WO2019237971A1 - Point-of-sale management device and point-of-sale service management system based on intelligent terminal - Google Patents

Point-of-sale management device and point-of-sale service management system based on intelligent terminal Download PDF

Info

Publication number
WO2019237971A1
WO2019237971A1 PCT/CN2019/090054 CN2019090054W WO2019237971A1 WO 2019237971 A1 WO2019237971 A1 WO 2019237971A1 CN 2019090054 W CN2019090054 W CN 2019090054W WO 2019237971 A1 WO2019237971 A1 WO 2019237971A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
point
data
message
merchant
Prior art date
Application number
PCT/CN2019/090054
Other languages
French (fr)
Chinese (zh)
Inventor
何朔
彭程
吴金坛
孙权
郭伟
陈成钱
周钰
张莉敏
李定洲
曾望年
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2019237971A1 publication Critical patent/WO2019237971A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • the invention relates to the technical field of electronic payment, and more particularly, to a point-of-sale management device based on a smart terminal and a point-of-sale service management system.
  • POS machines have achieved a certain degree of mobility and convenience, but compared with smart devices such as mobile phones that users can carry with them at any time, there is still a large gap.
  • the existing mobile phone-based POS acquiring device securely reads the bank card through a card reading terminal (special equipment) external to the mobile phone, assembles it into a transaction message, and then the mobile phone-based POS acquiring device transmits the transaction report.
  • the text is sent to the acceptance platform, such as the mPOS system, to complete the transaction.
  • FIG. 1 An architecture of an existing POS acquiring system is shown in FIG. 1, in which a card reading terminal reads bank card information, and transfers a transaction message to an acceptance background processing via the mPOS front-end system.
  • the merchant management platform responds to merchant registration requests through the mPOS front-end system.
  • An object of the present invention is to provide a point-of-sale management device, which is more mobile and convenient.
  • the present invention provides a technical solution as follows.
  • a point-of-sale management device based on an intelligent terminal includes a bank card reading unit for reading first data from the bank card, and a security management unit coupled to the bank card reading unit for storing data based on the first data. Encrypted fourth data is generated from the second data in the security management unit and the third data based on the transaction scenario; and the transaction management control is coupled to the security management unit and is used to transfer the fourth data to the smart terminal. The fourth data is sent to the point-of-sale management service system; wherein the bank card reading unit, the security management unit, and the transaction management control are set in the smart terminal or integrated with it.
  • the second data includes the merchant identification information about the point-of-sale management device approved by the point-of-sale management service system.
  • the security management unit is configured to start a card reading operation mode of the bank card reading unit, and the bank card reading unit reads the first data from the bank card according to the card reading operation mode.
  • the security management unit is further configured to: use the merchant identification information as the first key in the key group to encrypt the combination of the first data, the second data, and the third data to generate fourth data.
  • Another object of the present invention is to provide a point-of-sale management service system, which can promote the implementation and deployment of point-of-sale management devices that are more mobile and convenient.
  • the present invention provides another technical solution as follows.
  • a point-of-sale management service system includes: a message receiving unit, which is respectively coupled with a plurality of point-of-sale management devices, and the message receiving unit obtains respective first transaction messages from each point-of-sale management device; a message conversion unit, Coupling with the transaction acceptance background system, the message conversion unit converts the transaction message into a second transaction message allowed by the transaction acceptance background system.
  • the point-of-sale management service system includes a merchant management subsystem, wherein the merchant management subsystem is configured to: receive a registration request from a merchant from the point-of-sale management device; approve the registration request; generate corresponding merchant identification information; and store the merchant identification information Feedback to the point of sale management device.
  • the merchant management subsystem is configured to: receive a registration request from a merchant from the point-of-sale management device; approve the registration request; generate corresponding merchant identification information; and store the merchant identification information Feedback to the point of sale management device.
  • the message receiving unit is configured to decrypt the first transaction message based on the key group including the first key to obtain a decrypted message, wherein the first key corresponds to the location of the merchant management subsystem. Generated business identification information.
  • the message receiving unit is further configured to verify the transaction scenario factor information and the user factor information contained in the first transaction message based on the merchant identification information generated by the merchant management subsystem.
  • the message conversion unit is configured to: obtain a message processing format allowed by the transaction acceptance background system; and reassemble the decrypted message based on the message processing unit to generate a second transaction message.
  • the invention also discloses a transaction processing system, which is deployed according to a cloud computing platform.
  • the transaction processing system includes: at least one point of sale management device; the point of sale management service system according to any one of claims 6-10; and transactions Acceptance background system; wherein the point-of-sale management service system is configured to: obtain a first transaction message from the point-of-sale management device; generate a second transaction message based on the first transaction message; and forward the second transaction message to the transaction acceptance Back-end system to complete the transaction processing process.
  • the embodiments of the present invention provide a point-of-sale management device based on an intelligent terminal and a point-of-sale management service system working in cooperation with the terminal. Improve the convenience and popularity of mobile payments. Merchant users can get the same user experience when using the acquiring function as using other apps on the mobile phone.
  • FIG. 1 shows an architecture diagram of a POS acquiring system in the prior art.
  • FIG. 2 is a schematic structural diagram of a module of a point-of-sale management device based on an intelligent terminal provided by the present invention.
  • FIG. 3 shows an architecture diagram of a POS acquiring system provided by the present invention.
  • FIG. 4 is a schematic flow chart of a business opening a business online.
  • FIG. 5 is a schematic flow chart of a bank card small double consumption-free business.
  • Coupled is defined to mean directly connected to a component or indirectly connected to a component via another component.
  • a first embodiment of the present invention provides a point-of-sale management device 20 based on a smart terminal, which includes a bank card reading unit 201, a security management unit 202, and a transaction management control 203.
  • the point-of-sale management device 20 is integrated with the smart terminal as a whole. Or, alternatively, the point-of-sale management device 20 is provided in a smart terminal.
  • the bank card reading unit 201 reads the first data from the bank card.
  • the bank card reading unit 201 includes a near field communication module, which directly reads bank card information (first data) from a bank card or mobile phone held by a user in accordance with the near field communication method to implement a "card swipe" operation.
  • a secure interaction channel can be established between the mobile phone and the user's bank card.
  • TEE or eSE reads the bank card information, encrypts the read sensitive data, assembles the message, and sends it to the Android system, which is sent to the background by the Android system.
  • no additional proprietary card reading device is required, which can ensure the safe reading of bank card data by mobile phones, and protect sensitive data such as the two-track information in bank cards from being stolen by malicious programs that may exist on the mobile phone ’s Android system. , Copy, destroy.
  • the trusted operating environment is independent of the multimedia operating environment, which includes hardware independence and communication independence, which helps to ensure the security of transaction data, so that the point-of-sale management device 20 (which is set in the smart terminal) for multimedia operations
  • the environment has never been able to obtain or change transaction data.
  • the security management unit 202 is coupled to the bank card reading unit 201 and is configured to generate encrypted fourth data based on the first data, the second data stored in the security management unit, and the third data based on the transaction scenario.
  • the second data includes the unique merchant identification information carried by the point-of-sale management device 20 and approved and issued to the qualified point-of-sale management service system.
  • the third data corresponds to transaction scenario information, such as transaction time, location, transaction amount, and possible discount information.
  • the security management unit 202 is implemented in a trusted operating environment, and it will encrypt the combination of the above first data (bank card information), second data, and third data to form encrypted fourth data (ie, the first transaction Message).
  • the security management unit 202 may use key group encryption to improve the security of transaction data.
  • the key group may include multiple different keys that are generated by different algorithms or have different sources.
  • the key group includes the unique merchant identification information of the point-of-sale management device 20.
  • the security management unit 202 may also activate the card reading mode of the bank card reading unit 201.
  • the bank card reading unit 201 reads relevant information from the user's bank card.
  • Emv kernel is implemented in TEE. Through the SE interface under TEE, the card reader applet on eSE is called to create the NFC reading mode and complete the card search operation. Subsequently, through the sending and receiving commands provided by the eSE card reader applet, the card data interaction with the cardholder's bank card or mobile phone Pay is completed.
  • the card reading applet runs in the eSE, and is responsible for creating a card reading mode with the NFC chip, and provides a corresponding data transmission and reception command interface to the point of sale management device 20.
  • the data sent by the point-of-sale management device 20 can be sent to the cardholder's bank card through the NFC communication module, and the bank card response can be obtained through NFC.
  • the response data is returned to the point-of-sale management device 20 to implement the card reading process.
  • the entire data interaction is through TEE, eSE, NFC, bank card and other security areas, and does not pass through the Android system side of the phone, which can ensure the security of various sensitive data during the card reading process.
  • the transaction management control 203 is coupled with the security management unit 202, which transfers the fourth data to the smart terminal, so that the smart terminal sends the fourth data to the point-of-sale management service system.
  • the transaction management control 203 provides a specific interface for the mobile phone POS function to the merchant APP on the smart terminal where the point-of-sale management device 20 is located, including the merchant's opening of small-value payment and transfer functions.
  • the transaction management control 203 is responsible for invoking the corresponding processing flow and for network forwarding, and supports two-way data communication on the secure channel between the point of sale management device 20 and the point of sale management service system.
  • the security management unit 202 and the transaction management control 203 are integrated into one to form an independent physical module.
  • the physical module obtains the user's bank card information from the bank card reading unit 201, and uses the "black box" mode to generate the first
  • the transaction message is sent from the point-of-sale management device 20 to the point-of-sale service management system.
  • FIG. 3 shows an architecture diagram of a POS acquiring system according to the present invention in contrast to the existing system shown in FIG. 1.
  • the POS acquiring system of the present invention integrates a bank card reading unit in a point-of-sale management device (for example, a merchant's mobile phone), and generates a transaction message in a security management unit in the point-of-sale management device, and
  • the point-of-sale management service system (mobile POS service system) also implements a variety of functionalities, which is different from the mPOS front-end system in the prior art.
  • the point-of-sale management device directly reads bank card information from the user's (cardholder) mobile phone or bank card, and directly generates transaction messages in combination with the identification information and transaction scenario information provided by the point-of-sale management device.
  • the transaction message is sent to the point-of-sale management service system to complete the subsequent transaction process.
  • the second embodiment of the present invention is providing such a point-of-sale management service system, which includes a message receiving unit and a message conversion unit.
  • the message receiving unit is respectively coupled to a plurality of point-of-sale management devices, and obtains corresponding first transaction messages from each point-of-sale management device.
  • the message conversion unit is coupled to the transaction acceptance background system, and converts the acquired transaction message into a second transaction message allowed by the transaction acceptance background system.
  • the transaction acceptance background system also communicates with the third party acceptance background (CUPS) and the card issuer to perform subsequent processing of the second transaction message, thereby realizing the transaction.
  • the transaction acceptance back-end system performs the final processing of transactions, which can cover various payment processes including bank cards and QR codes.
  • the transaction acceptance background system may include any one of UnionPay omnichannel, QR code payment background, smart POS background, CUPS, or a combination thereof.
  • the point-of-sale management service system includes a merchant management subsystem configured to perform the following operations: A. Receive registration requests from merchants from each point-of-sale management device; B. Approve or reject the registration request; C. Generate unique merchant identification information on the premise of approval; D. Feedback the merchant identification information to the point-of-sale management device that initiated the registration request.
  • the merchant management subsystem is dedicated to register and manage merchants. The management of merchants and the processing of transaction messages are independent of each other to improve the security and reliability of the system.
  • the message receiving unit may perform a decryption process on the first transaction message based on a key group to obtain a decrypted message. If the merchant identification information is used in the data encryption process, correspondingly, the key group used in the decryption process also includes a decryption key corresponding to the merchant identification information.
  • the merchant identification information is approved by a qualified point-of-sale management service system and issued to the point-of-sale management device, so that the point-of-sale management service system will have merchant identification information for each point-of-sale management device.
  • the message receiving unit may also verify the information in the first transaction message based on the merchant identification information, including but not limited to factor information of the transaction scenario (transaction time, place, amount, etc.) and user factor information (For example, user identification information or bank card information).
  • factor information of the transaction scenario transaction time, place, amount, etc.
  • user factor information For example, user identification information or bank card information.
  • the message conversion unit obtains the message processing unit allowed by the background system from the transaction acceptance background system, so as to reassemble the decrypted transaction message based on this format, and generate a second transaction message.
  • the second transaction message is processed by the transaction. Accept the background system processing.
  • the above-mentioned point-of-sale management service system can work in conjunction with multiple point-of-sale management devices 20 (terminals), which is not only conducive to improving the convenience and popularity of mobile payments, but also can register, manage and even monitor merchants to ensure the transaction and User account security.
  • terminals point-of-sale management devices 20
  • a third embodiment of the present invention provides a transaction processing system, which is deployed in accordance with a cloud computing platform.
  • the transaction processing system includes at least one point-of-sale management device as provided in the first embodiment above, and sales as provided in the second embodiment above.
  • the point-of-sale management service system is configured to obtain a first transaction message from the point-of-sale management device; generate a second transaction message based on the first transaction message; and transfer the second transaction message to the transaction acceptance background system to complete Transaction processing flow.
  • At least a part of the system may be implemented using a group of distributed computing devices connected to a communication network, or based on a "cloud".
  • multiple computing devices operate together to provide services by using their shared resources.
  • Cloud can provide one or more advantages, including: openness, flexibility and scalability, central management, reliability, scalability, optimization of computing resources, aggregation and analysis across multiple The user's ability to connect, connect across multiple geographic areas, and use multiple mobile or data network operators for network connectivity.
  • FIG. 4 is a schematic flow chart of a business opening a business online.
  • a merchant needs to enable the mobile phone POS function on their mobile phones, they can obtain from the acquirer (such as the acquirer's website, etc.) whether their mobile phone model supports mobile POS. If so, they can download and install the corresponding mobile phone from the acquirer. After the merchant APP, and after registering the merchant app, the mobile POS function is completed.
  • the main process is as follows:
  • the merchant After the merchant logs in to the merchant APP through the point-of-sale management device (mobile POS terminal), click the merchant activation button to complete the entry of various merchant qualification elements, such as name, bank card number, ID card, business license (for small This information is not required for micro-merchants), etc., by calling and opening the mobile phone POS function interface, the data is transferred to the transaction management control (mobile POS control);
  • mobile POS control mobile POS control
  • the transaction management control After the transaction management control obtains the mobile phone's trusted device identification code (including TEE ID, eSE ID and other information) through the point of sale management device, it is assembled into a merchant opening information message and provided to the point of sale management service system (mobile POS service system);
  • the point-of-sale management service system records the device identification code of the mobile phone and sends the merchant qualification elements to the merchant management platform (or subsystem) according to the requirements of the merchant management platform (or subsystem);
  • the acquirer completes the verification of the merchant qualification elements submitted by the merchant on the merchant management platform (or subsystem), and the merchant management background generates the corresponding acquirer ID, merchant number and other mobile phone merchant information and returns it to the point of sale management device.
  • the point-of-sale management service system records the merchant information such as the corresponding merchant number, acquirer ID, and returns the merchant activation notification to the transaction management control, and then returns the notification information to the merchant APP to complete the merchant APP activation.
  • FIG. 5 is a schematic flow chart of a bank card small double consumption-free business.
  • the mobile phone POS reads the cardholder's bank card or mobile phone Pay through the NFC non-contact method, and completes the cardholder's bank card consumption.
  • the card reader applet After the mobile phone POS side calls the eSE card reader applet to create a card reading mode between eSE and NFC, the card reader applet is called for card search operation;
  • the cardholder presents the bank card or mobile phone Pay to the merchant's mobile phone for card swiping, and the NFC chip will obtain the information found by the card and send it to the mobile phone POS terminal through the card reader applet;
  • the mobile phone POS terminal completes the QPBOC small double-free interaction process with the bank card (or mobile phone Pay) by calling the sending and receiving commands of the card reading applet;
  • the mobile POS end establishes a secure channel with the mobile POS service system through the mobile POS control, generates a consumer message, and sends the consumer message to the mobile POS service system through the secure channel;
  • the mobile POS service system verifies whether the mobile phone is turned on and the corresponding merchant number, acquirer, and other information match the mobile device identification code based on the mobile device identification code and merchant number acquirer number in the consumer message. After passing, the message is parsed and reassembled according to the connected reception background, and sent to the reception background to complete the final processing;
  • the acceptance background returns the processed results to the mobile POS service system, and finally forwards them to the corresponding consumption processing results of the merchant APP.
  • the emv kernel in the POS side of the mobile phone can be implemented on the eSE side. After the eSE completes the small double-free interaction process with the bank card directly through the NFC chip, the key is used to sensitively read the bank card. (Two-track information, etc.) is encrypted and then returned to the mobile phone POS side.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a point-of-sale management device based on an intelligent terminal, comprising: a bank card reading unit used for reading first data from a bank card; a security management unit coupled with the bank card reading unit and used for generating encrypted fourth data according to the first data, second data stored in the security management unit, and third data based on a transaction scene; and a transaction management control coupled with the security management unit and used for forwarding the fourth data to the intelligent terminal, so that the intelligent terminal transmits the fourth data to a point-of-sale management service system. The bank card reading unit, the security management unit, and the transaction management control are provided in the intelligent terminal or are integrated with same. The present invention not only can reduce the costs of an acquirer and a merchant in the aspects of purchasing, maintenance and the like, but also can further improve the convenience and popularity of mobile payment.

Description

基于智能终端的销售点管理装置及销售点服务管理系统Point-of-sale management device and point-of-sale service management system based on intelligent terminal 技术领域Technical field
本发明涉及电子支付技术领域,更具体地说,涉及一种基于智能终端的销售点管理装置以及销售点服务管理系统。The invention relates to the technical field of electronic payment, and more particularly, to a point-of-sale management device based on a smart terminal and a point-of-sale service management system.
背景技术Background technique
当前,POS机实现了一定程度的移动性和便捷性,但与手机这种用户随时随身携带的智能设备相比,还是存在较大差距。Currently, POS machines have achieved a certain degree of mobility and convenience, but compared with smart devices such as mobile phones that users can carry with them at any time, there is still a large gap.
现有的基于手机的POS收单装置,通过手机外接的一个读卡终端(专用设备)来安全地读取银行卡之后,组装成交易报文,再由基于手机的POS收单装置将交易报文发送给受理平台,如mPOS系统,进而完成交易。The existing mobile phone-based POS acquiring device securely reads the bank card through a card reading terminal (special equipment) external to the mobile phone, assembles it into a transaction message, and then the mobile phone-based POS acquiring device transmits the transaction report. The text is sent to the acceptance platform, such as the mPOS system, to complete the transaction.
一种现有POS收单系统的架构如图1所示,其中,读卡终端读取银行卡信息,将交易报文经由mPOS前置系统转送至受理后台处理。商户管理平台通过mPOS前置系统对商户注册请求进行响应。An architecture of an existing POS acquiring system is shown in FIG. 1, in which a card reading terminal reads bank card information, and transfers a transaction message to an acceptance background processing via the mPOS front-end system. The merchant management platform responds to merchant registration requests through the mPOS front-end system.
进一步提升商户收单的便捷性和效率是当前期望的目标。Further improving the convenience and efficiency of merchants' acquiring is the current desired goal.
发明内容Summary of the Invention
本发明的一个目的在于提供一种销售点管理装置,其更具移动性和便捷性。An object of the present invention is to provide a point-of-sale management device, which is more mobile and convenient.
为实现上述目的,本发明提供一种技术方案如下。To achieve the above object, the present invention provides a technical solution as follows.
一种基于智能终端的销售点管理装置,包括:银行卡读取单元,用于从银行卡读取第一数据;安全管理单元,与银行卡读取单元耦合,用于基于第一数据、存储于安全管理单元的第二数据以及基于交易场景的第三数据生成加密的第四数据;以及交易管理控件,与安全管理单元耦合,用于将第四数据转送至智能终端,以由智能终端将第四数据发送至销售点管理服务系统;其中,银行卡读取单元、安全管理单元和交易管理控件设置于智能终端内或与其相集成。A point-of-sale management device based on an intelligent terminal includes a bank card reading unit for reading first data from the bank card, and a security management unit coupled to the bank card reading unit for storing data based on the first data. Encrypted fourth data is generated from the second data in the security management unit and the third data based on the transaction scenario; and the transaction management control is coupled to the security management unit and is used to transfer the fourth data to the smart terminal. The fourth data is sent to the point-of-sale management service system; wherein the bank card reading unit, the security management unit, and the transaction management control are set in the smart terminal or integrated with it.
优选地,第二数据包括关于销售点管理装置的、经销售点管理服务系统核准的商户标识信息。Preferably, the second data includes the merchant identification information about the point-of-sale management device approved by the point-of-sale management service system.
优选地,安全管理单元配置成:启动银行卡读取单元的读卡工作模式,银行卡读取单元根据读卡工作模式来从银行卡读取第一数据。Preferably, the security management unit is configured to start a card reading operation mode of the bank card reading unit, and the bank card reading unit reads the first data from the bank card according to the card reading operation mode.
优选地,安全管理单元还配置成:采用商户标识信息作为密钥组中的第一密钥,来对第一数据、第二数据以及第三数据的组合进行加密,以生成第四数据。Preferably, the security management unit is further configured to: use the merchant identification information as the first key in the key group to encrypt the combination of the first data, the second data, and the third data to generate fourth data.
本发明的另一目的在于提供一种销售点管理服务系统,其能够促进更具移动性和便捷性的销售点管理装置的实现及部署。Another object of the present invention is to provide a point-of-sale management service system, which can promote the implementation and deployment of point-of-sale management devices that are more mobile and convenient.
为实现上述目的,本发明提供另一技术方案如下。To achieve the above object, the present invention provides another technical solution as follows.
一种销售点管理服务系统,包括:报文收取单元,与多个销售点管理装置分别耦合,报文收取单元从各销售点管理装置分别获取相应的第一交易报文;报文转换单元,与交易受理后台系统耦合,报文转换单元将交易报文转换为交易受理后台系统所允许的第二交易报文。A point-of-sale management service system includes: a message receiving unit, which is respectively coupled with a plurality of point-of-sale management devices, and the message receiving unit obtains respective first transaction messages from each point-of-sale management device; a message conversion unit, Coupling with the transaction acceptance background system, the message conversion unit converts the transaction message into a second transaction message allowed by the transaction acceptance background system.
优选地,销售点管理服务系统包括商户管理子系统,其中,商户 管理子系统配置成:从销售点管理装置接收商户的注册请求;核准注册请求;生成相应的商户标识信息;以及将商户标识信息反馈至销售点管理装置。Preferably, the point-of-sale management service system includes a merchant management subsystem, wherein the merchant management subsystem is configured to: receive a registration request from a merchant from the point-of-sale management device; approve the registration request; generate corresponding merchant identification information; and store the merchant identification information Feedback to the point of sale management device.
优选地,报文收取单元配置成:基于包括第一密钥的密钥组来对第一交易报文进行解密,以获得经解密报文,其中,第一密钥对应于商户管理子系统所生成的商户标识信息。Preferably, the message receiving unit is configured to decrypt the first transaction message based on the key group including the first key to obtain a decrypted message, wherein the first key corresponds to the location of the merchant management subsystem. Generated business identification information.
优选地,报文收取单元还配置成:基于商户管理子系统所生成的商户标识信息来核实第一交易报文所包含的交易场景因素信息以及用户因素信息。Preferably, the message receiving unit is further configured to verify the transaction scenario factor information and the user factor information contained in the first transaction message based on the merchant identification information generated by the merchant management subsystem.
优选地,报文转换单元配置成:获取交易受理后台系统允许的报文处理格式;基于报文处理单元来重新组合经解密报文,以生成第二交易报文。Preferably, the message conversion unit is configured to: obtain a message processing format allowed by the transaction acceptance background system; and reassemble the decrypted message based on the message processing unit to generate a second transaction message.
本发明还公开一种交易处理系统,按照云计算平台来部署,交易处理系统包括:至少一个以上的销售点管理装置;如权利要求6-10中任一项的销售点管理服务系统;以及交易受理后台系统;其中,销售点管理服务系统配置成:从销售点管理装置获取第一交易报文;基于第一交易报文生成第二交易报文;以及将第二交易报文转送至交易受理后台系统来完成交易处理流程。The invention also discloses a transaction processing system, which is deployed according to a cloud computing platform. The transaction processing system includes: at least one point of sale management device; the point of sale management service system according to any one of claims 6-10; and transactions Acceptance background system; wherein the point-of-sale management service system is configured to: obtain a first transaction message from the point-of-sale management device; generate a second transaction message based on the first transaction message; and forward the second transaction message to the transaction acceptance Back-end system to complete the transaction processing process.
本发明各实施例提供基于智能终端的销售点管理装置以及与之配合工作的销售点管理服务系统,它们不仅能降低收单机构与商户在收单机具采购、维护等方面的成本,还能够进一步提高移动支付的便捷性与普及程度。商户用户在使用收单功能时,能够获得与使用手机 上的其他APP相同的用户体验。The embodiments of the present invention provide a point-of-sale management device based on an intelligent terminal and a point-of-sale management service system working in cooperation with the terminal. Improve the convenience and popularity of mobile payments. Merchant users can get the same user experience when using the acquiring function as using other apps on the mobile phone.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1示出现有技术中的POS收单系统的架构图。FIG. 1 shows an architecture diagram of a POS acquiring system in the prior art.
图2示出本发明提供的一种基于智能终端的销售点管理装置的模块结构示意图。FIG. 2 is a schematic structural diagram of a module of a point-of-sale management device based on an intelligent terminal provided by the present invention.
图3示出本发明提供的POS收单系统的架构图。FIG. 3 shows an architecture diagram of a POS acquiring system provided by the present invention.
图4示出商户在线开通业务的流程示意图。FIG. 4 is a schematic flow chart of a business opening a business online.
图5示出银行卡小额双免消费业务的流程示意图。FIG. 5 is a schematic flow chart of a bank card small double consumption-free business.
具体实施方式detailed description
在以下描述中提出具体细节,以便提供对本发明的透彻理解。然而,本领域的技术人员将清楚地知道,即使没有这些具体细节也可实施本发明的实施例。在本发明中,可进行具体的数字引用,例如“第一元件”、“第二装置”等。但是,具体数字引用不应当被理解为必须服从于其字面顺序,而是应被理解为“第一元件”与“第二元件”不同。Specific details are set forth in the following description in order to provide a thorough understanding of the invention. However, it will be apparent to those skilled in the art that embodiments of the present invention can be implemented without these specific details. In the present invention, specific numerical references may be made, such as "first element", "second device", and the like. However, specific numerical references should not be understood as having to obey their literal order, but should be understood as different from "first element" and "second element".
本发明所提出的具体细节只是示范性的,具体细节可以变化,但仍然落入本发明的精神和范围之内。术语“耦合”定义为表示直接连接到组件或者经由另一个组件而间接连接到组件。The specific details provided by the present invention are merely exemplary, and the specific details may vary, but still fall within the spirit and scope of the present invention. The term "coupled" is defined to mean directly connected to a component or indirectly connected to a component via another component.
以下通过参照附图来描述适于实现本发明的方法、系统和装置的优选实施例。虽然各实施例是针对元件的单个组合来描述,但是应理解,本发明包括所公开元件的所有可能组合。因此,如果一个实施例 包括元件A、B和C,而第二实施例包括元件B和D,则本发明也应被认为包括A、B、C或D的其他剩余组合,即使没有明确公开。Preferred embodiments of the method, system and device suitable for implementing the present invention are described below with reference to the drawings. Although the embodiments are described for a single combination of elements, it should be understood that the invention includes all possible combinations of the disclosed elements. Therefore, if one embodiment includes elements A, B, and C and the second embodiment includes elements B and D, the present invention should also be considered to include other remaining combinations of A, B, C, or D, even if not explicitly disclosed.
如图2所示,本发明第一实施例提供一种基于智能终端的销售点管理装置20,包括银行卡读取单元201、安全管理单元202以及交易管理控件203。As shown in FIG. 2, a first embodiment of the present invention provides a point-of-sale management device 20 based on a smart terminal, which includes a bank card reading unit 201, a security management unit 202, and a transaction management control 203.
其中,销售点管理装置20整体与智能终端集成。或者,备选地,销售点管理装置20设置于智能终端内。Among them, the point-of-sale management device 20 is integrated with the smart terminal as a whole. Or, alternatively, the point-of-sale management device 20 is provided in a smart terminal.
银行卡读取单元201从银行卡读取第一数据。作为示例,银行卡读取单元201包括近场通信模块,按照近场通信方式从用户所持的银行卡或手机直接读取银行卡信息(第一数据),实现“挥卡”操作。The bank card reading unit 201 reads the first data from the bank card. As an example, the bank card reading unit 201 includes a near field communication module, which directly reads bank card information (first data) from a bank card or mobile phone held by a user in accordance with the near field communication method to implement a "card swipe" operation.
具体来说,通过手机的可信操作环境TEE直接控制的eSE(安全管理单元),以及NFC芯片读卡模式,可在手机与用户银行卡之间建立安全交互通道,利用该安全交互通道,由TEE或者eSE读取银行卡信息,并对读取的敏感数据进行加密保护后,组装成报文再发往Android系统,由Android系统送往后台。这一过程中,不需要额外专有读卡设备,可以保证手机对于银行卡数据的安全读取,保护银行卡中的二磁道信息等敏感数据不会被手机Android系统上可能存在的恶意程序窃取、复制、破坏。Specifically, through the mobile phone ’s trusted operating environment TEE directly controlled eSE (security management unit), and the NFC chip card reading mode, a secure interaction channel can be established between the mobile phone and the user's bank card. Using this secure interaction channel, TEE or eSE reads the bank card information, encrypts the read sensitive data, assembles the message, and sends it to the Android system, which is sent to the background by the Android system. In this process, no additional proprietary card reading device is required, which can ensure the safe reading of bank card data by mobile phones, and protect sensitive data such as the two-track information in bank cards from being stolen by malicious programs that may exist on the mobile phone ’s Android system. , Copy, destroy.
可信操作环境独立于多媒体操作环境,这包括硬件上的独立以及通信上的独立,这有利于确保交易数据的安全性,以使得销售点管理装置20(其设置于智能终端内)的多媒体操作环境始终无法获得或更改交易数据。The trusted operating environment is independent of the multimedia operating environment, which includes hardware independence and communication independence, which helps to ensure the security of transaction data, so that the point-of-sale management device 20 (which is set in the smart terminal) for multimedia operations The environment has never been able to obtain or change transaction data.
安全管理单元202与银行卡读取单元201耦合,用于基于第一数据、存储于安全管理单元的第二数据以及基于交易场景的第三数据生成加密的第四数据。The security management unit 202 is coupled to the bank card reading unit 201 and is configured to generate encrypted fourth data based on the first data, the second data stored in the security management unit, and the third data based on the transaction scenario.
具体来说,第二数据包括销售点管理装置20自身携带的、经具有资质的销售点管理服务系统核准并向其下发的唯一商户标识信息。第三数据则对应于交易场景信息,例如,交易时间、地点、交易金额以及可能的优惠信息。安全管理单元202实现于可信操作环境下,其将对以上第一数据(银行卡信息)、第二数据和第三数据的组合进行加密处理,形成加密的第四数据(即,第一交易报文)。Specifically, the second data includes the unique merchant identification information carried by the point-of-sale management device 20 and approved and issued to the qualified point-of-sale management service system. The third data corresponds to transaction scenario information, such as transaction time, location, transaction amount, and possible discount information. The security management unit 202 is implemented in a trusted operating environment, and it will encrypt the combination of the above first data (bank card information), second data, and third data to form encrypted fourth data (ie, the first transaction Message).
在数据加密过程中,作为示例,安全管理单元202可以采用密钥组加密来提高交易数据的安全性,密钥组可包括多个不同密钥,它们经由不同算法生成或具有不同来源。优选情况下,密钥组包括销售点管理装置20的唯一商户标识信息。In the data encryption process, as an example, the security management unit 202 may use key group encryption to improve the security of transaction data. The key group may include multiple different keys that are generated by different algorithms or have different sources. Preferably, the key group includes the unique merchant identification information of the point-of-sale management device 20.
安全管理单元202还可以启动银行卡读取单元201的读卡工作模式,作为响应,银行卡读取单元201从用户银行卡读取相关信息。作为示例,在TEE内实现Emv kernel,通过TEE下的SE接口,调用eSE上的读卡applet进行NFC读模式的创建,完成寻卡操作。随后,通过eSE的读卡applet提供的收发命令,完成与持卡人银行卡或者手机Pay间的读卡数据交互。The security management unit 202 may also activate the card reading mode of the bank card reading unit 201. In response, the bank card reading unit 201 reads relevant information from the user's bank card. As an example, Emv kernel is implemented in TEE. Through the SE interface under TEE, the card reader applet on eSE is called to create the NFC reading mode and complete the card search operation. Subsequently, through the sending and receiving commands provided by the eSE card reader applet, the card data interaction with the cardholder's bank card or mobile phone Pay is completed.
进一步地,读卡applet运行在eSE内,负责与NFC芯片间的读卡模式的创建,向销售点管理装置20提供对应的数据收发命令接口。在接受销售点管理装置20的命令完成创建读卡模式后,可将销售点 管理装置20发来的数据通过NFC通信模块发往持卡人银行卡,并通过NFC获取银行卡的响应后,将响应数据返回给销售点管理装置20,实现读卡流程。在这一过程中,整个数据交互都是通过TEE、eSE、NFC、银行卡这些安全区域,并没有经过手机的Android系统侧,可保证在读卡过程中的各项敏感数据的安全性。Further, the card reading applet runs in the eSE, and is responsible for creating a card reading mode with the NFC chip, and provides a corresponding data transmission and reception command interface to the point of sale management device 20. After accepting the command of the point-of-sale management device 20 to complete the creation of the card reading mode, the data sent by the point-of-sale management device 20 can be sent to the cardholder's bank card through the NFC communication module, and the bank card response can be obtained through NFC. The response data is returned to the point-of-sale management device 20 to implement the card reading process. In this process, the entire data interaction is through TEE, eSE, NFC, bank card and other security areas, and does not pass through the Android system side of the phone, which can ensure the security of various sensitive data during the card reading process.
交易管理控件203与安全管理单元202耦合,其将第四数据转送至智能终端,以由智能终端将第四数据发送至销售点管理服务系统。交易管理控件203向销售点管理装置20所在的智能终端上的商户APP提供手机POS功能的具体接口,包括商户开通小额支付、转账等功能。在商户APP调用这些具体功能接口时,交易管理控件203负责调用相应的处理流程,并负责网络转发,支持销售点管理装置20与销售点管理服务系统间在安全通道上的双向数据通信。The transaction management control 203 is coupled with the security management unit 202, which transfers the fourth data to the smart terminal, so that the smart terminal sends the fourth data to the point-of-sale management service system. The transaction management control 203 provides a specific interface for the mobile phone POS function to the merchant APP on the smart terminal where the point-of-sale management device 20 is located, including the merchant's opening of small-value payment and transfer functions. When the merchant APP calls these specific functional interfaces, the transaction management control 203 is responsible for invoking the corresponding processing flow and for network forwarding, and supports two-way data communication on the secure channel between the point of sale management device 20 and the point of sale management service system.
作为进一步的改进,安全管理单元202和交易管理控件203集成于一体,形成一个独立的物理模块,该物理模块从银行卡读取单元201获取用户银行卡信息,采用“黑盒”模式生成第一交易报文,由销售点管理装置20上送至销售点服务管理系统。As a further improvement, the security management unit 202 and the transaction management control 203 are integrated into one to form an independent physical module. The physical module obtains the user's bank card information from the bank card reading unit 201, and uses the "black box" mode to generate the first The transaction message is sent from the point-of-sale management device 20 to the point-of-sale service management system.
图3示出与图1所示现有系统相对照的、根据本发明的POS收单系统的架构图。FIG. 3 shows an architecture diagram of a POS acquiring system according to the present invention in contrast to the existing system shown in FIG. 1.
与图1相比,本发明的POS收单系统将银行卡读取单元集成于销售点管理装置(例如,商户手机)内、并在销售点管理装置内的安全管理单元生成交易报文,以及,销售点管理服务系统(手机POS服务系统)还实现多种功能性,从而区别于现有技术中的mPOS前置 系统。具体来说,销售点管理装置(POS机)从用户(持卡人)手机或银行卡直接读取银行卡信息,结合销售点管理装置自带的标识信息以及交易场景信息直接生成交易报文,将交易报文上送至销售点管理服务系统来完成后续交易流程。Compared with FIG. 1, the POS acquiring system of the present invention integrates a bank card reading unit in a point-of-sale management device (for example, a merchant's mobile phone), and generates a transaction message in a security management unit in the point-of-sale management device, and The point-of-sale management service system (mobile POS service system) also implements a variety of functionalities, which is different from the mPOS front-end system in the prior art. Specifically, the point-of-sale management device (POS machine) directly reads bank card information from the user's (cardholder) mobile phone or bank card, and directly generates transaction messages in combination with the identification information and transaction scenario information provided by the point-of-sale management device. The transaction message is sent to the point-of-sale management service system to complete the subsequent transaction process.
本发明第二实施例正提供这样一种销售点管理服务系统,该销售点管理服务系统包括报文收取单元和报文转换单元。The second embodiment of the present invention is providing such a point-of-sale management service system, which includes a message receiving unit and a message conversion unit.
其中,报文收取单元与多个销售点管理装置分别耦合,其从各销售点管理装置分别获取相应的第一交易报文。报文转换单元则与交易受理后台系统耦合,其将所获取的交易报文转换为交易受理后台系统所允许的第二交易报文。The message receiving unit is respectively coupled to a plurality of point-of-sale management devices, and obtains corresponding first transaction messages from each point-of-sale management device. The message conversion unit is coupled to the transaction acceptance background system, and converts the acquired transaction message into a second transaction message allowed by the transaction acceptance background system.
本领域技术人员理解,交易受理后台系统还与第三方受理后台(CUPS)以及发卡行后台通信,以对第二交易报文进行后续处理,进而实现本次交易。交易受理后台系统进行交易的最终处理,可涵盖银行卡、二维码等在内的各个支付流程。交易受理后台系统可包括银联全渠道、二维码支付后台、智能POS后台、CUPS中的任一个或它们的组合。Those skilled in the art understand that the transaction acceptance background system also communicates with the third party acceptance background (CUPS) and the card issuer to perform subsequent processing of the second transaction message, thereby realizing the transaction. The transaction acceptance back-end system performs the final processing of transactions, which can cover various payment processes including bank cards and QR codes. The transaction acceptance background system may include any one of UnionPay omnichannel, QR code payment background, smart POS background, CUPS, or a combination thereof.
作为进一步的改进,与图3示出的架构图不同,销售点管理服务系统包括商户管理子系统,该子系统配置成执行如下操作:A、从各销售点管理装置接收来自商户的注册请求;B、核准或拒绝注册请求;C、在核准的前提下,生成唯一的商户标识信息;D、将商户标识信息反馈至发起注册请求的销售点管理装置。商户管理子系统专用于对商户进行登记和管理,对商户的管理与对交易报文的处理相互独立,以 提高系统的安全性以及可靠性。As a further improvement, unlike the architecture diagram shown in FIG. 3, the point-of-sale management service system includes a merchant management subsystem configured to perform the following operations: A. Receive registration requests from merchants from each point-of-sale management device; B. Approve or reject the registration request; C. Generate unique merchant identification information on the premise of approval; D. Feedback the merchant identification information to the point-of-sale management device that initiated the registration request. The merchant management subsystem is dedicated to register and manage merchants. The management of merchants and the processing of transaction messages are independent of each other to improve the security and reliability of the system.
根据本发明一实施例,报文收取单元可基于一个密钥组来对第一交易报文进行解密处理,获得经解密报文。若在数据加密过程中用到商户标识信息,则相应地,在解密过程中所使用的密钥组也包括对应于商户标识信息的解密密钥。According to an embodiment of the present invention, the message receiving unit may perform a decryption process on the first transaction message based on a key group to obtain a decrypted message. If the merchant identification information is used in the data encryption process, correspondingly, the key group used in the decryption process also includes a decryption key corresponding to the merchant identification information.
如以上所述,商户标识信息是经具有资质的销售点管理服务系统核准并向销售点管理装置下发,从而,该销售点管理服务系统会拥有针对各销售点管理装置的商户标识信息。As described above, the merchant identification information is approved by a qualified point-of-sale management service system and issued to the point-of-sale management device, so that the point-of-sale management service system will have merchant identification information for each point-of-sale management device.
进而,在优选情况下,报文收取单元还可以基于商户标识信息来核实第一交易报文中的信息,包括但不限于,交易场景(交易时间、地点、金额等)因素信息以及用户因素信息(例如,用户身份信息、或银行卡信息)。Furthermore, in a preferred case, the message receiving unit may also verify the information in the first transaction message based on the merchant identification information, including but not limited to factor information of the transaction scenario (transaction time, place, amount, etc.) and user factor information (For example, user identification information or bank card information).
报文转换单元从交易受理后台系统获取后台系统所允许的报文处理单元,以便基于这种格式来重新组合经解密的交易报文,并生成第二交易报文,第二交易报文由交易受理后台系统处理。The message conversion unit obtains the message processing unit allowed by the background system from the transaction acceptance background system, so as to reassemble the decrypted transaction message based on this format, and generate a second transaction message. The second transaction message is processed by the transaction. Accept the background system processing.
上述销售点管理服务系统可以与多个销售点管理装置20(终端)协同工作,不仅有利于提高移动支付的便捷性与普及程度,还可以对商户进行登记、管理乃至监控,确保本次交易以及用户账户的安全。The above-mentioned point-of-sale management service system can work in conjunction with multiple point-of-sale management devices 20 (terminals), which is not only conducive to improving the convenience and popularity of mobile payments, but also can register, manage and even monitor merchants to ensure the transaction and User account security.
本发明第三实施例提供一种交易处理系统,其按照云计算平台来部署,该交易处理系统包括至少一个如以上第一实施例提供的销售点管理装置、如以上第二实施例提供的销售点管理服务系统和交易受理后台系统。其中,销售点管理服务系统配置成从销售点管理装置获取 第一交易报文;基于第一交易报文生成第二交易报文;以及,将第二交易报文转送至交易受理后台系统来完成交易处理流程。A third embodiment of the present invention provides a transaction processing system, which is deployed in accordance with a cloud computing platform. The transaction processing system includes at least one point-of-sale management device as provided in the first embodiment above, and sales as provided in the second embodiment above. Point management service system and transaction acceptance background system. The point-of-sale management service system is configured to obtain a first transaction message from the point-of-sale management device; generate a second transaction message based on the first transaction message; and transfer the second transaction message to the transaction acceptance background system to complete Transaction processing flow.
在本发明的一些实施例中,系统的至少一部分可采用通信网络所连接的一组分布式计算装置来实现,或,基于“云”来实现。在这种系统中,多个计算装置共同操作,以通过使用其共享资源来提供服务。In some embodiments of the present invention, at least a part of the system may be implemented using a group of distributed computing devices connected to a communication network, or based on a "cloud". In such a system, multiple computing devices operate together to provide services by using their shared resources.
基于“云”的实现可提供一个或多个优点,包括:开放性、灵活性和可扩展性、可中心管理、可靠性、可缩放性、对计算资源所优化、具有聚合和分析跨多个用户的信息的能力、跨多个地理区域进行连接、以及将多个移动或数据网络运营商用于网络连通性的能力。"Cloud" -based implementations can provide one or more advantages, including: openness, flexibility and scalability, central management, reliability, scalability, optimization of computing resources, aggregation and analysis across multiple The user's ability to connect, connect across multiple geographic areas, and use multiple mobile or data network operators for network connectivity.
图4示出商户在线开通业务的流程示意图。当商户需要在自己手机上开通手机POS功能时,可从收单机构(如收单机构网站等)获取自己的手机型号是否支持手机POS,若支持,可从收单机构处下载并安装对应的商户APP后,并通过注册该商户APP后,完成手机POS功能开通。FIG. 4 is a schematic flow chart of a business opening a business online. When a merchant needs to enable the mobile phone POS function on their mobile phones, they can obtain from the acquirer (such as the acquirer's website, etc.) whether their mobile phone model supports mobile POS. If so, they can download and install the corresponding mobile phone from the acquirer. After the merchant APP, and after registering the merchant app, the mobile POS function is completed.
主要流程如下:The main process is as follows:
Figure PCTCN2019090054-appb-000001
商户通过销售点管理装置(手机POS端)登录商户APP后,点击商户开通按钮,依据商户APP的要求,完成各项商户资质要素的录入,如姓名、银行卡号、身份证、营业执照(对于小微商户此项信息并不是必需)等,通过调用开通手机POS功能接口,将数据传往交易管理控件(手机POS控件);
Figure PCTCN2019090054-appb-000001
After the merchant logs in to the merchant APP through the point-of-sale management device (mobile POS terminal), click the merchant activation button to complete the entry of various merchant qualification elements, such as name, bank card number, ID card, business license (for small This information is not required for micro-merchants), etc., by calling and opening the mobile phone POS function interface, the data is transferred to the transaction management control (mobile POS control);
Figure PCTCN2019090054-appb-000002
交易管理控件通过销售点管理装置获取手机的可信设备识别码(包含TEE ID、eSE ID等信息)后,组装为商户开通信息 报文提供给销售点管理服务系统(手机POS服务系统);
Figure PCTCN2019090054-appb-000002
After the transaction management control obtains the mobile phone's trusted device identification code (including TEE ID, eSE ID and other information) through the point of sale management device, it is assembled into a merchant opening information message and provided to the point of sale management service system (mobile POS service system);
Figure PCTCN2019090054-appb-000003
销售点管理服务系统记录下该手机的设备识别码后,根据商户管理平台(或子系统)的要求,将商户资质要素发送给商户管理平台(或子系统);
Figure PCTCN2019090054-appb-000003
The point-of-sale management service system records the device identification code of the mobile phone and sends the merchant qualification elements to the merchant management platform (or subsystem) according to the requirements of the merchant management platform (or subsystem);
Figure PCTCN2019090054-appb-000004
收单机构在商户管理平台(或子系统)对商户提交的商户资质要素完成审核,商户管理后台生成对应的收单机构ID、商户号等手机商户信息,返回给销售点管理装置。
Figure PCTCN2019090054-appb-000004
The acquirer completes the verification of the merchant qualification elements submitted by the merchant on the merchant management platform (or subsystem), and the merchant management background generates the corresponding acquirer ID, merchant number and other mobile phone merchant information and returns it to the point of sale management device.
Figure PCTCN2019090054-appb-000005
销售点管理服务系统记录对应的商户号、收单机构ID等商户信息,并返回商户开通通知给交易管理控件,继而返回通知信息给商户APP,完成商户APP开通。
Figure PCTCN2019090054-appb-000005
The point-of-sale management service system records the merchant information such as the corresponding merchant number, acquirer ID, and returns the merchant activation notification to the transaction management control, and then returns the notification information to the merchant APP to complete the merchant APP activation.
图5示出银行卡小额双免消费业务的流程示意图。手机POS通过NFC非接触方式,读取持卡人的银行卡或者手机Pay,完成对于持卡人的银行卡消费。FIG. 5 is a schematic flow chart of a bank card small double consumption-free business. The mobile phone POS reads the cardholder's bank card or mobile phone Pay through the NFC non-contact method, and completes the cardholder's bank card consumption.
具体流程如下:The specific process is as follows:
Figure PCTCN2019090054-appb-000006
商户登录商户APP后,点击银行卡刷卡按钮,输入消费金额后,通过调用手机POS控件的银行卡支付接口,调用手机POS端发起银行卡消费流程;
Figure PCTCN2019090054-appb-000006
After the merchant logs in the merchant APP, click the bank card swipe button, enter the amount of consumption, and then call the mobile phone POS terminal to initiate the bank card consumption process by calling the bank card payment interface of the mobile POS control;
Figure PCTCN2019090054-appb-000007
手机POS端调用eSE的读卡applet创建eSE与NFC间的读卡模式后,调用读卡applet进行寻卡操作;
Figure PCTCN2019090054-appb-000007
After the mobile phone POS side calls the eSE card reader applet to create a card reading mode between eSE and NFC, the card reader applet is called for card search operation;
Figure PCTCN2019090054-appb-000008
持卡人向商户手机出示银行卡或者手机Pay进行挥卡,NFC芯片将获取到卡寻到信息通过读卡applet发往手机POS端;
Figure PCTCN2019090054-appb-000008
The cardholder presents the bank card or mobile phone Pay to the merchant's mobile phone for card swiping, and the NFC chip will obtain the information found by the card and send it to the mobile phone POS terminal through the card reader applet;
Figure PCTCN2019090054-appb-000009
手机POS端根据emv kernel,通过调用读卡applet的收发 命令,完成与银行卡(或手机Pay)间的QPBOC小额双免交互流程;
Figure PCTCN2019090054-appb-000009
According to the emv kernel, the mobile phone POS terminal completes the QPBOC small double-free interaction process with the bank card (or mobile phone Pay) by calling the sending and receiving commands of the card reading applet;
Figure PCTCN2019090054-appb-000010
手机POS端通过手机POS控件与手机POS服务系统建立安全通道,生成消费报文并通过该安全通道送给手机POS服务系统;
Figure PCTCN2019090054-appb-000010
The mobile POS end establishes a secure channel with the mobile POS service system through the mobile POS control, generates a consumer message, and sends the consumer message to the mobile POS service system through the secure channel;
Figure PCTCN2019090054-appb-000011
手机POS服务系统依据消费报文中的手机设备识别码、商户号收单机构号等信息,验证该手机是否已开通且相应的商户号、收单机构等信息与手机设备识别码是否匹配,验证通过后,根据所连接的受理后台,对报文进行解析、重组,发往受理后台完成最终的处理;
Figure PCTCN2019090054-appb-000011
The mobile POS service system verifies whether the mobile phone is turned on and the corresponding merchant number, acquirer, and other information match the mobile device identification code based on the mobile device identification code and merchant number acquirer number in the consumer message. After passing, the message is parsed and reassembled according to the connected reception background, and sent to the reception background to complete the final processing;
Figure PCTCN2019090054-appb-000012
受理后台将处理完的结果返回给手机POS服务系统,继而最终转发给商户APP相应的消费处理结果。
Figure PCTCN2019090054-appb-000012
The acceptance background returns the processed results to the mobile POS service system, and finally forwards them to the corresponding consumption processing results of the merchant APP.
为进一步保证安全性,手机POS端中的emv kernel可在eSE端进行实现,eSE直接通过NFC芯片与银行卡完成小额双免交互流程后,使用密钥,对读取到的银行卡敏感数据(二磁道信息等)进行加密后,再返回给手机POS端。In order to further ensure security, the emv kernel in the POS side of the mobile phone can be implemented on the eSE side. After the eSE completes the small double-free interaction process with the bank card directly through the NFC chip, the key is used to sensitively read the bank card. (Two-track information, etc.) is encrypted and then returned to the mobile phone POS side.
根据本发明各实施例,至少可实现如下有益技术效果:According to the embodiments of the present invention, at least the following beneficial technical effects can be achieved:
1、在无需任何外接设备和对手机进行深度系统定制下,直接利用商户所拥有的个人手机实现银行卡收单POS功能,不仅能提升商户收单的便捷性和效率,而且使得商户用户在使用收单功能时,体验与使用手机上的其他APP相同,显著提升了收单产品的用户体验。1. Without the need for any external equipment and in-depth system customization of the mobile phone, directly use the personal mobile phone owned by the merchant to implement the bank card acquiring POS function, which can not only improve the convenience and efficiency of merchant acquiring, but also enable merchant users to use When acquiring functions, the experience is the same as using other apps on the phone, which significantly improves the user experience of the acquiring product.
2、因无需采购任何专有设备,商户只需在个人手机上下载安装 APP,并在线提交材料即可完成APP开通,提高了商户POS功能开通的效率与及时性。2. Since there is no need to purchase any proprietary equipment, merchants only need to download and install the APP on their personal mobile phones, and submit materials online to complete the APP activation, which improves the efficiency and timeliness of merchant POS function activation.
3、无需任何专有设备,直接使用商户的个人手机,也降低了收单机构以往布放POS机所需的渠道采购、维护等方面的人力、资金和时间成本,经济地为商户提供收单能力,降低了POS机管理的难度。上述说明仅针对于本发明的优选实施例,并不在于限制本发明的保护范围。本领域技术人员可能作出各种变形设计,而不脱离本发明的思想及附随的权利要求。3. Without any proprietary equipment, directly using the merchant's personal mobile phone, which also reduces the labor, capital and time costs of channel procurement, maintenance and other aspects required by the acquiring institution to deploy POS machines in the past, and economically provides merchants with acquiring Capabilities, reducing the difficulty of POS machine management. The above description is only directed to the preferred embodiments of the present invention, and is not intended to limit the protection scope of the present invention. Those skilled in the art may make various modified designs without departing from the idea of the present invention and the accompanying claims.

Claims (11)

  1. 一种基于智能终端的销售点管理装置,包括:A point-of-sale management device based on an intelligent terminal includes:
    银行卡读取单元,用于从银行卡读取第一数据;A bank card reading unit, configured to read the first data from the bank card;
    安全管理单元,与所述银行卡读取单元耦合,用于基于所述第一数据、存储于所述安全管理单元的第二数据以及基于交易场景的第三数据生成加密的第四数据;以及A security management unit coupled to the bank card reading unit and configured to generate encrypted fourth data based on the first data, second data stored in the security management unit, and third data based on a transaction scenario; and
    交易管理控件,与所述安全管理单元耦合,用于将所述第四数据转送至所述智能终端,以由所述智能终端将所述第四数据发送至销售点管理服务系统;A transaction management control coupled to the security management unit and configured to transfer the fourth data to the smart terminal, so that the smart terminal sends the fourth data to a point-of-sale management service system;
    其中,所述银行卡读取单元、所述安全管理单元和所述交易管理控件设置于所述智能终端内或与其相集成。The bank card reading unit, the security management unit, and the transaction management control are provided in the smart terminal or integrated with the smart terminal.
  2. 根据权利要求1所述的装置,其特征在于,所述第二数据包括关于所述销售点管理装置的、经所述销售点管理服务系统核准的商户标识信息。The device according to claim 1, wherein the second data includes merchant identification information about the point-of-sale management device and approved by the point-of-sale management service system.
  3. 根据权利要求2所述的装置,其特征在于,所述安全管理单元配置成:The apparatus according to claim 2, wherein the security management unit is configured to:
    启动所述银行卡读取单元的读卡工作模式,所述银行卡读取单元根据所述读卡工作模式来从银行卡读取所述第一数据。The card reading mode of the bank card reading unit is started, and the bank card reading unit reads the first data from the bank card according to the card reading mode.
  4. 根据权利要求3所述的装置,其特征在于,所述安全管理单元还配置成:The apparatus according to claim 3, wherein the security management unit is further configured to:
    采用所述商户标识信息作为密钥组中的第一密钥,来对所述第一数据、第二数据以及第三数据的组合进行加密,以生成所述第四数据。The merchant identification information is used as the first key in the key group to encrypt the combination of the first data, the second data, and the third data to generate the fourth data.
  5. 根据权利要求1至4中任一项所述的装置,其特征在于,所述银行卡读取单元至少包括近场通信模块。The device according to any one of claims 1 to 4, wherein the bank card reading unit includes at least a near field communication module.
  6. 一种销售点管理服务系统,包括:A point-of-sale management service system includes:
    报文收取单元,与多个销售点管理装置分别耦合,所述报文收取单元从各所述销售点管理装置分别获取相应的第一交易报文;A message receiving unit, which is respectively coupled with a plurality of point-of-sale management devices, and the message receiving unit obtains a corresponding first transaction message from each of the point-of-sale management devices;
    报文转换单元,与交易受理后台系统耦合,所述报文转换单元将所述交易报文转换为所述交易受理后台系统所允许的第二交易报文。A message conversion unit is coupled to the transaction acceptance background system, and the message conversion unit converts the transaction message into a second transaction message allowed by the transaction acceptance background system.
  7. 根据权利要求6所述的系统,其特征在于,所述销售点管理服务系统包括商户管理子系统,其中,所述商户管理子系统配置成:The system of claim 6, wherein the point of sale management service system comprises a merchant management subsystem, wherein the merchant management subsystem is configured to:
    从所述销售点管理装置接收商户的注册请求;Receiving a registration request from a merchant from the point-of-sale management device;
    核准所述注册请求;Approve the registration request;
    生成相应的商户标识信息;以及Generate corresponding business identification information; and
    将所述商户标识信息反馈至所述销售点管理装置。Feedback the merchant identification information to the point-of-sale management device.
  8. 根据权利要求7所述的系统,其特征在于,所述报文收取单元配置成:The system according to claim 7, wherein the message receiving unit is configured to:
    基于包括第一密钥的密钥组来对所述第一交易报文进行解密,以获得经解密报文,其中,所述第一密钥对应于所述商户管理子系统所生成的所述商户标识信息。Decrypting the first transaction message based on a key group including a first key to obtain a decrypted message, wherein the first key corresponds to the generated by the merchant management subsystem Merchant identification information.
  9. 根据权利要求8所述的系统,其特征在于,所述报文收取单元还配置成:The system according to claim 8, wherein the message receiving unit is further configured to:
    基于所述商户管理子系统所生成的所述商户标识信息来核实所述第一交易报文所包含的交易场景因素信息以及用户因素信息。Verifying transaction scenario factor information and user factor information contained in the first transaction message based on the merchant identification information generated by the merchant management subsystem.
  10. 根据权利要求6至9中任一项所述的系统,其特征在于,所述报文转换单元配置成:The system according to any one of claims 6 to 9, wherein the message conversion unit is configured to:
    获取所述交易受理后台系统允许的报文处理格式;Obtaining a message processing format allowed by the transaction acceptance background system;
    基于所述报文处理单元来重新组合所述经解密报文,以生成所述第二交易报文。Recombining the decrypted message based on the message processing unit to generate the second transaction message.
  11. 一种交易处理系统,按照云计算平台来部署,所述交易处理系统包括:A transaction processing system is deployed in accordance with a cloud computing platform. The transaction processing system includes:
    至少一个如权利要求1-5中任一项所述的销售点管理装置;At least one point of sale management device according to any one of claims 1-5;
    如权利要求6-10中任一项所述的销售点管理服务系统;以及The point-of-sale management service system according to any one of claims 6-10; and
    交易受理后台系统;Transaction acceptance background system;
    其中,所述销售点管理服务系统配置成:The point-of-sale management service system is configured to:
    从所述销售点管理装置获取第一交易报文;Acquiring a first transaction message from the point-of-sale management device;
    基于所述第一交易报文生成第二交易报文;以及Generating a second transaction message based on the first transaction message; and
    将所述第二交易报文转送至所述交易受理后台系统来完成交易处理流程。The second transaction message is forwarded to the transaction acceptance background system to complete the transaction processing flow.
PCT/CN2019/090054 2018-06-11 2019-06-05 Point-of-sale management device and point-of-sale service management system based on intelligent terminal WO2019237971A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810593560.0 2018-06-11
CN201810593560.0A CN109118198B (en) 2018-06-11 2018-06-11 Point-of-sale management device and point-of-sale service management system based on intelligent terminal

Publications (1)

Publication Number Publication Date
WO2019237971A1 true WO2019237971A1 (en) 2019-12-19

Family

ID=64822160

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/090054 WO2019237971A1 (en) 2018-06-11 2019-06-05 Point-of-sale management device and point-of-sale service management system based on intelligent terminal

Country Status (3)

Country Link
CN (1) CN109118198B (en)
TW (1) TWI786297B (en)
WO (1) WO2019237971A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109118198B (en) * 2018-06-11 2023-04-18 中国银联股份有限公司 Point-of-sale management device and point-of-sale service management system based on intelligent terminal
CN111935158B (en) * 2020-08-12 2021-02-26 盐城工学院 Financial data management method of remote network consumption system
CN112134764B (en) * 2020-09-27 2022-08-09 中国银行股份有限公司 Method and device for determining connectivity of test environment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 中国银联股份有限公司 Finance data processing method and mobile terminal equipment
CN202795600U (en) * 2012-06-29 2013-03-13 巫少芬 Card swiping payment mobile phone system
CN103020822A (en) * 2012-12-04 2013-04-03 武汉擎动网络科技有限公司 Financial order-receiving method based on double secure channels
WO2013066982A1 (en) * 2011-10-31 2013-05-10 Citibank, N.A. Methods and systems for communicating information from a smart point-of-sale terminal
CN104951936A (en) * 2014-03-26 2015-09-30 北京同方微电子有限公司 Cell phone card swiping device and card swipe transaction method thereof
CN106600242A (en) * 2016-03-29 2017-04-26 孔文国 Method and system for carrying out near-field financial payment data exchange on the basis of mobile communication equipment
CN109118198A (en) * 2018-06-11 2019-01-01 中国银联股份有限公司 Sale point management apparatus and point of sale service management system based on intelligent terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103377429A (en) * 2012-04-17 2013-10-30 中国银联股份有限公司 Payment method and payment system carried out by using two-dimension code
CN103679443A (en) * 2012-09-18 2014-03-26 中国银联股份有限公司 Method of payment with handset terminals, and processing system thereof
CN106127467A (en) * 2016-06-20 2016-11-16 上海易码信息科技有限公司 The method of mobile payment integrating financial card paying and settle accounts
CN106600257A (en) * 2016-08-15 2017-04-26 孔文国 Security-unit-based near-filed payment data exchange system and method of mobile device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 中国银联股份有限公司 Finance data processing method and mobile terminal equipment
WO2013066982A1 (en) * 2011-10-31 2013-05-10 Citibank, N.A. Methods and systems for communicating information from a smart point-of-sale terminal
CN202795600U (en) * 2012-06-29 2013-03-13 巫少芬 Card swiping payment mobile phone system
CN103020822A (en) * 2012-12-04 2013-04-03 武汉擎动网络科技有限公司 Financial order-receiving method based on double secure channels
CN104951936A (en) * 2014-03-26 2015-09-30 北京同方微电子有限公司 Cell phone card swiping device and card swipe transaction method thereof
CN106600242A (en) * 2016-03-29 2017-04-26 孔文国 Method and system for carrying out near-field financial payment data exchange on the basis of mobile communication equipment
CN109118198A (en) * 2018-06-11 2019-01-01 中国银联股份有限公司 Sale point management apparatus and point of sale service management system based on intelligent terminal

Also Published As

Publication number Publication date
TW202001722A (en) 2020-01-01
CN109118198B (en) 2023-04-18
CN109118198A (en) 2019-01-01
TWI786297B (en) 2022-12-11

Similar Documents

Publication Publication Date Title
US10049357B2 (en) System and method of processing PIN-based payment transactions via mobile devices
US8108318B2 (en) Trusted service manager (TSM) architectures and methods
US20160217461A1 (en) Transaction utilizing anonymized user data
US11638148B2 (en) Client device authentication using contactless legacy magnetic stripe data
CN105260886B (en) Payment processing method and device, NFC portable terminal and wearable terminal
US11694182B2 (en) Systems and methods for displaying payment device specific functions
US20140358796A1 (en) Methods and Apparatus for Performing Local Transactions
KR20150026233A (en) Payment system and method t based on digital card
CN104838399A (en) Authenticating remote transactions using mobile device
KR20140125449A (en) Transaction processing system and method
US20220060889A1 (en) Provisioning initiated from a contactless device
US10235667B2 (en) Device-embedded transaction chip
US20190066114A1 (en) System and method for purchasing using biometric authentication
US11669822B2 (en) Point-of-sale system having a secure touch mode
US20190095902A1 (en) System and method of processing payment transactions via mobile devices
WO2019237971A1 (en) Point-of-sale management device and point-of-sale service management system based on intelligent terminal
TWI395449B (en) Electronic wallet verification system and its method
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing
US11514437B1 (en) Encapsulation of payment accounts with tokenization
KR102233445B1 (en) Method And Apparatus for Inputing Credit Card Information by Using Human Interface Device
KR20030033199A (en) A security system for electronic settlement and a method thereof
US11636468B1 (en) Encapsulation of payment accounts with nested tokens
KR20220061387A (en) Method for providing simple payment service using other user's terminal, server and system thereof
WO2015118388A1 (en) System and method for electronic payment transaction

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19820136

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19820136

Country of ref document: EP

Kind code of ref document: A1