a secure payment module of the intelligent payment terminal;
step 2, when the target secure payment module (the specific secure payment module actually called in the specific embodiment of the target secure payment module value) requested to be called by the third party APK does not belong to the calling application range, the intelligent payment terminal controls the target enabling parameter of the calling authority of the target secure payment module to be a second parameter; the second parameter is used for indicating that the intelligent payment terminal controls the target secure payment module to call the permission enabling state to be closed. For example, the calling application of the keyboard and the card reader is only contained in the calling application of the intelligent payment terminal security payment module applied to the security management platform by the third party APK, so that when the third party APK calls the camera module of the intelligent payment terminal, the camera module can be judged not to belong to the calling range of the application, and the intelligent payment terminal does not open the calling authority of the camera module to the third party APK no matter whether the third party APK file is a legal program specially processed by the public key signature of the security management platform or not.
Based on the intelligent payment terminal authority management method shown in fig. 1, in another aspect, an embodiment of the present application provides an intelligent payment terminal authority management device, where the device operates on the intelligent payment terminal, and as shown in fig. 2, the device may include: the device comprises: a 201 communication module, a 202 processing module and a 203 control module; wherein the content of the first and second substances,
the 201 communication module is used for receiving a call request of a third party APK to a security payment module of the intelligent payment terminal;
the 202 processing module is configured to determine whether the third-party APK program is a legitimate program authorized and authenticated by the security management platform;
and the 203 control module is used for controlling a target enabling parameter of the secure payment module invoking authority according to the judgment result.
On the basis of the foregoing embodiment, in a preferred embodiment, the 202 processing module is specifically configured to determine whether the third party APK includes a target module; the target module is a program file of a third party APK with a security management platform authorization identifier.
On the basis of the foregoing embodiment, in a preferred embodiment, when the processing module 202 determines that the third party APK is a legitimate program, the control module 203 is specifically configured to control a target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
In this embodiment of the present application, the process of performing valid program identification on the third party APK includes:
performing secondary signature on the third-party APK program compressed package which has finished the primary signature according to the Android rule by using the public key generated by the security management platform; the public key information is stored in the intelligent payment terminal;
and compressing the signature file generated by the second signature into the third party APK directory as a target module.
In a further embodiment, the 201 communication module is further configured to acquire file information of an APK program of a third party;
the 202 processing module is configured to verify whether the third-party APK program includes a target module according to public key information generated by the stored security management platform; if yes, judging the third party APK as a legal program;
in a specific embodiment, the 202 processing module is specifically configured to determine whether a signed file generated by the public key information exists in the third-party APK program file; if yes, the third party APK program is judged to comprise the target module.
The hardware module of the intelligent payment terminal includes but is not limited to: the intelligent payment terminal comprises a keyboard, a card reader, a camera and a data interface; the software modules include, but are not limited to: the device comprises an input module and a data interface module.
In a preferred embodiment, when the communication module 201 receives a call request of a third party APK to a data download interface of the intelligent payment terminal and the processing module 202 determines that the third party APK program is a legal program authorized and authenticated by the security management platform, the control module 203 controls the download data interface to be in an open state, so that the third party APK program is downloaded to the intelligent payment terminal through the download data interface.
In an optional embodiment, the processing module 202 of the apparatus is further configured to install or run the third party APK program in the smart payment terminal after the target module in the third party APK program is identified and deleted.
In an optional embodiment, when the third party APK program is a legal program authorized and authenticated by the security management platform, the 201 communication module may further be configured to obtain, from the security management platform or another channel, a call application range of the third party APK to the security payment module of the intelligent payment terminal;
when the 202 processing module judges that the target secure payment module called by the third party APK request does not belong to the calling application range, the 203 control module controls the target enabling parameter of the calling authority of the target secure payment module to be a second parameter; the second parameter is used for indicating that the intelligent payment terminal controls the target secure payment module to call the permission enabling state to be closed.
It can be understood that the above-mentioned constituent devices of the intelligent payment terminal right management apparatus in this embodiment have functions of implementing the corresponding steps of the method in the embodiment shown in fig. 1. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules or means corresponding to the functions described above. The modules and devices can be software and/or hardware, and the modules and devices can be realized independently or integrated by a plurality of modules and devices. For the functional description of each module and apparatus, reference may be specifically made to the corresponding description of the method in the embodiment shown in fig. 1, and therefore, the beneficial effects that can be achieved by the method may refer to the beneficial effects in the corresponding method provided above, which are not described again here.
