CN113014670B - Method, device, medium and program product for pushing order information - Google Patents

Method, device, medium and program product for pushing order information Download PDF

Info

Publication number
CN113014670B
CN113014670B CN202110330553.3A CN202110330553A CN113014670B CN 113014670 B CN113014670 B CN 113014670B CN 202110330553 A CN202110330553 A CN 202110330553A CN 113014670 B CN113014670 B CN 113014670B
Authority
CN
China
Prior art keywords
key
terminal
information
order information
network device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110330553.3A
Other languages
Chinese (zh)
Other versions
CN113014670A (en
Inventor
王瑞
董华唯
曹普通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Shengpay E Payment Service Co ltd
Original Assignee
Shanghai Shengpay E Payment Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Shengpay E Payment Service Co ltd filed Critical Shanghai Shengpay E Payment Service Co ltd
Priority to CN202110330553.3A priority Critical patent/CN113014670B/en
Publication of CN113014670A publication Critical patent/CN113014670A/en
Application granted granted Critical
Publication of CN113014670B publication Critical patent/CN113014670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • G07G1/14Systems including one or more distant stations co-operating with a central processing unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Abstract

An object of the present application is to provide a method, apparatus, medium and program product for pushing order information, comprising: establishing long connection between a first terminal and second network equipment; monitoring a first message pipeline in real time, and receiving second order information pushed by second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, wherein the second order information is sent to the second network equipment after the first network equipment encrypts first order information by using a first symmetric key; and decrypting the second order information by using the first symmetric key to acquire the first order information, wherein the first terminal stores the first symmetric key in advance, and the first order information is used for executing corresponding payment operation after a user pays. The debugging efficiency between POS machine and the corresponding cash register can be promoted.

Description

Method, device, medium and program product for pushing order information
Technical Field
The application relates to the field of communication, in particular to a technology for pushing order information.
Background
Generally, a large-medium retail group has its own cash register system, and if each store below the group needs to access a new Point of sale (Point of sales) machine, the cash register in each store must be in the same network segment as the intelligent POS machine, and the two pieces of hardware need to discover each other and register with each other, and all need to perform docking and debugging of the cash register and the POS machine. Because the versions of the cash registers are different, the process of butt joint debugging between the newly-accessed POS machine and the cash register is more complicated, and the debugging period is longer.
Disclosure of Invention
It is an object of the present application to provide a method, apparatus, medium and program product for pushing order information.
According to one aspect of the application, a method for pushing order information is provided and applied to a first terminal, and the method comprises the following steps:
establishing long connection between a first terminal and second network equipment;
monitoring a first message pipeline in real time, and receiving second order information pushed by second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, wherein the second order information is sent to the second network equipment after the first network equipment encrypts first order information by using a first symmetric key;
and decrypting the second order information by using the first symmetric key to acquire the first order information, wherein the first terminal stores the first symmetric key in advance, and the first order information is used for executing corresponding payment operation after a user pays.
According to an aspect of the present application, a method for pushing order information is provided, which is applied to a first network device, and the method includes:
receiving first order information which is sent by third network equipment after being signed, wherein the first order information is obtained by a second terminal and then sent to the third network equipment, and the third network equipment executes signing operation according to a private key in a preset third asymmetric key;
executing a second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the step of encrypting the first order information by using a first symmetric key;
and sending the second order information and a first message pipeline of the second order information to second network equipment in real time, wherein the second network equipment sends the second order information to a first terminal based on the first message pipeline.
According to an aspect of the present application, there is provided a method for pushing order information, the method comprising:
the method comprises the steps that first network equipment receives signed first order information sent by third network equipment, wherein the first order information is obtained by a second terminal and then sent to the third network equipment, and then signing operation is executed by the third network equipment according to a private key in a preset third asymmetric key;
the first network equipment executes second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the steps of encrypting the first order information by using a first symmetric key and sending the second order information and a first message pipeline of the second order information to second network equipment in real time;
the first terminal establishes long connection between the first terminal and second network equipment, monitors a first message pipeline in real time, receives second order information pushed by the second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, and decrypts the second order information by using the first symmetric key to acquire the first order information, wherein the first symmetric key is stored in advance by the first terminal, and the first order information is used for a user to execute corresponding payment operation after payment.
According to an aspect of the present application, there is provided a first terminal for pushing order information, the apparatus comprising:
a one-to-one module for establishing a long connection between a first terminal and a second network device;
the second module is used for monitoring a first message pipeline in real time, and receiving second order information pushed by the second network equipment based on the long connection if the first message pipeline is monitored to include preset theme information, wherein the second order information is sent to the second network equipment after the first network equipment encrypts the first order information by using a first symmetric key;
and a third module, configured to decrypt the second order information using the first symmetric key to obtain the first order information, where the first terminal has stored the first symmetric key in advance, and the first order information is used for a user to perform a corresponding payment operation after payment.
According to an aspect of the present application, there is provided a first network device for pushing order information, the device comprising:
the first order information is acquired by the second terminal and then sent to the third network equipment, and the third network equipment executes the signing operation according to a private key in a preset third asymmetric key;
a second module, configured to perform a second preset operation on the tagged first order information to generate second order information, where the second preset operation includes encrypting the first order information using a first symmetric key;
and a third module, configured to send the second order information and the first message pipeline of the second order information to a second network device in real time, where the second network device sends the second order information to the first terminal based on the first message pipeline.
According to an aspect of the present application, there is provided a computer device for pushing order information, comprising a memory, a processor and a computer program stored on the memory, wherein the computer program is configured to push order information to a client
A processor executes the computer program to implement the operations of any of the methods described above.
According to an aspect of the application, there is provided a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, performs the operations of any of the methods described above.
According to an aspect of the application, a computer program product is provided, comprising a computer program which, when executed by a processor, carries out the steps of any of the methods as described above.
Compared with the prior art, in the application, a first terminal (for example, a POS) monitors in real time whether a first message pipeline sent by first network equipment includes preset subject information or not according to the first message pipeline, and if so, receives second order information pushed by second network equipment based on the long connection, and decrypts the second order information using a first symmetric key to obtain the first order information, where the first terminal stores the first symmetric key in advance, and the first order information is used for a user to perform a corresponding payment operation after payment. This application can be through MQTT communication protocol decoupling zero cash registering machine, POS machine hardware interaction, does not need POS machine and cash registering machine debugging butt joint simultaneously promptly, and the batch propelling movement of rethread intelligence POS is updated, accomplishes shop cash registering machine access POS machine fast to make the update of POS machine more efficient and the communication between POS machine and the cashier's office desk is safer.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
FIG. 1 illustrates a method flow diagram of a system method for pushing order information according to one embodiment of the present application;
fig. 2 shows a flowchart of a method for pushing order information according to an embodiment of the present application, which is applied to a first terminal;
FIG. 3 shows a flowchart of a method for pushing order information according to an embodiment of the present application, applied to a first network device;
FIG. 4 illustrates a flow diagram of a method for pushing order information according to another embodiment of the present application;
FIG. 5 illustrates a flow diagram of a method for pushing order information according to yet another embodiment of the present application;
FIG. 6 illustrates a flow diagram of a method for pushing order information according to yet another embodiment of the present application;
FIG. 7 shows a first terminal structure diagram for pushing order information according to an embodiment of the application;
FIG. 8 illustrates a first network device architecture diagram for pushing order information according to one embodiment of the present application;
FIG. 9 illustrates a system equipment structure diagram for pushing order information according to one embodiment of the present application;
FIG. 10 illustrates an exemplary system that can be used to implement the various embodiments described in this application.
The same or similar reference numbers in the drawings identify the same or similar elements.
Detailed Description
The present application is described in further detail below with reference to the attached drawing figures.
In a typical configuration of the present application, the terminal, the device serving the network, and the trusted party each include one or more processors (e.g., central Processing Units (CPUs)), input/output interfaces, network interfaces, and memory.
The Memory may include forms of volatile Memory, random Access Memory (RAM), and/or non-volatile Memory in a computer-readable medium, such as Read Only Memory (ROM) or Flash Memory. Memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase-Change Memory (PCM), programmable Random Access Memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash Memory or other Memory technologies, compact Disc Read-Only Memory (CD-ROM), digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The device referred to in the present application includes, but is not limited to, a terminal, a network device, or a device formed by integrating a terminal and a network device through a network. The terminal includes, but is not limited to, any mobile electronic product, such as a smart phone, a tablet computer, etc., capable of performing human-computer interaction with a user (e.g., human-computer interaction through a touch panel), and the mobile electronic product may employ any operating system, such as an Android operating system, an iOS operating system, etc. The network Device includes an electronic Device capable of automatically performing numerical calculation and information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded Device, and the like. The network device includes but is not limited to a computer, a network host, a single network server, a plurality of network server sets or a cloud of a plurality of servers; here, the Cloud is composed of a large number of computers or network servers based on Cloud Computing (Cloud Computing), which is a kind of distributed Computing, one virtual supercomputer consisting of a collection of loosely coupled computers. Including, but not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a VPN network, a wireless Ad Hoc network (Ad Hoc network), etc. Preferably, the device may also be a program running on the terminal, the network device, or a device formed by integrating the terminal and the network device, the touch terminal, or the network device and the touch terminal through a network.
Of course, those skilled in the art will appreciate that the foregoing is by way of example only, and that other existing or future devices, which may be suitable for use in the present application, are also encompassed within the scope of the present application and are hereby incorporated by reference.
In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.
Fig. 1 illustrates a system method for pushing order information according to an embodiment of the present application, the method comprising:
the method comprises the steps that first network equipment receives signed first order information sent by third network equipment, wherein the first order information is obtained by a second terminal and then sent to the third network equipment, and then signing operation is executed by the third network equipment according to a private key in a preset third asymmetric key;
the first network equipment executes second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the steps of encrypting the first order information by using a first symmetric key and sending the second order information and a first message pipeline of the second order information to second network equipment in real time;
the first terminal establishes long connection between the first terminal and second network equipment, monitors a first message pipeline in real time, receives second order information pushed by the second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, and decrypts the second order information by using the first symmetric key to acquire the first order information, wherein the first symmetric key is stored in advance by the first terminal, and the first order information is used for a user to execute corresponding payment operation after payment.
Fig. 2 shows a method for pushing order information, applied to a first terminal, according to an embodiment of the present application, where the method includes step S101, step S102, and step S103.
Specifically, in step S101, the first terminal establishes a long connection between the first terminal and the second network device. The first terminal comprises intelligent POS machines (or traditional POS machines) of various brands, and by taking the intelligent POS machines as an example, the main functions of the first terminal include scanning one-dimensional codes and swiping cards, as well as scanning two-dimensional codes and verifying membership card coupons, and functions of customer order fine management, big data analysis and the like by combining a back-end system; the second network device includes an MQTT (Message queue Telemetry Transport) server, where the MQTT is a client-server based Message publish/subscribe transmission protocol, and the server currently uses an open-source EMQ (Elastic MQTT Broker, MQTT Message server) as a server, and completes access of a long connection of a client in a cluster manner, and distribution of messages, and can persist the messages into a mainstream Message queue, a relational database, a columnar database, or cache data. For example, an Eclipse Paho Java Client (MQTT Client) is installed in the first terminal, wherein the first terminal uses an MQTT protocol, the first terminal uses the Eclipse Paho Java Client and an MQTT server to establish a long connection, and the long connection process uses the MQTT protocol to perform data transmission.
In step S102, the first terminal monitors a first message pipe in real time, and receives second order information pushed by the second network device based on the long connection if it is monitored that the first message pipe includes preset subject information, where the second order information is sent to the second network device after the first order information is encrypted by the first network device using the first symmetric key. Wherein the first message pipe includes TOPIC (TOPIC) of message classification by MQTT, and the first message pipe is monitored in real time after the first terminal receives the first message pipe from the first network device, and during the monitoring process, the first terminal broadcasts information related to monitoring the first message pipe to the second network device in real time (for example, the POS machine shows the information that the POS terminal is monitoring the first message pipe to the MQTT server side in real time, so that the subsequent MQTT server forwards the information related to the first message pipe to the POS machine after receiving the information related to the first message pipe), and in some embodiments, the preset TOPIC information includes at least any one of:
1) Order payment service information;
2) First identification information corresponding to the first terminal; for example, the messages in the first message pipe have different subject information formats, which may be: identification information (e.g., first identification information corresponding to the first terminal)/service type (e.g., order payment service information). For example, the first network device includes a server matched with the service type (for example, if the service type includes order payment service information, the corresponding first network device is a payment server), and when the first terminal and the first network device interact, the first network device determines the service type that the first terminal needs to acquire. In some embodiments, a first network device first generates a first message pipe, where the first message pipe includes order payment service information corresponding to the first network device and first identification information corresponding to a first terminal, where the first identification information is an identification allocated to the first terminal by the first network device after the first terminal is registered in the first network device. In the process of monitoring the first message pipeline by the first terminal, if preset subject information is monitored (for example, the second network device currently determines that the preset subject information which needs to be monitored by the first terminal exists), the second network device sends second order information corresponding to the preset subject information to the first terminal, for example, the second order information received by the second network device carries related information of the first message pipeline which is preset attention information. Here, the second order information is sent to the second network device after the first order information is encrypted by the first network device using a first symmetric key (for example, the first order information and the second order information are actually the same order, and are distinguished as the first order information (which is not encrypted by the first symmetric key) and the second order information (which is encrypted by the first symmetric key) only for distinguishing whether the first order information and the second order information are encrypted by the first symmetric key (for example, an Advanced Encryption Standard (AES)) symmetric key).
In step S103, the first terminal decrypts the second order information by using the first symmetric key to obtain the first order information, where the first terminal has stored the first symmetric key in advance, and the first order information is used for a user to perform a corresponding payment operation after the user pays. For example, the first symmetric key is stored in the first terminal before the first terminal receives the second order information, the first symmetric key used by the first terminal and the first symmetric key encrypted by the first network device for the first order information are the same key, after the second order information is decrypted, the first terminal obtains the first order information and displays the first order information to the user, and after the user performs a payment operation, the first terminal pulls up the payment cashier desk to perform the payment operation through the gateway corresponding to the first network device.
In some embodiments, the method further includes step S104 (not shown) before step S101, and in step S104, the first terminal acquires the first symmetric key and stores the first symmetric key in the first terminal. For example, although the first terminal and the second network device are implemented by long connection + TLS (Transport Layer Security protocol), in principle, the message information forwarded by the second network device has an effect that ciphertext transmission is invisible, in some embodiments, the sending of the encrypted order information is based on Security considerations of financial attributes, so that the transmission of the order information is more secure and reliable on the basis of adding an additional Layer of packet protection.
In some embodiments, said obtaining and storing said first symmetric key at said first terminal comprises: sending a request for acquiring a first key to the first network equipment; receiving a first symmetric key to be decrypted returned by first network equipment in response to the first key acquisition request, wherein the first network equipment generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted; and executing decryption operation on the first symmetric key to be decrypted by using a private key in the first asymmetric key to obtain the first symmetric key, and storing the first symmetric key in the first terminal. For example, before a second terminal corresponding to the first terminal (for example, a store cash register matching with the current POS) starts working, the first terminal is ready accordingly, for example, the first terminal needs to obtain the first symmetric key. The first terminal sends a request for obtaining a first key to the first network device to request the first symmetric key, the first network device generates the first symmetric key in response to the request for obtaining the first key (for example, the first network device generates a 24-bit random number as the first symmetric key by using a tool class under a jdk java.util.random (Java Development Kit, software Development Kit)) package, and encrypts the first symmetric key by using a public key in the first asymmetric key to prevent the first symmetric key from being transmitted in clear text in a subsequent network transmission process (for example, in a process of returning to the first terminal), the first network device sends the first symmetric key to be decrypted to the first terminal, the first terminal stores a private key in the first asymmetric key corresponding to the public key in the first asymmetric key, and decrypts the first symmetric key by using the private key in the first asymmetric key to obtain the first symmetric key.
In some embodiments, the obtaining the first key request includes first parameter information signed by using a private key in a first asymmetric key, where the first parameter information includes first identification information corresponding to the first terminal, terminal service provider identification information to which the first terminal belongs, and store and merchant identification information of a store to which the first terminal belongs, and the receiving the first symmetric key to be decrypted returned by the first network device in response to the obtaining the first key request, where the first network device generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted, including: receiving a signed first symmetric key to be decrypted and a first message pipeline returned by a first network device in response to the first key acquisition request, wherein the first message pipeline is matched with the first identification information, the first network device generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted; the method further includes step S105 (not shown), in step S105, the first terminal verifies and signs the first symmetric key to be decrypted and the first message pipe by using the public key provided by the first network device; in step S101, the first terminal establishes a long connection between the first terminal and the second network device based on the first message pipe. For example, the request for obtaining the first key includes first parameter information signed by using a private key in a first asymmetric key, where the first asymmetric key is a key agreed by a first terminal and a first network device, the first parameter information includes first identification information corresponding to the first terminal (i.e., an identifier configured by the first network device for the first terminal), terminal service provider identification information to which the first terminal belongs (e.g., identification information of a manufacturer, or a service provider of the first terminal), store merchant identification information of a store to which the first terminal belongs (e.g., identification information of a store to which the first terminal belongs), the first parameter information further includes a device TSUN, a device type, a request timestamp, a request random string, and the like, and the first asymmetric key includes an RSA public key pair. The first terminal firstly arranges each request field key initial in the first parameter information in an ascending order to a key = value & key = value mode, and then performs signature processing on a plurality of request fields arranged in the key = value & key = value mode, wherein the signature Algorithm is SHA1WithRSA (for example, signature is performed by SHA (Secure Hash Algorithm) Algorithm and encryption is performed by RSA (RSA Algorithm)) Algorithm, so as to prevent the first parameter information from being tampered, and avoid that the first parameter information is intercepted by an intermediary and then forwarded again after modifying the parameters in the network transmission process. After receiving the signed first parameter information, the first network device verifies the signed first parameter information by using a public key in a first asymmetric key, and after the verification is successful, the first network device generates the first symmetric key, wherein the first symmetric key corresponds to the first identification information of the first terminal, and encrypts the first symmetric key by using the public key in the first asymmetric key to generate the first symmetric key to be decrypted, so as to prevent the first symmetric key from being subjected to plaintext transmission in a network transmission process (for example, when the first network device transmits the first parameter information to the first terminal). And the first network device generates a first message pipe which can be monitored by an MQTT client in the first terminal according to the first identification information of the first terminal and the service corresponding to the first network device, the first message pipe realizes the exclusivity of the first terminal to the message based on the first identification information of the first terminal (for example, the information in the first message pipe can only be monitored by the first terminal), after the first network device generates the first symmetric key and the first message pipe, as a response to the request for acquiring the first key, the first network device signs the response result by using a private key of an asymmetric key preset in the first network device, so as to perform security protection on the response result and prevent the returned response result from being intercepted and tampered by an intermediary in the network transmission process, and after the first terminal receives the response result, the first network device checks and signs the response result by using a public key provided in advance by the first network device, so as to determine that the response result is from the first network device and is not tampered in the network transmission process. After the first terminal receives the first message pipeline, the first terminal establishes long connection with the second network equipment, monitors the first message pipeline in real time, and informs the second network equipment of the operation of monitoring the first message pipeline, so that the subsequent second network equipment receives messages related to the first message pipeline and forwards the messages to the first terminal. In some embodiments, the response result returned to the first terminal by the first network device further includes a user name and a password, where the user name and the password are used for the first terminal to establish a long connection with the second network device, the user name is a token returned by the first network device based on the request of the first terminal, and the password is a result obtained by the first network device signing the first identification information and the token with a key (key) of MD5 (Message Digest Algorithm MD5, which is a fifth version of the Message Digest Algorithm). In some embodiments, the second network device verifies the first network device by using the user name and the password, and after the verification succeeds, the second network device establishes the long connection with the first terminal, so that the safety and reliability of the establishment of the long connection are ensured.
In some embodiments, the method further includes step S106 (not shown), and in step S106, the first terminal obtains and stores a private key in the first asymmetric key. The first asymmetric key corresponds to the first terminal, and in order to ensure that a temporary key can be obtained after the first terminal is put into use (for example, after the first terminal is powered on) each time for subsequent interaction with other devices, the first terminal obtains and stores a private key in the first asymmetric key. In some embodiments, a validity duration of the first asymmetric key is less than a first duration threshold, and a validity duration of the first asymmetric key is less than a second duration threshold. For example, the first asymmetric key and the first symmetric key may be invalidated after the first terminal is powered off, and a new first asymmetric key and the first symmetric key may be generated each time the first terminal is powered on.
In some embodiments, said obtaining and saving a private key in said first asymmetric key comprises: responding to an initialization event in the first terminal, and sending a request for acquiring a second key to the first network equipment; receiving message information returned by the first network device in response to the request for obtaining the second key, wherein the message information comprises a private key in the first asymmetric key encrypted by the first network device by using a second symmetric key and the second symmetric key encrypted by the first network device by using a public key in the second asymmetric key; and executing a first preset operation on the message information to obtain a private key in the first asymmetric key, and storing the private key in the first asymmetric key. The initialization event includes that a user enables the first terminal (for example, the first terminal is powered on), the first terminal automatically sends a request for obtaining a second key to the first network device, in response to the request for obtaining the second key, the first network device first generates a first asymmetric key, then generates a second symmetric key, encrypts a private key in the first asymmetric key by using the second symmetric key and encrypts the second symmetric key by using a public key in the second asymmetric key, thereby performing double protection on the private key in the first asymmetric key, wherein the public key in the second asymmetric key is configured in advance by a service provider of the first terminal in the first network device, and is used for the first network device to perform operations of signature verification and encryption. In response to the request for obtaining the second key, the first network device returns, to the first terminal, message information that includes a private key in the first asymmetric key encrypted by the first network device using the second symmetric key and a public key in the second asymmetric key encrypted by the first network device using the public key in the second asymmetric key. And the first terminal executes a first preset operation after receiving the signed message information so as to obtain a private key in the first asymmetric key.
In some embodiments, the obtain second key request includes second parameter information signed using a private key of the second asymmetric key, the second parameter information including the first identification information, terminal service provider identification information to which the first terminal belongs, and store-merchant identification information of a store to which the first terminal belongs,
the first preset operation comprises at least one of:
1) Using the public key provided by the first network equipment to check and sign the message information;
2) Decrypting the encrypted second symmetric key using a private key in the second asymmetric key to obtain the second symmetric key;
3) Decrypting the encrypted private key of the first asymmetric key using the second symmetric key to obtain the private key of the first asymmetric key. For example, the request for obtaining the second key includes second parameter information signed by using a private key in the second asymmetric key, where a validity period of the second asymmetric key is permanently valid, and the private key in the second asymmetric key is stored on a security chip of the first terminal by a service provider of the first terminal when the first terminal leaves a factory, and is used as an initial key to ensure security of first interaction after the first terminal is put into use. In order to confirm the validity of the request of the first terminal, the service provider of the first terminal configures the public key in the second asymmetric key to the first network device (for example, the first network device stores the mapping relationship between the terminal service provider identification information and the public key in the asymmetric key configured by the service provider), and the first network device subsequently verifies the request through the public key corresponding to the terminal service provider identification information in the request to confirm whether the identity of the requester is valid. Wherein, the second parameter information further includes device TSUN, device type, request timestamp, request random string, the first terminal arranges in ascending order according to each request field key initial in the second parameter information in a key = value & key = value mode, and performs signing processing on the sorted key = value & key = value, the signature algorithm is SHA1WithRSA (the request random string and the signature are for tamper-resistance, the request timestamp is for replay-resistance outside a certain time window), after receiving the signed second parameter information, the first network device verifies whether the request time is expired, then verifies correctness of the terminal service trademark identification information to which the first terminal belongs, and finally verifies correctness of the signature, after the first network device successfully verifies the signature of the second parameter information, the first network device generates a public and private key pair of a first asymmetric key by using a correlation method under a JDK java security package, encrypts a public key in the first asymmetric key by using a second symmetric key, and persists the public key to a database, terminal service trademark identification information, first identification information and store and merchant identification information of a store to which the first terminal belongs, then the first network device encrypts a private key in the first asymmetric key by using the second symmetric key, finally encrypts the second symmetric key by using a public key in the second asymmetric key, then the first network device takes the result as response information of the request for obtaining the second key, and after receiving the response information, the first terminal verifies the response information by using a public key provided by the first network device (for example, the first network device is online to a service provider of the first terminal in advance and is imported into the first terminal), the signature verification comprises verifying whether a plurality of fields such as a private key in a first encrypted asymmetric key returned by an initialization interface of first network equipment, a second symmetric key encrypted by a public key in the second asymmetric key, a response random character string, a service result code, an error description and the like are tampered, if the fields are not tampered, a first terminal decrypts a ciphertext of the second symmetric key by using the private key in the second asymmetric key to obtain the second symmetric key, and then decrypts the ciphertext of the private key in the first asymmetric key by using the second symmetric key to obtain the private key in the first asymmetric key.
In some embodiments, the method further includes step S107 (not shown), in step S107, the first terminal monitors a second message pipe in real time, and receives updated component information pushed by the second network device if it is monitored that the second message pipe includes version update information, where the second network device obtains the updated component information from the terminal service provider to which the first terminal belongs or the first network device; updating version information of the first terminal based on the update component information in response to an update event in the first terminal. Wherein the second message pipe is in the main form: identification information/subject information corresponding to the terminal, for example, on the premise that the first terminal and the second network device establish a long connection, the first terminal informs the second network device that a second message pipe is monitored, where the second message pipe is: when the second network device receives the information related to the second message pipe sent by the terminal service provider to which the first terminal belongs or the first network device, the related information (namely, the updated component information) is forwarded to the first terminal, and the first terminal updates the system according to the updated component, batch real-time processing can be realized for a plurality of first terminals by adopting the push mode without sending the first terminals back to be repackaged and installed, and without debugging the first terminals with the updated components and the corresponding second terminals, so that the matching efficiency of the first terminals and the second terminals is improved.
Fig. 3 shows a method for pushing order information, which is applied to a first network device and includes step S201, step S202, and step S203 according to an embodiment of the present application.
Specifically, in step S201, the first network device receives first order information sent by a third network device after signing, where the first order information is obtained by the second terminal and sent to the third network device, and the third network device executes signing operation according to a private key in a preset third asymmetric key. The second terminal includes a store cash register, the second terminal corresponds to a first terminal (e.g., a POS machine) (i.e., the store cash register issues an order and performs a collection operation corresponding to the first terminal), the second terminal performs the order issuing operation after scanning a commodity to generate first order information, the second terminal sends the first order information to a third network device, where the third network device may be considered as a server corresponding to a store where the second terminal is currently located (e.g., a merchant a having a corresponding server, the merchant a has deployed one or more stores, the second terminal is deployed in one of the one or more stores), the third network device performs an signing operation on the first order information by using a preset private key in a third asymmetric key after receiving the first order information, in some embodiments, before the merchant store pays, an entry piece needs to be made on a merchant platform of the first network device, the first network device performs an audit after the first network device issues a private key (i.e., if the audit passes, the private key is issued to correspond to the merchant), the third terminal needs to perform an audit operation on a private key (i.e., the private key is issued by the merchant, and the third network device performs an audit operation on a public key, for example, the merchant, the third network device uploads the private key to the public key to the merchant, and then the third network device performs an audit key to the third network device, and then the third network device performs an audit key, which is used as a public key, and then performs an audit key, and a follow-up a public key. For example, the third network device signs all fields in the first order information (e.g., the merchant number, the first identification information of the first terminal corresponding to the second terminal, the merchant order number, the total amount of the order, the product description, the merchant extension data packet, the random string, the request timestamp, and the signature manner) in an ascending order of key initials of each request field to perform the signature processing in a key = value & key = value manner, and the signature algorithm is SHA1WithRSA (the request random string and the signature are for tamper resistance, and the request timestamp is for request replay resistance outside a certain time window). And the third network equipment sends the signed first order information to the first network equipment.
In step S202, the first network device performs a second preset operation on the signed first order information to generate second order information, where the second preset operation includes encrypting the first order information using a first symmetric key.
In some embodiments, the second preset operation further comprises at least any one of:
1) Using a public key in a third asymmetric key to execute signature verification operation on the signed first order information;
2) Checking parameter information in the first order information;
3) Persisting the first order information; the second order information and the first order information are the same order information, and are used for distinguishing whether to execute a second preset operation only in the process of generating the second order information from the first order information, so that the second order information and the first order information are expressed as "first" and "second". The first network device first uses the public key in the third asymmetric key to check the signed first order information, and if the check is successful, the first network device detects parameter information (for example, a merchant number, first identification information of a first terminal corresponding to the second terminal, a merchant order number, a total order amount, a commodity description, a merchant extended data packet, a random character string, a request timestamp, a signature mode, and a signature) in the first order information, wherein the main verification criteria include: checking whether a field is null, judging whether the order amount is not less than or equal to 0, performing anti-replay check based on a request timestamp, and performing anti-tamper check based on a signature mode and a signature; subsequently, the first network device performs a persistence operation on the first order information, for example, stores the merchant order into MySQL (database), thereby avoiding a network problem between the first network device and the second network device when the first order information is subsequently forwarded, and if a forwarding success or failure flag is maintained on the first order information, a timed task triggers a supplementary push message, or can be triggered manually; after the above operations are completed, the first network device encrypts the first order information by using the first symmetric key to generate second order information, so as to provide security guarantee for the transmission of subsequent order information in the network.
In some embodiments, the method further comprises step S205 (not shown), in step S205 the first network device generating the first symmetric key. For example, the first network device generates a random number of 24 bits as the first symmetric key using a tool class under the jdk java.
In some embodiments, said generating said first symmetric key comprises: receiving a first key acquisition request sent by the first terminal, wherein the first key acquisition request comprises first parameter information signed by the first terminal by using a private key in a first asymmetric key; and in response to the request for obtaining the first key, using a public key in the first asymmetric key to check the signed first parameter information, and if the check is successful, generating the first asymmetric key. The first parameter information includes first identification information corresponding to the first terminal (that is, an identification configured by the first network device for the first terminal), identification information of a terminal service provider to which the first terminal belongs (for example, identification information of a manufacturer, or a service provider of the first terminal), store-merchant identification information of a store to which the first terminal belongs (for example, identification information of a store to which the first terminal belongs), device TSUN, device type, request timestamp, request random string, and the like, and the first asymmetric key includes an RSA public and private key pair. The first terminal firstly arranges each request field key initial in the first parameter information in an ascending order into a key = value & key = value mode, and then performs signature processing on a plurality of request fields arranged into the key = value & key = value mode, wherein a signature Algorithm is SHA1WithRSA (for example, signature is performed by using SHA (Secure Hash Algorithm) Algorithm and encryption is performed by using RSA (RSA Algorithm) Algorithm), so as to prevent the first parameter information from being tampered, and avoid that the first parameter information is intercepted by an intermediary person and then forwarded again after modifying the parameter in the network transmission process. After the first network device receives the signed first parameter information, the first network device firstly uses the public key in the first asymmetric key to verify the sign of the signed first parameter information, and after the sign verification is successful, the first network device generates the first symmetric key.
In some embodiments, the first parameter information includes the first identification information corresponding to the first terminal, the terminal service provider identification information to which the first terminal belongs, and the store-merchant identification information of the store to which the first terminal belongs, and the method further includes step S206 (not shown), in which, in step S206, the first network device encrypts the first symmetric key using a public key in the first asymmetric key in response to the request for obtaining the first key, generates a first symmetric key to be decrypted, and generates a first message pipe based on the first identification information; and using the secret key provided by the first network equipment to perform signing operation on the first symmetric key to be decrypted and the first message pipeline, and sending the signed first symmetric key to be decrypted and the signed first message pipeline to the first terminal. For example, the first network device encrypts the first symmetric key using the public key in the first asymmetric key to generate the first symmetric key to be decrypted, so as to prevent the first symmetric key from being transmitted in the clear text subsequently in the network transmission process (for example, when the first network device transmits to the first terminal). And the first network device generates, according to the first identification information of the first terminal and the service corresponding to the first network device, a first message pipe that can be monitored by an MQTT client in the first terminal, where the first message pipe implements exclusivity of the first terminal to messages based on the first identification information of the first terminal (for example, information in the first message pipe can only be monitored by the first terminal, and the first message pipe has a mapping relationship with the first identification information of the first terminal).
In some embodiments, the method further comprises step S207 (not shown), in step S207 the first network device generating the first asymmetric key. And the second asymmetric key set for the first terminal by the service provider of the first terminal corresponds to the first asymmetric key. In order to ensure that a temporary key is available for subsequent interaction with other devices each time the first terminal is put into use (e.g., after power-on), the first network device generates a first asymmetric key.
In some embodiments, the generating the first asymmetric key comprises: receiving a second key acquiring request sent by the first terminal in response to an initialization event in the first terminal, wherein the second key acquiring request comprises second parameter information signed by the first terminal by using a private key in a second asymmetric key, and the second parameter information comprises the first identification information, terminal service provider identification information to which the first terminal belongs and store and merchant identification information of a store to which the first terminal belongs; and in response to the request for obtaining the second key, using the public key in the second asymmetric key to check the signed second parameter information, and if the check is successful, generating the first asymmetric key, wherein the public key in the second asymmetric key is configured for the first network device by the terminal service provider of the first terminal. The initialization event includes that a user starts the first terminal (for example, the first terminal is started), the first terminal automatically sends a request for obtaining a second key to the first network device, the request for obtaining the second key includes second parameter information signed by using a private key in a second asymmetric key, wherein the validity period of the second asymmetric key is permanently valid, the private key in the second asymmetric key is stored on a security chip of the first terminal by a service provider of the first terminal when the first terminal leaves a factory, and the private key serves as an initial key to ensure the security of first interaction after the first terminal is put into use. In order to confirm the validity of the request of the first terminal, the service provider of the first terminal configures a public key in the second asymmetric key to the first network device (for example, the first network device stores a mapping relationship between the terminal service identifier information and the public key in the asymmetric key configured by the service provider), and the first network device verifies the request through the public key corresponding to the terminal service identifier information in the request to confirm whether the identity of the requester is valid. The second parameter information further includes device TSUN, device type, request timestamp, and request random character string, the first terminal is arranged in a key = value & key = value mode in an ascending order according to each request field key initial in the second parameter information, and performs signature processing on the sorted key = value & key = value, a signature algorithm is SHA1WithRSA (the request random character string and the signature are for tamper resistance, the request timestamp is for request replay resistance outside a certain time window), after receiving the signed second parameter information, the first network device verifies whether the request time is expired, then verifies correctness of terminal service trademark identification information to which the first terminal belongs, and finally verifies correctness of the signature, and after successfully verifying the signature of the second parameter information, the first network device generates a private public pair of the first asymmetric key by using a correlation method under a jdjava security package.
In some embodiments, the method further comprises step S208 (not shown), in step S208, the first network device generates a second symmetric key in response to the request to obtain the second key; encrypting a private key in the first asymmetric key using the second symmetric key and encrypting the second symmetric key using a public key in the second asymmetric key; and returning the second asymmetric key encrypted by using the public key in the second asymmetric key and the private key in the first asymmetric key encrypted by using the second asymmetric key as message information to the first terminal. For example, the first network generates a random number as a second symmetric key, encrypts a private key in the first asymmetric key using the second symmetric key (for example, since the private key is long, the private key cannot be encrypted using a public key in the second asymmetric key), finally encrypts the second symmetric key using the public key in the second asymmetric key, and then the first network device uses the result as the response information of the request for obtaining the second key.
In some embodiments, said encrypting a private key of said first asymmetric key using said second symmetric key comprises: and encrypting a private key in the first asymmetric key by using the second symmetric key, and associating the first asymmetric key with the first identification information, the terminal service provider identification information of the store to which the first terminal belongs and store and merchant identification information of the store to which the first terminal belongs. For example, the first network device persists the first asymmetric key to the database so as to associate with the terminal service identifier information and the first identifier information and store merchant identifier information of the store to which the first terminal belongs, thereby avoiding a situation in which the order of the store a is transferred to the POS terminal of the store B when a subsequent order is transmitted.
In step S203, the first network device sends the second order information and the first message pipe of the second order information to the second network device in real time, where the second network device sends the second order information to the first terminal based on the first message pipe. The second network device comprises an MQTT server, the MQTT is a client-server based message publish/subscribe transmission protocol, and the server currently adopts an open-source EMQ (Elastic MQTT Broker, MQTT message server) as a server, for example, because a single unit of the second network device can support 10 ten thousand-level connection, multi-version MQTT protocol and horizontal extension, compared with a scheme (for example, building a long connection gateway) that the first network device directly transmits the first order information to the first terminal in the subsequent process, and when the first order information is transmitted to the second network device, resources and manpower are both in a reasonable way. After the first network device checks and signs the first order information, the first network device queries a first message pipe corresponding to the first identification information according to the first identification information of the first terminal corresponding to the second terminal, and then sends the content of the second order information to the first message pipe of the second network device (for example, the first network device informs the second network device in real time that the first network device is generating order information related to the first message pipe), and meanwhile, the first terminal monitors the first message pipe all the time (for example, the first terminal informs the second network device in real time, the first terminal monitors information in the first message pipe in real time), and then the second network device sends the second order information to the first terminal.
In some embodiments, the method further includes, before step S201, step S204 (not shown), in step S204, the first network device receives a terminal service provider to which the first terminal belongs and a registration request of the first terminal; and responding to the registration request, configuring terminal service mark identification information for a terminal service provider to which the first terminal belongs, and configuring first identification information for the first terminal. For example, a store merchant requests a first terminal (e.g., a smart POS) from a first network device. The first network device enters the item to an equipment provider (e.g., a service provider) and persists the store merchant and terminal information. Before the first terminal is deployed to a merchant store, a terminal service provider to which the first terminal belongs and the first terminal register with the first network device to obtain first identification information distributed to the first terminal by the first network device and terminal service provider identification information distributed to the terminal service provider, the first network device stores a mapping relation between the terminal service provider identification information and identification information of the first terminal generated by the terminal service provider, and meanwhile, the terminal service provider configures a public key in a second asymmetric key to the first network device for the first terminal to subsequently check and sign a request from the first terminal to identify the identity of the service provider.
Fig. 4 is a flowchart illustrating a method for pushing order information according to an embodiment of the present disclosure, in which a POS terminal initializes the terminal, signs second parameter information with an RSA private key provided by a terminal service provider, and sends the second parameter information to a pay-through service end (e.g., a first network device) to request for signature verification, the service end generates an RSA public private key and generates an AES symmetric key, then encrypts the RSA private key with an AES symmetric key and encrypts the symmetric key with an RSA public key of the terminal service provider, and returns the encrypted symmetric key and the encrypted RSA private key to the POS terminal, the POS terminal verifies the signature with an opposite-end API (Application Programming Interface) public key, decrypts the symmetric key with the RSA private key of the service provider, decrypts the RSA private key of an initialization device with the AES symmetric key, and then stores the RSA private key of the initialization device.
Fig. 5 is a flowchart of a method for pushing order information according to an embodiment of the present application, in which a POS terminal signs first parameter information using an RSA private key returned by terminal initialization, and sends a request for obtaining a work key to a prepaid service terminal, the prepaid service terminal checks the sign using a terminal-initialized public key, and then generates an AES symmetric work key, encrypts the AES symmetric work key using the terminal-initialized RSA public key, and generates a TOPIC monitored by an MQTT client, and returns the TOPIC and the encrypted AES symmetric work key as message information to the POS terminal, which checks the sign using an API public key, decrypts the AES symmetric work key using the RSA private key returned by the terminal initialization, and stores the AES symmetric work key, and then the POS terminal establishes a long connection with the MQTT service terminal, and monitors the TOPIC of the MQTT service terminal in real time.
Fig. 6 is a flowchart illustrating a method for pushing order information according to an embodiment of the present application, where, for example, a store merchant is used, a store cash register currently in cash in the store merchant scans one or more commodities and places an order, and sends order information (e.g., a merchant number of the store, a merchant order number, a total order amount, a commodity description, a merchant extension data packet, a random character string, a request timestamp, a signature manner, etc.) to a merchant server corresponding to the current store, the merchant server requests signing by using an RSA private key corresponding to the store merchant number and forwards the signed order to a bunton server, the bunton server verifies an RSA public key corresponding to the merchant number and verifies parameter information in the order information, persists the order, encrypts the order information by using an AES symmetric key, then forwards the encrypted order information to an MQTT server, the MQTT server forwards the order information to a POS terminal corresponding to the store merchant terminal, the POS terminal decrypts the order information by using the AES symmetric key, decrypts the order information, and executes payment to a payment gateway of a user after signing, and the payment is executed.
Fig. 7 shows a first terminal for pushing order information according to an embodiment of the present application, where the first terminal includes a one-module 101, a two-module 102, and a three-module 103.
Specifically, the module 101 is configured to establish a long connection between the first terminal and the second network device. The first terminal comprises intelligent POS machines (or traditional POS machines) of various brands, and by taking the intelligent POS machines as an example, the main functions of the first terminal comprise functions of scanning one-dimensional codes and swiping cards, scanning two-dimensional codes, verifying membership card coupons, and performing customer order fine management, big data analysis and the like by combining a back-end system besides the functions of scanning one-dimensional codes and swiping cards contained in the traditional POS machines; the second network device includes an MQTT (Message queue Telemetry Transport) server, the MQTT is a client-server based Message publishing/subscription Transport protocol, and the server currently adopts an open-source EMQ (Elastic MQTT Broker, MQTT Message server) as a server, and completes access of long connection of a client in a cluster manner, and Message distribution, and can persist a Message into a mainstream Message queue, a relational database, a columnar database, or cache data. For example, an Eclipse Paho Java Client (MQTT Client) is installed in the first terminal, wherein the first terminal uses an MQTT protocol, the first terminal uses the Eclipse Paho Java Client and an MQTT server to establish a long connection, and the long connection process uses the MQTT protocol to perform data transmission.
The second module 102 is configured to monitor a first message pipe in real time, and receive second order information pushed by the second network device based on the long connection if it is monitored that the first message pipe includes preset subject information, where the second order information is sent to the second network device after the first network device encrypts the first order information by using a first symmetric key. The first message pipeline comprises a TOPIC (TOPIC) of the MQTT for classifying messages, and after the first terminal receives the first message pipeline from the first network device, the first message pipeline is monitored in real time, wherein in the monitoring process, the first terminal broadcasts information related to monitoring the first message pipeline to the second network device in real time (for example, the POS machine shows the information related to monitoring the first message pipeline by the POS terminal to the MQTT server side in real time, so that the subsequent MQTT server forwards the related information to the POS machine after receiving the information related to the first message pipeline).
A third module 103, configured to decrypt the second order information using the first symmetric key to obtain the first order information, where the first terminal has stored the first symmetric key in advance, and the first order information is used for a user to perform a corresponding payment operation after payment. For example, the first symmetric key is stored in the first terminal before the first terminal receives the second order information, the first symmetric key used by the first terminal and the first symmetric key of the first network device for encrypting the first order information are the same key, after the second order information is decrypted, the first terminal obtains the first order information and displays the first order information to the user, and after the user performs a payment operation, the first terminal pulls up the payment cashier desk to perform the payment operation through the gateway corresponding to the first network device.
In some embodiments, the preset subject information comprises at least any one of:
order payment service information;
and the first identification information corresponds to the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the first terminal further comprises a fourth module 104 (not shown) before the first module 101, and the fourth module 104 is configured to obtain the first symmetric key and store the first symmetric key in the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, said obtaining and storing said first symmetric key at said first terminal comprises:
sending a request for acquiring a first key to the first network equipment;
receiving a first symmetric key to be decrypted returned by first network equipment in response to the first key acquisition request, wherein the first network equipment generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted;
and executing decryption operation on the first symmetric key to be decrypted by using a private key in the first asymmetric key to obtain the first symmetric key, and storing the first symmetric key in the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the obtaining the first key request includes first parameter information signed by using a private key in a first asymmetric key, where the first parameter information includes first identification information corresponding to the first terminal, terminal service provider identification information to which the first terminal belongs, and store and merchant identification information of a store to which the first terminal belongs, and the receiving the first symmetric key to be decrypted returned by the first network device in response to the obtaining the first key request, where the first network device generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted, including:
receiving a signed first symmetric key to be decrypted and a first message pipeline returned by a first network device in response to the first key acquisition request, wherein the first message pipeline is matched with the first identification information, the first network device generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted;
the first terminal further comprises a fifth module 105 (not shown), a fifth module 105, configured to use the public key provided by the first network device to verify the first symmetric key to be decrypted and the first message pipe; a module 101, configured to establish a long connection between the first terminal and the second network device based on the first message pipe. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the first terminal further includes a sixth module 106 (not shown), and the sixth module 106 is configured to obtain and store a private key in the first asymmetric key. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, said obtaining and saving a private key in said first asymmetric key comprises:
responding to an initialization event in the first terminal, and sending a request for acquiring a second key to the first network equipment;
receiving message information returned by the first network device in response to the request for obtaining the second key, wherein the message information comprises a private key in the first asymmetric key encrypted by the first network device by using a second symmetric key and the second symmetric key encrypted by the first network device by using a public key in the second asymmetric key;
and executing a first preset operation on the message information to obtain a private key in the first asymmetric key, and storing the private key in the first asymmetric key. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the obtaining the second key request includes second parameter information signed by using a private key in the second asymmetric key, the second parameter information includes the first identification information, terminal service provider identification information to which the first terminal belongs, and store-merchant identification information of a store to which the first terminal belongs, and the first preset operation includes at least one of:
using the public key provided by the first network equipment to check and sign the message information;
decrypting the encrypted second symmetric key using a private key in the second asymmetric key to obtain the second symmetric key;
decrypting the encrypted private key of the first asymmetric key using the second symmetric key to obtain a private key of the first asymmetric key; the related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the first asymmetric key has a validity duration less than a first duration threshold, and the first asymmetric key has a validity duration less than a second duration threshold. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
In some embodiments, the first terminal further includes a seventh module 107 (not shown), and the seventh module 107 is configured to monitor a second message pipe in real time, and receive updated component information pushed by the second network device if it is monitored that the second message pipe includes version update information, where the second network device obtains the updated component information from a terminal service provider to which the first terminal belongs or the first network device;
updating version information of the first terminal based on the update component information in response to an update event in the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 2, and therefore are not described again, and are included herein by reference.
Fig. 8 shows a first network device for pushing order information according to an embodiment of the present application, where the first network device includes a first module 201, a second module 202, and a third module 203.
Specifically, the second-to-first module 201 is configured to receive first order information sent by a third network device after being signed, where the first order information is obtained by the second terminal and sent to the third network device, and then the third network device executes a signing operation according to a private key in a preset third asymmetric key. The second terminal includes a store cash register, the second terminal corresponds to a first terminal (e.g., a POS machine) (i.e., the store cash register performs ordering and performs collection operation corresponding to the first terminal), the second terminal performs ordering operation after scanning goods to generate first order information, the second terminal sends the first order information to a third network device, where the third network device may be considered as a server corresponding to a store where the second terminal is currently located (e.g., a merchant a has a corresponding server, the merchant a has one or more stores, the second terminal is disposed in one of the one or more stores), the third network device performs signing operation on the first order information using a preset third asymmetric key after receiving the first order information, in some embodiments, before making payment, the merchant needs to make a piece of information on a merchant platform of the first network device, after the first network device performs auditing, if the merchant passes the auditing, the merchant issues a corresponding private key (i.e., private key, and then the third network device generates a corresponding public key, and uploads the private key to the merchant as a subsequent public key, for example, when the merchant verifies the third public key is used as a private key, the private key, and the third public key is used as a public key, the private key, and then, the private key is used as a public key, when the private key is uploaded to the merchant, and then, the third network device verifies the private key, and then, the private key is used as a public key, and then, the private key corresponding public key of the third network device. For example, the third network device performs signing processing on all fields (e.g., a merchant number, first identification information of a first terminal corresponding to the second terminal, a merchant order number, a total order amount, a product description, a merchant extension data packet, a random character string, a request timestamp, and a signature manner) in the first order information according to a key initial ascending order of each request field in a key = value & key = value manner, and the signature algorithm is SHA1WithRSA (the request random character string and the signature are tamper-resistant, and the request timestamp is request replay-resistant outside a certain time window). And the third network equipment sends the first order information after the signing to the first network equipment.
A second-second module 202, configured to perform a second preset operation on the tagged first order information to generate second order information, where the second preset operation includes encrypting the first order information using a first symmetric key.
A second and third module 203, configured to send the second order information and the first message pipe of the second order information to a second network device in real time, where the second network device sends the second order information to the first terminal based on the first message pipe. The second network device comprises an MQTT server, the MQTT is a client-server based message publish/subscribe transmission protocol, and the server currently adopts an open-source EMQ (Elastic MQTT Broker, MQTT message server) as a server, for example, because a single unit of the second network device can support 10 ten thousand-level connection, multi-version MQTT protocol and horizontal extension, compared with a scheme (for example, building a long connection gateway) that the first network device directly transmits the first order information to the first terminal in the subsequent process, and when the first order information is transmitted to the second network device, resources and manpower are both in a reasonable way. After the first network device checks and signs the first order information, the first network device queries a first message pipe corresponding to the first identification information according to the first identification information of the first terminal corresponding to the second terminal, and then sends the content of the second order information to the first message pipe of the second network device (for example, the first network device informs the second network device in real time that the first network device is generating order information related to the first message pipe), and meanwhile, the first terminal monitors the first message pipe all the time (for example, the first terminal informs the second network device in real time, the first terminal monitors information in the first message pipe in real time), and then the second network device sends the second order information to the first terminal.
In some embodiments, the first network device further includes, before the first-second-first module 201, a second-fourth module 204 (not shown), where the second-fourth module 204 is configured to receive a registration request of a terminal service provider to which the first terminal belongs and the first terminal;
and responding to the registration request, configuring terminal service provider identification information for a terminal service provider to which the first terminal belongs, and configuring first identification information for the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, the second preset operation further comprises at least any one of:
using a public key in a third asymmetric key to execute signature verification operation on the signed first order information;
checking parameter information in the first order information;
persisting the first order information; the related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, the first network device further comprises a step two and five module 205 (not shown), the step two and five module 205 configured to generate the first symmetric key. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, said generating said first symmetric key comprises: receiving a first key acquisition request sent by the first terminal, wherein the first key acquisition request comprises first parameter information signed by the first terminal by using a private key in a first asymmetric key;
and in response to the request for obtaining the first key, using a public key in the first asymmetric key to check the signed first parameter information, and if the check is successful, generating the first asymmetric key. The related operations are the same as or similar to those of the embodiment shown in fig. 3, and thus are not repeated herein, and are incorporated by reference.
In some embodiments, the first parameter information includes the first identification information corresponding to the first terminal, the terminal service provider identification information to which the first terminal belongs, and the store-merchant identification information of the store to which the first terminal belongs, and the first network device further includes a second-sixth module 206 (not shown), where the second-sixth module 206 is configured to:
responding to the request for obtaining the first secret key, encrypting the first symmetric secret key by using a public key in the first asymmetric secret key to generate a first symmetric secret key to be decrypted, and generating a first message pipeline based on the first identification information;
and using the secret key provided by the first network equipment to perform signing operation on the first symmetric key to be decrypted and the first message pipeline, and sending the signed first symmetric key to be decrypted and the signed first message pipeline to the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, the first network device further comprises a twenty-seven module 207 (not shown), the twenty-seven module 207 configured to generate the first asymmetric key. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, the generating the first asymmetric key comprises:
receiving a second key acquiring request sent by the first terminal in response to an initialization event in the first terminal, wherein the second key acquiring request comprises second parameter information signed by the first terminal by using a private key in a second asymmetric key, and the second parameter information comprises the first identification information, terminal service provider identification information to which the first terminal belongs and store and merchant identification information of a store to which the first terminal belongs;
and in response to the request for obtaining the second key, using the public key in the second asymmetric key to check the signed second parameter information, and if the check is successful, generating the first asymmetric key, wherein the public key in the second asymmetric key is configured for the first network device by the terminal service provider of the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, the first network device further comprises a twenty-eight module 208 (not shown), the twenty-eight module 208 configured to generate a second symmetric key in response to the request for obtaining a second key;
encrypting a private key in the first asymmetric key using the second symmetric key and encrypting the second symmetric key using a public key in the second asymmetric key;
and returning the second asymmetric key encrypted by using the public key in the second asymmetric key and the private key in the first asymmetric key encrypted by using the second asymmetric key as message information to the first terminal. The related operations are the same as or similar to those of the embodiment shown in FIG. 3, and therefore are not described again, and are included herein by reference.
In some embodiments, said encrypting a private key of said first asymmetric key using said second symmetric key comprises:
and encrypting a private key in the first asymmetric key by using the second symmetric key, and associating the first asymmetric key with the first identification information, the terminal service provider identification information of the store to which the first terminal belongs and store and merchant identification information of the store to which the first terminal belongs. The related operations are the same as or similar to those of the embodiment shown in fig. 3, and thus are not repeated herein, and are incorporated by reference.
Fig. 9 shows a system device for pushing order information according to an embodiment of the present application, the device comprising:
the method comprises the steps that a first network device receives signed first order information sent by a third network device, wherein the first order information is obtained by a second terminal and sent to the third network device, and then the third network device executes signing operation according to a private key in a preset third asymmetric key;
the first network equipment executes second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the steps of encrypting the first order information by using a first symmetric key and sending the second order information and a first message pipeline of the second order information to second network equipment in real time;
the first terminal establishes long connection between the first terminal and second network equipment, monitors a first message pipeline in real time, receives second order information pushed by the second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, and decrypts the second order information by using the first symmetric key to acquire the first order information, wherein the first symmetric key is stored in advance by the first terminal, and the first order information is used for a user to execute corresponding payment operation after payment.
In addition to the methods and apparatus described in the embodiments above, the present application also provides a computer readable storage medium storing computer code that, when executed, performs the method as described in any of the previous items.
The present application also provides a computer program product, which when executed by a computer device, performs the method of any of the preceding claims.
The present application further provides a computer device, comprising:
one or more processors;
a memory for storing one or more computer programs;
the one or more computer programs, when executed by the one or more processors, cause the one or more processors to implement the method of any preceding claim.
FIG. 10 illustrates an exemplary system that can be used to implement the various embodiments described herein;
in some embodiments, as shown in FIG. 10, the system 300 can be implemented as any of the devices in the various embodiments described. In some embodiments, system 300 may include one or more computer-readable media (e.g., system memory or NVM/storage 320) having instructions and one or more processors (e.g., processor(s) 305) coupled with the one or more computer-readable media and configured to execute the instructions to implement modules to perform the actions described herein.
For one embodiment, system control module 310 may include any suitable interface controllers to provide any suitable interface to at least one of processor(s) 305 and/or any suitable device or component in communication with system control module 310.
The system control module 310 may include a memory controller module 330 to provide an interface to the system memory 315. Memory controller module 330 may be a hardware module, a software module, and/or a firmware module.
System memory 315 may be used, for example, to load and store data and/or instructions for system 300. For one embodiment, system memory 315 may include any suitable volatile memory, such as suitable DRAM. In some embodiments, the system memory 315 may include a double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
For one embodiment, system control module 310 may include one or more input/output (I/O) controllers to provide an interface to NVM/storage 320 and communication interface(s) 325.
For example, NVM/storage 320 may be used to store data and/or instructions. NVM/storage 320 may include any suitable non-volatile memory (e.g., flash memory) and/or may include any suitable non-volatile storage device(s) (e.g., one or more hard disk drive(s) (HDD (s)), one or more Compact Disc (CD) drive(s), and/or one or more Digital Versatile Disc (DVD) drive (s)).
NVM/storage 320 may include storage resources that are physically part of the device on which system 300 is installed or may be accessed by the device and not necessarily part of the device. For example, NVM/storage 320 may be accessible over a network via communication interface(s) 325.
Communication interface(s) 325 may provide an interface for system 300 to communicate over one or more networks and/or with any other suitable device. System 300 may wirelessly communicate with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols.
For one embodiment, at least one of the processor(s) 305 may be packaged together with logic for one or more controller(s) of the system control module 310, such as memory controller module 330. For one embodiment, at least one of the processor(s) 305 may be packaged together with logic for one or more controller(s) of the system control module 310 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 305 may be integrated on the same die with logic for one or more controller(s) of the system control module 310. For one embodiment, at least one of the processor(s) 305 may be integrated on the same die with logic for one or more controller(s) of the system control module 310 to form a system on chip (SoC).
In various embodiments, system 300 may be, but is not limited to being: a server, a workstation, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.). In various embodiments, system 300 may have more or fewer components and/or different architectures. For example, in some embodiments, system 300 includes one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and speakers.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the steps or functions described above. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
In addition, some of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present application through the operation of the computer. Those skilled in the art will appreciate that the forms of computer program instructions that reside on a computer-readable medium include, but are not limited to, source files, executable files, installation package files, and the like, and that the manner in which the computer program instructions are executed by a computer includes, but is not limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installed program. In this regard, computer readable media can be any available computer readable storage media or communication media that can be accessed by a computer.
Communication media includes media by which communication signals, including, for example, computer readable instructions, data structures, program modules, or other data, are transmitted from one system to another. Communication media may include conductive transmission media such as cables and wires (e.g., fiber optics, coaxial, etc.) and wireless (non-conductive transmission) media capable of propagating energy waves, such as acoustic, electromagnetic, RF, microwave, and infrared. Computer readable instructions, data structures, program modules or other data may be embodied in a modulated data signal, such as a carrier wave or similar mechanism that is embodied in a wireless medium, such as part of spread-spectrum techniques, for example. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. The modulation may be analog, digital or hybrid modulation techniques.
By way of example, and not limitation, computer-readable storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. For example, computer-readable storage media include, but are not limited to, volatile memory such as random access memory (RAM, DRAM, SRAM); and non-volatile memory such as flash memory, various read-only memories (ROM, PROM, EPROM, EEPROM), magnetic and ferromagnetic/ferroelectric memories (MRAM, feRAM); and magnetic and optical storage devices (hard disk, magnetic tape, CD, DVD); or other now known media or later developed that can store computer-readable information/data for use by a computer system.
An embodiment according to the present application comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform a method and/or a solution according to the aforementioned embodiments of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.

Claims (23)

1. A method for pushing order information is applied to a first terminal, wherein the method comprises the following steps:
establishing long connection between a first terminal and second network equipment;
monitoring a first message pipeline in real time, and if the fact that the first message pipeline comprises preset subject information is monitored, receiving second order information pushed by second network equipment based on the long connection, wherein the second order information is sent to the second network equipment after the first network equipment encrypts the first order information by using a first symmetric key, the second network equipment comprises a message queue telemetry transmission server, the first message pipeline comprises a subject of message queue telemetry transmission to message classification, the first terminal monitors the first message pipeline in real time after receiving the first message pipeline from the first network equipment, and the first terminal broadcasts information related to the first message pipeline to the second network equipment in real time in the monitoring process;
and decrypting the second order information by using the first symmetric key to acquire the first order information, wherein the first terminal stores the first symmetric key in advance, and the first order information is used for executing corresponding payment operation after a user pays.
2. The method of claim 1, wherein the preset subject information comprises at least any one of:
order payment service information;
and the first identification information corresponds to the first terminal.
3. The method of claim 1, wherein the method further comprises, prior to establishing the long connection of the first terminal with the second network device:
and acquiring the first symmetric key and storing the first symmetric key in the first terminal.
4. The method of claim 3, wherein the obtaining and storing the first symmetric key at the first terminal comprises:
sending a request for acquiring a first key to the first network equipment;
receiving a first symmetric key to be decrypted returned by first network equipment in response to the first key acquisition request, wherein the first network equipment generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted;
and executing decryption operation on the first symmetric key to be decrypted by using a private key in the first asymmetric key to obtain the first symmetric key, and storing the first symmetric key in the first terminal.
5. The method according to claim 4, wherein the request for obtaining the first key includes first parameter information signed by using a private key in a first asymmetric key, the first parameter information including first identification information corresponding to the first terminal, terminal service provider identification information to which the first terminal belongs, store merchant identification information of a store to which the first terminal belongs,
the receiving, by the first network device, a first symmetric key to be decrypted returned in response to the first key obtaining request, where the first network device generates the first symmetric key, and encrypts the first symmetric key using a public key in the first asymmetric key to generate the first symmetric key to be decrypted, includes:
receiving a signed first symmetric key to be decrypted and a first message pipeline returned by a first network device in response to the first key acquisition request, wherein the first message pipeline is matched with the first identification information, the first network device generates the first symmetric key, and encrypts the first symmetric key by using a public key in the first asymmetric key to generate the first symmetric key to be decrypted;
the method further comprises the following steps:
verifying and signing the first symmetric key to be decrypted and the first message pipeline by using a public key provided by the first network equipment;
the establishing of the long connection between the first terminal and the second network device includes:
and establishing a long connection between the first terminal and the second network equipment based on the first message pipeline.
6. The method of claim 5, wherein the method further comprises:
and acquiring and storing a private key in the first asymmetric key.
7. The method of claim 6, wherein the obtaining and saving a private key in the first asymmetric key comprises:
responding to an initialization event in the first terminal, and sending a request for acquiring a second key to the first network equipment;
receiving message information returned by the first network device in response to the request for obtaining the second key, wherein the message information comprises a private key in the first asymmetric key encrypted by the first network device by using a second symmetric key and the second symmetric key encrypted by the first network device by using a public key in the second asymmetric key;
and executing a first preset operation on the message information to obtain a private key in the first asymmetric key, and storing the private key in the first asymmetric key.
8. The method according to claim 7, wherein the get second key request includes second parameter information signed using a private key in the second asymmetric key, the second parameter information including the first identification information, terminal service provider identification information to which the first terminal belongs, and store-merchant identification information of a store to which the first terminal belongs,
the first preset operation comprises at least one of:
using a public key provided by the first network equipment to check the signature of the message information;
decrypting the encrypted second symmetric key using a private key in the second asymmetric key to obtain the second symmetric key;
decrypting the encrypted private key of the first asymmetric key using the second symmetric key to obtain the private key of the first asymmetric key.
9. The method of any of claims 4 to 8, wherein a validity duration of the first asymmetric key is less than a first duration threshold and the validity duration of the first asymmetric key is less than a second duration threshold.
10. The method of claim 1, wherein the method further comprises:
monitoring a second message pipeline in real time, and receiving updated component information pushed by second network equipment if version update information is monitored to be included in the second message pipeline, wherein the second network equipment acquires the updated component information from a terminal service provider to which the first terminal belongs or the first network equipment;
updating version information of the first terminal based on the update component information in response to an update event in the first terminal.
11. A method for pushing order information is applied to a first network device, wherein the method comprises the following steps:
receiving first order information which is sent by third network equipment after being signed, wherein the first order information is obtained by a second terminal and then sent to the third network equipment, and the third network equipment executes signing operation according to a private key in a preset third asymmetric key;
executing a second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the step of encrypting the first order information by using a first symmetric key;
the second order information and a first message pipeline of the second order information are sent to second network equipment in real time, the second network equipment sends the second order information to a first terminal based on the first message pipeline, the second network equipment comprises a message queue telemetry transmission server, the first message pipeline comprises a subject of message queue telemetry transmission to message classification, the first terminal monitors the first message pipeline in real time after receiving the first message pipeline from the first network equipment, and the first terminal broadcasts information related to the monitoring of the first message pipeline to the second network equipment in real time in the monitoring process.
12. The method of claim 11, wherein before receiving the tagged first order information sent by the third network device, the method further comprises:
receiving a terminal service provider to which the first terminal belongs and a registration request of the first terminal;
and responding to the registration request, configuring terminal service provider identification information for a terminal service provider to which the first terminal belongs, and configuring first identification information for the first terminal.
13. The method of claim 11, wherein the second preset operation further comprises at least any one of:
using a public key in a third asymmetric key to execute signature verification operation on the signed first order information;
checking parameter information in the first order information;
and persisting the first order information.
14. The method of claim 11, wherein the method further comprises:
generating the first symmetric key.
15. The method of claim 14, wherein the generating the first symmetric key comprises:
receiving a first key acquisition request sent by the first terminal, wherein the first key acquisition request comprises first parameter information signed by the first terminal by using a private key in a first asymmetric key;
and in response to the request for obtaining the first key, using a public key in the first asymmetric key to check the signed first parameter information, and if the check is successful, generating the first asymmetric key.
16. The method of claim 15, wherein the first parameter information includes first identification information corresponding to the first terminal, terminal service provider identification information to which the first terminal belongs, store-merchant identification information of a store to which the first terminal belongs,
the method further comprises the following steps:
responding to the request for obtaining the first secret key, encrypting the first symmetric secret key by using a public key in the first asymmetric secret key to generate a first symmetric secret key to be decrypted, and generating a first message pipeline based on the first identification information;
and using the secret key provided by the first network equipment to perform signing operation on the first symmetric key to be decrypted and the first message pipeline, and sending the signed first symmetric key to be decrypted and the first message pipeline to the first terminal.
17. The method of claim 16, wherein the method further comprises:
generating the first asymmetric key.
18. The method of claim 17, wherein the generating the first asymmetric key comprises:
receiving a second key acquiring request sent by the first terminal in response to an initialization event in the first terminal, wherein the second key acquiring request comprises second parameter information signed by the first terminal by using a private key in a second asymmetric key, and the second parameter information comprises the first identification information, terminal service provider identification information to which the first terminal belongs and store and merchant identification information of a store to which the first terminal belongs;
and in response to the request for obtaining the second key, using the public key in the second asymmetric key to check the signed second parameter information, and if the check is successful, generating the first asymmetric key, wherein the public key in the second asymmetric key is configured for the first network device by the terminal service provider of the first terminal.
19. The method of claim 18, wherein the method further comprises:
generating a second symmetric key in response to the request for obtaining a second key;
encrypting a private key in the first asymmetric key using the second symmetric key and encrypting the second symmetric key using a public key in the second asymmetric key;
and returning the second symmetric key encrypted by using the public key in the second asymmetric key and the private key in the first asymmetric key encrypted by using the second symmetric key to the first terminal as message information.
20. The method of claim 18, wherein said encrypting a private key of the first asymmetric key using the second symmetric key comprises:
and encrypting a private key in the first asymmetric key by using the second symmetric key, and associating the first asymmetric key with the first identification information, the terminal service provider identification information of the store to which the first terminal belongs and store and merchant identification information of the store to which the first terminal belongs.
21. A method for pushing order information, wherein the method comprises:
the method comprises the steps that a first network device receives signed first order information sent by a third network device, wherein the first order information is obtained by a second terminal and sent to the third network device, and then the third network device executes signing operation according to a private key in a preset third asymmetric key;
the first network equipment executes second preset operation on the signed first order information to generate second order information, wherein the second preset operation comprises the steps of encrypting the first order information by using a first symmetric key and sending the second order information and a first message pipeline of the second order information to second network equipment in real time;
the method comprises the steps that a first terminal establishes long connection between the first terminal and second network equipment, monitors a first message pipeline in real time, receives second order information pushed by the second network equipment based on the long connection if the first message pipeline is monitored to include preset subject information, decrypts the second order information by using a first symmetric key to obtain the first order information, wherein the first symmetric key is stored in advance by the first terminal, the first order information is used for a user to pay and then perform corresponding payment operation, the second network equipment comprises a message queue telemetry transmission server, the first message pipeline comprises subjects classified by message queue telemetry transmission, the first terminal monitors the first message pipeline in real time after receiving the first message pipeline from the first network equipment, and the first terminal broadcasts information related to the first message pipeline in real time to the second network equipment in a monitoring process.
22. A computer device for pushing order information, comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to implement the steps of the method according to any of claims 1 to 20.
23. A computer-readable storage medium, on which a computer program/instructions are stored, which, when being executed by a processor, carry out the steps of the method according to any one of claims 1 to 20.
CN202110330553.3A 2021-03-25 2021-03-25 Method, device, medium and program product for pushing order information Active CN113014670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110330553.3A CN113014670B (en) 2021-03-25 2021-03-25 Method, device, medium and program product for pushing order information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110330553.3A CN113014670B (en) 2021-03-25 2021-03-25 Method, device, medium and program product for pushing order information

Publications (2)

Publication Number Publication Date
CN113014670A CN113014670A (en) 2021-06-22
CN113014670B true CN113014670B (en) 2023-04-07

Family

ID=76408230

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110330553.3A Active CN113014670B (en) 2021-03-25 2021-03-25 Method, device, medium and program product for pushing order information

Country Status (1)

Country Link
CN (1) CN113014670B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113886880A (en) * 2021-10-09 2022-01-04 京东科技信息技术有限公司 Data protection method, system, device and storage medium
CN114429382A (en) * 2021-12-29 2022-05-03 广州盖盟达工业品有限公司 Commodity recommendation method and device, storage medium and equipment
CN115914246A (en) * 2022-10-08 2023-04-04 广州市玄武无线科技股份有限公司 Point-to-point communication method, system, device and storage medium for offline message

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020134635A1 (en) * 2018-12-28 2020-07-02 百富计算机技术(深圳)有限公司 Pos terminal certificate update method, server, and pos terminal
CN111464486A (en) * 2019-01-22 2020-07-28 阿里巴巴集团控股有限公司 Information interaction method and device and computing equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AUPQ696500A0 (en) * 2000-04-17 2000-05-11 Qsi Payment Technologies Pty Ltd Electronic commerce payment system
CN105678553A (en) * 2015-08-05 2016-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing order information
GB2549118B (en) * 2016-04-05 2020-12-16 Samsung Electronics Co Ltd Electronic payment system using identity-based public key cryptography
CN107578234A (en) * 2017-09-01 2018-01-12 泰康保险集团股份有限公司 Method of payment, payment mechanism, medium and electronic equipment
CN109034798B (en) * 2018-07-13 2022-09-09 惠龙易通国际物流股份有限公司 Electronic payment system, method, apparatus, device and medium based on micro service
CN111047313B (en) * 2020-03-12 2020-12-04 支付宝(杭州)信息技术有限公司 Code scanning payment, information sending and key management method, device and equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020134635A1 (en) * 2018-12-28 2020-07-02 百富计算机技术(深圳)有限公司 Pos terminal certificate update method, server, and pos terminal
CN111464486A (en) * 2019-01-22 2020-07-28 阿里巴巴集团控股有限公司 Information interaction method and device and computing equipment

Also Published As

Publication number Publication date
CN113014670A (en) 2021-06-22

Similar Documents

Publication Publication Date Title
CN113014670B (en) Method, device, medium and program product for pushing order information
US20230353375A1 (en) Reward point transfers using blockchain
JP6438989B2 (en) Apparatus and method for secure element transaction and asset management
KR101799343B1 (en) Method for using, revoking certificate information and blockchain-based server using the same
RU2661910C1 (en) Method and system for protected communication of remote notification service messages to mobile devices without protected elements
US20110131102A1 (en) Secure mobile payment processing
CN111767578B (en) Data inspection method, device and equipment
CN104217327A (en) Financial IC (integrated circuit) card Internet terminal and trading method thereof
US10733594B1 (en) Data security measures for mobile devices
US10581814B2 (en) Re-programmable secure device
US20230325291A1 (en) Systems and methods for simulation-based replay of integrated devices
CN110599290A (en) Data processing method and system for cross-border transaction
US20170300873A1 (en) System and method for secure automated clearinghouse transactions
CN114172663B (en) Business right determining method and device based on block chain, storage medium and electronic equipment
CN111311259A (en) Bill processing method, device, terminal and computer readable storage medium
US20140208105A1 (en) Automated Content Signing for Point-of-Sale Applications in Fuel Dispensing Environments
KR102542866B1 (en) ELECTRONIC DEVICE GENERATING NFTs(NON-FUNGIBLE TOKENS) FOR A REAL ESTATE STAKE
CN113822664B (en) Method, device, system, terminal, server and medium for opening offline payment
US20230196351A1 (en) Transaction tracing method and apparatus based on blockchain
US20220300943A1 (en) Information processing apparatus, payment processing system, method, and program
US20160070921A1 (en) Asset protection based on redundantly associated trusted entitlement verification
CN113379418B (en) Information verification method, device, medium and program product based on security plug-in
US11800316B1 (en) System and method for providing a micro registry
US11270362B1 (en) Systems and methods for proof of application ownership
CN114785560B (en) Information processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant