WO2017092654A1 - Pos machine transaction processing method and system - Google Patents

Pos machine transaction processing method and system Download PDF

Info

Publication number
WO2017092654A1
WO2017092654A1 PCT/CN2016/107749 CN2016107749W WO2017092654A1 WO 2017092654 A1 WO2017092654 A1 WO 2017092654A1 CN 2016107749 W CN2016107749 W CN 2016107749W WO 2017092654 A1 WO2017092654 A1 WO 2017092654A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
transaction
pos
transaction information
master key
Prior art date
Application number
PCT/CN2016/107749
Other languages
French (fr)
Chinese (zh)
Inventor
王琪
何舟
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2017092654A1 publication Critical patent/WO2017092654A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated
    • G07G1/14Systems including one or more distant stations co-operating with a central processing unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present invention relates to the field of electronic communications, and in particular, to a POS transaction processing method and system.
  • POS (Point of Sale) machine terminal is a terminal device for cardholders to pay for credit card after shopping. It is widely used in various supermarkets, shopping malls, hotels, restaurants and other industries. It is currently the process of bank card payment. It is the most widely used, most convenient, and most accepted consumer terminal.
  • POS machines adopt a 3DES-based symmetric key system to protect the cardholder's personal password and transaction information packets with 3DES keys.
  • the security management of the 3DES (Triple DES) key which is the basis of the symmetric key system, is a matter of great concern to the national regulatory authorities, banks, and bank card acquirers, and requires assurance.
  • the POS terminal In the traditional POS industry, the POS terminal is usually placed before the merchant, and the POS terminal specialization service or the acquiring institution needs to manually use the PIN of the parent POS to the POS terminal to fill the terminal master key to realize one machine. dense.
  • a unique terminal master key is shared between each POS terminal and the online transaction system, and the online transaction system invokes the encryption machine to randomly generate a PIK (Regional PIN Key) for encrypting the PIN encrypted by the terminal master key.
  • the two parts of the MAK Information Authentication Key
  • the PIK and MAK are stored in the PIN pad and the PIN is encrypted.
  • the traditional POS transaction processing method has the problem of waste of resources and low efficiency of upgrade.
  • the embodiment of the invention provides a POS machine transaction processing method and system, which solves the problem of resource waste and low upgrade efficiency in the prior art.
  • the method of the present invention includes a POS transaction processing method, the method comprising: receiving transaction information transmitted by a POS entity terminal, the transaction information including application identification information and encryption after being encrypted by a terminal master key a data source; determining, according to the application identification information, an application master key corresponding to the transaction information; using the application master key, performing trans-encryption on the encrypted data source in the transaction information, and generating a trans-encrypted Result data; the result data is sent to the far end.
  • an embodiment of the present invention further provides a POS online transaction processing system, where the system includes:
  • a receiving unit configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
  • a determining unit configured to determine, according to the application identification information, an application master key corresponding to the transaction information
  • An encryption unit configured to perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data
  • a sending unit configured to send the result data to a remote end.
  • the embodiment of the present application provides a POS transaction processing device, including: a transceiver and a processor;
  • the transceiver is configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
  • the processor is configured to determine, according to the application identification information, an application master key corresponding to the transaction information, and use the application master key to perform trans-encryption on the encrypted data source in the transaction information, and generate Translated encrypted result data;
  • the transceiver is further configured to send the result data to a remote end.
  • the transceiver is further configured to: receive POS entity terminal identifier information sent by the POS entity terminal;
  • the processor is further configured to: determine, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is for each POS machine.
  • the processor is specifically configured to determine, according to the POS entity entity terminal identification information, an application identifier in the transaction information corresponding to the POS entity entity terminal identifier information, in the preset mapping relationship table, determine The transaction information satisfies the transaction rule and continues to perform subsequent processing; otherwise, the processing is stopped and the processing failure result is returned.
  • the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext; the processor is specifically configured to: use the PIK corresponding to the application master key to identify the personal identifier in the encrypted data source of the transaction information.
  • the code ciphertext is encrypted; using the MAK corresponding to the application master key, the transaction data ciphertext in the encrypted data source of the transaction information is calculated, and the check value MAC of the result data is obtained.
  • the processor is specifically configured to: determine an application master key corresponding to the application identifier information according to a correspondence between the preset application identifier information and the application master key.
  • an embodiment of the present invention provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions are used to cause the computer to execute any of the above The POS transaction processing method described.
  • an embodiment of the present invention provides a computer program product, where the computer program is The program includes a computing program stored on a non-transitory computer readable storage medium, the computer program including program instructions that, when executed by a computer, cause the computer to perform the POS transaction described in any of the above Approach.
  • the embodiment of the present invention only injects a terminal master key on the same POS terminal, and the POS terminal carries multiple applications, so different transactions can use different applications of the same POS terminal to avoid The resource waste problem of using different POS terminals in different transactions; on the other hand, the application master key corresponding to multiple applications is stored on the POS online transaction system, and the application identifiers of multiple applications and the POS entity terminal Established a correspondence.
  • the POS online trading system encrypts the received transaction information using the application master key through the correspondence between the application identifiers of the multiple applications and the application master key, so that even the transactions with different deduction rates use the same
  • the physical terminal of the POS machine can also be distinguished by the online transaction system through the application master key, which ensures the correctness of the transaction processing.
  • the new application is implemented, only the application primary key in the POS online transaction system needs to be updated. The key does not need to perfuse the application key to each POS entity terminal, which improves the upgrade efficiency.
  • 1 is a POS transaction processing method according to an embodiment of the present invention, involving multiple entities and systems;
  • FIG. 3 is a schematic flowchart of a method for processing a POS online transaction according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a POS online transaction processing system according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a POS online transaction processing device according to an embodiment of the present invention.
  • the existing POS transaction processing method is usually one machine and one secret. This transaction processing method has the disadvantages of waste of resources and low efficiency of upgrade.
  • intelligent POS terminal is also popularized, and intelligent POS terminal A plurality of applications are usually integrated, and different applications usually have different deduction rates. Therefore, different application master keys are required, and in order to implement a background system for moving the payment application to the POS terminal, the embodiment of the present invention
  • the online transaction system to call the hardware encryption machine
  • the transaction data is converted between the POS terminal and the application program, thereby ensuring the security of payment, improving the flexibility and scalability of the POS terminal service, and realizing a multi-machine the goal of.
  • the POS transaction processing method of the embodiment of the present invention involves multiple entities and systems, and thus the foregoing multiple entities or systems are introduced in advance. Specifically, as shown in Figure 1, it includes:
  • the POS entity terminal has a terminal identifier, and shares a unique terminal master key with the online transaction system.
  • the terminal master key (TMK) of the physical terminal of the POS machine includes: PIK and MAK, and the PIK is a work key for 3DES encryption of the cardholder's personal identification number (PIN), and the MAK is a card.
  • MAC check value
  • the PIN pad (PIN PAD) securely protects the PIK and MAK of the terminal master key and encrypts the personal identification code.
  • the application client is an application for setting transactions, It runs on a POS terminal with a smart operating system.
  • the application client can complete the payment function by interacting with the online trading system, because the deduction rate of different transactions may be different, so the application clients with different deduction rates usually have corresponding application master keys.
  • the online transaction system decrypts the packets sent by the physical terminal, and verifies the legality and association relationship between the physical terminal and the application terminal.
  • a hardware encryption machine a device that encrypts transaction data, is used for encryption of PINs, verifies the correctness of transaction information and data sources, and stores the terminal master key.
  • the POS physical terminal is connected to a PIN pad, and the hardware cipher is connected to the online transaction system.
  • all the current POS acquiring institutions adopt the method of dynamically managing the working key by using the terminal master key, that is, in order to avoid being cracked, the working key It is dynamically changed, that is, each time the POS machine entity terminal issues a sign-in request, the online transaction system automatically generates a new PIK and MAK, and after the TMK is encrypted and protected, it is sent back to the POS entity terminal with the response message.
  • the POS entity terminal receives the PIK and MAK returned by the online transaction system and deposits it into the password keyboard.
  • FIG. 2 schematically describes the POS entity terminal using PIK and MAK respectively for personal identification code and transaction.
  • the process of data security protection including:
  • Step 101 The POS entity terminal obtains the personal identification code (ie, the PIN plaintext) and the payment transaction data input by the cardholder through the PIN pad as the original data source to be encrypted.
  • the personal identification code ie, the PIN plaintext
  • Step 102 The POS entity terminal extracts the PIK work key and the MAK work key saved in the PIN pad, and uses the PIK work key and the MAK work key as the encryption key of the 3DES.
  • Step 103 The POS entity terminal performs 3DES encryption on the original data source by using PIK and MAK, generates an encrypted PIN ciphertext and generates a check value MAC of the transaction data packet, and the POS entity terminal will contain the PIN ciphertext and the MAC value.
  • the transaction information is sent to an online trading system connected to the physical terminal of the POS machine.
  • Step 104 The online transaction system uses the same MAK work key as the POS entity terminal. Verify the correctness of the MAC value.
  • the POS transaction processing method is improved on the online transaction system, and the improvement method is shown in FIG. 3, and the specific implementation method includes:
  • Step S201 Receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key.
  • Step S202 Determine an application master key corresponding to the transaction information according to the application identifier information.
  • Step S203 Perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data.
  • Step S204 the result data is sent to the remote end.
  • the execution body of the above steps may be a POS machine background system similar to the online transaction system, and the following mainly introduces the online transaction system as an execution subject.
  • the encrypted data source in the transaction information received by the online transaction system includes a personal identification code ciphertext and a transaction data ciphertext, and the personal identification code ciphertext and the transaction data ciphertext generation process are as described in FIG. 2 .
  • the transaction information received by the online transaction system further includes the POS entity terminal identification information of the generated transaction.
  • the online transaction system determines, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is the terminal identification information of each POS entity and A correspondence table between application identifiers in each POS entity terminal.
  • the online transaction system acquires an application client included in each POS entity terminal when each POS entity terminal accesses the network, because different application clients respectively correspond to respective application identification information, wherein the application identification information
  • the utility model mainly includes a merchant number and a terminal number, and establishes a binding relationship between the terminal identifier information of each POS machine entity and the application identifier information of the application client in the POS machine entity terminal.
  • the embodiment of the present invention further determines whether the transaction generated by the POS entity terminal is legal. Specifically, if the POS entity identification information is used, the POS entity is determined. The application identifier in the transaction information corresponding to the terminal identifier information is determined in the preset mapping relationship table, and the transaction information is determined to satisfy the transaction rule, and the subsequent processing is continued; otherwise, the processing is stopped, and the processing failure result is returned.
  • the online trading system detects that the application identifier corresponding to the transaction generated by the POS entity terminal has no query result in the mapping relationship table, so it is determined that the transaction is an illegal transaction, so the processing is returned. The result of the failure.
  • the online trading system will continue to process the transaction.
  • the transaction information is further encrypted by using the background hardware encryption machine, and the encryption key is determined before the encryption, specifically, according to the preset application identification information and the application primary key. Corresponding relationship between the keys, determining an application master key corresponding to the application identifier information, and encrypting by using an application master key.
  • the so-called trans-encryption refers to the process of decrypting the encrypted data source according to the PIK of the POS entity terminal, and then encrypting the decrypted encrypted data source according to the application master key.
  • the online transaction system stores the application master key corresponding to the fresh cash register application and the clothing cash register application stored in the foregoing POS machine, and establishes a mapping between the fresh cash register application identifier and the corresponding master key of the fresh cash register application, and The application of the master key of the clothing cash register application and the clothing cash register application, so that the application master key corresponding to the transaction can be determined immediately after the application identification in the transaction information, so the subsequent acquiring platform can be more applied.
  • the key information of the master key completes the processing of the corresponding transaction fee.
  • the embodiment of the present invention provides a process for the online transaction system to perform trans-encryption on the transaction information.
  • the online transaction system uses the PIK corresponding to the application master key to add the transaction information.
  • the personal identification code ciphertext in the secret data source is encrypted; using the MAK corresponding to the application master key, the transaction data ciphertext in the encrypted data source of the transaction information is calculated, and the MAC of the result data is obtained.
  • POS physical terminal that carries two application clients in the physical terminal of the POS machine.
  • One application is mainly responsible for the transaction of the general commodity, and the other application is responsible for the transaction.
  • It is the cash register of people's livelihood products, such as gasoline, fertilizer and other people's death products. Because the deduction rates of the transactions corresponding to the two applications are different, the transactions of the two applications will have different application master keys, and the application master key TMK1 corresponding to the cash register application of the common commodity includes PIK1 and MAK1, The application master key TMK2 corresponding to the cashier application of the death product includes PIK2 and MAK2.
  • the online transaction system transcodes the PIN ciphertext in the transaction information according to the application master key TMK2 corresponding to the cash register application of the death product, so as to avoid The leakage of the terminal master key causes the PIN to be circulated, thereby ensuring the security of the transaction.
  • the transaction data ciphertext is encrypted by the MAK2 of the application master key TMK2 corresponding to the cash register application of the death product, so that the receipt can be made.
  • the platform derives that the transaction is a death product based on the application master key TMK2, so the correct deduction rate is selected as the transaction fee for the transaction.
  • the POS terminal includes two application clients, namely: agricultural product client, grain and oil product client.
  • the POS terminal completes the network configuration and the check-in request, the corresponding relationship between the agricultural product client, the grain and oil product client and the POS physical terminal is completed in the background online transaction system, and the agricultural product client and the agricultural product client are completed.
  • the correspondence between the master key is applied, and the correspondence between the grain and oil product client and the grain and oil product client application master key.
  • the password keyboard uses the PIK to encrypt and report the PIN input by the cardholder to the online transaction system, and reports the POS at the same time.
  • the terminal identifier and the merchant identifier of the physical entity terminal After the above steps are completed, the online transaction system performs the following steps according to the POS transaction processing method provided by the embodiment of the present invention:
  • Step 1 The online transaction system receives the transaction information encrypted by the POS entity terminal by using the terminal master key, where the transaction information includes the corresponding merchant number of the agricultural harvester, and the transaction information further includes a corresponding POS entity terminal identifier.
  • Step 2 The online transaction system uses the application master key of the farm product client corresponding to the merchant number, and uses the application master key to encrypt and convert the transaction information.
  • step three the online trading system sends the complete result data to the acquiring platform.
  • step 4 the acquiring platform sends the result data to the issuing bank for processing, and sends the transaction processing result to the online trading system, and the online trading system returns the transaction result to the terminal.
  • an embodiment of the present invention further provides a POS online transaction processing system, which can implement the foregoing method embodiments.
  • the system provided by the embodiment of the present invention includes: a receiving unit 401, a determining unit 402, an encrypting unit 403, and a sending unit 404, where:
  • the receiving unit 401 is configured to receive transaction information sent by the POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
  • a determining unit 402 configured to determine, according to the application identification information, an application master key corresponding to the transaction information
  • the encryption unit 403 is configured to perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data;
  • the sending unit 404 is configured to send the result data to the remote end.
  • the execution body of the above steps may be a POS machine background system similar to the online transaction system, and the following mainly introduces the online transaction system as an execution subject.
  • the encrypted data source in the transaction information received by the online transaction system includes a personal identification code ciphertext and a transaction data ciphertext, and the personal identification code ciphertext and the transaction data ciphertext generation process are as described in FIG. 2 .
  • the transaction information received by the online transaction system further includes the POS entity terminal identification information of the generated transaction.
  • the receiving unit 401 of the online transaction system is further configured to: receive the POS entity terminal identification information sent by the POS entity terminal.
  • the determining unit 402 is further configured to: determine the transaction according to the transaction information corresponding to the POS entity entity terminal identification information.
  • the application identifier in the information is in a preset mapping relationship table, where the mapping relationship table is a correspondence table between the terminal identification information of each POS entity and the application identifier in each POS entity terminal.
  • the online transaction system acquires an application client included in each POS entity terminal when each POS entity terminal accesses the network, because different application clients respectively correspond to respective application identification information, wherein the application identification information
  • the utility model mainly includes a merchant number and a terminal number, and establishes a binding relationship between the terminal identifier information of each POS machine entity and the application identifier information of the application client in the POS machine entity terminal.
  • POS machine there is a POS machine in a large supermarket.
  • the fresh cash register application There are two applications in the POS machine, namely the fresh cash register application and the clothing cash register application. Therefore, when the POS machine accesses the online transaction system, a correspondence table between the identifier of the POS machine and the identifier of the fresh cash register application and the identifier of the clothing cash register application is established.
  • the embodiment of the present invention further determines whether the transaction generated by the POS entity terminal is legal, and the determining unit 405 is configured to determine, according to the POS entity entity terminal identification information, The application identifier in the transaction information corresponding to the physical terminal identification information of the POS machine, in the preset mapping relationship table, determining that the transaction information satisfies the transaction rule, and continues to perform subsequent processing; otherwise, stopping the processing, and returning the processing failure result.
  • the online trading system detects that the application identifier corresponding to the transaction generated by the POS entity terminal has no query result in the mapping relationship table, so it is determined that the transaction is an illegal transaction, so the processing is returned. The result of the failure.
  • the online trading system will continue to process the transaction.
  • the background hardware encryption machine is further used to further encrypt the transaction information, and the encryption key is determined before the encryption, specifically, according to the preset application identification information and the application master key. Corresponding relationship between the application master key corresponding to the application identifier information.
  • the so-called trans-encryption refers to the number of encryptions based on the PIK of the physical terminal of the POS machine.
  • the decrypted encrypted data source is encrypted according to the application master key.
  • the online transaction system stores the application master key corresponding to the fresh cash register application and the clothing cash register application stored in the foregoing POS machine, and establishes a mapping between the fresh cash register application identifier and the corresponding master key of the fresh cash register application, and The application of the master key of the clothing cash register application and the clothing cash register application, so that the application master key corresponding to the transaction can be determined immediately after the application identification in the transaction information, so the subsequent acquiring platform can be more applied.
  • the key information of the master key completes the processing of the corresponding transaction fee.
  • the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext
  • the encryption unit 403 is specifically configured to: encrypt the personal identification code ciphertext in the encrypted data source of the transaction information;
  • the MAK corresponding to the key calculates the transaction data ciphertext in the encrypted data source of the transaction information, and obtains the MAC of the result data.
  • POS physical terminal that carries two application clients in the physical terminal of the POS machine.
  • One application is mainly responsible for the transaction of the general commodity, and the other application is responsible for the transaction.
  • It is the cash register of people's livelihood products, such as gasoline, fertilizer and other people's death products. Because the deduction rates of the transactions corresponding to the two applications are different, the transactions of the two applications will have different application master keys, and the application master key TMK1 corresponding to the cash register application of the common commodity includes PIK1 and MAK1, The application master key TMK2 corresponding to the cashier application of the death product includes PIK2 and MAK2.
  • the online transaction system transcodes the PIN ciphertext in the transaction information according to the application master key TMK2 corresponding to the cash register application of the death product, so as to avoid The leakage of the terminal master key causes the PIN to be circulated, thereby ensuring the security of the transaction.
  • the transaction data ciphertext is encrypted by the MAK2 of the application master key TMK2 corresponding to the cash register application of the death product, so that the receipt can be made.
  • the platform derives that the transaction is a death product based on the application master key TMK2, so the correct deduction rate is selected as the transaction fee for the transaction.
  • the embodiment of the present invention only injects a terminal master key on the same POS terminal, and the POS terminal carries multiple applications, so different transactions can use the same POS terminal.
  • Different applications avoiding different transactions using different POS terminals
  • the application master key corresponding to multiple applications is stored on the POS online transaction system, and the application identifiers of multiple applications are associated with the POS entity terminal.
  • the POS online trading system encrypts the received transaction information using the application master key through the correspondence between the application identifiers of the multiple applications and the application master key, so that even the transactions with different deduction rates use the same
  • the physical terminal of the POS machine can also be distinguished by the online transaction system through the application master key, which ensures the correctness of the transaction processing.
  • the new application is implemented, only the application primary key in the POS online transaction system needs to be updated. The key does not need to perfuse the application key to each POS entity terminal, which improves the upgrade efficiency.
  • the embodiment of the present application provides another POS transaction processing device.
  • 5 is a schematic structural diagram of a POS transaction processing device of the present invention, the POS transaction processing device 500 includes: a transceiver 501, a processor 502, a memory 503, and a bus system 504;
  • the memory 503 is used to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the memory 503 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed. Memory 503 can also be a memory in processor 502.
  • the memory 503 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • Processor 502 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 502 or an instruction in a form of software.
  • the processor 502 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component. Can The methods, steps, and logical block diagrams disclosed in the embodiments of the present application are implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in the memory 503, and the processor 502 reads the information in the memory 503 and performs the following steps in conjunction with its hardware:
  • the transceiver 501 is configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
  • the processor 502 is configured to determine, according to the application identifier information, an application master key corresponding to the transaction information, and use the application master key to perform trans-encryption on the encrypted data source in the transaction information, and Generating the result data after transcoding;
  • the transceiver 501 is further configured to send the result data to a remote end.
  • the transceiver 501 is further configured to receive POS entity terminal identifier information sent by the POS entity terminal;
  • the processor 502 is further configured to: determine, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is for each POS A correspondence table between the physical entity terminal identification information and the application identifier in each of the POS entity terminals.
  • the processor 502 is configured to: determine, according to the POS entity entity terminal identifier information, an application identifier in the transaction information corresponding to the POS entity entity terminal identifier information, in a preset mapping relationship table. Then, it is judged that the transaction information satisfies the transaction rule, and the subsequent processing is continued; otherwise, the processing is stopped, and the processing failure result is returned.
  • the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext;
  • the processor 502 is specifically configured to: encrypt, by using a PIK corresponding to the application master key, the personal identification code ciphertext in the encrypted data source of the transaction information; and calculate the transaction by using a MAK corresponding to the application master key.
  • the transaction data ciphertext in the encrypted data source of the information, and the check value of the result data is obtained.
  • the processor 502 is specifically configured to: determine an application master key corresponding to the application identifier information according to a correspondence between the preset application identifier information and the application master key.
  • the POS transaction processing device of the embodiment of the present invention exists in various forms, including but not limited to:
  • Mobile communication devices These devices are characterized by mobile communication functions and are mainly aimed at providing voice and data communication. Such devices include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
  • Ultra-mobile personal computer equipment This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has mobile Internet access.
  • Such terminals include: PDAs, MIDs, and UMPC devices, such as the iPad.
  • Portable entertainment devices These devices can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, and smart toys and portable car navigation devices.
  • the server consists of a processor, a hard disk, a memory, a system bus, etc.
  • the server is similar to a general-purpose computer architecture, but because of the need to provide highly reliable services, processing power and stability High reliability in terms of reliability, security, scalability, and manageability.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • the present invention also provides a non-transitory computer readable storage medium, the non-transient computing
  • the machine readable storage medium stores computer instructions for causing the computer to perform the POS machine transaction processing method of any of the above.
  • the present invention also provides a computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to execute the POS transaction processing method described in any of the above.

Abstract

Disclosed in the present invention are a POS machine transaction processing method and system, the method comprises: receiving transaction information transmitted by an entity terminal of a POS machine, the transaction information comprising application identifier information and an encrypted data source after being encrypted by a primary key of the terminal; according to the application identifier information, determining the primary key of the application corresponding to the transaction information; performing a switch encryption on the encrypted data source in the transaction information by using the primary key of the application, and generating result data after performing the switch encryption; transmitting the result data to a remote end. The invention addresses a problem in prior art of resource wastage and low upgrade efficiency.

Description

一种POS机交易处理方法及系统POS machine transaction processing method and system
本申请要求在2015年12月04日提交中华人民共和国知识产权局、申请号为201510894192.X,发明名称为“一种POS机交易处理方法及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on December 4, 2015, submitted to the Intellectual Property Office of the People's Republic of China, application number 201510894192.X, and the invention name is “a POS machine transaction processing method and system”. This is incorporated herein by reference.
技术领域Technical field
本发明涉及电子通讯领域,尤其涉及一种POS机交易处理方法及系统。The present invention relates to the field of electronic communications, and in particular, to a POS transaction processing method and system.
背景技术Background technique
POS(Point of Sale,销售终端)机终端是持卡人购物后刷卡消费支付的一种终端设备,它广泛应用于各大超市、商场、酒店、餐饮等各行业,是目前进行银行卡支付过程中使用最广泛、最便捷、也是受市场接受程度最高的一种消费终端。目前POS机均采用基于3DES的对称密钥体系,对持卡人的个人密码和交易信息包,用3DES密钥进行安全保护的技术。作为对对称密钥体系基础的3DES(Triple DES,三重数据加密算法)密钥的安全管理,是国家监管层、银行以及银行卡收单机构高度关注,并要求确保的问题。POS (Point of Sale) machine terminal is a terminal device for cardholders to pay for credit card after shopping. It is widely used in various supermarkets, shopping malls, hotels, restaurants and other industries. It is currently the process of bank card payment. It is the most widely used, most convenient, and most accepted consumer terminal. At present, POS machines adopt a 3DES-based symmetric key system to protect the cardholder's personal password and transaction information packets with 3DES keys. The security management of the 3DES (Triple DES) key, which is the basis of the symmetric key system, is a matter of great concern to the national regulatory authorities, banks, and bank card acquirers, and requires assurance.
在传统的POS行业中,POS机终端通常在布放到商户之前,POS终端专业化服务机构或收单机构需手动使用母POS往POS机终端的密码键盘灌入终端主密钥实现一机一密。每台POS机终端与联机交易系统之间共享唯一的终端主密钥,联机交易系统调用加密机随机生成用终端主密钥加密的用于对PIN加密的PIK(区域PIN密钥)和进行报文鉴别的MAK(信息认证密钥)两个部分。PIK和MAK保存在密码键盘中,并对个人标识码进行加密密保。在联机交易过程中,为防止PIN泄露或被破解,要求从终端到发卡行整个信息交互过程中,全程对PIN进行安全加密保护,不允许在计算机和网络系统中的任何环节,PIN以明文的方式出现。但是现有的POS机交易处理方法存在以 下缺点:第一:因为针对不同的交易,一个商户的柜台上摆放了多台POS机和密码键盘,造成了硬件资源和维护成本的浪费。第二:新业务的推广困难。每当有新业务需要进行推广时,需要重新烧录POS机程序和密码键盘灌装,投入大,进度慢。In the traditional POS industry, the POS terminal is usually placed before the merchant, and the POS terminal specialization service or the acquiring institution needs to manually use the PIN of the parent POS to the POS terminal to fill the terminal master key to realize one machine. dense. A unique terminal master key is shared between each POS terminal and the online transaction system, and the online transaction system invokes the encryption machine to randomly generate a PIK (Regional PIN Key) for encrypting the PIN encrypted by the terminal master key. The two parts of the MAK (Information Authentication Key) for identification. The PIK and MAK are stored in the PIN pad and the PIN is encrypted. In the online transaction process, in order to prevent PIN leakage or being cracked, it is required to securely encrypt the PIN from the terminal to the issuing bank during the entire information exchange process, and does not allow any link in the computer and network system, the PIN is in plaintext. The way it appears. However, existing POS transaction processing methods exist The following shortcomings: First: Because for different transactions, a merchant's counter is placed with multiple POS machines and password keyboards, resulting in a waste of hardware resources and maintenance costs. Second: the promotion of new business is difficult. Whenever there is a new business that needs to be promoted, it is necessary to re-burn the POS program and password keyboard filling, and the investment is large and the progress is slow.
综上,传统的POS机交易处理方法存在资源浪费和升级效率低的问题。In summary, the traditional POS transaction processing method has the problem of waste of resources and low efficiency of upgrade.
发明内容Summary of the invention
本发明实施例提供一种POS机交易处理方法及系统,用以解决现有技术中存在资源浪费和升级效率低的问题。The embodiment of the invention provides a POS machine transaction processing method and system, which solves the problem of resource waste and low upgrade efficiency in the prior art.
第一方面,本发明方法包括一种POS机交易处理方法,该方法包括:接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;根据所述应用标识信息,确定所述交易信息对应的应用主密钥;使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;将所述结果数据发送至远端。In a first aspect, the method of the present invention includes a POS transaction processing method, the method comprising: receiving transaction information transmitted by a POS entity terminal, the transaction information including application identification information and encryption after being encrypted by a terminal master key a data source; determining, according to the application identification information, an application master key corresponding to the transaction information; using the application master key, performing trans-encryption on the encrypted data source in the transaction information, and generating a trans-encrypted Result data; the result data is sent to the far end.
第二方面,基于同样的发明构思,本发明实施例进一步地提供POS联机交易处理系统,所述系统包括:In a second aspect, based on the same inventive concept, an embodiment of the present invention further provides a POS online transaction processing system, where the system includes:
一种接收单元,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;a receiving unit, configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
确定单元,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;a determining unit, configured to determine, according to the application identification information, an application master key corresponding to the transaction information;
加密单元,用于使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;An encryption unit, configured to perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data;
发送单元,用于将所述结果数据发送至远端。a sending unit, configured to send the result data to a remote end.
第三方面,本申请实施例提供一种POS机交易处理设备,包括:收发器、处理器; In a third aspect, the embodiment of the present application provides a POS transaction processing device, including: a transceiver and a processor;
所述收发器,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;The transceiver is configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
所述处理器,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;The processor is configured to determine, according to the application identification information, an application master key corresponding to the transaction information, and use the application master key to perform trans-encryption on the encrypted data source in the transaction information, and generate Translated encrypted result data;
所述收发器,还用于将所述结果数据发送至远端。The transceiver is further configured to send the result data to a remote end.
进一步地,所述收发器还用于:接收由POS机实体终端发送的POS机实体终端标识信息;Further, the transceiver is further configured to: receive POS entity terminal identifier information sent by the POS entity terminal;
所述处理器还用于:根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。The processor is further configured to: determine, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is for each POS machine. A correspondence table between the entity terminal identification information and the application identifier in each of the POS entity terminals.
进一步地,述处理器具体用于:若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;否则,停止继续处理,返回处理失败结果。Further, the processor is specifically configured to determine, according to the POS entity entity terminal identification information, an application identifier in the transaction information corresponding to the POS entity entity terminal identifier information, in the preset mapping relationship table, determine The transaction information satisfies the transaction rule and continues to perform subsequent processing; otherwise, the processing is stopped and the processing failure result is returned.
进一步地,所述加密数据源包括个人标识码密文和交易数据密文;所述处理器具体用于:使用应用主密钥对应的PIK,对所述交易信息的加密数据源中的个人标识码密文进行加密;使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的校验值MAC。Further, the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext; the processor is specifically configured to: use the PIK corresponding to the application master key to identify the personal identifier in the encrypted data source of the transaction information. The code ciphertext is encrypted; using the MAK corresponding to the application master key, the transaction data ciphertext in the encrypted data source of the transaction information is calculated, and the check value MAC of the result data is obtained.
进一步地,所述处理器具体用于:根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。Further, the processor is specifically configured to: determine an application master key corresponding to the application identifier information according to a correspondence between the preset application identifier information and the application master key.
第四方面,本发明实施例提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行上述任一项所述的POS机交易处理方法。In a fourth aspect, an embodiment of the present invention provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions are used to cause the computer to execute any of the above The POS transaction processing method described.
第五方面,本发明实施例提供一种计算机程序产品,所述计算机程序产 品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任一项所述的POS机交易处理方法。In a fifth aspect, an embodiment of the present invention provides a computer program product, where the computer program is The program includes a computing program stored on a non-transitory computer readable storage medium, the computer program including program instructions that, when executed by a computer, cause the computer to perform the POS transaction described in any of the above Approach.
本发明实施例一方面在同一台POS机终端上只是灌注一个终端主密钥,而且该POS机终端上承载多个应用程序,因此不同的交易可以使用同一台POS机终端的不同应用程序,避免了不同交易使用不同POS机终端的资源浪费问题;另一方面,多个应用程序对应的应用主密钥被存储在POS机联机交易系统上,而且多个应用程序的应用标识与POS机实体终端建立了对应关系。POS机联机交易系统通过多个应用程序的应用标识与应用主密钥之间的对应关系,将接收的交易信息使用应用主密钥进行转加密,这样,即便是不同扣率的交易使用同一台POS机实体终端,也可以被联机交易系统通过应用主密钥区分开来,保证了交易处理的正确性,同时当推行新的应用程序时,也只需要更新POS联机交易系统中的应用主密钥,不需要对每个POS机实体终端灌注应用密钥,提高了升级效率。On the one hand, the embodiment of the present invention only injects a terminal master key on the same POS terminal, and the POS terminal carries multiple applications, so different transactions can use different applications of the same POS terminal to avoid The resource waste problem of using different POS terminals in different transactions; on the other hand, the application master key corresponding to multiple applications is stored on the POS online transaction system, and the application identifiers of multiple applications and the POS entity terminal Established a correspondence. The POS online trading system encrypts the received transaction information using the application master key through the correspondence between the application identifiers of the multiple applications and the application master key, so that even the transactions with different deduction rates use the same The physical terminal of the POS machine can also be distinguished by the online transaction system through the application master key, which ensures the correctness of the transaction processing. At the same time, when the new application is implemented, only the application primary key in the POS online transaction system needs to be updated. The key does not need to perfuse the application key to each POS entity terminal, which improves the upgrade efficiency.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without paying for inventive labor.
图1为本发明实施例提供的POS机交易处理方法涉及多个实体和系统;1 is a POS transaction processing method according to an embodiment of the present invention, involving multiple entities and systems;
图2为现有技术提供的一种POS机实体终端利用利用终端主密钥加密的过程;2 is a process of a POS entity terminal provided by the prior art using a terminal master key encryption;
图3为本发明实施例还提供一种POS联机交易处理方法流程示意图; FIG. 3 is a schematic flowchart of a method for processing a POS online transaction according to an embodiment of the present invention;
图4为本发明实施例提供一种POS联机交易处理系统结构示意图;4 is a schematic structural diagram of a POS online transaction processing system according to an embodiment of the present invention;
图5为本发明实施例提供一种POS联机交易处理设备架构示意图。FIG. 5 is a schematic structural diagram of a POS online transaction processing device according to an embodiment of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The present invention will be further described in detail with reference to the accompanying drawings, in which . All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
现有的POS机交易处理方法通常是一机一密,这种交易处理方法存在资源浪费和升级效率低的缺点,随着智能操作系统的发展,智能POS机终端也在普及,智能POS机终端上通常集成了多个应用程序,不同的应用程序通常对应的扣率不同,因此就需要对应不同的应用主密钥,为了实现将支付应用后移到POS机终端的后台系统,本发明实施例使用联机交易系统调用硬件加密机,在POS机终端和应用程序之间进行交易数据转换,从而达到保证支付的安全性的同时,提高POS终端业务的灵活性和可扩展性,实现一机多密的目的。本发明实施例的POS机交易处理方法涉及多个实体和系统,因此对涉及的多个实体或者系统预先作出介绍。具体如图1所示,包括:The existing POS transaction processing method is usually one machine and one secret. This transaction processing method has the disadvantages of waste of resources and low efficiency of upgrade. With the development of intelligent operating system, intelligent POS terminal is also popularized, and intelligent POS terminal A plurality of applications are usually integrated, and different applications usually have different deduction rates. Therefore, different application master keys are required, and in order to implement a background system for moving the payment application to the POS terminal, the embodiment of the present invention Using the online transaction system to call the hardware encryption machine, the transaction data is converted between the POS terminal and the application program, thereby ensuring the security of payment, improving the flexibility and scalability of the POS terminal service, and realizing a multi-machine the goal of. The POS transaction processing method of the embodiment of the present invention involves multiple entities and systems, and thus the foregoing multiple entities or systems are introduced in advance. Specifically, as shown in Figure 1, it includes:
POS机实体终端,该POS机实体终端具备终端标识,并且和联机交易系统共享唯一一个终端主密钥。POS机实体终端的终端主密钥(TMK)是包括:PIK和MAK,PIK则是用来对持卡人的个人标识码(PIN)进行3DES加密用的工作密钥,而MAK则是持卡人在POS机刷卡支付时,用来对交易数据生成校验值(MAC)的工作密钥。The POS entity terminal, the POS entity terminal has a terminal identifier, and shares a unique terminal master key with the online transaction system. The terminal master key (TMK) of the physical terminal of the POS machine includes: PIK and MAK, and the PIK is a work key for 3DES encryption of the cardholder's personal identification number (PIN), and the MAK is a card. A work key used to generate a check value (MAC) for transaction data when the POS machine pays for the card.
密码键盘(PIN PAD),对终端主密钥的PIK和MAK进行安全存储保护,以及对个人标识码进行加密保护。The PIN pad (PIN PAD) securely protects the PIK and MAK of the terminal master key and encrypts the personal identification code.
应用程序客户端,应用程序客户端是针对设定交易的一个应用程序,运 行在具备智能操作系统的POS机终端上。应用客户端可通过与联机交易系统的交互,完成支付功能,因为不同的交易对应的扣率可能不同,所以不同扣率的应用程序客户端通常会有相应的应用主密钥。Application client, the application client is an application for setting transactions, It runs on a POS terminal with a smart operating system. The application client can complete the payment function by interacting with the online trading system, because the deduction rate of different transactions may be different, so the application clients with different deduction rates usually have corresponding application master keys.
联机交易系统,对实体终端上送的报文进行解密,同时对实体终端和应用终端的合法性、关联关系进行验证。The online transaction system decrypts the packets sent by the physical terminal, and verifies the legality and association relationship between the physical terminal and the application terminal.
硬件加密机,对交易数据进行加密的设备,用于PIN的加密,验证交易信息和数据来源的正确性以及存储终端主密钥。A hardware encryption machine, a device that encrypts transaction data, is used for encryption of PINs, verifies the correctness of transaction information and data sources, and stores the terminal master key.
从图1中可见,POS机实体终端与密码键盘相连接,所述的硬件加密机与联机交易系统相连接。As can be seen from Figure 1, the POS physical terminal is connected to a PIN pad, and the hardware cipher is connected to the online transaction system.
需要说明的是,为了保障POS机交易信息的加密安全,目前基本所有的POS收单机构均采用了终端主密钥动态管理工作密钥的方法,也就是说,为了避免被破解,工作密钥是动态变化的,即在POS机实体终端每次发出签到请求时,由联机交易系统自动生成新的PIK和MAK,并在TMK被加密保护后,随应答报文安全回送到POS机实体终端,POS机实体终端接收联机交易系统返回的PIK和MAK,存入密码键盘。It should be noted that in order to ensure the encryption security of the transaction information of the POS machine, all the current POS acquiring institutions adopt the method of dynamically managing the working key by using the terminal master key, that is, in order to avoid being cracked, the working key It is dynamically changed, that is, each time the POS machine entity terminal issues a sign-in request, the online transaction system automatically generates a new PIK and MAK, and after the TMK is encrypted and protected, it is sent back to the POS entity terminal with the response message. The POS entity terminal receives the PIK and MAK returned by the online transaction system and deposits it into the password keyboard.
为了描述POS机实体终端利用终端主密钥进行原始交易数据加密的过程,本发明实施例进一步提供了图2,图2中简要描述了POS机实体终端利用PIK和MAK分别对个人标识码和交易数据进行安全保护的过程,包括:In order to describe the process of the POS entity terminal encrypting the original transaction data by using the terminal master key, the embodiment of the present invention further provides FIG. 2, which schematically describes the POS entity terminal using PIK and MAK respectively for personal identification code and transaction. The process of data security protection, including:
步骤101,POS机实体终端通过密码键盘获取持卡人输入的个人标识码(即PIN明文)和支付交易数据,作为待加密的原始数据源。Step 101: The POS entity terminal obtains the personal identification code (ie, the PIN plaintext) and the payment transaction data input by the cardholder through the PIN pad as the original data source to be encrypted.
步骤102,POS机实体终端提取在密码键盘中保存的PIK工作密钥和M AK工作密钥,将所述PIK工作密钥和MAK工作密钥作为3DES的加密密钥。Step 102: The POS entity terminal extracts the PIK work key and the MAK work key saved in the PIN pad, and uses the PIK work key and the MAK work key as the encryption key of the 3DES.
步骤103,POS机实体终端用PIK和MAK对原始数据源进行3DES加密,产生加密后的PIN密文以及生成交易数据包的校验值MAC,POS机实体终端将含有PIN密文和MAC值的交易信息发送给与POS机实体终端相连的联机交易系统。Step 103: The POS entity terminal performs 3DES encryption on the original data source by using PIK and MAK, generates an encrypted PIN ciphertext and generates a check value MAC of the transaction data packet, and the POS entity terminal will contain the PIN ciphertext and the MAC value. The transaction information is sent to an online trading system connected to the physical terminal of the POS machine.
步骤104,联机交易系统用与该POS机实体终端相同的MAK工作密钥 验证MAC值的正确性。Step 104: The online transaction system uses the same MAK work key as the POS entity terminal. Verify the correctness of the MAC value.
本发明实施例为了解决现有存在的资源浪费和升级效率低的问题,在联机交易系统上作出了POS交易处理方法的改进,改进方法参见图3所示,具体地实现方法包括:In the embodiment of the present invention, in order to solve the problem of the existing resource waste and the low efficiency of the upgrade, the POS transaction processing method is improved on the online transaction system, and the improvement method is shown in FIG. 3, and the specific implementation method includes:
步骤S201,接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源。Step S201: Receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key.
步骤S202,根据所述应用标识信息,确定所述交易信息对应的应用主密钥。Step S202: Determine an application master key corresponding to the transaction information according to the application identifier information.
步骤S203,使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据。Step S203: Perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data.
步骤S204,将所述结果数据发送至远端。Step S204, the result data is sent to the remote end.
上述步骤的执行主体可以是类似于联机交易系统的POS机后台系统,如下主要以联机交易系统作为执行主体进行介绍。The execution body of the above steps may be a POS machine background system similar to the online transaction system, and the following mainly introduces the online transaction system as an execution subject.
其中,联机交易系统接收的交易信息中的加密数据源包括个人标识码密文和交易数据密文,所述个人标识码密文和交易数据密文生成过程如图2所描述的过程。另外联机交易系统接收的交易信息还包括生成交易的POS机实体终端标识信息。联机交易系统根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。The encrypted data source in the transaction information received by the online transaction system includes a personal identification code ciphertext and a transaction data ciphertext, and the personal identification code ciphertext and the transaction data ciphertext generation process are as described in FIG. 2 . In addition, the transaction information received by the online transaction system further includes the POS entity terminal identification information of the generated transaction. The online transaction system determines, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is the terminal identification information of each POS entity and A correspondence table between application identifiers in each POS entity terminal.
具体地,联机交易系统会在每个POS机实体终端入网时,获取每个POS机实体终端中含有的应用程序客户端,因为不同的应用程序客户端分别对应各自应用标识信息,其中应用标识信息主要是包括商户号和终端号,将每个POS机实体终端标识信息和该POS机实体终端中的应用程序客户端的应用标识信息建立绑定关系。Specifically, the online transaction system acquires an application client included in each POS entity terminal when each POS entity terminal accesses the network, because different application clients respectively correspond to respective application identification information, wherein the application identification information The utility model mainly includes a merchant number and a terminal number, and establishes a binding relationship between the terminal identifier information of each POS machine entity and the application identifier information of the application client in the POS machine entity terminal.
例如,大型超市中有一台POS机,该POS机中有两个应用程序,分别是生鲜收银应用和服装收银应用。因此,在该台POS机入网联机交易系统时, 会建立该POS机的标识与生鲜收银应用的标识和服装收银应用的标识的对应关系表。For example, there is a POS machine in a large supermarket. There are two applications in the POS machine, namely the fresh cash register application and the clothing cash register application. Therefore, when the POS machine accesses the online trading system, A correspondence table between the identifier of the POS machine and the identifier of the fresh cash register application and the logo of the clothing cash register application is established.
当完成上述对应关系表的建立之后,本发明实施例进一步地判断该POS机实体终端生成的该笔交易是否合法,具体地,若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;否则,停止继续处理,返回处理失败结果。After the establishment of the foregoing correspondence table, the embodiment of the present invention further determines whether the transaction generated by the POS entity terminal is legal. Specifically, if the POS entity identification information is used, the POS entity is determined. The application identifier in the transaction information corresponding to the terminal identifier information is determined in the preset mapping relationship table, and the transaction information is determined to satisfy the transaction rule, and the subsequent processing is continued; otherwise, the processing is stopped, and the processing failure result is returned.
举例来说,若前述所举的大型超市中的POS机发起的交易是一笔生鲜产品的交易,然而因为生鲜收银应用并没有在联机交易系统中完成入网时,所以当该笔交易发送至后台联机交易系统时,联机交易系统会检测出该POS机实体终端生成的该笔交易对应的应用标识在映射关系表中没有查询结果,因此判断该笔交易属于不合法的交易,因此返回处理失败的结果。当然,若生鲜收银应用在联机交易系统完成入网注册,联机交易系统会继续处理该交易。For example, if the POS-initiated transaction in the above-mentioned large supermarket is a transaction of fresh products, since the fresh cash register application is not completed in the online trading system, when the transaction is sent When the online trading system is in the background, the online trading system detects that the application identifier corresponding to the transaction generated by the POS entity terminal has no query result in the mapping relationship table, so it is determined that the transaction is an illegal transaction, so the processing is returned. The result of the failure. Of course, if the fresh cash register application is registered in the online trading system, the online trading system will continue to process the transaction.
联机交易系统当判断完成该笔交易属于合法交易时,利用后台的硬件加密机进一步对交易信息进行转加密,加密之前先确定加密密钥,具体地,根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥,利用应用主密钥进行加密。所谓转加密是指先根据POS机实体终端的PIK将加密数据源解密,再依据应用主密钥对解密后的加密数据源进行加密的过程。When the online transaction system judges that the transaction is a legal transaction, the transaction information is further encrypted by using the background hardware encryption machine, and the encryption key is determined before the encryption, specifically, according to the preset application identification information and the application primary key. Corresponding relationship between the keys, determining an application master key corresponding to the application identifier information, and encrypting by using an application master key. The so-called trans-encryption refers to the process of decrypting the encrypted data source according to the PIK of the POS entity terminal, and then encrypting the decrypted encrypted data source according to the application master key.
举例来说,联机交易系统存储了前述POS机中存储的生鲜收银应用和服装收银应用对应的应用主密钥,并建立生鲜收银应用标识与生鲜收银应用对应主密钥的映射,以及服装收银应用和服装收银应用对应的应用主密钥的映射,这样当从交易信息中的应用标识之后,马上就可以确定出该笔交易对应的应用主密钥,因此后续收单平台可以更加应用主密钥的密钥信息完成相应的交易手续费的处理。For example, the online transaction system stores the application master key corresponding to the fresh cash register application and the clothing cash register application stored in the foregoing POS machine, and establishes a mapping between the fresh cash register application identifier and the corresponding master key of the fresh cash register application, and The application of the master key of the clothing cash register application and the clothing cash register application, so that the application master key corresponding to the transaction can be determined immediately after the application identification in the transaction information, so the subsequent acquiring platform can be more applied. The key information of the master key completes the processing of the corresponding transaction fee.
进一步地,本发明实施例提供联机交易系统对交易信息执行转加密的过程,具体地,联机交易系统使用应用主密钥对应的PIK,对所述交易信息的加 密数据源中的个人标识码密文进行加密;使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的MAC。Further, the embodiment of the present invention provides a process for the online transaction system to perform trans-encryption on the transaction information. Specifically, the online transaction system uses the PIK corresponding to the application master key to add the transaction information. The personal identification code ciphertext in the secret data source is encrypted; using the MAK corresponding to the application master key, the transaction data ciphertext in the encrypted data source of the transaction information is calculated, and the MAC of the result data is obtained.
举例来说,有一台POS机实体终端,在该台POS机实体终端中承载了两个应用程序客户端,其中一个应用程序主要负责的交易是普通商品的收银,另外一个应用程序则负责的交易是民生产品的收银,例如汽油、化肥等民生产品。因为这两个应用程序对应的交易的扣率不相同,所以这两个应用程序的交易会有不同的应用主密钥,假设普通商品的收银应用对应的应用主密钥TMK1包括PIK1和MAK1,民生产品的收银应用对应的应用主密钥TMK2包括PIK2和MAK2。当该笔交易是通过民生产品的收银应用产生的,则联机交易系统根据民生产品的收银应用对应的应用主密钥TMK2包括PIK2对该笔交易信息中PIN密文进行转加密,这样可以避免因为终端主密钥的泄露导致PIN明文外泄,进而保证了该笔交易的安全性,另外通过民生产品的收银应用对应的应用主密钥TMK2的MAK2对交易数据密文转加密,可以使收单平台根据应用主密钥TMK2得出该笔交易是民生产品,因此会选择正确的扣率作为该笔交易的手续费。For example, there is a POS physical terminal that carries two application clients in the physical terminal of the POS machine. One application is mainly responsible for the transaction of the general commodity, and the other application is responsible for the transaction. It is the cash register of people's livelihood products, such as gasoline, fertilizer and other people's livelihood products. Because the deduction rates of the transactions corresponding to the two applications are different, the transactions of the two applications will have different application master keys, and the application master key TMK1 corresponding to the cash register application of the common commodity includes PIK1 and MAK1, The application master key TMK2 corresponding to the cashier application of the livelihood product includes PIK2 and MAK2. When the transaction is generated through the cash register application of the livelihood product, the online transaction system transcodes the PIN ciphertext in the transaction information according to the application master key TMK2 corresponding to the cash register application of the livelihood product, so as to avoid The leakage of the terminal master key causes the PIN to be circulated, thereby ensuring the security of the transaction. In addition, the transaction data ciphertext is encrypted by the MAK2 of the application master key TMK2 corresponding to the cash register application of the livelihood product, so that the receipt can be made. The platform derives that the transaction is a livelihood product based on the application master key TMK2, so the correct deduction rate is selected as the transaction fee for the transaction.
为了更加系统性的描述本发明实施例的一种POS机交易处理方法实现方法,本发明实施例进一步地通过如下例子进行具体阐述。In order to describe the implementation method of the POS transaction processing method in the embodiment of the present invention, the embodiment of the present invention is further elaborated by the following examples.
例如,在农村某个信用社中有台POS机实体终端,该POS机终端中包含两个应用程序客户端,分别是:农机产品客户端、粮油产品客户端。该POS机终端完成入网配置和签到请求后,在后台联机交易系统中完成了农机产品客户端、粮油产品客户端与该台POS机实体终端的对应关系,以及农机产品客户端与农机产品客户端应用主密钥的对应关系,粮油产品客户端与粮油产品客户端应用主密钥的对应关系。当该台POS机终端发生一笔关于农业收割机的POS刷卡支付订单后,用户操作密码键盘输入密码时,密码键盘利用PIK对持卡人输入的PIN进行加密上报给联机交易系统,同时上报POS机实体终端的终端标识和商户标识。当完成上述步骤后,联机交易系统根据本发明实施例提供的POS机交易处理方法进行如下步骤的操作: For example, in a rural credit cooperative, there is a POS entity terminal, and the POS terminal includes two application clients, namely: agricultural product client, grain and oil product client. After the POS terminal completes the network configuration and the check-in request, the corresponding relationship between the agricultural product client, the grain and oil product client and the POS physical terminal is completed in the background online transaction system, and the agricultural product client and the agricultural product client are completed. The correspondence between the master key is applied, and the correspondence between the grain and oil product client and the grain and oil product client application master key. When a POS card payment order for the agricultural harvester occurs in the terminal of the POS machine, when the user inputs the password by using the password keyboard, the password keyboard uses the PIK to encrypt and report the PIN input by the cardholder to the online transaction system, and reports the POS at the same time. The terminal identifier and the merchant identifier of the physical entity terminal. After the above steps are completed, the online transaction system performs the following steps according to the POS transaction processing method provided by the embodiment of the present invention:
步骤一,联机交易系统接收POS机实体终端利用终端主密钥加密后交易信息,该交易信息中包含该笔农业收割机对应商户号,该笔交易信息中还包括对应的POS机实体终端标识。Step 1: The online transaction system receives the transaction information encrypted by the POS entity terminal by using the terminal master key, where the transaction information includes the corresponding merchant number of the agricultural harvester, and the transaction information further includes a corresponding POS entity terminal identifier.
步骤二,联机交易系统使用该商户号对应的农机产品客户端的应用主密钥,利用应用主密钥,将交易信息进行加密转换。Step 2: The online transaction system uses the application master key of the farm product client corresponding to the merchant number, and uses the application master key to encrypt and convert the transaction information.
步骤三,联机交易系统将完整的结果数据发送至收单平台。In step three, the online trading system sends the complete result data to the acquiring platform.
步骤四,收单平台将结果数据发送至发卡行处理,并将交易处理结果发送至联机交易系统,由联机交易系统将交易结果返回至终端。In step 4, the acquiring platform sends the result data to the issuing bank for processing, and sends the transaction processing result to the online trading system, and the online trading system returns the transaction result to the terminal.
基于相同的技术构思,本发明实施例还提供一种POS联机交易处理系统,该系统可执行上述方法实施例。本发明实施例提供的系统如图4所示,包括:接收单元401、确定单元402、加密单元403、发送单元404,其中:Based on the same technical concept, an embodiment of the present invention further provides a POS online transaction processing system, which can implement the foregoing method embodiments. As shown in FIG. 4, the system provided by the embodiment of the present invention includes: a receiving unit 401, a determining unit 402, an encrypting unit 403, and a sending unit 404, where:
接收单元401,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;The receiving unit 401 is configured to receive transaction information sent by the POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
确定单元402,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;a determining unit 402, configured to determine, according to the application identification information, an application master key corresponding to the transaction information;
加密单元403,用于使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;The encryption unit 403 is configured to perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data;
发送单元404,用于将所述结果数据发送至远端。The sending unit 404 is configured to send the result data to the remote end.
上述步骤的执行主体可以是类似于联机交易系统的POS机后台系统,如下主要以联机交易系统作为执行主体进行介绍。The execution body of the above steps may be a POS machine background system similar to the online transaction system, and the following mainly introduces the online transaction system as an execution subject.
其中,联机交易系统接收的交易信息中的加密数据源包括个人标识码密文和交易数据密文,所述个人标识码密文和交易数据密文生成过程如图2所描述的过程。另外联机交易系统接收的交易信息还包括生成交易的POS机实体终端标识信息。联机交易系统的接收单元401,还用于:接收由POS机实体终端发送的POS机实体终端标识信息。The encrypted data source in the transaction information received by the online transaction system includes a personal identification code ciphertext and a transaction data ciphertext, and the personal identification code ciphertext and the transaction data ciphertext generation process are as described in FIG. 2 . In addition, the transaction information received by the online transaction system further includes the POS entity terminal identification information of the generated transaction. The receiving unit 401 of the online transaction system is further configured to: receive the POS entity terminal identification information sent by the POS entity terminal.
在所述接收由POS机实体终端发送的交易信息之后,所述确定单元402还用于:根据所述POS机实体终端标识信息对应的交易信息,确定所述交易 信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。After the receiving the transaction information sent by the POS entity terminal, the determining unit 402 is further configured to: determine the transaction according to the transaction information corresponding to the POS entity entity terminal identification information. The application identifier in the information is in a preset mapping relationship table, where the mapping relationship table is a correspondence table between the terminal identification information of each POS entity and the application identifier in each POS entity terminal.
具体地,联机交易系统会在每个POS机实体终端入网时,获取每个POS机实体终端中含有的应用程序客户端,因为不同的应用程序客户端分别对应各自应用标识信息,其中应用标识信息主要是包括商户号和终端号,将每个POS机实体终端标识信息和该POS机实体终端中的应用程序客户端的应用标识信息建立绑定关系。Specifically, the online transaction system acquires an application client included in each POS entity terminal when each POS entity terminal accesses the network, because different application clients respectively correspond to respective application identification information, wherein the application identification information The utility model mainly includes a merchant number and a terminal number, and establishes a binding relationship between the terminal identifier information of each POS machine entity and the application identifier information of the application client in the POS machine entity terminal.
例如,大型超市中有一台POS机,该POS机中有两个应用程序,分别是生鲜收银应用和服装收银应用。因此,在该台POS机入网联机交易系统时,会建立该POS机的标识与生鲜收银应用的标识和服装收银应用的标识的对应关系表。For example, there is a POS machine in a large supermarket. There are two applications in the POS machine, namely the fresh cash register application and the clothing cash register application. Therefore, when the POS machine accesses the online transaction system, a correspondence table between the identifier of the POS machine and the identifier of the fresh cash register application and the identifier of the clothing cash register application is established.
当完成上述对应关系表的建立之后,本发明实施例进一步地判断该POS机实体终端生成的该笔交易是否合法,判断单元405,用于若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;否则,停止继续处理,返回处理失败结果。After the establishment of the correspondence table is completed, the embodiment of the present invention further determines whether the transaction generated by the POS entity terminal is legal, and the determining unit 405 is configured to determine, according to the POS entity entity terminal identification information, The application identifier in the transaction information corresponding to the physical terminal identification information of the POS machine, in the preset mapping relationship table, determining that the transaction information satisfies the transaction rule, and continues to perform subsequent processing; otherwise, stopping the processing, and returning the processing failure result.
举例来说,若前述所举的大型超市中的POS机发起的交易是一笔生鲜产品的交易,然而因为生鲜收银应用并没有在联机交易系统中完成入网时,所以当该笔交易发送至后台联机交易系统时,联机交易系统会检测出该POS机实体终端生成的该笔交易对应的应用标识在映射关系表中没有查询结果,因此判断该笔交易属于不合法的交易,因此返回处理失败的结果。当然,若生鲜收银应用在联机交易系统完成入网注册,联机交易系统会继续处理该交易。For example, if the POS-initiated transaction in the above-mentioned large supermarket is a transaction of fresh products, since the fresh cash register application is not completed in the online trading system, when the transaction is sent When the online trading system is in the background, the online trading system detects that the application identifier corresponding to the transaction generated by the POS entity terminal has no query result in the mapping relationship table, so it is determined that the transaction is an illegal transaction, so the processing is returned. The result of the failure. Of course, if the fresh cash register application is registered in the online trading system, the online trading system will continue to process the transaction.
联机交易系统当判断完成该笔交易属于合法交易时,利用后台硬件加密机进一步对交易信息进行转加密,加密之前先确定加密密钥,具体地,根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。所谓转加密是指先根据POS机实体终端的PIK将加密数 据源解密,再依据应用主密钥对解密后的加密数据源进行加密的过程。When the online transaction system judges that the transaction is a legal transaction, the background hardware encryption machine is further used to further encrypt the transaction information, and the encryption key is determined before the encryption, specifically, according to the preset application identification information and the application master key. Corresponding relationship between the application master key corresponding to the application identifier information. The so-called trans-encryption refers to the number of encryptions based on the PIK of the physical terminal of the POS machine. According to the source decryption, the decrypted encrypted data source is encrypted according to the application master key.
举例来说,联机交易系统存储了前述POS机中存储的生鲜收银应用和服装收银应用对应的应用主密钥,并建立生鲜收银应用标识与生鲜收银应用对应主密钥的映射,以及服装收银应用和服装收银应用对应的应用主密钥的映射,这样当从交易信息中的应用标识之后,马上就可以确定出该笔交易对应的应用主密钥,因此后续收单平台可以更加应用主密钥的密钥信息完成相应的交易手续费的处理。For example, the online transaction system stores the application master key corresponding to the fresh cash register application and the clothing cash register application stored in the foregoing POS machine, and establishes a mapping between the fresh cash register application identifier and the corresponding master key of the fresh cash register application, and The application of the master key of the clothing cash register application and the clothing cash register application, so that the application master key corresponding to the transaction can be determined immediately after the application identification in the transaction information, so the subsequent acquiring platform can be more applied. The key information of the master key completes the processing of the corresponding transaction fee.
进一步地,所述加密数据源包括个人标识码密文和交易数据密文,所述加密单元403具体用于:所述交易信息的加密数据源中的个人标识码密文进行加密;使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的MAC。Further, the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext, and the encryption unit 403 is specifically configured to: encrypt the personal identification code ciphertext in the encrypted data source of the transaction information; The MAK corresponding to the key calculates the transaction data ciphertext in the encrypted data source of the transaction information, and obtains the MAC of the result data.
举例来说,有一台POS机实体终端,在该台POS机实体终端中承载了两个应用程序客户端,其中一个应用程序主要负责的交易是普通商品的收银,另外一个应用程序则负责的交易是民生产品的收银,例如汽油、化肥等民生产品。因为这两个应用程序对应的交易的扣率不相同,所以这两个应用程序的交易会有不同的应用主密钥,假设普通商品的收银应用对应的应用主密钥TMK1包括PIK1和MAK1,民生产品的收银应用对应的应用主密钥TMK2包括PIK2和MAK2。当该笔交易是通过民生产品的收银应用产生的,则联机交易系统根据民生产品的收银应用对应的应用主密钥TMK2包括PIK2对该笔交易信息中PIN密文进行转加密,这样可以避免因为终端主密钥的泄露导致PIN明文外泄,进而保证了该笔交易的安全性,另外通过民生产品的收银应用对应的应用主密钥TMK2的MAK2对交易数据密文转加密,可以使收单平台根据应用主密钥TMK2得出该笔交易是民生产品,因此会选择正确的扣率作为该笔交易的手续费。For example, there is a POS physical terminal that carries two application clients in the physical terminal of the POS machine. One application is mainly responsible for the transaction of the general commodity, and the other application is responsible for the transaction. It is the cash register of people's livelihood products, such as gasoline, fertilizer and other people's livelihood products. Because the deduction rates of the transactions corresponding to the two applications are different, the transactions of the two applications will have different application master keys, and the application master key TMK1 corresponding to the cash register application of the common commodity includes PIK1 and MAK1, The application master key TMK2 corresponding to the cashier application of the livelihood product includes PIK2 and MAK2. When the transaction is generated through the cash register application of the livelihood product, the online transaction system transcodes the PIN ciphertext in the transaction information according to the application master key TMK2 corresponding to the cash register application of the livelihood product, so as to avoid The leakage of the terminal master key causes the PIN to be circulated, thereby ensuring the security of the transaction. In addition, the transaction data ciphertext is encrypted by the MAK2 of the application master key TMK2 corresponding to the cash register application of the livelihood product, so that the receipt can be made. The platform derives that the transaction is a livelihood product based on the application master key TMK2, so the correct deduction rate is selected as the transaction fee for the transaction.
综上所述,本发明实施例一方面在同一台POS机终端上只是灌注一个终端主密钥,而且该POS机终端上承载多个应用程序,因此不同的交易可以使用同一台POS机终端的不同应用程序,避免了不同交易使用不同POS机终端 的资源浪费问题;另一方面,多个应用程序对应的应用主密钥被存储在POS机联机交易系统上,而且多个应用程序的应用标识与POS机实体终端建立了对应关系。POS机联机交易系统通过多个应用程序的应用标识与应用主密钥之间的对应关系,将接收的交易信息使用应用主密钥进行转加密,这样,即便是不同扣率的交易使用同一台POS机实体终端,也可以被联机交易系统通过应用主密钥区分开来,保证了交易处理的正确性,同时当推行新的应用程序时,也只需要更新POS联机交易系统中的应用主密钥,不需要对每个POS机实体终端灌注应用密钥,提高了升级效率。In summary, the embodiment of the present invention only injects a terminal master key on the same POS terminal, and the POS terminal carries multiple applications, so different transactions can use the same POS terminal. Different applications, avoiding different transactions using different POS terminals On the other hand, the application master key corresponding to multiple applications is stored on the POS online transaction system, and the application identifiers of multiple applications are associated with the POS entity terminal. The POS online trading system encrypts the received transaction information using the application master key through the correspondence between the application identifiers of the multiple applications and the application master key, so that even the transactions with different deduction rates use the same The physical terminal of the POS machine can also be distinguished by the online transaction system through the application master key, which ensures the correctness of the transaction processing. At the same time, when the new application is implemented, only the application primary key in the POS online transaction system needs to be updated. The key does not need to perfuse the application key to each POS entity terminal, which improves the upgrade efficiency.
基于相同的技术构思,本申请实施例提供另一种POS机交易处理设备。图5为本发明POS机交易处理设备的结构示意图,该POS机交易处理设备500包括:收发器501、处理器502、存储器503和总线系统504;Based on the same technical concept, the embodiment of the present application provides another POS transaction processing device. 5 is a schematic structural diagram of a POS transaction processing device of the present invention, the POS transaction processing device 500 includes: a transceiver 501, a processor 502, a memory 503, and a bus system 504;
其中,存储器503,用于存放程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器503可能为随机存取存储器(random access memory,简称RAM),也可能为非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。图中仅示出了一个存储器,当然,存储器也可以根据需要,设置为多个。存储器503也可以是处理器502中的存储器。The memory 503 is used to store a program. In particular, the program can include program code, the program code including computer operating instructions. The memory 503 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed. Memory 503 can also be a memory in processor 502.
存储器503存储了如下的元素,可执行模块或者数据结构,或者它们的子集,或者它们的扩展集:The memory 503 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
操作指令:包括各种操作指令,用于实现各种操作。Operation instructions: include various operation instructions for implementing various operations.
操作系统:包括各种系统程序,用于实现各种基础业务以及处理基于硬件的任务。Operating system: Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
上述本申请实施例揭示的方法可以应用于处理器502中,或者说由处理器502实现。处理器502可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器502中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器502可以是通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以 实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器503,处理器502读取存储器503中的信息,结合其硬件执行以下步骤:The method disclosed in the foregoing embodiment of the present application may be applied to the processor 502 or implemented by the processor 502. Processor 502 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 502 or an instruction in a form of software. The processor 502 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component. Can The methods, steps, and logical block diagrams disclosed in the embodiments of the present application are implemented or executed. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor. The software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like. The storage medium is located in the memory 503, and the processor 502 reads the information in the memory 503 and performs the following steps in conjunction with its hardware:
所述收发器501,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;The transceiver 501 is configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
所述处理器502,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;The processor 502 is configured to determine, according to the application identifier information, an application master key corresponding to the transaction information, and use the application master key to perform trans-encryption on the encrypted data source in the transaction information, and Generating the result data after transcoding;
所述收发器501,还用于将所述结果数据发送至远端。The transceiver 501 is further configured to send the result data to a remote end.
可选的,所述收发器501,还用于接收由POS机实体终端发送的POS机实体终端标识信息;Optionally, the transceiver 501 is further configured to receive POS entity terminal identifier information sent by the POS entity terminal;
所述处理器502还用于:根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。The processor 502 is further configured to: determine, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is for each POS A correspondence table between the physical entity terminal identification information and the application identifier in each of the POS entity terminals.
可选的,所述处理器502具体用于:若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;否则,停止继续处理,返回处理失败结果。Optionally, the processor 502 is configured to: determine, according to the POS entity entity terminal identifier information, an application identifier in the transaction information corresponding to the POS entity entity terminal identifier information, in a preset mapping relationship table. Then, it is judged that the transaction information satisfies the transaction rule, and the subsequent processing is continued; otherwise, the processing is stopped, and the processing failure result is returned.
进一步地,所述加密数据源包括个人标识码密文和交易数据密文;Further, the encrypted data source includes a personal identification code ciphertext and a transaction data ciphertext;
所述处理器502具体用于:使用应用主密钥对应的PIK,对所述交易信息的加密数据源中的个人标识码密文进行加密;使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的校验值 MAC。The processor 502 is specifically configured to: encrypt, by using a PIK corresponding to the application master key, the personal identification code ciphertext in the encrypted data source of the transaction information; and calculate the transaction by using a MAK corresponding to the application master key. The transaction data ciphertext in the encrypted data source of the information, and the check value of the result data is obtained. MAC.
进一步地,所述处理器502具体用于:根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。Further, the processor 502 is specifically configured to: determine an application master key corresponding to the application identifier information according to a correspondence between the preset application identifier information and the application master key.
本发明实施例的POS机交易处理设备以多种形式存在,包括但不限于:The POS transaction processing device of the embodiment of the present invention exists in various forms, including but not limited to:
(1)移动通信设备:这类设备的特点是具备移动通信功能,并且以提供话音、数据通信为主要目标。这类设备包括:智能手机(例如iPhone)、多媒体手机、功能性手机,以及低端手机等。(1) Mobile communication devices: These devices are characterized by mobile communication functions and are mainly aimed at providing voice and data communication. Such devices include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
(2)超移动个人计算机设备:这类设备属于个人计算机的范畴,有计算和处理功能,一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等,例如iPad。(2) Ultra-mobile personal computer equipment: This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has mobile Internet access. Such terminals include: PDAs, MIDs, and UMPC devices, such as the iPad.
(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器(例如iPod),掌上游戏机,电子书,以及智能玩具和便携式车载导航设备。(3) Portable entertainment devices: These devices can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, and smart toys and portable car navigation devices.
(4)服务器:提供计算服务的设备,服务器的构成包括处理器、硬盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供高可靠的服务,因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(4) Server: A device that provides computing services. The server consists of a processor, a hard disk, a memory, a system bus, etc. The server is similar to a general-purpose computer architecture, but because of the need to provide highly reliable services, processing power and stability High reliability in terms of reliability, security, scalability, and manageability.
(5)其他具有数据交互功能的电子装置。(5) Other electronic devices with data interaction functions.
本领域技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps of implementing the above embodiments may be completed by a program instructing related hardware, and the program is stored in a storage medium, and includes a plurality of instructions for making a device (which may be a single chip microcomputer). The chip, etc. or processor executes all or part of the steps of the various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
另外,本发明还提供一种非暂态计算机可读存储介质,所述非暂态计算 机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行上述任一项所述的POS机交易处理方法。In addition, the present invention also provides a non-transitory computer readable storage medium, the non-transient computing The machine readable storage medium stores computer instructions for causing the computer to perform the POS machine transaction processing method of any of the above.
另外,本发明还提供一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任一项所述的POS机交易处理方法。Additionally, the present invention also provides a computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to execute the POS transaction processing method described in any of the above.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (17)

  1. 一种POS机交易处理方法,其特征在于,该方法包括:A POS machine transaction processing method, characterized in that the method comprises:
    接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;Receiving transaction information sent by the POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
    根据所述应用标识信息,确定所述交易信息对应的应用主密钥;Determining, according to the application identification information, an application master key corresponding to the transaction information;
    使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;Transmitting the encrypted data source in the transaction information by using the application master key, and generating the transcoded result data;
    将所述结果数据发送至远端。The result data is sent to the far end.
  2. 如权利要求1所述的方法,其特征在于,所述接收由POS机实体终端发送的交易信息,还包括:The method of claim 1, wherein the receiving the transaction information sent by the POS entity terminal further comprises:
    接收由POS机实体终端发送的POS机实体终端标识信息;Receiving POS entity terminal identification information sent by the POS entity terminal;
    在所述接收由POS机实体终端发送的交易信息之后,在所述根据所述应用标识信息确定所述交易信息对应的应用主密钥之前,还包括:After the receiving the transaction information sent by the POS entity terminal, before determining the application master key corresponding to the transaction information according to the application identification information, the method further includes:
    根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。Determining, according to the transaction information corresponding to the terminal identifier information of the POS entity, the application identifier in the transaction information in a preset mapping relationship table, where the mapping relationship table is the terminal identification information of each POS entity and each of the foregoing A correspondence table between application identifiers in a POS entity terminal.
  3. 如权利要求2所述的方法,其特征在于,在所述接收由POS机实体终端发送的交易信息之后,还包括:The method of claim 2, after the receiving the transaction information sent by the POS entity terminal, further comprising:
    若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;If the application identifier in the transaction information corresponding to the POS entity entity terminal identification information is determined according to the POS entity entity terminal identification information, in the preset mapping relationship table, determining that the transaction information satisfies the transaction rule and continues to execute Follow-up processing;
    否则,停止继续处理,返回处理失败结果。Otherwise, stop processing and return to the processing failure result.
  4. 如权利要求1所述的方法,其特征在于,所述加密数据源包括个人标识码密文和交易数据密文;The method of claim 1 wherein said source of encrypted data comprises a personal identification code ciphertext and a transaction data ciphertext;
    所述使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,包括: De-encrypting the encrypted data source in the transaction information by using the application master key, including:
    使用应用主密钥对应的PIK,对所述交易信息的加密数据源中的个人标识码密文进行加密;Encrypting the personal identification code ciphertext in the encrypted data source of the transaction information by using a PIK corresponding to the application master key;
    使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的校验值MAC。The transaction data ciphertext in the encrypted data source of the transaction information is calculated using the MAK corresponding to the application master key, and the check value MAC of the result data is obtained.
  5. 如权利要求1所述的方法,其特征在于,所述根据所述应用标识信息确定所述交易信息对应的应用主密钥,包括:The method of claim 1, wherein the determining an application master key corresponding to the transaction information according to the application identification information comprises:
    根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。The application master key corresponding to the application identifier information is determined according to the correspondence between the preset application identifier information and the application master key.
  6. 一种POS联机交易处理系统,其特征在于,该系统包括:A POS online transaction processing system, characterized in that the system comprises:
    接收单元,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;a receiving unit, configured to receive transaction information sent by the POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
    确定单元,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;a determining unit, configured to determine, according to the application identification information, an application master key corresponding to the transaction information;
    加密单元,用于使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;An encryption unit, configured to perform trans-encryption of the encrypted data source in the transaction information by using the application master key, and generate trans-encrypted result data;
    发送单元,用于将所述结果数据发送至远端。a sending unit, configured to send the result data to a remote end.
  7. 如权利要求6所述的系统,其特征在于,所述接收单元,还用于:The system of claim 6, wherein the receiving unit is further configured to:
    接收由POS机实体终端发送的POS机实体终端标识信息;Receiving POS entity terminal identification information sent by the POS entity terminal;
    在所述接收由POS机实体终端发送的交易信息之后,所述确定单元还用于:After the receiving the transaction information sent by the POS entity terminal, the determining unit is further configured to:
    根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。Determining, according to the transaction information corresponding to the terminal identifier information of the POS entity, the application identifier in the transaction information in a preset mapping relationship table, where the mapping relationship table is the terminal identification information of each POS entity and each of the foregoing A correspondence table between application identifiers in a POS entity terminal.
  8. 如权利要求7所述的系统,其特征在于,还包括:The system of claim 7 further comprising:
    判断单元,用于若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理; a determining unit, configured to determine, according to the POS entity entity terminal identification information, an application identifier in the transaction information corresponding to the POS entity entity terminal identifier information, in the preset mapping relationship table, determining that the transaction information is satisfied Trading rules, continue to perform subsequent processing;
    否则,停止继续处理,返回处理失败结果。Otherwise, stop processing and return to the processing failure result.
  9. 如权利要求6所述的系统,其特征在于,所述加密数据源包括个人标识码密文和交易数据密文;所述加密单元具体用于:The system according to claim 6, wherein the encrypted data source comprises a personal identification code ciphertext and a transaction data ciphertext; and the encryption unit is specifically configured to:
    使用应用主密钥对应的PIK,对所述交易信息的加密数据源中的个人标识码密文进行加密;Encrypting the personal identification code ciphertext in the encrypted data source of the transaction information by using a PIK corresponding to the application master key;
    使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的校验值MAC。The transaction data ciphertext in the encrypted data source of the transaction information is calculated using the MAK corresponding to the application master key, and the check value MAC of the result data is obtained.
  10. 如权利要求6所述的系统,其特征在于,所述确定单元具体用于:The system of claim 6 wherein said determining unit is specifically configured to:
    根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。The application master key corresponding to the application identifier information is determined according to the correspondence between the preset application identifier information and the application master key.
  11. 一种POS机交易处理设备,其特征在于,包括:收发器、处理器;A POS transaction processing device, comprising: a transceiver and a processor;
    所述收发器,用于接收由POS机实体终端发送的交易信息,所述交易信息中包括应用标识信息和经过终端主密钥加密后的加密数据源;The transceiver is configured to receive transaction information sent by a POS entity terminal, where the transaction information includes application identification information and an encrypted data source encrypted by the terminal master key;
    所述处理器,用于根据所述应用标识信息,确定所述交易信息对应的应用主密钥;使用所述应用主密钥,对所述交易信息中的加密数据源进行转加密,并生成转加密后的结果数据;The processor is configured to determine, according to the application identification information, an application master key corresponding to the transaction information, and use the application master key to perform trans-encryption on the encrypted data source in the transaction information, and generate Translated encrypted result data;
    所述收发器,还用于将所述结果数据发送至远端。The transceiver is further configured to send the result data to a remote end.
  12. 如权利要求11所述的设备,其特征在于,所述收发器还用于:The device of claim 11 wherein said transceiver is further configured to:
    接收由POS机实体终端发送的POS机实体终端标识信息;Receiving POS entity terminal identification information sent by the POS entity terminal;
    所述处理器还用于:根据所述POS机实体终端标识信息对应的交易信息,确定所述交易信息中的应用标识在预设的映射关系表中,所述映射关系表为每个POS机实体终端标识信息和所述每个POS机实体终端中的应用标识之间的对应关系表。The processor is further configured to: determine, according to the transaction information corresponding to the terminal identifier information of the POS entity, that the application identifier in the transaction information is in a preset mapping relationship table, where the mapping relationship table is for each POS machine. A correspondence table between the entity terminal identification information and the application identifier in each of the POS entity terminals.
  13. 如权利要求12所述的设备,其特征在于,所述处理器具体用于:The device according to claim 12, wherein the processor is specifically configured to:
    若根据所述POS机实体终端标识信息,确定所述POS机实体终端标识信息对应的交易信息中的应用标识,在预设的映射关系表中,则判断所述交易信息满足交易规则,继续执行后续处理;否则,停止继续处理,返回处理失 败结果。If the application identifier in the transaction information corresponding to the POS entity entity terminal identification information is determined according to the POS entity entity terminal identification information, in the preset mapping relationship table, determining that the transaction information satisfies the transaction rule and continues to execute Subsequent processing; otherwise, stop processing, return processing loss The result is defeated.
  14. 如权利要求11所述的设备,其特征在于,所述加密数据源包括个人标识码密文和交易数据密文;The device according to claim 11, wherein said encrypted data source comprises a personal identification code ciphertext and a transaction data ciphertext;
    所述处理器具体用于:使用应用主密钥对应的PIK,对所述交易信息的加密数据源中的个人标识码密文进行加密;使用应用主密钥对应的MAK,计算所述交易信息的加密数据源中的交易数据密文,得到结果数据的校验值MAC。The processor is specifically configured to: encrypt, by using a PIK corresponding to the application master key, the personal identification code ciphertext in the encrypted data source of the transaction information; and calculate the transaction information by using a MAK corresponding to the application master key. The transaction data ciphertext in the encrypted data source, and the check value MAC of the result data is obtained.
  15. 如权利要求11所述的设备,其特征在于,所述处理器具体用于:The device according to claim 11, wherein the processor is specifically configured to:
    根据预设的应用标识信息和应用主密钥之间的对应关系,确定所述应用标识信息对应的应用主密钥。The application master key corresponding to the application identifier information is determined according to the correspondence between the preset application identifier information and the application master key.
  16. 一种非暂态计算机存储介质,其特征在于,所述非暂态计算机可读存储介质存储有计算机可执行指令,所述计算机可执行指令用于使所述计算机执行权利要求1至5任一项所述的方法。A non-transitory computer storage medium, characterized in that the non-transitory computer readable storage medium stores computer executable instructions for causing the computer to perform any of claims 1 to 5 The method described in the item.
  17. 一种计算机程序产品,其特征在于,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括所述计算机可执行指令,当所述计算机可执行指令被计算机执行时,使所述计算机执行权利要求1至5任一项所述的方法。 A computer program product, comprising: a computing program stored on a non-transitory computer readable storage medium, the computer program comprising the computer executable instructions, when the computer executable instructions When executed by a computer, the computer is caused to perform the method of any one of claims 1 to 5.
PCT/CN2016/107749 2015-12-04 2016-11-29 Pos machine transaction processing method and system WO2017092654A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510894192.X 2015-12-04
CN201510894192.XA CN105956843A (en) 2015-12-04 2015-12-04 POS transaction processing method and system

Publications (1)

Publication Number Publication Date
WO2017092654A1 true WO2017092654A1 (en) 2017-06-08

Family

ID=56917044

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/107749 WO2017092654A1 (en) 2015-12-04 2016-11-29 Pos machine transaction processing method and system

Country Status (2)

Country Link
CN (1) CN105956843A (en)
WO (1) WO2017092654A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115131922A (en) * 2021-03-25 2022-09-30 深圳怡化电脑股份有限公司 Acceptance terminal equipment and transaction method and transaction device thereof with bank system

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105956843A (en) * 2015-12-04 2016-09-21 中国银联股份有限公司 POS transaction processing method and system
TWI673991B (en) * 2017-11-20 2019-10-01 財團法人工業技術研究院 Key storage device, transaction method of key storage device, transaction system and transaction method
CN108718233B (en) * 2018-03-27 2021-04-13 北京安御道合科技有限公司 Encryption method, computer equipment and storage medium
CN110048831A (en) * 2018-12-29 2019-07-23 中国银联股份有限公司 The distribution method and diostribution device of POS terminal master key
CN112632587A (en) * 2020-12-30 2021-04-09 中国农业银行股份有限公司 Method and device for processing data by service middling station

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1998279A1 (en) * 2007-05-29 2008-12-03 First Data Corporation Secure payment transaction in multi-host environment
CN101656007A (en) * 2009-08-14 2010-02-24 通联支付网络服务股份有限公司 Safe system realizing one machine with multiple ciphers on POS machine and method thereof
CN101853453A (en) * 2009-04-03 2010-10-06 中兴通讯股份有限公司 System and method for realizing mobile payment
CN103595718A (en) * 2013-11-15 2014-02-19 拉卡拉支付有限公司 POS terminal and method, system and service platform for activating same
CN105956843A (en) * 2015-12-04 2016-09-21 中国银联股份有限公司 POS transaction processing method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1334541A (en) * 2001-09-03 2002-02-06 何长杰 Method and system for procesisng different bank cards
CN102903189A (en) * 2011-07-25 2013-01-30 上海昂贝电子科技有限公司 Terminal transaction method and device
CN104753670B (en) * 2013-12-27 2018-09-21 中国银联股份有限公司 Safety management system and its method are applied based on intelligent POS terminal more
CN105023151A (en) * 2015-07-22 2015-11-04 天地融科技股份有限公司 Card transaction data processing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1998279A1 (en) * 2007-05-29 2008-12-03 First Data Corporation Secure payment transaction in multi-host environment
CN101853453A (en) * 2009-04-03 2010-10-06 中兴通讯股份有限公司 System and method for realizing mobile payment
CN101656007A (en) * 2009-08-14 2010-02-24 通联支付网络服务股份有限公司 Safe system realizing one machine with multiple ciphers on POS machine and method thereof
CN103595718A (en) * 2013-11-15 2014-02-19 拉卡拉支付有限公司 POS terminal and method, system and service platform for activating same
CN105956843A (en) * 2015-12-04 2016-09-21 中国银联股份有限公司 POS transaction processing method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115131922A (en) * 2021-03-25 2022-09-30 深圳怡化电脑股份有限公司 Acceptance terminal equipment and transaction method and transaction device thereof with bank system

Also Published As

Publication number Publication date
CN105956843A (en) 2016-09-21

Similar Documents

Publication Publication Date Title
WO2017092654A1 (en) Pos machine transaction processing method and system
US20210241264A1 (en) Device provisioning using partial personalization scripts
JP5766199B2 (en) Secure mobile payment processing
CN103793815B (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
CN107077670B (en) Method and apparatus for transmitting and processing transaction message, computer readable storage medium
US20150066778A1 (en) Digital card-based payment system and method
CN105701661A (en) Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
KR101138283B1 (en) Method and system of mobile payment
WO2017020618A1 (en) Electronic resource processing method and apparatus
CN105684346A (en) Method for securing over-the-air communication between a mobile application and a gateway
GB2512595A (en) Integrated contactless mpos implementation
CN103729942A (en) Method and system for transmitting transmission key from terminal server to key server
US20160189126A1 (en) Method and system for safely transmitting transaction sensitive data based on cloud pos
CN102938120A (en) IP multimedia subsystem (IMS) trade payment system
CN104299135A (en) Online payment system and method
CN104318437A (en) Online payment system and payment method for virtual prepaid card
US20210133736A1 (en) Method of electronic payment by means of a Uniform Resource Identifier (URI)
US20180083952A1 (en) Systems and methods for providing single sign-on authentication services
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
CN104881781A (en) Method, system, and client based on secure transaction
JP2024003002A (en) Using virtual blockchain protocols to implement fair electronic exchange
CN110266686B (en) Data sharing method, device, equipment and computer readable storage medium
CN116823257A (en) Information processing method, device, equipment and storage medium
KR20110103822A (en) Method and system of managing a mobile card
WO2017076173A1 (en) Mobile terminal, trade confirmation method and apparatus therefor, and smart card

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16869964

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16869964

Country of ref document: EP

Kind code of ref document: A1