It is understood that the structure illustrated in the embodiment of the present invention does not constitute a specific limitation to the specific structure of the intelligent payment terminal rights management device. In other embodiments of the present application, the intelligent payment terminal rights management apparatus may include more or fewer components than those shown, or combine some components, or split some components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The embodiment of the application provides an electronic device, which comprises a processor and a memory;
a memory for storing operating instructions;
and the processor is used for executing the intelligent payment terminal authority management method provided by any embodiment of the application by calling the operation instruction.
As an example, fig. 3 shows a schematic structural diagram of an electronic device to which the embodiment of the present application is applied, and as shown in fig. 3, the electronic device 300 includes: a processor 301 and a memory 303. Wherein processor 301 is coupled to memory 303, such as via bus 302. Optionally, the electronic device 300 may further include a transceiver 304. It should be noted that the practical application of the transceiver 304 is not limited to one. It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to the specific structure of the electronic device 300. In other embodiments of the present application, electronic device 300 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware. Optionally, the electronic device may further include a display screen 305 for displaying images or receiving operation instructions of a user as needed.
The processor 301 is applied to the embodiment of the present application, and is configured to implement the method shown in the foregoing method embodiment. The transceiver 304 may include a receiver and a transmitter, and the transceiver 304 is applied in the embodiment of the present application and is used for implementing the function of the electronic device of the embodiment of the present application to communicate with other devices when executed.
The Processor 301 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 301 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Processor 301 may also include one or more processing units, such as: the processor 301 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a Neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors. The controller may be, among other things, a neural center and a command center of the electronic device 300. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution. A memory may also be provided in processor 301 for storing instructions and data. In some embodiments, the memory in the processor 301 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 301. If the processor 301 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 301, thereby increasing the efficiency of the system.
The processor 301 may operate the method for managing the authority of the intelligent payment terminal provided in the embodiment of the present application, so as to reduce the operation complexity of the user, improve the intelligent degree of the terminal device, and improve the experience of the user. The processor 301 may include different devices, for example, when the CPU and the GPU are integrated, the CPU and the GPU may cooperate to execute the intelligent payment terminal authority management method provided in the embodiment of the present application, for example, part of algorithms in the intelligent payment terminal authority management method is executed by the CPU, and another part of algorithms is executed by the GPU, so as to obtain faster processing efficiency.
Bus 302 may include a path that transfers information between the above components. The bus 302 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The Memory 303 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact disk), a high speed Random Access Memory, a non-volatile Memory such as at least one magnetic disk storage device, a flash Memory device, a universal flash Memory (UFS), or other optical disk storage, optical disk storage (including Compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, a magnetic disk storage medium, or other magnetic storage device, Or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer, but is not limited to such.
Optionally, the memory 303 is used for storing application program codes for executing the scheme of the present application, and is controlled by the processor 301 to execute. The processor 301 is configured to execute the application program code stored in the memory 303 to implement the intelligent payment terminal rights management method provided in any embodiment of the present application.
The memory 303 may be used to store computer-executable program code, which includes instructions. The processor 301 executes various functional applications of the electronic device 300 and data processing by executing instructions stored in the memory 303. The memory 303 may include a program storage area and a data storage area. Wherein, the storage program area can store the codes of the operating system and the application program, etc. The storage data area may store data created during use of the electronic device 300 (e.g., images, video, etc. captured by a camera application), and the like.
The memory 303 may further store one or more computer programs corresponding to the method for managing the authority of the intelligent payment terminal provided in the embodiment of the present application. The one or more computer programs stored in the memory 303 and configured to be executed by the one or more processors 301 include instructions that may be used to perform the various steps in the respective embodiments described above.
Of course, the code of the intelligent payment terminal authority management method provided by the embodiment of the application can also be stored in the external memory. In this case, the processor 301 may execute the code of the intelligent payment terminal right management method stored in the external memory through the external memory interface, and the processor 301 may control the execution of the intelligent payment terminal right management process.
The display screen 305 includes a display panel. The display panel may be a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), or the like. In some embodiments, the electronic device 300 may include 1 or N display screens 305, N being a positive integer greater than 1. The display screen 305 may be used to display information input by or provided to the user as well as various Graphical User Interfaces (GUIs). For example, the display screen 305 may display a photograph, video, web page, or file, etc.
The electronic device provided by the embodiment of the present application is applicable to any embodiment of the above method, and therefore, the beneficial effects that can be achieved by the electronic device can refer to the beneficial effects in the corresponding method provided above, and are not described again here.
The embodiment of the application provides a computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the intelligent payment terminal authority management method shown in the embodiment of the method is realized.
The computer-readable storage medium provided in the embodiments of the present application is applicable to any embodiment of the foregoing method, and therefore, the beneficial effects that can be achieved by the computer-readable storage medium can refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
The embodiment of the present application further provides a computer program product, which when running on a computer, causes the computer to execute the above related steps to implement the method in the above embodiment. The computer program product provided in the embodiments of the present application is applicable to any of the embodiments of the method described above, and therefore, the beneficial effects that can be achieved by the computer program product can refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
The intelligent payment terminal authority management scheme provided by the embodiment of the application comprises the steps of judging whether a third party APK program is a legal program authorized and authenticated by a safety management platform when a calling request of the third party APK to a safety payment module of the intelligent payment terminal is received; and according to the judgment result, the intelligent payment terminal controls a security payment module of the intelligent payment terminal to call the target enabling parameter of the authority. The intelligent payment terminal authority management scheme disclosed by the application prevents sensitive customer information such as customer card numbers and passwords from being leaked from basic hardware module calling authority and software module management through management and verification of calling authority of a third party application on an intelligent payment terminal such as a card reader and a password keyboard of an intelligent POS terminal, so that the operation safety of the intelligent payment terminal such as an intelligent POS key hardware module is guaranteed.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be discarded or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and can make several modifications and decorations, and these changes, substitutions, improvements and decorations should also be considered to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (16)

1. An intelligent payment terminal authority management method is applied to an intelligent payment terminal, and comprises the following steps:
when a call request of a third party APK to a security payment module of the intelligent payment terminal is received, judging whether the third party APK program is a legal program authorized and authenticated by a security management platform;
and according to the judgment result, the intelligent payment terminal controls a security payment module of the intelligent payment terminal to call the target enabling parameter of the authority.
2. The intelligent payment terminal authority management method of claim 1, wherein the step of judging whether the third party APK program is a legal program for authorization authentication comprises the steps of:
judging whether the third party APK comprises a target module or not; the target module is a program file of a third party APK with a security management platform authorization identifier.
3. The intelligent payment terminal authority management method according to claim 2, wherein the target module generation process with the security management platform authorization identifier comprises:
performing secondary signature on the third-party APK program compressed package which has finished the primary signature according to the Android rule by using the public key generated by the security management platform; the public key information is stored in the intelligent payment terminal;
and compressing the signature file generated by the second signature into the third party APK directory as a target module.
4. The intelligent payment terminal authority management method according to claim 3, wherein the judging that the third party APK program is a legal program authorized and authenticated by a security management platform comprises:
acquiring file information of a third party APK program;
the intelligent payment terminal verifies whether the third party APK program contains a target module according to public key information generated by a stored security management platform;
if yes, judging the third party APK as a legal program;
wherein judging whether the third party APK program includes the target module further comprises: judging whether the third party APK program file has a signed file generated by the public key information;
if yes, the third party APK program is judged to comprise the target module.
5. The intelligent payment terminal authority management method according to claim 1 or 4, wherein the controlling of the target enabling parameter of the secure payment module invoking authority by the intelligent payment terminal comprises:
when the third party APK is judged to be a legal program, controlling the target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
6. The intelligent payment terminal authority management method according to claim 5, wherein the secure payment module of the intelligent payment terminal comprises:
hardware modules and/or software modules of the intelligent payment terminal.
7. The intelligent payment terminal authority management method according to claim 1 or 6, wherein the secure payment module of the intelligent payment terminal comprises:
hardware modules and/or software modules of the intelligent payment terminal.
8. The intelligent payment terminal authority management method according to claim 7, wherein the hardware modules of the intelligent payment terminal include but are not limited to: the intelligent payment terminal comprises a keyboard, a card reader, a camera and a data interface;
the software modules include, but are not limited to: the device comprises an input module and a data interface module.
9. The intelligent payment terminal authority management method according to claim 8, wherein when receiving a call request of a third party APK to a data download interface of the intelligent payment terminal and judging that the third party APK program is a legal program authorized and authenticated by a security management platform, controlling the download data interface to be in an open state;
and the third party APK program is downloaded to the intelligent payment terminal through the download data interface.
10. The intelligent payment terminal rights management method of claim 9, the method further comprising:
and after the target module in the third party APK program is identified and deleted, the third party APK program is installed or operated in the intelligent payment terminal.
11. The intelligent payment terminal authority management method according to claim 1 or 10, wherein when the third party APK program authorizes a certified legal program for a security management platform, the method further comprises:
acquiring a calling application range of the third party APK to a security payment module of the intelligent payment terminal;
when the target security payment module called by the third party APK request does not belong to the calling application range, the intelligent payment terminal controls a target enabling parameter of the calling authority of the target security payment module to be a second parameter; the second parameter is used for indicating that the intelligent payment terminal controls the target secure payment module to call the permission enabling state to be closed.
12. An intelligent payment terminal authority management device, wherein the device operates in the intelligent payment terminal, the device comprises: the device comprises a communication module, a processing module and a control module; wherein the content of the first and second substances,
the communication module is used for receiving a calling request of a third party APK to a safety payment module of the intelligent payment terminal;
the processing module is used for judging whether the third party APK program is a legal program authorized and authenticated by the security management platform;
and the control module is used for controlling the target enabling parameter of the secure payment module invoking authority according to the judgment result.
13. The intelligent payment terminal rights management apparatus of claim 12, wherein the processing module is specifically configured to determine whether the third party APK includes a target module; the target module is a program file of a third party APK with a security management platform authorization identifier.
14. The intelligent payment terminal authority management device according to claim 12 or 13, wherein when the processing module determines that the third party APK is a legal program, the control module is specifically configured to control a target enabling parameter of the secure payment module to be a first parameter; the first parameter is used for the intelligent payment terminal to control a security payment module of the intelligent payment terminal to call an authority enabling state to be started.
15. An electronic device comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method of any one of claims 1-11 by calling the operation instruction.
16. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1-11.
CN202110186934.9A 2021-02-09 2021-02-09 Intelligent payment terminal authority management method and device and electronic equipment Pending CN112990916A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110186934.9A CN112990916A (en) 2021-02-09 2021-02-09 Intelligent payment terminal authority management method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110186934.9A CN112990916A (en) 2021-02-09 2021-02-09 Intelligent payment terminal authority management method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN112990916A true CN112990916A (en) 2021-06-18

Family

ID=76394079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110186934.9A Pending CN112990916A (en) 2021-02-09 2021-02-09 Intelligent payment terminal authority management method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN112990916A (en)

Similar Documents

Publication Publication Date Title
CN108898389B (en) Content verification method and device based on block chain and electronic equipment
US10748144B2 (en) System and method for transaction security enhancement
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
RU2537795C2 (en) Trusted remote attestation agent (traa)
US20160189135A1 (en) Virtual chip card payment
BR112015000980B1 (en) COMPUTER IMPLEMENTED VERIFICATION METHOD
CN210691384U (en) Face recognition payment terminal platform based on security unit and trusted execution environment
CN111275411B (en) Off-line transaction method and system for digital currency wallet and user identity identification card
US20200294039A1 (en) Retail blockchain method and apparatus
CN112166449A (en) Method of processing secure financial transactions using commercial off-the-shelf or internet-of-things devices
WO2019079998A1 (en) Method and terminal for managing and controlling permission of application, and pos terminal
CN112528305A (en) Access control method, device, electronic equipment and storage medium
CN112990916A (en) Intelligent payment terminal authority management method and device and electronic equipment
US11593780B1 (en) Creation and validation of a secure list of security certificates
CN113627931A (en) Payment limiting method and electronic equipment
CN112906045A (en) Mobile phone shield access record storage certificate and alarm method and computer system
CN103402141A (en) Ukey-based secure television payment method
CN113383527B (en) Method for authenticating terminal user on trusted device
US20220084008A1 (en) System and method of operating a consumer device as a payment device
JP2007067890A (en) Data load method, program, and terminal
KR20220093131A (en) Systems and methods for improved electronic delivery of resources via blockchain
CN113569276A (en) Block chain evidence storage method and related equipment
KR20230168759A (en) Portable electronic device for cryptocurrency transaction
CN115225651A (en) Information security protection method and device applied to block chain financial fusion and online payment
CN112511510A (en) Authorization authentication method, system, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination